Commit Graph

16628 Commits (b8f0a94c3fcd18f505dc8f33486a6f2d7dee05d6)

Author SHA1 Message Date
HD Moore 1477cda3d4 fix set_rhosts behavior/bugs.
msf  exploit(rails_xml_yaml_code_exec) > hosts

Hosts
=====

address     mac                name          os_name            os_flavor  os_sp  purpose  info  comments
-------     ---                ----          -------            ---------  -----  -------  ----  --------
10.0.0.105  00:0C:29:59:65:08  VMWIN2000SP4  Microsoft Windows                    client

msf  exploit(rails_xml_yaml_code_exec) > hosts -R

Hosts
=====

address     mac                name          os_name            os_flavor  os_sp  purpose  info  comments
-------     ---                ----          -------            ---------  -----  -------  ----  --------
10.0.0.105  00:0C:29:59:65:08  VMWIN2000SP4  Microsoft Windows                    client

RHOSTS => 10.0.0.105

msf  exploit(rails_xml_yaml_code_exec) > exit
2013-01-23 10:00:24 -06:00
jvazquez-r7 06926fbabb Merge branch 'module-cmd_windows_reverse_perl' of https://github.com/kacpern/metasploit-framework into kacpern-module-cmd_windows_reverse_perl 2013-01-23 16:42:45 +01:00
Kacper Nowak a3fa7cc6bc adjusted disclosure date 2013-01-23 12:49:08 +00:00
jvazquez-r7 e78174297e assuring stdapi loads on meterpreter 2013-01-23 12:44:55 +01:00
booboule d2b75ad005 Update external/source/exploits/cve-2012-5088/Makefile 2013-01-23 12:42:33 +01:00
Kacper Nowak f691652594 attempt to fix cmd/windows/reverse_perl payload 2013-01-23 11:21:44 +00:00
m-1-k-3 3a5e92ba6f hopefully all fixex included 2013-01-23 12:15:34 +01:00
Kacper Nowak 5d6ca30422 removed spaces at EOL 2013-01-23 10:33:55 +00:00
Kacper Nowak 17d1c9f996 - expanded description
- updated references
2013-01-23 10:29:11 +00:00
jvazquez-r7 9c9a0d1664 Added module for cve-2012-0432 2013-01-23 10:51:29 +01:00
sinn3r 9e5370eb2f Merge branch 'slight_speedup_to_db_hosts-R' of github.com:kernelsmith/metasploit-framework into kernelsmith-slight_speedup_to_db_hosts-R 2013-01-23 00:20:55 -06:00
sinn3r 5cfabb0443 Apply the changes I suggested before 2013-01-23 00:15:09 -06:00
sinn3r 1e39c31cc2 Merge branch 'feature/rm6822-coldfusion_locale_traversal' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm6822-coldfusion_locale_traversal 2013-01-23 00:06:35 -06:00
sinn3r 730e430531 Merge branch 'averagesecurityguy-master' 2013-01-23 00:05:19 -06:00
sinn3r bc3c289b90 Merge branch 'master' of github.com:averagesecurityguy/metasploit-framework into averagesecurityguy-master 2013-01-23 00:03:52 -06:00
sinn3r 2a53fba879 Merge branch 'fixmh' of github.com:rsmudge/metasploit-framework into rsmudge-fixmh 2013-01-22 23:58:22 -06:00
sinn3r 933f807745 Msftidy cleanup + handling return values better 2013-01-22 23:53:00 -06:00
sinn3r dab2952d60 Merge branch 'picasa' of github.com:charles-n2netsec/metasploit-framework into charles-n2netsec-picasa 2013-01-22 22:54:45 -06:00
sinn3r e376bb6fab Merge branch 'rsmudge-armitage' 2013-01-22 22:52:35 -06:00
Raphael Mudge 8c86c49d43 Armitage 01.23.13
This update to Armitage adds the ability to assign labels to hosts
and create dynamic workspaces based on these labs. This update also
adds helpers to configure USERNAME/PASSWORD options and EXE::Custom
and EXE::Template. Several bugs were fixed as well.
2013-01-22 22:48:16 -05:00
Tasos Laskos 33e9f182bd Merge remote-tracking branch 'upstream/master' into web-modules 2013-01-22 23:43:25 +02:00
Tasos Laskos 6b5c6c3a0c Auxiliary::Web::Analysis::Differential
Removed payload option from #process_vulnerability call
2013-01-22 23:41:36 +02:00
Tasos Laskos 0d564c1ce8 Auxiliary::Web::Analysis::Timing
Updated to pick the largest matching payload from the payload list.
2013-01-22 23:40:30 +02:00
Tasos Laskos f2beb5bf19 Auxiliary::Web#process_vulnerability: payload fix
Updated to pick the largest matching payload from the payload list.
2013-01-22 23:39:16 +02:00
Charles Smith 9671df4488 Picasa 2 credentials are now also saved as loot
This module used to save only Picasa 3 credentials as loot. Picasa
2 creds were displayed, but not saved. I've updated the module to
save Picasa 2 credentials, and I also updated the output code to
use print_good instead of print_status.
2013-01-22 15:46:47 -05:00
sinn3r 8819059499 Merge branch 'zoneminder_packagecontrol_exec' of github.com:bcoles/metasploit-framework into bcoles-zoneminder_packagecontrol_exec 2013-01-22 14:41:40 -06:00
Tasos Laskos fed4a836c6 Updated proof string for Web Differential Analysis
Manipulatable responses => Boolean manipulation
2013-01-22 20:29:57 +02:00
Robin Wood 20b36cdf7a added extra checking for strict databases 2013-01-22 15:42:23 +00:00
jvazquez-r7 807bd6e88a Merge branch 'java_jre17_glassfish_averagerangestatisticimpl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_glassfish_averagerangestatisticimpl 2013-01-22 15:33:39 +01:00
jvazquez-r7 c498930644 Merge branch 'java_jre17_method_handle' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_method_handle 2013-01-22 15:33:07 +01:00
Kacper Nowak 8a59c7b8fb removed extra print_status() calls 2013-01-22 12:31:40 +00:00
bcoles 970591a85f Add ZoneMinder arbitrary command execution exploit 2013-01-22 22:56:50 +10:30
Kacper Nowak 08a5f467b1 added URL for developer site 2013-01-22 12:14:38 +00:00
Kacper Nowak cd29a88c18 added Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution 2013-01-22 11:58:24 +00:00
jvazquez-r7 08062597b9 fix data added to table 2013-01-22 12:07:16 +01:00
jvazquez-r7 dce4e7fc08 Merge branch 'filezilla_server_bugs' of https://github.com/charles-n2netsec/metasploit-framework into charles-n2netsec-filezilla_server_bugs 2013-01-22 12:06:44 +01:00
jvazquez-r7 516eccdf9a Merge branch 'record_mic_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-record_mic_update 2013-01-22 10:45:36 +01:00
Raphael Mudge 4740cb09a1 Fix NoMethodError if handler has no ParentModule
db.rb assumes that multi/handler sessions have a ParentModule defined
in their datastore. This assumption breaks when a user sets up a
multi/handler by hand to receive a session from another user (e.g.,
via multi_meter_inject).

When db.rb tries to access a member of a nil ParentModule, a
stacktrace is dumped to framework.log.
2013-01-22 02:56:43 -05:00
HD Moore d6ed6cd5e4 Fix a stack overflow in bidirectional pipe 2013-01-22 00:27:03 -06:00
Julian Vilas eb92070df8 added module for CVE-2013-1359 2013-01-22 01:54:41 +01:00
m-1-k-3 11c13500be small fix 2013-01-21 13:41:42 +01:00
m-1-k-3 62ff52280a initial linksys OS command injection 2013-01-21 13:19:29 +01:00
jvazquez-r7 b2c7223108 Cleanup for mysql_file_enum.rb 2013-01-21 12:26:35 +01:00
kernelsmith f05e358058 replace unless rhosts.include? with rhosts.uniq!
seems like this will speed up the process due to far less Array lookups
2013-01-21 00:46:05 -06:00
sinn3r 8b70a94b34 Updates the progress function
Because the previous one was wrong.
2013-01-21 00:30:43 -06:00
Stephen Haywood cfeccaa4f8 Noted support for importing XML reports. 2013-01-20 23:26:53 -05:00
f8lerror 5cfe58e8d5 General code review and corrections 2013-01-20 22:33:04 -05:00
Robin Wood 4d5a7a3d4d Brute force directory and file names with MySQL 2013-01-20 21:32:02 +00:00
Robin Wood e7604f80b2 added a warning and using optpath 2013-01-20 21:24:00 +00:00
Robin Wood 6da4b72d85 added a warning and using optpath 2013-01-20 21:23:59 +00:00