f034952852
Land #6918 , Added additional SAP TCP/IP ports into the sap_port_info function.
2016-06-03 08:01:04 -05:00
d371fd0798
Land #6885 , add aux control module for PhoenixContact PLCs
2016-06-03 07:50:39 -05:00
f333481fb8
Add vendor patch info
2016-06-02 16:41:06 -05:00
7c9227f70b
Cosmetic changes for magento_unserialize to pass msftidy & guidelines
2016-06-02 16:34:41 -05:00
a15c79347b
Add canon printer credential harvest module
...
Praedasploit
2016-06-02 16:07:28 -05:00
9128ba3e57
Add popen() vuln to ImageMagick exploit
...
So... we've actually been sitting on this vuln for a while now. Now that
the cat's out of the bag [1], I'm updating the module. :)
Thanks to @hdm for his sharp eye. ;x
[1] http://permalink.gmane.org/gmane.comp.security.oss.general/19669
2016-06-02 11:35:37 -05:00
4f42cc8c08
Added module
2016-06-02 09:24:10 -05:00
68d647edf1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into op5
2016-06-01 18:05:18 -04:00
52d5028548
op5 config exec
2016-06-01 15:07:31 -04:00
d72492fe30
Add support for older Data Protector versions
...
Increases support by enabling all SSL ciphers. Some older versions
of DP only support weaker export ciphers not enabled by default.
2016-06-01 10:45:47 +01:00
98cfcc65ae
Added IP address to returned information.
...
This scanner module doesn't tell you the location of the found information. So when using the -R option to fill the RHOSTS all you get is a bunch of successful findings, however you won't know to which systems they belong.
2016-05-31 19:47:00 -07:00
eb2398a446
Renamed hp_dataprotector_encrypted_comms
...
Renamed to match other data protector exploits
2016-05-31 22:58:32 +01:00
54c4771626
Exploit for HP Data Protector Encrypted Comms
...
Added exploit for HP Data Protector when using encrypted communications.
This has been tested against v9.00 on Windows Server 2008 R2 but should also work against older versions of DP.
2016-05-31 22:44:14 +01:00
fb678564b1
Land #6923 , Check the correct check code for ms13_081_track_popup_menu
2016-05-31 11:40:02 -05:00
8ce59ae330
travis fixes
2016-05-31 05:46:20 -04:00
057947d7e8
ipfire proxy exec
2016-05-30 10:24:17 -04:00
9b5e3010ef
doc/module cleanup
2016-05-30 06:33:48 -04:00
df55f9a57c
first add of ipfire shellshock
2016-05-29 20:40:12 -04:00
2afcda9d49
Did some more rubocopy work and
...
added module documentation
2016-05-28 15:32:18 +02:00
01a691a46c
Update sap_router_portscanner.rb
...
Added additional SAP TCP/IP ports for sap_port_info function.
ref: https://wiki.scn.sap.com/wiki/display/TCPIP/Services
2016-05-27 14:43:16 +01:00
fb95abc645
Land #6909 , Add WordPress Ninja Forms unauthenticated file upload
2016-05-25 15:40:10 -05:00
14e1baf331
Minor style changes
2016-05-25 15:39:26 -05:00
19c4d5b02b
Remove hard coded target path
2016-05-25 18:04:26 +01:00
028b1ac251
Land #6816 Oracle Application Testing Suite File Upload
2016-05-24 18:27:10 -05:00
3dfdf1d936
Land #6528 , tilde expansion and more for OptPath
2016-05-24 16:01:59 -05:00
48c25dd863
Remove need for expand_path in this module; normalize handles it now
2016-05-24 13:30:12 -07:00
3df4c38e82
Use correct key file var
2016-05-24 13:28:08 -07:00
77a62ff7c0
Land #6905 RC4 Stagers
2016-05-24 09:34:32 -05:00
af86d63498
Updated Cache size
2016-05-24 09:07:05 -05:00
f0b945e4c4
Updated cache size
2016-05-24 09:06:46 -05:00
d328258db4
Updated Cache size
2016-05-24 09:06:28 -05:00
5c6b93c1cf
Land #6883 , Add Ubiquiti airOS exploit
2016-05-24 07:26:40 -05:00
ca76e8f290
Update allwinner_backdoor report_vuln hash
2016-05-24 00:57:37 -05:00
5bf8891c54
Land #6882 , fix moodle_cmd_exec HTML parsing to use REX
2016-05-23 23:25:22 -05:00
266d29ca4a
handle garbage better during probe
2016-05-23 22:28:31 -05:00
a6020ca010
style fixes
2016-05-23 22:14:57 -05:00
928a706135
Land #6890 , Allwinner CPU kernel module local privilege escalation
2016-05-23 22:00:52 -05:00
2f8562fba4
added documentation and minor style tweaks
2016-05-23 21:59:44 -05:00
adb8098b8c
Fix typo
2016-05-24 00:16:04 +01:00
aae7c25603
Add WordPress Ninja Forms unauthenticated file upload module
2016-05-23 23:47:41 +01:00
4242bbdf55
change report_note to report_vuln per note
2016-05-23 17:36:50 -04:00
2694907b79
update cached payload size
2016-05-23 14:30:43 -05:00
cf62218139
Update payload sizes
2016-05-23 14:27:11 -05:00
efc64eaa5f
Implement reverse_tcp_rc4_dns payload in metasm
...
Using the ruby methods for generating assembly blocks defined or
separated in prior commits, create a new payload from the existing
assembly blocks which performs a DNS lookup of the LHOST prior to
establishing a corresponding socket and downloading, and
decrypting the RC4 encrypted payload.
For anyone looking to learn how to build these payloads, these
three commits should provide a healthy primer. Small changes to
the payload structure can yield entropy enough to avoid signature
based detection by in-line or out-of-band static defenses. This
payload was completed in the time between this commit and the last.
Testing:
Win2k8r2
ToDo:
Update payload sizes when this branch is "complete"
Ensure UUIDs and adjacent black magic all work properly
2016-05-23 14:27:11 -05:00
0e69040a6a
Implement reverse_tcp_dns as metasm payload
...
Using the separation of block_recv and reverse_tcp, implement
reverse_tcp_dns using original shellcode as template with dynamic
injection of parameters. Concatenate the whole thing in the
generation call chain, and compile the resulting shellcode for
delivery.
Metasploit module pruned to bare minimum, with the LHOST OptString
moved into the library component.
Testing:
Win2k8r2
ToDo:
Update payload sizes when this branch is "complete"
Ensure UUIDs and adjacent black magic all work properly
Misc:
Clean up rc4.rb to use the rc4_keys method when generating a
stage. Makes the implementation far more readable and reduces
redundant code.
2016-05-23 14:27:11 -05:00
df2346d9e0
Implement RC4 metasm payloads for tcp bind and rev
...
Convert reverse_tcp_rc4 and bind_tcp_rc4 from static shellcode
substitution payloads to metasm compiled assembly approach.
Splits up metasm methods for bind_tcp and reverse_tcp into socket
creation and block_recv to allow for reuse of the socket methods
with the RC4 payloads, while substituting the block_recv methods
for those carrying the appropriate decryptor stubs.
Creates a new rc4 module carrying the bulk of the decryptor and
adjacent convenince methods for standard payload generation.
Testing:
Tested against Win2k8r2, Win7x64, and WinXPx86
ToDo:
Ensure all the methods around payload sizing, UUIDs, and other
new functionality, the semantics of which i do not yet fully
understand, are appropriate and do not introduce breakage.
2016-05-23 14:27:11 -05:00
7e34d1e1cf
Land #6897 , use sendall python rtcp shell with ssl
2016-05-21 16:51:10 -04:00
6581fbd294
Add note about "mf" malware
...
This is the malware I found upon shelling my friend's device.
2016-05-20 23:09:10 -05:00
b613dfefb4
Land #6896 , fix spelling in caidao_bruteforce_login
2016-05-19 21:54:06 -05:00
a71e853c2a
Fixed cache size for python/shell_reverse_tcp_ssl
2016-05-20 02:32:37 +00:00
87398d5195
Fixed python reverse shell ssl send for EOF occurred in violation of protocol error
2016-05-20 01:49:04 +00:00
506356e15d
Land #6889 , check #nil? and #empty? instead of #empty?
2016-05-19 19:23:04 -05:00
99a573a013
Do unless instead "if !" to follow the Ruby guideline
2016-05-19 19:21:45 -05:00
706d51389e
spelling fix
2016-05-19 19:30:18 -04:00
a16f4b5167
Return nil properly in rescue
...
Missed this because I copypasta'd myself.
2016-05-19 15:35:38 -05:00
d018bba301
Store SSH key as a note
...
I know, I know, it should use the creds model. >:[
2016-05-19 15:12:58 -05:00
9f738c3e41
Add note about overwritten files
2016-05-19 15:07:27 -05:00
8fccb26446
Add Ubiquiti airOS exploit
...
Thanks to my friend wolf359 for providing a test device!
2016-05-19 14:50:20 -05:00
31bbcfca49
Fix ms13_081_track_popup_menu
2016-05-19 17:22:47 +09:00
c621f689b2
more descriptive note per @sempervictus
2016-05-18 19:08:01 -04:00
b5284375a7
osb_uname_jlist - NoMethodError undefined method 'empty?' for nil:NilClass
2016-05-18 00:16:53 -05:00
11fedd7353
ca_totaldefense_regeneratereports - NoMethodError undefined method 'empty?' for nil:NilClass
2016-05-18 00:15:28 -05:00
a6405beeda
ams_hndlrsvc - NoMethodError undefined method 'empty?' for nil:NilClass
2016-05-18 00:13:40 -05:00
41bcdcce61
fix struts_code_exec_exception_delegator - NoMethodError undefined method 'empty?' for nil:NilClass
2016-05-18 00:11:57 -05:00
bc257ea628
fix struts_code_exec - NoMethodError undefined method 'empty?' for nil:NilClass
2016-05-18 00:10:32 -05:00
68b83c6e3a
datastore['CMD'].blank?
2016-05-17 23:56:59 -05:00
815a2600a8
additional description
2016-05-17 22:07:33 -04:00
640e0b9ff7
working ready for pr
2016-05-17 21:58:32 -04:00
a4e7e373f3
fix ams_xfr.rb - NoMethodError undefined method 'empty?' for nil:NilClass
2016-05-17 17:55:18 -05:00
36a9ef83ab
Added phoenix_command.rb
2016-05-17 15:45:45 +02:00
e8ac568352
doesn't look like we're using the tcp mixin
2016-05-17 03:15:26 -05:00
08394765df
Fix #6879 , REXML::ParseException No close tag for /div
2016-05-17 03:14:00 -05:00
9c61490676
Fix some inconsistencies
...
Failed to catch these while editing. :(
2016-05-17 02:50:12 -05:00
92d07f74ff
Remove unnecessary double expand_path
2016-05-16 17:34:12 -07:00
8bccfef571
Fix merge conflict
2016-05-16 17:29:45 -07:00
cf0176e68b
Land #6867 , Add Dell SonicWALL Scrutinizer 11.0.1 MethodDetail SQL Injection
2016-05-16 19:00:10 -05:00
3ea2f62376
Land #6875 , update description for auxiliary/spoof/nbns/nbns_response
2016-05-15 12:34:53 -05:00
8e85e8f9d7
Land #6859 , Add TP-Link sc2020n Module
2016-05-15 12:33:54 -05:00
5361aaadbd
Update nbns_response.rb
...
Just correcting the description section of this module
2016-05-14 15:24:38 -07:00
21d74a64fe
Land #6874 , Improve exploit for CVE-2016-0854
2016-05-14 11:08:17 -05:00
0d176f2c92
remove a couple of unnecessary ternary ops
2016-05-14 11:07:43 -05:00
c7cbaa08c8
Land #6576 , add Search Engine Subdomains Collector (Bing / Yahoo / ..)
2016-05-14 10:50:53 -05:00
2e3e4f0069
Land #6296 , Added a multi-platform post module to generate TCP & UDP egress traffic
2016-05-14 00:03:00 -05:00
3542d907f7
simplify description, move the bulk of documentation to documentation/
2016-05-14 00:01:51 -05:00
8ce0365c7f
See rapid7/metasploit-payloads#98 , update cached payload sizes
2016-05-13 23:05:34 -05:00
d398419971
Land #6832 , Check LHOST value before running shell_to_meterpreter, add docs
2016-05-13 22:50:22 -05:00
314d73546c
additional details, not working on tablet via malicious apk meterpreter
2016-05-13 23:12:44 -04:00
a940481f62
Land #6834 , Authorized FTP JCL exploit for z/OS
2016-05-13 21:29:45 -05:00
5c494480e6
handle failure more gracefully
2016-05-13 21:29:25 -05:00
3b5db26ff5
Fix #6872 , change upload action for CVE-2016-0854 exploit
...
This patch includes the following changes:
* Instead of the uploadFile action, this patch uses uploadImageCommon
to be able to support both Advantech WebAccess builds: 2014 and
2015.
* It uses an explicit check instead of the passive version check.
* It cleans up the malicious file after getting a session.
* Added module documentation to explain the differences between
different builds of Advantech WebAccess 8.0s, and 8.1.
Fix #6872
2016-05-13 19:47:18 -05:00
5099124f3d
module compiles, fails correctly but cant yet verify it works
2016-05-12 22:18:43 -04:00
2d5cf6cfe4
Authorized FTP JCL exploit for z/OS
...
This exploit module allows a user with credentials to execute JCL on a
vulnerable mainframe system running z/OS and an appropriately configured
FTP server.
2016-05-12 14:46:31 -05:00
a69432abe5
update module class and move to recon from manage
2016-05-12 12:42:04 -05:00
9f923cdb00
Merge branch 'master' into land-6296-egress
2016-05-12 12:36:47 -05:00
8f9762a3e5
Fix some comments
2016-05-12 00:19:18 -05:00
da293081a9
Fix a typo
2016-05-11 22:48:23 -05:00
9d128cfd9f
Add Dell SonicWALL Scrutinizer 11.0.1 MethodDetail SQL Injection
2016-05-11 22:27:18 -05:00
4b23d2dc58
Adjusting exception handling
...
This commit adjusts the error handling to close the socket before
calling fail_with and adds specific exceptions to catch
2016-05-11 17:18:51 -05:00
32e1a19875
Fix up the disclosure date
2016-05-11 00:18:22 -05:00
ded79ce1ff
Fix CVE syntax
2016-05-10 23:18:45 -05:00
4a5d150716
Fixups to continue supporting Rails 4.2.x
2016-05-10 23:12:48 -05:00
04bb493ccb
Small typo fixed
2016-05-10 23:07:51 -05:00
32ae3e881e
Adding save_cred and exception handling to module
...
This commit adds a save_cred method for saving off the credentials
upon a successful login attempt. Also, exception handling surrounding
the opening of the telnet socket has been added to avoid any accidental
resource leaking.
2016-05-10 20:54:44 -05:00
7c6958bbd8
Rework rails_web_console_v2_code_exec to support CVE-2015-3224
2016-05-10 11:08:02 -05:00
3db72e9b4b
Land #6853 , use send_request_cgi! for CVE-2016-0854 exploit
2016-05-09 16:10:04 -05:00
8eb3193941
Adding TP-Link sc2020n Module
...
This module exploits a command injection vulnerability in
TP-Link sc2020n network video cameras in order to start the
telnet daemon on a random port. The module then connects to
the telnet daemon, which returns a root shell on the device.
2016-05-08 14:02:50 -05:00
2a546d191f
Land #6854 , smtp header fix
...
Fixes an issue with duplicate headers when sending emails.
Fixes MS-1476
2016-05-06 12:07:12 -05:00
2abb062070
Clean up module
2016-05-06 11:51:29 -05:00
e4e6246692
Merge branch 'master' of github.com:rapid7/metasploit-framework
2016-05-06 10:55:52 -05:00
8dc7de5b84
Land #6838 , add Rails web-console module
2016-05-05 15:53:52 -05:00
1bc2ec9c11
Update vulnerable versions to include 6.x (legacy)
2016-05-05 14:18:42 -05:00
26b749ff5a
Add default LHOST
...
This is a massive workaround and probably shouldn't be done. :-)
2016-05-05 14:18:42 -05:00
5c713d9f75
Set default payload
...
Land #6849 for this to be effective.
2016-05-05 14:18:42 -05:00
232cc114de
Change placeholder text to something useful
...
A la Shellshock. :)
2016-05-05 14:18:42 -05:00
f32c7ba569
Add template generation details
2016-05-05 14:18:42 -05:00
23a0517a01
Update description
2016-05-05 14:18:42 -05:00
d7b76c3ab4
Add more references
2016-05-05 14:18:42 -05:00
5c04db7a09
Add ImageMagick exploit
2016-05-05 14:18:42 -05:00
2e460a87dd
Remove extra assignment
2016-05-05 11:24:19 -05:00
891a788ad4
Land #6849 , mknod to mkfifo
...
lands wvu's pr to switch from mknod to
mkfifo for netcat payloads
2016-05-05 10:34:41 -05:00
35a780c6a8
fix send_request_cgi redirection issues #6806
2016-05-05 09:55:32 -05:00
9357a30725
remove duplicate key
2016-05-04 22:15:33 +02:00
74e5772bbf
Replace mknod with mkfifo for portability
...
Works on BSD and OS X now. This has been bugging me for a while.
2016-05-04 02:32:37 -05:00
779a7c0f68
Switch to the default rails server port
2016-05-03 02:06:58 -05:00
8b04eaaa60
Clean up various whitespace
2016-05-03 02:06:37 -05:00
68ad9b0b53
Land #6835 , support Windows and Java platforms for struts_dmi_exec
2016-05-02 15:04:42 -05:00
df44dc9c1c
Deprecate exploits/linux/http/struts_dmi_exec
...
Please use exploits/multi/http/struts_dmi_exec, which supports
Windows and Java targets.
2016-05-02 15:03:25 -05:00
be363411de
Land #6317 , Add delay(with jitter) option to auxiliary scanner and portscan modules
2016-05-02 13:09:40 -05:00
3300bcc5cb
Make msftidy happier
2016-05-02 02:33:06 -05:00
67c9f6a1cf
Add rails_web_console_v2_code_exec, abuse of a debug feature
2016-05-02 02:31:14 -05:00
6a00f2fc5a
mv exploits/linux/http/struts_dmi_exec.rb to exploits/multi/http/struts_dmi_exec.rb
2016-05-01 00:00:29 +08:00
ec66410fab
add java_stager / windows_stager | exploit with only one http request
2016-04-30 23:56:56 +08:00
73ac6e6fef
Land #6831 , Add CVE-2016-3081 Apache struts s2_032 DMI Code Exec
2016-04-29 11:53:47 -05:00
d6a6577c5c
Default payload to linux/x86/meterpreter/reverse_tcp_uuid
...
Default to linux/x86/meterpreter/reverse_tcp_uuid for now because
of issue #6833
2016-04-29 11:52:50 -05:00
288975a9ce
rm modules/exploits/multi/http/struts_dmi_exec.rb
2016-04-30 00:44:31 +08:00
9d279d2a74
Merge pull request #15 from wchen-r7/pr6831
...
Changes for Apache struts from @wchen-r7
2016-04-30 00:37:53 +08:00
15ffae4ae8
rename module name
2016-04-30 00:17:26 +08:00
1d95a8a76d
rename struts_code_exec_dynamic_method_invocation.rb to struts_dmi_exec.rb
2016-04-30 00:13:34 +08:00
97061c1b90
Update struts_dmi_exec.rb
2016-04-29 11:13:25 -05:00
9e56bb8358
send http request (get -> post)
2016-04-30 00:08:00 +08:00
e9535dbc5b
Address all @FireFart's feedback
2016-04-29 11:03:15 -05:00
6f6558923b
Rename module as struts_dmi_exec.rb
2016-04-29 10:34:48 -05:00
2f66442f1d
Fix #5191 , bad LHOST format causes shell_to_meterpreter to backtrace
...
When using shell_to_meterpreter via a pivot, the LHOST input's format
might be invalid. This is kind of a design limitation, so first we
check the input, and there is a module doc to go with it to explain
a workaround.
Fix #5191
2016-04-28 23:03:54 -05:00
643591546e
struts s2_032 rce - linux_stager
2016-04-29 10:49:56 +08:00
2a91a876ff
Update php/meterpreter_reverse_tcp size
2016-04-27 16:14:38 -05:00
c16a02638c
Add Oracle Application Testing Suite exploit
2016-04-26 15:41:27 -05:00
0cb555f28d
Fix typo
2016-04-26 15:26:22 -05:00
f28d280199
Land #6814 , move stdapi to exist?
2016-04-24 13:41:11 -04:00
194a84c793
Modify stdapi so it also uses exist? over exists? for ruby parity
...
Also add an alias for backward compatibility.
2016-04-23 17:31:22 -04:00
9a873a7eb5
more style fixes
2016-04-23 12:18:28 -04:00
d86174c3bf
style fixes
2016-04-23 12:18:28 -04:00
4250725b13
fix incorrect hex port conversion
2016-04-23 12:18:28 -04:00
7ff5a5fd7e
switch mainframe payloads to fixed size
2016-04-23 11:40:05 -04:00
81af4d2675
Fix: merge error
2016-04-23 23:19:08 +08:00
1d99d08ac8
rebuild
2016-04-23 23:15:19 +08:00
de9ac28db1
class Metasploit4 -> class MetasploitModule
2016-04-23 23:03:48 +08:00
e2fcfc8d09
fix index / space
2016-04-23 23:02:41 +08:00
fca4d53a6f
add yahoo_search / bing_search exception handler
2016-04-23 22:58:39 +08:00
d9633078ec
merge yahoo_search_domain[ip] / bing_search_domain[ip]
2016-04-23 22:45:47 +08:00
66c0832f27
add Rex::Socket.getaddresses exception handler
2016-04-23 20:09:12 +08:00
b47b83dfaa
add results.nil? / results.empty? check
2016-04-23 19:47:33 +08:00
7579abb34e
report_note in a line
2016-04-23 19:43:44 +08:00
55e31bacee
add exception handler
2016-04-23 19:01:55 +08:00
73121f7e2f
add vprint_good
2016-04-23 18:50:48 +08:00
bc1f829fe5
class Metasploit4 -> class MetasploitModule
2016-04-23 17:36:22 +08:00
da9f156913
Print IP in print_*
2016-04-22 16:03:31 -05:00
3aa02891e9
Bring #6801 up to date with upstream-master
2016-04-22 14:04:26 -05:00
4a435e8d13
Bring hp_dataprotector_install_service up to date w/ upstream-master
2016-04-22 13:42:41 -05:00
db1d973ef0
Cosmetic changes for hp_dataprotector_install_service
2016-04-22 13:41:18 -05:00
16ff74e293
syntax check / code reduce
2016-04-22 10:53:03 +08:00
ca4bcfe62a
Update enum_emet.rb
...
Cleaned up a bit more
2016-04-22 00:41:10 +01:00
c81d0ade3f
Update, implemented
...
Took @bcook-r7's advice
2016-04-22 00:37:03 +01:00
30ac6b4a93
enum_emet
...
A module to enumerate all the EMET wildcard paths.
2016-04-22 00:20:25 +01:00
67968e912c
Land #6785 Add CVE-2016-0854 Advantech WebAccess Arbitrary File Upload
2016-04-21 12:02:04 -05:00
57ab974737
File.exists? must die
2016-04-21 00:47:07 -04:00
c08872144f
Update advantech_webaccess_dashboard_file_upload.rb
2016-04-21 09:33:03 +08:00
dcb9c83f98
Update advantech_webaccess_dashboard_file_upload.rb
2016-04-21 09:28:42 +08:00
6b3326eab2
Land #6707 , support for LURI handler
2016-04-20 16:26:07 -05:00
e1e43db551
Land #6789 , remove overwritten keys from hashes
2016-04-20 13:33:31 -05:00
f0d403124c
Update symantec_brightmail_ldapcreds.rb
2016-04-20 18:58:12 +02:00
cda104920e
delete telisca abuse
2016-04-20 17:09:13 +01:00
c322a4b314
added modules/auxiliary/scanner/http/symantec_brightmail_ldapcreds.rb
2016-04-20 17:01:18 +01:00
dc3a185519
delete modules/auxiliary/voip/telisca_ips_lock_abuse.rb
2016-04-20 16:48:37 +01:00
57467b94d9
Fix RegExp evaluation in is_routable? function
2016-04-20 10:22:46 -05:00
5adf5be983
add symantec bright mail ldap creds
2016-04-20 16:05:24 +01:00
57cb8e49a2
remove overwritten keys from hashes
2016-04-20 07:43:57 -04:00
dfb2b95e46
Merge remote-tracking branch 'upstream/master'
...
Merge
2016-04-20 12:21:16 +01:00
b74930f5c9
Land #6771 , Deprecate dns_bruteforce / dns_cache_scraper / dns_info / dns_reverse_lookup / dns_srv_enum
2016-04-19 16:30:36 -05:00
2400345fff
Merge pull request #2 from open-security/advantech_webaccess_dashboard_file_upload
...
Advantech webaccess dashboard file upload
2016-04-19 12:59:32 +08:00
0407acc0ec
add print_status with vuln_version?
2016-04-19 11:22:00 +08:00
c88ddf1cc4
fix NilClass for res.body
2016-04-19 10:27:20 +08:00
3da451795c
Fix potential case issue
...
Even though the options were getting put back in a datastore, the
original case could still be lost and that would be bad.
2016-04-18 17:52:27 -04:00
fd603102db
Land #6765 , Fixed SQL error in lib/msf/core/exploit/postgres
2016-04-18 10:44:20 -07:00
89a3755754
Land #6786 , post/windows/manage/autoroute improvements
...
Resolve #6781
2016-04-18 12:11:42 -05:00
a895b452e6
fix
2016-04-19 00:21:26 +08:00
c596421b01
use generate_uri_uuid_mode for java reverse_http
2016-04-18 08:26:02 -05:00
edd30e433e
https tweaks
2016-04-18 08:26:02 -05:00
555352b210
Force lurl string duplication to avoid stageless issues
...
I have NO idea why this is even a problem. Mutating state is the spawn of satan.
2016-04-18 08:25:19 -05:00
a74a7dde55
More fixies for LURI in Python, and native too
2016-04-18 08:25:19 -05:00
06d53112e3
Add support for LURI to the java and android payloads
2016-04-18 08:24:41 -05:00
Brent Cook
wchen-r7
dmohanty-r7
William Vu
mr_me
h00die
root
sho-luv
Ian Lovering
Tijl Deneut
Bruno Morisson
rastating
William Webb
Jon Hart
Brendan Watters
RageLtMan
Spencer McIntyre
root
ssyy201506
Vex Woo
Tijl Deneut
Bigendian Smalls
Nicholas Starke
HD Moore
Kyle Gray
David Maloney
Louis Sato
Adam Cammack
Christian Mehlmauer
Brian Patterson
Security Corporation
Vincent Yiu
504137480
Fakhir Karim Reda zirsalem
Josh Hale
thao doan
Tim
OJ