Steve Tornio
7690e86a89
add osvdb ref
2012-05-14 07:14:10 -05:00
Steve Tornio
bcfa96ced8
add osvdb ref
2012-05-14 07:13:49 -05:00
sinn3r
0b817944c3
Merge pull request #386 from jlee-r7/fix-posix-execute
...
Fix posix execute
2012-05-13 16:17:34 -07:00
sinn3r
2e8b11ca78
Merge pull request #383 from rsmudge/armitage
...
Armitage 05.14.12
2012-05-13 16:15:59 -07:00
root
99a5d1a7b5
fix :pname in the web_vuln_info hash to no include the parameter value
2012-05-13 14:43:02 -07:00
James Lee
ecb106d714
throw is not the same as raise
...
Clearly this code never gets called.
2012-05-13 15:31:57 -06:00
root
2906686da1
forgot to git add db.rb. oops
2012-05-13 14:30:27 -07:00
root
d5cec05cc3
fix tabs
2012-05-13 14:28:50 -07:00
root
253802761f
Remove extraneous puts
2012-05-13 14:19:19 -07:00
root
d0f49c1213
Finished! Importing wapiti now adds Mdm::WebVulns to the db.
...
However, I see no way to actually seeing the webvulns in framework
after importing the report.
2012-05-13 13:58:25 -07:00
James Lee
73331b66e6
Fix execution with spaces in args by using sh -c
...
In posix, a command like "echo 'foo bar'" would previously get parsed
out into arguments for execve like [ "echo", "'foo", "bar'" ] which
obviously isn't what you want. After this commit, it sticks the whole
thing in an arg to sh so the execve call ends up looking like
execve("/bin/sh", ["sh", "-c", "echo 'foo bar'"], [/* 26 vars */]) = 0
This is still a little less than ideal because shell escapes become a
problem; fortunately, that's easy to deal with on the client side as
long as module developers take it into account.
2012-05-13 14:55:57 -06:00
pyoor
6b6dc60b25
Cisco Secure ACS Auth Bypass Module
2012-05-13 16:16:18 -04:00
Christian Mehlmauer
dc10fac885
Ported my Hashcollision Script to Ruby
2012-05-13 20:59:42 +02:00
sinn3r
79a590ccf7
Merge pull request #380 from wchen-r7/bmerinofe-telnet_ruggedcom
...
Modified version of pull request #379 - RuggedCom Telnet Password Generator by bmerinofe
2012-05-13 11:13:27 -07:00
Brandon Perry
b0b72b05d5
Adding the beginning of the wapiti report import nokogiri document
2012-05-13 13:02:48 -05:00
Raphael Mudge
c7b9b711f1
Armitage 05.14.12
...
This release SSL-enables the red team collaboration architecture, adds several keyboard
shortcuts and it improves the workflow for viewing downloaded files/loots.
2012-05-13 13:56:10 -04:00
sinn3r
d2c26f989c
Cleanup whitespace
2012-05-13 04:42:22 -05:00
sinn3r
c1fbf1f931
Merge branch 'mozilla_attribchildremoved' of https://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-mozilla_attribchildremoved
2012-05-13 04:37:49 -05:00
Peter Van Eeckhoutte (corelanc0d3r)
dd42c3096e
added exploit for Firefox 8&9 AttributeChildRemoved UAF
2012-05-13 11:31:46 +02:00
sinn3r
15fbb1e86c
This the modified version of pull request #379 . Changes include:
...
* Add more references
* Update description
* MSF license disclaimer
* Remove the to() function. Instead it's in run_host()
* Put 'info' in the :proof key
* Remove ::Exception handling, so we can see the original that's also logged in framework.log
2012-05-13 04:09:17 -05:00
James Lee
e2bf3c5750
throw is not the same as raise
...
Clearly this code never gets called.
2012-05-12 16:53:54 -06:00
Tod Beardsley
bc1c9a7fe4
Prepend all messages with victim host:port
...
Redefining print_status locally to handle this. Seems like an easy way
to do this kind of thing for a particular module.
[Closes #272 ]
2012-05-11 17:48:54 -05:00
Tod Beardsley
ab655677b4
Fixed typo, converted to OptEnum for fakedns targetaction
2012-05-11 17:12:31 -05:00
Jose Selvi
af71cdafe2
Update modules/auxiliary/server/fakedns.rb
2012-05-11 17:01:14 -05:00
Jose Selvi
1d6b2eb3fe
Added TARGETACTION options and wildcard support
2012-05-11 17:01:13 -05:00
sinn3r
5d8fbefc3d
Merge pull request #378 from wchen-r7/distinct
...
Add OSVDB-80984 - Distinct TFTP Directory traversal
2012-05-11 13:14:19 -07:00
sinn3r
653d7e5923
Add OSVDB-80984
2012-05-11 15:07:31 -05:00
Tod Beardsley
aa3930fcb9
Typo on fixed tftp module
2012-05-10 21:42:33 -05:00
Tod Beardsley
36c805c5ff
Move the context setting to the module
...
Apparently you can't hit the framework object before running the module
any more. Bummer.
[Fixes #6843 ]
2012-05-10 21:21:32 -05:00
sinn3r
7eabce8872
Add comment for PrependEncoder
2012-05-10 12:18:50 -05:00
sinn3r
2b13330483
Merge pull request #376 from wchen-r7/wikkawiki
...
Add CVE-2011-4449
2012-05-10 10:13:56 -07:00
sinn3r
6e8c3ad1e3
It's "inject", not "upload"... because technically that's what really happens.
2012-05-10 12:06:02 -05:00
sinn3r
c69e34d407
Update description
2012-05-10 12:02:55 -05:00
sinn3r
86c3ad5e0c
Add CVE-2011-4449
2012-05-10 11:57:40 -05:00
Tod Beardsley
65800f7c6e
Whitespace on solarwinds
2012-05-09 12:47:22 -05:00
sinn3r
b29f2265f5
Merge pull request #369 from jlee-r7/psnuffle-cleanup
...
Psnuffle cleanup
2012-05-08 20:24:47 -07:00
James Lee
7a05f3eab4
Mark failed logins as inactive
2012-05-08 16:51:22 -06:00
James Lee
318b14af4c
Fix improper reporting and stack traces when we missed a banner
...
Also makes sure we delete the session if we got a 221 response, even if
we haven't seen a login yet.
2012-05-08 16:40:56 -06:00
James Lee
1eec1cebb5
Fix improper reporting
...
:proto is always tcp, udp, etc., name is the higher layer name
2012-05-08 16:39:32 -06:00
James Lee
536fa39ae8
Keep the client and the server on tracked tcp sessions
2012-05-08 16:38:12 -06:00
James Lee
88b35a32e5
Make permissions consistent
2012-05-08 13:50:43 -06:00
James Lee
421630ef85
Binaries with fixed timestamps
...
[See #304 ]
2012-05-08 13:49:35 -06:00
Michael Schierl
5bf03aff7d
Squashed commit of the following:
...
commit db8a4fe575ec09607036ae5550adb83b345d9f2c
Author: Michael Schierl <schierlm@gmx.de>
Date: Wed Apr 11 00:41:51 2012 +0200
Ensure the manifest is always at the beginning of the JAR files
Might create strange errors when loading stdapi if not.
commit fc02de4e36b3b952e256885d277e9c8e91f8f065
Author: Michael Schierl <schierlm@gmx.de>
Date: Wed Apr 4 23:20:20 2012 +0200
Change the build file so that it generates fixed timestamps inside meterpreter.jar / ext_server_stdapi.jar
[Closes #304 ]
2012-05-08 13:48:21 -06:00
Alexandre Maloteaux
452cead1e9
Merge psnuffle ntlmv2 support from Alex Malateaux
...
Testing this with smbclient requires setting "client ntlmv2 auth = yes"
in /etc/samba/smb.conf
Squashed commit of the following:
commit 7acc32f5f00914fed355a080ca237543448f80ca
Author: Alexandre Maloteaux <a.maloteaux@gmail.com>
Date: Thu Apr 12 01:52:49 2012 +0100
psnuffle : move protocol filtering in load function
commit 9c9ae9711c760b4f072271b7e5993f9bf8366671
Author: Alexandre Maloteaux <a.maloteaux@gmail.com>
Date: Thu Apr 12 01:50:48 2012 +0100
psnuffle : add hash exctratiopn from smbv2 session
[Closes #327 ]
2012-05-08 13:41:42 -06:00
Tod Beardsley
86500aad47
Author is always singular.
2012-05-08 08:47:52 -05:00
sinn3r
91a8ff2766
Use print_good when SQL injection is found
2012-05-08 01:30:13 -05:00
sinn3r
fa9d23d839
When a blind SQL injection, it's a good thing (for the attacker), so we should use print_good
2012-05-08 01:26:39 -05:00
sinn3r
ce16ab662c
Cosmetic changes. Also lower the rank for now, because I picked up a state where it can be less stable.
2012-05-08 00:22:19 -05:00
sinn3r
22585ad935
Merge branch 'firefox_exploit' of https://github.com/lincoln-corelan/metasploit-framework into lincoln-corelan-firefox_exploit
2012-05-08 00:00:03 -05:00
lincoln-corelan
b8227b8a2e
Firefox Exploit
2012-05-07 19:41:03 -07:00