Brent Cook
58436fcc98
Land #4706 jvazquez-r7 adds NTLMSSP support for smb_relay
2015-02-20 15:15:00 -06:00
William Vu
c9ddd0dac9
Land #4795 , f5_bigip_cookie_disclosure update
2015-02-20 13:11:42 -06:00
William Vu
b676f5a07e
Clean up #4795
2015-02-20 13:10:31 -06:00
William Vu
59b7f321e5
Land #4801 , QConvergeConsole Tomcat creds
2015-02-20 12:54:07 -06:00
William Vu
cd8f9065be
Land #4807 , reverse_http_proxy_pstore spec
2015-02-20 12:28:20 -06:00
Brent Cook
641b67469d
add payload specs for reverse_http_proxy_pstore
...
PR predated the spec
2015-02-20 12:23:51 -06:00
Meatballs
dc4898765f
Fix EXE::Custom
2015-02-20 16:59:18 +00:00
Brent Cook
b624278f9d
Merge branch 'master' into land-4706-smb_reflector
2015-02-20 10:26:04 -06:00
Brent Cook
765a1bffd7
Land #1396 @somename11111's http_proxy_pstore stager
2015-02-20 09:47:34 -06:00
Brent Cook
5297ebc1a1
Merge branch 'master' into land-1396-http_proxy_pstore
...
Bring things back to the future
2015-02-20 08:50:17 -06:00
Brent Cook
91b4a59fc7
msftidy fixes
2015-02-20 08:42:54 -06:00
jvazquez-r7
1633a6d4fd
Read response back while staging
2015-02-20 01:06:47 -06:00
jvazquez-r7
b0c6671721
Add module for ZDI-15-038, HPCA command injection
2015-02-20 00:41:17 -06:00
Ferenc Spala
c498ba64e4
Added a new pair of default Tomcat credentials. QLogic's QConvergeConsole comes with a bundled Tomcat with a hard-coded username and password for the manager app.
2015-02-19 15:08:50 -06:00
sinn3r
49f4b68671
Land #4790 , injecting code into eval-based Javascript unpackers
2015-02-19 12:33:52 -06:00
sinn3r
036a6089eb
Drop ungenuine x64 support in ms13_022_silverlight_script_object
...
The MS13-022 exploit does not actually run as x64. IE by default
still runs x86 so BES will always automatically select that target.
If IE forces x64 (which can be done manually), the BES detection
code will see it as ARCH_X86_64, and the payload generator will
still end up generating a x86 payload anyway.
If the user actually chooses a x64 payload, such as
windows/x64/meterpreter/reverse_tcp, the exploit is going to crash
because you can't run x64 shellcode on an x86 architecture.
2015-02-19 10:39:43 -06:00
William Vu
27a8c460bd
Land #4797 , revert of #4780 (issue #4669 )
2015-02-19 09:58:20 -06:00
Brent Cook
4781ac4b39
the http service needs to keep running to handle meterpreter loading
...
revert a8f44ca68f
2015-02-19 09:38:48 -06:00
dnkolegov
f6c871a8e5
Deleted spaces at EOL
2015-02-19 05:06:00 -05:00
dnkolegov
caabb82975
Fixed indentation errors
2015-02-19 05:02:10 -05:00
sinn3r
1835120851
Update rspec for get_payload in BES
2015-02-19 02:45:54 -06:00
dnkolegov
2a584da6d9
Added cookie value in print function
2015-02-19 00:43:57 -05:00
Tod Beardsley
7a3bc017ff
Land #4794 , fix some db stuff, drop 1.9 tests
2015-02-18 17:26:02 -06:00
darkbushido
e0e9445a40
removing 1.9.3 from travis
...
metasploit_data_models requires Ruby version >= 2.1.
2015-02-18 17:19:01 -06:00
darkbushido
67c0f590a0
Restoring mysteriusly changed db constraints...
2015-02-18 17:07:25 -06:00
Tod Beardsley
c57dee569c
Land #3650 , the last Meterpreter script ever.
2015-02-18 16:21:00 -06:00
Spencer McIntyre
fe840635e5
Land #4791 , fix ms14-070 CreateFile arguments
...
The arguments to CreateFileA used to require that the user had
some level of access on the \\.\tcp device.
2015-02-18 17:15:45 -05:00
Trevor Rosen
1099084fb0
Land #4761 , enforce unique port number per service
2015-02-18 15:22:46 -06:00
Trevor Rosen
62fbf81f8a
Update Gemfile.lock and schema.rb
2015-02-18 15:17:17 -06:00
David Maloney
ffa6550aec
Land #4787 , HD's new Zabbix and Chef LoginScanners
...
Lands the new LoginScanners HD wrote for Zabbix
and the Chef WebUI
2015-02-18 14:51:16 -06:00
David Maloney
804db0ff0c
add leixcal sorting to methods
...
lexical sort the new methods except for
msf module entrypoint methods which should always be at
the top
2015-02-18 14:50:33 -06:00
joev
483a145d19
Fix msftidy issues.
2015-02-18 14:08:03 -06:00
William Vu
35511636cc
Land #4788 , splunk_web_login new version support
2015-02-18 11:54:54 -06:00
Jay Smith
e40772efe2
Fixed open device issue for non-priv users
...
Fixed the open_device call to work for users without Administrator
privileges
2015-02-18 12:44:58 -05:00
joev
f8609ab0ba
Add file format exploit for injecting code into unpackers.
2015-02-18 11:26:45 -06:00
Matt Buck
a9931cd410
Land #4725 , convert Rails 3 AR calls in RPC_Db
...
Converts Rails 3 style ActiveRecord calls in RPC_Db to their Rails 4
counterparts.
Fixes #4725 , also see MSP-12017
2015-02-18 09:59:40 -06:00
William Vu
10960310da
Land #4786 , cosmetic fixes from @hmoore-r7
...
For {axis,glassfish}_login.
2015-02-18 03:56:13 -06:00
William Vu
6a9d15a8d5
Land #4785 , Rex::Proto::Http::Client context fixes
2015-02-18 03:47:26 -06:00
William Vu
e2f5cc05c6
Land #4782 , MSB reference fix
...
In ms13_022_silverlight_script_object title.
2015-02-18 03:44:15 -06:00
William Vu
bda96f46e6
Land #4780 , stop HTTP service with HTTP handler
2015-02-18 03:34:03 -06:00
HD Moore
cc6899d783
Fix a stack trace on null response, thanks @jlee-r7
2015-02-18 00:38:55 -06:00
HD Moore
f4d8a25981
Add support for newer Splunk versions
2015-02-18 00:30:47 -06:00
HD Moore
2847507f03
Add a chef brute force module
2015-02-17 23:49:57 -06:00
HD Moore
27d5ab45b4
Add a zabbix brute force module
2015-02-17 22:56:08 -06:00
HD Moore
85fd139ab0
Add missing context and a normalize_uri helper method
2015-02-17 22:55:53 -06:00
sinn3r
8ce1db5081
Fix #4783 , raise exception if the payload arch is incompatible
...
Fix #4783
2015-02-17 21:47:17 -06:00
HD Moore
f0e69cb526
Fix two cosmetic typos in the axis/glassfish modules
2015-02-17 21:01:35 -06:00
HD Moore
16932372db
Calls to Rex::Proto::Http::Client.new were passing in empty context
2015-02-17 20:44:37 -06:00
sinn3r
59c413637a
Land #4781 , handle resolve_sid failure enumerating user profiles
2015-02-17 14:58:07 -06:00
sinn3r
6acbe64dbd
The MSB reference in the title is wrong
...
It should be MS13-022.
MS12-022 is MSFT Expression Design.
2015-02-17 14:56:14 -06:00