Commit Graph

31338 Commits (c836078292f0fe42b126f1efd9055a05903d4693)

Author SHA1 Message Date
Brent Cook 58436fcc98
Land #4706 jvazquez-r7 adds NTLMSSP support for smb_relay 2015-02-20 15:15:00 -06:00
William Vu c9ddd0dac9
Land #4795, f5_bigip_cookie_disclosure update 2015-02-20 13:11:42 -06:00
William Vu b676f5a07e Clean up #4795 2015-02-20 13:10:31 -06:00
William Vu 59b7f321e5
Land #4801, QConvergeConsole Tomcat creds 2015-02-20 12:54:07 -06:00
William Vu cd8f9065be
Land #4807, reverse_http_proxy_pstore spec 2015-02-20 12:28:20 -06:00
Brent Cook 641b67469d add payload specs for reverse_http_proxy_pstore
PR predated the spec
2015-02-20 12:23:51 -06:00
Meatballs dc4898765f
Fix EXE::Custom 2015-02-20 16:59:18 +00:00
Brent Cook b624278f9d Merge branch 'master' into land-4706-smb_reflector 2015-02-20 10:26:04 -06:00
Brent Cook 765a1bffd7
Land #1396 @somename11111's http_proxy_pstore stager 2015-02-20 09:47:34 -06:00
Brent Cook 5297ebc1a1 Merge branch 'master' into land-1396-http_proxy_pstore
Bring things back to the future
2015-02-20 08:50:17 -06:00
Brent Cook 91b4a59fc7 msftidy fixes 2015-02-20 08:42:54 -06:00
jvazquez-r7 1633a6d4fd Read response back while staging 2015-02-20 01:06:47 -06:00
jvazquez-r7 b0c6671721 Add module for ZDI-15-038, HPCA command injection 2015-02-20 00:41:17 -06:00
Ferenc Spala c498ba64e4 Added a new pair of default Tomcat credentials. QLogic's QConvergeConsole comes with a bundled Tomcat with a hard-coded username and password for the manager app. 2015-02-19 15:08:50 -06:00
sinn3r 49f4b68671
Land #4790, injecting code into eval-based Javascript unpackers 2015-02-19 12:33:52 -06:00
sinn3r 036a6089eb Drop ungenuine x64 support in ms13_022_silverlight_script_object
The MS13-022 exploit does not actually run as x64. IE by default
still runs x86 so BES will always automatically select that target.

If IE forces x64 (which can be done manually), the BES detection
code will see it as ARCH_X86_64, and the payload generator will
still end up generating a x86 payload anyway.

If the user actually chooses a x64 payload, such as
windows/x64/meterpreter/reverse_tcp, the exploit is going to crash
because you can't run x64 shellcode on an x86 architecture.
2015-02-19 10:39:43 -06:00
William Vu 27a8c460bd
Land #4797, revert of #4780 (issue #4669) 2015-02-19 09:58:20 -06:00
Brent Cook 4781ac4b39 the http service needs to keep running to handle meterpreter loading
revert a8f44ca68f
2015-02-19 09:38:48 -06:00
dnkolegov f6c871a8e5 Deleted spaces at EOL 2015-02-19 05:06:00 -05:00
dnkolegov caabb82975 Fixed indentation errors 2015-02-19 05:02:10 -05:00
sinn3r 1835120851 Update rspec for get_payload in BES 2015-02-19 02:45:54 -06:00
dnkolegov 2a584da6d9 Added cookie value in print function 2015-02-19 00:43:57 -05:00
Tod Beardsley 7a3bc017ff
Land #4794, fix some db stuff, drop 1.9 tests 2015-02-18 17:26:02 -06:00
darkbushido e0e9445a40
removing 1.9.3 from travis
metasploit_data_models requires Ruby version >= 2.1.
2015-02-18 17:19:01 -06:00
darkbushido 67c0f590a0
Restoring mysteriusly changed db constraints... 2015-02-18 17:07:25 -06:00
Tod Beardsley c57dee569c
Land #3650, the last Meterpreter script ever. 2015-02-18 16:21:00 -06:00
Spencer McIntyre fe840635e5
Land #4791, fix ms14-070 CreateFile arguments
The arguments to CreateFileA used to require that the user had
some level of access on the \\.\tcp device.
2015-02-18 17:15:45 -05:00
Trevor Rosen 1099084fb0
Land #4761, enforce unique port number per service 2015-02-18 15:22:46 -06:00
Trevor Rosen 62fbf81f8a
Update Gemfile.lock and schema.rb 2015-02-18 15:17:17 -06:00
David Maloney ffa6550aec
Land #4787, HD's new Zabbix and Chef LoginScanners
Lands the new LoginScanners HD wrote for Zabbix
and the Chef WebUI
2015-02-18 14:51:16 -06:00
David Maloney 804db0ff0c
add leixcal sorting to methods
lexical sort the new methods except for
msf module entrypoint methods which should always be at
the top
2015-02-18 14:50:33 -06:00
joev 483a145d19 Fix msftidy issues. 2015-02-18 14:08:03 -06:00
William Vu 35511636cc
Land #4788, splunk_web_login new version support 2015-02-18 11:54:54 -06:00
Jay Smith e40772efe2
Fixed open device issue for non-priv users
Fixed the open_device call to work for users without Administrator
privileges
2015-02-18 12:44:58 -05:00
joev f8609ab0ba Add file format exploit for injecting code into unpackers. 2015-02-18 11:26:45 -06:00
Matt Buck a9931cd410
Land #4725, convert Rails 3 AR calls in RPC_Db
Converts Rails 3 style ActiveRecord calls in RPC_Db to their Rails 4
counterparts.

Fixes #4725, also see MSP-12017
2015-02-18 09:59:40 -06:00
William Vu 10960310da
Land #4786, cosmetic fixes from @hmoore-r7
For {axis,glassfish}_login.
2015-02-18 03:56:13 -06:00
William Vu 6a9d15a8d5
Land #4785, Rex::Proto::Http::Client context fixes 2015-02-18 03:47:26 -06:00
William Vu e2f5cc05c6
Land #4782, MSB reference fix
In ms13_022_silverlight_script_object title.
2015-02-18 03:44:15 -06:00
William Vu bda96f46e6
Land #4780, stop HTTP service with HTTP handler 2015-02-18 03:34:03 -06:00
HD Moore cc6899d783 Fix a stack trace on null response, thanks @jlee-r7 2015-02-18 00:38:55 -06:00
HD Moore f4d8a25981 Add support for newer Splunk versions 2015-02-18 00:30:47 -06:00
HD Moore 2847507f03 Add a chef brute force module 2015-02-17 23:49:57 -06:00
HD Moore 27d5ab45b4 Add a zabbix brute force module 2015-02-17 22:56:08 -06:00
HD Moore 85fd139ab0 Add missing context and a normalize_uri helper method 2015-02-17 22:55:53 -06:00
sinn3r 8ce1db5081 Fix #4783, raise exception if the payload arch is incompatible
Fix #4783
2015-02-17 21:47:17 -06:00
HD Moore f0e69cb526 Fix two cosmetic typos in the axis/glassfish modules 2015-02-17 21:01:35 -06:00
HD Moore 16932372db Calls to Rex::Proto::Http::Client.new were passing in empty context 2015-02-17 20:44:37 -06:00
sinn3r 59c413637a
Land #4781, handle resolve_sid failure enumerating user profiles 2015-02-17 14:58:07 -06:00
sinn3r 6acbe64dbd The MSB reference in the title is wrong
It should be MS13-022.

MS12-022 is MSFT Expression Design.
2015-02-17 14:56:14 -06:00