Commit Graph

36079 Commits (c89c0c39b853a6e48b185a66306b81843b2c1fd2)

Author SHA1 Message Date
nixawk a6628110f6 rebuild joomla_contenthistory_sqli (cve-2015-7297) 2015-10-25 03:56:36 +00:00
William Vu 69de8b92fd
Land #6134, PAYLOAD and LHOST for jobs (not -v) 2015-10-24 18:27:32 -05:00
Spencer McIntyre e0fef4890f
Land #6126, fix SSH_DEBUG from LoginScanner refactor 2015-10-24 17:51:35 -04:00
James Lee 71b8c97f0e
Always print PAYLOAD and LPORT in 'jobs' 2015-10-24 14:48:03 -05:00
JT ad80f00159 Update mma_backdoor_upload.rb 2015-10-24 11:16:49 +08:00
JT f461c4682b Update mma_backdoor_upload.rb 2015-10-24 11:15:26 +08:00
wchen-r7 f6b9f38326 This method is not needed because Nokogiri does that already 2015-10-23 19:38:17 -05:00
Brent Cook 2e1f1fd6aa
Land #6130, include hostname in vuln query scope 2015-10-23 15:30:40 -07:00
Brent Cook 065fe57ad7 bundler 1.10 :( 2015-10-23 15:30:04 -07:00
Louis Sato 84e8708900
bump mdm to 1.2.9
MS-120

* search scope for vulns now queries host name
2015-10-23 11:07:17 -05:00
wchen-r7 f2b4737e4a
Land #6127, Fix #3859 Add support for registry_key_exist? 2015-10-23 10:59:57 -05:00
Brandon Perry 949a4c797b Update joomla_contenthistory_sqli.rb 2015-10-23 09:33:12 -05:00
Brandon Perry 07d549d783 Update joomla_contenthistory_sqli.rb
Remove sessions for now
2015-10-23 09:32:15 -05:00
wchen-r7 b76192dbcb
Land #6099, make_nops doesn't take into account all the compatible encoders 2015-10-22 21:26:25 -05:00
JT be89cb32c9 Th3 MMA mma.php Backdoor Arbitrary File Upload 2015-10-23 08:47:40 +08:00
jvazquez-r7 d5a010c230
Add support for registry_key_exist? 2015-10-22 16:07:38 -05:00
William Vu f00f90532a Fix SSH_DEBUG for ssh_login{,_pubkey} 2015-10-22 15:14:45 -05:00
wchen-r7 360f40249c
Land #6122, user-assisted Safari applescript:// module (CVE-2015-7007) 2015-10-22 15:07:42 -05:00
wchen-r7 9d2e2df1f1 Update description 2015-10-22 15:07:11 -05:00
Brandon Perry e4281dd1fb Create joomla_contenthistory_sqli.rb 2015-10-22 15:05:02 -05:00
joev 35578c7292 Add refs. 2015-10-22 09:48:11 -05:00
joev 6a87e7cd77 Add osx safari cmd-R applescript exploit. 2015-10-22 09:46:56 -05:00
Spencer McIntyre b4a8f80493 Update the cached size for the current met file 2015-10-22 08:54:14 -04:00
Spencer McIntyre 810665847b Add stageless python meterpreter to the payloads spec 2015-10-22 08:40:50 -04:00
Sam H 348a0f9e3d Cleaned up "cleanup" method and crontab check
The script now searches for the full line "ALL ALL=(ALL) NOPASSWD: ALL" written in the crontab file to ensure that it is successful rather than just "NOPASSWD". Additionally, the required argument used in the cleanup method was removed and simply turned into an instance method so it could be accessed without needing to call it with any arguments.
2015-10-21 22:53:32 -07:00
Spencer McIntyre 23d9efb5a3 Add stageless Python Meterpreter for bind tcp 2015-10-21 18:37:37 -04:00
Spencer McIntyre 8bb694fa5c Add stageless Python Meterpreter for reverse tcp 2015-10-21 18:23:04 -04:00
Brent Cook 190181301d
Land #6119, update to mdm 1.2.8 (fixes search queries) 2015-10-21 17:09:36 -05:00
Brent Cook 7596f13407 remove bundled-with message 2015-10-21 17:08:54 -05:00
Louis Sato 867bf340ab
bump mdm to 1.2.8
MSP-13273
2015-10-21 16:58:27 -05:00
wchen-r7 065d042ec4 Update doc a little bit 2015-10-21 16:29:27 -05:00
wchen-r7 12cdd786a6 Add more Nokogiri and RKelly support for Rex::Proto::Http::Response
These new methods allow the module writer to being able to parse
HTML/XML/JSON responses properly without using regex first.
2015-10-21 16:26:31 -05:00
Kyle Gray 3f556c6fee
Land #6117, Fix nil http_method in php_include 2015-10-21 13:45:32 -05:00
William Vu 997e8005ce Fix nil http_method in php_include 2015-10-21 13:22:09 -05:00
William Vu 129544c18b
Land #6112, splat for ZPanel exploit 2015-10-21 13:07:51 -05:00
William Vu ccc0e55e0c
Land #6116, target for minishare_get_overflow 2015-10-21 13:06:34 -05:00
Boumediene Kaddour e188bce4c9 Update minishare_get_overflow.rb 2015-10-21 16:48:31 +02:00
wchen-r7 f06d7591d6 Add header for zpanel_information_disclosure_rce.rb 2015-10-20 16:19:44 -05:00
wchen-r7 70b005de7f
Land #6041, Zpanel info disclosure exploit 2015-10-20 16:08:16 -05:00
wchen-r7 728fd17856 Make code changes for zpanel_information_disclosure_rce.rb
Use Nokogiri and URI, as well as indent fixes and other things
2015-10-20 16:07:02 -05:00
Brent Cook cb2d5a6c54
Land #6110, fix typos in exec_powershell, datstore confusion 2015-10-20 13:10:13 -05:00
Brent Cook 0784370b98 more typo and whitespace fixes 2015-10-20 13:09:17 -05:00
Brent Cook 4b271425c9 s/datstore/datastore/g 2015-10-20 13:05:49 -05:00
Rob Fuller 2f1406e1c8 fix typo
not sure how this got in there
2015-10-20 13:48:00 -04:00
Louis Sato 60c269983b
Land #6078, Fix double raise in vnc_none_auth 2015-10-20 11:47:26 -05:00
William Vu 88159edf9f Fix double raise in vnc_none_auth
Not necessary for what it's trying to accomplish, being a scanner.
2015-10-19 18:22:06 -05:00
William Vu 6de4c90ed9
Land #6106, tab completion fix for spool 2015-10-19 17:33:32 -05:00
HD Moore 6748ccbb82 This method was moved to Rex::Ui::Text::Output 2015-10-19 10:43:38 -05:00
HD Moore d7b8767afc Fix #6105 by moving ``puts`` into the base class 2015-10-19 10:42:46 -05:00
Sam H 712f9f2c83 Deleted extra reference to exploit DB 2015-10-18 19:10:47 -07:00