c929fbd7f4
Land #2555 - Retry shell without thread impersonation
2013-10-21 12:25:15 -05:00
cacaf40276
Land #2542 - D-Link DIR-605L Captcha Handling Buffer Overflow
2013-10-21 12:03:07 -05:00
9bfd98b001
Change plate
2013-10-21 11:54:42 -05:00
717dfefead
Land #2505 , missing source fix for sock_sendpage
2013-10-21 11:47:55 -05:00
6430fa3354
Land #2539 - Support Windows CMD generic payload
...
This also upgrades auxiliary/admin/scada/igss_exec_17 to an exploit
2013-10-21 11:26:13 -05:00
45d06dd28d
Change plate
2013-10-21 11:24:30 -05:00
0670020701
Land #2553 - HP Intelligent Management BIMS DownloadServlet Directory Traversal
2013-10-21 11:20:16 -05:00
61aff635b1
Land #2547 , typo fix for Meterpreter screenspy
2013-10-21 11:15:42 -05:00
8c05f8cf51
Land #2550 - Add HP Intelligent Managemetn UploadServlet dir traversal
2013-10-21 11:14:22 -05:00
d22e4ac2f1
Check timeout condition
2013-10-21 11:13:48 -05:00
36dace26fa
Land #2538 - Fix redirect URLs
2013-10-21 11:08:03 -05:00
cf65f59a28
Retry shell without thread impersonation
...
In certain scenarios on Windows XP there are times when creating a
shell fails with the error `ERROR_PRIVILEGE_NOT_HELD`. When this
happens the user will usuall fallback to a non-impersonated shell
via the command: `execute -f cmd.exe -H -i -c`
This patch catches the error, warns the use of the failure and then retries
to create the interactive shell without the `-t` flag.
2013-10-21 15:29:19 +10:00
183116c81f
Make module work, and final cleanup
2013-10-20 18:39:41 -05:00
27078eb5a6
Add support for HP imc /BIMS 5.1
2013-10-20 18:18:34 -05:00
b0d32a308a
Update version information
2013-10-19 00:52:22 -05:00
7d8a0fc06c
Add BID reference
2013-10-19 00:29:43 -05:00
aa6a24da1b
Add module template
2013-10-19 00:27:57 -05:00
cf239c2234
Add module for ZDI-13-238
2013-10-19 00:05:09 -05:00
efa0dcb92b
Just a minor mistype
...
Just a minor mistype in code leading to a page that didn't exist.
2013-10-19 00:38:24 +02:00
5a0b8095c0
Land #2382 , Lua bind and reverse shells
2013-10-18 17:11:37 -05:00
b44f0f7e18
Land #2546 , minor OS X persistence fixes
2013-10-18 17:07:53 -05:00
70fced1d74
Delete unnecessary requires and make msftidy compliant
2013-10-18 16:54:20 -05:00
2339cdc713
Land #2513 , @joev-r7's osx persistence local exploit
2013-10-18 15:13:50 -05:00
83f27296d3
Fix some bugs in osx persistence.
...
- the RUN_NOW datastore option did not work as expected
- Adds support for OSX < 10.4 KeepAlive option
- organizes private methods alphabetically.
2013-10-18 14:12:33 -05:00
ffcb86eba2
Land #2541 , Outpost24 importer
...
Sample data is currently secret. If we get a hold of non-secret sample
data, it'll be tacked on to the Redmine bug referenced below.
[FixRM #8384 ]
2013-10-18 13:21:58 -05:00
f6675f3120
Reordered case statements
2013-10-18 13:21:28 -05:00
93ff9ec501
Create methods for start_element for readability
2013-10-18 12:20:43 -05:00
ff69e9fd05
Move product info code to a better location
2013-10-18 12:07:34 -05:00
e6cccedad0
Append vuln info to vuln description
2013-10-18 11:31:54 -05:00
681db6cb41
Use fully qualified constant in include.
2013-10-18 11:31:02 -05:00
05bea41458
mkdir -p the dirname, not the file.
2013-10-18 11:27:37 -05:00
9112157897
Land #2543 , Fixes Meterpreter Railgun Crashes
...
Sometimes FormatMessage would return null when trying to retrieve
the string for GetLastError(). This fixes the crash and attempts to
give some message feedback depending on the Error.
See:
https://github.com/rapid7/meterpreter/pull/35
https://github.com/rapid7/meterpreter/pull/33
[FixRM 8505][FixRM 8503]
2013-10-18 11:16:42 +01:00
827bf23979
Updated binaries with railgun crash fixes
2013-10-18 19:43:17 +10:00
7a47059e1d
Fix a couple more shellescapes.
2013-10-18 00:47:22 -05:00
a2e3c6244e
Remove unnecessary Exe::Custom logic.
...
- this is handled by the exe.rb mixin.
- adds support for a RUN_NOW datastore option.
- tested working on java meterpreter and x86 shell session.
2013-10-18 00:41:18 -05:00
7dd39ae5e6
Update ranking
2013-10-17 22:43:47 -05:00
a00a813649
Add real device libraries base addresses
2013-10-17 22:34:54 -05:00
12151650e4
Add product info to hosts and services :)
2013-10-17 16:18:27 -05:00
06c7943f54
Import hostnames without breaking everything
2013-10-17 15:31:48 -05:00
920e406526
Import CVE refs and db.emit all the things
2013-10-17 14:29:54 -05:00
bcb584ea50
Land #2525 - Change module boilerplate
2013-10-17 14:15:15 -05:00
94db3f511a
Avoid extra slash in redirect URI
...
[SeeRM #8507 ]
2013-10-17 14:10:15 -05:00
be1d6ee0d3
Support Windows CMD generic payload
2013-10-17 14:07:27 -05:00
22b4bf2e94
Resplat webtester_exec.rb
2013-10-17 13:30:54 -05:00
07ab53ab39
Merge from master to clear conflict
...
Conflicts:
modules/exploits/windows/brightstor/tape_engine_8A.rb
modules/exploits/windows/fileformat/a-pdf_wav_to_mp3.rb
2013-10-17 13:29:24 -05:00
064ebb5945
Land #2537 - Add a default Samsung community string
2013-10-17 11:35:04 -05:00
bd405277d9
Add a default Samsung community string
...
See http://www.kb.cert.org/vuls/id/281284
and
http://www.h-online.com/security/news/item/Samsung-network-printer-vulnerability-discovered-Update-2-1757967.html
2013-10-17 10:35:59 -05:00
955fc4e29e
Land #2534 , @bcoles's exploit for webtester 5
2013-10-17 09:32:49 -05:00
352eca1147
Fix check method and set a big space available for payload
2013-10-17 09:30:59 -05:00
54cf7855a2
Add WebTester 5.x Command Execution exploit module
2013-10-17 16:57:57 +10:30
sinn3r
William Vu
OJ
jvazquez-r7
Henrik Kentsson
joev
Tod Beardsley
Meatballs
James Lee
bcoles