HD Moore
9fe4994492
Chris McNab has been working with MITRE to add these CVEs
...
These CVEs are not live yet, but have been confirmed by cve-assign
t
2014-11-16 18:42:53 -06:00
Christian Mehlmauer
28135bcb09
Land #4159 , MantisBT PHP code execution by @itseco
2014-11-15 07:49:54 +01:00
Jon Hart
57aef9a6f5
Land #4177 , @hmoore-r7's fix for #4169
2014-11-13 18:29:57 -08:00
Christian Mehlmauer
3faa48d810
small bugfix
2014-11-13 22:51:41 +01:00
Christian Mehlmauer
7d6b6cba43
some changes
2014-11-13 22:46:53 +01:00
Tod Beardsley
dd1920edd6
Minor typos and grammar fixes
2014-11-13 14:48:23 -06:00
Juan Escobar
17032b1eed
Fix issue reported by FireFart
2014-11-13 04:48:45 -05:00
jvazquez-r7
31f3aa1f6d
Refactor create packager methods
2014-11-13 01:16:15 -06:00
jvazquez-r7
38a96e3cfc
Update target info
2014-11-13 00:56:42 -06:00
jvazquez-r7
e25b6145f9
Add module for MS14-064 bypassing UAC through python for windows
2014-11-13 00:56:10 -06:00
jvazquez-r7
c35dc2e6b3
Add module for CVE-2014-6352
2014-11-12 01:10:49 -06:00
HD Moore
6b4eb9a8e2
Differentiate failed binds from connects, closes #4169
...
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:
1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.
Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00
Juan Escobar
ac17780f6d
Fix by @FireFart to recover communication with the application after a meterpreter session
2014-11-11 05:49:18 -05:00
Juan Escobar
6bf1f613b6
Fix issues reported by FireFart
2014-11-11 00:41:58 -05:00
Juan Escobar
d4bbf0fe39
Fix issues reported by wchen-r7 and mmetince
2014-11-10 15:27:10 -05:00
William Vu
0e772cc338
Land #4161 , "stop" NilClass fix
2014-11-09 19:37:32 -06:00
sinn3r
cd0dbc0e24
Missed another
2014-11-09 14:06:39 -06:00
Juan Escobar
9cce7643ab
update description and fix typos
2014-11-09 09:10:01 -05:00
Juan Escobar
5d17637038
Add CVE-2014-7146 PHP Code Execution for MantisBT
2014-11-09 08:00:44 -05:00
Jon Hart
2b7d25950b
Land #4148 , @wchen-r7 fixed #4133
2014-11-07 08:26:29 -08:00
sinn3r
0dbfecba36
Better method name
...
Should be srvhost, not lhost
2014-11-07 02:23:34 -06:00
Joshua Smith
7b25e3be75
Land #4139 , Visual Mining NetCharts
...
landed after some touch up
2014-11-06 22:52:41 -06:00
Joshua Smith
7510fb40aa
touch up visual_mining_netcharts_upload
2014-11-06 22:50:20 -06:00
sinn3r
579481e5f8
Explain why I did this
...
Also tagging Fix #4133
2014-11-06 14:25:11 -06:00
sinn3r
f210ade253
Use SRVHOST for msvidctl_mpeg2
2014-11-06 14:23:21 -06:00
sinn3r
f7e308cae8
Land #4110 - Citrix Netscaler BoF
2014-11-06 00:04:17 -06:00
jvazquez-r7
54c1e13a98
Land #4140 , @wchen-r7's default template for adobe_pdf_embedded_exe
...
* Fixes #4134
* Adds a default PDF template
2014-11-05 20:21:14 -06:00
jvazquez-r7
adefb2326e
Land #4124 , @wchen-r7 fixes #4115 adding HTTP auth support to iis_webdav_upload_asp
2014-11-05 18:14:33 -06:00
sinn3r
1b2554bc0d
Add a default template for CVE-2010-1240 PDF exploit
2014-11-05 17:08:38 -06:00
jvazquez-r7
79cabc6d68
Fix clean up
2014-11-05 15:46:33 -06:00
jvazquez-r7
c08993a9c0
Add module for ZDI-14-372
2014-11-05 15:31:20 -06:00
jvazquez-r7
400ef51897
Land #4076 , exploit for x7chat PHP application
2014-11-03 18:22:04 -06:00
jvazquez-r7
3bf7473ac2
Add github pull request as reference
2014-11-03 18:18:42 -06:00
jvazquez-r7
44a2f366cf
Switch ranking
2014-11-03 18:06:09 -06:00
jvazquez-r7
039d3cf9ae
Do minor cleanup
2014-11-03 18:04:30 -06:00
Juan Escobar
7e4248b601
Added compatibility with older versions, Updated descriptions and fixed issue with Ubuntu 12.04
2014-11-03 16:42:50 -05:00
sinn3r
9a27984ac1
switch from error to switch
2014-11-03 13:56:41 -06:00
sinn3r
a823ca6b2f
Add support for HTTP authentication. And more informative.
2014-11-03 13:46:53 -06:00
Tod Beardsley
51b96cb85b
Cosmetic title/desc updates
2014-11-03 13:37:45 -06:00
jvazquez-r7
40bf44bd05
Don't allow 127.0.0.1 as SRVHOST
2014-10-31 08:19:15 -05:00
jvazquez-r7
7d2fa9ee94
Delete unnecessary to_s
2014-10-30 22:59:22 -05:00
sinn3r
64f4777407
Land #4091 - Xerox DLM injection
2014-10-30 22:15:16 -05:00
sinn3r
b7a1722b46
Pass msftidy, more descriptive name and description
2014-10-30 22:14:18 -05:00
jvazquez-r7
8fdea5f74c
Change module filename
2014-10-30 20:34:24 -05:00
jvazquez-r7
9404e24b24
Update module information
2014-10-30 20:33:38 -05:00
Jon Hart
1a37a6638c
Fix splunk_upload_app_exec to work on new installs. Style
2014-10-30 18:28:56 -07:00
Jon Hart
55f245f20f
Merge #3507 into local, recently updated branch of master for landing
2014-10-30 17:28:20 -07:00
jvazquez-r7
6574db5dbb
Fix the 64 bits code
2014-10-30 17:01:59 -05:00
jvazquez-r7
ac939325ce
Add module first version
2014-10-29 21:11:57 -05:00
Deral Heiland
64a59e805c
Fix a simple typo
2014-10-29 12:40:24 -04:00