635ba7abaa
Land #11220 , Add new PCOM module to send admin commands
2019-02-11 12:05:02 -08:00
9c5725b25c
Land #11234 , @bcoles revisionism
2019-01-11 18:17:42 -08:00
83264b8894
Land #11215 , success
2019-01-10 11:00:36 -08:00
d5309999db
Land #11107 , double negative logic cleanup
2018-12-11 18:32:32 -08:00
8f7c2eb6f6
Land #10318 , Oracle function-based index privesc
2018-12-10 09:36:33 -08:00
eeff29167a
Land #11044 , Add pretty 'authenticating' message to MS17-010 modules
2018-11-30 22:58:14 -08:00
340f6d7d0d
Land #10952 , WP GDPR Compliance plugin exploit
2018-11-29 11:35:28 -08:00
67572e2c37
Merge pull request #10870 from jmartin-r7/backport_cache_updates
...
Backport cache updates
2018-10-25 17:57:09 -05:00
a43edc4fbf
Land #10864 , Add Cisco WebEx RCE Modules
2018-10-25 12:33:06 -07:00
f0096227e7
Land #10505 , post-auth and default creds info
2018-10-24 17:09:28 -05:00
a0af98b4e2
Land #10832 , TARGETURI for tomcat_utf8_traversal
2018-10-19 13:49:08 -07:00
ccde27756e
Land #10789 , typo fix
2018-10-10 15:20:13 -07:00
b42af6cd96
Land #10728 , metadata updates for @rastating
2018-10-02 11:46:30 -07:00
1ee8734717
Land #10570 , AKA Metadata Refactor
2018-09-17 20:31:07 -07:00
2ee6a49a27
Land #10649 , https://seclists.org references
2018-09-17 15:09:39 -07:00
cca98bce25
Land #8914 , refactor auxiliary/admin/http credential storage
2018-08-24 11:20:26 -07:00
465dceb182
Land #10299 , Add 88 CVEs to various auxiliary and exploit modules
2018-07-12 16:28:05 -07:00
4284ffe8a4
Land #10276 , Update missing CVE references for auxiliary modules
2018-07-12 11:23:09 -05:00
165fb9dc79
Land #10109 , Teradata login scanner and SQL runner
2018-06-27 13:39:02 -07:00
196b302897
Land #10084 , Mark all versions of telpho10 as vulnerable
2018-05-23 13:38:39 -07:00
78f546ce81
Land #9986 , initial ruby_smb simple client integration
2018-05-09 17:48:52 -07:00
635f483b42
Land #9881 , cleanup psexec code
2018-05-01 14:51:20 -07:00
0949bedf67
Land #9628 , Add GitStack v2.3.10 Unauth REST API Aux Module
...
Land #9628
2018-04-23 11:21:11 -07:00
9d5ab1dedf
Land #9726 , add simple Rex::Tar wrapper for consistency with other archive types
2018-04-03 09:13:56 -05:00
ef7b77ed01
Land #9529 , Add module for HP iLO CVE-2017-12542 authentication bypass
2018-03-17 20:33:05 -07:00
715279311a
Land #8422 , Typo3 News Module Sql Injection exploit
2018-03-15 09:21:14 -07:00
004e228a52
Land #9509 , Ulterius Server < v1.9.5.0 Directory Traversal
...
Land #9509
2018-02-16 15:34:47 -08:00
6c350be24e
Land #9473 , new MS17-010 aux and exploit modules
2018-02-02 11:32:40 -06:00
7f3df74134
fixup! Adding Module for Postfixadmin CVE-2017-5930
...
Add error handling if request fails
Fix a typo in doc, add default value to doc
2017-12-30 13:04:23 +01:00
289e887895
Adding Module for Postfixadmin CVE-2017-5930
...
This exploit allows domain admins to delete protected aliases.
It can be used to redirect aliases like abuse@domain and can aid in
further attacks.
2017-12-29 17:13:59 +01:00
038119d9df
Use of get_cookies_parsed, changing dirs, marking deprecated in 2 mods, more
2017-12-23 00:14:27 +05:30
e93282b71d
Drop calls to vprint_*
2017-12-19 16:53:02 -06:00
2dc2ac134e
Don't default verbose
2017-12-19 16:48:41 -06:00
85350a9645
Add Rapid7 blog references
2017-12-18 17:11:47 -06:00
ae4edd65e1
Hard wrap descriptions
2017-12-18 17:03:13 -06:00
27a324237b
Initial commit for Cambium issues from @juushya
...
Note, these will trigger a bunch of WARNING msftidy messages for setting
cookies directly. This is on purpose.
2017-12-18 16:32:55 -06:00
2f6da89674
Change author name to nick.
2017-11-09 03:00:24 +11:00
b0dc44fb86
Land #8909 , Avoid saving some invalid creds
2017-09-05 12:43:03 -05:00
2bbba9c500
Avoid some ActiveRecord validation errors.
...
Per discussion with @bcoles in [PR 8759](https://github.com/rapid7/metasploit-framework/pull/8759#issuecomment-325028479 ), setting a login data's last_attempted_at value while also setting the status to UNTRIED will cause a validation error when there's a running+connected MSF DB.
This PR removes the handful of existing cases we're doing this (thx, @bcoles!).
2017-08-30 15:31:36 -05:00
32a4436ecd
first round of spelling/grammar fixes
2017-08-24 21:38:44 -04:00
e642789674
Look for sp_execute_external_script in mssql_enum
...
sp_execute_external_script can be used to execute code in MSSQL.
MSSQL 2016+ can be configured to execute R code. MSSQL 2017 can
be configured to execute Python code.
Documentation:
https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-execute-external-script-transact-sql
https://docs.microsoft.com/en-us/sql/advanced-analytics/tutorials/rtsql-using-r-code-in-transact-sql-quickstart
Interesting uses of sp_execute_external_script:
R - https://pastebin.com/zBDnzELT
Python - https://gist.github.com/james-otten/63389189ee73376268c5eb676946ada5
2017-08-16 21:40:03 -05:00
8989d6dff2
Modified Accuvant bog posts to the new Optive urls
2017-08-02 13:25:17 +10:00
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
524373bb48
OCD - Removed un-needed full stop
2017-07-21 07:41:51 -07:00
772bec23a1
Fix various typos
2017-07-21 07:40:08 -07:00
3f6925196b
OCD - store_loot & print_good
2017-07-19 13:02:49 +01:00
ef826b3f2c
OCD - print_good & print_error
2017-07-19 12:48:52 +01:00
df9b642746
More print_status -> print_good
2017-07-19 11:39:15 +01:00
b8d80d87f1
Remove last newline after class - Make @wvu-r7 happy
2017-07-19 11:19:49 +01:00
a008f8e795
BruteForce - > Brute Force
2017-07-19 10:39:58 +01:00
Wei Chen
William Vu
Brent Cook
Brendan Coles
Jacob Robles
Adam Cammack
Jeffrey Martin
Jan-Frederik Rieckers
juushya
Tod Beardsley
Patrick Webster
Pearce Barry
h00die
james
TC Johnson
Brent Cook
g0tmi1k