Tod Beardsley
f189033e8a
OWA bruteforce shouldnt edit datastore (@wchen-r7)
...
This module was written in an era where the defaults for bruteforcing
included a lot of lock-inducing behavior, thus, it was quite serious
about setting datastore options directly. Also, there was apparently a
bug in USER_AS_PASS that this module attempted to avoid by setting the
datastore directly, rather than fixing the bug directly. As far as I
know, this bug has been long since resolved.
2014-05-23 15:08:19 -05:00
William Vu
dc7ec450da
Land #3384 , AIX ibstat exploit interface detection
2014-05-22 16:25:06 -05:00
mercd
28459299b2
Update ibstat_path.rb
...
Add interface detection, defaulting to en0.
2014-05-22 14:16:04 -07:00
sinn3r
1dbe972377
Fix URIPATH / for BrowserExploitServer
...
[SeeRM #8804 ] Fix URIPATH / for BrowserExploitServer
2014-05-22 12:18:49 -05:00
William Vu
ebd70cbd8f
Land #3382 , references for IBM Sametime modules
2014-05-22 12:12:18 -05:00
William Vu
d31908b72e
Land #3374 , RPC deadlock fix
...
[FixRM #8794 ]
2014-05-22 12:07:23 -05:00
Tod Beardsley
fa353e6bd9
Add CVE, IBM ref for SameTime modules
2014-05-22 11:34:04 -05:00
Tod Beardsley
d9fbf861d2
Add an environment option to suppress info msgs
...
It's often you want counts of just WARN and ERROR messages, and don't
want to spam yourself with INFO messages that you don't intend to
address anyway. This is most often the case with CI, such as with
https://travis-ci.org/todb-r7/metasploit-framework
2014-05-21 16:20:57 -05:00
Tod Beardsley
765419627b
Demote datastore edits to info status
...
SeeRM #8498
2014-05-21 16:18:36 -05:00
Spencer McIntyre
e3630278ce
Land #3379 , [FixRM #8803 ] - Improve fb_cnct_group check
2014-05-21 11:39:10 -04:00
jvazquez-r7
b9464e626e
Delete unnecessary line
2014-05-21 10:18:03 -05:00
sinn3r
a22c089aa0
Land #3378 - Add Reference for katello_satellite_priv_esc
2014-05-21 01:30:59 -05:00
jvazquez-r7
af415c941b
[SeeRM #8803 ] Avoid false positives when checking fb_cnct_group
2014-05-20 18:44:28 -05:00
jvazquez-r7
8a9c005f13
Add URL
2014-05-20 17:43:07 -05:00
jvazquez-r7
727054df0b
Land #3375 , @bugch3ck's support for Safari
2014-05-20 16:38:55 -05:00
Jonas Vestberg
7cabfacfa3
Test adobe_flash_pixel_bender_bof on Safari 5.1.7
...
Added browser-requirement for Safari after successful test using Safari 5.1.7 with Adobe Flash Player 13.0.0.182 running on Windows 7 SP1.
2014-05-20 01:43:19 +02:00
Meatballs
52b182d212
Add a small note to bypassuac_injection concerning EXE::Custom
2014-05-19 22:00:35 +01:00
Meatballs
b84379ab3b
Note about EXE::Custom
2014-05-19 22:00:09 +01:00
Meatballs
eeae071468
Land #3363 , Workstation Length Auth Bug
2014-05-19 21:46:57 +01:00
Karmanovskii
e26dee5e22
Update mybb_get_type_db.rb
...
19/05/2014
I deleted - #return Exploit::CheckCode::Unknown # necessary ????
2014-05-19 21:32:30 +04:00
William Vu
a30d6b1f2d
Quick cleanup for sap_icm_urlscan
2014-05-19 09:21:26 -05:00
William Vu
dc0e649a10
Clean up case statement
2014-05-19 09:21:07 -05:00
William Vu
bc64e47698
Land #3370 , cleanup for sap_icm_urlscan
2014-05-19 09:16:18 -05:00
William Vu
8235556cec
Land #3372 , release fixes
2014-05-19 09:10:38 -05:00
Tod Beardsley
0ef2e07012
Minor desc and status updates, cosmetic
2014-05-19 08:59:54 -05:00
Tod Beardsley
1ef16fb722
Land #3367 , new wordlists from unhash
...
Thanks @tkisason!
2014-05-19 08:44:54 -05:00
Meatballs
848227e18a
401 should be a valid url
2014-05-19 10:59:38 +01:00
Meatballs
5d96f54410
Be verbose about 307
2014-05-19 10:52:06 +01:00
Meatballs
88b7dc3def
re-add content length
2014-05-19 10:46:47 +01:00
Meatballs
e59f104195
Use unless
2014-05-19 10:41:01 +01:00
sinn3r
bf52c0b888
Land #3364 - Symantec Workspace Streaming Arbitrary File Upload
2014-05-19 00:25:33 -05:00
jvazquez-r7
2fb0dbb7f8
Delete debug print_status
2014-05-18 23:34:04 -05:00
jvazquez-r7
d35ba208ed
Land #3369 @bugch3ck's support for plugin flash exploitation on adobe_flash_pixel_bender
2014-05-18 23:25:08 -05:00
jvazquez-r7
975cdcb537
Allow exploitation also on FF
2014-05-18 23:24:01 -05:00
Jonas Vestberg
033757812d
Updates to adobe_flash_pixel_bender_bof:
...
1. Added embed-element to work with IE11 (and Firefox). Removed browser-requirements for ActiveX (clsid and method).
2. Added Cache-Control header on SWF-download to avoid AV-detection (no disk caching = no antivirus-analysis :).
Testing performed:
Successfully tested with Adobe Flash Player 13.0.0.182 with IE9, IE10 and IE11 running on Windows 7SP1. (Exploit will trigger on FF29, although sandboxed.)
2014-05-18 22:43:51 +02:00
Tonimir Kisasondi
9b29c572a7
Comments dont work with auth_brute.rb
2014-05-18 21:14:17 +02:00
Tonimir Kisasondi
c9bb2d5165
Added headers to files
2014-05-18 20:55:50 +02:00
Tonimir Kisasondi
97b63d708c
Corrected naming to be in line with msf convention
2014-05-18 18:18:23 +02:00
Tonimir Kisasondi
7d79f8a4c2
Removed wrongly named list.
2014-05-18 18:15:17 +02:00
Tonimir Kisasondi
d7bf66973c
Fixed userpass delimiters.
2014-05-18 18:13:03 +02:00
Tonimir Kisasondi
6ec926b573
Added separate users/pass/userpass dictionaries
2014-05-18 10:18:07 +02:00
William Vu
a97d9ed54f
Land #3148 , check_urlprefixes for sap_icm_urlscan
2014-05-17 16:10:52 -05:00
sappirate
dd1a47f31f
Modified sap_icm_urlscan to check for authentication of custom URLs
...
Fixed ruby coding style
2014-05-17 22:47:49 +02:00
Karmanovskii
06912ac2b6
Update mybb_get_type_db.rb
...
1.Changed "Rex::Proto::Http::Client" to "Msf::Exploit::Remote::HttpClient"
2.changed the name of the variable "_Version_server".
2014-05-17 16:30:29 +04:00
JoseMi
21cf0a162c
Added module to crash capwap dissector in wireshark tool
2014-05-17 11:31:43 +01:00
JoseMi
74b491e715
Delete wireshark_capwap_dos module
2014-05-17 11:25:38 +01:00
Tonimir Kisasondi
af82ae262c
Added a large default password list for services.
2014-05-16 23:27:18 +02:00
James Lee
d2ebab09aa
Add timeout for SSL renegotiation after migrating
...
[SeeRM #8794 ]
2014-05-16 15:42:46 -05:00
Christian Mehlmauer
488c3e6b93
Land #3358 , @jvazquez-r7 Advantech WebAccess 7.1 SQLI module
2014-05-16 21:26:41 +02:00
jvazquez-r7
2012d41b3d
Add origin of the user, and mark web users
2014-05-16 13:51:42 -05:00