d34579f1f0
Land #7203 , Fix struts_default_action_mapper payload request delay
2016-08-12 23:00:44 -05:00
1733d3e1f1
remove obsolete tested-on comment
2016-08-12 17:26:43 -05:00
1e7663c704
Land #7200 , Rex::Ui::Text cleanup
2016-08-12 16:22:55 -05:00
f4e4a5dcf3
Fix struts_default_action_mapper payload request delay
...
MS-1609
2016-08-12 15:29:00 -05:00
0fd833676e
remove unnedded codepage.map
...
this file got mvoed to rex-text earlier
2016-08-12 13:41:31 -05:00
4e678e4ce6
fix help table
...
there was a bad class refernece here that
needed to be cleaned up
MS-1875
2016-08-12 13:33:41 -05:00
1384c0480d
update rex-text to fix a bug
2016-08-12 13:15:47 -05:00
a6ba386728
Bump version of framework to 4.12.21
2016-08-12 10:02:36 -07:00
6a035b7e48
Land #7161 , add specs for cisco mixin to use Metasploit Credentials
2016-08-12 10:07:17 -05:00
1a7286f625
Land #7062 , Create exploit for WebNMS 5.2 RCE
2016-08-12 07:11:48 -07:00
6160ff8cb2
bump rex-text version for ipaddr fix
...
rex-text version of table had a slight issue
with sorting IPAddr objects, 0.2.0 fixes this issue
MS-1875
2016-08-11 11:24:44 -05:00
6386d9daca
Land #7178 , Add a method to check the Powershell version
2016-08-11 11:02:41 -05:00
e08c4a8bef
Remove .Net check
...
cmd_exec doesn't seem to be the best way to go because there is
some issue grabbing the output sometimes.
2016-08-11 10:49:06 -05:00
42d6c9443d
remove unused ProgressTracker class
...
not sure if this was ever used, but it is certainly not being used
by anything now, so let's remove it
MS-1875
2016-08-11 10:35:10 -05:00
8489485cfd
move Rex::Ui::Text::Color out to rex::text gem
...
moved the text ansi color library out to the rex-text gem
MS-1875
2016-08-11 10:28:09 -05:00
ea0ebf2e3b
Land #7194 , Add MS16-095 IE Iframe Sandbox File Name Disclosure Vuln
2016-08-10 18:26:14 -05:00
c2c05a820a
Force uripath and srvport options
2016-08-10 18:25:45 -05:00
e56e801c12
Update ie_sandbox_findfiles.rb
2016-08-10 18:09:58 -05:00
d57e4d6349
Bump version of framework to 4.12.20
2016-08-10 15:30:37 -07:00
09ad342b67
Merge branch 'master' into feature/MS-1875/rex-table
2016-08-10 15:58:27 -05:00
3fc46451d5
Land #7199 , bcook's pr for is_system fix
...
fixes issue that caused is_system to crash meterp
2016-08-10 15:42:08 -05:00
3851db7bcb
Use powershell when possible
2016-08-10 15:14:11 -05:00
1cb01ee876
remove architecture fidling from platform string for now
2016-08-10 14:46:48 -05:00
eb73a6914d
replace old rex::ui::text::table refs
...
everywhere we called the class we have now rewritten it
to use the new namespace
MS-1875
2016-08-10 13:30:09 -05:00
3f530f1896
remove rex::ui::text:table
...
remove the class from msf, and update the rex-text
gem to pull the code in under the new version at Rex::Text::Table
modify all requires appropriately
MS-1875
2016-08-10 13:24:25 -05:00
b027176799
Land #7156 , use windows_error gem for constants
2016-08-10 11:47:37 -05:00
280216d74d
Bump version of framework to 4.12.19
2016-08-09 14:49:58 -07:00
87b27951cf
Fixed some build errors
2016-08-09 20:46:49 +02:00
79a84fb320
Internet Explorer iframe sandbox local file name disclosure vulnerability
...
It was found that Internet Explorer allows the disclosure of local file
names. This issue exists due to the fact that Internet Explorer behaves
different for file:// URLs pointing to existing and non-existent files.
When used in combination with HTML5 sandbox iframes it is possible to
use this behavior to find out if a local file exists. This technique
only works on Internet Explorer 10 & 11 since these support the HTML5
sandbox. Also it is not possible to do this from a regular website as
file:// URLs are blocked all together. The attack must be performed
locally (works with Internet zone Mark of the Web) or from a share.
2016-08-09 20:35:42 +02:00
a848d3948c
Merge remote-tracking branch 'rapid7/master'
2016-08-09 12:27:22 +02:00
de16a6d536
Land #7182 , Nuuo / Netgear Surveillance admin password reset module
2016-08-08 16:10:30 -05:00
c64e1b8fe6
Land #7181 , NUUO NVRmini 2 / Crystal / NETGEAR ReadyNAS Surveillance
2016-08-08 16:04:33 -05:00
cb04ff48bc
Land #7180 , Add exploit for CVE 2016-5674 / Nuuo / Netgear unauth RCE
2016-08-08 15:55:39 -05:00
8654baf3dd
Land #6880 , add a module for netcore/netdis udp 53413 backdoor
2016-08-08 15:43:34 -05:00
89417304b0
Fix format for netcore_udp_53413_backdoor.md
2016-08-08 15:42:46 -05:00
f98efb1345
Fix typos
2016-08-08 15:41:03 -05:00
9750c43c4b
Merge remote-tracking branch 'rapid7/master'
2016-08-08 20:40:28 +02:00
7ca7682d17
Fix whitespace error from msftidy
2016-08-08 17:57:03 +01:00
3d1289dac3
Land #7185 , Add VMware Host Guest Client Redirector DLL Hijack Exploit
2016-08-08 11:41:40 -05:00
51c457dfb3
Update vmhgfs_webdav_dll_sideload
2016-08-08 11:40:03 -05:00
ae59c4ae74
Land #6687 , Fix meterpreter platform to include OS in the tuple for all meterpreters
2016-08-07 05:00:24 -05:00
3b64b891a6
Update nuuo_nvrmini_unauth_rce.rb
2016-08-05 21:53:25 +01:00
746ba4d76c
Add bugtraq reference
2016-08-05 21:53:08 +01:00
106f26587e
Add bugtraq reference
2016-08-05 21:52:46 +01:00
009089ead7
Land #7183 , Fix #7170 Add HttpTrace option for HttpClient
2016-08-05 22:36:28 +02:00
b888ff59ea
Land #7187 , add Samsung Security Manager 1.5 ActiveMQ Broker exploit
2016-08-05 15:27:28 -05:00
230903562f
Add Samsung Security Manager 1.5 ActiveMQ Broker exploit
2016-08-05 15:19:22 -05:00
4055fd1930
Do e.message instead of e.to_s
2016-08-05 14:12:50 -05:00
dae1679245
Fixed build warnings
2016-08-05 20:40:41 +02:00
02e065dae6
Fixed disclosure date format
2016-08-05 20:32:58 +02:00
Brent Cook
Pearce Barry
wchen-r7
David Maloney
Metasploit
Brendan
dmohanty-r7
Yorick Koster
Yorick Koster
Pedro Ribeiro
Christian Mehlmauer
Steven Seeley