William Vu
d670b7c972
Land #2674 , Ruby 1.9.3-p484 (CVE-2013-4164)
2013-11-22 13:21:32 -06:00
Tod Beardsley
b69a67251f
Revert CVE-2013-4164 test
...
This reverts commit 7688211009
.
2013-11-22 12:26:51 -06:00
Tod Beardsley
994d4e94c6
Revert "Force Travis to Ruby 1.9.3-p484"
...
This reverts commit 25b0c86855
.
2013-11-22 12:26:05 -06:00
Tod Beardsley
25b0c86855
Force Travis to Ruby 1.9.3-p484
2013-11-22 12:21:29 -06:00
Tod Beardsley
7688211009
Add a test for CVE-2013-4164. Will crash old Ruby!
...
If you are not on a recent version of Ruby, you will segfault.
2013-11-22 12:14:51 -06:00
Tod Beardsley
fd009f1e46
Update default ruby to 1.9.3-p484 (CVE-2013-4164)
...
See
https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released/
2013-11-22 11:20:21 -06:00
William Vu
bcf0954fd8
Land #2672 , multi_console_command default usage
2013-11-22 02:55:07 -06:00
William Vu
3c9d33eb3b
Land #2671 , desktopcentral_file_upload name change
2013-11-22 02:51:55 -06:00
OJ
19ea29c6e7
Add usage when -rc -cl or -h are not passed
...
While testing stuff earlier today I had to use this script and I made the
mistake of not passing in the -rc flag to the script. I was confused for ages!
This change prints the usage message in the case where you don't pass proper
parameters to the script.
2013-11-22 12:47:04 +10:00
jvazquez-r7
885fedcc3b
Fix target name
2013-11-21 17:42:31 -06:00
sinn3r
22c7703e8b
Land #2658 - Make OGNL expressions compatible with struts 2.0.11.2
2013-11-21 15:30:42 -06:00
William Vu
13f8a690a9
Land #2669 , msftidy Ruby payload std{out,err} fix
2013-11-21 13:16:28 -06:00
jvazquez-r7
851cf6f0d1
Land #2650 , @pnegry's exploit for DesktopCentral 8
2013-11-21 09:30:17 -06:00
jvazquez-r7
77aa665385
Add Privileged flag
2013-11-21 09:28:28 -06:00
jvazquez-r7
2ab3ab8b66
Delete empty Payload metadata section
2013-11-21 09:27:25 -06:00
jvazquez-r7
6bd3c4c887
Fix target name
2013-11-21 09:07:25 -06:00
jvazquez-r7
4c2ad4ca9a
Fix metadata
2013-11-21 09:06:47 -06:00
jvazquez-r7
8e4c5dbb5e
improve upload_file response check
2013-11-21 09:02:11 -06:00
jvazquez-r7
8fdfeb73db
Fix use of FileDropper and improve check method
2013-11-21 09:01:41 -06:00
jvazquez-r7
4abf01c64c
Clean indentation
2013-11-21 08:32:54 -06:00
Tod Beardsley
63d1a78cd2
Remove capturing parens and debug hexes.
2013-11-20 17:53:25 -06:00
Tod Beardsley
637ce058f5
Write a nonstupid regex (2-pass test)
2013-11-20 17:47:19 -06:00
Tod Beardsley
0ec9881a22
Fix stdout/stderr check to avoid ruby payloads
...
[SeeRM #8498 ]
This knocks out all the non-datastore editing ERROR messages, so we've
got that going for us. Which is nice.
2013-11-20 17:39:35 -06:00
Tod Beardsley
3926617972
Land #2664 , clear EOL spaces
...
[SeeRM #8498 ]
2013-11-20 17:27:06 -06:00
Tod Beardsley
e88da09894
Land #2660 , DLL/service creation for x64
2013-11-20 17:25:16 -06:00
joev
eea811b71a
Merge branch 'landing-2601-mipsle-encoders' into upstream-master
2013-11-20 17:14:45 -06:00
Tod Beardsley
5ef6c5bb44
Land #2668 , avoid tidying nonfiles.
2013-11-20 16:57:57 -06:00
William Vu
b75f5a8f45
Avoid crashing when msftidy'ing missing files
2013-11-20 16:36:07 -06:00
Tod Beardsley
c7bf642972
Land #2665 , shebang fix for msftidy.
2013-11-20 15:47:57 -06:00
William Vu
6c7a98ef47
Be more exact about shebang checking
2013-11-20 15:26:35 -06:00
Tod Beardsley
678a16b5ef
Land #2662 , resplat.
2013-11-20 15:10:31 -06:00
William Vu
9f45121b23
Remove EOL spaces
2013-11-20 15:08:13 -06:00
William Vu
e8eb983ae1
Resplat shell_bind_tcp_random_port
2013-11-20 14:48:53 -06:00
Meatballs
135dad1f4e
Fix dll/service creation
2013-11-20 20:10:47 +00:00
jvazquez-r7
cec4166766
Fix description
2013-11-20 12:49:22 -06:00
jvazquez-r7
18e69bee8c
Make OGNL expressions compatible with struts 2.0.11.2
2013-11-20 12:42:10 -06:00
jvazquez-r7
110e78a1ad
Land #2507 , @todb-r7's fix to allow DCERPC misin to use RPORT
2013-11-20 10:21:32 -06:00
Thomas Hibbert
4cc20f163b
Update References field to be compliant.
2013-11-20 13:01:21 +13:00
Thomas Hibbert
07c76fd3e6
Module cleaned for msftidy compliance.
2013-11-20 11:33:14 +13:00
jvazquez-r7
647c867c2d
Land #1681 , @sempervictus Rex::Text::Ui::Table [] method
2013-11-19 16:30:09 -06:00
jvazquez-r7
e1eddc84aa
Check for inexistent column names
2013-11-19 16:02:52 -06:00
Tod Beardsley
d7b022de5a
Land #2598 , offline updates and msfupdate refactor
2013-11-19 15:58:29 -06:00
jvazquez-r7
162d433014
Use snake_case for variables
2013-11-19 15:46:11 -06:00
jvazquez-r7
6a13a0eee6
fix indentation
2013-11-19 15:42:12 -06:00
sinn3r
a9de5e2846
Land #2634 - Opt browser autopwn load list
2013-11-19 15:10:29 -06:00
Tod Beardsley
13ad48fd78
Land #2654 which fixes rpsec for #2093
2013-11-19 14:17:57 -06:00
jvazquez-r7
a79e137a7a
Fix db_spec
2013-11-19 14:07:41 -06:00
jvazquez-r7
7435d74c59
Land #2093 , @sempervictus MaxChar for Rex::Ui::Text::Table cols
2013-11-19 13:34:45 -06:00
Tod Beardsley
ac1fb2d1da
Just use a straight RPORT, don't sneak 593.
...
Incidentally, the endmap scanner doesn't appear to work at all for
http-rpc-epmap, so no harm done anyway (tested against Windows 2008
server).
It looks like a bigger change than it realy is, thanks to the indentaton
changes by removing the itertor. Diff this without whitespace changes to
get a better idea of what's actually different.
2013-11-19 13:29:02 -06:00
jvazquez-r7
34dccaaa1f
Clean use of -c on creds command
2013-11-19 13:26:14 -06:00