Commit Graph

21710 Commits (d670b7c972ebb573260ee15d9c2c1b5822e1f063)

Author SHA1 Message Date
William Vu d670b7c972
Land #2674, Ruby 1.9.3-p484 (CVE-2013-4164) 2013-11-22 13:21:32 -06:00
Tod Beardsley b69a67251f
Revert CVE-2013-4164 test
This reverts commit 7688211009.
2013-11-22 12:26:51 -06:00
Tod Beardsley 994d4e94c6 Revert "Force Travis to Ruby 1.9.3-p484"
This reverts commit 25b0c86855.
2013-11-22 12:26:05 -06:00
Tod Beardsley 25b0c86855
Force Travis to Ruby 1.9.3-p484 2013-11-22 12:21:29 -06:00
Tod Beardsley 7688211009
Add a test for CVE-2013-4164. Will crash old Ruby!
If you are not on a recent version of Ruby, you will segfault.
2013-11-22 12:14:51 -06:00
Tod Beardsley fd009f1e46
Update default ruby to 1.9.3-p484 (CVE-2013-4164)
See
https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released/
2013-11-22 11:20:21 -06:00
William Vu bcf0954fd8
Land #2672, multi_console_command default usage 2013-11-22 02:55:07 -06:00
William Vu 3c9d33eb3b
Land #2671, desktopcentral_file_upload name change 2013-11-22 02:51:55 -06:00
OJ 19ea29c6e7 Add usage when -rc -cl or -h are not passed
While testing stuff earlier today I had to use this script and I made the
mistake of not passing in the -rc flag to the script. I was confused for ages!

This change prints the usage message in the case where you don't pass proper
parameters to the script.
2013-11-22 12:47:04 +10:00
jvazquez-r7 885fedcc3b Fix target name 2013-11-21 17:42:31 -06:00
sinn3r 22c7703e8b
Land #2658 - Make OGNL expressions compatible with struts 2.0.11.2 2013-11-21 15:30:42 -06:00
William Vu 13f8a690a9
Land #2669, msftidy Ruby payload std{out,err} fix 2013-11-21 13:16:28 -06:00
jvazquez-r7 851cf6f0d1
Land #2650, @pnegry's exploit for DesktopCentral 8 2013-11-21 09:30:17 -06:00
jvazquez-r7 77aa665385 Add Privileged flag 2013-11-21 09:28:28 -06:00
jvazquez-r7 2ab3ab8b66 Delete empty Payload metadata section 2013-11-21 09:27:25 -06:00
jvazquez-r7 6bd3c4c887 Fix target name 2013-11-21 09:07:25 -06:00
jvazquez-r7 4c2ad4ca9a Fix metadata 2013-11-21 09:06:47 -06:00
jvazquez-r7 8e4c5dbb5e improve upload_file response check 2013-11-21 09:02:11 -06:00
jvazquez-r7 8fdfeb73db Fix use of FileDropper and improve check method 2013-11-21 09:01:41 -06:00
jvazquez-r7 4abf01c64c Clean indentation 2013-11-21 08:32:54 -06:00
Tod Beardsley 63d1a78cd2
Remove capturing parens and debug hexes. 2013-11-20 17:53:25 -06:00
Tod Beardsley 637ce058f5
Write a nonstupid regex (2-pass test) 2013-11-20 17:47:19 -06:00
Tod Beardsley 0ec9881a22
Fix stdout/stderr check to avoid ruby payloads
[SeeRM #8498]

This knocks out all the non-datastore editing ERROR messages, so we've
got that going for us. Which is nice.
2013-11-20 17:39:35 -06:00
Tod Beardsley 3926617972
Land #2664, clear EOL spaces
[SeeRM #8498]
2013-11-20 17:27:06 -06:00
Tod Beardsley e88da09894
Land #2660, DLL/service creation for x64 2013-11-20 17:25:16 -06:00
joev eea811b71a
Merge branch 'landing-2601-mipsle-encoders' into upstream-master 2013-11-20 17:14:45 -06:00
Tod Beardsley 5ef6c5bb44
Land #2668, avoid tidying nonfiles. 2013-11-20 16:57:57 -06:00
William Vu b75f5a8f45 Avoid crashing when msftidy'ing missing files 2013-11-20 16:36:07 -06:00
Tod Beardsley c7bf642972
Land #2665, shebang fix for msftidy. 2013-11-20 15:47:57 -06:00
William Vu 6c7a98ef47 Be more exact about shebang checking 2013-11-20 15:26:35 -06:00
Tod Beardsley 678a16b5ef
Land #2662, resplat. 2013-11-20 15:10:31 -06:00
William Vu 9f45121b23 Remove EOL spaces 2013-11-20 15:08:13 -06:00
William Vu e8eb983ae1 Resplat shell_bind_tcp_random_port 2013-11-20 14:48:53 -06:00
Meatballs 135dad1f4e
Fix dll/service creation 2013-11-20 20:10:47 +00:00
jvazquez-r7 cec4166766 Fix description 2013-11-20 12:49:22 -06:00
jvazquez-r7 18e69bee8c Make OGNL expressions compatible with struts 2.0.11.2 2013-11-20 12:42:10 -06:00
jvazquez-r7 110e78a1ad
Land #2507, @todb-r7's fix to allow DCERPC misin to use RPORT 2013-11-20 10:21:32 -06:00
Thomas Hibbert 4cc20f163b Update References field to be compliant. 2013-11-20 13:01:21 +13:00
Thomas Hibbert 07c76fd3e6 Module cleaned for msftidy compliance. 2013-11-20 11:33:14 +13:00
jvazquez-r7 647c867c2d
Land #1681, @sempervictus Rex::Text::Ui::Table [] method 2013-11-19 16:30:09 -06:00
jvazquez-r7 e1eddc84aa Check for inexistent column names 2013-11-19 16:02:52 -06:00
Tod Beardsley d7b022de5a
Land #2598, offline updates and msfupdate refactor 2013-11-19 15:58:29 -06:00
jvazquez-r7 162d433014 Use snake_case for variables 2013-11-19 15:46:11 -06:00
jvazquez-r7 6a13a0eee6 fix indentation 2013-11-19 15:42:12 -06:00
sinn3r a9de5e2846
Land #2634 - Opt browser autopwn load list 2013-11-19 15:10:29 -06:00
Tod Beardsley 13ad48fd78
Land #2654 which fixes rpsec for #2093 2013-11-19 14:17:57 -06:00
jvazquez-r7 a79e137a7a Fix db_spec 2013-11-19 14:07:41 -06:00
jvazquez-r7 7435d74c59
Land #2093, @sempervictus MaxChar for Rex::Ui::Text::Table cols 2013-11-19 13:34:45 -06:00
Tod Beardsley ac1fb2d1da
Just use a straight RPORT, don't sneak 593.
Incidentally, the endmap scanner doesn't appear to work at all for
http-rpc-epmap, so no harm done anyway (tested against Windows 2008
server).

It looks like a bigger change than it realy is, thanks to the indentaton
changes by removing the itertor. Diff this without whitespace changes to
get a better idea of what's actually different.
2013-11-19 13:29:02 -06:00
jvazquez-r7 34dccaaa1f Clean use of -c on creds command 2013-11-19 13:26:14 -06:00