Commit Graph

22412 Commits (d9fb03fcbca7a5871bda4d78e971f246d114dd4f)

Author SHA1 Message Date
jvazquez-r7 0eac17083a Clean cfme_manageiq_evm_pass_reset 2013-12-18 16:16:32 -06:00
Mekanismen 7173e1e2f3 Merge pull request #2 from jvazquez-r7/review_2774
Clean zimbra_lfi
2013-12-18 13:57:22 -08:00
Tod Beardsley 718111429b
Convert gendocs.sh to use rake yard 2013-12-18 15:53:09 -06:00
SeawolfRN 60b5771476 Merge pull request #1 from wchen-r7/poison_ivy_ports_check
Add an input check for datastore option PORTS
2013-12-18 13:48:08 -08:00
jvazquez-r7 d4ec858051 Clean zimbra_lfi 2013-12-18 15:46:37 -06:00
sinn3r 8dfa2e6963
Land #2734 - OSX Gather Autologin Password as Root 2013-12-18 15:37:45 -06:00
sinn3r 5011c4d928 The "unless" Ruby nazi is in town 2013-12-18 15:28:31 -06:00
sinn3r 5ec3d5f3f6 Raise specific exceptions 2013-12-18 15:27:49 -06:00
sinn3r 4bddd077ec
Land #2762 - Use new ntdll railgun functions 2013-12-18 15:18:47 -06:00
sinn3r ee87f357b0 Raise Msf::OptionValidateError when the PORTS option is invalid
Instead of print_error for invalid ports, modules should be raising
Msf::OptionValidateError to warn the user about the invalid input.
2013-12-18 15:04:53 -06:00
sinn3r 4028dcede7 Add an input check for datastore option PORTS
If Rex::Socket.portspec_crack returns an empty array, we assume
there are no valid ports to test, so we raise an OptionValidateError
to warn the user about it.
2013-12-18 14:55:51 -06:00
Joe Vennix 9ff82b5422 Move datastore options to mixin. 2013-12-18 14:52:41 -06:00
Joe Vennix 64273fe41d Move addon datastore options into mixin. 2013-12-18 14:42:01 -06:00
Joe Vennix ca2de73879 It helps to actually commit the exploit. 2013-12-18 14:31:42 -06:00
Joe Vennix 1235615f5f Add firefox 15 chrome privilege exploit.
* Moves the logic for generating a firefox addon into its own mixin
* Updates the firefox_xpi_bootstrapped_addon module to use the mixin
* Module only works if you move your mouse 1px in any direction.
2013-12-18 14:30:35 -06:00
sinn3r 8af81c98c8
Land #2778 - Correct camelCase of YouTube 2013-12-18 14:24:39 -06:00
Ramon de C Valle 0f56579765 Add the Gemfile.lock file 2013-12-18 18:14:51 -02:00
Tod Beardsley c4b8178663
Correct camelCase of YouTube 2013-12-18 14:06:45 -06:00
Mekanismen 0c0e8c3a49 various updates 2013-12-18 20:54:35 +01:00
Ramon de C Valle 166e2ec224 Fix bcrypt gem name 2013-12-18 16:51:57 -02:00
Ramon de C Valle b9a9b90088 Update module to use added bcrypt gem 2013-12-18 16:15:35 -02:00
Ramon de C Valle d4a86902a6 Add the bcrypt gem
The bcrypt gem is needed for some admin modules (i.e.,
cfme_manageiq_evm_pass_reset.rb). For more information, see
https://github.com/rapid7/metasploit-framework/pull/2744.
2013-12-18 16:15:35 -02:00
Ramon de C Valle e20569181b Remove EzCrypto-related code as per review 2013-12-18 16:15:22 -02:00
jvazquez-r7 ab69454f89 Land #2745, @rcvalle's exploit for CVE-2013-2068 2013-12-18 12:06:27 -06:00
Ramon de C Valle 6487d677f9 Merge pull request #2 from jvazquez-r7/review_2745
Fix cfme_manageiq_evm_upload_exec according to chat with @rcvalle
2013-12-18 09:58:31 -08:00
jvazquez-r7 ec64382efc Fix cfme_manageiq_evm_upload_exec according to chat with @rcvalle 2013-12-18 11:53:30 -06:00
Ramon de C Valle ef081cec49 Add missing disclosure date as per review 2013-12-18 15:47:23 -02:00
Ramon de C Valle 819236c6ec Merge pull request #1 from jvazquez-r7/review_2745
Clean pull request
2013-12-18 09:38:56 -08:00
jvazquez-r7 a28ea18798 Clean pull request 2013-12-18 11:32:34 -06:00
OJ a4811bd0c3
Land #2760 2013-12-18 17:17:10 +10:00
OJ 5e4c395f86 Fix small spacing issue 2013-12-18 17:14:47 +10:00
jvazquez-r7 c34638c5e7
Land #2777, @wchen-r7's fix for safari_lastsession 2013-12-17 17:06:28 -06:00
sinn3r 10e16673a7 There must be read_file 2013-12-17 16:42:49 -06:00
sinn3r 21feae0bbc Make sure the file path is readable when it's ~/ 2013-12-17 16:38:58 -06:00
jvazquez-r7 345e1711b1
Land #2775, @wchen-r7's post module to Safari get LastSession.plist 2013-12-17 15:57:50 -06:00
jvazquez-r7 7ec96876d9 Delete unnecessary includes 2013-12-17 15:57:09 -06:00
sinn3r 374ef71c12 Favor read_file instead 2013-12-17 15:34:52 -06:00
jvazquez-r7 80eea97ccd ChrisJohnRiley fix for sap_service_discovery 2013-12-17 13:31:56 -06:00
sinn3r ea6ba2b159 Add post module to get LastSession.plist
LastSession.plist sometimes contains sensitive information such as
usernames and passwords. It'd be nice to keep this in loot.
2013-12-17 13:07:30 -06:00
Mekanismen 2de15bdc8b added module for Zimbra Collaboration Server CVE-2013-7091 2013-12-17 19:32:04 +01:00
William Vu 252909a609
Land #2448, @OJ's ReverseListenerBindPort :) 2013-12-17 11:24:09 -06:00
bmerinofe 89ffafad0e Changes to Service mixin 2013-12-17 13:10:27 +01:00
sinn3r ad2ec497c2
Land #2773 - Fix ms_ndproxy to work under a sandboxed Reader 2013-12-16 20:32:27 -06:00
jvazquez-r7 52cb43e6a8 Fix typo 2013-12-16 20:28:49 -06:00
zeknox 2eee34babf added timeout options and rescue timeout 2013-12-16 20:00:13 -06:00
zeknox fe34d0e36e fixed syntax 2013-12-16 19:26:40 -06:00
zeknox 7b8de95f6b fixed database overwriting issues 2013-12-16 19:16:12 -06:00
zeknox 07f686bb1a added ResolverArgumentError rescue statement 2013-12-16 18:46:14 -06:00
James Lee c88f2622ff
Land #2769, windows error constants 2013-12-16 18:25:42 -06:00
Meatballs 6ee1a9c6e1
Fix duplicate error 2013-12-17 00:11:37 +00:00