Commit Graph

24836 Commits (d9fd77fba75bd32fbe9bddad5ac8c313a6086727)

Author SHA1 Message Date
sinn3r a22c089aa0
Land #3378 - Add Reference for katello_satellite_priv_esc 2014-05-21 01:30:59 -05:00
jvazquez-r7 af415c941b [SeeRM #8803] Avoid false positives when checking fb_cnct_group 2014-05-20 18:44:28 -05:00
James Lee 8be35b90f4
Add some more specs for AFP login scanner 2014-05-20 17:44:41 -05:00
jvazquez-r7 8a9c005f13 Add URL 2014-05-20 17:43:07 -05:00
James Lee d061d36229 Merge branch 'staging/electro-release' into feature/MSP-9646/afp-loginscanner 2014-05-20 17:25:42 -05:00
James Lee 21de14ac3d
Initial stab at AFP login scanner 2014-05-20 17:08:12 -05:00
jvazquez-r7 727054df0b
Land #3375, @bugch3ck's support for Safari 2014-05-20 16:38:55 -05:00
Samuel Huckins 62bae8e23b Merge pull request #21 from rapid7/feature/MSP-9687/winrm-loginscanner
Specs and functional steps passing. 

MSP-9687 #land
2014-05-20 11:32:37 -05:00
David Maloney ce69f742a4
add yarddocs to origin methods
added YARD docs to the creation methods for
Credential::Origins
2014-05-20 11:16:19 -05:00
David Maloney 8a2f05b7d2 Merge branch 'staging/electro-release' into feature/MSP-9640/cred_creation 2014-05-20 10:28:33 -05:00
David Maloney 0b1d9d8cd0 Merge branch 'master' into staging/electro-release 2014-05-20 10:27:55 -05:00
David Maloney 9cdddb08d9
origin specs for realsies
final specs and fixes for the origin creation
methods
2014-05-20 10:19:03 -05:00
David Maloney b84aaaad19
specs and fixes for origin creation 2014-05-20 09:59:15 -05:00
Jonas Vestberg 7cabfacfa3 Test adobe_flash_pixel_bender_bof on Safari 5.1.7
Added browser-requirement for Safari after successful test using Safari 5.1.7 with Adobe Flash Player 13.0.0.182 running on Windows 7 SP1.
2014-05-20 01:43:19 +02:00
Meatballs 52b182d212
Add a small note to bypassuac_injection concerning EXE::Custom 2014-05-19 22:00:35 +01:00
Meatballs b84379ab3b
Note about EXE::Custom 2014-05-19 22:00:09 +01:00
Meatballs eeae071468
Land #3363, Workstation Length Auth Bug 2014-05-19 21:46:57 +01:00
David Maloney ddfa4f1ee7
some origin creation specs
started getting working specs
for the origin creation methods. feel
into the weeds for a bit, but making progress at last.
2014-05-19 15:16:02 -05:00
Karmanovskii e26dee5e22 Update mybb_get_type_db.rb
19/05/2014
I deleted      -     #return Exploit::CheckCode::Unknown  # necessary ????
2014-05-19 21:32:30 +04:00
David Maloney 9efb97d465
origin creation method
added base behaviour for creating generic
credential origin objects from report
2014-05-19 10:00:19 -05:00
William Vu a30d6b1f2d
Quick cleanup for sap_icm_urlscan 2014-05-19 09:21:26 -05:00
William Vu dc0e649a10
Clean up case statement 2014-05-19 09:21:07 -05:00
William Vu bc64e47698
Land #3370, cleanup for sap_icm_urlscan 2014-05-19 09:16:18 -05:00
William Vu 8235556cec
Land #3372, release fixes 2014-05-19 09:10:38 -05:00
Tod Beardsley 0ef2e07012
Minor desc and status updates, cosmetic 2014-05-19 08:59:54 -05:00
Tod Beardsley 1ef16fb722
Land #3367, new wordlists from unhash
Thanks @tkisason!
2014-05-19 08:44:54 -05:00
Meatballs 848227e18a
401 should be a valid url 2014-05-19 10:59:38 +01:00
Meatballs 5d96f54410
Be verbose about 307 2014-05-19 10:52:06 +01:00
Meatballs 88b7dc3def
re-add content length 2014-05-19 10:46:47 +01:00
Meatballs e59f104195
Use unless 2014-05-19 10:41:01 +01:00
sinn3r bf52c0b888
Land #3364 - Symantec Workspace Streaming Arbitrary File Upload 2014-05-19 00:25:33 -05:00
jvazquez-r7 2fb0dbb7f8 Delete debug print_status 2014-05-18 23:34:04 -05:00
jvazquez-r7 d35ba208ed
Land #3369 @bugch3ck's support for plugin flash exploitation on adobe_flash_pixel_bender 2014-05-18 23:25:08 -05:00
jvazquez-r7 975cdcb537 Allow exploitation also on FF 2014-05-18 23:24:01 -05:00
Jonas Vestberg 033757812d Updates to adobe_flash_pixel_bender_bof:
1. Added embed-element to work with IE11 (and Firefox). Removed browser-requirements for ActiveX (clsid and method).
2. Added Cache-Control header on SWF-download to avoid AV-detection (no disk caching = no antivirus-analysis :).

Testing performed:
Successfully tested with Adobe Flash Player 13.0.0.182 with IE9, IE10 and IE11 running on Windows 7SP1. (Exploit will trigger on FF29, although sandboxed.)
2014-05-18 22:43:51 +02:00
Tonimir Kisasondi 9b29c572a7 Comments dont work with auth_brute.rb 2014-05-18 21:14:17 +02:00
Tonimir Kisasondi c9bb2d5165 Added headers to files 2014-05-18 20:55:50 +02:00
Tonimir Kisasondi 97b63d708c Corrected naming to be in line with msf convention 2014-05-18 18:18:23 +02:00
Tonimir Kisasondi 7d79f8a4c2 Removed wrongly named list. 2014-05-18 18:15:17 +02:00
Tonimir Kisasondi d7bf66973c Fixed userpass delimiters. 2014-05-18 18:13:03 +02:00
Tonimir Kisasondi 6ec926b573 Added separate users/pass/userpass dictionaries 2014-05-18 10:18:07 +02:00
William Vu a97d9ed54f
Land #3148, check_urlprefixes for sap_icm_urlscan 2014-05-17 16:10:52 -05:00
sappirate dd1a47f31f Modified sap_icm_urlscan to check for authentication of custom URLs
Fixed ruby coding style
2014-05-17 22:47:49 +02:00
Karmanovskii 06912ac2b6 Update mybb_get_type_db.rb
1.Changed "Rex::Proto::Http::Client" to "Msf::Exploit::Remote::HttpClient"
2.changed the name of the variable "_Version_server".
2014-05-17 16:30:29 +04:00
JoseMi 21cf0a162c Added module to crash capwap dissector in wireshark tool 2014-05-17 11:31:43 +01:00
JoseMi 74b491e715 Delete wireshark_capwap_dos module 2014-05-17 11:25:38 +01:00
Tonimir Kisasondi af82ae262c Added a large default password list for services. 2014-05-16 23:27:18 +02:00
James Lee d2ebab09aa
Add timeout for SSL renegotiation after migrating
[SeeRM #8794]
2014-05-16 15:42:46 -05:00
Christian Mehlmauer 488c3e6b93
Land #3358, @jvazquez-r7 Advantech WebAccess 7.1 SQLI module 2014-05-16 21:26:41 +02:00
jvazquez-r7 2012d41b3d Add origin of the user, and mark web users 2014-05-16 13:51:42 -05:00