Commit Graph

30257 Commits (da0fce1ea8177a4f69b68b1e33591962ffe4d94d)

Author SHA1 Message Date
sgabe da0fce1ea8 Add module for CVE-2014-2206 2015-01-14 22:04:30 +01:00
Jon Hart ac4eb3bb90
Land #4578, @dlanner's fix for rails_secret_deserialization 2015-01-13 09:37:28 -08:00
David Lanner c5cfc11d84 fix cookie regex by removing a space 2015-01-12 23:13:18 -05:00
sinn3r 7876401419
Land #4476 - Lexmark MarkVision Enterprise Arbitrary File Upload 2015-01-12 10:44:23 -06:00
Jon Hart c8f5026fd2
Land #4565, @FireFart's improvement to the msftidy check for bad msf URLs 2015-01-10 11:10:37 -08:00
jvazquez-r7 49f04faf3f
Land #4065, @fozavci's Cisco CUCDM auxiliary modules 2015-01-10 01:11:45 -06:00
jvazquez-r7 05d364180b Beautify descriptions 2015-01-10 01:10:08 -06:00
jvazquez-r7 a2d479a894 Refactor run method 2015-01-10 01:06:56 -06:00
jvazquez-r7 cf9d7d583e Do first code cleanup 2015-01-10 00:51:31 -06:00
jvazquez-r7 000d7dd1eb Minor beautification 2015-01-10 00:32:10 -06:00
jvazquez-r7 1d0e9a2dca Use snake_case filename 2015-01-10 00:29:28 -06:00
jvazquez-r7 070e833d46 Use snake_case filename 2015-01-10 00:28:01 -06:00
jvazquez-r7 59d602f37d Refactor cisco_cucdm_callforward 2015-01-10 00:27:31 -06:00
jvazquez-r7 511a7f8cca send_request_cgi already URI encodes 2015-01-10 00:06:26 -06:00
jvazquez-r7 5d8167dca6 Beautify description 2015-01-10 00:02:42 -06:00
jvazquez-r7 9fb4cfb442 Do First callforward cleanup 2015-01-10 00:00:27 -06:00
jvazquez-r7 f7af0d9cf0
Test landing #4065 into up to date branch 2015-01-09 23:40:16 -06:00
jvazquez-r7 bedbffa377
Land #3700, @ringt fix for oracle_login
* Avoid retrying logins when connection cannot be stablished
2015-01-09 22:59:32 -06:00
jvazquez-r7 38c36b49fb Report when nothing is rescued 2015-01-09 22:58:19 -06:00
Brent Cook 6d2bc23a7f
Land #4567 - OJ kills metcli.exe 2015-01-09 17:27:55 -06:00
OJ dfdf99c8f4 Remove metcli
The metcli.exe binary doesn't get used any more and the source was removed
from Meterpreter ages ago. No point in having it in the repo any more.
2015-01-10 09:21:44 +10:00
OJ 09d91c9a0c
Land #4564 - Update to latest meterpreter bins 2015-01-10 09:11:08 +10:00
Brent Cook ce87b126c1 Update to the latest meterpreter_bins
This removes checked-in sniffer extension in favor of the gem-packaged version.
It also pulls in the changes for verifying #4411
2015-01-09 16:57:10 -06:00
Christian Mehlmauer 56c1f74d70
modify msftidy regex 2015-01-09 22:07:21 +01:00
Christian Mehlmauer d4d1a53533
fix invalid url 2015-01-09 21:57:52 +01:00
Christian Mehlmauer fd2307680d
Land #4550, wp-symposium file upload 2015-01-09 21:55:02 +01:00
jvazquez-r7 3d20ea822e
Land #2156, @veritysr exploit for MySQL FILE privilege abuse on Windows
* By uploading payload to All Users startup folder
2015-01-09 12:22:09 -06:00
jvazquez-r7 d65ed54e0c Check STARTUP_FOLDER option 2015-01-09 12:21:01 -06:00
jvazquez-r7 2c633e403e Do code cleanup 2015-01-09 12:07:59 -06:00
jvazquez-r7 d52e9d4e21 Fix metadata again 2015-01-09 11:20:00 -06:00
jvazquez-r7 9dbf163fe7 Do minor style fixes 2015-01-09 11:17:16 -06:00
jvazquez-r7 8f09e0c20c Fix metadata by copying the mysql_mof data 2015-01-09 11:15:32 -06:00
jvazquez-r7 da6496fee1
Test landing #2156 into up to date branch 2015-01-09 11:04:47 -06:00
Jon Hart d8743ea32b
Land #4539, @Meatballs1's creds cmd now supports type filters, -R for search 2015-01-08 18:48:27 -08:00
Jon Hart 7c4b86ca4c
If an unsupported cred type is given to -t, show what is valid 2015-01-08 18:42:25 -08:00
Jon Hart e4547eb474
Land #4537, @wchen-r7's fix for #4098 2015-01-08 17:57:16 -08:00
Jon Hart f13e56aef8
Handle bracketed and unbracketed results, add more useful logging 2015-01-08 17:51:31 -08:00
Jon Hart 14db112c32 Add logging to show executed Java and result 2015-01-08 16:53:12 -08:00
Jon Hart e4cdac1440
Land #4559, @FireFart's fix for wordpress version detection (from wpscan) 2015-01-08 15:19:29 -08:00
Jon Hart 75726f1e74
Update spec to cover #4559 2015-01-08 15:15:01 -08:00
Brent Cook fb5170e8b3
Land #2766, Meatballs1's refactoring of ExtAPI services
- Many code duplications are eliminated from modules in favor of shared
   implementations in the framework.
 - Paths are properly quoted in shell operations and duplicate operations are
   squashed.
 - Various subtle bugs in error handling are fixed.
 - Error handling is simpler.
 - Windows services API is revised and modules are updated to use it.
 - various API docs added
 - railgun API constants are organized and readable now.
2015-01-08 16:54:01 -06:00
Jon Hart ed74271c26
Land #4548, @dmaloney-r7's fix to allow loginscanners to work w/o a DB 2015-01-08 14:50:08 -08:00
Christian Mehlmauer 14b1d8dc5f
no space required 2015-01-08 23:43:06 +01:00
Jon Hart 98cee8249d
Move non-active DB messages to warning and clarify/simplify 2015-01-08 14:40:47 -08:00
Christian Mehlmauer f7eb9a6cf8
update wordpress version detection regex 2015-01-08 23:36:59 +01:00
Brent Cook e447a17795 bump deprecated date 2015-01-08 16:20:06 -06:00
sinn3r 50ecfbf64c
Land #4553 - Update bypass UAC to work on 7, 8, 8.1, and 2012 2015-01-08 16:19:55 -06:00
Brent Cook 05279ef02a consistently use double-quoted paths
allow for variable expansion if needed
2015-01-08 16:10:28 -06:00
rastating 82e6183136 Add Msf::Exploit::FileDropper mixin 2015-01-08 21:07:00 +00:00
rastating 93dc90d9d3 Tidied up some code with existing mixins 2015-01-08 20:53:56 +00:00