William Vu
da88e5822a
Merge remote-tracking branch 'origin/pr/3' into feature/pjl
2014-01-27 12:39:10 -06:00
jvazquez-r7
0dbaeb6742
Add Matteo's email
2014-01-27 08:40:44 -06:00
William Vu
52371be52a
Clarify why contributors are listed as authors
...
Also adding @mcantoni to the list of authors. Sorry we missed you!
Dear contributors,
Even though we weren't able to use your code, we absolutely appreciate
that you wrote it. That's why we're listing you as authors. Thanks!!!
https://dev.metasploit.com/redmine/issues/6034
https://dev.metasploit.com/redmine/issues/5217
https://dev.metasploit.com/redmine/issues/6864
2014-01-25 18:02:17 -06:00
William Vu
a67068f019
Correct author name
...
Was using the name quoted in Redmine. Technically, the author is Myo Soe
of the YGN Ethical Hacker Group (YEHG).
2014-01-23 19:09:20 -06:00
William Vu
dc4b4218b3
Make {COUNT,SIZE}_MAX more readable
...
Good suggestion, @jlee-r7.
2014-01-21 12:13:14 -06:00
William Vu
6a16cf96ba
Fix bug in fsupload
...
Badchar analysis: file may contain form feeds.
2014-01-21 11:36:24 -06:00
Tod Beardsley
82bd1fa466
Land #2898 , msftidy articles fix.
2014-01-21 09:37:56 -06:00
William Vu
3a943c719e
Implement a whitelist for suspect capitalization
2014-01-21 09:26:16 -06:00
sinn3r
7cc3c47349
Land #2891 - HP Data Protector Backup Client Service Directory Traversal
2014-01-20 20:08:01 -06:00
jvazquez-r7
4e224132e8
Land #2893 , @wchen-r7's patch for jboss_invoke_deploy
2014-01-17 22:06:11 -06:00
jvazquez-r7
e2fa581b8c
Delete empty line
2014-01-17 22:05:14 -06:00
sinn3r
57318ef009
Fix nil bug in jboss_invoke_deploy.rb
...
If there is a connection timeout, the module shouldn't access the
"code" method because that does not exist.
2014-01-17 11:47:18 -06:00
jvazquez-r7
c670259539
Fix protocol handling
2014-01-17 00:49:44 -06:00
jvazquez-r7
eaf1b0caf6
Add minor clean up
2014-01-16 17:55:45 -06:00
jvazquez-r7
f3c912bd32
Add module for ZDI-14-003
2014-01-16 17:49:49 -06:00
jvazquez-r7
ac9e634cbb
Land #2874 , @mandreko's sercomm exploit fixes
2014-01-16 16:35:32 -06:00
Tod Beardsley
62c7839b4c
Land #2850 , fix msftidy to respect \x22 and \x27
2014-01-16 16:26:34 -06:00
jvazquez-r7
272fe5ddfd
Delete debug comments
2014-01-16 16:12:12 -06:00
Matt Andreko
f6f2da09aa
Merge pull request #4 from jvazquez-r7/review_2874
...
Clean CmdStagerEcho and Add module targets
2014-01-16 13:57:59 -08:00
sinn3r
a1eba03d1f
Land #2725 - Rex::Proto::PJL plus modules
2014-01-16 15:57:38 -06:00
jvazquez-r7
8213eed49f
Delete Netgear N150 target, ist's a Netgear DGN1000 model
2014-01-16 15:14:31 -06:00
William Vu
6110ad72b3
Update tests and ensure full coverage
2014-01-16 15:11:04 -06:00
William Vu
9bf90b836b
Add environment variables support
2014-01-16 14:53:25 -06:00
jvazquez-r7
139119d32c
Add Manual targets to sercomm_exec
2014-01-16 12:44:26 -06:00
William Vu
0915212249
Fix socket timeout bug
2014-01-16 11:58:37 -06:00
jvazquez-r7
0922aef8d1
Update module description
2014-01-16 11:16:11 -06:00
jvazquez-r7
0b9ff43217
Make slice_up_payload easier
2014-01-16 11:03:22 -06:00
jvazquez-r7
f41849c921
Clean CmdStagerEcho
2014-01-16 11:00:57 -06:00
jvazquez-r7
2e6b1c7552
Land #2878 , @mandreko's fix for sercomm credentials parsing
2014-01-16 07:27:55 -06:00
William Vu
311704fc0a
Perform final cleanup
2014-01-15 13:49:37 -06:00
joev
1197426b40
Land PR #2881 , @jvazquez-r7's mips stagers.
2014-01-15 12:46:41 -06:00
William Vu
d9fb03fcbc
Merge remote-tracking branch 'origin/pr/2' into feature/pjl
2014-01-15 12:11:57 -06:00
joev
0833da465a
Lands #2832 , @jvazquez-r7's fixes to mipsel shellcode.
2014-01-15 12:03:17 -06:00
jvazquez-r7
0b1671f1b8
Undo debugging comment
2014-01-14 17:02:30 -06:00
jvazquez-r7
6372ae6121
Save some parsing
2014-01-14 17:00:00 -06:00
jvazquez-r7
a056d937e7
Fluch data cache and improve documentation
2014-01-14 14:06:01 -06:00
jvazquez-r7
a8806887e9
Add support for MIPS reverse shell staged payloads
2014-01-14 12:25:11 -06:00
William Vu
5d387c96ec
Land #2879 , minor code formatting missed in #2863
2014-01-14 11:22:09 -06:00
William Vu
f7f464f60a
Land #2877 , module_rank.rb TypeError fix
2014-01-14 11:11:42 -06:00
sgabe
b4280f2876
Very minor code formatting
2014-01-14 13:35:00 +01:00
Matt Andreko
2d40f936e3
Added some additional creds that were useful
2014-01-13 23:15:51 -05:00
Matt Andreko
42fb8c48d1
Fixed the credential parsing and made output consistent
...
So in the previous refactor, we made the dedicated method to parse
usernames and passwords from the split up config values. However, that
didn't work, because on a single iteration of the loop, you only have
access to a possible username OR password. The other matching key will
be another iteration of the loop. Because of this, no credential pairs
were being reported.
The only way I can see around this (maybe because I'm a ruby newb) would
be to iterate over configs, and if the user or password regex matches,
add the matching value to a hash, which is identified by a key for both
user & pass. Then upon completion of the loop, it'd iterate over the
hash, finding keys that had both user & pass values.
2014-01-13 22:57:25 -05:00
Ethan Robish
28655d4788
Fixed bug that caused runtime error in module_rank.rb
2014-01-13 19:03:23 -06:00
sinn3r
39e98a4c4e
Land #2876 - Fix undefined method `[]' for nil:NilClass in module.rb
...
[FixRM #8740 ]
2014-01-13 18:02:20 -06:00
sinn3r
ad832adfc1
Land #2846 - Update mipsle shell_bind_tcp shellcode
2014-01-13 17:37:08 -06:00
HD Moore
68ccdc8386
Fix a stack trace when module_payloads.rb is run
...
This fixes a missing check for self.target being nil in the compatible_payloads method
2014-01-13 15:36:33 -08:00
Matt Andreko
b7b1ddf1e8
Sercomm Exploit module fixes
...
Added targets for 8 specific targets that I've tested: Cisco WAP4410N,
Honeywell WAP-PL2 IP Camera, Netgear DG834, Netgear DG834G, Netgear
DG834PN, Netgear DGN1000, Netgear DSG835, Netgear WPNT834
Added functionality to the CmdStagerEcho mix-in to support encoding via
octal instead of hex based on the :enc_type option. This is because many
devices would not output hex encoded values properly.
Added options on a per-target basis for the PackFormat (endian pack()
values for communication), UploadPath (because /tmp wasn't always
writable), and PayloadEncode (previously mentioned octal encoding
option)
Note for some reason, some devices communicate over one endianness, but
then require a payload for the other endianess. I'm not sure what's
causing this, but if those specific combinations are not used, the
exploit fails. More research may be required for this.
2014-01-13 16:58:32 -05:00
William Vu
4ccf1a4720
Land #2873 , Msf::Handler::ReverseHttp::UriChecksum
2014-01-13 15:38:56 -06:00
David Maloney
41807d7e4e
move rev_http uri checksum code
...
need access to the uri checksum
routines outside of the handler.
moved them to their own mixin
and then mixed into the handler.
added specs also
2014-01-13 15:18:16 -06:00
Tod Beardsley
804b26bac6
Land #2872 , switch for ARCH_MIPSBE
2014-01-13 15:10:27 -06:00