Adam Cammack
|
c5641c9681
|
Factor out mettle configuration
Also cleans up some stuff: s/url/uri/ and base-64 encodes UUIDs
|
2016-12-06 18:28:48 -06:00 |
Brent Cook
|
7346223a65
|
update payloads
|
2016-12-06 07:16:44 -06:00 |
OJ
|
ffee0ff1b6
|
Fix payload cache size issue, fix shell/bind payloads
|
2016-12-06 11:12:02 +10:00 |
Jin Qian
|
4a35f8449a
|
Fixed issue #7650 by matching Server header using regex as Wei suggested
The suggestion by Wei is simpler than the one I checked in which checks for presence of Server header before calling include method.
|
2016-12-02 20:26:38 -06:00 |
Jin Qian
|
35fdf1473b
|
Fixed issue #7650 where etherpad_duo_login module may crash
Add check for presence of Server header.
|
2016-12-02 18:07:18 -06:00 |
William Vu
|
ff8141c1b5
|
Land #7644, cred fix for vbulletin_vote_sqli_exec
|
2016-12-01 15:47:31 -06:00 |
Jin Qian
|
11906eb540
|
Fix issue #7645 where dolibarr_login module crashed
Add "res" (http response) when trying to retrieve the cookie
|
2016-12-01 15:38:26 -06:00 |
wchen-r7
|
41355898fa
|
Remove extra def report_cred in vbulletin_vote_sqli_exec
|
2016-12-01 15:31:24 -06:00 |
wchen-r7
|
9325ef8d8f
|
Land #7573, Add WP Symposium Plugin SQLI aux mod to steal credentials
|
2016-12-01 14:56:30 -06:00 |
wchen-r7
|
6b5dba72d4
|
Update description
|
2016-12-01 14:55:16 -06:00 |
wchen-r7
|
64bc029106
|
Fix Ruby style
|
2016-12-01 14:53:55 -06:00 |
wchen-r7
|
90ec367a99
|
Add method to save creds to database
|
2016-12-01 14:52:51 -06:00 |
wchen-r7
|
174cd74900
|
Land #7532, Add bypass UAC local exploit via Event Viewer module
|
2016-12-01 11:16:49 -06:00 |
wchen-r7
|
1e9d80c998
|
Fix another typo
|
2016-12-01 11:16:06 -06:00 |
wchen-r7
|
b8243b5d10
|
Fix a typo
|
2016-12-01 11:15:26 -06:00 |
William Vu
|
54684d31bd
|
Land #7641, check_conn? fix for cisco_ssl_vpn
|
2016-11-30 21:14:19 -06:00 |
William Vu
|
032312d40b
|
Properly check res
|
2016-11-30 21:03:29 -06:00 |
OJ
|
72a20ce464
|
Merge timwr's changes that fix android/reverse_http
|
2016-12-01 09:59:41 +10:00 |
William Vu
|
1d6ee7192a
|
Land #7427, new options for nagios_xi_chained_rce
|
2016-11-30 17:11:02 -06:00 |
William Vu
|
3e8cdd1f36
|
Polish up USER_ID and API_TOKEN options
|
2016-11-30 17:10:52 -06:00 |
Jin Qian
|
ec83a861c8
|
Fix issue #7640 where cisco SSL VPN not move despite server responded
Add the "return true" statement that was missing.
|
2016-11-30 16:25:13 -06:00 |
OJ
|
ebf5121359
|
Merge branch 'upstream/master' into add-bypassuac-eventvwr
|
2016-12-01 07:58:16 +10:00 |
OJ
|
6890e56b30
|
Remove call to missing function
|
2016-12-01 07:57:54 +10:00 |
wchen-r7
|
56505d2cc1
|
Resolve merge conflict
|
2016-11-30 14:33:23 -06:00 |
wchen-r7
|
c70c3701c5
|
Fix #7628, concrete5_member_list HTML parser
Fix #7628
|
2016-11-30 14:20:36 -06:00 |
William Webb
|
b6bb1995ad
|
Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master
|
2016-11-30 12:00:45 -06:00 |
William Webb
|
c31758e0ea
|
Land #7627, Fix typo in payloads/linux/armle/mettle
|
2016-11-30 11:58:47 -06:00 |
wchen-r7
|
530e9a9bc6
|
Land #7633, fix dell_idrac to stop trying on a user after a valid login
|
2016-11-30 11:46:31 -06:00 |
David Maloney
|
d1be2d735f
|
Land #7578, pdf-shaper exploit
Land lsato's work on the pdf-shaper buffer overflow
exploit
|
2016-11-30 11:13:12 -06:00 |
Tim
|
78480e31e7
|
remove AutoLoadAndroid
|
2016-11-30 21:23:14 +08:00 |
Tim
|
92751714c1
|
fix android/meterpreter/reverse_http
|
2016-11-30 20:12:00 +08:00 |
OJ
|
bdc2e7c3cd
|
Fix missing stager_config functions, payload sizes
|
2016-11-30 16:11:51 +10:00 |
OJ
|
3fad75641d
|
Final touches to make MSF happy with all refactorings
|
2016-11-30 11:30:59 +10:00 |
Jin Qian
|
afed1f465e
|
Fix issue 7632 where MSF keeps trying after success.
Thanks to Wei who suggested adding "return :next_user" after success.
|
2016-11-29 14:57:15 -06:00 |
David Maloney
|
3c9ebb97be
|
Land #7624, Wvu's style fixes
land's wvu's style and text fixes for the
OS X archived messages module
|
2016-11-29 14:05:05 -06:00 |
Javier Godinez
|
497e02955b
|
Fixed checking for access keys being retrieved
|
2016-11-29 11:08:55 -08:00 |
Jin Qian
|
1beeb99d44
|
Fix issue 7628, username extracted became garbled
Make the regular expression less aggressive.
|
2016-11-29 12:52:57 -06:00 |
Adam Cammack
|
878779e14c
|
Fix typo in payloads/linux/armle/mettle
|
2016-11-29 10:12:17 -06:00 |
OJ
|
834756c337
|
Rework android structure to function with the multi arch payload
|
2016-11-29 17:55:31 +10:00 |
OJ
|
bdfaaf01b2
|
Make multi work with https
|
2016-11-29 15:51:38 +10:00 |
OJ
|
bd8f8fd6cb
|
More rework of payload structure to handle multi arch handlers
|
2016-11-29 15:21:13 +10:00 |
OJ
|
beca63645e
|
Revamp of java payload structure
|
2016-11-29 11:54:30 +10:00 |
Javier Godinez
|
cb0313642b
|
Fixed setting IAM_USERNAME
|
2016-11-29 00:54:49 +00:00 |
Javier Godinez
|
46ce1dfaab
|
Now using random string as IAM_USERNAME unless specified
|
2016-11-28 16:32:53 -08:00 |
Javier Godinez
|
f8789fef38
|
Moved METADATA_IP to advanced options
|
2016-11-28 16:32:26 -08:00 |
William Vu
|
b6fe6c1d38
|
Fix #7597, minor changes to enum_messages
|
2016-11-28 17:37:32 -06:00 |
William Vu
|
c39c53b102
|
Prefer DefaultOptions to reregistering SSL option
|
2016-11-28 14:29:02 -06:00 |
Pearce Barry
|
8c54b0e5f4
|
Land #7622, Fix check_conn? method in cisco_ironport_enum
|
2016-11-28 14:19:02 -06:00 |
William Vu
|
777d5c1820
|
Fix check_conn? method in cisco_ironport_enum
|
2016-11-28 14:02:39 -06:00 |
Cantoni Matteo
|
f0b5b5a153
|
call store_loot once at the end
|
2016-11-28 20:28:36 +01:00 |
wchen-r7
|
a7fa2941a8
|
Land #7597, Added post module for accessing OSX messages database
|
2016-11-28 11:43:06 -06:00 |
wchen-r7
|
4eb109b22f
|
Land #7609, set SSL to true by default for cisco_nac_manager_traversal
|
2016-11-28 11:30:41 -06:00 |
OJ
|
5e8a47ac00
|
Merge upstream/master into universal handler work
|
2016-11-28 15:26:43 +10:00 |
Brent Cook
|
60210f57e9
|
Land #7505, fixed some targets for cisco_asa_extrabacon
|
2016-11-27 22:19:45 -06:00 |
OJ
|
e8158bd200
|
Add multi platform type, wire into the multi stage
|
2016-11-28 09:34:09 +10:00 |
jjarmoc
|
8824cc990a
|
Use Auxilliary Actions for different behaviors.
|
2016-11-26 13:04:04 -06:00 |
John Q. Public
|
0935d31de1
|
Changed print_status to print_good
Changed line 315 print type to good instead of the general status indication, so that the result output is easier to see.
|
2016-11-25 16:54:58 -06:00 |
John Q. Public
|
c286c708d9
|
Print file contents
Added a print_good statement at line 63 in order to print to contents of the newly discovered robots.txt file.
|
2016-11-25 15:57:37 -06:00 |
h00die
|
efa191dd10
|
fixed some spacing
|
2016-11-25 11:50:56 -05:00 |
Javier Godinez
|
b4add59a3d
|
Moved metadata_creds() so Client can be included in Aux/Post modules
|
2016-11-24 21:03:38 -08:00 |
OJ
|
5fdd5a7326
|
More progress on http universal staged handler
|
2016-11-25 13:00:35 +10:00 |
h00die
|
00d9e69a98
|
potential double fix for #7582
|
2016-11-24 12:14:09 -05:00 |
Pearce Barry
|
ec020e3d07
|
Land #7611, cisco_ironport_enum falsely claimed connection failed
Fixes #7610
|
2016-11-24 09:54:09 -06:00 |
Cantoni Matteo
|
fd11e7c4df
|
modified it as recommended (@brandonprry) and added Module Documentation
|
2016-11-24 10:36:32 +01:00 |
root
|
dc64f63517
|
Removed useless comments
|
2016-11-24 01:33:20 +00:00 |
root
|
5284e20a52
|
Optimised SQL vars, removed unneeded requires and changed the "exec" function name
|
2016-11-24 01:27:03 +00:00 |
Jin Qian
|
65b858ac06
|
Fix issue 7610, cisco_ironport_enum falsely claimed connection failed.
Make sure we return 1 in check_conn method.
|
2016-11-23 14:59:07 -06:00 |
Jin Qian
|
b7ae7a47be
|
Fix issue #7608 where the SSL option was not turned on by default
Set the SSL option to be on by default.
|
2016-11-23 14:45:42 -06:00 |
Javier Godinez
|
c48587066d
|
Added reference and minor fixes
|
2016-11-23 10:58:37 -08:00 |
Jin Qian
|
0df3e17e0c
|
Fix the issue in MS2132 where OWA_LOGIN doesn't continue on connection error.
The possibility of temporary connnection disruption means this module should keep trying other user/pass pairs upon error.
|
2016-11-23 09:56:27 -06:00 |
Javier Godinez
|
43e1b5bdd1
|
Adds module to create an AWS IAM user from a pwned AWS host
|
2016-11-22 14:55:03 -08:00 |
OJ
|
c606eabbb9
|
Merge 'upstream/master' into universal-handlers
|
2016-11-22 14:06:46 +10:00 |
root
|
ce514ed3e5
|
Fixed broken fail_with function call and whitespace on line ending
|
2016-11-22 03:04:12 +00:00 |
root
|
e0f8d622ec
|
Added metasploit module for access OSX messages database
|
2016-11-22 02:53:38 +00:00 |
Brent Cook
|
59f3c9e769
|
Land #7579, rename netfilter_priv_esc to rename netfilter_priv_esc_ipv4
|
2016-11-21 17:59:29 -06:00 |
wchen-r7
|
83a3a4e348
|
Fix #7463, check nil return value when using redis_command
Fix #7463
|
2016-11-21 15:52:12 -06:00 |
William Vu
|
6f8660f345
|
Land #7586, NameError fix for brute_dirs
|
2016-11-21 14:46:19 -06:00 |
William Vu
|
7b5c819430
|
Land #7588, disclosure date fix for OpenNMS sploit
|
2016-11-21 14:01:18 -06:00 |
William Vu
|
c8320d661f
|
Land #7590, mixin order fix for buffalo_login
|
2016-11-21 13:57:27 -06:00 |
Jin Qian
|
90d360a592
|
Fix the issue 7589, both RHOST and RHOSTS options are quired
Thanks to Will who found it's due to the order of mixin.
|
2016-11-21 11:06:32 -06:00 |
Prateep Bandharangshi
|
8869ebfe9b
|
Fix incorrect disclosure date for OpenNMS exploit
Disclosure date was Nov 2015, not Nov 2014
|
2016-11-21 16:44:36 +00:00 |
Jin Qian
|
18b873be47
|
Fix the exception issue reported in issue #7585
Fix the exception by initialize a key variable that caused the exception.
|
2016-11-21 10:00:23 -06:00 |
William Webb
|
6c6221445c
|
Land #7543, Create exploit for CVE-2016-6563 / Dlink DIR HNAP Login
|
2016-11-21 09:59:50 -06:00 |
OJ
|
6ae8a2dd2e
|
Remove unused/empty function body
|
2016-11-21 17:59:49 +10:00 |
OJ
|
8c036885bc
|
Fix msftidy issues
|
2016-11-21 17:23:03 +10:00 |
OJ
|
e226047457
|
Merge 'upstream/master' into the bypassuac via eventvwr mod
|
2016-11-21 17:18:40 +10:00 |
Brent Cook
|
0504cae21f
|
Land #7536, fix get_ipv4_addr(@interface) usage
|
2016-11-21 01:09:05 -06:00 |
Brent Cook
|
0a3acf57d1
|
update payload sizes
|
2016-11-20 19:47:17 -06:00 |
Brent Cook
|
005d34991b
|
update architecture
|
2016-11-20 19:09:33 -06:00 |
Brent Cook
|
f313389be4
|
Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch
|
2016-11-20 19:08:56 -06:00 |
David Maloney
|
6a35b366bc
|
Land #7577, URPORT fix
|
2016-11-18 14:41:10 -06:00 |
h00die
|
cfd31e32c6
|
renaming per @bwatters-r7 comment in #7491
|
2016-11-18 13:52:09 -05:00 |
wchen-r7
|
00e4a8881f
|
Land #7574, Update open_proxy aux module
|
2016-11-18 11:41:43 -06:00 |
wchen-r7
|
d3adfff663
|
Change syntax
|
2016-11-18 11:41:04 -06:00 |
wchen-r7
|
f894b9a4c5
|
Fix typo
|
2016-11-18 11:39:26 -06:00 |
Louis Sato
|
920ecf6fc5
|
finishing metacoms work for pdf-shaper-bo
|
2016-11-18 11:36:02 -06:00 |
David Maloney
|
8d1c718873
|
Land #7572, wireshark dos typos
Lands mcantoni's pr for fixing typos in the
wireshark dos modules
|
2016-11-18 11:01:32 -06:00 |
wchen-r7
|
4596785217
|
Land #7450, PowerShellEmpire Arbitrary File Upload
|
2016-11-17 17:47:15 -06:00 |
wchen-r7
|
22d70ddd09
|
Fix #7455, handle the URIPORT option properly in is_uxss_injection
Fix #7455
|
2016-11-17 15:50:35 -06:00 |
Brian Patterson
|
abddeb5cd2
|
Land 7473, add censys search module
|
2016-11-17 13:44:00 -06:00 |