Commit Graph

13941 Commits (dc95b01cc5f366b0ab6a6ea6225182e412aa1b45)

Author SHA1 Message Date
William Vu dc95b01cc5
Land #3670, smb_login private_type fix
[FixRM #8841]
2014-08-19 11:30:23 -05:00
William Vu b748cee760
Land #3664, enum_osx dump_hash removal 2014-08-19 11:29:23 -05:00
James Lee f169b8dff3
Fix hashes being stored as passwords 2014-08-18 15:52:13 -05:00
Tod Beardsley cad281494f
Minor caps, grammar, desc fixes 2014-08-18 13:35:34 -05:00
joev 5654370316
Remove hashdump functionality from enum_osx.
There is a specific hashdump module that is more up-to-date, no need to duplicate
functionality (and code).
2014-08-18 11:40:11 -05:00
joev 5bfbb7654e
Add android meterpreter to browser autopwn. 2014-08-18 11:09:16 -05:00
HD Moore d8e82b9394 Lands #3655, fixes pack operators
the commit.
he commit.
2014-08-17 17:25:52 -05:00
sinn3r e656a81c63
Land #3656 - FF toString console.time Privileged Javascript Injection 2014-08-15 17:07:23 -05:00
joev 6d958475d6
Oops, this doesn't work on 23, only 22. 2014-08-15 17:00:58 -05:00
joev fb1fe7cb8b
Add some obfuscation. 2014-08-15 16:54:30 -05:00
joev b574a4c4c5
Wow, this gets a shell all the way back to 15.0. 2014-08-15 16:39:36 -05:00
joev 5706371c77
Update browser autopwn settings. 2014-08-15 16:32:06 -05:00
joev 8c63c8f43d
Add browserautopwn hook now that this is not user-assisted. 2014-08-15 16:28:21 -05:00
joev 694d917acc
No need for web console YESSSS 2014-08-15 16:02:26 -05:00
joev 738a295f0a
Rename module to tostring_console*. 2014-08-15 15:17:37 -05:00
Meatballs 0cc3bdfb35
Moar bad packs 2014-08-15 21:11:37 +01:00
joev f182613034
Invalid CVE format. 2014-08-15 15:09:45 -05:00
joev edb9d32e5c
Add module for toString() injection in firefox. 2014-08-15 15:08:10 -05:00
Tod Beardsley 904c1b20b1
Land #3654, update to 4.10-dev (electro) 2014-08-15 12:51:28 -05:00
Samuel Huckins 149c3ecc63
Various merge resolutions from master <- staging
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
jvazquez-r7 4cfd2abd8d
Land #3621, @kaospunk's exploit for gitlab-shell CVE-2013-4490 command injection 2014-08-15 09:17:16 -05:00
jvazquez-r7 4e0f6dfcc7 Do minor cleanup 2014-08-15 09:10:08 -05:00
sinn3r f91116a8e8
Land #3634 - Virtual box 3D Acceleration OpenGL Host escape 2014-08-13 20:08:13 -05:00
kaospunk 5ed3e6005a Implement suggestions
This commit addresses feedback such as adding a check
function and changing the login fail case by being
more specific on what is checked for. The failing
ARCH_CMD payloads were addressed by adding BadChars.
Last, an ARCH_PYTHON target was added based on
@zerosteiner's feedback.
2014-08-13 20:26:48 -04:00
jvazquez-r7 127d094a8d Dont share once device is opened 2014-08-13 16:13:38 -05:00
sinn3r 558cea6017
Land #3638 - Add VMTurbo Operations Manager 'vmtadmin.cgi' RCE 2014-08-13 11:55:56 -05:00
Meatballs 05a198bc96
Correct spelling 2014-08-13 14:06:25 +01:00
Meatballs 4a01c27ed4
Use get_env and good pack specifier 2014-08-13 10:59:22 +01:00
Emilio Pinna 4ff73a1467 Add version build check 2014-08-13 09:53:43 +02:00
jvazquez-r7 da4b572a0d Change module name 2014-08-12 17:17:26 -05:00
jvazquez-r7 3eccc12f50 Switch from vprint to print 2014-08-12 17:11:24 -05:00
jvazquez-r7 f203fdebcb Use Msf::Exploit::Local::WindowsKernel 2014-08-12 17:09:39 -05:00
jvazquez-r7 e1debd68ad Merge to update 2014-08-12 16:21:39 -05:00
jvazquez-r7 183b27ee27 There is only one target 2014-08-12 16:14:41 -05:00
jvazquez-r7 c8e4048c19 Some style fixes 2014-08-12 16:11:31 -05:00
jvazquez-r7 ea3d2f727b Dont fail_with while checking 2014-08-12 16:09:59 -05:00
Emilio Pinna 3440f82b2e Minor description adjustment 2014-08-12 22:18:59 +02:00
Emilio Pinna 9e38ffb797 Add the check for the manual payload setting 2014-08-12 21:55:42 +02:00
sinn3r b84192c654
Land #3642 - Be sure which the full payload is used 2014-08-12 14:52:26 -05:00
jvazquez-r7 93990f4578
Land #3631, @wchen-r7's fixes to avoid datastore options assignment at runtime 2014-08-12 14:46:02 -05:00
jvazquez-r7 b46b6af50d
Land #3630, @wchen-r7's fix for datastore assignments on smb_enumusers 2014-08-12 14:26:55 -05:00
jvazquez-r7 33da1a6871 Give a chance to the mixin 2014-08-12 13:49:39 -05:00
Emilio Pinna 5b6be55c50 Fix (properly) 'execute_command()' missing 'opts' parameter 2014-08-12 19:49:27 +02:00
Emilio Pinna 3af17ffad0 Fixed 'execute_command()' missing 'opts' parameter 2014-08-12 19:24:24 +02:00
jvazquez-r7 042423088c Make sure which the full payload is used 2014-08-12 11:41:29 -05:00
Emilio Pinna f71589f534 Simplify payload upload using 'CmdStager' mixin 2014-08-12 10:49:17 +02:00
sinn3r 4aeb1eda9c Don't use datastore options as default values 2014-08-11 18:55:32 -05:00
kaospunk 4e6a04d3ad Modifications for login and key addition
This commit adds additional support for logging in
on multiple versions of Gitlab as well as adding a
key to exploit the vulnerability.
2014-08-11 19:54:10 -04:00
Emilio Pinna cc5770558d Remove local payload saving used for debugging 2014-08-11 19:16:14 +02:00
Emilio Pinna 4790b18424 Use FileDropper mixin to delete uploaded file 2014-08-11 19:02:09 +02:00