Commit Graph

24792 Commits (dcc4d25f15e9df6b59f09f4aa0983b94778d5c1f)

Author SHA1 Message Date
David Maloney 19e36cccb3
Credential Core creation now complete 2014-05-21 16:37:13 -05:00
James Lee 5d1a0397ed
Add Tomcat login scanner 2014-05-21 14:28:54 -05:00
David Maloney 3ea99a9d43
private creation w/ specs and docs
the private creation method is now done
with specs and YARD docs
2014-05-21 13:21:56 -05:00
David Maloney 2629549f6f
added realm creation
added method for creating credential realm
creation.
2014-05-21 11:22:22 -05:00
Spencer McIntyre e3630278ce
Land #3379, [FixRM #8803] - Improve fb_cnct_group check 2014-05-21 11:39:10 -04:00
jvazquez-r7 b9464e626e Delete unnecessary line 2014-05-21 10:18:03 -05:00
sinn3r a22c089aa0
Land #3378 - Add Reference for katello_satellite_priv_esc 2014-05-21 01:30:59 -05:00
jvazquez-r7 af415c941b [SeeRM #8803] Avoid false positives when checking fb_cnct_group 2014-05-20 18:44:28 -05:00
James Lee 8be35b90f4
Add some more specs for AFP login scanner 2014-05-20 17:44:41 -05:00
jvazquez-r7 8a9c005f13 Add URL 2014-05-20 17:43:07 -05:00
James Lee d061d36229 Merge branch 'staging/electro-release' into feature/MSP-9646/afp-loginscanner 2014-05-20 17:25:42 -05:00
James Lee 21de14ac3d
Initial stab at AFP login scanner 2014-05-20 17:08:12 -05:00
jvazquez-r7 727054df0b
Land #3375, @bugch3ck's support for Safari 2014-05-20 16:38:55 -05:00
Samuel Huckins 62bae8e23b Merge pull request #21 from rapid7/feature/MSP-9687/winrm-loginscanner
Specs and functional steps passing. 

MSP-9687 #land
2014-05-20 11:32:37 -05:00
David Maloney ce69f742a4
add yarddocs to origin methods
added YARD docs to the creation methods for
Credential::Origins
2014-05-20 11:16:19 -05:00
David Maloney 8a2f05b7d2 Merge branch 'staging/electro-release' into feature/MSP-9640/cred_creation 2014-05-20 10:28:33 -05:00
David Maloney 0b1d9d8cd0 Merge branch 'master' into staging/electro-release 2014-05-20 10:27:55 -05:00
David Maloney 9cdddb08d9
origin specs for realsies
final specs and fixes for the origin creation
methods
2014-05-20 10:19:03 -05:00
David Maloney b84aaaad19
specs and fixes for origin creation 2014-05-20 09:59:15 -05:00
Jonas Vestberg 7cabfacfa3 Test adobe_flash_pixel_bender_bof on Safari 5.1.7
Added browser-requirement for Safari after successful test using Safari 5.1.7 with Adobe Flash Player 13.0.0.182 running on Windows 7 SP1.
2014-05-20 01:43:19 +02:00
Meatballs 52b182d212
Add a small note to bypassuac_injection concerning EXE::Custom 2014-05-19 22:00:35 +01:00
Meatballs b84379ab3b
Note about EXE::Custom 2014-05-19 22:00:09 +01:00
Meatballs eeae071468
Land #3363, Workstation Length Auth Bug 2014-05-19 21:46:57 +01:00
David Maloney ddfa4f1ee7
some origin creation specs
started getting working specs
for the origin creation methods. feel
into the weeds for a bit, but making progress at last.
2014-05-19 15:16:02 -05:00
Karmanovskii e26dee5e22 Update mybb_get_type_db.rb
19/05/2014
I deleted      -     #return Exploit::CheckCode::Unknown  # necessary ????
2014-05-19 21:32:30 +04:00
David Maloney 9efb97d465
origin creation method
added base behaviour for creating generic
credential origin objects from report
2014-05-19 10:00:19 -05:00
William Vu a30d6b1f2d
Quick cleanup for sap_icm_urlscan 2014-05-19 09:21:26 -05:00
William Vu dc0e649a10
Clean up case statement 2014-05-19 09:21:07 -05:00
William Vu bc64e47698
Land #3370, cleanup for sap_icm_urlscan 2014-05-19 09:16:18 -05:00
William Vu 8235556cec
Land #3372, release fixes 2014-05-19 09:10:38 -05:00
Tod Beardsley 0ef2e07012
Minor desc and status updates, cosmetic 2014-05-19 08:59:54 -05:00
Tod Beardsley 1ef16fb722
Land #3367, new wordlists from unhash
Thanks @tkisason!
2014-05-19 08:44:54 -05:00
Meatballs 848227e18a
401 should be a valid url 2014-05-19 10:59:38 +01:00
Meatballs 5d96f54410
Be verbose about 307 2014-05-19 10:52:06 +01:00
Meatballs 88b7dc3def
re-add content length 2014-05-19 10:46:47 +01:00
Meatballs e59f104195
Use unless 2014-05-19 10:41:01 +01:00
sinn3r bf52c0b888
Land #3364 - Symantec Workspace Streaming Arbitrary File Upload 2014-05-19 00:25:33 -05:00
jvazquez-r7 2fb0dbb7f8 Delete debug print_status 2014-05-18 23:34:04 -05:00
jvazquez-r7 d35ba208ed
Land #3369 @bugch3ck's support for plugin flash exploitation on adobe_flash_pixel_bender 2014-05-18 23:25:08 -05:00
jvazquez-r7 975cdcb537 Allow exploitation also on FF 2014-05-18 23:24:01 -05:00
Jonas Vestberg 033757812d Updates to adobe_flash_pixel_bender_bof:
1. Added embed-element to work with IE11 (and Firefox). Removed browser-requirements for ActiveX (clsid and method).
2. Added Cache-Control header on SWF-download to avoid AV-detection (no disk caching = no antivirus-analysis :).

Testing performed:
Successfully tested with Adobe Flash Player 13.0.0.182 with IE9, IE10 and IE11 running on Windows 7SP1. (Exploit will trigger on FF29, although sandboxed.)
2014-05-18 22:43:51 +02:00
Tonimir Kisasondi 9b29c572a7 Comments dont work with auth_brute.rb 2014-05-18 21:14:17 +02:00
Tonimir Kisasondi c9bb2d5165 Added headers to files 2014-05-18 20:55:50 +02:00
Tonimir Kisasondi 97b63d708c Corrected naming to be in line with msf convention 2014-05-18 18:18:23 +02:00
Tonimir Kisasondi 7d79f8a4c2 Removed wrongly named list. 2014-05-18 18:15:17 +02:00
Tonimir Kisasondi d7bf66973c Fixed userpass delimiters. 2014-05-18 18:13:03 +02:00
Tonimir Kisasondi 6ec926b573 Added separate users/pass/userpass dictionaries 2014-05-18 10:18:07 +02:00
William Vu a97d9ed54f
Land #3148, check_urlprefixes for sap_icm_urlscan 2014-05-17 16:10:52 -05:00
sappirate dd1a47f31f Modified sap_icm_urlscan to check for authentication of custom URLs
Fixed ruby coding style
2014-05-17 22:47:49 +02:00
Karmanovskii 06912ac2b6 Update mybb_get_type_db.rb
1.Changed "Rex::Proto::Http::Client" to "Msf::Exploit::Remote::HttpClient"
2.changed the name of the variable "_Version_server".
2014-05-17 16:30:29 +04:00