dfdf99c8f4
Remove metcli
...
The metcli.exe binary doesn't get used any more and the source was removed
from Meterpreter ages ago. No point in having it in the repo any more.
2015-01-10 09:21:44 +10:00
09d91c9a0c
Land #4564 - Update to latest meterpreter bins
2015-01-10 09:11:08 +10:00
ce87b126c1
Update to the latest meterpreter_bins
...
This removes checked-in sniffer extension in favor of the gem-packaged version.
It also pulls in the changes for verifying #4411
2015-01-09 16:57:10 -06:00
d4d1a53533
fix invalid url
2015-01-09 21:57:52 +01:00
fd2307680d
Land #4550 , wp-symposium file upload
2015-01-09 21:55:02 +01:00
3d20ea822e
Land #2156 , @veritysr exploit for MySQL FILE privilege abuse on Windows
...
* By uploading payload to All Users startup folder
2015-01-09 12:22:09 -06:00
d65ed54e0c
Check STARTUP_FOLDER option
2015-01-09 12:21:01 -06:00
2c633e403e
Do code cleanup
2015-01-09 12:07:59 -06:00
d52e9d4e21
Fix metadata again
2015-01-09 11:20:00 -06:00
9dbf163fe7
Do minor style fixes
2015-01-09 11:17:16 -06:00
8f09e0c20c
Fix metadata by copying the mysql_mof data
2015-01-09 11:15:32 -06:00
da6496fee1
Test landing #2156 into up to date branch
2015-01-09 11:04:47 -06:00
d8743ea32b
Land #4539 , @Meatballs1's creds cmd now supports type filters, -R for search
2015-01-08 18:48:27 -08:00
7c4b86ca4c
If an unsupported cred type is given to -t, show what is valid
2015-01-08 18:42:25 -08:00
e4547eb474
Land #4537 , @wchen-r7's fix for #4098
2015-01-08 17:57:16 -08:00
f13e56aef8
Handle bracketed and unbracketed results, add more useful logging
2015-01-08 17:51:31 -08:00
14db112c32
Add logging to show executed Java and result
2015-01-08 16:53:12 -08:00
e4cdac1440
Land #4559 , @FireFart's fix for wordpress version detection (from wpscan)
2015-01-08 15:19:29 -08:00
75726f1e74
Update spec to cover #4559
2015-01-08 15:15:01 -08:00
fb5170e8b3
Land #2766 , Meatballs1's refactoring of ExtAPI services
...
- Many code duplications are eliminated from modules in favor of shared
implementations in the framework.
- Paths are properly quoted in shell operations and duplicate operations are
squashed.
- Various subtle bugs in error handling are fixed.
- Error handling is simpler.
- Windows services API is revised and modules are updated to use it.
- various API docs added
- railgun API constants are organized and readable now.
2015-01-08 16:54:01 -06:00
ed74271c26
Land #4548 , @dmaloney-r7's fix to allow loginscanners to work w/o a DB
2015-01-08 14:50:08 -08:00
14b1d8dc5f
no space required
2015-01-08 23:43:06 +01:00
98cee8249d
Move non-active DB messages to warning and clarify/simplify
2015-01-08 14:40:47 -08:00
f7eb9a6cf8
update wordpress version detection regex
2015-01-08 23:36:59 +01:00
e447a17795
bump deprecated date
2015-01-08 16:20:06 -06:00
50ecfbf64c
Land #4553 - Update bypass UAC to work on 7, 8, 8.1, and 2012
2015-01-08 16:19:55 -06:00
05279ef02a
consistently use double-quoted paths
...
allow for variable expansion if needed
2015-01-08 16:10:28 -06:00
82e6183136
Add Msf::Exploit::FileDropper mixin
2015-01-08 21:07:00 +00:00
93dc90d9d3
Tidied up some code with existing mixins
2015-01-08 20:53:56 +00:00
0f7f75b1c0
Land #4557 , FireFart's fix for faulting folly
2015-01-08 14:29:27 -06:00
a5b56c7d09
fix error
2015-01-08 19:48:29 +01:00
fd7e65d459
derp just check db active
...
the other way of doing this was stupid, jsut check if
the db is active
2015-01-08 11:58:56 -06:00
2a52bfd26d
Land #4554 , metasploit-credential bump to 0.13.11
2015-01-08 09:49:08 -06:00
14a35eb28a
Bump metasploit-credential to 0.13.11
2015-01-08 09:35:07 -06:00
8be813e51d
Merge runas updates from Meatballs1/update_bypass_uac
2015-01-08 21:21:19 +10:00
a9fee9c022
Fall back to runas if UAC disabled
2015-01-08 11:07:57 +00:00
8f720ef766
Use get_env in runas
2015-01-08 11:07:40 +00:00
3c4ec1d958
Land #4547 , rm data/meterpreter/common.lib
2015-01-08 04:52:29 -06:00
ea793802cc
Land #4528 , mantisbt_php_exec improvements
2015-01-08 04:50:00 -06:00
3c3d28b475
Land #4551 , correct spelling in dns_bruteforce
2015-01-08 10:03:28 +00:00
844460dd87
Update bypass UAC to work on 8.1 and 2012
...
This commit contains a bunch of work that comes from Meatballs1 and
Lesage, and updates the bypassuac_inject module so that it works on
Windows 8.x and Windows 2012. Almost zero of the code in this module
can be attributed to me. Most of it comes from Ben's work.
I did do some code tidying, adjustment of style, etc. but other than
that it's all down to other people.
2015-01-08 15:39:19 +10:00
0604b2ecc7
Land #4542 , invalid splat URL fix
2015-01-07 22:54:22 -06:00
0496bb16bc
Minor spelling fix
2015-01-07 23:43:59 -05:00
f0261a418c
Lands #4535 , report_auth_info shoring up
2015-01-07 16:32:14 -06:00
001b6d913e
allows loginscanners to work without db
...
created stub methods around the credential
creation methods modules would use from
Metasploit::Credential, they try to call the real ones
but rescue a NoMethodError that arises if framework is setup
without the db. it just prints a message to the console
telling the user the cred data will not be saved
MSP-10969
2015-01-07 16:09:04 -06:00
e6f53ebcbc
Remove duplicate rhosts
2015-01-07 22:04:01 +00:00
7b92c6c2df
Add WP Symposium Shell Upload module
2015-01-07 22:02:39 +00:00
dccd21a559
Resolve #3870 , reinstance creds -R
2015-01-07 22:01:45 +00:00
32ddd5ccb4
delete unused library from meterpreter dir
...
common.lib is only used by the build process, not MSF
2015-01-07 16:00:37 -06:00
f2c22b6dc7
corrected schema
2015-01-07 15:38:39 -06:00
OJ
Brent Cook
Christian Mehlmauer
jvazquez-r7
Jon Hart
sinn3r
rastating
David Maloney
Trevor Rosen
Meatballs
William Vu
EricGershman
Samuel Huckins