sinn3r
17b5e57280
Typo
2013-08-19 15:32:19 -05:00
sinn3r
fb5ded1472
[FixRM #8314 ] - Use OptPath instead of OptString
...
These modules need to use OptPath to make sure the path is validated.
2013-08-19 15:30:33 -05:00
sinn3r
2e74c50880
[SeeRM #8313 ] - Print where files are stored
...
As an user, I want to be able to see where my file is stored when the
module I'm using runs a store_loot().
2013-08-19 15:02:15 -05:00
sinn3r
d0b56e1650
Use the correct variable
2013-08-19 14:38:40 -05:00
sinn3r
d89932bfd8
Use the correct variable
2013-08-19 14:33:01 -05:00
Tod Beardsley
ca313806ae
Trivial grammar and word choice fixes for modules
2013-08-19 13:24:42 -05:00
sinn3r
4cef4e88a6
If exception hits, make sure it's closed.
2013-08-19 13:21:53 -05:00
sinn3r
11ef366818
Properly close hashlist
2013-08-19 13:14:13 -05:00
sinn3r
89d4f0180d
Make sure we close hashlist
2013-08-19 12:54:27 -05:00
jvazquez-r7
0af2f1c611
Land #2234 , @ndavis-r7's patch for [SeeRM #8296 ]
2013-08-19 09:48:59 -05:00
Spencer McIntyre
e276b57ee7
Merge remote-tracking branch 'upstream/master' into python-meterpreter-dev
2013-08-19 08:37:12 -04:00
sinn3r
abaec32ad6
What Luke said.
...
"You cannot, in general, place a variable declaration in a begin
scope and use it in the ensure scope unless you use nil?. It is
better to swap line 35 and line 34."
2013-08-18 23:54:04 -05:00
sinn3r
86d6bce8c4
[FixRM #8312 ] - Fix file handle leaks
...
Fix file handle leaks for [SeeRM #8312 ]
2013-08-18 20:31:13 -05:00
Joe Vennix
f843743294
Adds fixes from @wchen-r7.
2013-08-18 18:46:51 -05:00
sinn3r
6191023b67
Land #2241 - Fix undefined method `text' for nil:NilClass
2013-08-18 17:44:15 -05:00
Nicholas Davis
559dfb5a7e
Fix for bug #8297
...
Fixed getting the policy_hash_list which can fail if elements are null
[SeeRM #89297 ]
2013-08-18 14:49:44 -07:00
Joe Vennix
017309d02d
Minor fixes to keylogger.
2013-08-18 16:29:34 -05:00
Joe Vennix
1cdf77df7d
OSX keylogger module finally working.
2013-08-18 16:21:38 -05:00
William Vu
9467297bf7
Land #2239 , OSVDB refs for Chasys and OpenX
2013-08-18 13:41:21 -06:00
Steve Tornio
abd4fb778f
add osvdb ref for chasys overflow
2013-08-18 06:35:28 -05:00
Steve Tornio
0037ccceed
add osvdb ref for openx backdoor
2013-08-18 06:34:50 -05:00
g0tmi1k
71a3f59c25
php_include - added error handler
2013-08-17 18:30:39 +01:00
g0tmi1k
02e394e1c3
php_include - fix check
2013-08-17 17:36:43 +01:00
g0tmi1k
98b4c653c0
php_include - uses verbose
2013-08-17 17:35:09 +01:00
jvazquez-r7
c5d426fc70
Land #2235 , @wchen-r7's patch for [SeeRM #6264 ]
2013-08-17 10:05:41 -05:00
sinn3r
790654ac1b
Land #2236 - Cogent DataHub HTTP Server Buffer Overflow
2013-08-16 23:28:50 -05:00
sinn3r
a75a4906f2
Description update
2013-08-16 23:28:24 -05:00
sinn3r
780293d817
Minor changes
2013-08-16 23:24:40 -05:00
jvazquez-r7
a8cc15db20
Add module for ZDI-13-178
2013-08-16 18:13:18 -05:00
Tod Beardsley
1eb3c323ed
Land #2175 , force string encoding for RPC
...
Metasploit takes great pains to ensure that all strings are encoded as
plain old US-ASCII. This PR enforces this conversion over RPC as well.
[FixRM #7888 ]
2013-08-16 16:09:24 -05:00
Tod Beardsley
7937fbcc49
More idiomatic ruby with symbols and spaces
2013-08-16 15:59:04 -05:00
sinn3r
a94c6aa72b
[FixRM 6264] Check required vulnerable component before testing
...
tomcat_enum requires the admin web app package for it to work, but
by default many Apache Tomcat don't actually have this. The module
should check that first before trying usernames.
[FixRM 6264], see:
http://dev.metasploit.com/redmine/issues/6264
I also made changes to do_login in order to verify successful/bad
attempts more specific.
2013-08-16 15:45:23 -05:00
jvazquez-r7
e50ef209b2
Land #2233 , @bperry-r7's module for nexpose
2013-08-16 14:21:22 -05:00
jvazquez-r7
f42797fc5c
Fix indentation
2013-08-16 14:19:37 -05:00
Nicholas Davis
5da714f748
fixed bug #8296 where help table was not displaying properly
2013-08-16 15:10:38 -04:00
Tod Beardsley
f7339f4f77
Cleanup various style issues
...
* Unset default username and password
* Register SSL as a DefaultOption instead of redefining it
* Use the HttpClient mixin `ssl` instead of datastore.
* Unless is better than if !
* Try to store loot even if you can't cleanup the site ID.
2013-08-16 14:03:59 -05:00
jvazquez-r7
dfa1310304
Commas in the author array
2013-08-16 13:54:46 -05:00
Tod Beardsley
24b8fb0d7b
Whitespace retab, add rport 3780 as default
2013-08-16 13:31:05 -05:00
jvazquez-r7
85b050112a
Land #2231 , @wchen-r7's patch for [SeeRM #8114 ]
2013-08-16 12:52:10 -05:00
sinn3r
a86b247077
Land #2224 - Add brute force module for Cisco IronPort
2013-08-16 12:07:14 -05:00
sinn3r
bbe57dbf3a
Some cleanup, also remove TARGETURI because not registered by default
2013-08-16 12:06:24 -05:00
sinn3r
d4dbea5594
Check 200
2013-08-16 11:34:32 -05:00
Tod Beardsley
e436d31d23
Use SSL by defailt
2013-08-16 11:32:10 -05:00
Tod Beardsley
60a229c71a
Use rhost and rport, not local host and port
2013-08-16 11:12:39 -05:00
Tod Beardsley
646d55b638
Description should be present tense
2013-08-16 11:06:34 -05:00
Tod Beardsley
f0237f07d6
Correct author and references
2013-08-16 11:04:51 -05:00
Brandon Perry
46d6fb3b42
Add module for xxe
2013-08-16 10:51:05 -05:00
jiuweigui
0063d4e06c
Extend description & add Win2k3 section to WinXP section.
2013-08-16 14:44:08 +03:00
Karn Ganeshen
e4885b2017
updated module
...
removed the csrfkey parameter from login uri.
2013-08-16 13:04:02 +05:30
sinn3r
3762b84ea4
Land #2232 - CVE-2013-2465: Java storeImageArray() Invalid Array Indexing
2013-08-16 01:32:44 -05:00