Commit Graph

20233 Commits (e1aefe07e13fd44202f8f7e64fc9c93b63b26373)

Author SHA1 Message Date
sinn3r 17b5e57280 Typo 2013-08-19 15:32:19 -05:00
sinn3r fb5ded1472 [FixRM #8314] - Use OptPath instead of OptString
These modules need to use OptPath to make sure the path is validated.
2013-08-19 15:30:33 -05:00
sinn3r 2e74c50880 [SeeRM #8313] - Print where files are stored
As an user, I want to be able to see where my file is stored when the
module I'm using runs a store_loot().
2013-08-19 15:02:15 -05:00
sinn3r d0b56e1650 Use the correct variable 2013-08-19 14:38:40 -05:00
sinn3r d89932bfd8 Use the correct variable 2013-08-19 14:33:01 -05:00
Tod Beardsley ca313806ae Trivial grammar and word choice fixes for modules 2013-08-19 13:24:42 -05:00
sinn3r 4cef4e88a6 If exception hits, make sure it's closed. 2013-08-19 13:21:53 -05:00
sinn3r 11ef366818 Properly close hashlist 2013-08-19 13:14:13 -05:00
sinn3r 89d4f0180d Make sure we close hashlist 2013-08-19 12:54:27 -05:00
jvazquez-r7 0af2f1c611 Land #2234, @ndavis-r7's patch for [SeeRM #8296] 2013-08-19 09:48:59 -05:00
Spencer McIntyre e276b57ee7 Merge remote-tracking branch 'upstream/master' into python-meterpreter-dev 2013-08-19 08:37:12 -04:00
sinn3r abaec32ad6 What Luke said.
"You cannot, in general, place a variable declaration in a begin
scope and use it in the ensure scope unless you use nil?. It is
better to swap line 35 and line 34."
2013-08-18 23:54:04 -05:00
sinn3r 86d6bce8c4 [FixRM #8312] - Fix file handle leaks
Fix file handle leaks for [SeeRM #8312]
2013-08-18 20:31:13 -05:00
Joe Vennix f843743294 Adds fixes from @wchen-r7. 2013-08-18 18:46:51 -05:00
sinn3r 6191023b67 Land #2241 - Fix undefined method `text' for nil:NilClass 2013-08-18 17:44:15 -05:00
Nicholas Davis 559dfb5a7e Fix for bug #8297
Fixed getting the policy_hash_list which can fail if elements are null
[SeeRM #89297]
2013-08-18 14:49:44 -07:00
Joe Vennix 017309d02d Minor fixes to keylogger. 2013-08-18 16:29:34 -05:00
Joe Vennix 1cdf77df7d OSX keylogger module finally working. 2013-08-18 16:21:38 -05:00
William Vu 9467297bf7 Land #2239, OSVDB refs for Chasys and OpenX 2013-08-18 13:41:21 -06:00
Steve Tornio abd4fb778f add osvdb ref for chasys overflow 2013-08-18 06:35:28 -05:00
Steve Tornio 0037ccceed add osvdb ref for openx backdoor 2013-08-18 06:34:50 -05:00
g0tmi1k 71a3f59c25 php_include - added error handler 2013-08-17 18:30:39 +01:00
g0tmi1k 02e394e1c3 php_include - fix check 2013-08-17 17:36:43 +01:00
g0tmi1k 98b4c653c0 php_include - uses verbose 2013-08-17 17:35:09 +01:00
jvazquez-r7 c5d426fc70 Land #2235, @wchen-r7's patch for [SeeRM #6264] 2013-08-17 10:05:41 -05:00
sinn3r 790654ac1b Land #2236 - Cogent DataHub HTTP Server Buffer Overflow 2013-08-16 23:28:50 -05:00
sinn3r a75a4906f2 Description update 2013-08-16 23:28:24 -05:00
sinn3r 780293d817 Minor changes 2013-08-16 23:24:40 -05:00
jvazquez-r7 a8cc15db20 Add module for ZDI-13-178 2013-08-16 18:13:18 -05:00
Tod Beardsley 1eb3c323ed Land #2175, force string encoding for RPC
Metasploit takes great pains to ensure that all strings are encoded as
plain old US-ASCII. This PR enforces this conversion over RPC as well.

[FixRM #7888]
2013-08-16 16:09:24 -05:00
Tod Beardsley 7937fbcc49 More idiomatic ruby with symbols and spaces 2013-08-16 15:59:04 -05:00
sinn3r a94c6aa72b [FixRM 6264] Check required vulnerable component before testing
tomcat_enum requires the admin web app package for it to work, but
by default many Apache Tomcat don't actually have this. The module
should check that first before trying usernames.

[FixRM 6264], see:
http://dev.metasploit.com/redmine/issues/6264

I also made changes to do_login in order to verify successful/bad
attempts more specific.
2013-08-16 15:45:23 -05:00
jvazquez-r7 e50ef209b2 Land #2233, @bperry-r7's module for nexpose 2013-08-16 14:21:22 -05:00
jvazquez-r7 f42797fc5c Fix indentation 2013-08-16 14:19:37 -05:00
Nicholas Davis 5da714f748 fixed bug #8296 where help table was not displaying properly 2013-08-16 15:10:38 -04:00
Tod Beardsley f7339f4f77 Cleanup various style issues
* Unset default username and password
  * Register SSL as a DefaultOption instead of redefining it
  * Use the HttpClient mixin `ssl` instead of datastore.
  * Unless is better than if !
  * Try to store loot even if you can't cleanup the site ID.
2013-08-16 14:03:59 -05:00
jvazquez-r7 dfa1310304 Commas in the author array 2013-08-16 13:54:46 -05:00
Tod Beardsley 24b8fb0d7b Whitespace retab, add rport 3780 as default 2013-08-16 13:31:05 -05:00
jvazquez-r7 85b050112a Land #2231, @wchen-r7's patch for [SeeRM #8114] 2013-08-16 12:52:10 -05:00
sinn3r a86b247077 Land #2224 - Add brute force module for Cisco IronPort 2013-08-16 12:07:14 -05:00
sinn3r bbe57dbf3a Some cleanup, also remove TARGETURI because not registered by default 2013-08-16 12:06:24 -05:00
sinn3r d4dbea5594 Check 200 2013-08-16 11:34:32 -05:00
Tod Beardsley e436d31d23 Use SSL by defailt 2013-08-16 11:32:10 -05:00
Tod Beardsley 60a229c71a Use rhost and rport, not local host and port 2013-08-16 11:12:39 -05:00
Tod Beardsley 646d55b638 Description should be present tense 2013-08-16 11:06:34 -05:00
Tod Beardsley f0237f07d6 Correct author and references 2013-08-16 11:04:51 -05:00
Brandon Perry 46d6fb3b42 Add module for xxe 2013-08-16 10:51:05 -05:00
jiuweigui 0063d4e06c Extend description & add Win2k3 section to WinXP section. 2013-08-16 14:44:08 +03:00
Karn Ganeshen e4885b2017 updated module
removed the csrfkey parameter from login uri.
2013-08-16 13:04:02 +05:30
sinn3r 3762b84ea4 Land #2232 - CVE-2013-2465: Java storeImageArray() Invalid Array Indexing 2013-08-16 01:32:44 -05:00