Gabor Seljan
e3450d71de
Merge pull request #3 from wchen-r7/pr4588_update
...
Support configurable resource for getgodm_http_response_bof
2015-01-15 19:28:53 +01:00
sinn3r
57904773e7
Configurable resource
2015-01-15 10:28:03 -06:00
Gabor Seljan
ef0be946b1
Use HttpServer instead of TcpServer
2015-01-15 10:39:17 +01:00
sgabe
da0fce1ea8
Add module for CVE-2014-2206
2015-01-14 22:04:30 +01:00
Jon Hart
ac4eb3bb90
Land #4578 , @dlanner's fix for rails_secret_deserialization
2015-01-13 09:37:28 -08:00
David Lanner
c5cfc11d84
fix cookie regex by removing a space
2015-01-12 23:13:18 -05:00
sinn3r
7876401419
Land #4476 - Lexmark MarkVision Enterprise Arbitrary File Upload
2015-01-12 10:44:23 -06:00
Jon Hart
c8f5026fd2
Land #4565 , @FireFart's improvement to the msftidy check for bad msf URLs
2015-01-10 11:10:37 -08:00
jvazquez-r7
49f04faf3f
Land #4065 , @fozavci's Cisco CUCDM auxiliary modules
2015-01-10 01:11:45 -06:00
jvazquez-r7
05d364180b
Beautify descriptions
2015-01-10 01:10:08 -06:00
jvazquez-r7
a2d479a894
Refactor run method
2015-01-10 01:06:56 -06:00
jvazquez-r7
cf9d7d583e
Do first code cleanup
2015-01-10 00:51:31 -06:00
jvazquez-r7
000d7dd1eb
Minor beautification
2015-01-10 00:32:10 -06:00
jvazquez-r7
1d0e9a2dca
Use snake_case filename
2015-01-10 00:29:28 -06:00
jvazquez-r7
070e833d46
Use snake_case filename
2015-01-10 00:28:01 -06:00
jvazquez-r7
59d602f37d
Refactor cisco_cucdm_callforward
2015-01-10 00:27:31 -06:00
jvazquez-r7
511a7f8cca
send_request_cgi already URI encodes
2015-01-10 00:06:26 -06:00
jvazquez-r7
5d8167dca6
Beautify description
2015-01-10 00:02:42 -06:00
jvazquez-r7
9fb4cfb442
Do First callforward cleanup
2015-01-10 00:00:27 -06:00
jvazquez-r7
f7af0d9cf0
Test landing #4065 into up to date branch
2015-01-09 23:40:16 -06:00
jvazquez-r7
bedbffa377
Land #3700 , @ringt fix for oracle_login
...
* Avoid retrying logins when connection cannot be stablished
2015-01-09 22:59:32 -06:00
jvazquez-r7
38c36b49fb
Report when nothing is rescued
2015-01-09 22:58:19 -06:00
Brent Cook
6d2bc23a7f
Land #4567 - OJ kills metcli.exe
2015-01-09 17:27:55 -06:00
OJ
dfdf99c8f4
Remove metcli
...
The metcli.exe binary doesn't get used any more and the source was removed
from Meterpreter ages ago. No point in having it in the repo any more.
2015-01-10 09:21:44 +10:00
OJ
09d91c9a0c
Land #4564 - Update to latest meterpreter bins
2015-01-10 09:11:08 +10:00
Brent Cook
ce87b126c1
Update to the latest meterpreter_bins
...
This removes checked-in sniffer extension in favor of the gem-packaged version.
It also pulls in the changes for verifying #4411
2015-01-09 16:57:10 -06:00
Christian Mehlmauer
56c1f74d70
modify msftidy regex
2015-01-09 22:07:21 +01:00
Christian Mehlmauer
d4d1a53533
fix invalid url
2015-01-09 21:57:52 +01:00
Christian Mehlmauer
fd2307680d
Land #4550 , wp-symposium file upload
2015-01-09 21:55:02 +01:00
jvazquez-r7
3d20ea822e
Land #2156 , @veritysr exploit for MySQL FILE privilege abuse on Windows
...
* By uploading payload to All Users startup folder
2015-01-09 12:22:09 -06:00
jvazquez-r7
d65ed54e0c
Check STARTUP_FOLDER option
2015-01-09 12:21:01 -06:00
jvazquez-r7
2c633e403e
Do code cleanup
2015-01-09 12:07:59 -06:00
jvazquez-r7
d52e9d4e21
Fix metadata again
2015-01-09 11:20:00 -06:00
jvazquez-r7
9dbf163fe7
Do minor style fixes
2015-01-09 11:17:16 -06:00
jvazquez-r7
8f09e0c20c
Fix metadata by copying the mysql_mof data
2015-01-09 11:15:32 -06:00
jvazquez-r7
da6496fee1
Test landing #2156 into up to date branch
2015-01-09 11:04:47 -06:00
Jon Hart
d8743ea32b
Land #4539 , @Meatballs1's creds cmd now supports type filters, -R for search
2015-01-08 18:48:27 -08:00
Jon Hart
7c4b86ca4c
If an unsupported cred type is given to -t, show what is valid
2015-01-08 18:42:25 -08:00
Jon Hart
e4547eb474
Land #4537 , @wchen-r7's fix for #4098
2015-01-08 17:57:16 -08:00
Jon Hart
f13e56aef8
Handle bracketed and unbracketed results, add more useful logging
2015-01-08 17:51:31 -08:00
Jon Hart
14db112c32
Add logging to show executed Java and result
2015-01-08 16:53:12 -08:00
Jon Hart
e4cdac1440
Land #4559 , @FireFart's fix for wordpress version detection (from wpscan)
2015-01-08 15:19:29 -08:00
Jon Hart
75726f1e74
Update spec to cover #4559
2015-01-08 15:15:01 -08:00
Brent Cook
fb5170e8b3
Land #2766 , Meatballs1's refactoring of ExtAPI services
...
- Many code duplications are eliminated from modules in favor of shared
implementations in the framework.
- Paths are properly quoted in shell operations and duplicate operations are
squashed.
- Various subtle bugs in error handling are fixed.
- Error handling is simpler.
- Windows services API is revised and modules are updated to use it.
- various API docs added
- railgun API constants are organized and readable now.
2015-01-08 16:54:01 -06:00
Jon Hart
ed74271c26
Land #4548 , @dmaloney-r7's fix to allow loginscanners to work w/o a DB
2015-01-08 14:50:08 -08:00
Christian Mehlmauer
14b1d8dc5f
no space required
2015-01-08 23:43:06 +01:00
Jon Hart
98cee8249d
Move non-active DB messages to warning and clarify/simplify
2015-01-08 14:40:47 -08:00
Christian Mehlmauer
f7eb9a6cf8
update wordpress version detection regex
2015-01-08 23:36:59 +01:00
Brent Cook
e447a17795
bump deprecated date
2015-01-08 16:20:06 -06:00
sinn3r
50ecfbf64c
Land #4553 - Update bypass UAC to work on 7, 8, 8.1, and 2012
2015-01-08 16:19:55 -06:00