William Vu
e3ed7905f1
Add tnftp_savefile exploit
...
Also add URI{HOST,PORT} and {,v}print_good to HttpServer.
2014-10-30 20:38:16 -05:00
Jon Hart
77433a6504
Land #3507/#3463, a communal effort around improving splunk_upload_app_exec
2014-10-30 18:29:43 -07:00
Jon Hart
1a37a6638c
Fix splunk_upload_app_exec to work on new installs. Style
2014-10-30 18:28:56 -07:00
Jon Hart
55f245f20f
Merge #3507 into local, recently updated branch of master for landing
2014-10-30 17:28:20 -07:00
OJ
cc7f7c9986
Land #4108 - Avoid local offsets in CVE-2014-4113
2014-10-31 09:08:51 +10:00
OJ
cbd616bbf5
A few sneaky style changes, but no functional ones
...
Changes were purely for style, and Juan was happy to let me make them
as part of the merge.
2014-10-31 09:08:11 +10:00
jvazquez-r7
6574db5dbb
Fix the 64 bits code
2014-10-30 17:01:59 -05:00
sinn3r
92ad2c434d
Land #4081 - Xerox workcentre 5735 LDAP service redential extractor
2014-10-30 13:52:07 -05:00
sinn3r
470a067384
Final changes
2014-10-30 13:51:44 -05:00
sinn3r
912f6c8eee
Land #4085 - Xerox Administrator Console Password Extract
2014-10-30 13:37:32 -05:00
sinn3r
02b1c5c4bc
Final changes
2014-10-30 13:37:02 -05:00
sinn3r
127d1640da
Print password
2014-10-30 13:27:40 -05:00
jvazquez-r7
03a84a1de3
Search the AccessToken
2014-10-30 12:17:03 -05:00
Peter Arzamendi
9d56f0298a
Changed upper XXX to lower XXX.
2014-10-29 20:09:02 -05:00
Peter Arzamendi
b35a8935db
Updated get_once for get_once undefined method and EOFError
2014-10-29 13:47:07 -05:00
Peter Arzamendi
2bc8767751
Updated rescue to catch other errors from the socket API
2014-10-29 08:03:28 -05:00
Peter Arzamendi
604cad9fbb
Updated timeout to default to 45 seconds to wait for the print job to finish.
2014-10-28 15:45:28 -05:00
Peter Arzamendi
b17d6a661d
Moved module to auxiliary/gather and updated timeout to wait for the printer job to complete before we try to grab the creds.
2014-10-28 15:23:47 -05:00
Peter Arzamendi
0e42cf25d1
Updated per wchen-r7's recommendations. Still waiting to hear on Nokogiri
2014-10-28 15:13:16 -05:00
William Vu
71a6ec8b12
Land #4093 , cups_bash_env_exec CVE-2014-6278
2014-10-28 12:47:51 -05:00
Brendan Coles
57baf0f393
Add support for CVE-2014-6278
2014-10-28 17:10:19 +00:00
William Vu
3de5c43cf4
Land #4050 , CUPS Shellshock
...
Bashbleeded!!!!!!!!!!!
2014-10-28 11:59:31 -05:00
Peter Arzamendi
1012cd8d6b
Updated based on wchen-r7 feedback.
2014-10-28 11:38:50 -05:00
Brendan Coles
78b199fe72
Remove CVE-2014-6278
2014-10-28 16:18:24 +00:00
Joe Vennix
c6bbc5bccf
Merge branch 'landing-4055' into upstream-master
2014-10-28 11:18:20 -05:00
jvazquez-r7
5e0993d756
Add OJ as author
2014-10-28 09:58:34 -05:00
jvazquez-r7
c1b82bac0e
Land #4082 , @OJ's cleanup and improvements for CVE-2014-4113
2014-10-28 09:49:18 -05:00
Tod Beardsley
dade6b97ba
Land #4088 , wget exploit
...
Fixes #4077 as well.
2014-10-28 09:03:07 -05:00
Brendan Coles
a060fec760
Detect version in check()
2014-10-28 12:28:18 +00:00
sinn3r
e31c9f579d
Land #3987 - Buffalo Linkstation NAS Login Scanner
2014-10-28 01:45:57 -05:00
HD Moore
64c206fa62
Add module for CVE-2014-4877 (Wget)
2014-10-27 23:37:41 -05:00
William Vu
4e12fdb057
Land #4087 , COPYING copyright year update
2014-10-27 23:34:15 -05:00
Tod Beardsley
d8b71b94a7
With 66 days left in 2014, may as well update
2014-10-27 23:07:57 -05:00
HD Moore
958fe2e5bc
Allow PASV port specification, lands #4086
2014-10-27 22:24:14 -05:00
Tod Beardsley
d8cf45ef67
Allow FTP server exploits pick a PASV port
...
This makes it somewhat easier to use FTP server exploit modules in
somewhat more restrictive networks, where you might only have a few
inbound ports to choose from.
2014-10-27 22:21:54 -05:00
Peter Arzamendi
0b225d94b1
Xerox Admin password extractor.
2014-10-27 19:26:40 -05:00
jvazquez-r7
b990b14a65
Land #3771 , @us3r777's deletion of jboss_bshdeployer STAGERNAME option
2014-10-27 18:09:35 -05:00
jvazquez-r7
cf9d53fb50
Undo mixin modification
2014-10-27 18:09:03 -05:00
OJ
908094c3d3
Remove debug, treat warnings as errors
2014-10-28 09:04:02 +10:00
OJ
0a03b2dd48
Final code tidy
2014-10-28 08:59:33 +10:00
OJ
6f3b373f01
More code tidy and unifying of stuff
2014-10-28 08:37:49 +10:00
parzamendi-r7
f7f6cff327
Update xerox_workcentre_5XXX_ldap.rb
2014-10-27 17:23:47 -05:00
jvazquez-r7
e6e4aaba3e
Land #3518 , @midnitesnake's fix for solaris sadmind_exec
2014-10-27 17:19:06 -05:00
jvazquez-r7
0b6406ae40
Land #4080 , @todb-r7's switch to TLS1 on TCP and TCPServer
2014-10-27 17:15:36 -05:00
OJ
0e761575c8
More code tidying, reduced x64/x86 duplication
2014-10-28 08:09:18 +10:00
OJ
062eff8ede
Fix project settings, make files, start tidying of code
2014-10-28 07:58:19 +10:00
midnitesnake
bc57e5d057
Merge pull request #2 from jvazquez-r7/review_3518
...
Force perl encoding
2014-10-27 21:32:17 +00:00
Luke Imhoff
dae114a7f3
Document how to derive reference_name from ancestors
...
MSP-11145
2014-10-27 15:59:12 -05:00
Tod Beardsley
7d34452448
TCP and TCPServer should use TLS1 by default
2014-10-27 15:55:50 -05:00
Peter Arzamendi
f119abbf8c
Xerox workcentre 5735 LDAP credential extractor
2014-10-27 15:52:12 -05:00