Commit Graph

28399 Commits (e3ed7905f1d0e570621ce4f36bc4e3426b39fb75)

Author SHA1 Message Date
William Vu e3ed7905f1
Add tnftp_savefile exploit
Also add URI{HOST,PORT} and {,v}print_good to HttpServer.
2014-10-30 20:38:16 -05:00
Jon Hart 77433a6504
Land #3507/#3463, a communal effort around improving splunk_upload_app_exec 2014-10-30 18:29:43 -07:00
Jon Hart 1a37a6638c Fix splunk_upload_app_exec to work on new installs. Style 2014-10-30 18:28:56 -07:00
Jon Hart 55f245f20f
Merge #3507 into local, recently updated branch of master for landing 2014-10-30 17:28:20 -07:00
OJ cc7f7c9986
Land #4108 - Avoid local offsets in CVE-2014-4113 2014-10-31 09:08:51 +10:00
OJ cbd616bbf5 A few sneaky style changes, but no functional ones
Changes were purely for style, and Juan was happy to let me make them
as part of the merge.
2014-10-31 09:08:11 +10:00
jvazquez-r7 6574db5dbb Fix the 64 bits code 2014-10-30 17:01:59 -05:00
sinn3r 92ad2c434d
Land #4081 - Xerox workcentre 5735 LDAP service redential extractor 2014-10-30 13:52:07 -05:00
sinn3r 470a067384 Final changes 2014-10-30 13:51:44 -05:00
sinn3r 912f6c8eee
Land #4085 - Xerox Administrator Console Password Extract 2014-10-30 13:37:32 -05:00
sinn3r 02b1c5c4bc Final changes 2014-10-30 13:37:02 -05:00
sinn3r 127d1640da Print password 2014-10-30 13:27:40 -05:00
jvazquez-r7 03a84a1de3 Search the AccessToken 2014-10-30 12:17:03 -05:00
Peter Arzamendi 9d56f0298a Changed upper XXX to lower XXX. 2014-10-29 20:09:02 -05:00
Peter Arzamendi b35a8935db Updated get_once for get_once undefined method and EOFError 2014-10-29 13:47:07 -05:00
Peter Arzamendi 2bc8767751 Updated rescue to catch other errors from the socket API 2014-10-29 08:03:28 -05:00
Peter Arzamendi 604cad9fbb Updated timeout to default to 45 seconds to wait for the print job to finish. 2014-10-28 15:45:28 -05:00
Peter Arzamendi b17d6a661d Moved module to auxiliary/gather and updated timeout to wait for the printer job to complete before we try to grab the creds. 2014-10-28 15:23:47 -05:00
Peter Arzamendi 0e42cf25d1 Updated per wchen-r7's recommendations. Still waiting to hear on Nokogiri 2014-10-28 15:13:16 -05:00
William Vu 71a6ec8b12
Land #4093, cups_bash_env_exec CVE-2014-6278 2014-10-28 12:47:51 -05:00
Brendan Coles 57baf0f393 Add support for CVE-2014-6278 2014-10-28 17:10:19 +00:00
William Vu 3de5c43cf4
Land #4050, CUPS Shellshock
Bashbleeded!!!!!!!!!!!
2014-10-28 11:59:31 -05:00
Peter Arzamendi 1012cd8d6b Updated based on wchen-r7 feedback. 2014-10-28 11:38:50 -05:00
Brendan Coles 78b199fe72 Remove CVE-2014-6278 2014-10-28 16:18:24 +00:00
Joe Vennix c6bbc5bccf
Merge branch 'landing-4055' into upstream-master 2014-10-28 11:18:20 -05:00
jvazquez-r7 5e0993d756
Add OJ as author 2014-10-28 09:58:34 -05:00
jvazquez-r7 c1b82bac0e
Land #4082, @OJ's cleanup and improvements for CVE-2014-4113 2014-10-28 09:49:18 -05:00
Tod Beardsley dade6b97ba
Land #4088, wget exploit
Fixes #4077 as well.
2014-10-28 09:03:07 -05:00
Brendan Coles a060fec760 Detect version in check() 2014-10-28 12:28:18 +00:00
sinn3r e31c9f579d
Land #3987 - Buffalo Linkstation NAS Login Scanner 2014-10-28 01:45:57 -05:00
HD Moore 64c206fa62 Add module for CVE-2014-4877 (Wget) 2014-10-27 23:37:41 -05:00
William Vu 4e12fdb057
Land #4087, COPYING copyright year update 2014-10-27 23:34:15 -05:00
Tod Beardsley d8b71b94a7
With 66 days left in 2014, may as well update 2014-10-27 23:07:57 -05:00
HD Moore 958fe2e5bc
Allow PASV port specification, lands #4086 2014-10-27 22:24:14 -05:00
Tod Beardsley d8cf45ef67
Allow FTP server exploits pick a PASV port
This makes it somewhat easier to use FTP server exploit modules in
somewhat more restrictive networks, where you might only have a few
inbound ports to choose from.
2014-10-27 22:21:54 -05:00
Peter Arzamendi 0b225d94b1 Xerox Admin password extractor. 2014-10-27 19:26:40 -05:00
jvazquez-r7 b990b14a65
Land #3771, @us3r777's deletion of jboss_bshdeployer STAGERNAME option 2014-10-27 18:09:35 -05:00
jvazquez-r7 cf9d53fb50 Undo mixin modification 2014-10-27 18:09:03 -05:00
OJ 908094c3d3 Remove debug, treat warnings as errors 2014-10-28 09:04:02 +10:00
OJ 0a03b2dd48 Final code tidy 2014-10-28 08:59:33 +10:00
OJ 6f3b373f01 More code tidy and unifying of stuff 2014-10-28 08:37:49 +10:00
parzamendi-r7 f7f6cff327 Update xerox_workcentre_5XXX_ldap.rb 2014-10-27 17:23:47 -05:00
jvazquez-r7 e6e4aaba3e
Land #3518, @midnitesnake's fix for solaris sadmind_exec 2014-10-27 17:19:06 -05:00
jvazquez-r7 0b6406ae40
Land #4080, @todb-r7's switch to TLS1 on TCP and TCPServer 2014-10-27 17:15:36 -05:00
OJ 0e761575c8 More code tidying, reduced x64/x86 duplication 2014-10-28 08:09:18 +10:00
OJ 062eff8ede Fix project settings, make files, start tidying of code 2014-10-28 07:58:19 +10:00
midnitesnake bc57e5d057 Merge pull request #2 from jvazquez-r7/review_3518
Force perl encoding
2014-10-27 21:32:17 +00:00
Luke Imhoff dae114a7f3
Document how to derive reference_name from ancestors
MSP-11145
2014-10-27 15:59:12 -05:00
Tod Beardsley 7d34452448
TCP and TCPServer should use TLS1 by default 2014-10-27 15:55:50 -05:00
Peter Arzamendi f119abbf8c Xerox workcentre 5735 LDAP credential extractor 2014-10-27 15:52:12 -05:00