William Vu
517f264000
Add last chunk of fixes
2014-03-11 12:46:44 -05:00
James Lee
f51ee2d6b4
snmp_enum: Treat missing timestamp elements as 0
...
Timestamps don't always have all the elements we expect. This treats
them as zeroes to ensure that we don't raise silly exceptions in that
case.
2014-03-11 12:44:07 -05:00
James Lee
b87c2dca0b
Use older hash modules when hashlib isn't there
2014-03-11 12:25:54 -05:00
William Vu
25ebb05093
Add next chunk of fixes
...
Going roughly a third at a time.
2014-03-11 12:23:59 -05:00
William Vu
170608e97b
Fix first chunk of msftidy "bad char" errors
...
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
William Vu
045900bed1
Land #3084 , msftidy for mipsle reboot shellcode
2014-03-11 09:56:56 -05:00
OJ
3ea3968d88
Merge branch 'upstream/master' into stop_abusing_expand_path
...
Conflicts:
lib/msf/core/post/windows/shadowcopy.rb
modules/exploits/windows/local/bypassuac.rb
modules/post/windows/gather/wmic_command.rb
modules/post/windows/manage/persistence.rb
2014-03-11 23:13:39 +10:00
OJ
1d70411ea7
Support service_control and new status field in query
...
This code adds support for the new service_control feature in meterpreter
and also supports the status field that comes from the service_query function.
2014-03-11 14:50:19 +10:00
joev
46c11ea2eb
Small fixes to m-1-k-3's mipsle reboot shellcode.
2014-03-10 17:17:23 -05:00
joev
7da54eb9cf
Merge branch 'landing-3041' into upstream-master
...
Lands PR #3041 , @m-1-k-3's reboot shellcode.
2014-03-10 17:11:06 -05:00
Joe Vennix
78393057fe
Fix failing spec
2014-03-10 16:40:46 -05:00
James Lee
75c94cc5d7
Derp
2014-03-10 16:30:55 -05:00
James Lee
e508079aff
Don't crash when ctypes isn't available
2014-03-10 16:10:24 -05:00
sinn3r
8b4f8ec21a
Land #3082 - Release fixes
2014-03-10 15:19:13 -05:00
Tod Beardsley
2086224a4c
Minor fixes. Includes a test module.
2014-03-10 14:49:45 -05:00
Tod Beardsley
26be236896
Pass MSFTidy please
2014-03-10 14:45:56 -05:00
Joe Vennix
c07f390382
Add CookieExpiration option, add trailing slash to URI.
2014-03-10 13:07:17 -05:00
Tod Beardsley
368df03ae1
Land #3081 , Yokogawa SCADA vulns
...
I know it looks like I'm landing my own PR, but it's an illusion; I am
merely shoving bits around on @jvazquez-r7's behalf while he is
technically (and now actually) on vacation.
2014-03-10 12:44:00 -05:00
Tod Beardsley
6e279da6bd
Land todb-r7#13 for rapid7#3081 credit update
2014-03-10 10:24:05 -05:00
jvazquez-r7
8cfa5679f2
More nick instead of name
2014-03-10 16:12:44 +01:00
jvazquez-r7
bc8590dbb9
Change DoS module location
2014-03-10 16:12:20 +01:00
jvazquez-r7
1061036cb9
Use nick instead of name
2014-03-10 16:11:58 +01:00
Tod Beardsley
5485028501
Add 3 Yokogawa SCADA vulns
...
These represent our part for public disclosure of the issues listed
here:
http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf
Yokogawa is calling these YSAR-14-0001E, and I think that they map
thusly:
YSAR-14-0001E Vulnerability 1 :: R7-2013-19.1
YSAR-14-0001E Vulnerability 2 :: R7-2013-19.3
YSAR-14-0001E Vulnerability 3 :: R7-2013-19.4
@jvazquez-r7 if you could confirm, I'd be delighted to land these and
get your disclosure blog post published at:
https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities
Thanks for all the work on these!
2014-03-10 09:33:54 -05:00
sinn3r
e32ff7c775
Land #3077 - Allow TFTP server to take a host/port argument
2014-03-08 00:58:52 -06:00
Tod Beardsley
151e2287b8
OptPath, not OptString.
2014-03-07 10:52:45 -06:00
Tod Beardsley
5cf1f0ce4d
Since dirs are required, server will send/recv
...
This does change some of the meaning of the required-ness of the
directories. Before, if you wanted to serve files, but not receive any,
you would just fail to set a OUTPUTPATH.
Now, since both are required, users are required to both send and
recieve. This seems okay, you can always just set two different
locations and point the one you don't want at /dev/null or something.
2014-03-07 10:49:11 -06:00
Tod Beardsley
37fa4a73a1
Make the path options required and use /tmp
...
Otherwise it's impossible to run this module without setting the options
which were not otherwise validated anyway.
2014-03-07 10:41:18 -06:00
sinn3r
c76a1ab9f4
Land #3065 - Safari User-Assisted Download & Run Attack
2014-03-07 10:29:56 -06:00
Spencer McIntyre
ebee365fce
Land #2742 , report_vuln for MongoDB no auth
2014-03-06 19:34:45 -05:00
Spencer McIntyre
84f280d74f
Use a more descriptive MongoDB vulnerability title
2014-03-06 19:20:52 -05:00
Tod Beardsley
8a0531650c
Allow TFTP server to take a host/port argument
...
Otherwise you will tend to listen on your default ipv6 'any' address and
bound to udp6 port 69, assuming you haven't bothered to disable your
automatically-enabled ipv6 stack.
This is almost never correct.
2014-03-06 16:13:20 -06:00
Joe Vennix
9638bc7061
Allow a custom .app bundle.
...
* adds a method to Rex::Zip::Archive to allow recursive packing
2014-03-06 16:11:30 -06:00
Meatballs
de2156bedf
Merge remote-tracking branch 'origin/psexec_refactor' into psexec_refactor
2014-03-06 21:38:41 +00:00
Meatballs
311d4665ce
Re-use CreateService Handle
...
and remove unused variable
2014-03-06 21:37:49 +00:00
Joe Vennix
5abb442757
Adds more descriptive explanation of 10.8+ settings.
2014-03-06 15:15:27 -06:00
William Vu
ee0aa20955
Land #3013 , Metasm update
2014-03-06 14:15:42 -06:00
Joe Vennix
43d315abd5
Hardcode the platform in the safari exploit.
2014-03-06 13:04:47 -06:00
Joe Vennix
05067b4e33
Oops. Need to init the profile before accessed.
2014-03-06 11:48:54 -06:00
Joe Vennix
ad592fd114
Remove unnecessary method.
2014-03-05 23:36:43 -06:00
Joe Vennix
3d7bc6c589
Remove form_post.js.
2014-03-05 23:35:54 -06:00
Joe Vennix
a792f85a5f
Fix re-initialize bug.
2014-03-05 23:27:04 -06:00
sinn3r
3c2eb29762
Land #3068 - require msf/core/exploit/powershell
2014-03-05 21:32:10 -06:00
Brendan Coles
df2bdad4f9
Include 'msf/core/exploit/powershell'
...
Prevent:
```
[-] /pentest/exploit/metasploit-framework/modules/exploits/windows/misc/hp_dataprotector_exec_bar.rb: NameError uninitialized constant Msf::Exploit::Powershell
```
2014-03-06 12:57:43 +11:00
Joe Vennix
38a2e6e436
Minor fixes.
2014-03-05 19:03:54 -06:00
Joe Vennix
dca807abe9
Tweaks for BES.
2014-03-05 19:00:15 -06:00
Joe Vennix
12cf5a5138
Add BES, change extra_plist -> plist_extra.
2014-03-05 18:51:42 -06:00
sinn3r
9d0743ae85
Land #3030 - SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write
2014-03-05 16:34:54 -06:00
sinn3r
2015c56699
Land #3066 - HP Data Protector Backup Client Service Remote Code Execution
2014-03-05 16:18:28 -06:00
William Vu
096d6ad951
Land #3055 , heapLib2 integration
2014-03-05 15:48:13 -06:00
Spencer McIntyre
1dea1c030e
Add interface support via OSX SystemConfiguration
2014-03-05 13:59:13 -05:00