metasploit-framework

Commit Graph

Author	SHA1	Message	Date
William Vu	3f18ffa224	Land #10318 , Oracle function-based index privesc	2018-12-10 11:32:39 -06:00
William Vu	d0f1f72426	Clean up module	2018-12-10 11:21:16 -06:00
Moshe Kaplan	bd41895fc4	Removed "randomizer"	2018-11-30 09:44:14 -05:00
Brendan Coles	1eeb1005db	Update modules/auxiliary/admin/oracle/oracle_index_privesc.rb Use print_error for errors and print the error details, Co-Authored-By: moshekaplan <me@moshekaplan.com>	2018-11-30 09:39:57 -05:00
Moshe Kaplan	0a2c0751fa	Randomize more	2018-11-22 15:25:51 -05:00
William Vu	4c036e70c1	Fix http://seclists.org links to https:// I have no idea how this happened in my own code. I was seeing https://.	2018-09-15 18:54:45 -05:00
h00die	32a4436ecd	first round of spelling/grammar fixes	2017-08-24 21:38:44 -04:00
Moshe Kaplan	6b84c92056	Add Litchfield as author and use C-style operator	2017-08-07 14:20:22 -04:00
Moshe Kaplan	0d23a5001c	Convert to Unix-style EOL	2017-08-07 09:11:58 -04:00
Moshe Kaplan	f7c95d4b1a	Add Oracle DB Priv Esc via function-based index (#1 ) Adds a Metasploit module for escalating an Oracle DB user to DBA through abusing index privileges to create a function-based index that runs with the privileges of the table owner, instead of the user who created the index. This module was tested on Oracle Database 11g Express Edition Release 11.2.0.2.0 - 64 bit Production. A user can query for their privileges with the following: SELECT * FROM session_privs The user will need to disconnect and reconnect after running the exploit to access their new privileges.	2017-08-06 23:07:46 -04:00
Brent Cook	6300758c46	use https for metaploit.com links	2017-07-24 06:26:21 -07:00
g0tmi1k	df9b642746	More print_status -> print_good	2017-07-19 11:39:15 +01:00
g0tmi1k	b8d80d87f1	Remove last newline after class - Make @wvu-r7 happy	2017-07-19 11:19:49 +01:00
g0tmi1k	4720d1a31e	OCD fixes - Spaces	2017-07-14 08:46:59 +01:00
William Vu	64452de06d	Fix msf/core and self.class msftidy warnings Also fixed rex requires.	2017-05-03 15:44:51 -05:00
Brent Cook	b08d1ad8d8	Revert "Land #6812 , remove broken OSVDB references" This reverts commit `2b016e0216`, reversing changes made to `7b1d9596c7`.	2016-07-15 12:00:31 -05:00
wchen-r7	816bc91e45	Resolve #6807 , remove all OSVDB references. OSVDB is no longer a vulnerability database, therefore all the references linked to it are invalid. Resolve #6807	2016-04-23 12:32:34 -05:00
Christian Mehlmauer	3123175ac7	use MetasploitModule as a class name	2016-03-08 14:02:44 +01:00
Brent Cook	f703fa21d6	Revert "change Metasploit3 class names" This reverts commit `666ae14259`.	2016-03-07 13:19:55 -06:00
Christian Mehlmauer	666ae14259	change Metasploit3 class names	2016-03-07 09:56:58 +01:00
wchen-r7	91fc213ddf	More metasploit-credential update	2015-07-23 15:50:50 -05:00
wchen-r7	4561850055	Use metasploit-credential API instead of report_auth_info	2015-07-22 01:11:43 -05:00
root	4bd40fed7f	yard doc and comment corrections for auxiliary	2015-04-03 16:12:23 +05:00
jvazquez-r7	bedbffa377	Land #3700 , @ringt fix for oracle_login * Avoid retrying logins when connection cannot be stablished	2015-01-09 22:59:32 -06:00
jvazquez-r7	38c36b49fb	Report when nothing is rescued	2015-01-09 22:58:19 -06:00
URI Assassin	35d3bbf74d	Fix up comment splats with the correct URI See the complaint on #4039. This doesn't fix that particular issue (it's somewhat unrelated), but does solve around a file parsing problem reported by @void-in	2014-10-17 11:47:33 -05:00
Thomas Ring	81406defed	hopefully what you are looking for this time	2014-09-23 11:36:13 -05:00
Thomas Ring	fbae68870c	cleanup one stray comment	2014-08-29 10:57:51 -05:00
Thomas Ring	4c93cbc62c	changes based on feedback, added timeout error message	2014-08-29 10:57:20 -05:00
Thomas Ring	67efa76fc4	changes based on feedback	2014-08-27 09:08:18 -05:00
Thomas Ring	e23acf8d82	fix for oracle_login not checking connection status and stopping on timeout	2014-08-25 14:57:45 -05:00
William Vu	b6ded9813a	Remove EOL whitespace	2014-07-16 14:56:34 -05:00
HD Moore	90eccefcc8	Fix sock.get use and some minor bugs	2014-06-28 16:17:15 -05:00
Christian Mehlmauer	3f3283ba06	Resolved some msftidy warnings (Set-Cookie)	2014-05-12 21:23:30 +02:00
William Vu	2aed8a3aea	Update modules to use new ZDI reference	2013-10-21 15:13:46 -05:00
sinn3r	032da9be10	Land #2426 - make use of Msf::Config.data_directory	2013-10-21 13:07:33 -05:00
Tod Beardsley	23d058067a	Redo the boilerplate / splat [SeeRM #8496]	2013-10-15 13:51:57 -05:00
Meatballs	7ba846ca24	Find and replace	2013-09-26 20:34:48 +01:00
Tab Assassin	41e4375e43	Retab modules	2013-08-30 16:28:54 -05:00
sinn3r	37eaa62096	Fix undefined method error [FixRM #8346]	2013-08-21 00:42:33 -05:00
sinn3r	9ca7a727e1	Fix undefined method error [FixRM #8347]	2013-08-21 00:41:49 -05:00
sinn3r	17b5e57280	Typo	2013-08-19 15:32:19 -05:00
sinn3r	fb5ded1472	[FixRM #8314 ] - Use OptPath instead of OptString These modules need to use OptPath to make sure the path is validated.	2013-08-19 15:30:33 -05:00
Christian Mehlmauer	4d8a2a0885	msftidy: remove $Revision$	2013-01-03 01:01:18 +01:00
Christian Mehlmauer	95948b9d7c	msftidy: remove $Revision$	2013-01-03 00:58:09 +01:00
Christian Mehlmauer	ca890369b1	msftidy: remove $Id$	2013-01-03 00:54:48 +01:00
sinn3r	981ba60fee	Fix exception handlings Two things: 1. Make msftidy happy 2. Exception handling shouldn't be used to shut errors up.	2012-07-18 12:05:14 -05:00
Rory McCune	464df4ed1d	Oraenum - added error handling The oraenum module has errror handling to catch instances where the user used to run the checks doesn't have the appropriate rights, however in one place (The default password check) the error handling code isn't included. This patch just adds the same check for that code.	2012-07-18 09:22:22 +01:00
sinn3r	0fcc53b0a2	Handle nil for get_once	2012-06-04 15:31:10 -05:00
sinn3r	aeb691bbee	Massive whitespace cleanup	2012-03-18 00:07:27 -05:00

1 2 3

139 Commits (f2579fa7a06d0473a12bb8c0b951f52370f07fd5)