f61aeb818a
smart hashdump refactor
...
refactor the windows smart hashdump post module
to use the new cred creation methods
2014-05-29 15:06:42 -05:00
e3c4745879
Windows Hashdump post module refactor
...
refactor the Hashdump post module for window
to use the new cred creation methods.
Also some extra methods to do db safe checks
for record ids that we need
2014-05-29 13:20:32 -05:00
696d2b7e6b
Merge branch 'master' into staging/electro-release
2014-05-29 12:30:32 -05:00
3a3d038904
Land #3397 - ElasticSearch Dynamic Script Arbitrary Java Execution
2014-05-29 12:21:21 -05:00
dfa61b316e
A bit of description change
2014-05-29 12:20:40 -05:00
e669324366
Merge pull request #25 from rapid7/feature/MSP-9673/axis2-login-scanner
...
Add axis2 login scanner
2014-05-29 11:22:22 -05:00
53ab2aefaa
Land #3386 , a few datastore msftidy error fixes
2014-05-29 10:44:37 -05:00
8a2236ecbb
Fix the last of the Set-Cookie msftidy warnings
2014-05-29 04:42:49 -05:00
3f86aebabf
Land #3398 , CAPWAP DoS description cleanup
2014-05-28 14:55:22 -05:00
785b53820e
Land #3399 , print_error instead of print_status
2014-05-28 14:53:00 -05:00
05e24326a6
Style compliance
2014-05-28 14:31:34 -05:00
c89cd24621
Rewire some snmp modules to use print_error instead of print_status.
2014-05-28 13:31:00 -05:00
4b5c62ba8d
Dress up CAPWAP DoS desc a little.
2014-05-28 12:19:17 -05:00
7a29ae5f36
Add module for CVE-2014-3120
2014-05-27 18:01:16 -05:00
55ef5dd484
Land #3115 , @silascutler's module for elasticsearch indeces enumeration
2014-05-27 11:28:34 -05:00
2271afc1a5
Change module filename
2014-05-27 11:25:39 -05:00
3de8beb5fd
Clean code
2014-05-27 11:22:40 -05:00
69e8286838
Fix title
2014-05-27 10:29:32 -05:00
1316365c2f
Fix description
2014-05-27 10:22:39 -05:00
abe1d6ffc7
Land #3190 , @Karmanovskii's module to fingerprint MyBB database
2014-05-27 10:20:24 -05:00
86221de10e
Fix message
2014-05-27 10:18:27 -05:00
b96c2dd0ca
Change module filename
2014-05-27 10:15:39 -05:00
1d8c46155b
Do last code cleaning
2014-05-27 10:14:55 -05:00
352e14c21a
Land #3391 , all vars_get msftidy warning fixes
2014-05-26 23:41:46 -05:00
936c29e69b
Land #3387 , some Set-Cookie msftidy warning fixes
2014-05-26 23:37:33 -05:00
eacf70af83
Update mybb_get_type_db.rb
...
26.05.2014 23:26
I deleted mimicking IE11
2014-05-26 23:26:28 +04:00
217a14e4d7
Land #3366 , @jholgui's module for CVE-2013-4074
2014-05-25 18:53:30 -05:00
33ba134147
Clean msftidy warnings and metadata
2014-05-25 18:52:01 -05:00
d3c17d8e3e
Delete wireshark_capwap_dos
2014-05-25 18:39:53 -05:00
c559483176
Land #3392 , @TomSellers patch to use python constants
2014-05-25 16:18:42 -04:00
77f66f8510
Update reverse_tcp.rb
2014-05-25 14:04:54 -05:00
b5c567c462
Update bind_tcp.rb
2014-05-25 14:03:45 -05:00
da0a9f66ea
Resolved all msftidy vars_get warnings
2014-05-25 19:29:39 +02:00
9f166b87f6
Changed the description
2014-05-24 18:58:36 +01:00
71e2d19040
Adapted to auxiliary modules structure
2014-05-24 18:53:10 +01:00
df97c66ff5
Fixed check
2014-05-24 00:37:52 +02:00
8d4d40b8ba
Resolved some Set-Cookie warnings
2014-05-24 00:34:46 +02:00
1aee0f3305
Warn if it's not UPPERCASE method (@wchen-r7)
...
See the discussion on f7bfab5a26#3386
2014-05-23 17:10:27 -05:00
9f78bec457
Use normalize_uri (@wchen-r7)
...
Instead of editing the datastore['PATH'], use normalize_uri.
Since the purpose of this module is quite fuzz-like, I didn't want to
apply the normalize_uri to the whole uri -- the original code merely
applied to datastore['PATH'] (which seems like it should be
datastore['URI'] really) and then added on a bunch of other stuff to
test for traversals.
2014-05-23 15:43:50 -05:00
f7bfab5a26
HTTP traversal shouldnt upcase METHOD (@wchen-r7)
...
If the user wants to use downcased or mixed case HTTP methods, heck,
more power to them. If it doesn't work, it doesn't work. No other HTTP
module makes this call.
2014-05-23 15:32:04 -05:00
7f59cf5035
Ora XID HTTP needn't edit DBUSER (@cellabosm)
...
Looks like copypasta artifacts. DBUSER and DBPASS aren't ever set as
options in the module, and the module doesn't include MC's
Exploit::ORACLE mixin. It's also from four years ago and doesn't
report_auth or anything useful like that, but that's out of scope for
this branch.
2014-05-23 15:20:46 -05:00
efffbf751a
PHP module shouldnt zap CMD option (@wchen-r7)
...
As far as I can tell, there is no purpose for this cleanup. No other CMD
exec module takes pains to clear out CMD after run, and it looks like a
bad idea -- what happens when you rexploit?
2014-05-23 15:09:18 -05:00
f189033e8a
OWA bruteforce shouldnt edit datastore (@wchen-r7)
...
This module was written in an era where the defaults for bruteforcing
included a lot of lock-inducing behavior, thus, it was quite serious
about setting datastore options directly. Also, there was apparently a
bug in USER_AS_PASS that this module attempted to avoid by setting the
datastore directly, rather than fixing the bug directly. As far as I
know, this bug has been long since resolved.
2014-05-23 15:08:19 -05:00
28459299b2
Update ibstat_path.rb
...
Add interface detection, defaulting to en0.
2014-05-22 14:16:04 -07:00
fa353e6bd9
Add CVE, IBM ref for SameTime modules
2014-05-22 11:34:04 -05:00
e3630278ce
Land #3379 , [FixRM #8803 ] - Improve fb_cnct_group check
2014-05-21 11:39:10 -04:00
b9464e626e
Delete unnecessary line
2014-05-21 10:18:03 -05:00
af415c941b
[SeeRM #8803 ] Avoid false positives when checking fb_cnct_group
2014-05-20 18:44:28 -05:00
8a9c005f13
Add URL
2014-05-20 17:43:07 -05:00
7cabfacfa3
Test adobe_flash_pixel_bender_bof on Safari 5.1.7
...
Added browser-requirement for Safari after successful test using Safari 5.1.7 with Adobe Flash Player 13.0.0.182 running on Windows 7 SP1.
2014-05-20 01:43:19 +02:00
David Maloney
sinn3r
William Vu
James Lee
joev
Tod Beardsley
jvazquez-r7
Karmanovskii
Spencer McIntyre
Tom Sellers
Christian Mehlmauer
JoseMi
mercd
Jonas Vestberg