8f47edb899
JBoss_Maindeployer: improve feedback against CVE-2010-0738
...
The exploit against CVE-2010-0738 won't work when using GET or POST. In the existing code the request would fail and the function would return a nil. This would be passed to detect_platform without being checked and cause the module to crash ungracefully with the error:
Exploit failed: NoMethodError undefined method `body' for nil:NilClass
The first changes detect a 401 authentication message and provide useful feedback. Given that if, in any case, 'res' is not a valid or useful response the second change just terminates processing.
I've stayed with the module's coding style for consistency.
2014-04-24 12:37:14 -05:00
ef815ca992
Land #3288 , Postgres support for Heartbleed scanner
2014-04-24 18:03:13 +02:00
e556997bf7
Land #3269 (Pro) fix report import issue
2014-04-24 08:27:06 -05:00
d4c0d015c1
Update wlan_geolocate.rb
...
Updated based on feedback. Also added enumeration only support for BSD and Solaris.
2014-04-24 07:04:50 -05:00
ec1f7d644c
Support deprecation information from constants
2014-04-23 23:03:02 -04:00
9ccb9397e3
Land #3264 , throttl and csv output support for module
2014-04-23 19:00:28 -04:00
e2b92a824f
Change white space for authors in dns_reverse_lookup
2014-04-23 18:56:27 -04:00
fd95d9ef38
Added english windows xp sp2 target
2014-04-23 17:32:56 +01:00
15bd92dd50
Fix OpenSSH timing attack module
2014-04-23 10:10:37 -05:00
0a108acea3
Fix missing comma
...
Commas will be the death of me.
2014-04-23 10:10:12 -05:00
6d7fde4302
Land #3157 , OpenSSH user enumeration timing attack
2014-04-23 10:01:10 -05:00
1a2899d57b
Fix up whitespace 'n' stuff
2014-04-23 10:00:34 -05:00
457c48b89b
Error on sleep
2014-04-23 11:38:23 +02:00
143aede19c
Add osx nfs_mount module.
2014-04-23 02:32:42 -05:00
96f042110f
return is not needed when it's the last lifunction line
2014-04-22 22:33:47 +02:00
c9d8da991a
Use Rex.sleep instead of select
2014-04-22 22:33:19 +02:00
d2a558dc85
Removed unused code
2014-04-22 22:33:02 +02:00
39a7a049c4
Land #3283 , msftidy vars_get check update
...
Now with more cyan.
2014-04-22 12:27:44 -05:00
3f4e9ab18d
msftidy: only check send_request_cgi for vars_get
2014-04-22 19:24:06 +02:00
8f6567967d
Heartbleed PostgreSQL TLS support improvements
2014-04-22 17:36:06 +02:00
f35314b9f0
adjust Msf::Util::EXE for newer file output
...
Newer releases of File have a much different output when given a jar
file. Adjust regex per egyp7's suggestion to close bug 8792 on redmine.
Failure/Error: verify_bin_fingerprint(format_hash, bin)
expected: /zip/i
got: "/dev/stdin: Java archive data (JAR)\n" (using =~)
Tested and confirmed working with file 5.17 on Gentoo Linux.
2014-04-22 02:21:09 -05:00
fbe392a896
Add PostgreSQL TLS support to the Heartbleed scanner
2014-04-21 23:27:40 +02:00
284b474591
Land #3286 , release fixes
2014-04-21 14:03:00 -05:00
e514ff3607
Description and print_status fixes for release
...
@cdoughty-r7, I choose you! Or @wvu-r7.
2014-04-21 14:00:03 -05:00
66b1c79da9
Update rop chain for versions 6.2 and 6.1
2014-04-21 13:27:14 -04:00
e25ca64641
It's solved the crash when double-click on the pcap file
2014-04-21 17:49:40 +01:00
b864c4619d
msftidy - added info messages
...
this commit adds info messages to msftidy to show some info,
but stil exit with status 0 if there are not errors.
2014-04-21 18:04:14 +02:00
d8a00603b2
Land #8 - Fix style and yardoc from @jlee-r7
2014-04-21 19:29:09 +10:00
49bd86f077
Clean up yardocs and a few style issues
2014-04-21 03:12:23 -05:00
1faf069130
Land #3284 , deprecated module cleanup
2014-04-20 23:10:55 -05:00
ee413ac385
Remove previously deprecated modules
2014-04-20 22:15:44 -05:00
fc803ae277
Changed msftidy check
...
send_request_raw does not support vars_get so change
the message to switch to send_request_cgi.
See #3272 for more info
2014-04-20 22:41:32 +02:00
2fd004b69e
New module: Multiplatform Wireless LAN Geolocation
...
This is a new POST module that allows Windows, Linux, and OSX targets to be geolocated using Google services if the target has an active and functional wireless adapter.
2014-04-19 17:31:48 -05:00
3861541204
Add more rand_text_alpha functions
2014-04-19 18:37:58 +01:00
7bc546e69a
Add rand_text_alpha function
2014-04-19 17:45:28 +01:00
97ef53a1d1
Add upper bound for active-* gems
...
We do not yet support ActiveRecord and ActiveSupport 4.x, so ensure our
Gemfile declares this.
2014-04-18 16:45:07 -05:00
fda6ed39f2
Land #3278 , use renamed bcrypt gem instead of bcrypt-ruby
2014-04-18 16:33:51 -05:00
af19efbd71
Use the new bcrypt gem, not bcrypt-ruby
...
See the change upstream at:
273946f2ba
2014-04-18 15:02:42 -05:00
b8e0187647
Use OptPath for file path options
2014-04-18 21:56:17 +02:00
fb0af8a799
Remove unnecesary ssh_socket variable
2014-04-18 21:50:54 +02:00
c875bdadf5
Change THRESHOLD into a datastore option
2014-04-18 21:18:48 +02:00
8a3329c891
Password made pseudo-random instead of a bunnch of A's
2014-04-18 21:10:34 +02:00
47ff820a83
Remove unnecesary 'RHOST' deregister
2014-04-18 21:06:46 +02:00
cc2d4f9ed7
Remove unnecesary @good_credentials
2014-04-18 21:03:22 +02:00
feea4c1fa6
ROP chain changed
2014-04-18 19:05:53 +01:00
7d801e3acc
Land #3200 , goodbye LORCON modules :(
2014-04-18 12:32:22 -05:00
32293dfdab
Land #3277 - Be very clear about Redmine's existence
2014-04-18 10:31:16 -05:00
fe86886c29
Be very clear about Redmine's existence.
2014-04-18 10:01:54 -05:00
c4d4af031c
Land #3276 , @todb-r7's "make msftidy happy"'s fix
2014-04-18 09:54:52 -05:00
5083143971
Land #3238 , @Zinterax's timeout addition in openssl_heartbleed
2014-04-18 09:28:04 -05:00
Tom Sellers
Christian Mehlmauer
Trevor Rosen
Spencer McIntyre
JoseMi
William Vu
Thanat0s
Joe Vennix
kenkeiras
Wiesław Kielas
Rick Farina (Zero_Chaos)
Tod Beardsley
Ken Smith
OJ
James Lee
Brandon Turner
kenkeiras
sinn3r
jvazquez-r7