Commit Graph

24817 Commits (fa4e835804a263c835041b6681735fb0827fccc0)

Author SHA1 Message Date
HD Moore fa4e835804 Fix up scanner mixin usage, actual test/bug fix 2014-06-12 11:52:34 -05:00
HD Moore 487bf219f0 Rename to match the title 2014-06-12 11:23:34 -05:00
HD Moore 81019ed850 Supermicro work 2014-06-11 15:03:54 -05:00
Tod Beardsley 4b8961a464
Land #3428, deprecation warns for payloads 2014-06-11 09:57:07 -05:00
Meatballs1 165a65fdb4 Merge pull request #49 from todb-r7/fix-pr3428-deprecated
Avoid double-printing with setup and init_ui
2014-06-11 09:28:06 +01:00
Tod Beardsley b379dc014a
Avoid double-printing with setup and init_ui 2014-06-10 13:57:25 -05:00
Tod Beardsley 44540e6d00
Land #3437, CSS Injection MITM scanner 2014-06-10 13:36:35 -05:00
jvazquez-r7 4aa1fee398 Land #3326, @FireFart's Heartbleed - server response parsing 2014-06-10 13:27:28 -05:00
jvazquez-r7 9aa2978589
Land jvazquez-r7/metasploit-framework#14, @todb-r7's fixes 2014-06-10 10:42:34 -05:00
Tod Beardsley 521284253f
Be more clear about the vuln and impact 2014-06-10 10:29:23 -05:00
jvazquez-r7 2c8a99143b
Land #3426, @Meatballs1's Python v2.3.3 Compatible Command Shell payloads 2014-06-10 09:55:58 -05:00
jvazquez-r7 3ec15b6512
Land #3431, @bcoles's new targets for efs_easychatserver_username 2014-06-10 09:52:16 -05:00
jvazquez-r7 a554b25855 Use EXITFUNC 2014-06-10 09:51:06 -05:00
jvazquez-r7 9b55f5143a Add module for CVE-2014-0224 2014-06-09 17:38:11 -05:00
Meatballs dc69afebb1
License and Require 2014-06-09 21:41:38 +01:00
jvazquez-r7 e953fcbd97
Land #3436, @todb-r7's cleanup for dtls_fragment_overflow 2014-06-09 13:47:27 -05:00
Tod Beardsley 4103f2295b
Missing comma 2014-06-09 13:44:46 -05:00
Tod Beardsley 0e14d77dba
Minor fixup on DTLS module 2014-06-09 13:42:30 -05:00
jvazquez-r7 0e611b5d64
Land #3429, @jhart-r7's auxiliary module for CVE-2014-0195 2014-06-09 13:34:38 -05:00
jvazquez-r7 ed5d83a41b Add vulnerability discoverer 2014-06-09 13:25:33 -05:00
jvazquez-r7 daf662b3c0 Do minor cleanup 2014-06-09 13:23:56 -05:00
jvazquez-r7 1f33566033
Land #3432, @Meatballs1 sap_soap_rfc_brute_login's clean up 2014-06-09 11:39:52 -05:00
jvazquez-r7 b39b41e29f
Land #3371, @Meatballs1 fix for sap_mgmt_con_getprocessparameter 2014-06-09 11:25:01 -05:00
Jon Hart 06e45e8253 Clean up TLS fragment building 2014-06-09 08:39:30 -07:00
Meatballs 76b5297d3f
Land #3434, Fix original psh payload VirtualAlloc call 2014-06-08 17:39:39 +01:00
Meatballs d868294d5b
MEM_RESERVE too 2014-06-08 17:37:57 +01:00
jvazquez-r7 9d08ebe273 Fix VirtualAlloc call on PSH old template 2014-06-08 11:09:03 -05:00
Meatballs 25ed68af6e
Land #3017, Windows x86 Shell Hidden Bind
A bind shellcode that responds as 'closed' unless the client matches the
AHOST ip.
2014-06-08 13:49:49 +01:00
Christian Mehlmauer 099003708c
Land #3422, SAP Bruterforcer datastore cleanup 2014-06-08 08:42:27 +02:00
Brendan Coles 6bef6edb81 Update efs_easychatserver_username.rb
Add targets for versions 2.0 to 3.1.
Add install path detection for junk size calculation.
Add version detection for auto targeting.
2014-06-08 06:36:18 +10:00
Jon Hart a7a1a2bf3b Move dtls_fragment_overflow.rb under ssl where it belongs 2014-06-07 12:56:34 -07:00
Borja Merino 5881f9453f Merge pull request #5 from Meatballs1/hidden_bind
Remove bind hidden handler
2014-06-07 17:43:25 +02:00
Meatballs 2be6b8befe
Remove bind hidden handler 2014-06-07 14:34:20 +01:00
Meatballs bf1a665259
Land #2657, Dynamic generation of windows service executable functions
Allows a user to specify non service executables as EXE::Template as
long as the file has enough size to store the payload.
2014-06-07 13:28:20 +01:00
Meatballs 897ad6f963
Some service yarddoc 2014-06-07 13:27:32 +01:00
Jon Hart 8637a1fff1 OpenSSL DTLS CVE-2014-0195 POC 2014-06-06 19:24:47 -07:00
Meatballs fe20e6e1c4
Merge remote-tracking branch 'upstream/master' into soap_brute_fix
Conflicts:
	modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb
2014-06-07 02:44:16 +01:00
Meatballs 8624ddfc3e
Clean up SAP SOAP RFC Brute Login
Honour the user supplied settings
Abort a host on connection error
Check a 200 response for some appropriate data
Let datastore validation handle things like options being present
Be more verbose if needed
Use the HTTPClient more appropriately
2014-06-07 02:34:49 +01:00
Meatballs b997c2ac1f
Further tidies 2014-06-07 02:00:35 +01:00
Meatballs 5218ca4d89
Give warning on module load 2014-06-06 23:04:40 +01:00
Brandon Turner acced15d11
Merge branch 'release' 2014-06-06 10:17:00 -05:00
Brandon Turner 82464bd6aa
Update version spec 2014-06-06 10:16:44 -05:00
Brandon Turner bacf82acb1
Merge branch 'release' into 'master' 2014-06-06 09:59:00 -05:00
Brandon Turner 21be4f21a6
Bump version to 4.9.3 2014-06-06 09:52:01 -05:00
Brandon Turner d9a5002bd3
Merge branch 'release'
Updates meterpreter bins and closes #3425 and #3423.
2014-06-05 17:33:11 -05:00
Brandon Turner 17ccc132a4
Land #3425 from todb-r7:release-meterpreter-bins 2014-06-05 17:32:34 -05:00
Tod Beardsley 97a70e49c8
Roll back the jar/py changes 2014-06-05 17:31:02 -05:00
Tod Beardsley 737f06f600
Add Meterpreter bins for release branch.
This contains the same bins as #3423, but it is targeted at the release
branch for rapid7/metasploit-framework.
2014-06-05 17:17:32 -05:00
William Vu 00511b2aeb
Land #3421, new @trosen-r7 in .mailmap 2014-06-05 10:59:47 -05:00
Tod Beardsley 8747273b01
Add @trosen-r7's alias for commits
Just so quick counts of contributors is slightly more accurate and
@trosen-r7 doesn't accidentally get double counted.
2014-06-05 10:40:38 -05:00