fa916d863d
Add Sysax SSH buffer overflow exploit
2012-03-03 10:11:51 -06:00
9f05562a18
Don't distinguish between IPv4 and IPv6 routes
...
It's easier to deal with one Array of all routes regardless of INET
family than having get_routes() return a two-element Array of Arrays.
Also fixes a bug in each_route() which was expecting get_routes() to
return a single Array of all routes. Thanks to valsmith for reporting.
2012-03-02 18:26:57 -07:00
c44c0ebf48
Refactor ModuleTest and add a few more tests
...
This makes running tests from a post module as easy as creating methods
that start with +test_+ and running +it()+ blocks inside them.
2012-03-02 17:56:40 -07:00
6c0f8636ec
Merge pull request #217 from rapid7/reverse-http-randomness
...
Reverse http randomness
2012-03-02 16:36:26 -08:00
165257db75
Remove unused "plus" code
2012-03-02 17:46:59 -06:00
b70b41091b
Tested fairly well - this randomizes the URLs and removes the user-agent string from the request
2012-03-02 17:44:23 -06:00
ce94ffd755
First round of changes to http(s) payloads
2012-03-02 17:13:51 -06:00
9258cda144
Change :info and file name so it's easier to identify it's a Firefox profile
2012-03-02 16:45:42 -06:00
a02ab0ab0c
Add a few more tests for meterpreter
2012-03-02 15:31:01 -07:00
96e03d2556
Merge pull request #44 from linuxgeek247/armle-bind-shell
...
Adding armle bind shellcode based on existing reverse shellcode
2012-03-02 14:25:43 -08:00
9e2a1b6d52
Allow channel -k as a synonym for -c
...
Makes it consistent with "jobs", "sessions", and "threads" commands in
msfconsole. Because I keep using the wrong thing and being confused
about why it doesn't work.
2012-03-02 15:11:00 -07:00
884550ce7c
Fix undefined constant bug in session.fs.seek
...
How did this ever work? Clearly nothing exercises this code.
2012-03-02 14:43:00 -07:00
cf18bcc99e
Merge pull request #215 from rapid7/msfgui-bail-without-msgpack
...
Try to load msgpack first, if it's not there, bail
2012-03-02 12:56:50 -08:00
368cb13728
And the updated bin
2012-03-02 13:19:00 -07:00
2d0d7b4470
777 is not the same as 0777
...
Fixes a bug where meterpreter created directories with absurd
permissions on posix (777 = 01411 = dr----x--t).
2012-03-02 13:16:52 -07:00
4dce560e72
Try to load msgpack first, if it's not there, bail
...
And tell the user how to fix. This has come up a couple times.
2012-03-02 12:20:29 -06:00
65c0cbdc00
Allow tab completion for resource files in current dir
2012-03-02 11:19:46 -07:00
faad9db393
Merge branch 'wmap_update'
...
Fixed up a few merge conflicts, tested against metasploitable, looks
functional. Thanks Efraim!
[Closes #154 ]
2012-03-02 10:25:31 -06:00
7447052b38
Convert WMAP constant name to the new format.
2012-03-02 10:18:32 -06:00
302853f5a4
Unpolluting SVN Revision keyword
...
Sometimes Revision keywords get expanded, too. Fix those.
2012-03-02 10:18:32 -06:00
3626d48db2
Un-polluting SVN Id keyword
...
Sometimes the SVN Id keyword sneaks back into the github repo already
expanded.
2012-03-02 10:18:32 -06:00
36a3341acd
Fix body cero.
2012-03-02 10:18:32 -06:00
6fba0698e5
Adding another detection method for blind sqli
2012-03-02 10:18:32 -06:00
02f6e3fcb2
Improving report on blind sqli module
2012-03-02 10:18:32 -06:00
126a6133cd
Improving blind sql inj. detection
2012-03-02 10:18:32 -06:00
b608aeeeb7
Migrating modules to use report_web_vulns and minor fixes
2012-03-02 10:18:32 -06:00
8909ad12ba
Add the db_import command to the wmap documentation.
2012-03-02 10:18:32 -06:00
627a4bcb72
Adding new wmap_vulns command to documentation and minor fixes
2012-03-02 10:18:32 -06:00
21c6da5e12
Added wmap_vuln to see web_vulns table results. Basic reporting at this time.
2012-03-02 10:18:32 -06:00
1a09a49f69
Starting getting rid of report_note to use report_web_vuln on all http aux modules
2012-03-02 10:18:32 -06:00
2ce7dc9331
One more module.
2012-03-02 10:18:32 -06:00
9c6fec3c33
First step on module cleaning.
2012-03-02 10:18:32 -06:00
237038dca4
Adjust documentation.
2012-03-02 10:18:32 -06:00
4b412dc9e1
Minor fixes on view nodes jobs.
2012-03-02 10:18:32 -06:00
6437181542
Added job.info as part of nodes jobs details
2012-03-02 10:18:31 -06:00
d35291d1bc
Handle site tree leafs as directories if dont have extension
2012-03-02 10:18:31 -06:00
eaecdb487c
Fix sname in report_ calls to check the use of ssl and report http or
...
https
2012-03-02 10:18:31 -06:00
6d80aa0a44
Renaming duh.
2012-03-02 10:18:31 -06:00
3cb65e24a1
Fix blind sqli module description and bug with http_method
2012-03-02 10:18:31 -06:00
6938b91d07
Execute tests agains a specific path and bug fix in blind sqli module
2012-03-02 10:18:31 -06:00
a780dc0c14
Wmap 1.5 documentation
2012-03-02 10:18:31 -06:00
a2e5a4d9d5
New wmap version 1.5. Plugin and mixin changes. Modules edited to adjust to naming convention
2012-03-02 10:18:31 -06:00
8f30e5548c
Fix bug: "TypeError can't convert nil into String" when fd.read can be nil
2012-03-02 02:18:07 -06:00
67f788768d
Fix tabs
2012-03-01 22:31:08 -06:00
fd2d9ae0ea
Add MP4 file generating function. Update the description regarding exploit usage.
2012-03-01 22:24:35 -06:00
b1b2ec2c7d
Merge branch 'CVE-2008-5036_vlc_realtext' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2008-5036_vlc_realtext
2012-03-01 21:13:33 -06:00
3c4c500544
Add a few more meterpreter API tests
2012-03-01 19:21:34 -07:00
8bad0033d3
Update description
2012-03-01 19:16:29 -06:00
0bc26c1665
Add CVE-2009-4656: DJ Studio .pls buffer overflow
2012-03-01 19:09:25 -06:00
323e58d944
Merge pull request #213 from rsmudge/armitage
...
Armitage 03.02.12
2012-03-01 16:32:39 -08:00
sinn3r
James Lee
Tod Beardsley
HD Moore
Tod Beardsley
Efrain Torres
sinn3r