bd23fcf4b7
Land #2936 - Windows Command Shell Upgrade (Powershell)
2014-02-07 17:39:06 -06:00
783a986a19
Windows and auto target up and running
2014-02-07 23:26:57 +00:00
a0f47f6b2b
Correct error check logic
2014-02-07 22:06:53 +00:00
443a51bbf5
Undo revert from merge
2014-02-07 21:28:04 +00:00
56359aa99f
Merge changes from other dev machine
2014-02-07 21:22:44 +00:00
a4cc75bf98
Potential .pdf support
2014-02-07 20:37:44 +00:00
e13520d7fb
Handle a blank filename
2014-02-07 20:15:32 +00:00
103780c3da
Merge remote-tracking branch 'upstream/master' into mediawiki
2014-02-07 20:07:04 +00:00
f0fd2f0598
Land #2944 , add platforms to encoders
...
This allows encoders to advertise compatibility with a particular
platform (or more accurately, non-compatibility with everything that
isn't that platform).
See also #2939
2014-02-07 13:38:05 -06:00
63305025aa
Land #2615 - Add Windows Gather Active Directory User Comments
2014-02-07 12:23:43 -06:00
9c76e7fb00
Handle multiple exceptions
2014-02-07 12:23:10 -06:00
40188e1eda
RuntimeError exception should be handled.
2014-02-07 12:16:15 -06:00
c679b1001b
Make pring_warning verbose
2014-02-07 10:23:07 -06:00
2d93b38e2a
Fixed java_signed_applet for Java 7u51
2014-02-07 16:29:50 +01:00
f686385349
Remove an unnecessary VS file and modify version check.
2014-02-07 08:45:51 -05:00
a18de35fa7
Add module for ZDI-14-011
2014-02-06 18:25:36 -06:00
cc32c877a9
Add CVE-2013-3881 win32k Null Page exploit
2014-02-06 17:23:38 -05:00
4b37cc7243
Land #2927 , PandoraFMS anyterm exploit
2014-02-06 15:22:23 -06:00
4236abe282
Better SIGHUP handling
2014-02-06 15:21:54 -06:00
19fff3c33e
Land #2942 , @jvennix-r7's Android awesomesauce
...
Also, thanks to @jduck for testing!
2014-02-06 11:53:11 -06:00
362e937c8d
Forgot to push local changes.
2014-02-06 11:47:35 -06:00
0dc2ec5c4d
Use BrowserExploitServer mixin.
...
This prevents drive-by users on other browsers from ever receiving
the exploit contents.
2014-02-06 11:32:42 -06:00
ac52edabd5
Land #2801 , Land @kicks4kittens IBM Sametime modules
2014-02-06 10:17:03 -06:00
30c325c22e
Make better json check
2014-02-06 10:16:26 -06:00
564f9bccc8
Correct print output
...
Printing the room details is the purpose of the module.
Reinstated printing the table in non-verbose mode (users won't know it's there otherwise)
2014-02-05 22:00:02 +01:00
445cd7be5a
remove "on {peer}
...
line already includes {peer} info
2014-02-05 21:57:58 +01:00
4c0c9101aa
Correct check, reinstate print
...
Corrected JSON check (response is empty, but valid JSON on check success)
Reinstated print to warn user (not only in VERBOSE)
2014-02-05 21:56:56 +01:00
60cf68f899
added default SSL
2014-02-05 21:54:02 +01:00
3560b41eb2
correct variable name
...
body isn't valid, replaced with res.body and tested
2014-02-05 21:51:55 +01:00
38add0ab50
alter print_status
...
Altered print_status to print_good to differentiate when user is online easier
2014-02-05 21:49:39 +01:00
fdb954fdfb
Report credentials
2014-02-05 14:37:33 -06:00
631559a2e8
Add module for Kloco SQLi
2014-02-05 14:18:56 -06:00
14aa8ffd5c
Apply blockapi changes to bind_tcp and bind_tcp_rc4
2014-02-04 17:45:18 -06:00
553616b6cc
Add URL for browser exploit.
2014-02-04 17:04:06 -06:00
3a6626761b
Land #2945 , obsolete old modules
...
Obsoletes:
modules/auxiliary/admin/scada/igss_exec_17.rb
modules/exploits/windows/http/sap_mgmt_con_osexec_payload.rb
modules/post/windows/gather/resolve_hosts.rb
modules/post/windows/manage/persistence.rb
2014-02-04 15:11:25 -06:00
bda93c2bbc
Land #2811 - Add generate_war to jsp_shell payloads
2014-02-04 15:06:45 -06:00
89e1bcc0ca
Deprecate modules with date 2013-something
...
These modules had an expiration date of 2013.
2014-02-04 14:49:18 -06:00
80e7ae144b
Use the platform when selecting the payload
2014-02-04 14:34:11 -06:00
23fc73924e
Msftidy it up.
2014-02-04 14:24:36 -06:00
20b8062220
Apply blockapi changes to reverse_tcp_rc4
2014-02-04 12:30:56 -06:00
c70680cf1c
Fix infinite-retry bug
...
Derp, block_api clobbers ecx
2014-02-04 11:59:16 -06:00
a58698c177
Land #2922 , multithreaded check command
2014-02-04 11:21:05 -06:00
0a3cb3377f
AppendEncoder
2014-02-04 15:41:10 +00:00
26c506da42
Naming of follow method
2014-02-04 15:25:51 +00:00
9c3664bd45
Unify reverse_http and reverse_https
...
This will make copy-pasta less painful in the future. There's still the
problem of reverse_https_proxy being very similar, but the logic in how
it gets generated in the module is more than i want to tackle right now
2014-02-04 09:09:12 -06:00
f5fa3fb5ce
Windows compat, fixed PHP-CLI
2014-02-04 14:27:10 +00:00
64d11e58c2
Use semicolon for win compat
2014-02-04 13:53:33 +00:00
cccf2e4258
Land #2926 , @xistence A10 Networks Loadbalancer dir traversal module
2014-02-04 07:28:51 -06:00
cc09367c62
Change the datastore name option
2014-02-04 07:28:14 -06:00
700e09f386
Wording tweak.
2014-02-04 02:55:10 -06:00
bbabd72b0e
Whitespace tweaks.
2014-02-04 02:52:52 -06:00
eb6a5a4c19
Tweak checks.
2014-02-04 02:49:44 -06:00
4923a93974
Tweak description.
2014-02-04 02:47:49 -06:00
37479884a5
Add browserautopwn support.
2014-02-04 02:32:12 -06:00
eba3a5aab0
More accurate description.
2014-02-04 01:44:39 -06:00
177bd35552
Add webview HTTP exploit.
2014-02-04 01:37:09 -06:00
2fd8257c7e
Use bperry's trigger
2014-02-04 00:51:34 +00:00
a8ff6eb429
Refactor send_request_cgi_follow_redirect
2014-02-03 21:49:49 +00:00
83925da2f1
Refactor form_data code
2014-02-03 21:16:58 +00:00
f163bc7f7a
Unbreak reverse_https_proxy
...
Broken by #2448 , 063da8a22e
2014-02-03 15:07:59 -06:00
7e2a9a7072
More desc fixes, add a vprint to give a hint
2014-02-03 13:18:52 -06:00
d34020115a
Fix up on apache descs and print_* methods
2014-02-03 13:13:57 -06:00
ffd90a3d38
Add confirmation datastore option
2014-02-03 12:40:58 -06:00
9953821451
Fix desc on Drupal module, some peer prints
2014-02-03 12:16:06 -06:00
08493f2670
Merge remote-tracking branch 'upstream/master' into upgrade_psh
...
Conflicts:
lib/msf/core/post/file.rb
2014-02-03 18:02:09 +00:00
be0b9fc2f8
Use the new block_api in windows/reverse_tcp
2014-02-03 11:34:52 -06:00
bfc0ac4dd4
Golf a few bytes off of reverse_http(s)
2014-02-03 11:33:55 -06:00
9b9b2fab58
Add DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials module
2014-02-04 02:00:11 +10:30
a92256e8d1
Clean a10networks_ax_directory_traversal
2014-02-03 08:41:23 -06:00
50f860757b
Changes made to pandora_fms_exec module as requested
2014-02-03 14:10:27 +07:00
e54abb4274
Add support for shell session type
2014-02-02 23:37:56 -06:00
ae84e354e8
Be consistent with get_smartermail_creds method's return value
2014-02-02 22:06:14 -06:00
662fbf53b6
Update check_smartermail method
...
Instead of using exception handling to determine the right path,
the new method simply uses the file? method. It's also renamed as
"get_mail_config_path" to properly describe its functionality.
2014-02-02 22:01:38 -06:00
2b2194cee8
Modify prints
2014-02-02 21:58:10 -06:00
67c18d8d2d
I had a problem, then I used regex.
2014-02-02 22:19:54 +00:00
95eb758642
Initial commit
2014-02-02 19:04:38 +00:00
57f4998568
Better failures and handle unconfigured server
2014-02-02 16:26:22 +00:00
9fa9402eb2
Better check and better follow redirect
2014-02-02 16:07:46 +00:00
0d3a40613e
Add auto 30x redirect to send_request_cgi
2014-02-02 15:03:44 +00:00
8b33ef1874
Not html its form-data...
2014-02-02 13:57:29 +00:00
62dca111f8
Conform to style
2014-02-02 08:07:18 +10:30
e30195348e
Add Windows Gather SmarterMail Password Extraction post module
2014-02-02 05:51:21 +10:30
7ddc6bcfa5
Final tidyup
2014-02-01 01:05:02 +00:00
486a9d5e19
Use msf branded djvu
2014-02-01 00:37:28 +00:00
fd1a507fda
Rename file
2014-02-01 00:27:32 +00:00
700c6545f0
Polished
2014-02-01 00:26:55 +00:00
a5bff638c5
Remove EOL spaces
2014-01-31 15:01:03 -06:00
5a883a4477
updated
2014-01-31 21:59:26 +01:00
7fa1522299
Initial commit
2014-01-31 18:51:18 +00:00
b67ac39a33
Land #2921 - Apache Struts Developer Mode OGNL Execution
2014-01-31 12:06:58 -06:00
60ead5de43
Explain why we flag the vuln as "Appears" instead of vulnerable
2014-01-31 12:05:58 -06:00
2fca2da9f7
Add an vprint message on check
2014-01-31 11:57:20 -06:00
356692f2f5
Land #2923 , @rangercha tomcat deploy module compatible with tomcat8
2014-01-31 10:53:53 -06:00
53c2a737e9
Don't register rport again
2014-01-31 09:42:41 -06:00
452042e757
Land #2925 , @xistence aux module for Support Center Plus traversal
2014-01-31 09:38:01 -06:00
e9f04d9203
Do final cleanup for Support Center Plus module
2014-01-31 09:37:40 -06:00
a010748056
Land #2924 , @xistence's exploit for CVE-2014-1683
2014-01-31 09:20:10 -06:00
710902dc56
Move file location
2014-01-31 09:18:59 -06:00
810605f0b7
Do final cleanup for the skybluecanvas exploit
2014-01-31 09:17:51 -06:00
32c5d77ebd
Land #2918 , @wvu's fix for long argument lists
2014-01-31 08:49:22 -06:00
f6291eb9a8
updated
2014-01-31 14:33:18 +01:00
e81a0ed22b
Changes as requested for SupportCenterPlus module
2014-01-31 13:28:45 +07:00
ffd8f7eee0
Changes as requested in SkyBlue Canvas RCE module
2014-01-31 12:52:48 +07:00
93db1c59af
Do small fixes
2014-01-30 17:16:43 -06:00
9daacf8fb1
Clean exploit method
2014-01-30 16:58:17 -06:00
4458dc80a5
Clean the find_csrf mehtod
2014-01-30 16:39:19 -06:00
697a86aad7
Organize a little bit the code
2014-01-30 16:29:45 -06:00
50317d44d3
Do more easy clean
2014-01-30 16:23:17 -06:00
1a9e6dfb2a
Allow check to detect platform and arch
2014-01-30 15:17:20 -06:00
b2273dce2e
Delete Automatic target
...
It isn't usefull at all, when auto targeting is done, the payload (java platform and arch)
has been already selected.
2014-01-30 15:04:08 -06:00
cebbe71dba
Do easy cleanup of exploit
2014-01-30 14:42:02 -06:00
c336133a8e
Do a first clean related to auto_target
2014-01-30 14:27:20 -06:00
57b8b49744
Clean query_manager
2014-01-30 14:20:02 -06:00
148e51a28b
Clean metadata and use TARGETURI
2014-01-30 14:03:52 -06:00
56287e308d
Clean up unused variables
2014-01-30 11:20:21 -06:00
e7ab77c736
added module for Oracle Forms and Reports
2014-01-30 14:45:17 +01:00
9a929e75e4
Added Pandora FMS RCE
2014-01-29 12:46:23 +07:00
c8296298b3
added A10Networks AX loadbalancer Dir Traversal Auxiliary Module
2014-01-28 16:37:25 +07:00
32d7f15a5c
added ManageEngine Support Center Plus directory traversal auxiliary module
2014-01-28 15:45:23 +07:00
bac6e2a3e1
added SkyBlueCanvas CMS 1.1 r248-03 RCE
2014-01-28 11:06:25 +07:00
f766a74150
Land #2920 , @wvu-r7's author metadata update for printer aux modules
2014-01-27 13:02:31 -06:00
d19e9307c6
Fix missing colon in :caller_host symbol
...
Good catch, @jvazquez-r7!
2014-01-27 12:43:59 -06:00
0dbaeb6742
Add Matteo's email
2014-01-27 08:40:44 -06:00
f086655075
Land #2913 , @bcoles Exploit for Simple E-Document
2014-01-27 08:09:45 -06:00
861126fdbd
Clean exploit code
2014-01-27 08:09:18 -06:00
a49473181c
Added new module. Abuses tomcat manager upload page. Tested on tomcat 5.5.36, 6.0.37, 7.0.50, 8.0.0rc10
2014-01-27 09:04:59 -05:00
f471f50092
ms08_067_check.rb is deprecated.
...
[SeeRM #8755 ]
2014-01-26 12:22:13 -06:00
8fe74629fe
Allow send_request_cgi to take care of the uri encoding
2014-01-26 00:06:41 -06:00
37adf1251c
Delete privileged flag because is configuration dependant
2014-01-25 18:25:31 -06:00
038cb7a981
Add module for CVE-2012-0394
2014-01-25 18:17:01 -06:00
52371be52a
Clarify why contributors are listed as authors
...
Also adding @mcantoni to the list of authors. Sorry we missed you!
Dear contributors,
Even though we weren't able to use your code, we absolutely appreciate
that you wrote it. That's why we're listing you as authors. Thanks!!!
https://dev.metasploit.com/redmine/issues/6034
https://dev.metasploit.com/redmine/issues/5217
https://dev.metasploit.com/redmine/issues/6864
2014-01-25 18:02:17 -06:00
cc4dea7d49
Was playing with ms08_067 check and realized I forgot this print
2014-01-25 16:15:52 -06:00
eaeb2af97f
Use opts hash for h323_version
...
https://dev.metasploit.com/redmine/issues/8498
2014-01-24 20:32:37 -06:00
7c5229e2eb
Use opts hash for glassfish_deployer
...
https://dev.metasploit.com/redmine/issues/8498
2014-01-24 20:17:02 -06:00
47b9bfaffc
Use opts hash for adobe_pdf_embedded_exe
...
https://dev.metasploit.com/redmine/issues/8498
2014-01-24 20:16:53 -06:00
a7fa4e312b
This module fails to load due to the missing end
2014-01-24 17:56:47 -06:00
9db295769d
Land #2905 , @wchen-r7's update of exploit checks
2014-01-24 16:49:33 -06:00
f7ecae3f75
Land #2909 - Drupal OpenID External Entity Injection
2014-01-24 15:03:07 -06:00
c8e2301111
Be more informative about why CheckCode::Unknown
...
This is just kind of personal preference here. In case users wonder
why Unknown.
2014-01-24 15:01:52 -06:00
cdc425e4eb
Update some checks
2014-01-24 12:08:23 -06:00
82bf02910d
Land #2911 , correct author name for PJL credit
2014-01-24 11:00:12 -06:00
fdaa172cc5
Land #2896 , @wchen-r7's check's normalization for auxiliary modules
2014-01-24 08:53:53 -06:00
e8b591ef54
Delete registering of check on bailiwicked modules
2014-01-24 08:47:04 -06:00
32d6032893
Add Simple E-Document Arbitrary File Upload module
2014-01-24 19:19:25 +10:30
9ba72ffc71
Remove check support
...
Actually, you can't support check because in check mode the module
doesn't know the IP
2014-01-23 21:30:11 -06:00
dc52d00be6
Modify vmware_http_login to work with check
2014-01-23 21:27:36 -06:00
cf17bf2e72
Small fix
2014-01-23 19:34:50 -06:00
43de7eb74f
Use REXML
2014-01-23 19:32:42 -06:00
a67068f019
Correct author name
...
Was using the name quoted in Redmine. Technically, the author is Myo Soe
of the YGN Ethical Hacker Group (YEHG).
2014-01-23 19:09:20 -06:00
5a59e3d4e4
Fix typo
2014-01-23 18:53:58 -06:00
f529eb1d4b
Clean code
2014-01-23 18:51:24 -06:00
8e17d38c77
Add check method
2014-01-23 18:30:18 -06:00
09b70d1574
Remove max search
2014-01-24 00:27:46 +00:00
0a15e07473
Merge remote-tracking branch 'upstream/master' into service_principle_name
2014-01-24 00:26:52 +00:00
5880f7ebf2
Remove max search
2014-01-24 00:25:03 +00:00
f6054e6581
Merge remote-tracking branch 'upstream/master' into enum_ad_users
2014-01-24 00:24:31 +00:00
b0deb45fad
Add Drupal advisory as reference
2014-01-23 18:10:57 -06:00
6d0d7eda10
Delete garbage comment
2014-01-23 18:09:05 -06:00
72b72effa6
Add module for CVE-2012-4554
2014-01-23 18:04:31 -06:00
982795ee5d
Merge pull request #32 from todb-r7/saner-ifs-pr1473
...
Clean up the if.nils?
2014-01-23 15:50:25 -08:00
790e4d7559
Move options to mixin
2014-01-23 23:47:46 +00:00
e066d86d41
Clean up the if.nils?
2014-01-23 17:36:10 -06:00
7faa41dac0
Change Unknown to Safe because it's just a banner check
2014-01-23 15:36:19 -06:00
81a3b2934e
Fix prints
2014-01-23 15:33:24 -06:00
f5a935a186
Support check for bailiwicked_host
2014-01-23 15:31:37 -06:00
8d411d2037
Fix bailiwicked_domain to allow support of check()
2014-01-23 15:29:40 -06:00
c403c521b3
Change check code
2014-01-23 11:03:40 -06:00
0a10c1297c
Address nil
2014-01-23 11:00:28 -06:00
333229ea7e
Throw Unknown if connection times out
2014-01-23 10:54:45 -06:00
6e8b6732c2
Merge remote-tracking branch 'upstream/master' into service_principle_name
2014-01-22 21:50:10 +00:00
c109a32165
Merge remote-tracking branch 'upstream/master' into enum_ad_users
2014-01-22 21:48:34 +00:00
7f560a4b41
Oops, I broke this module
2014-01-22 11:23:18 -06:00
c83053ba9b
Progress
2014-01-22 11:20:10 -06:00
62729dd9ab
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2014-01-22 10:06:54 +00:00
c190a1b630
Fix field order
2014-01-22 09:29:18 +00:00
646f7835a3
Saving progress
2014-01-21 17:14:55 -06:00
f5809423a3
Let's spell right in my spellcheck PR
...
Updates #2900
2014-01-21 15:57:59 -06:00
720f892e2f
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2014-01-21 21:00:51 +00:00
f571d63088
Merge remote-tracking branch 'upstream/master' into enum_ad_users
2014-01-21 21:00:09 +00:00
eee716a6b3
Grab comments and descriptions ftw
2014-01-21 20:59:31 +00:00
85396b7af2
Saving progress
...
Progress group 4: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 14:10:35 -06:00
b3b51eb48c
Pre-release fixup
...
* Updated descriptions to be a little more descriptive.
* Updated store_loot calls to inform the user where the
loot is stored.
* Removed newlines in print_* statments -- these will screw
up Scanner output when dealing with multiple hosts.
Of the fixed newlines, I haven't see any output, so I'm not sure what
the actual message is going to look like -- I expect it's a whole bunch
of newlines in there so it'll be kinda ugly as is (not a blocker for
this but should clean up eventually)
2014-01-21 13:29:08 -06:00
689999c8b8
Saving progress
...
Progress group 3: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 13:03:36 -06:00
cd989e5dc0
Initial commit
2014-01-21 17:08:31 +00:00
fe767f3f64
Saving progress
...
Progress group 2: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 11:07:03 -06:00
6cd4c66d85
Merge remote-tracking branch 'oj/updated_meterpreter_binaries' into service_principle_name
2014-01-21 15:47:04 +00:00
7cc3c47349
Land #2891 - HP Data Protector Backup Client Service Directory Traversal
2014-01-20 20:08:01 -06:00
e5dc6a9911
Update exploit checks
...
Progress group 1: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-20 14:26:10 -06:00
5025736d87
Fix check for modicon_password_recovery
2014-01-19 17:20:20 -06:00
a239e14084
Fix nodejs_popelining check
2014-01-19 17:06:35 -06:00
7080bb336c
Update ColdFusion check
2014-01-19 17:05:03 -06:00
4fdd2c19a1
Update vbulletin check
2014-01-19 16:54:27 -06:00
0a8aa07131
Fix check method
...
This isn't a check, so shouldn't be using the check method
2014-01-19 16:47:15 -06:00
e2fa581b8c
Delete empty line
2014-01-17 22:05:14 -06:00
01ab6fd545
Do small fixes
2014-01-17 17:59:03 -06:00
5ec062ea1c
Beautify print message
2014-01-17 17:42:26 -06:00
d96772ead1
Clean multi-threading on ibm_sametime_enumerate_users
2014-01-17 17:38:16 -06:00
bb3d9da0bb
Do first cleaning on ibm_sametime_enumerate_users
2014-01-17 16:33:25 -06:00
584401dc3f
Clean ibm_sametime_room_brute code
2014-01-17 15:57:12 -06:00
4d079d47b8
Enable SSL by default
2014-01-17 15:34:33 -06:00
277711b578
Fix metadata
2014-01-17 15:31:51 -06:00
10fd5304ce
Parse response body just one time
2014-01-17 15:17:25 -06:00
fe64dbde83
Use rhost and rport methods
2014-01-17 14:49:50 -06:00
5e8ab6fb89
Clea ibm_sametime_version
2014-01-17 12:23:11 -06:00
57318ef009
Fix nil bug in jboss_invoke_deploy.rb
...
If there is a connection timeout, the module shouldn't access the
"code" method because that does not exist.
2014-01-17 11:47:18 -06:00
bce321c628
Do response handling a little better, fake test
2014-01-17 11:02:35 -06:00
11d613f1a7
Clean ibm_sametime_webplayer_dos
2014-01-17 10:52:42 -06:00
51b3d164f7
Move the DoS module to the correct location
2014-01-17 09:30:51 -06:00
c670259539
Fix protocol handling
2014-01-17 00:49:44 -06:00
eaf1b0caf6
Add minor clean up
2014-01-16 17:55:45 -06:00
f3c912bd32
Add module for ZDI-14-003
2014-01-16 17:49:49 -06:00
ac9e634cbb
Land #2874 , @mandreko's sercomm exploit fixes
2014-01-16 16:35:32 -06:00
272fe5ddfd
Delete debug comments
2014-01-16 16:12:12 -06:00
a1eba03d1f
Land #2725 - Rex::Proto::PJL plus modules
2014-01-16 15:57:38 -06:00
8213eed49f
Delete Netgear N150 target, ist's a Netgear DGN1000 model
2014-01-16 15:14:31 -06:00
9bf90b836b
Add environment variables support
2014-01-16 14:53:25 -06:00
139119d32c
Add Manual targets to sercomm_exec
2014-01-16 12:44:26 -06:00
0922aef8d1
Update module description
2014-01-16 11:16:11 -06:00
2e6b1c7552
Land #2878 , @mandreko's fix for sercomm credentials parsing
2014-01-16 07:27:55 -06:00
311704fc0a
Perform final cleanup
2014-01-15 13:49:37 -06:00
1197426b40
Land PR #2881 , @jvazquez-r7's mips stagers.
2014-01-15 12:46:41 -06:00
0833da465a
Lands #2832 , @jvazquez-r7's fixes to mipsel shellcode.
2014-01-15 12:03:17 -06:00
882c637a8c
Remove unneeded empty line
2014-01-15 13:57:27 +01:00
b2f42d2576
Fixed code issues as requested in PR2801
...
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:54:25 +01:00
d0d82fe405
Fixed code issues as requested in PR2801
...
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:53:14 +01:00
87648476e1
Fixed code issues as requested in PR2801
...
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:52:45 +01:00
55d4ad1b6a
Fixed code issues as requested in PR2801
...
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:51:19 +01:00
0b1671f1b8
Undo debugging comment
2014-01-14 17:02:30 -06:00
6372ae6121
Save some parsing
2014-01-14 17:00:00 -06:00
a056d937e7
Fluch data cache and improve documentation
2014-01-14 14:06:01 -06:00
a8806887e9
Add support for MIPS reverse shell staged payloads
2014-01-14 12:25:11 -06:00
5d387c96ec
Land #2879 , minor code formatting missed in #2863
2014-01-14 11:22:09 -06:00
b4280f2876
Very minor code formatting
2014-01-14 13:35:00 +01:00
2d40f936e3
Added some additional creds that were useful
2014-01-13 23:15:51 -05:00
42fb8c48d1
Fixed the credential parsing and made output consistent
...
So in the previous refactor, we made the dedicated method to parse
usernames and passwords from the split up config values. However, that
didn't work, because on a single iteration of the loop, you only have
access to a possible username OR password. The other matching key will
be another iteration of the loop. Because of this, no credential pairs
were being reported.
The only way I can see around this (maybe because I'm a ruby newb) would
be to iterate over configs, and if the user or password regex matches,
add the matching value to a hash, which is identified by a key for both
user & pass. Then upon completion of the loop, it'd iterate over the
hash, finding keys that had both user & pass values.
2014-01-13 22:57:25 -05:00
ad832adfc1
Land #2846 - Update mipsle shell_bind_tcp shellcode
2014-01-13 17:37:08 -06:00
b7b1ddf1e8
Sercomm Exploit module fixes
...
Added targets for 8 specific targets that I've tested: Cisco WAP4410N,
Honeywell WAP-PL2 IP Camera, Netgear DG834, Netgear DG834G, Netgear
DG834PN, Netgear DGN1000, Netgear DSG835, Netgear WPNT834
Added functionality to the CmdStagerEcho mix-in to support encoding via
octal instead of hex based on the :enc_type option. This is because many
devices would not output hex encoded values properly.
Added options on a per-target basis for the PackFormat (endian pack()
values for communication), UploadPath (because /tmp wasn't always
writable), and PayloadEncode (previously mentioned octal encoding
option)
Note for some reason, some devices communicate over one endianness, but
then require a payload for the other endianess. I'm not sure what's
causing this, but if those specific combinations are not used, the
exploit fails. More research may be required for this.
2014-01-13 16:58:32 -05:00
804b26bac6
Land #2872 , switch for ARCH_MIPSBE
2014-01-13 15:10:27 -06:00
24c57b34a7
Have into account endianess
2014-01-13 15:04:23 -06:00
7c52f9b496
Update description to use %q{}
2014-01-13 14:42:25 -06:00
61b30e8b60
Land #2869 , pre-release title/desc fixes
2014-01-13 14:29:27 -06:00
207e9c413d
Add the test info for sercomm_dump_config
2014-01-13 14:27:03 -06:00
e6e6d7aae4
Land #2868 , fix Firefox mixin requires
2014-01-13 14:23:51 -06:00
fe6d10ac5d
Land #2852 , @mandreko's scanner for OSVDB 101653
2014-01-13 14:07:07 -06:00
671027a126
Pre-release title/desc fixes
2014-01-13 13:57:34 -06:00
8c3a71a2e7
Clean sercomm_backdoor scanner according to feedback
2014-01-13 13:53:47 -06:00
f11322b29f
Oh right, msftidy.
2014-01-13 13:44:34 -06:00
3db143c452
Remove explicit requires for FF payload.
...
Adds ff payload require to msf/core/payload.rb
2014-01-13 13:07:55 -06:00
771bd039a0
Land #2863 - Update realplayer_ver_attribute_bof.rb
...
Refs & ROP
2014-01-13 11:29:52 -06:00
bc9c865c25
Land #2865 - js payload to firefox_svg_plugin & add BA support for FF JS exploits
2014-01-13 11:17:36 -06:00
sinn3r
Meatballs
James Lee
jvazquez-r7
grimmlin
Spencer McIntyre
William Vu
Joe Vennix
kicks4kittens
Tod Beardsley
bcoles
xistence
Mekanismen
RangerCha
Meatballs1
sgabe
Matt Andreko