0778b77f7b
Cleaned up a little
2016-08-15 12:20:28 -07:00
8bece28d00
remove *scan bins as well
...
all *scan bins need to be removed as the rex-bin_tools
gem will now handle these and put them in PATH
MS-1691
2016-08-15 14:04:00 -05:00
d2a6c2e9ca
move rex bintools into new gem
...
move all the *scan *parsey code out into
the new rex-bin_tools gem
MS-1691
2016-08-15 14:01:43 -05:00
7730e0eb27
Added ability to retrieve .NET versions
2016-08-15 11:29:00 -07:00
906d480264
Added dotnet require
2016-08-15 11:06:29 -07:00
8c70086170
Land #7204 , typo fix
...
My favorite things to merge, @OJ. ;)
2016-08-15 01:47:30 -05:00
2fed51bb18
Land #7115 , Drupal CODER exploit
2016-08-15 01:15:23 -05:00
62d28f10cb
Clean up Mehmet modules
2016-08-15 01:12:58 -05:00
46e4ee4c5b
Start using gem instead of obsolete library/tool
...
Rationale is following:
nessus-cli is obsolete
nessus is using json rest api instead of xmlrpc
xmlrpc name is therefore obsolete
Solution: with minimal changes start using nessus_rest gem.
2016-08-14 17:57:33 +02:00
4e274d8f1b
typo
2016-08-13 08:22:41 -05:00
d34579f1f0
Land #7203 , Fix struts_default_action_mapper payload request delay
2016-08-12 23:00:44 -05:00
1733d3e1f1
remove obsolete tested-on comment
2016-08-12 17:26:43 -05:00
1e7663c704
Land #7200 , Rex::Ui::Text cleanup
2016-08-12 16:22:55 -05:00
b4846e5793
Enabling cmd_bash payload type with bash-tcp cmd
2016-08-13 00:14:25 +03:00
d38e9f8ceb
Using # instead of ;. Semicolon is causing msg in error.log.
2016-08-12 23:35:29 +03:00
f4e4a5dcf3
Fix struts_default_action_mapper payload request delay
...
MS-1609
2016-08-12 15:29:00 -05:00
ba79579202
Extending Space limitation up to 250
2016-08-12 22:32:49 +03:00
0fd833676e
remove unnedded codepage.map
...
this file got mvoed to rex-text earlier
2016-08-12 13:41:31 -05:00
4e678e4ce6
fix help table
...
there was a bad class refernece here that
needed to be cleaned up
MS-1875
2016-08-12 13:33:41 -05:00
1384c0480d
update rex-text to fix a bug
2016-08-12 13:15:47 -05:00
a6ba386728
Bump version of framework to 4.12.21
2016-08-12 10:02:36 -07:00
6a035b7e48
Land #7161 , add specs for cisco mixin to use Metasploit Credentials
2016-08-12 10:07:17 -05:00
1a7286f625
Land #7062 , Create exploit for WebNMS 5.2 RCE
2016-08-12 07:11:48 -07:00
6160ff8cb2
bump rex-text version for ipaddr fix
...
rex-text version of table had a slight issue
with sorting IPAddr objects, 0.2.0 fixes this issue
MS-1875
2016-08-11 11:24:44 -05:00
6386d9daca
Land #7178 , Add a method to check the Powershell version
2016-08-11 11:02:41 -05:00
e08c4a8bef
Remove .Net check
...
cmd_exec doesn't seem to be the best way to go because there is
some issue grabbing the output sometimes.
2016-08-11 10:49:06 -05:00
42d6c9443d
remove unused ProgressTracker class
...
not sure if this was ever used, but it is certainly not being used
by anything now, so let's remove it
MS-1875
2016-08-11 10:35:10 -05:00
8489485cfd
move Rex::Ui::Text::Color out to rex::text gem
...
moved the text ansi color library out to the rex-text gem
MS-1875
2016-08-11 10:28:09 -05:00
ea0ebf2e3b
Land #7194 , Add MS16-095 IE Iframe Sandbox File Name Disclosure Vuln
2016-08-10 18:26:14 -05:00
c2c05a820a
Force uripath and srvport options
2016-08-10 18:25:45 -05:00
e56e801c12
Update ie_sandbox_findfiles.rb
2016-08-10 18:09:58 -05:00
d57e4d6349
Bump version of framework to 4.12.20
2016-08-10 15:30:37 -07:00
09ad342b67
Merge branch 'master' into feature/MS-1875/rex-table
2016-08-10 15:58:27 -05:00
3fc46451d5
Land #7199 , bcook's pr for is_system fix
...
fixes issue that caused is_system to crash meterp
2016-08-10 15:42:08 -05:00
3851db7bcb
Use powershell when possible
2016-08-10 15:14:11 -05:00
1cb01ee876
remove architecture fidling from platform string for now
2016-08-10 14:46:48 -05:00
eb73a6914d
replace old rex::ui::text::table refs
...
everywhere we called the class we have now rewritten it
to use the new namespace
MS-1875
2016-08-10 13:30:09 -05:00
3f530f1896
remove rex::ui::text:table
...
remove the class from msf, and update the rex-text
gem to pull the code in under the new version at Rex::Text::Table
modify all requires appropriately
MS-1875
2016-08-10 13:24:25 -05:00
b027176799
Land #7156 , use windows_error gem for constants
2016-08-10 11:47:37 -05:00
280216d74d
Bump version of framework to 4.12.19
2016-08-09 14:49:58 -07:00
87b27951cf
Fixed some build errors
2016-08-09 20:46:49 +02:00
79a84fb320
Internet Explorer iframe sandbox local file name disclosure vulnerability
...
It was found that Internet Explorer allows the disclosure of local file
names. This issue exists due to the fact that Internet Explorer behaves
different for file:// URLs pointing to existing and non-existent files.
When used in combination with HTML5 sandbox iframes it is possible to
use this behavior to find out if a local file exists. This technique
only works on Internet Explorer 10 & 11 since these support the HTML5
sandbox. Also it is not possible to do this from a regular website as
file:// URLs are blocked all together. The attack must be performed
locally (works with Internet zone Mark of the Web) or from a share.
2016-08-09 20:35:42 +02:00
a848d3948c
Merge remote-tracking branch 'rapid7/master'
2016-08-09 12:27:22 +02:00
b38ba54b67
Merge pull request #31 from rapid7/master
...
aa
2016-08-08 22:57:00 +01:00
de16a6d536
Land #7182 , Nuuo / Netgear Surveillance admin password reset module
2016-08-08 16:10:30 -05:00
c64e1b8fe6
Land #7181 , NUUO NVRmini 2 / Crystal / NETGEAR ReadyNAS Surveillance
2016-08-08 16:04:33 -05:00
cb04ff48bc
Land #7180 , Add exploit for CVE 2016-5674 / Nuuo / Netgear unauth RCE
2016-08-08 15:55:39 -05:00
8654baf3dd
Land #6880 , add a module for netcore/netdis udp 53413 backdoor
2016-08-08 15:43:34 -05:00
89417304b0
Fix format for netcore_udp_53413_backdoor.md
2016-08-08 15:42:46 -05:00
f98efb1345
Fix typos
2016-08-08 15:41:03 -05:00
Brendan
David Maloney
William Vu
Vlatko Kosturjak
brian schermerhorn
Brent Cook
Pearce Barry
Mehmet Ince
wchen-r7
Metasploit
dmohanty-r7
Yorick Koster
Yorick Koster
Pedro Ribeiro