Commit Graph

14814 Commits (fedef90937977639999f07f1f95482fef14158fa)

Author SHA1 Message Date
Raphael Mudge eee6248795 Armitage 10.16.12 - a lot of bug fixes. 2012-10-15 19:19:31 -04:00
James Lee 45a60b6bdd Clarify why we need to sleep.
[Closes #911][FixRM #7344]
2012-10-15 17:54:18 -05:00
Raphael Mudge f4b151f63d Detect and mitigate CPU starvation condition [SeeRM #7344] 2012-10-15 17:54:18 -05:00
James Lee 46ed888ffe Don't require .rb 2012-10-15 17:27:23 -05:00
James Lee 52feae2dcd Add missing require
[FixRM #7345]
2012-10-15 17:18:04 -05:00
sinn3r 8e668e2808 Check STATUS_ACCESS_DENIED properly
When Samba throws STATUS_ACCESS_DENIED, the exception that's
throwin is actually Rex::Proto::SMB::Exception::ErrorCode, not
as LoginError.  It was handled correctly in try_user_pass(), but
not in other functions that also use smb_login().
2012-10-15 16:52:34 -05:00
Tod Beardsley 9192a01803 All exploits need a disclosure date. 2012-10-15 16:29:12 -05:00
nullbind 553ce82e79 added mssql ntlm stealer 2012-10-15 13:29:51 -05:00
jvazquez-r7 29299b29a5 Added modules for CVE-2012-4933 2012-10-15 16:03:19 +02:00
Tod Beardsley 932b8ba841 Require, not load, msf, not lib/msf 2012-10-15 07:11:15 -05:00
Tod Beardsley adfced8d0e Post require on gpg_creds 2012-10-15 06:58:35 -05:00
sinn3r 1d91280f61 Merge branch 'master' into feature/gemize-kissfft 2012-10-15 04:08:32 -05:00
jvazquez-r7 2acfb0537c Merge branch 'ajaxplorer' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ajaxplorer 2012-10-15 08:30:08 +02:00
sinn3r 529f88c66d Some msftidy fixes 2012-10-14 19:16:54 -05:00
sinn3r a11d16ea30 More strict on check_disclosure_date 2012-10-14 19:06:36 -05:00
sinn3r 97ac7fa184 Merge branch 'module-wle-service-permissions' of git://github.com/zeroSteiner/metasploit-framework 2012-10-14 18:27:32 -05:00
sinn3r e00dbfcc0d You mean.. FILEPATH. 2012-10-14 18:18:11 -05:00
sinn3r 2f04fdd71a Merge branch 'apache_activemq_traversal' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-apache_activemq_traversal 2012-10-14 18:16:41 -05:00
jvazquez-r7 d971abaeb9 deleted extra comma 2012-10-14 22:39:07 +02:00
jvazquez-r7 14bd0373d3 deleted extra space 2012-10-14 22:38:14 +02:00
jvazquez-r7 ac6a4c9283 Added module for CVE-2010-1587 2012-10-14 22:36:02 +02:00
jvazquez-r7 2b644dbc45 added module for Apache ActiveMQ directory traversal 2012-10-14 22:30:38 +02:00
jgor 79da6c7186 added Lantronix telnet password recovery module 2012-10-14 12:46:52 -05:00
sinn3r cedcace1a7 Forgot to change the output variable
Because the original script used match()
2012-10-14 11:43:33 -05:00
jvazquez-r7 9597e44a95 Merge branch 'msftidy_cleanup' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-msftidy_cleanup 2012-10-13 09:05:34 +02:00
sinn3r cc303665e8 Credit 2012-10-13 00:42:44 -05:00
sinn3r 5b2998a121 Add OSVDB-63552 AjaXplorer module (2010) 2012-10-13 00:35:48 -05:00
sinn3r d36f642edc Add print_warning() 2012-10-12 21:48:15 -05:00
sinn3r 7196ca5b5e Fix bad indent 2012-10-12 18:35:05 -05:00
Raphael Mudge 7aa6776e4b let's not rejoin threads we've already joined. 2012-10-12 17:12:42 -04:00
Raphael Mudge 694eacfc4b performance fix for host discovery post modules 2012-10-12 16:43:42 -04:00
sinn3r 2b9c04318f No more check_executable, check extname instead.
When File.executable?() is used, it checks if the file is an
executable AND that exe permission is set. Well, we don't really
have to set the permission we can still load/use the module. So
really, all we care is the module must be a ".rb" to make sure
it loads at startup.  So that's what we need to check.
2012-10-12 14:37:42 -05:00
Spencer McIntyre f5302bfc49 add deprication warning to the original module 2012-10-12 13:49:25 -04:00
sinn3r 2bbbbee381 Make the check_executable warning easier to understand. 2012-10-12 09:33:18 -05:00
sinn3r dc71771dda Change some texts
Changes include:
* Make invalid ranking an error, because it may affect module
  search in msfconsole, or the metasploit site.
* Make invalid disclosure format an error, same concern as above.
* Plus other changes
2012-10-12 09:11:34 -05:00
James Lee 90ae5c1178 Add PhpEXE support to RateMyPet module 2012-10-12 04:53:01 -05:00
James Lee db12413b09 Convert vcms_upload to use PhpEXE
Incidentally adds a Linux x86 target
2012-10-12 04:29:57 -05:00
sinn3r a5cdf5df90 Fix check_executable 2012-10-12 03:16:50 -05:00
sinn3r b89c4d1b7c Rank checking should only run against exploit modules 2012-10-12 03:01:48 -05:00
James Lee 13a5892e95 Add a mixin for uploading/executing bins with PHP
And use it in three modules that had copy-paste versions of the same
idea.
2012-10-12 02:57:41 -05:00
sinn3r 82189d9f8c Make msftidy's code more manageable, and more helpful output 2012-10-12 02:55:16 -05:00
Spencer McIntyre 3ab24cdbb9 added exploits/windows/local/service_permissions 2012-10-11 22:42:36 -04:00
James Lee 0adabb1e06 Merge branch 'wchen-r7-projectpier' into rapid7
[Closes #889]
2012-10-11 18:32:04 -05:00
sinn3r 55c0cda86c Merge branch 'fix_vprint_reduceright' of git://github.com/kernelsmith/metasploit-framework into kernelsmith-fix_vprint_reduceright 2012-10-11 16:55:52 -05:00
kernelsmith c911eeece2 change vprint_error to print_error
exploits/windows/browser/mozilla_reduceright does not tell you when an
incompatible browser connects like most other browser exploits do
(unless verbose is true).  This change just changes the vprint to print
to be more consistent w/other browser exploits
2012-10-11 16:51:17 -05:00
sinn3r 9ea208d129 Oops, overwrote egypt's changes by accident 2012-10-11 16:40:52 -05:00
sinn3r 82eaa322fe Make cleanup work better 2012-10-11 16:39:54 -05:00
James Lee 3a66a07844 Proposed re-wording of description
[See #889]
2012-10-11 15:48:04 -05:00
sinn3r 24980e735b I found an OSVDB ID 2012-10-11 15:28:07 -05:00
sinn3r 55128f5bb3 Make sure res has value before passing it on to exec_php 2012-10-11 14:43:38 -05:00