2e8c369c69
Land #2559 - remove content-length
2013-10-22 16:03:42 -05:00
71fab72e06
Delete duplicate content-length from axis2_deployer
2013-10-21 15:35:51 -05:00
2aed8a3aea
Update modules to use new ZDI reference
2013-10-21 15:13:46 -05:00
10a4ff41de
Delete Content-Length duplicate header
2013-10-21 15:11:37 -05:00
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
c83262f4bd
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
eab90e1a2e
Land #2491 , missing platform info update
2013-10-14 10:38:25 -05:00
0b93996b05
Clean and add Automatic target
2013-10-11 13:19:10 -05:00
9ca9b4ab29
Merge branch 'master' into data_dir
...
Conflicts:
lib/msf/core/auxiliary/jtr.rb
2013-10-10 19:55:26 +01:00
276ea22db3
Add VMware Hyperic HQ Groovy Script-Console Java Execution
2013-10-11 05:07:23 +10:30
0acb170ee8
Bug #8419 - Added platform info missing on exploits
2013-10-08 22:41:50 -04:00
4ba001d6dd
Put my short name to prevent conflicts.
2013-10-07 14:10:47 -05:00
ec6516d87c
Deprecate misnamed module.
...
* Renames to a linux linksys module.
2013-10-07 14:06:13 -05:00
113f89e40f
First set of fixes for gestioip_exec
2013-10-04 13:29:27 -05:00
9b79bb99e0
Add references, correct disclosure date
2013-10-04 09:59:26 -05:00
ab786d1466
Imply authentication when a password is set
2013-10-04 09:54:04 -05:00
0112d6253c
add gestio ip module
2013-10-04 06:39:30 -07:00
c460f943f7
Merge branch 'master' into data_dir
...
Conflicts:
modules/exploits/windows/local/always_install_elevated.rb
plugins/sounds.rb
scripts/meterpreter/powerdump.rb
scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
7ba846ca24
Find and replace
2013-09-26 20:34:48 +01:00
84ec2cbf11
remove peer methods since it is already defined in Msf::Exploit::Remote::HttpClient
2013-09-25 23:42:44 +02:00
93486a627d
Whoops on trailing commas
2013-09-24 15:14:11 -05:00
3906d4a2ca
Fix caps that throw msftidy warnings
2013-09-24 13:03:16 -05:00
c547e84fa7
Prefer Ruby style for single word collections
...
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.
This change converts all Payloads to this format if there is more than
one payload to choose from.
It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.
See:
https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
4bff8f2cdc
Update descriptions for clarity.
2013-09-23 13:48:23 -05:00
29649b9a04
Land #2388 , @dummys's exploit for CVE-2013-5696
2013-09-20 13:03:01 -05:00
8922d0fc7f
Fix small bugs on glpi_install_rce
2013-09-20 13:01:41 -05:00
b24ae6e80c
Clean glpi_install_rce
2013-09-20 12:58:23 -05:00
187ab16467
many change in the code and replace at the correct place the module
2013-09-20 10:45:10 +02:00
8d70a9d893
Add more refs
2013-09-19 22:05:23 -05:00
137b3bc6ea
Fix whitespace issues.
2013-09-19 17:29:11 -05:00
bd96c6c093
Adds module for CVE-2013-3568.
2013-09-19 17:26:30 -05:00
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
0037ccceed
add osvdb ref for openx backdoor
2013-08-18 06:34:50 -05:00
6c1ba9c9c9
Switch to Failure vs Exploit::Failure
2013-08-15 14:14:46 -05:00
6c0b067d7c
Land #2163 , known secret session cookie for RoR
...
From @joernchen, leverages an infoleak to gain a shell on rails
applications. There is no patch, since you are expected to keep your
secrets, well, secret.
2013-08-09 12:30:37 -05:00
969b380d71
More explicit title, grammar check on description
2013-08-09 12:27:45 -05:00
13ea8aaaad
VALIDATE_COOKIE better grammar on fail message
2013-08-09 12:26:12 -05:00
94e7164b01
Allow user to choose to validate the cookie or not
2013-08-09 12:22:28 -05:00
376c37d4cc
Two more fixes, Arch and unneeded include.
2013-08-09 09:23:50 +02:00
155c121cbb
More spacing between ends
2013-08-08 16:35:38 -05:00
f4fc0ef3fb
Moved classes into the Metasploit3 space
...
I'm just worried about all those naked classes just hanging around in
the top namespace. This shouldn't impact functionality at all.
While most modules don't define their own classes (this is usually the
job of Msf::Exploit and Rex), I can't think of a reason why you
shouldn't (well, aside from reusability). And yet, very rarely do
modules do it. It's not unknown, though -- the drda.rb capture module
defines a bunch of Constants, and the
post/windows/gather/credentials/bulletproof_ftp.rb module defines some
more interesting things.
So, this should be okay, as long as things are defined in the context of
the Metasploit module proper.
2013-08-08 16:22:34 -05:00
4e166f3da4
Adding more blank lines between methods
...
For readability
2013-08-08 16:20:38 -05:00
4a609504e3
Land #2199 , @jlee-r7's exploit for CVE-2013-4211
2013-08-08 14:57:28 -05:00
a03d71d60e
Land #2181 - More targets for hp_sys_mgmt_exec
...
Thanks mwulftange!
2013-08-08 13:35:33 -05:00
a73f87eaa5
No autodetect. Allow the user to manually select.
2013-08-08 13:34:25 -05:00
080ca0b1b1
Use fail_with when failing instead of print_error
2013-08-08 13:12:39 -05:00
ca7c0defe1
No need to rescue if we're just re-raising
2013-08-07 17:36:07 -05:00
c808930f15
Add module for CVE-2013-4211, openx backdoor
2013-08-07 17:24:47 -05:00
e7206af5b5
OSVDB and comment doc fixes
2013-08-05 09:08:17 -05:00
sinn3r