adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

144 Commits

Author SHA1 Message Date
h00die 8beb6255cb fix spelling in aux modules 2024-01-07 15:02:53 -05:00
Alan Foster 30809787c4 Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
h00die 4cc85ecb75 adress a spelling problem 2019-10-05 14:22:18 -04:00
Clément Notin 0c38780692 fix msftidy 2019-05-24 23:56:27 +02:00
Clément Notin fe0cb19333 oracle_login: add verbose print error when login fails 2019-05-24 20:02:01 +02:00
William Vu 3f18ffa224 Land #10318, Oracle function-based index privesc 2018-12-10 11:32:39 -06:00
William Vu d0f1f72426 Clean up module 2018-12-10 11:21:16 -06:00
Moshe Kaplan bd41895fc4 Removed "randomizer" 2018-11-30 09:44:14 -05:00
Brendan Coles 1eeb1005db Update modules/auxiliary/admin/oracle/oracle_index_privesc.rb 
Use print_error for errors and print the error details,

Co-Authored-By: moshekaplan <me@moshekaplan.com>
 2018-11-30 09:39:57 -05:00
Moshe Kaplan 0a2c0751fa Randomize more 2018-11-22 15:25:51 -05:00
William Vu 4c036e70c1 Fix http://seclists.org links to https:// 
I have no idea how this happened in my own code. I was seeing https://.
 2018-09-15 18:54:45 -05:00
h00die 32a4436ecd first round of spelling/grammar fixes 2017-08-24 21:38:44 -04:00
Moshe Kaplan 6b84c92056 Add Litchfield as author and use C-style operator 2017-08-07 14:20:22 -04:00
Moshe Kaplan 0d23a5001c Convert to Unix-style EOL 2017-08-07 09:11:58 -04:00
Moshe Kaplan f7c95d4b1a Add Oracle DB Priv Esc via function-based index (#1) 
Adds a Metasploit module for escalating an Oracle DB user to DBA 
through abusing index privileges to create a function-based index 
that runs with the privileges of the table owner, instead of the 
user who created the index.

This module was tested on Oracle Database 11g Express Edition 
Release 11.2.0.2.0 - 64 bit Production.

A user can query for their privileges with the following:
SELECT * FROM session_privs

The user will need to disconnect and reconnect after running
the exploit to access their new privileges.
 2017-08-06 23:07:46 -04:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
g0tmi1k df9b642746 More print_status -> print_good 2017-07-19 11:39:15 +01:00
g0tmi1k b8d80d87f1 Remove last newline after class - Make @wvu-r7 happy 2017-07-19 11:19:49 +01:00
g0tmi1k 4720d1a31e OCD fixes - Spaces 2017-07-14 08:46:59 +01:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings 
Also fixed rex requires.
 2017-05-03 15:44:51 -05:00
Brent Cook b08d1ad8d8 Revert "Land #6812, remove broken OSVDB references" 
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
 2016-07-15 12:00:31 -05:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references. 
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
 2016-04-23 12:32:34 -05:00
Christian Mehlmauer 3123175ac7 use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook f703fa21d6 Revert "change Metasploit3 class names" 
This reverts commit 666ae14259.
 2016-03-07 13:19:55 -06:00
Christian Mehlmauer 666ae14259 change Metasploit3 class names 2016-03-07 09:56:58 +01:00
wchen-r7 91fc213ddf More metasploit-credential update 2015-07-23 15:50:50 -05:00
wchen-r7 4561850055 Use metasploit-credential API instead of report_auth_info 2015-07-22 01:11:43 -05:00
root 4bd40fed7f yard doc and comment corrections for auxiliary 2015-04-03 16:12:23 +05:00
jvazquez-r7 bedbffa377 Land #3700, @ringt fix for oracle_login 
* Avoid retrying logins when connection cannot be stablished
 2015-01-09 22:59:32 -06:00
jvazquez-r7 38c36b49fb Report when nothing is rescued 2015-01-09 22:58:19 -06:00
URI Assassin 35d3bbf74d Fix up comment splats with the correct URI 
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
 2014-10-17 11:47:33 -05:00
Thomas Ring 81406defed hopefully what you are looking for this time 2014-09-23 11:36:13 -05:00
Thomas Ring fbae68870c cleanup one stray comment 2014-08-29 10:57:51 -05:00
Thomas Ring 4c93cbc62c changes based on feedback, added timeout error message 2014-08-29 10:57:20 -05:00
Thomas Ring 67efa76fc4 changes based on feedback 2014-08-27 09:08:18 -05:00
Thomas Ring e23acf8d82 fix for oracle_login not checking connection status and stopping on timeout 2014-08-25 14:57:45 -05:00
William Vu b6ded9813a Remove EOL whitespace 2014-07-16 14:56:34 -05:00
HD Moore 90eccefcc8 Fix sock.get use and some minor bugs 2014-06-28 16:17:15 -05:00
Christian Mehlmauer 3f3283ba06 Resolved some msftidy warnings (Set-Cookie) 2014-05-12 21:23:30 +02:00
William Vu 2aed8a3aea Update modules to use new ZDI reference 2013-10-21 15:13:46 -05:00
sinn3r 032da9be10 Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
Tod Beardsley 23d058067a Redo the boilerplate / splat 
[SeeRM #8496]
 2013-10-15 13:51:57 -05:00
Meatballs 7ba846ca24 Find and replace 2013-09-26 20:34:48 +01:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
sinn3r 37eaa62096 Fix undefined method error 
[FixRM #8346]
 2013-08-21 00:42:33 -05:00
sinn3r 9ca7a727e1 Fix undefined method error 
[FixRM #8347]
 2013-08-21 00:41:49 -05:00
sinn3r 17b5e57280 Typo 2013-08-19 15:32:19 -05:00
sinn3r fb5ded1472 [FixRM #8314] - Use OptPath instead of OptString 
These modules need to use OptPath to make sure the path is validated.
 2013-08-19 15:30:33 -05:00
Christian Mehlmauer 4d8a2a0885 msftidy: remove $Revision$ 2013-01-03 01:01:18 +01:00
Christian Mehlmauer 95948b9d7c msftidy: remove $Revision$ 2013-01-03 00:58:09 +01:00