adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

2936 Commits

Author SHA1 Message Date
William Vu 8a2236ecbb Fix the last of the Set-Cookie msftidy warnings 2014-05-29 04:42:49 -05:00
William Vu 352e14c21a Land #3391, all vars_get msftidy warning fixes 2014-05-26 23:41:46 -05:00
Christian Mehlmauer da0a9f66ea Resolved all msftidy vars_get warnings 2014-05-25 19:29:39 +02:00
Christian Mehlmauer df97c66ff5 Fixed check 2014-05-24 00:37:52 +02:00
Christian Mehlmauer 8d4d40b8ba Resolved some Set-Cookie warnings 2014-05-24 00:34:46 +02:00
Tod Beardsley efffbf751a PHP module shouldnt zap CMD option (@wchen-r7) 
As far as I can tell, there is no purpose for this cleanup. No other CMD
exec module takes pains to clear out CMD after run, and it looks like a
bad idea -- what happens when you rexploit?
 2014-05-23 15:09:18 -05:00
Christian Mehlmauer df4b832019 Resolved some more Set-Cookie warnings 2014-05-13 22:56:12 +02:00
Jeff Jarmoc 638ae477d9 Fix up spec. Rex::Proto::Http::ClientRequest handles & and = outside of Rex::Text::uri_encode, so mode doesn't affect them. 
Fix erroneous typo char.
 2014-05-12 12:10:30 -05:00
Jeff Jarmoc 5f523e8a04 Rex::Text::uri_encode - make 'hex-all' really mean all. 
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes'  It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
 2014-05-12 11:26:27 -05:00
Christian Mehlmauer dee6b53175 fix java payload struts module 2014-05-10 00:19:40 +02:00
jvazquez-r7 38f3a19673 Try to beautify description 2014-05-09 14:35:06 -05:00
Christian Mehlmauer 43a85fc645 additional GET parameters 2014-05-09 21:21:04 +02:00
Christian Mehlmauer ad83921a85 additional GET parameters 2014-05-09 21:15:28 +02:00
Christian Mehlmauer 53fde675e7 randomize meh parameter 2014-05-09 10:38:19 +02:00
Christian Mehlmauer a3fff5401f more code cleanup 2014-05-08 23:05:41 +02:00
Christian Mehlmauer e7b7af2f75 fixed apache struts module 2014-05-08 22:15:52 +02:00
Tod Beardsley 3536ec9a74 Description update 2014-05-05 13:43:44 -05:00
Christian Mehlmauer 073adc759d Land #3334, fix author by @julianvilas 2014-05-04 21:30:53 +02:00
Julian Vilas dd7705055b Fix author 2014-05-04 19:31:53 +02:00
julianvilas 36f9f342c1 Fix typo 2014-05-02 16:26:08 +02:00
jvazquez-r7 3dd3ceb3a9 Refactor code 2014-05-01 18:04:37 -05:00
jvazquez-r7 b7ecf829d3 Do first refactor 2014-05-01 16:39:53 -05:00
jvazquez-r7 195005dd83 Do minor style changes 2014-05-01 15:25:55 -05:00
jvazquez-r7 140c8587e7 Fix metadata 2014-05-01 15:24:16 -05:00
Julian Vilas e0ee31b388 Modify print_error by fail_with 2014-05-01 20:19:31 +02:00
Julian Vilas 3374af83ab Fix typos 2014-05-01 19:44:07 +02:00
Julian Vilas bd39af3965 Fix target ARCH_JAVA and remove calls to sleep 2014-05-01 00:51:52 +02:00
julianvilas 8e8fbfe583 Fix msf-staff comments 2014-04-29 17:36:04 +02:00
julianvilas b2c2245aff Add comments 2014-04-29 11:24:17 +02:00
Julian Vilas a78aae08cf Add CVE-2014-0094 RCE for Struts 2 2014-04-29 03:58:04 +02:00
Julian Vilas 17a508af34 Add CVE-2014-0094 RCE for Struts 2 2014-04-29 03:50:45 +02:00
Tom Sellers 8f47edb899 JBoss_Maindeployer: improve feedback against CVE-2010-0738 
The exploit against CVE-2010-0738 won't work when using GET or POST.  In the existing code the request would fail and the function would return a nil.  This would be passed to detect_platform without being checked and cause the module to crash ungracefully with the error:

Exploit failed: NoMethodError undefined method `body' for nil:NilClass

The first changes detect a 401 authentication message and provide useful feedback.  Given that if, in any case, 'res' is not a valid or useful response the second change just terminates processing.

I've stayed with the module's coding style for consistency.
 2014-04-24 12:37:14 -05:00
Tod Beardsley 062175128b Update @Meatballs and @FireFart in authors.rb 2014-04-09 10:46:10 -05:00
sinn3r 4012dd0acc Fix everything that needs to be fixed 2014-04-08 14:57:42 -05:00
dummys ca7dcc0781 cleanup with msftidy 2014-04-06 12:41:58 +02:00
dummys c90c49e319 Add vtiger install rce 0 day 2014-04-04 10:16:55 +02:00
Tod Beardsley d27264b402 Land #2782, fix expand_path abuse 2014-03-19 08:41:28 -05:00
Tod Beardsley c916b62f47 Removes hash rockets from references. 
[SeeRM #8776]
 2014-03-17 09:40:32 -05:00
William Vu 170608e97b Fix first chunk of msftidy "bad char" errors 
There needs to be a better way to go about preventing/fixing these.
 2014-03-11 11:18:54 -05:00
OJ 3ea3968d88 Merge branch 'upstream/master' into stop_abusing_expand_path 
Conflicts:
	lib/msf/core/post/windows/shadowcopy.rb
	modules/exploits/windows/local/bypassuac.rb
	modules/post/windows/gather/wmic_command.rb
	modules/post/windows/manage/persistence.rb
 2014-03-11 23:13:39 +10:00
jvazquez-r7 c981bbeab9 Land #3011, @wchen-r7's fix for Dexter exploit 2014-02-24 10:53:10 -06:00
jvazquez-r7 998fa06912 Land #2998, @bit4bit's fix for the vtigercrm exploit 2014-02-20 08:36:05 -06:00
jvazquez-r7 0b27cd13e8 Make module work 2014-02-20 08:35:37 -06:00
sinn3r ed2ac95396 Always replace \ with / for Dexter exploit 
Fix for the following:
https://github.com/rapid7/metasploit-framework/commit/48199fec271006ed66c4de639cd39e41f05df511#commitcomment-5419010
 2014-02-19 09:24:07 -06:00
jvazquez-r7 4ca4d82d89 Land #2939, @Meatballs1 exploit for Wikimedia RCE and a lot more... 2014-02-18 17:48:02 -06:00
Tod Beardsley a863d0a526 Pre-release fixes, including msftidy errors. 2014-02-18 14:02:37 -06:00
sinn3r 52ac85be11 Land #2931 - Oracle Forms and Reports RCE 2014-02-17 08:54:23 -06:00
sinn3r 110ffbf342 Indent looks off for this line 2014-02-17 08:53:29 -06:00
sinn3r 632ea05688 100 columns 2014-02-17 08:52:56 -06:00
sinn3r 8da7ba131b In case people actually don't know what RCE means 2014-02-17 08:51:48 -06:00