04a80e0648
Fixes to the WMI setup
2012-11-07 11:26:48 -06:00
208e706307
Module title fixes
2012-11-07 10:33:14 -06:00
81ed0bbcce
Avoiding 1.8.7 variable assignment incompat.
...
Reported on twitter:
http://twitter.com/SoapyWetDish/status/266155915256938496
2012-11-07 10:10:13 -06:00
9166d12179
Merge branch 'WinRM_piecemeal' of https://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-WinRM_piecemeal
2012-11-05 23:08:59 +01:00
3d7e0b7b3d
Fix bad indent that snuck into the comments
2012-11-04 22:50:47 -06:00
ae9b462b99
Fix baud rate (see PR #1008 )
2012-11-04 22:38:16 -06:00
fca8208171
Some minor code cleanup
2012-11-04 14:45:15 -06:00
f69ccc779f
Unified smarter module
2012-11-04 13:14:02 -06:00
c30ada5eac
Adds temp vbs mod and tweaked decoder stub
2012-11-04 12:49:15 -06:00
963fdd6430
Initial commit for Digi RealPort modules
2012-11-03 17:44:53 -05:00
519eb0c2be
Behold the King of Typos in all my glory
2012-11-01 11:30:52 -05:00
0eccfaf1bb
Add a disclosure date
2012-11-01 10:24:28 -05:00
dd7ab11e38
Minor cleanup
2012-10-31 16:14:34 -05:00
bfbae5fbb7
Merge branch 'upstream-master' into WinRM_piecemeal
...
Conflicts:
lib/msf/core/exploit/winrm.rb
2012-10-24 14:12:28 -05:00
1dcbbdf162
changed indent level
2012-10-24 13:50:44 -05:00
a15c35091d
Add the WinRM login module
2012-10-24 11:25:39 -05:00
8c1304557f
Code cleanup
2012-10-23 16:32:26 -05:00
e19f2d235c
Actually use the timeout in winrm cmd
2012-10-23 11:29:32 -05:00
04fd990741
bad indent
2012-10-22 17:03:40 -05:00
e08cedec2e
Requested revisions/cleanup
...
minor fixes to spacing, some typos, and abse64 switched to Rex
2012-10-22 17:01:00 -05:00
57514e5407
Msftidyness
2012-10-19 16:56:52 -05:00
56cbe6a67e
Some minor fixups
2012-10-19 15:25:03 -05:00
3a8dd261ae
WinRM mixin and basic discovery module
2012-10-19 15:08:58 -05:00
ffa4373242
Merge branch 'rapid7' into wchen-r7-print_warning
...
[Closes #899 ]
2012-10-19 13:49:32 -05:00
46ed888ffe
Don't require .rb
2012-10-15 17:27:23 -05:00
932b8ba841
Require, not load, msf, not lib/msf
2012-10-15 07:11:15 -05:00
d36f642edc
Add print_warning()
2012-10-12 21:48:15 -05:00
13a5892e95
Add a mixin for uploading/executing bins with PHP
...
And use it in three modules that had copy-paste versions of the same
idea.
2012-10-12 02:57:41 -05:00
d832aac629
msftidy caught the space I left in there.
2012-10-01 17:27:00 -05:00
f2c7731b39
Add RopDb mixin
2012-10-01 17:09:01 -05:00
221eb88313
Make filename easy to override
2012-09-10 15:59:01 -05:00
2cb2b281d6
Fix NoMethodError for nil:NilClass bug
...
The 'unless' statement expects there's always a value for USERNAME
and PASSWORD. We might as well just set '' as the default value
to avoid the NoMethodError mistake. Related to bug #7140 .
2012-09-06 01:09:40 -05:00
c1cf71c4e9
Remove debugging load()
2012-07-18 11:02:21 -06:00
f4547527a8
Merge branch 'omg-post-exploits' of https://github.com/jlee-r7/metasploit-framework
2012-07-17 17:43:40 -05:00
c887e0aaff
Re-add AFP changes due to mangled merge
2012-07-17 00:42:49 -05:00
f62e0b1cca
AFP fixes and JTR typo fix
2012-07-16 21:45:45 -05:00
bc2edeace2
Cleanup AFP module output
2012-07-16 21:02:40 -05:00
efe478f847
Merge branch 'master' into omg-post-exploits
2012-07-16 09:20:23 -06:00
7091d1c65b
Add an exploit for sock_sendpage
...
Unfortunately, adds a dep on bionic for runtime compilation.
Gets ring0, sets the (res)uid to 0 and jumps to the payload. Still some
payload issues because linux stagers don't mprotect(2) the buffer they
read(2) into. Single payloads work fine, though.
Also cleans up and improves local exploits' ability to compile C.
[SEERM #3038 ]
2012-07-15 20:29:48 -06:00
4509c11916
Fingerprint dd-wrt even when auth is required
2012-07-15 21:21:13 -05:00
f111ae097e
Bail early if the user did not configure an injection parameter
2012-07-15 21:14:39 -05:00
2254086dbe
Replace event handler with a straightforward filter
2012-07-11 03:00:44 -05:00
6d6b4bfa92
Merge remote branch 'rapid7/master' into omg-post-exploits
2012-07-08 17:32:39 -06:00
d656e3185f
Mark all libraries as defaulting to 8-bit strings
2012-06-29 00:18:28 -05:00
807142e988
'Size' may not exist in certain PDF structure.
...
This is a fix for issues related to:
'undefined method `[]' for nil:NilClass'
It is possible that a PDF may not have the 'Size' xref, and people
are running into the 'undefined method'[]' for NilClass' exception.
Because the pdf parser always assumes there is a Size field,
so it uses a match() function to find the value for Size, which
can be nil.
See the following bug report for example:
https://dev.metasploit.com/redmine/issues/7014
2012-06-26 16:09:13 -05:00
1989f0ab46
IE 10/Win8 detection support
2012-06-25 00:36:04 -05:00
348a0b8f6e
Merge branch 'master' into feature/vuln-info
2012-06-24 23:00:13 -05:00
4d2e74e2ad
Need to account for the fact the server may timeout during operation
...
See the following issue for more info:
http://dev.metasploit.com/redmine/issues/4866
2012-06-24 20:17:51 -05:00
6913440d67
More progress on syscall wrappers
...
Something is still broken, my socket() is returning EAFNOSUPPORT whereas
what looks like the same syscall in wunderbar_emporium's exploit.c is
returning a socket. Similarly, my __mmap2() is returning EFAULT when
trying to map anything, not just NULL.
2012-06-22 17:45:49 -06:00
fd8b1636b9
Add the first bits of a sock_sendpage exploit
...
This can currently build an executable that creates a socket, opens a
temporary file, truncates that file with ftruncate(2) and calls
sendfile. Still needs to mmap NULL and figure out ring0 shellcode.
Baby steps.
2012-06-22 00:03:29 -06:00
David Maloney