adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
24,856 Commits 27 Branches 1,043 Tags
86e4eaaaed52dcdb81095ff8be2e9120bc9a9eb8
Commit Graph

13266 Commits

Author SHA1 Message Date
William Vu 62a4991508 Land #3446, some code cleanup from @todb-r7 2014-06-12 13:35:36 -05:00
Tod Beardsley 3f5e50d18f Aux modules don't have ranking. 
msftidy should have defintely caught this. That it didn't catch on
Travis-CI concerns me. Need to research this.
 2014-06-12 13:21:59 -05:00
Tod Beardsley 1aa029dbed Avoid double quotes in the initialize/elewhere 
There is no need to have double quotes there for uninterpolated strings,
and every other module uses single quotes.
 2014-06-12 13:20:59 -05:00
jvazquez-r7 e85f829ee4 modules living inside scanner should include the Scanner mixin 2014-06-12 12:20:44 -05:00
jvazquez-r7 67d4097e1d Land #3271, @claudijd's Cisco ASA SSL VPN Bruteforce Aux Module 2014-06-12 11:27:23 -05:00
jvazquez-r7 7650067b41 Fix metadata 2014-06-12 11:22:52 -05:00
jvazquez-r7 e76c85c5d1 Fix usage of print_* 2014-06-12 11:13:45 -05:00
sinn3r 2a7227f443 Land #3427 - Adds webcam module for firefox privileged sessions on OSX 2014-06-11 22:27:25 -05:00
joev 6bc37cca0c Land #3430, @brandonprry's generic MongoDB injection enum. 2014-06-11 21:41:23 -05:00
Spencer McIntyre e6aba3ee35 Land #3438, chromecast youtube video aux module 2014-06-11 18:21:12 -04:00
Brandon Perry cca91dd7c5 Update mongodb_js_inject_collection_enum.rb 
some @jvennix-r7 fixes
 2014-06-11 17:07:57 -05:00
HD Moore 0bac24778e Fix the case statements to match platform 2014-06-11 15:22:55 -05:00
HD Moore d5b32e31f8 Fix a typo where platform was 'windows' not 'win' 
This was reported by dracu on freenode
 2014-06-11 15:10:33 -05:00
joev 8b35815ead Move module to post/firefox/manage. 2014-06-11 15:10:22 -05:00
joev bdd86bf863 Add check for windows bug (RM#8810). 2014-06-11 15:09:52 -05:00
William Vu 6ca5cf6c26 Add Chromecast YouTube remote control 2014-06-11 00:08:08 -05:00
Tod Beardsley 44540e6d00 Land #3437, CSS Injection MITM scanner 2014-06-10 13:36:35 -05:00
jvazquez-r7 4aa1fee398 Land #3326, @FireFart's Heartbleed - server response parsing 2014-06-10 13:27:28 -05:00
Tod Beardsley 521284253f Be more clear about the vuln and impact 2014-06-10 10:29:23 -05:00
jvazquez-r7 2c8a99143b Land #3426, @Meatballs1's Python v2.3.3 Compatible Command Shell payloads 2014-06-10 09:55:58 -05:00
jvazquez-r7 3ec15b6512 Land #3431, @bcoles's new targets for efs_easychatserver_username 2014-06-10 09:52:16 -05:00
jvazquez-r7 a554b25855 Use EXITFUNC 2014-06-10 09:51:06 -05:00
jvazquez-r7 9b55f5143a Add module for CVE-2014-0224 2014-06-09 17:38:11 -05:00
Meatballs dc69afebb1 License and Require 2014-06-09 21:41:38 +01:00
Tod Beardsley 4103f2295b Missing comma 2014-06-09 13:44:46 -05:00
Tod Beardsley 0e14d77dba Minor fixup on DTLS module 2014-06-09 13:42:30 -05:00
jvazquez-r7 0e611b5d64 Land #3429, @jhart-r7's auxiliary module for CVE-2014-0195 2014-06-09 13:34:38 -05:00
jvazquez-r7 ed5d83a41b Add vulnerability discoverer 2014-06-09 13:25:33 -05:00
jvazquez-r7 daf662b3c0 Do minor cleanup 2014-06-09 13:23:56 -05:00
jvazquez-r7 1f33566033 Land #3432, @Meatballs1 sap_soap_rfc_brute_login's clean up 2014-06-09 11:39:52 -05:00
jvazquez-r7 b39b41e29f Land #3371, @Meatballs1 fix for sap_mgmt_con_getprocessparameter 2014-06-09 11:25:01 -05:00
Jon Hart 06e45e8253 Clean up TLS fragment building 2014-06-09 08:39:30 -07:00
Meatballs 25ed68af6e Land #3017, Windows x86 Shell Hidden Bind 
A bind shellcode that responds as 'closed' unless the client matches the
AHOST ip.
 2014-06-08 13:49:49 +01:00
Christian Mehlmauer 099003708c Land #3422, SAP Bruterforcer datastore cleanup 2014-06-08 08:42:27 +02:00
Brandon Perry 4367e8ef0c Update mongodb_js_inject_collection_enum.rb 
Fix some logic bugs that caused incorrect results.
 2014-06-07 21:03:28 -05:00
Brandon Perry dc89621d5c Update mongodb_js_inject_collection_enum.rb 
No need to make extra requests. Off by one.
 2014-06-07 20:09:00 -05:00
Brandon Perry 2663af986b Update mongodb_js_inject_collection_enum.rb 
This adds a bit more error handling, and better decision making in regards to false responses.
 2014-06-07 19:58:12 -05:00
Brendan Coles 6bef6edb81 Update efs_easychatserver_username.rb 
Add targets for versions 2.0 to 3.1.
Add install path detection for junk size calculation.
Add version detection for auto targeting.
 2014-06-08 06:36:18 +10:00
Jon Hart a7a1a2bf3b Move dtls_fragment_overflow.rb under ssl where it belongs 2014-06-07 12:56:34 -07:00
Brandon Perry 4071fb332b Create mongodb_js_inject_collection_enum.rb 
This module was tested against a small php application I wrote interfacing with MongoDB 2.2.7

https://gist.github.com/brandonprry/c2de8ac2be825007c4de
 2014-06-07 11:20:34 -05:00
Meatballs 2be6b8befe Remove bind hidden handler 2014-06-07 14:34:20 +01:00
Meatballs bf1a665259 Land #2657, Dynamic generation of windows service executable functions 
Allows a user to specify non service executables as EXE::Template as
long as the file has enough size to store the payload.
 2014-06-07 13:28:20 +01:00
Jon Hart 8637a1fff1 OpenSSL DTLS CVE-2014-0195 POC 2014-06-06 19:24:47 -07:00
Meatballs fe20e6e1c4 Merge remote-tracking branch 'upstream/master' into soap_brute_fix 
Conflicts:
	modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb
 2014-06-07 02:44:16 +01:00
Meatballs 8624ddfc3e Clean up SAP SOAP RFC Brute Login 
Honour the user supplied settings
Abort a host on connection error
Check a 200 response for some appropriate data
Let datastore validation handle things like options being present
Be more verbose if needed
Use the HTTPClient more appropriately
 2014-06-07 02:34:49 +01:00
Meatballs b997c2ac1f Further tidies 2014-06-07 02:00:35 +01:00
joev a33de66da4 Fix transparent background, add VISIBLE option. 2014-06-06 16:52:00 -05:00
joev a45a5631f5 Make window invisible. 2014-06-06 16:40:55 -05:00
joev 496be5c336 Ensure command_shell_options is present. 2014-06-06 16:26:45 -05:00
joev d990fb4999 Remove a number of stray edits and bs. 2014-06-06 16:24:45 -05:00