ff440ed5a4
Describe vulns in more detail, add more URLs
2014-12-22 20:20:48 -08:00
b4f6d984dc
Minor style cleanup
2014-12-22 17:51:35 -08:00
421fc20964
Partial mercurial support. Still need to implement bundle format
2014-12-22 17:44:14 -08:00
fdd1d085ff
Don't encode the payload because this only complicates OS X
2014-12-22 13:36:38 -08:00
ea9f5ed6ca
Minor cleanup
2014-12-22 12:16:53 -08:00
dd73424bd1
Don't link to unused repositories
2014-12-22 12:04:55 -08:00
6c8cecf895
Make git/mercurial support toggle-able, default mercurial to off
2014-12-22 11:36:50 -08:00
574d3624a7
Clean up setup_git verbose printing
2014-12-22 11:09:08 -08:00
16543012d7
Correct planted clone commands
2014-12-22 10:56:33 -08:00
01055cd41e
Use a trigger to try to only start a handler after the malicious file has been requested
2014-12-22 10:43:54 -08:00
3bcd67ec2e
Unique URLs for public repo page and malicious git/mercurial repos
2014-12-22 10:03:30 -08:00
308eea0c2c
Make malicious hook file name be customizable
2014-12-22 08:28:55 -08:00
7f3cfd2207
Add a ranking
2014-12-22 07:51:47 -08:00
74783b1c78
Remove ruby and telnet requirement
2014-12-21 10:06:06 -08:00
31f320c901
Add mercurial debugging
2014-12-20 20:00:12 -08:00
3da1152743
Add better logging. Split out git support in prep for mercurial
2014-12-20 19:34:55 -08:00
58d5b15141
Add another useful URL. Use a more git-like URIPATH
2014-12-20 19:11:56 -08:00
f41d0fe3ac
Randomize most everything about the malicious commit
2014-12-19 19:31:00 -08:00
805241064a
Create a partially capitalized .git directory
2014-12-19 19:07:45 -08:00
f7630c05f8
Use payload.encoded
2014-12-19 18:52:34 -08:00
7f2247f86d
Add description and URL
2014-12-19 15:50:16 -08:00
9b815ea0df
Some style cleanup
2014-12-19 15:35:09 -08:00
4d0b5d1a50
Add some vprints and use a sane URIPATH
2014-12-19 15:33:26 -08:00
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
48444a27af
Remove debugging pp
2014-12-19 15:27:06 -08:00
1c7fb7cc7d
Mostly working exploit for CVE-2014-9390
2014-12-19 15:24:27 -08:00
4888ebe68d
Initial commit of POC module for CVE-2013-9390 ( #4435 )
2014-12-19 12:58:02 -08:00
223d6b7923
Merged with Fr330wn4g3's changes
2014-12-14 13:08:19 +08:00
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
21742b6469
Test #3729
2014-12-06 21:20:52 -06:00
28135bcb09
Land #4159 , MantisBT PHP code execution by @itseco
2014-11-15 07:49:54 +01:00
3faa48d810
small bugfix
2014-11-13 22:51:41 +01:00
7d6b6cba43
some changes
2014-11-13 22:46:53 +01:00
dd1920edd6
Minor typos and grammar fixes
2014-11-13 14:48:23 -06:00
17032b1eed
Fix issue reported by FireFart
2014-11-13 04:48:45 -05:00
ac17780f6d
Fix by @FireFart to recover communication with the application after a meterpreter session
2014-11-11 05:49:18 -05:00
6bf1f613b6
Fix issues reported by FireFart
2014-11-11 00:41:58 -05:00
d4bbf0fe39
Fix issues reported by wchen-r7 and mmetince
2014-11-10 15:27:10 -05:00
cd0dbc0e24
Missed another
2014-11-09 14:06:39 -06:00
9cce7643ab
update description and fix typos
2014-11-09 09:10:01 -05:00
5d17637038
Add CVE-2014-7146 PHP Code Execution for MantisBT
2014-11-09 08:00:44 -05:00
7510fb40aa
touch up visual_mining_netcharts_upload
2014-11-06 22:50:20 -06:00
79cabc6d68
Fix clean up
2014-11-05 15:46:33 -06:00
c08993a9c0
Add module for ZDI-14-372
2014-11-05 15:31:20 -06:00
400ef51897
Land #4076 , exploit for x7chat PHP application
2014-11-03 18:22:04 -06:00
3bf7473ac2
Add github pull request as reference
2014-11-03 18:18:42 -06:00
44a2f366cf
Switch ranking
2014-11-03 18:06:09 -06:00
039d3cf9ae
Do minor cleanup
2014-11-03 18:04:30 -06:00
7e4248b601
Added compatibility with older versions, Updated descriptions and fixed issue with Ubuntu 12.04
2014-11-03 16:42:50 -05:00
51b96cb85b
Cosmetic title/desc updates
2014-11-03 13:37:45 -06:00
Jon Hart