e76fd32bc1
automatic module_metadata_base.json update
2019-06-05 13:30:30 -07:00
af1afca1e3
Land #11940 , Add files to test that may not be open
2019-06-05 15:03:33 -05:00
0516441549
Land #11949 , Fix wordpress_content_injection CVE
2019-06-05 14:54:01 -05:00
3c4699c848
Remove unnecessary leading slash from log message
2019-06-05 15:10:00 -04:00
25f45144e8
Handle exceptions raised by get_msf_version call
...
Exceptions may be raised via the remote data service response handling
while making the call to check the MSF version.
2019-06-05 15:09:33 -04:00
bf6a62fba8
Add workspace arg to spec
2019-06-05 08:47:13 -05:00
69ab2154ad
wordpress_content_injection: fix CVE number
2019-06-05 12:43:16 +02:00
6d155a8573
Remove a left-over 'pry' debugger invocation
2019-06-04 17:52:03 -05:00
e8487b547f
Should not have changed reverse_tcp.rb
2019-06-04 16:01:45 -05:00
928e4679ae
cmd/unix/pingback_* payloads now use 'printf' in place of 'echo'
2019-06-04 15:47:21 -05:00
e9ef0b1c38
Remove workspace reference in async_callback database table
2019-06-04 15:12:31 -05:00
8c3d7b3900
automatic module_metadata_base.json update
2019-06-04 10:58:45 -07:00
9edf92434c
Land #11895 , CVE-2018-20434 LibreNMS cmd injection exploit
2019-06-04 12:28:24 -05:00
7366994f7b
automatic module_metadata_base.json update
2019-06-04 10:26:24 -07:00
c93c65cef5
Update date format
2019-06-04 12:24:00 -05:00
749501d449
Refactor remote data service response handling
...
Raises exceptions for error responses rather than failing silently.
This exposes the server-side error message to the user in console.
2019-06-04 12:09:06 -05:00
8fe11744bd
Use the revised ResponseWrapper error classes
2019-06-04 11:59:00 -05:00
52c67a6952
Modify ResponseWrapper to support three states
...
There is a success response, an error response and a failed response.
An error response contains a body with an error message from the
server-side, while a failed response represents an invalid response
caused by an issue with the request or response.
2019-06-04 11:56:12 -05:00
c1572c89a8
Land #11841 , IBM WAS Network Deployment RCE CVE-2019-4279
2019-06-04 11:49:05 -05:00
129bb898d8
Merge CMD Target Update
2019-06-04 11:47:28 -05:00
eff819b523
Land #11945 , Make auto_cl more selective based on HTTP method
...
Merge branch 'land-11945' into upstream-master
2019-06-04 09:04:13 -05:00
e15840f8db
Add nil check for quick response
2019-06-04 08:36:58 -05:00
c28b15e9fe
Land #11823 , Handle invalid payloads more clearly
...
Merge branch 'land-11823' into upstream-master
2019-06-04 08:34:41 -05:00
8687a21f2d
Fix workspace calls
2019-06-04 08:33:58 -05:00
cd182e2014
Land #11938 , fix cmd_exec tests on python/windows
...
Merge branch 'land-11938' into upstream-master
2019-06-04 08:01:49 -05:00
bee013a18c
update cache size and fix an assignment
2019-06-04 07:13:34 -05:00
6a8e4366ae
Improve XP stabilty, trim dead code
2019-06-04 06:53:36 -05:00
9d17832347
Deal with virtual channel data blob
2019-06-04 05:49:45 -05:00
e5a4c2d341
Make auto_cl more selective based on HTTP method
...
According to https://tools.ietf.org/html/rfc7230#section-3.3.2 , a zero content-length is valid for some kinds of HTTP methods.
Instead of implicitly disabling auto_cl if there is no actual content, disable auto_cl default for HTTP methods where semantics of the message do not anticipate any content. This can still be overridden by a caller if it still wants to add an empty content-length for HTTP methods where it does not normally make sense (e.g. if it exploits a bug.)
2019-06-04 04:04:08 -05:00
d50cf542cf
automatic module_metadata_base.json update
2019-06-03 23:13:42 -07:00
b8abb550e6
Land #11924 , Update adobe_flash_opaque_background_uaf for Win 10
2019-06-04 00:51:34 -05:00
191d73f3ef
Update rex-exploitation
2019-06-04 00:40:01 -05:00
30a0f25eae
automatic module_metadata_base.json update
2019-06-03 17:13:46 -07:00
17170e2152
Land #11937 , make content-length header optional
2019-06-03 18:56:27 -05:00
ff1630ad14
Implement bind TCP with RC4 decryption for x64
...
Update metasm generated shellcode blocks to cobble together an
RC4 decryption routine with a bind-socket handler for x64 targets.
Expose via new payload module
2019-06-03 18:06:53 -04:00
6f711dfab4
Land #11918 , replace trivial usage of expand_path with getenv
...
Merge branch 'land-11918' into upstream-master
2019-06-03 16:59:39 -05:00
b176948c3c
Refactor more binary blobs
2019-06-03 16:54:33 -05:00
deb31d77c3
Use the aliased name on instantiated modules
...
This creates a way for modules and the framework to see what name the
user entered to interact with a module.
2019-06-03 13:55:02 -05:00
2e36d90291
Add some less-verbose aliases
...
These aliases avoid duplicating the protocol in the module name.
2019-06-03 13:42:55 -05:00
cf59022936
Add aliases to modules
...
This allows modules that can be addressed by name to register possible
aliases for themselves by defining an `Aliases` constant in the top
level of the module.
2019-06-03 13:40:27 -05:00
c0d365aa46
Unify modules and cache with fullname method
2019-06-03 13:19:29 -05:00
61b5072e88
Add explicit check for NLA
2019-06-03 09:38:12 -05:00
d466ac990d
Use process_opts_workspace
2019-06-03 09:25:31 -05:00
5871dc0802
Fix nego when RDP Security is forced
2019-06-03 08:50:30 -05:00
e425547398
Add some files to the test that are not likely to be open
2019-06-03 08:25:46 -05:00
e11cc621ea
Add ensures
2019-06-03 03:51:08 -05:00
cdce03f42d
fix_os_check
2019-06-03 16:17:23 +09:00
22e8d3488d
Land #11862 , wordlists for wordpress plugin/theme directories
...
Add wordlists for enumerating WordPress plugin/theme directories
2019-06-03 00:54:43 -05:00
65a87b88ab
modify creds command to truncate long hashes
2019-06-02 21:38:41 -04:00
3589c4f4c7
avoid cracking hashes already cracked
2019-06-02 21:14:02 -04:00
Metasploit