adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46,254 Commits 27 Branches 1,043 Tags
94de5a4e42cfb1dc0fdfc1233707f71b6d9a628b
Commit Graph

1562 Commits

Author SHA1 Message Date
Julian Vilas e0ee31b388 Modify print_error by fail_with 2014-05-01 20:19:31 +02:00
Julian Vilas 3374af83ab Fix typos 2014-05-01 19:44:07 +02:00
Julian Vilas bd39af3965 Fix target ARCH_JAVA and remove calls to sleep 2014-05-01 00:51:52 +02:00
julianvilas 8e8fbfe583 Fix msf-staff comments 2014-04-29 17:36:04 +02:00
julianvilas b2c2245aff Add comments 2014-04-29 11:24:17 +02:00
Julian Vilas a78aae08cf Add CVE-2014-0094 RCE for Struts 2 2014-04-29 03:58:04 +02:00
Julian Vilas 17a508af34 Add CVE-2014-0094 RCE for Struts 2 2014-04-29 03:50:45 +02:00
Tom Sellers 8f47edb899 JBoss_Maindeployer: improve feedback against CVE-2010-0738 
The exploit against CVE-2010-0738 won't work when using GET or POST.  In the existing code the request would fail and the function would return a nil.  This would be passed to detect_platform without being checked and cause the module to crash ungracefully with the error:

Exploit failed: NoMethodError undefined method `body' for nil:NilClass

The first changes detect a 401 authentication message and provide useful feedback.  Given that if, in any case, 'res' is not a valid or useful response the second change just terminates processing.

I've stayed with the module's coding style for consistency.
 2014-04-24 12:37:14 -05:00
Tod Beardsley 062175128b Update @Meatballs and @FireFart in authors.rb 2014-04-09 10:46:10 -05:00
sinn3r 4012dd0acc Fix everything that needs to be fixed 2014-04-08 14:57:42 -05:00
dummys ca7dcc0781 cleanup with msftidy 2014-04-06 12:41:58 +02:00
dummys c90c49e319 Add vtiger install rce 0 day 2014-04-04 10:16:55 +02:00
Tod Beardsley d27264b402 Land #2782, fix expand_path abuse 2014-03-19 08:41:28 -05:00
Tod Beardsley c916b62f47 Removes hash rockets from references. 
[SeeRM #8776]
 2014-03-17 09:40:32 -05:00
William Vu 170608e97b Fix first chunk of msftidy "bad char" errors 
There needs to be a better way to go about preventing/fixing these.
 2014-03-11 11:18:54 -05:00
OJ 3ea3968d88 Merge branch 'upstream/master' into stop_abusing_expand_path 
Conflicts:
	lib/msf/core/post/windows/shadowcopy.rb
	modules/exploits/windows/local/bypassuac.rb
	modules/post/windows/gather/wmic_command.rb
	modules/post/windows/manage/persistence.rb
 2014-03-11 23:13:39 +10:00
jvazquez-r7 c981bbeab9 Land #3011, @wchen-r7's fix for Dexter exploit 2014-02-24 10:53:10 -06:00
jvazquez-r7 998fa06912 Land #2998, @bit4bit's fix for the vtigercrm exploit 2014-02-20 08:36:05 -06:00
jvazquez-r7 0b27cd13e8 Make module work 2014-02-20 08:35:37 -06:00
sinn3r ed2ac95396 Always replace \ with / for Dexter exploit 
Fix for the following:
https://github.com/rapid7/metasploit-framework/commit/48199fec271006ed66c4de639cd39e41f05df511#commitcomment-5419010
 2014-02-19 09:24:07 -06:00
jvazquez-r7 4ca4d82d89 Land #2939, @Meatballs1 exploit for Wikimedia RCE and a lot more... 2014-02-18 17:48:02 -06:00
Tod Beardsley a863d0a526 Pre-release fixes, including msftidy errors. 2014-02-18 14:02:37 -06:00
sinn3r 52ac85be11 Land #2931 - Oracle Forms and Reports RCE 2014-02-17 08:54:23 -06:00
sinn3r 110ffbf342 Indent looks off for this line 2014-02-17 08:53:29 -06:00
sinn3r 632ea05688 100 columns 2014-02-17 08:52:56 -06:00
sinn3r 8da7ba131b In case people actually don't know what RCE means 2014-02-17 08:51:48 -06:00
sinn3r 73459baefd Add OSVDB references 2014-02-17 08:50:34 -06:00
Mekanismen fb7b938f8e check func fixed 2014-02-17 15:11:56 +01:00
Mekanismen e27d98368e fixed local server issues 2014-02-16 18:26:08 +01:00
Mekanismen e40b9e5f37 updated and improved 2014-02-16 16:24:39 +01:00
Jovany Leandro G.C 74344d6c7e vtigerolservice.php to vtigerservice.php 
using direct soap/vtigerolservice.php not work..php need require('config.php');
 2014-02-15 20:36:36 -05:00
Mekanismen b7d69c168c bugfix and user supplied local path support 2014-02-15 16:24:59 +01:00
sinn3r 48199fec27 Change URL identifier, and make the user choose a target 2014-02-14 17:15:00 -06:00
jvazquez-r7 ff267a64b1 Have into account the Content-Transfer-Encoding header 2014-02-12 12:40:11 -06:00
bwall 783e62ea85 Applied changes from @wchen-r7's comments 2014-02-11 10:14:52 -08:00
jvazquez-r7 51df2d8b51 Use the fixed API on the mediawiki exploit 2014-02-11 08:28:58 -06:00
jvazquez-r7 79d559a0c9 Fix MIME message to_s 2014-02-10 22:23:23 -06:00
bwall 13fadffe7e Dexter panel (CasinoLoader) SQLi to PHP code exec - Initial 2014-02-10 13:44:30 -08:00
jvazquez-r7 8ece4a7750 Delete debug print 2014-02-10 08:57:45 -06:00
jvazquez-r7 57320a59f1 Do small clean up for mediawiki_thumb pr 2014-02-10 08:57:09 -06:00
Meatballs dcff06eba1 More verbose failure messages 2014-02-07 23:59:28 +00:00
Meatballs 783a986a19 Windows and auto target up and running 2014-02-07 23:26:57 +00:00
Meatballs a0f47f6b2b Correct error check logic 2014-02-07 22:06:53 +00:00
Meatballs 443a51bbf5 Undo revert from merge 2014-02-07 21:28:04 +00:00
Meatballs 56359aa99f Merge changes from other dev machine 2014-02-07 21:22:44 +00:00
Meatballs a4cc75bf98 Potential .pdf support 2014-02-07 20:37:44 +00:00
Meatballs e13520d7fb Handle a blank filename 2014-02-07 20:15:32 +00:00
Meatballs 103780c3da Merge remote-tracking branch 'upstream/master' into mediawiki 2014-02-07 20:07:04 +00:00
Meatballs 0a3cb3377f AppendEncoder 2014-02-04 15:41:10 +00:00
Meatballs 26c506da42 Naming of follow method 2014-02-04 15:25:51 +00:00