71fab72e06
Delete duplicate content-length from axis2_deployer
2013-10-21 15:35:51 -05:00
2aed8a3aea
Update modules to use new ZDI reference
2013-10-21 15:13:46 -05:00
10a4ff41de
Delete Content-Length duplicate header
2013-10-21 15:11:37 -05:00
9695b2d662
Added check method
...
The method checks to see if the user is a part of the admin group. If
the user is the exploit continues, if not the exploit stops because it
will prompt the user for a password instead of just clicking ok.
2013-10-21 11:57:50 -07:00
1599d1171d
Land #2558 - Release fixes
2013-10-21 13:48:11 -05:00
c1954c458c
Just warn, don't bail
...
Even if the OS detection returns non-Win7, maybe it's Win 8 or something
where it'll still work. We rarely bail out on checks like these.
If I'm crazy, feel free to skip or revert this commit (it shouldn't hold
up the release at all)
For details on this module, see #2503 . I don't see any comments about
this line in particular
2013-10-21 13:39:45 -05:00
bce8d9a90f
Update license comments with resplat.
2013-10-21 13:36:15 -05:00
c070108da6
Release-related updates
...
* Lua is not an acronym
* Adds an OSVDB ref
* credit @jvazquez-r7, not HD, for the Windows CMD thing
2013-10-21 13:33:00 -05:00
4c14595525
Land #2535 - Use %PATH% for notepad
2013-10-21 13:14:44 -05:00
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
e7d3206dc9
Revert "Land #2505 " to resolve new rspec fails
...
This reverts commit 717dfefead6430fa3354
2013-10-21 12:47:57 -05:00
cacaf40276
Land #2542 - D-Link DIR-605L Captcha Handling Buffer Overflow
2013-10-21 12:03:07 -05:00
9bfd98b001
Change plate
2013-10-21 11:54:42 -05:00
717dfefead
Land #2505 , missing source fix for sock_sendpage
2013-10-21 11:47:55 -05:00
6430fa3354
Land #2539 - Support Windows CMD generic payload
...
This also upgrades auxiliary/admin/scada/igss_exec_17 to an exploit
2013-10-21 11:26:13 -05:00
45d06dd28d
Change plate
2013-10-21 11:24:30 -05:00
8c05f8cf51
Land #2550 - Add HP Intelligent Managemetn UploadServlet dir traversal
2013-10-21 11:14:22 -05:00
d22e4ac2f1
Check timeout condition
2013-10-21 11:13:48 -05:00
36dace26fa
Land #2538 - Fix redirect URLs
2013-10-21 11:08:03 -05:00
27078eb5a6
Add support for HP imc /BIMS 5.1
2013-10-20 18:18:34 -05:00
6881774c03
Updated with comments from jlee-r7 and Meatballs1
...
Added fail_with instead of just print_error
figured a way to execute the cmd_psh_payload with out using gsub
added case statment for datastore['TECHNIQUE']
2013-10-20 01:15:51 -07:00
6de279733c
Merge branch 'local/ask'
2013-10-19 10:51:55 -07:00
a5dc75a82e
Added PSH option to windows/local/ask exploit
...
Gives you the ability to use powershell to 'ask' for admin rights if the
user has them. Using powershell makes the pop up blue instead of orange
and states that the company is Microsoft, it also doesn't drop an exe
on the system. Looks like 32 bit https works but if you migrate out you
loose priv and if you run cachedump the session hangs.
2013-10-19 00:15:38 -07:00
b0d32a308a
Update version information
2013-10-19 00:52:22 -05:00
7d8a0fc06c
Add BID reference
2013-10-19 00:29:43 -05:00
cf239c2234
Add module for ZDI-13-238
2013-10-19 00:05:09 -05:00
70fced1d74
Delete unnecessary requires and make msftidy compliant
2013-10-18 16:54:20 -05:00
dbd74bceed
Add the ARCH_CMD target
2013-10-18 16:35:22 -05:00
2339cdc713
Land #2513 , @joev-r7's osx persistence local exploit
2013-10-18 15:13:50 -05:00
83f27296d3
Fix some bugs in osx persistence.
...
- the RUN_NOW datastore option did not work as expected
- Adds support for OSX < 10.4 KeepAlive option
- organizes private methods alphabetically.
2013-10-18 14:12:33 -05:00
4e4d0488ae
Rubyfy constants in privs lib
2013-10-18 18:26:07 +01:00
681db6cb41
Use fully qualified constant in include.
2013-10-18 11:31:02 -05:00
05bea41458
mkdir -p the dirname, not the file.
2013-10-18 11:27:37 -05:00
2e0a14d719
Introduced PrependMigrate, PPID killing and general clean-up
2013-10-18 12:24:50 -04:00
9d6031acdb
Reverting payload_inject because of x64 shellcode
...
Injecting x64 shellcode in a SYSWOW64 process spawn a 32 bit notepad, so
we revert the changes.
2013-10-18 09:51:18 +02:00
7a47059e1d
Fix a couple more shellescapes.
2013-10-18 00:47:22 -05:00
a2e3c6244e
Remove unnecessary Exe::Custom logic.
...
- this is handled by the exe.rb mixin.
- adds support for a RUN_NOW datastore option.
- tested working on java meterpreter and x86 shell session.
2013-10-18 00:41:18 -05:00
7dd39ae5e6
Update ranking
2013-10-17 22:43:47 -05:00
a00a813649
Add real device libraries base addresses
2013-10-17 22:34:54 -05:00
55426882d4
Further bypassuac tidyup
2013-10-18 00:08:06 +01:00
e450e34c7e
Merge branch 'master' of github.com:rapid7/metasploit-framework into low_integ_bypassuac
...
Conflicts:
modules/exploits/windows/local/bypassuac.rb
2013-10-17 23:35:36 +01:00
5a662defac
Post::Privs uses Post::Registry methods
2013-10-17 23:28:07 +01:00
b3cc9f6f1e
Use sysnative to delete the cryptbase.dll when in SYSWOW64 process.
...
Merge branch 'master' of github.com:Meatballs1/metasploit-framework into bypassuac_redo
Conflicts:
modules/exploits/windows/local/bypassuac.rb
2013-10-17 21:01:57 +01:00
94db3f511a
Avoid extra slash in redirect URI
...
[SeeRM #8507 ]
2013-10-17 14:10:15 -05:00
be1d6ee0d3
Support Windows CMD generic payload
2013-10-17 14:07:27 -05:00
22b4bf2e94
Resplat webtester_exec.rb
2013-10-17 13:30:54 -05:00
07ab53ab39
Merge from master to clear conflict
...
Conflicts:
modules/exploits/windows/brightstor/tape_engine_8A.rb
modules/exploits/windows/fileformat/a-pdf_wav_to_mp3.rb
2013-10-17 13:29:24 -05:00
7f6dadac16
Merge for sync
2013-10-17 10:40:01 -05:00
b03783baec
minors fixes and rand for endstring
2013-10-17 17:10:05 +02:00
22eb2ba163
randstring and fixes
2013-10-17 16:51:34 +02:00
jvazquez-r7