6f31b1a110
Change default payload to reverse_bash
2019-02-03 06:18:31 +00:00
9c3368f325
Add Evince CBT File Command Injection module
2019-02-03 05:38:56 +00:00
90b9204703
Update DisclosureDate to ISO 8601 in my modules
...
Basic msftidy fixer:
diff --git a/tools/dev/msftidy.rb b/tools/dev/msftidy.rb
index 9a21b9e398..e9ff2b21e5 100755
--- a/tools/dev/msftidy.rb
+++ b/tools/dev/msftidy.rb
@@ -442,6 +442,8 @@ class Msftidy
# Check disclosure date format
if @source =~ /["']DisclosureDate["'].*\=\>[\x0d\x20]*['\"](.+?)['\"]/
d = $1 #Captured date
+ File.write(@full_filepath, @source.sub(d, Date.parse(d).to_s))
+ fixed('Probably updated traditional DisclosureDate to ISO 8601')
# Flag if overall format is wrong
if d =~ /^... (?:\d{1,2},? )?\d{4}$/
# Flag if month format is wrong
2018-11-16 12:18:28 -06:00
7bc98e0ea8
Fix formatting and convert a missed AKA reference
2018-10-05 03:22:08 -05:00
4c036e70c1
Fix http://seclists.org links to https://
...
I have no idea how this happened in my own code. I was seeing https://.
2018-09-15 18:54:45 -05:00
b3cd4a89ad
Move CVE ref to top as per ~standard~
2018-09-07 14:33:25 -05:00
68ca771764
Add CVE reference to ghostscript_failed_restore.rb
2018-09-07 14:24:15 -05:00
243267b2f5
Add Linux dropper target
2018-09-05 19:57:12 -05:00
61044e8bca
Refactor targets to align with current style
2018-09-05 19:56:32 -05:00
692ddc8b8b
Eschew updating imagemagick_delegate
...
The hype is over, and the target was provided as a bonus. Now update the
module language to reflect that.
2018-09-05 19:56:32 -05:00
1491f13bd5
Add Ghostscript failed restore exploit
2018-09-05 19:56:32 -05:00
1a3a4ef5e4
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
a40429158f
40% done
2017-08-28 20:17:58 -04:00
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
b8d80d87f1
Remove last newline after class - Make @wvu-r7 happy
2017-07-19 11:19:49 +01:00
4720d1a31e
OCD fixes - Spaces
2017-07-14 08:46:59 +01:00
04a701dba5
Check template file extension name
2017-05-26 07:31:34 -05:00
ee13195760
Update office_word_macro exploit to support template injection
2017-05-25 15:53:45 -05:00
64452de06d
Fix msf/core and self.class msftidy warnings
...
Also fixed rex requires.
2017-05-03 15:44:51 -05:00
7503f643cc
Deprecate windows/fileformat/office_word_macro
...
Please use exploits/multi/fileformat/office_word_macro instead,
because the new one supports OS X.
2017-02-16 12:32:14 -06:00
1d617ae389
Implement first pass of architecture/platform refactor
2016-10-28 07:16:05 +10:00
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e02167b1d9596c7
2016-07-15 12:00:31 -05:00
2b016e0216
Land #6812 , remove broken OSVDB references
2016-07-11 22:59:11 -05:00
d1281b6594
Chmod to remove the exec bit.
2016-06-30 10:43:46 -04:00
2480781409
pesky pry.
2016-06-27 01:55:49 -04:00
c2b4e22b46
updated with discovered changes from k kali & documentation update changes requested.
2016-06-27 01:53:20 -04:00
15a1a9ed71
Raise if payload.arch doesn't match expected
...
This is necessary when payload is a generic/* since we can't actually
figure out what we need the prefix/suffix to be because the generics are
a pain to extract the arch/platform info out of.
Also remove some unnecessary options.
2016-06-24 16:08:47 -05:00
3fb9eae687
EOL space if a ruby devil.
2016-06-23 15:40:16 -07:00
b38b116c9a
@ePaul comments added to description.
2016-06-23 15:33:11 -07:00
08d08d2c95
Fix Java payload generator
2016-06-23 14:51:26 -05:00
464808d825
First, put the RC data in the module proper
2016-06-23 14:43:37 -05:00
92c70dab6f
Real array, and fix PHP
2016-06-23 13:22:21 -05:00
ffabf26593
No Automatic target.
2016-06-23 12:50:23 -05:00
7a36d03fe3
Trying multi arch
2016-06-23 12:34:51 -05:00
47674c77ad
chmod 644 swagger_param_inject.rb
2016-06-23 11:49:16 -04:00
fbd0bc4308
updated as per @egypt & @todb-r7 recommendations.
2016-06-23 11:41:54 -04:00
fc79f3a2a9
Modify for only NodeJS
...
Not sure if we can do multiple arch's in the same module. Doesn't look
like it's possible today.
See rapid7#7015
2016-06-23 10:14:57 -05:00
579a3bcf7c
default payload is NOT text based, so do nothing with it.
2016-06-23 07:00:14 -07:00
47e4321424
CVE-2016-5641
2016-06-23 06:09:37 -07:00
816bc91e45
Resolve #6807 , remove all OSVDB references.
...
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.
Resolve #6807
2016-04-23 12:32:34 -05:00
3123175ac7
use MetasploitModule as a class name
2016-03-08 14:02:44 +01:00
f703fa21d6
Revert "change Metasploit3 class names"
...
This reverts commit 666ae14259
2016-03-07 13:19:55 -06:00
666ae14259
change Metasploit3 class names
2016-03-07 09:56:58 +01:00
4bbec88882
Various other one-off nonhuman author credits
...
[See #5012 ]
2015-04-02 15:25:47 -05:00
483a145d19
Fix msftidy issues.
2015-02-18 14:08:03 -06:00
f8609ab0ba
Add file format exploit for injecting code into unpackers.
2015-02-18 11:26:45 -06:00
0f27c63720
fix msftidy warnings
2014-12-12 13:16:21 +01:00
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
170608e97b
Fix first chunk of msftidy "bad char" errors
...
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
Brendan Coles