adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
16,877 Commits 27 Branches 1,043 Tags
f04df6300a916cd77c6f99d0680a0960a3dbfcdb
Commit Graph

752 Commits

Author SHA1 Message Date
jvazquez-r7 1913d60d65 multibrowser support 2013-02-21 01:13:25 +01:00
jvazquez-r7 bf216cca5c description and references updated 2013-02-20 18:14:53 +01:00
jvazquez-r7 d7b89a2228 added security level bypass 2013-02-20 17:50:47 +01:00
jvazquez-r7 d88ad80116 Added first version of cve-2013-0431 2013-02-20 16:39:53 +01:00
James Lee 9d4a3ca729 Fix a typo that broke this module against x64 
[SeeRM #7747]
 2013-02-19 19:22:42 -06:00
jvazquez-r7 221ce22f53 make msftidy happy 2013-02-15 19:01:58 +01:00
Tod Beardsley 8ddc19e842 Unmerge #1476 and #1444 
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.

First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.

FixRM #7752
 2013-02-11 20:49:55 -06:00
James Lee 5b3b0a8b6d Merge branch 'dmaloney-r7-http/auth_methods' into rapid7 2013-02-08 12:45:35 -06:00
James Lee 9b6f2fcd1d Use the install path to tell us the separator 
Fixes the java target on windows victims
 2013-02-08 12:10:42 -06:00
James Lee 5b398076ae Couple of fixes for windows 
* Catch IOError when chmod doesn't exist (i.e. Windows)
* Proper escaping for paths
 2013-02-08 11:52:50 -06:00
James Lee 071df7241b Merge branch 'rapid7' into sonicwall_gms 
Conflicts:
	modules/exploits/multi/http/sonicwall_gms_upload.rb

Adds a loop around triggering the WAR payload, which was causing some
unreliability with the Java target.
 2013-02-07 21:53:49 -06:00
James Lee 1f9a09d5dd Add a method to upload and exec in one step 2013-02-07 21:09:32 -06:00
James Lee 13d1045989 Works for java and native linux targets 2013-02-07 16:56:38 -06:00
James Lee b6c6397da3 typo 2013-02-06 19:21:20 -06:00
James Lee 1095fe198b Merge branch 'rapid7' into dmaloney-r7-http/auth_methods 2013-02-06 16:57:50 -06:00
HD Moore 80a8bab02f Correct the CVE reference 2013-02-05 10:37:24 -06:00
sinn3r 42912bf286 Merge branch 'jjarmoc-rails_methods' of github.com:jjarmoc/metasploit-framework into jjarmoc-jjarmoc-rails_methods 2013-02-04 16:50:01 -06:00
Jeff Jarmoc 9b30e354ea Updates HTTP_METHOD option to use OptEnum. 2013-02-04 15:32:36 -06:00
sinn3r 45db43d2b3 Merge branch 'msftidy/no-twitter-handles' of github.com:todb-r7/metasploit-framework into todb-r7-msftidy/no-twitter-handles 2013-02-04 14:21:40 -06:00
David Maloney 8d013d1034 Merge branch 'master' into http/auth_methods 2013-02-04 13:11:57 -06:00
David Maloney 4c1e630bf3 BasicAuth datastore cleanup 
cleanup all the old BasicAuth datastore options
 2013-02-04 13:02:26 -06:00
HD Moore 4c8811bb8a Add a debug target 2013-02-03 23:24:44 -06:00
HD Moore 191eed88bc Fix liberal matching expression on target 2013-02-03 21:50:03 -06:00
HD Moore 9379c68e51 Fix typo, auto-fingerprint, unconnected sockets 2013-02-03 21:23:05 -06:00
HD Moore 42c8a2d265 Add VU and blog references 2013-02-03 18:17:51 -06:00
HD Moore c24da99104 Update authors, add Richard (thanks!) 2013-02-03 18:13:28 -06:00
HD Moore 9e491f0b1c Add a fingerprint string and more comments 2013-02-03 18:03:32 -06:00
HD Moore 1f227243b8 Make it clear BadChars are ignored 2013-02-03 17:54:25 -06:00
HD Moore 214a60aa01 iFix spacing 2013-02-03 17:52:33 -06:00
HD Moore 94953d0450 Fix idents from copypasta 2013-02-03 17:48:13 -06:00
HD Moore 975230c9e7 Add the first module for unique_service_name() 2013-02-03 17:46:20 -06:00
RageLtMan ffb88baf4a initial module import from SV rev_ssl branch 2013-02-03 15:06:24 -05:00
Tod Beardsley e8def29b4f Dropping all twitter handles 
Also adds "pbot" as an accepted lowercase word. This will come up pretty
routinley for functions and stuff.
 2013-02-01 16:33:52 -06:00
jvazquez-r7 70b252dc7b Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2 2013-01-31 22:32:50 +01:00
egypt 5332e80ae9 Fix errant use of .to_s instead of .path 2013-01-31 14:18:42 -06:00
sinn3r 66ca906bfb This is a string, not a variable 2013-01-31 01:56:05 -06:00
sinn3r c174e6a208 Correctly use normalize_uri() 
normalize_uri() should be used when you're joining URIs.  Because if
you're merging URIs after it's normalized, you could get double
slashes again.
 2013-01-30 23:23:41 -06:00
sinn3r ec0db66fcb Merge branch 'patch-2' of github.com:jjarmoc/metasploit-framework into jjarmoc-patch-2 2013-01-30 12:36:53 -06:00
Jeff Jarmoc 55600ce276 Update modules/exploits/multi/http/rails_xml_yaml_code_exec.rb 
Remove unecessary include.  Tested against rails 3.2.10.
 2013-01-29 11:46:02 -06:00
Jeff Jarmoc 929814dabf Update modules/exploits/multi/http/rails_json_yaml_code_exec.rb 
Removes unnecessary include.  Tested on 3.0.19 and 2.3.15.
 2013-01-29 11:04:20 -06:00
Tod Beardsley 38785015e1 Missing period in description 2013-01-28 23:08:53 -06:00
James Lee 464d048eca Remove debugging print 2013-01-28 22:25:57 -06:00
James Lee dc19968555 Minor cleanups 2013-01-28 22:21:03 -06:00
James Lee c0757ce905 Add support for 2.x 2013-01-28 21:41:15 -06:00
James Lee 92c736a6a9 Move fork stuff out of exploit into payload mixin 
Tested xml against 3.2.10 and json against 3.0.19
 2013-01-28 21:34:39 -06:00
James Lee ee2579607a Working against 3.0.19 2013-01-28 21:05:14 -06:00
James Lee 044fefd02a Initial support for Java target 
Still some debugging junk, needs some more love.
 2013-01-28 00:02:26 -06:00
sinn3r 49aac302e6 normalize_uri() breaks URI parsing 
Please see: http://dev.metasploit.com/redmine/issues/7727
 2013-01-26 22:57:01 -06:00
jvazquez-r7 1bccc410a3 Merge branch 'module-movabletype_upgrade_exec' of https://github.com/kacpern/metasploit-framework into kacpern-module-movabletype_upgrade_exec 2013-01-24 15:02:48 +01:00
Kacper Nowak ba41ee9c83 - applied all the changes from #1363 
- some extra escaping for the sake of it
- removed the timeout in http_send_raw
 2013-01-24 13:15:42 +00:00