eea8fa86dc
unify the SSLVersion fields between modules and mixins
...
Also actually handle the 'Auto' option that we had in the crawler and remove
hardcoded defaults in modules that do not need them.
2016-03-06 22:06:27 -06:00
c7c0e12bb3
remove various module hacks for the datastore defaults not preserving types
2016-03-05 23:11:39 -06:00
bc7bf28872
Land #6591 , don't require username for wrt110 cmd exec module
2016-02-18 20:20:15 -06:00
3b9502cb1d
Don't require username in wrt110 module.
2016-02-18 18:45:04 -06:00
3d1861b3f4
Land #6526 , integrate {peer} string into logging by default
2016-02-15 15:19:26 -06:00
5b3fb99231
Land #6549 , module option for X-Jenkins-CLI-Port
2016-02-10 10:34:33 -06:00
c67360f436
Remove extraneous whitespace
2016-02-10 09:44:01 -06:00
1d6b782cc8
Change logic
...
I just can't deal with this "unless" syntax...
2016-02-08 18:40:48 -06:00
d60dcf72f9
Resolve #6546 , support manual config for X-Jenkins-CLI-Port
...
Resolve #6546
2016-02-08 18:16:48 -06:00
12256a6423
Remove now-redundant peer
...
These all include either Msf::Exploit::Remote:Tcp or Msf::Exploit::Remote:HttpClient
2016-02-01 15:12:03 -06:00
d51be6e3da
Fixing typo
...
This commit fixes a typo in the word "service"
2016-01-28 16:44:42 -06:00
1ef7aef996
Fixing User : Pass delimiter
...
As per the PR comments, this commit replaces the user and
pass delimiter from "/" to ":"
2016-01-27 17:20:58 -06:00
4560d553b5
Fixing more issues from comments
...
This commit includes more minor fixes from the github
comments for this PR.
2016-01-24 19:43:02 -06:00
d877522ea5
Fixing various issues from comments
...
This commit fixes issues with specifying "rhost:rport",
replacing them instead with "peer". Also, a couple of
"Unknown" errors were replaced with "UnexpectedReply".
2016-01-23 13:43:09 -06:00
a5a2e7c06b
Fixing Disclosure Date
...
Disclosure date was in incorrect format, this commit
fixes the issue
2016-01-23 11:41:05 -06:00
8c8cdd9912
Adding Dlink DCS Authenticated RCE Module
...
This module takes advantage of an authenticated HTTP RCE
vulnerability to start telnet on a random port. The module
then connects to that telnet session and returns a shell.
This vulnerability is present in version 2.01 of the firmware
and resolved by version 2.12.
2016-01-23 11:15:23 -06:00
7259d2a65c
Use unless instead of if !
2016-01-05 13:05:01 -06:00
7907c93047
Add D-Link DCS-931L File Upload module
2016-01-05 04:15:38 +00:00
27a6aa0be1
Fix current msftidy warnings about PACKETSTORM vs URL
2015-12-24 09:05:02 -08:00
efdb6a8885
Land #6392 , @wchen-r7's 'def peer' cleanup, fixing #6362
2015-12-24 08:53:32 -08:00
e4f9594646
Land #6331 , ensure generic payloads raise correct exceptions on failure
2015-12-23 15:43:12 -06:00
cea3bc27b9
Fix #6362 , avoid overriding def peer repeatedly
...
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
ab3fe64b6e
Add method peer for jenkins_java_deserialize.rb
2015-12-15 01:18:27 -06:00
bd8aea2618
Fix check for jenkins_java_deserialize.rb
...
This fixes the following:
* nil return value checks
* handle missing X-Jenkins-CLI-Port scenario more properly
* proper HTTP path normalization
2015-12-14 11:25:59 -06:00
eb4611642d
Add Jenkins CLI Java serialization exploit module
...
CVE-2015-8103
2015-12-11 14:57:10 -06:00
a5c6e260f2
Update hp_vsa_login_bof.rb
...
Updated reference URL to latest location
2015-12-10 10:56:39 -05:00
11c1eb6c78
Raise Msf::NoCompatiblePayloadError if generate_payload_exe fails
...
Most exploits don't check nil for generate_payload_exe, they just
assume they will always have a payload. If the method returns nil,
it ends up making debugging more difficult. Instead of checking nil
one by one, we just raise.
2015-12-08 21:13:23 -06:00
385378f338
Add reference to Rapid7 advisory
2015-12-01 11:37:27 -06:00
9dbf7cb86c
Remove the SSL option (not needed)
2015-12-01 11:34:03 -06:00
758e7c7b58
Rename
2015-12-01 11:33:45 -06:00
ea2174fc95
Typo and switch from raw -> encoded
2015-12-01 10:59:12 -06:00
16d0d53150
Update Shellshock modules, add Advantech coverage
2015-12-01 10:40:46 -06:00
8d1f5849e0
Land #6228 , @m0t's module for F5 CVE-2015-3628
2015-11-18 15:39:40 -08:00
ae3d65f649
Better handling of handler creation output
2015-11-18 15:31:32 -08:00
bcdf2ce1e3
Better handling of invulnerable case; fix 401 case
2015-11-18 15:24:41 -08:00
deec836828
scripts/handlers cannot start with numbers
2015-11-18 12:31:46 -08:00
7399b57e66
Elminate multiple sessions, better sleep handling for session waiting
2015-11-18 12:23:28 -08:00
e4bf5c66fc
Use slightly larger random script/handler names to avoid conflicts
2015-11-18 11:51:44 -08:00
e7307d1592
Make cleanup failure messages more clear
2015-11-18 11:44:34 -08:00
0e3508df30
Squash minor rubocop gripes
2015-11-18 11:05:10 -08:00
f8218f0536
Minor updates to print_ output; wire in handler_exists;
2015-11-18 11:05:10 -08:00
392803daed
Tighten up cleanup code
2015-11-18 11:05:10 -08:00
c0d9c65ce7
always overwrite the payload file
2015-11-18 18:48:34 +00:00
e21bf80ae4
Squash a rogue space
2015-11-17 14:17:59 -08:00
3396fb144f
A little more simplification/cleanup
2015-11-17 14:16:29 -08:00
dcfb3b5fbc
Let Filedropper handle removal
2015-11-17 13:01:06 -08:00
715f20c92c
Add missing super in setup
2015-11-16 14:45:13 -08:00
902951c0ca
Clean up description; Simplify SOAP code more
2015-11-16 11:06:45 -08:00
1aa1d7b5e4
Use random path for payload
2015-11-16 10:57:48 -08:00
ee5d91faab
Better logging when exploit gets 401
2015-11-16 10:41:48 -08:00
Brent Cook