5e8da09b2d
Allow some modules to use the old encoder
2014-07-22 14:28:11 -05:00
0db3a0ec97
Update code to reflect @jlee-r7's code review
2014-07-22 15:14:24 -04:00
125b2df8f5
Update code to reflect @hdmoore code suggestions
2014-07-22 14:53:24 -04:00
7f79e58e7f
Lots and cleanups based on PR feed back
2014-07-22 14:45:00 -04:00
b0f8d8eaf1
Delete debug print_status
2014-07-22 13:29:00 -05:00
f546eae464
Modify encoders to allow back compatibility
2014-07-22 13:27:12 -05:00
a6479a77d6
Implented feedback from @jhart-r7
2014-07-22 19:49:58 +02:00
5d9c6bea9d
Fix a typo and use the execute_shellcode function
2014-07-22 13:06:57 -04:00
12904edf83
Remove unnecessary target info and add url reference
2014-07-22 11:20:07 -04:00
baff003ecc
extracted check version to module
...
also added some wordpress specs and applied
rubocop
2014-07-22 17:02:35 +02:00
ca0dcf23b0
Add a simple check method for cve-2014-4971
2014-07-22 10:54:10 -04:00
6a545c2642
Clean up the mqac escalation module
2014-07-22 10:39:34 -04:00
da4eb0e08f
First commit of MQAC arbitrary write priv escalation
2014-07-22 10:04:12 -04:00
ae2cd63391
Refactored Jboss mixin
...
Moved TARGETURI option to the JBoss mixin. The mixin now includes
Msf::Exploit::Remote::HttpClient which provides USERNAME and PASSWORD
2014-07-21 23:41:58 +02:00
6048f21875
Land #3552 - Correct DbVisualizer title name
2014-07-21 13:07:33 -05:00
a41768fd7d
Correct DbVisualizer title name
...
I think "DbVis Software" is the name of the company and the product
itself is called DbVisualizer.
Also fixed the description on the WPTouch module.
2014-07-21 12:35:01 -05:00
b0a596b4a1
Update newer modules
2014-07-20 21:59:10 +01:00
474ee81807
Merge remote-tracking branch 'upstream/master' into pr2075
2014-07-20 21:01:54 +01:00
a809c9e0b5
Changed to vprint and added comment
2014-07-18 22:15:56 +02:00
c6e129c622
Fix rubocop warnings
2014-07-18 21:58:33 +02:00
088f208c7c
Added auxiliary module jboss_bshdeployer
...
The module allows to deploy a WAR (a webshell for instance) using the
BSHDeployer.
Also refactored modules/exploits/multi/http/jboss_bshdeployer.rb to
use the new Mixin (lib/msf/http/jboss).
2014-07-18 11:51:46 +02:00
58adc350b5
Refactor: Creation of a JBoss mixin
...
The jboss_bsheployer as is does not allow to deploy a custom WAR file.
It is convenient when ports are blocked to be able to deploy a webshell
instead of just launching a payload. This will require a auxiliary
module which will use the JBoss mixin methods.
2014-07-18 00:56:32 +02:00
2be6eb16a2
Add in exploit check and version checks
...
Move the initial checking for the vboxguest device and os checks
into the MSF check routine.
2014-07-17 14:56:34 -04:00
b050b5d1df
Rubocop -a on MS08-067
...
This reduces the number of style guide violations from 230ish to 36.
Nearly all of it has to do with errant parameters, element alignment,
and comment blocks.
Obviously, since this was all automatically fixed, some pretty severe
testing should occur before landing this.
I kind of don't like the automatic styling of the arrays for the
references, but maybe I can get used to it. It's open for discussion.
@jhart-r7 please take a look at this as well -- anything jumping out at
you on this that we should be avoiding for Rubocop?
2014-07-17 12:29:20 -05:00
bea660ad4d
Added possibility to upload a custom WAR file
...
Added 2 options, one for uploading a custom WAR file. The other
to specify if you want or not to undeploy the war at the end of
the exploit.
The module as is does not allow to deploy a custom WAR file. It is
convenient when ports are blocked to be able to deploy a webshell
instead of just launching a payload.
2014-07-17 17:13:19 +02:00
bebf11c969
Resolves some Login::Status migration issues
...
MSP-10730
2014-07-16 21:52:08 -05:00
a07656fec6
Land #3536 , msftidy INFO messages aren't blockers
2014-07-16 17:57:48 -05:00
58558e8dfa
Allow INFO msftidy messages
...
INFO level messages should not block commits or be complained about on
merges. They should merely inform the user.
2014-07-16 15:29:23 -05:00
8733dcb2f8
Land #3531 - Windows 2008 Update for HP AutoPass License
2014-07-16 15:13:05 -05:00
ff6c8bd5de
Land #3479 , broken sock.get fix
2014-07-16 14:57:32 -05:00
b6ded9813a
Remove EOL whitespace
2014-07-16 14:56:34 -05:00
25f74b79b8
Land #3484 , bad pack/unpack specifier fix
2014-07-16 14:52:23 -05:00
7583ed4950
Merge remote-tracking branch 'upstream/master' into pr2075
2014-07-16 20:34:34 +01:00
6d49f6ecdd
Update code to reflect hdmoore's code review.
2014-07-16 14:29:17 -04:00
82abe49754
Mark windows/misc/psh_web_delivery as deprecated
2014-07-16 14:02:05 -04:00
52a29856b3
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-16 09:38:44 -05:00
cef2c257dc
Add CVE-2014-2477 local privilege escalation
2014-07-16 05:49:19 -04:00
6d05a24653
Add target information
2014-07-15 17:45:45 -05:00
f8e47a5c61
Land #3524 - WPTouch fileupload exploit
2014-07-15 16:29:59 -05:00
e58100fe85
Land #3419 , multi script delivery module by @jakxx
2014-07-15 17:07:51 -04:00
1a8d73fca8
Minor whitespace and grammar changes
2014-07-15 17:00:28 -04:00
604a612393
Have into account differences between windows default installs
2014-07-15 15:03:07 -05:00
c1f612b82a
Use vprint_ instead of print_
2014-07-15 06:58:33 +02:00
144c6aecba
Added WPTouch fileupload exploit
2014-07-14 21:35:18 +02:00
6c595f28d7
Set up a proper peer method
2014-07-14 13:29:07 -05:00
5c101794d6
Fix Solaris sadmind_exec.rb
2014-07-13 17:49:46 +01:00
1b7008dafa
typo in name
2014-07-13 13:24:54 +02:00
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
eb9d2f130c
Change title
2014-07-11 12:03:09 -05:00
a356a0e818
Code cleanup
2014-07-11 12:00:31 -05:00
jvazquez-r7