William Vu
7d17c5741b
Fix nginx_source_disclosure for full_uri
2015-11-25 11:19:27 -06:00
William Vu
035882702a
Fix barracuda_directory_traversal for full_uri
2015-11-25 11:18:17 -06:00
William Vu
7a5f6495d0
Fix axis_local_file_include for full_uri
2015-11-25 11:16:59 -06:00
William Vu
42d12a4d40
Fix apache_userdir_enum for full_uri
2015-11-25 11:16:22 -06:00
aushack
3ad7ef9814
Modify the printed URL to add https:// when SSL is used.
2015-11-25 12:46:56 +11:00
Kyle Gray
8923252de7
Land #6259 , NoMethodError in vim_soap.rb fix
...
We haven't been able to get the XML data that would cause the error, all we have is a backtrace. So "verification" is purely code reading. Thanks @wchen-r7
Fixes #6085
Merge remote-tracking branch 'origin/pr/6259'
2015-11-24 17:33:35 -06:00
James Lee
bd9ebeea53
Land #5851 , meterpreter dispatcher queue
2015-11-24 15:32:15 -06:00
Brent Cook
7ad8adf67f
Land #6240 , change default SMBDomain to '.'
2015-11-24 12:58:46 -06:00
Louis Sato
55b3e10390
Land #6258 , smart_migrate enhancement
2015-11-24 11:30:29 -06:00
William Vu
16e6ced867
Land #6108 , OpenVPN creds scraper
2015-11-23 14:25:19 -06:00
William Vu
601d4fda9f
Add note about --auth-nocache
2015-11-23 14:24:26 -06:00
Louis Sato
5303079ba4
Land #6262 , local exploit add not implemented error
2015-11-23 14:23:13 -06:00
Louis Sato
2305e6048b
Land #6261 , module ref verbose + timeout opts
2015-11-23 13:07:29 -06:00
Louis Sato
493e476a43
Land #6243 , check nil for sock.read
2015-11-23 11:15:51 -06:00
Brent Cook
5654b6b2e2
Land #6227 , reverse_hop_http updates and HTTPS unification
2015-11-23 06:29:15 -06:00
Brent Cook
25f2241aa3
Land #6246 , show the user errors from create_session
2015-11-23 06:01:08 -06:00
Brent Cook
674f58ba87
Land #6273 , update hdm account info
2015-11-23 05:47:06 -06:00
HD Moore
353cad2cc6
Update to match active & github account merge
2015-11-22 13:38:26 -06:00
wchen-r7
81c4aeedc1
Land #6270 , Update Wordpress module titles
2015-11-21 21:37:28 -06:00
aushack
1410d03386
Fixed msftidy capitalisation.
2015-11-22 14:32:51 +11:00
aushack
fc46ce0ced
Bring module title in line with other WP modules.
2015-11-22 13:39:45 +11:00
Jon Cave
c03ff13377
Don't wait if the response has already been set
...
Fixes a race condition which could leave the waiter sitting indefinitely
if notify() is called before wait().
2015-11-21 14:21:42 +00:00
Jon Cave
12b24fecee
Return true/false if a waiter was/wasn't notified
...
The method is used as follows:
if notify_response_waiter(response)
# Proceed as if a waiter was notified
end
Previously the return value would be `nil` whenever the loop broke early
due to a waiter being found. This meant that the dispatcher thread often
believed that a packet was not being handled. As a result the
backlog == incomplete sleep kicked in unnecessarily.
2015-11-21 14:20:51 +00:00
Jon Cave
6509696eb1
Switch back to Mutex/CV for response waiters
...
Makes use of the wait() method's timeout parameter instead of using the
Timeout class.
2015-11-21 14:20:51 +00:00
Jon Cave
640a302b78
Switch to a Queue for the dispatcher's packet queue
...
The select() based sleep can be replaced by a blocking pop(). The thread
will be suspended until data is pushed onto the queue.
2015-11-21 14:20:51 +00:00
wchen-r7
b636aeb303
rm print_warning
2015-11-20 19:38:33 -06:00
William Vu
b2d6458f50
Land #6129 , Joomla SQLi RCE
2015-11-20 14:30:23 -06:00
wchen-r7
d405f31c35
Add a NotImplementedError if run is used to run a local exploit
...
Running a local exploit like a post is not currently supported,
we should at least raise a warning or something, and not just
let it backtrace and confuse the user.
2015-11-19 14:31:31 -06:00
wchen-r7
467267b3be
Fix #6260 , add timeout and verbose option
...
Fix #6260
2015-11-19 11:30:16 -06:00
William Vu
7c5d292e42
Land #6201 , chkrootkit privesc
2015-11-19 10:37:30 -06:00
sammbertram
f1675f9ae4
Minor enhancement to smart_migrate
...
Adding a check to see if the user is currently already migrated to the "explorer.exe" and "winlogon.exe" processes prior to attempting migration.
2015-11-19 13:30:12 +00:00
Jon Hart
8d1f5849e0
Land #6228 , @m0t's module for F5 CVE-2015-3628
2015-11-18 15:39:40 -08:00
Jon Hart
ae3d65f649
Better handling of handler creation output
2015-11-18 15:31:32 -08:00
Jon Hart
bcdf2ce1e3
Better handling of invulnerable case; fix 401 case
2015-11-18 15:24:41 -08:00
wchen-r7
fc16a904a3
Land #6252 , Add SLEEP_TIME option for registry_persistence.rb
2015-11-18 15:32:19 -06:00
wchen-r7
3c72135a2f
No to_i
...
What happens here is it converts to a Fixnum, and then it converts
back to a String anway because it's in a String.
2015-11-18 15:25:18 -06:00
m0t
26c88368f7
Merge pull request #7 from jhart-r7/pr/fixup-6228
...
print_ improvements, better cleanup and prevent multiple sessions
2015-11-18 22:04:56 +01:00
Jon Hart
deec836828
scripts/handlers cannot start with numbers
2015-11-18 12:31:46 -08:00
Jon Hart
7399b57e66
Elminate multiple sessions, better sleep handling for session waiting
2015-11-18 12:23:28 -08:00
Jon Hart
e4bf5c66fc
Use slightly larger random script/handler names to avoid conflicts
2015-11-18 11:51:44 -08:00
Jon Hart
e7307d1592
Make cleanup failure messages more clear
2015-11-18 11:44:34 -08:00
Jon Hart
0e3508df30
Squash minor rubocop gripes
2015-11-18 11:05:10 -08:00
Jon Hart
f8218f0536
Minor updates to print_ output; wire in handler_exists;
2015-11-18 11:05:10 -08:00
Jon Hart
392803daed
Tighten up cleanup code
2015-11-18 11:05:10 -08:00
William Vu
657e50bb86
Clean up module
2015-11-18 12:50:57 -06:00
m0t
c0d9c65ce7
always overwrite the payload file
2015-11-18 18:48:34 +00:00
wchen-r7
0cda20c9e2
Fix everything pointed out by @jlee-r7
2015-11-18 12:02:28 -06:00
sammbertram
a484b318eb
Update registry_persistence.rb
2015-11-18 16:13:18 +00:00
sammbertram
1fe8bc9cea
Added a SLEEP_TIME option
...
Added a SLEEP_TIME options which is the number of seconds to sleep prior to executing the initial IEX request. This is useful in cases where a machine would have to establish a VPN connection, initiated by the user, after a reboot.
Alternatively, as opposed to a sleep time, it could have a loop that attempts to retry for a certain period of item.
2015-11-18 11:17:57 +00:00
m0t
109a733a4e
Merge pull request #6 from jhart-r7/pr/fixup-6228
...
More cleanup of F5 BIG-IP iCall privilege escalation vulnerability (CVE-2015-3628)
2015-11-18 09:50:37 +01:00