Miroslav Stampar
|
a1e80e77a1
|
fix for HTTP_POST_FILES issue ( added if (phpversion() < '4.1.0')...else... )
|
2010-02-04 13:08:48 +00:00 |
|
Miroslav Stampar
|
87239476af
|
more fixes :)
|
2010-02-04 10:10:41 +00:00 |
|
Miroslav Stampar
|
e4699f389d
|
some bug fixes regarding --os-shell usage against windows servers
|
2010-02-04 09:49:31 +00:00 |
|
Miroslav Stampar
|
ea045eaa2f
|
fixed serious issue with adding file paths into kb.absFilePaths (dirname was wrongly added, and afterwards getDirs used dirname of dirname)
also, fixed some issues with Windows paths
|
2010-02-03 16:40:12 +00:00 |
|
Miroslav Stampar
|
7c88e32f9d
|
bug fix for 404 program termination during shell upload attempt
|
2010-02-03 16:16:34 +00:00 |
|
Miroslav Stampar
|
565433097e
|
used normalizePath instead of os.path.normalize
|
2010-02-03 16:10:09 +00:00 |
|
Miroslav Stampar
|
494e014a4a
|
minor update
|
2010-02-03 16:04:44 +00:00 |
|
Miroslav Stampar
|
8b0d31a6b7
|
fix for cases where both posix and nt path versions of windows paths are in parsed web page
|
2010-02-03 15:34:20 +00:00 |
|
Miroslav Stampar
|
894b9f0f80
|
minor minor update
|
2010-02-03 15:15:30 +00:00 |
|
Miroslav Stampar
|
25f1a9c7d0
|
upgrade of web directory parsing for things like C:/xampp/htdocs/sqlmap/mysql/get_int.php (XAMPP uses this)
|
2010-02-03 15:06:41 +00:00 |
|
Miroslav Stampar
|
87c8bdbc29
|
removed pdb tracing
|
2010-02-03 14:52:29 +00:00 |
|
Miroslav Stampar
|
c74b920f54
|
bug fix
|
2010-02-03 14:49:28 +00:00 |
|
Bernardo Damele
|
950dba5139
|
Minor bug fix for --start and --stop
|
2010-02-02 14:17:39 +00:00 |
|
Bernardo Damele
|
9ed0744510
|
Added some error messages to detect back-end DBMS
|
2010-01-30 22:24:20 +00:00 |
|
Bernardo Damele
|
267cf5dd1a
|
Updated documentation
|
2010-01-30 00:08:10 +00:00 |
|
Bernardo Damele
|
7faefcca88
|
Minor logging messages adjustments
|
2010-01-29 23:19:52 +00:00 |
|
Bernardo Damele
|
979c919dc7
|
Minor logging message adjustment
|
2010-01-29 22:58:12 +00:00 |
|
Bernardo Damele
|
e8b0fd90c8
|
Minor bug fix
|
2010-01-29 19:32:02 +00:00 |
|
Bernardo Damele
|
767c67e37a
|
--priv-esc now relieas on more powerful and complete getsystem Meterpreter command that also implements kitrap0d as 4th technique
|
2010-01-29 14:57:33 +00:00 |
|
Miroslav Stampar
|
c20b196518
|
not sure that svn added binary flag automatically to this file (done it manually)
|
2010-01-29 10:18:17 +00:00 |
|
Miroslav Stampar
|
061794650f
|
minor fix
|
2010-01-29 10:15:05 +00:00 |
|
Miroslav Stampar
|
92817159dc
|
cloaked upx for windows (used mkstemp because of execution and file access rights problem)
|
2010-01-29 10:12:09 +00:00 |
|
Bernardo Damele
|
200518724c
|
By default do not use Churrasco, but still let the user choose it.
The default technique to privilege escalate the OS user to SYSTEM when --priv-esc is provided now it 'run kitrap0d'.
|
2010-01-29 02:27:50 +00:00 |
|
Bernardo Damele
|
7b8316728c
|
Major bug fix in takeover functionalities on Microsoft SQL Server
|
2010-01-29 00:09:05 +00:00 |
|
Bernardo Damele
|
c6cae7da41
|
Updated changelog
|
2010-01-28 23:10:54 +00:00 |
|
Bernardo Damele
|
144dc1b8c4
|
Show proper warning message when --priv-esc is provided and underlying OS is not Windows
|
2010-01-28 17:22:17 +00:00 |
|
Bernardo Damele
|
6f5d2ed171
|
Minor cosmetic adjustments
|
2010-01-28 17:07:34 +00:00 |
|
Miroslav Stampar
|
a2077bfc0e
|
quick fix
|
2010-01-28 16:56:00 +00:00 |
|
Miroslav Stampar
|
732ed48e2b
|
some refactoring regarding decloaking
|
2010-01-28 16:50:34 +00:00 |
|
Bernardo Damele
|
dcbbad642d
|
Minor self fix, switched to rc6
|
2010-01-28 10:27:47 +00:00 |
|
Miroslav Stampar
|
f6b447f6e7
|
fix for "NameError: global name 'webFileStreamUpload' is not defined"
|
2010-01-28 08:54:47 +00:00 |
|
Bernardo Damele
|
a20bbc3974
|
Removed carriage return (\r) from UDFs shared library source code
|
2010-01-28 01:16:01 +00:00 |
|
Miroslav Stampar
|
645afee359
|
some changes
|
2010-01-28 00:25:36 +00:00 |
|
Miroslav Stampar
|
921e449454
|
added support for cloaking Churrasco.exe file
|
2010-01-28 00:07:33 +00:00 |
|
Miroslav Stampar
|
4559ded6c1
|
added new line at the end of the file
|
2010-01-27 17:02:23 +00:00 |
|
Miroslav Stampar
|
f4b8ce5c72
|
fix for 'No such file or directory' OSError exception
|
2010-01-27 17:00:54 +00:00 |
|
Miroslav Stampar
|
00002eeb38
|
bad grammar fix
|
2010-01-27 16:05:32 +00:00 |
|
Miroslav Stampar
|
d0acb1c5a3
|
another fix. hope it works :)
|
2010-01-27 16:01:50 +00:00 |
|
Miroslav Stampar
|
f8056f4098
|
quick fix regarding usage of StringIO instead of file stream
|
2010-01-27 15:44:35 +00:00 |
|
Miroslav Stampar
|
a0eabb6719
|
Id property set
|
2010-01-27 14:28:34 +00:00 |
|
Miroslav Stampar
|
8a8dc73980
|
more fixes
|
2010-01-27 14:27:11 +00:00 |
|
Miroslav Stampar
|
1d15c595a4
|
minor fix
|
2010-01-27 14:08:09 +00:00 |
|
Miroslav Stampar
|
e63428207c
|
modified a way to handle shell scripts
|
2010-01-27 13:59:25 +00:00 |
|
Miroslav Stampar
|
f91687c4f7
|
removed old plain text shell scripts
|
2010-01-27 13:58:28 +00:00 |
|
Miroslav Stampar
|
6966c235a4
|
removed junk file
|
2010-01-27 13:57:19 +00:00 |
|
Miroslav Stampar
|
93b7994c0c
|
added new cloaking functionality for shell scripts
|
2010-01-27 13:56:26 +00:00 |
|
Miroslav Stampar
|
a78bf9a88b
|
new files
|
2010-01-27 13:55:13 +00:00 |
|
Bernardo Damele
|
6437c16156
|
run kitrap0d script along with listing Windows Impersonation Tokens via meterpreter's incognito extension when --priv-esc is provided (see #149).
|
2010-01-26 01:14:44 +00:00 |
|
Bernardo Damele
|
a97e20d8e1
|
Added proper svn:keywords
|
2010-01-25 11:03:23 +00:00 |
|
Miroslav Stampar
|
3197fada59
|
update of IDS checking method
|
2010-01-25 10:06:52 +00:00 |
|