How to know user-agent information for metasploit modules - metasploit

I want to know the user-agent compatibility information for
"./windows/browser/ms13_090_cardspacesigninhelper.rb" module in backtrack.
Kindly let me know how can I get this information.
I searched in web and found "use auxiliary" command can give this info but for this module I am not able run this command.
Thanks,
Rajul

First of All,
Use Auxiliary command is to load Auxiliary Modules.
And, if the module is based on a web attack then you may find this information by issuing-
show advanced
command. But only after you load a particular module

Related

Is there a way to change hooks dynamically in Kedro?

I know I can add any CLI option via kedro_cli.py.
but I can't find out how to change what hooks are loaded dynamically.
I'm using kedro-mlflow, which features are provided via hooks.
And sometimes I don't want to log MLFlow temporarily.
If it's possible, please show me an example of ProjectContext code.
If the hooks have an entry-point as described in https://kedro.readthedocs.io/en/stable/07_extend_kedro/05_plugins.html#hooks , you would be able to disable it by specifying in .kedro.yml https://kedro.readthedocs.io/en/stable/07_extend_kedro/04_hooks.html#disable-auto-registered-plugins-hooks but you might have to ask the maintainer of kedro-mlflow plugin to add auto-registration first.

JavaScript rule extension

I am trying to extend Sonarqube with custom Javascript rules. I find that the documentation is fairly limited on this subject. The extension tutorials on sonarqube website show only the most basic stuff.
The only javadoc I could find is this one: http://javadocs.sonarsource.org/latest/apidocs/ and it doesn't cover anything about extending Javascript.
What I ultimately want to do is add a JS rule that will check for hardcoded secrets (such as passwords, api keys, etc). I already created one for Java, and that was a lot easier as I could take an already pre-made plugin and complete it with my custom regex.
The problematic spot that made me post here was actually this one:
cannot find symbol
symbol: class VariableTree
location: package org.sonar.plugins.javascript.api.tree.expression
I was following the same scheme as with Java and used
import org.sonar.plugins.javascript.api.tree.expression.VariableTree;
which is obviously wrong. I was not able to find the source code for this either... if anybody can point me to some secret doc stash or at least where I can find a javadoc for org.sonar.plugins.javascript.api that would be amazing!
Thanks very much for any help

can you load external executable javascript from a firefox extension?

Does anyone know if there is a way to load any external executable javascript from a firefox add-on extension? I looked into scriptloader.loadSubScript, but it appears that it can only load from a local resource.
Any help would be appreciated.
You can always xhr for a file, save the contents to disk, then use scriptloader.loadSubScript with an add-on
this would violate the AMO policies though, so you wouldn't be able to upload the add-on to http://addons.mozilla.org
As #erikvold already pointed out, doing so would be a security hazard AND it also violates AMO rules (because it is a security hazard).
Consider your server gets compromised, or there is a way to MITM the connection retrieving the remote script (TLS bugs anyone :p), or you sell your domain and the new owner decides to ship a script to collect credit card information straight from a user's hard disk...
However, it is possible to run a remote script in an unprivileged environment, much like it would run in a website.
Create a Sandbox. The Sandbox should be unprivileged, e.g. pass an URL in your domain into the constructor.
Retrieve your script, e.g. with XHR.
Evaluate your script in the Sandbox and pull out any data it might have generated for you.
This is essentially what tools like Greasemonkey (executing user scripts) do.
Creating and working with Sandboxes in a secure fashion is hard, and the Sandbox being unprivileged prohibits a lot of use cases, but maybe it will work for your stuff.
Try using Components.utils.import .
Example :
const {Cc,Ci,Cu} = require("chrome");
Cu.import("url/path of the file");
Note :
js file which uses DOM objects like window, navigator, etc. will return error saying "window/navigator is undefined". This is simply because the main.js code does not have access to DOM.
Refer this thread for more information.

Joomla module manager :Filtering with url parameters

Looking for a way to create links that will pre-filter the module manager to specific modules.
So far, filtering based to position is working okay for me:
option=com_modules&view=modules&filter_position=right
But I can't do the same for module type or anything else.
Does anyone one know, how could I use the various filter types of the module manager ?
Updating my question:
For example, which url make Module Manager to display only the Menu modules ?
I tried something like this, with no success:
option=com_modules&view=modules&filter_type=mod_menu
option=com_modules&view=modules&filter_type=menu
My current setup is Joomla 2.5, but it will be great to know the same for Joomla 3.x
I don't know that the core module manager has that capability.
Take a look at www.nonumber.nl extension Advanced Module Manager
One of the parameters it uses to determine whether to display, include or exclude a module is to look at the URL.
So what you would do is set the module to only display when your URL criteria were met.
Ok found it: The following are the filters for Module Manager in Joomla 2.5
filter_search,
filter_client_id,
filter_state,
filter_position,
filter_module,
filter_access,
filter_language
So, for filtering by module type in a url, it would look like:
option=com_modules&view=modules&filter_module=mod_menu
Hope this will help someone else who is looking for it.

Get uRapidFlow logs for an import profile batch

I am running a php script using a cron job to run a uRapidFlow / RapidFlow import profile. Here is the documented code I found to help me do this.
I need to be able to run through the imported batch, row by row, and do some processing based on if the row was imported successfully or not. It would also be very convenient and useful to be able to send email notifications on failed imports in general as well. If anyone has any idea, or can point me in the right direction, I would be very grateful. I don't see any documentation for this online, so I am going through the module code and database trying to figure it out myself.
I am using Magento EE 1.12.0.2
The best bet, unless you modify the uRapidFlow extension (check license information before doing so). Would be to extend it and use a observed event.
Try the observer : catalog_product_import_finish_before Which is triggered after each product is imported. Bare in mind this solution would be triggered globably for any manual imports, so if you build a small extension, perhaps make it easy to toggle on and off.
More can be found on Magento's observers here : http://www.magentocommerce.com/wiki/5_-_modules_and_development/0_-_module_development_in_magento/customizing_magento_using_event-observer_method
Note as you've not specified which version of Magento you are using, you'll have to check if that observer is supported in your version.

Resources