metasploit-framework

Commit Graph

Author	SHA1	Message	Date
jvazquez-r7	0031913b34	Fix nil accesses	2014-08-22 16:19:11 -05:00
jvazquez-r7	9ef09a7725	Pass msftidy	2014-08-22 13:24:59 -05:00
jvazquez-r7	38e6576990	Update	2014-08-22 13:22:57 -05:00
jvazquez-r7	e93fbbd904	Land #3685 , @pedrib's exploit for CVE-2014-3996	2014-08-22 11:45:41 -05:00
jvazquez-r7	cf147254ad	Use snake_case in the filename	2014-08-22 11:44:35 -05:00
jvazquez-r7	823649dfa9	Clean exploit, just a little	2014-08-22 11:43:58 -05:00
jvazquez-r7	9815b1638d	Refactor pick_target	2014-08-22 11:31:06 -05:00
Joe Vennix	95fbb8f1b7	Land PR #3672 , dmaloney-r7's login scanner credential rework.	2014-08-22 11:15:32 -05:00
jvazquez-r7	ecace8beec	Refactor check method	2014-08-22 11:05:36 -05:00
Brandon Turner	05f0d09828	Merge branch staging/electro-release into master On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch (staging/electro-release) into master. Rather than merging with history, he squashed all history into two commits (see `149c3ecc63` and `82760bf5b3`). We want to preserve history (for things like git blame, git log, etc.). So on August 22, we reverted the commits above (see `19ba7772f3`). This merge commit merges the staging/electro-release branch (`62b81d6814`) into master (`48f0743d1b`). It ensures that any changes committed to master since the original squashed merge are retained. As a side effect, you may see this merge commit in history/blame for the time period between August 15 and August 22.	2014-08-22 10:50:38 -05:00
jvazquez-r7	ced65734e9	Make some datastore options advanced	2014-08-22 10:26:04 -05:00
jvazquez-r7	b4e3e84f92	Use CamelCase for target keys	2014-08-22 10:23:36 -05:00
jvazquez-r7	b58550fe00	Indent description and fix title	2014-08-22 10:21:08 -05:00
Brandon Turner	19ba7772f3	Revert "Various merge resolutions from master <- staging" This reverts commit `149c3ecc63`. Conflicts: lib/metasploit/framework/command/base.rb lib/metasploit/framework/common_engine.rb lib/metasploit/framework/require.rb lib/msf/core/modules/namespace.rb modules/auxiliary/analyze/jtr_postgres_fast.rb modules/auxiliary/scanner/smb/smb_login.rb msfconsole	2014-08-22 10:17:44 -05:00
Pedro Ribeiro	da752b0134	Add exploit for CVE-2014-3996	2014-08-21 15:30:28 +01:00
sinn3r	e2e2dfc6a3	Undo FF	2014-08-19 17:47:44 -05:00
sinn3r	777efb5e48	Land #3669 - Deprecate ff 17 svg exploit	2014-08-19 17:42:31 -05:00
sinn3r	c73ec66c7a	Land #3659 - Add HybridAuth install.php PHP Code Execution	2014-08-19 17:19:01 -05:00
Tom Sellers	74920d26a4	Update to server/capture/imap.rb for new Credential system	2014-08-19 15:25:31 -05:00
Tom Sellers	3fdad4dc91	Update auxillary/scanner/ftp with Credential Gem	2014-08-19 13:13:05 -05:00
William Vu	dc95b01cc5	Land #3670 , smb_login private_type fix [FixRM #8841]	2014-08-19 11:30:23 -05:00
William Vu	b748cee760	Land #3664 , enum_osx dump_hash removal	2014-08-19 11:29:23 -05:00
David Maloney	473b92a060	Merge branch 'master' into feature/MSP-10992/scanner-dry Conflicts: Gemfile.lock lib/metasploit/framework/command/console.rb lib/metasploit/framework/common_engine.rb lib/metasploit/framework/credential.rb lib/metasploit/framework/credential_collection.rb lib/metasploit/framework/login_scanner/afp.rb lib/metasploit/framework/login_scanner/axis2.rb lib/metasploit/framework/login_scanner/db2.rb lib/metasploit/framework/login_scanner/ftp.rb lib/metasploit/framework/login_scanner/http.rb lib/metasploit/framework/login_scanner/mssql.rb lib/metasploit/framework/login_scanner/mysql.rb lib/metasploit/framework/login_scanner/pop3.rb lib/metasploit/framework/login_scanner/postgres.rb lib/metasploit/framework/login_scanner/result.rb lib/metasploit/framework/login_scanner/smb.rb lib/metasploit/framework/login_scanner/snmp.rb lib/metasploit/framework/login_scanner/ssh.rb lib/metasploit/framework/login_scanner/telnet.rb lib/metasploit/framework/login_scanner/vnc.rb lib/metasploit/framework/parsed_options/console.rb lib/metasploit/framework/require.rb lib/metasploit/framework/version.rb lib/msf/core/modules/namespace.rb modules/auxiliary/analyze/jtr_postgres_fast.rb modules/auxiliary/scanner/afp/afp_login.rb modules/auxiliary/scanner/db2/db2_auth.rb modules/auxiliary/scanner/ftp/ftp_login.rb modules/auxiliary/scanner/http/axis_login.rb modules/auxiliary/scanner/http/http_login.rb modules/auxiliary/scanner/http/tomcat_mgr_login.rb modules/auxiliary/scanner/mssql/mssql_login.rb modules/auxiliary/scanner/mysql/mysql_login.rb modules/auxiliary/scanner/pop3/pop3_login.rb modules/auxiliary/scanner/postgres/postgres_login.rb modules/auxiliary/scanner/snmp/snmp_login.rb modules/auxiliary/scanner/ssh/ssh_login.rb modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb modules/auxiliary/scanner/telnet/telnet_login.rb modules/auxiliary/scanner/vnc/vnc_login.rb modules/auxiliary/scanner/winrm/winrm_login.rb spec/lib/metasploit/framework/credential_spec.rb spec/lib/msf/core/framework_spec.rb	2014-08-19 10:30:16 -05:00
James Lee	f169b8dff3	Fix hashes being stored as passwords	2014-08-18 15:52:13 -05:00
joev	b93fda5cef	Remove browser_autopwn hook from deprecated FF module.	2014-08-18 15:33:43 -05:00
joev	87aa63de6e	Deprecate FF17 SVG exploit. This exploit needs flash, the tostring_console injection one does not.	2014-08-18 15:32:51 -05:00
Brendan Coles	564431fd41	Use arrays in refs for consistency	2014-08-18 18:54:54 +00:00
Tod Beardsley	cad281494f	Minor caps, grammar, desc fixes	2014-08-18 13:35:34 -05:00
joev	5654370316	Remove hashdump functionality from enum_osx. There is a specific hashdump module that is more up-to-date, no need to duplicate functionality (and code).	2014-08-18 11:40:11 -05:00
joev	5bfbb7654e	Add android meterpreter to browser autopwn.	2014-08-18 11:09:16 -05:00
HD Moore	d8e82b9394	Lands #3655 , fixes pack operators the commit. he commit.	2014-08-17 17:25:52 -05:00
Brendan Coles	b8b2e3edff	Add HybridAuth install.php PHP Code Execution module	2014-08-16 23:31:46 +00:00
sinn3r	e656a81c63	Land #3656 - FF toString console.time Privileged Javascript Injection	2014-08-15 17:07:23 -05:00
joev	6d958475d6	Oops, this doesn't work on 23, only 22.	2014-08-15 17:00:58 -05:00
joev	fb1fe7cb8b	Add some obfuscation.	2014-08-15 16:54:30 -05:00
joev	b574a4c4c5	Wow, this gets a shell all the way back to 15.0.	2014-08-15 16:39:36 -05:00
joev	5706371c77	Update browser autopwn settings.	2014-08-15 16:32:06 -05:00
joev	8c63c8f43d	Add browserautopwn hook now that this is not user-assisted.	2014-08-15 16:28:21 -05:00
joev	694d917acc	No need for web console YESSSS	2014-08-15 16:02:26 -05:00
joev	738a295f0a	Rename module to tostring_console*.	2014-08-15 15:17:37 -05:00
Meatballs	0cc3bdfb35	Moar bad packs	2014-08-15 21:11:37 +01:00
joev	f182613034	Invalid CVE format.	2014-08-15 15:09:45 -05:00
joev	edb9d32e5c	Add module for toString() injection in firefox.	2014-08-15 15:08:10 -05:00
Tod Beardsley	904c1b20b1	Land #3654 , update to 4.10-dev (electro)	2014-08-15 12:51:28 -05:00
Samuel Huckins	149c3ecc63	Various merge resolutions from master <- staging * --ask option ported to new location * --version option now works * MSF version updated * All specs passing	2014-08-15 11:33:31 -05:00
jvazquez-r7	4cfd2abd8d	Land #3621 , @kaospunk's exploit for gitlab-shell CVE-2013-4490 command injection	2014-08-15 09:17:16 -05:00
jvazquez-r7	4e0f6dfcc7	Do minor cleanup	2014-08-15 09:10:08 -05:00
sinn3r	f91116a8e8	Land #3634 - Virtual box 3D Acceleration OpenGL Host escape	2014-08-13 20:08:13 -05:00
kaospunk	5ed3e6005a	Implement suggestions This commit addresses feedback such as adding a check function and changing the login fail case by being more specific on what is checked for. The failing ARCH_CMD payloads were addressed by adding BadChars. Last, an ARCH_PYTHON target was added based on @zerosteiner's feedback.	2014-08-13 20:26:48 -04:00
jvazquez-r7	127d094a8d	Dont share once device is opened	2014-08-13 16:13:38 -05:00

1 2 3 4 5 ...

14204 Commits (0031913b34e120b5ae7a0dd01be1b4706f34389a)