infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
42,397 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

1432 Commits (02211db6646c49e5935f4e2c46ca8dbe0ecd9045)

Author SHA1 Message Date
James Lee e3f4cc0dfd
Land #8345, WordPress PHPMailer Exim injection 
CVE-2016-10033
 2017-05-16 15:07:21 -05:00
William Vu 35670713ff Remove budding anti-patterns to avoid copypasta 
While it offers a better OOBE, don't set a default LHOST. Force the user
to think about what they're setting it to. Also, RequiredCmd is largely
unnecessary and difficult to determine ahead of time unless the target
is a virtual appliance or something else "shipped."
 2017-05-15 12:56:14 -05:00
William Vu 231510051c Fix uri_str for exploit 2017-05-11 16:30:10 -05:00
Brent Cook e414bdb876 don't try to guess intent for specified default targets, leave auto-auto targeting to unspecified modules 2017-05-11 15:19:11 -05:00
Brent Cook 30c48deeab msftidy and misc. fixups for Quest BoF module 2017-05-11 08:07:39 -05:00
William Webb e8aed42ecd
Land #8223, Quest Privilege Manager pmmasterd Buffer Overflow 2017-05-11 00:44:19 -05:00
Adam Cammack 18d95b6625
Land #8346, Templatize shims for external modules 2017-05-10 18:15:54 -05:00
Brent Cook fede672a81 further revise templates 2017-05-08 14:26:24 -05:00
William Vu b794bfe5db
Land #8335, rank fixes for the msftidy god 2017-05-07 21:20:33 -05:00
Bryan Chu 88bef00f61 Add more ranks, remove module warnings 
../vmware_mount.rb
Rank = Excellent
Exploit uses check code for target availability,
the vulnerability does not require user action,
and the exploit uses privilege escalation to run
arbitrary executables

../movabletype_upgrade_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../uptime_file_upload_2.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../zpanel_information_disclosure_rce.rb
Rank = ExcellentRanking
Exploit allows remote code execution,
implements version check for pChart

../spip_connect_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../wp_optimizepress_upload.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../wing_ftp_admin_exec.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../novell_mdm_lfi.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../run_as.rb
Rank = ExcellentRanking
Exploit utilizes command injection,
checks system type, and does not require user action
 2017-05-07 15:41:26 -04:00
m0t ab245b5042 added note to description 2017-05-07 13:56:50 +01:00
m0t 4f12a1e271 added note to description 2017-05-07 13:54:28 +01:00
Jeffrey Martin 05bf16e91e
Land #8331, Adding module CryptoLog Remote Code Execution 2017-05-05 18:24:14 -05:00
Mehmet Ince 720a02f5e2
Addressing Spaces at EOL issue reported by Travis 2017-05-05 11:05:17 +03:00
Mehmet Ince 58d2e818b1
Merging multiple sqli area as a func 2017-05-05 10:49:05 +03:00
darkbushido 81bcf2ca70 updating all LHOST to use the new opt type 2017-05-04 12:57:50 -05:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings 
Also fixed rex requires.
 2017-05-03 15:44:51 -05:00
Mehmet Ince d04e7cba10
Rename the module as well as title 2017-05-03 19:18:46 +03:00
Mehmet Ince ae8035a30f
Fixing typo and using shorter sqli payload 2017-05-03 16:45:17 +03:00
Mehmet Ince db2a2ed289
Removing space at eof and self.class from register_options 2017-05-03 01:31:13 +03:00
Mehmet Ince 77acbb8200
Adding cryptolog rce 2017-05-03 01:05:40 +03:00
Adam Cammack 494711ee65
Land #8307, Add lib for writing Python modules 2017-05-02 15:53:13 -05:00
Brent Cook 037fdf854e move common json-rpc bits to a library 2017-04-26 18:08:08 -05:00
Brent Cook a60e5789ed update mettle->meterpreter references in modules 2017-04-26 17:55:10 -05:00
William Vu bbee7f86b5
Land #8263, Mercurial SSH exec module 2017-04-26 01:38:01 -05:00
William Vu f60807113b Clean up module 2017-04-26 01:37:49 -05:00
wchen-r7 e333cb65e5 Restore require 'msf/core' 2017-04-24 17:09:02 -05:00
Matthias Brun d3aba846b9 Make minor changes 2017-04-24 23:35:36 +02:00
h00die 8e4c093a22 added version numbers 2017-04-22 09:45:55 -04:00
Matthias Brun 714ada2b66 Inline execute_cmd function 2017-04-21 15:32:15 +02:00
Matthias Brun 8218f024e0 Add WiPG-1000 Command Injection module 2017-04-20 16:32:23 +02:00
Jonathan Claudius f5430e5c47
Revert Msf::Exploit::Remote::Tcp 2017-04-18 19:27:35 -04:00
Jonathan Claudius 9a870a623d
Make use of Msf::Exploit::Remote::Tcp 2017-04-18 19:17:48 -04:00
Jonathan Claudius 03e3065706
Fix MSF tidy issues 2017-04-18 18:56:42 -04:00
Jonathan Claudius 32f0b57091
Fix new line issues 2017-04-18 18:52:53 -04:00
Jonathan Claudius bfca4da9b0
Add mercurial ssh exec 2017-04-18 16:33:23 -04:00
Tod Beardsley 1fcc1f7417
Trailing comma. Why isn't this Lua? 2017-04-18 14:27:44 -05:00
Tod Beardsley 4ec71f9272
Add a reference to the original PR 
This was the source of first public disclosure, so may as well include
it.
 2017-04-18 14:20:25 -05:00
Nate Caroe 92e7183a74 Small typo fix 
Running msfconsole would generate an Ubuntu crash report (?). This seems to be the culprit.
 2017-04-17 11:14:51 -06:00
Ahmed S. Darwish e21504b22d huawei_hg532n_cmdinject: Use send_request_cgi() 'vars_get' key 
Instead of rolling our own GET parameters implementation.

Thanks @wvu-r7!
 2017-04-17 09:11:50 +02:00
Ahmed S. Darwish 7daec53106 huawei_hg532n_cmdinject: Improve overall documentation 
- Add section on compiling custom binaries for the device
- Add documentation for Huawei's wget flavor (thanks @h00die)
- Abridge the module's info hash contents (thanks @wwebb-r7)
- Abridge the module's comments; reference documentation (@h00die)
 2017-04-17 08:00:51 +02:00
Ahmed S. Darwish 8a302463ab huawei_hg532n_cmdinject: Use minimum permissions for staged binary 
Use u+rwx permissions only, instead of full 777, while staging the
wget binary to target. As suggested by @wvu-r7 and @busterb.
 2017-04-17 03:27:57 +02:00
Ahmed S. Darwish 7ca7528cba huawei_hg532n_cmdinject: Spelling fixes suggested by @wvu-r7 2017-04-17 03:23:20 +02:00
Ahmed S. Darwish 7b8e5e5016 Add Huawei HG532n command injection exploit 2017-04-15 21:01:47 +02:00
m0t 5e42dde6b6 msftidy clean up 2017-04-12 16:25:21 +01:00
m0t 374d7809b5 last fixes and tests 2017-04-11 09:48:57 +01:00
m0t 9a0789f839 Exploit for pmmasterd Buffer Overflow (CVE-2017-6553) 2017-04-05 17:59:54 +01:00
bwatters-r7 64c06a512e
Land #8020, ntfs-3g local privilege escalation 2017-04-04 09:48:15 -05:00
Brent Cook 4c0539d129
Land #8178, Add support for non-Ruby modules 2017-04-02 21:02:37 -05:00
h00die 0092818893
Land #8169 add exploit rank where missing 2017-04-02 20:59:25 -04:00