jvazquez-r7
d25e1ba44e
Make fixes proposed by review and clean
2013-06-25 12:58:00 -05:00
jvazquez-r7
1ade467ac9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 11:10:43 -05:00
jvazquez-r7
b32513b1b8
Fix CVE-2013-2171 with @jlee-r7 feedback
2013-06-25 10:40:55 -05:00
jvazquez-r7
3244013b1f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 09:48:20 -05:00
sinn3r
6780566a54
Add CVE-2013-2171: FreeBSD 9 Address Space Manipulation Module
2013-06-24 11:50:21 -05:00
Matthias Kaiser
8a96b7f9f2
added Java7u21 RCE module
...
Click2Play bypass doesn't seem to work anymore.
2013-06-24 02:04:38 -04:00
HD Moore
722d33e8fa
Updated common password list
2013-06-23 13:15:31 -05:00
HD Moore
d9737ec03a
Updated common passwords
2013-06-23 01:52:18 -05:00
HD Moore
c869112407
Cleanup, reporting, and automatic cracking
2013-06-23 01:35:31 -05:00
HD Moore
5656e0cb7a
Initial commit of IPMI library, scanner, & cracker
2013-06-22 23:38:28 -05:00
jvazquez-r7
9d0047ff74
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-07 16:44:52 -05:00
sinn3r
19a6f310cd
Land #1927 - Add common passwords from xato.net
2013-06-07 15:24:09 -05:00
Tod Beardsley
dc680e7106
Underscores because the rest are.
2013-06-07 15:16:39 -05:00
Tod Beardsley
0265dd8860
Add common passwords from xato.net
...
Mark Burnett publishes lists of top passwords occasionally. This PR adds
the top 500 and top 1024 passwords, as of 2011-06-20, linked from this
blog post:
http://xato.net/passwords/more-top-worst-passwords/
He also does a fair bit of frequency analysis there.
The 1024 list, should probably used instead of the original
unix_password.txt file. unix_password.txt was added on 2010 from an
unknown source (and since edited occasionally to add known good default
passwords). Pulling those changes into this list probably would be
helpful to guess better.
As far as I can tell, there are no special licensing terms for these
lists.
2013-06-07 15:10:14 -05:00
jvazquez-r7
7090d4609b
Add module for CVE-2013-1488
2013-06-07 13:38:41 -05:00
jvazquez-r7
66ea59b03f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-28 15:22:46 -05:00
James Lee
9843dc4cb4
Land #1708 , android meterpreter
...
Conflicts:
data/meterpreter/ext_server_stdapi.jar
2013-05-28 12:19:45 -05:00
jvazquez-r7
d5cf6c1fbc
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-23 12:37:54 -05:00
sinn3r
81ad280107
Landing #1856 - CVE-2013-0758 Firefox <= 17.0.1 + Flash RCE
...
Chained exploit using CVE-2013-0758 and CVE-2013-0757
2013-05-23 12:21:10 -05:00
Joe Vennix
4d5c4f68cb
Initial commit, works on three OSes, but automatic mode fails.
2013-05-15 23:32:02 -05:00
jvazquez-r7
a7e4ba5015
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-30 08:32:24 -05:00
James Lee
d53d6370b3
Land #1747 , mimikatz meterpreter extension
...
[Closes #1747 ]
See rapid7/meterpreter#9
2013-04-29 14:45:07 -05:00
James Lee
99f5376606
Binaries for #1747
...
See rapid7/meterpeter#9
2013-04-29 14:44:18 -05:00
jvazquez-r7
a4632b773a
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-28 12:59:16 -05:00
sinn3r
1d9a695d2b
Landing #1772 - Adds phpMyadmin Preg_Replace module (CVE-2013-3238)
...
[Closes #1772 ]
2013-04-28 12:17:16 -05:00
James Lee
5900a7c03f
Whitespace
2013-04-26 15:24:02 -05:00
jvazquez-r7
38e41f20fe
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-24 13:24:13 -05:00
James Lee
01d790eb54
Land #1748 , fix for java meterp network prefixes
...
[Closes #1748 ]
2013-04-24 12:27:28 -05:00
James Lee
a7effaf9c6
Add bins for #1748
2013-04-24 12:27:05 -05:00
jvazquez-r7
1761b1ad7b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-23 17:35:35 -05:00
Tod Beardsley
80fb7b85ef
Drop msfgui.jar, too.
2013-04-22 16:03:38 -05:00
Tod Beardsley
1112daaff2
Remove msfgui and armitage
...
This removes the Armitage and MSFGui components from the Metasploit
distribution. You can track the latest stable releases of these
alternate GUIs here:
MSFGui: http://www.scriptjunkie.us/msfgui/
Armitage: http://www.fastandeasyhacking.com/download
2013-04-22 15:26:44 -05:00
jvazquez-r7
b6365db0b5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-22 09:38:32 -05:00
jvazquez-r7
19f2e72dbb
Added module for Java 7u17 sandboxy bypass
2013-04-20 01:43:13 -05:00
jvazquez-r7
cc35591723
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-15 17:43:15 -05:00
timwr
32bd812bdb
android meterpreter
2013-04-12 18:57:04 +01:00
James Lee
15e2ceb749
Land #1660 , dlink backdoor wordlist
...
[Closes #1660 ][See #1648 ]
2013-04-11 23:04:02 -05:00
jvazquez-r7
9c0862ad7b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-11 21:53:07 +02:00
James Lee
8376531a32
Land #1217 , java payload build system refactor
...
[Closes #1217 ]
2013-04-11 13:10:03 -05:00
James Lee
1d09d7e6e9
Java payload bins
...
Compiled with the shiny new maven system
2013-04-11 13:08:16 -05:00
jvazquez-r7
6f1fb4a873
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-06 17:23:24 +02:00
James Lee
ab0535bc41
Bins for new stdapi_fs_file_move command
...
See rapid7/meterpreter#6
2013-04-04 23:39:22 -05:00
James Lee
2d47be425f
Latest meterpreter bins
...
See rapid7/meterpreter#1 and rapid7/meterpreter#5
2013-04-04 22:57:13 -05:00
jvazquez-r7
224188ddf6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-29 21:49:40 +01:00
Tod Beardsley
bafb50a173
Merge commit for JtR recompile
...
Also changes a bunch of file modes to be less permissive.
[Closes #1662 ]
2013-03-29 09:05:12 -05:00
jvazquez-r7
6cd6a7d6b9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-28 12:16:18 +01:00
sinn3r
7bf87f3546
Merge branch 'mipsbe_elf' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-mipsbe_elf
2013-03-27 11:55:09 -05:00
jvazquez-r7
c225d8244e
Added module for CVE-2013-1493
2013-03-26 22:30:18 +01:00
jvazquez-r7
18559e35fc
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-26 19:50:45 +01:00
jvazquez-r7
a644ceb016
Added support for mipsbe elf
2013-03-26 17:20:43 +01:00
James Lee
73c2610822
Merge remote-tracking branch 'jvazquez-r7/mipsle_elf_support' into rapid7
...
[Closes 1666]
2013-03-26 10:38:32 -05:00
jvazquez-r7
ae56bc0b37
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-26 11:21:16 +01:00
jvazquez-r7
e78635fc0f
fix segment virtual address
2013-03-26 10:50:29 +01:00
Josh
ee199f64cb
Merge pull request #1664 from scriptjunkie/msfguiKaliConnect
...
MSFGUI service autoconnect, DB fixes
2013-03-25 21:58:28 -07:00
scriptjunkie
1b6398d4fd
Service autoconnect, DB fixes
...
First check if database is connected before trying to connect.
Autologin in Kali with new token login.
2013-03-25 20:44:48 -05:00
jvazquez-r7
4fff624632
added initial support for ELF misple
2013-03-26 01:08:31 +01:00
Brandon Turner
83d1f8d499
Compile John the Ripper against libssl 1.0.0
...
We use OpenSSL 1.0.0 in installed environments. Previously, John the
Ripper was compiled against 0.9.8 which prevented it from running. This
recompiles the same version (jtr 1.7.8 jumbo 2) against OpenSSL 1.0.0.
[FIXRM #7834 ]
2013-03-25 17:12:51 -05:00
sinn3r
5504c58b11
Add dlink pass for #1648
2013-03-25 13:25:19 -05:00
jvazquez-r7
393d5d8bf5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-25 19:09:42 +01:00
jvazquez-r7
660d3d5388
Merge branch 'linksys-traversal' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-linksys-traversal
2013-03-25 17:31:11 +01:00
jvazquez-r7
2d5a0d6916
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-25 17:08:23 +01:00
Josh
dfcce010c1
Merge pull request #1650 from scriptjunkie/msfguiKaliConnect
...
Kali fixes, changes only affect msfgui
2013-03-24 19:34:22 -07:00
scriptjunkie
438d348fda
Kali fixes
...
Check the new database config location.
Don't crash on sporadic JRE style error.
2013-03-24 21:00:38 -05:00
m-1-k-3
36d1746c0d
linksys traversal module - initial commit
2013-03-23 17:01:02 +01:00
jvazquez-r7
80d218b284
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-19 19:55:51 +01:00
jvazquez-r7
27778e6ea9
fix comma typo
2013-03-19 19:20:39 +01:00
sinn3r
be9d4ec393
New pt for virtualprotect, and readjust size to 0x401
2013-03-19 09:25:06 -05:00
sinn3r
ea4c88bc2c
Java Rop null-byte free
...
Our new heap spray routine does not like double nulls, so we need
to adjust our ROP.
2013-03-18 23:42:17 -05:00
jvazquez-r7
2d99b949a2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-13 09:36:35 +01:00
scriptjunkie
16fad29cb0
Update creds schema.
2013-03-12 23:07:40 -05:00
jvazquez-r7
74b58185cd
up to date
2013-03-12 16:48:11 +01:00
Meatballs
f37d9c2834
Initial commit
2013-03-09 17:24:03 +00:00
sinn3r
e1859ae4b6
Merge branch 'rsmudge-armitage'
2013-03-06 19:31:44 -06:00
sinn3r
a30b61e4aa
Merge branch 'rsmudge-armitage'
2013-03-06 16:39:00 -06:00
Raphael Mudge
4ab8315db0
Armitage 03.06.13
...
Apparently, my last update came from the future. This modification
to that future update fixes an oversight preventing Armitage from
connecting to its collaboration server because it would report the
wrong application.
2013-03-04 23:11:20 -05:00
Raphael Mudge
59d2f05c94
Armitage 04.06.13
...
This update to Armitage improves its responsiveness when connected
to a team server over a high latency network. This update also adds
a publish/query/subscribe API to Cortana.
2013-03-04 18:32:45 -05:00
Luke Imhoff
239e1934b8
Use migrations from metasploit_data_models
...
[#44034071 ]
metasploit_data_models version 0.5.0 copied the migrations from
metasploit-framework/data/sql/migrate to
metasploit_data_models/db/migrate so that specs could be written the Mdm
models in metasploit_data_models. As part of the specs, :null => false
columns that should be :null => true were discovered, so a new migration
was added, but to metasploit_data_models/db/migrate, so it could be
tested. Instead of replicating migrations back and forth, I'm removing
the migrations completely from metasploit-framework and changing the
default migration path in Msf::DbManager#migration_paths to
MetasploitDataModels.root.join('db', 'migrate').
2013-03-01 09:03:45 -06:00
Tod Beardsley
dd9002fcab
Merges ChrisJohnRiley's new password
...
Lands https://github.com/rapid7/metasploit-framework/pull/1521
Closes #1521
(Forgive the oververbose commit message, experimenting with various
syntax hilighters)
2013-02-25 08:39:27 -06:00
Chris John Riley
28fd92a013
Added new default password foe TMSADM
...
Based on: http://blog.ptsecurity.com/2013/02/sap-unknown-default-password-for-tmsadm.html
2013-02-25 09:00:57 +01:00
jvazquez-r7
d7b89a2228
added security level bypass
2013-02-20 17:50:47 +01:00
jvazquez-r7
d88ad80116
Added first version of cve-2013-0431
2013-02-20 16:39:53 +01:00
sinn3r
bc03247386
Merge branch 'sap_url_update' of github.com:ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-sap_url_update
2013-02-19 15:08:26 -06:00
jvazquez-r7
9af43bc05c
newline to sap_default.txt
2013-02-18 15:58:29 +01:00
jvazquez-r7
a91bbf5f69
Merge branch 'sap_default_user_additions' of https://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-sap_default_user_additions
2013-02-18 15:57:26 +01:00
jvazquez-r7
c8778587f5
rename the xml template for s4u
2013-02-18 15:25:03 +01:00
jvazquez-r7
be0feecf8f
Merge branch 's4u_persistence' of https://github.com/smilingraccoon/metasploit-framework into smilingraccoon-s4u_persistence
2013-02-18 15:22:37 +01:00
Chris John Riley
6519444112
Addition defaults
2013-02-15 13:35:25 +01:00
Chris John Riley
5df03f790b
Remove end of line spaces and rerun uniq
2013-02-15 13:31:35 +01:00
Chris John Riley
fb7d0159c3
Further URLs
2013-02-15 13:26:44 +01:00
Chris John Riley
21366dd4df
Updated SAP URL list to include further known URLs
2013-02-15 13:20:23 +01:00
sinn3r
398e6cb202
Merge branch 'rsmudge-armitage'
2013-02-13 10:38:30 -06:00
Raphael Mudge
596b62b831
Armitage 02.12.13 - Distributed Operations
...
This update adds the ability to manage multiple team server instances
through one Armitage client. This update also adds nickname completion
to the event log. Several bug fixes are included too.
2013-02-11 21:20:03 -05:00
jvazquez-r7
41564fd51d
Merge branch 'aux-word_unc_injector.rb' of https://github.com/SphaZ/metasploit-framework into SphaZ-aux-word_unc_injector.rb
2013-02-11 15:05:27 +01:00
smilingraccoon
3a499b1a6d
added s4u_persistence.rb
2013-02-10 14:22:36 -05:00
scriptjunkie
447f78cb24
Handle nonstandard ports when starting new msfrpcd.
2013-02-04 17:24:41 -06:00
SphaZ
24de0d2274
Data files moved. Updated to use Rex::zip and Msf::Exploit::FILEFORMAT
2013-02-04 13:37:09 +01:00
Tod Beardsley
293f9da5cf
Merge branch 'bug/pro-only-models'
...
Updates to use MDM 0.4.0 (was using 0.3.0)
2013-01-31 16:14:51 -06:00
jvazquez-r7
d0ecb617c3
Merge branch 'joomla-scanner' of https://github.com/Newpid0/metasploit-framework into Newpid0-joomla-scanner
2013-01-25 21:47:05 +01:00
f8lerror
bf2b01f8ef
Delete a file and strip space
2013-01-24 09:30:04 -05:00
f8lerror
6e94c04a52
Code Corrections and Enhancements
2013-01-23 20:26:23 -05:00
sinn3r
e376bb6fab
Merge branch 'rsmudge-armitage'
2013-01-22 22:52:35 -06:00
Raphael Mudge
8c86c49d43
Armitage 01.23.13
...
This update to Armitage adds the ability to assign labels to hosts
and create dynamic workspaces based on these labs. This update also
adds helpers to configure USERNAME/PASSWORD options and EXE::Custom
and EXE::Template. Several bugs were fixed as well.
2013-01-22 22:48:16 -05:00
jvazquez-r7
807bd6e88a
Merge branch 'java_jre17_glassfish_averagerangestatisticimpl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_glassfish_averagerangestatisticimpl
2013-01-22 15:33:39 +01:00
jvazquez-r7
78279a0397
Added new module for cve-2012-5076
2013-01-17 21:27:47 +01:00
jvazquez-r7
d0b9808fc7
Added module for CVE-2012-5088
2013-01-17 21:14:49 +01:00
f8lerror
0b61d28e0e
added Joomla scanner and url wordlist
2013-01-17 11:36:59 -05:00
jvazquez-r7
51f3f59d2f
cve and references available
2013-01-11 00:54:53 +01:00
Luke Imhoff
f8e1ccc27e
Remove cred_files migration
...
[#41837027 ]
Mdm::CredFile is only used in Pro, so for metasploit_data_models 0.4.0,
Mdm::CredFiles has been moved to Pro, so the migration has been moved to
Pro too.
2013-01-10 17:50:00 -06:00
jvazquez-r7
876d889d82
added exploit for j7u10 0day
2013-01-10 20:30:43 +01:00
Sam Gaudet
7d1716b79f
Turnkey Linux default password
2013-01-08 22:47:53 -05:00
Raphael Mudge
5348127fd2
Metasploit 4.5 Installer Environment Tweak
...
Armitage on Windows requires the user to specify their MSF
install folder. This tweak checks for an MSF 4.5 environment
and updates the specified folder to make everything work.
Like magic.
2013-01-04 13:08:47 -05:00
Raphael Mudge
a79f2fa8d1
Armitage Updates and Bug Fixes
...
This is Armitage release 01.04.13. This update fixes several bugs
and improves the user experience launching *_login modules from
Armitage. This update adds a Windows 8 icon and includes a fix to
better work with the Metasploit 1.45 installer's environment.
2013-01-04 12:05:09 -05:00
jvazquez-r7
133ad04452
Cleanup of #1062
2012-12-07 11:55:48 +01:00
HD Moore
5e44987271
Really fix this by resetting schema cache
2012-12-06 06:33:46 -08:00
HD Moore
a5b3be6dfa
Fix a conflicting rename that breaks ActiveRecord
2012-12-06 06:14:49 -08:00
HD Moore
087b2c39ae
Whitespace cleanup only
2012-12-06 06:13:53 -08:00
jvazquez-r7
b7f304f0db
added build exec_payload.msi
2012-11-28 21:51:01 +01:00
Tod Beardsley
8d6289d8d6
Merge remote branch 'rsmudge/armitage'
2012-11-26 10:52:06 -06:00
Raphael Mudge
a2615102c9
Armitage 11.26.12 - several usability enhancements and bug fixes.
2012-11-25 20:51:32 -05:00
sinn3r
e6208a7993
Merge branch 'guiOptions' of git://github.com/scriptjunkie/metasploit-framework into scriptjunkie-guiOptions
2012-11-19 10:09:54 -06:00
jvazquez-r7
24fe043960
Merge branch 'samba' of https://github.com/mephos/metasploit-framework into mephos-samba
2012-11-19 14:13:15 +01:00
jvazquez-r7
eddea29568
Merge branch 'sap_soap_rfc_brute_login' of https://github.com/nmonkee/metasploit-framework into nmonkee-sap_soap_rfc_brute_login
2012-11-18 21:36:54 +01:00
scriptjunkie
39dee758e6
Remember last options used for each module, and fill them in by default.
2012-11-17 10:08:45 -06:00
Tasos Laskos
8a9f0a0890
Merge remote-tracking branch 'upstream/master' into web-modules
2012-11-14 18:10:41 +02:00
jvazquez-r7
5076198ba2
fixing bperry comments
2012-11-11 20:18:19 +01:00
jvazquez-r7
8619c5291b
Added module for CVE-2012-5076
2012-11-11 17:05:51 +01:00
Tasos Laskos
7032ef0f6f
Merge remote-tracking branch 'upstream/master' into web-modules
2012-11-09 00:21:38 +02:00
nmonkee
f521e70bee
wordlists to accompany sap_soap_rfc_brute_login.rb
2012-11-07 10:46:36 +00:00
David Maloney
c30ada5eac
Adds temp vbs mod and tweaked decoder stub
2012-11-04 12:49:15 -06:00
Tasos Laskos
385d225305
Updated support for Web modules and analysis techniques (committing to new clean branch due to corruption)
2012-11-01 21:14:38 +02:00
m m
f7481b160c
add centos5 target
2012-10-31 18:21:41 +01:00
m m
f819ec8e75
typo
2012-10-30 17:19:23 +01:00
m m
3855ba88b1
add meterpreter/command support to samba exploit using ROP
2012-10-29 17:33:00 +01:00
Raphael Mudge
eee6248795
Armitage 10.16.12 - a lot of bug fixes.
2012-10-15 19:19:31 -04:00
jvazquez-r7
b4485fdb2b
added chm templates
2012-10-10 19:21:47 +02:00
sinn3r
858fd9ff43
Merge branch 'ropdb' of https://github.com/wchen-r7/metasploit-framework
2012-10-03 15:21:11 -05:00
sinn3r
ba1b65742e
Separate XML for various DLLs.
2012-10-02 11:27:10 -05:00
sinn3r
f2c7731b39
Add RopDb mixin
2012-10-01 17:09:01 -05:00
Cristiano Maruti
75f5e24178
Dell iDrac login aux scanner
2012-09-27 01:33:11 -05:00
scriptjunkie
10e1574d8a
Bugfix with dragging tabbed panes when right-clicked.
...
Also don't displaly annoying null pointer error when no connection.
2012-09-22 16:32:18 -05:00
James Lee
ac2ec99fb7
Add bin for mephos' netstat fixes
...
[Closes #777 ]
2012-09-12 16:57:17 -05:00
James Lee
46dfeec402
Adds meterpreter bins all compiled with the same VS
...
Not sure exactly what was causing the breakage, but using bins compiled
with the same version of Visual Studio seems to have fixed the issue.
[FixRM #7233 ]
2012-09-11 14:16:21 -05:00
sinn3r
c4fb285288
Merge branch 'armitage' of https://github.com/rsmudge/metasploit-framework into rsmudge-armitage
2012-09-05 13:48:09 -05:00
Raphael Mudge
e8b3f0193b
Armitage 09.05.12 - this release detects several user errors on startup (incorrect permissions, whitespace in the host/port/user/pass parameters, etc.). This release also cleans up the token stealing dialog.
2012-09-05 01:54:28 -04:00
h0ng10
2b6aa6bbdb
Added Exploit for deployfilerepository via JMX
2012-09-03 13:50:16 -04:00
James Lee
44801c217d
Linux bins for #609
2012-08-29 14:09:37 -05:00
James Lee
5a5ca66bff
Merge branch 'mephos-arp-linux' into rapid7
2012-08-29 11:19:04 -05:00
Patrick Webster
be63aad0d1
Added Windows wordlist.
2012-08-29 10:51:09 +10:00
James Lee
049494752c
Bins for #609 , adds netstat and arp cmds
2012-08-28 18:21:57 -05:00
jvazquez-r7
363c0913ae
changed dir names according to CVE
2012-08-28 16:33:01 +02:00