infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
37,418 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

642 Commits (05a91f1d823d43c68c8f5d1aef32b04e8d9473bc)

Author SHA1 Message Date
Donny Maasland d0845b8c66 msftidy fix 2015-07-01 12:50:34 +02:00
Donny Maasland a3db6c6ae3 Msftidy fix 2015-07-01 12:47:10 +02:00
Donny Maasland bd94f50fb0 add registry_persistence.rb 2015-07-01 12:26:46 +02:00
jvazquez-r7 7ccc86d338
Use cmd_exec 2015-06-26 11:54:19 -05:00
Spencer McIntyre 2206a6af73 Support older targets x86 for MS15-051 2015-06-25 09:33:15 +10:00
William Vu a149fb5710
Land #5554, @g0tmi1k's persistence improvements 
age aborts
age aborts
 2015-06-24 14:37:25 -05:00
William Vu e7e8135acd Clean up module 2015-06-24 14:35:10 -05:00
wchen-r7 dedfca163d Change check() 2015-06-22 15:05:12 -05:00
Spencer McIntyre efece12b40 Minor clean ups for ruby strings and check method 2015-06-21 16:07:44 -04:00
g0tmi1k 0b55a889d3 persistence - better ruby/msf fu 2015-06-18 21:10:16 +01:00
g0tmi1k a3debe1621 persistence - more options, more verbose 
...and less bugs!

+ Able to define the EXE payload filename
+ Able to setup a handler job
+ Able to execute persistence payload after installing
+ Performs various checks (should be more stable now)
+ Will display various warnings if your doing something 'different'
+ Added various verbose messages during the process
 2015-06-17 13:57:06 +01:00
OJ a6467f49ec Update description 2015-06-03 22:17:25 +10:00
OJ 455a3b6b9d
Add butchered version of CVE-2015-1701 2015-06-03 21:48:23 +10:00
James Lee d03ee5667b
Remove assigned but unused local vars 2015-06-01 16:45:36 -05:00
James Lee 7133f0a68e
Fix typo in author's name 2015-06-01 16:45:09 -05:00
jvazquez-r7 5bceeb4f27
Land #5349, @h0ng10's module for CVE-2015-2219 Lenovo System Update Local Privilege Escalation 2015-05-22 17:14:20 -05:00
jvazquez-r7 3aa1ffb4f5
Do minor code cleanup 2015-05-22 16:20:36 -05:00
Hans-Martin Münch (h0ng10) d99eedb1e4 Adding begin...ensure block 2015-05-17 20:48:11 +02:00
Hans-Martin Münch (h0ng10) acb053a2a7 CloseHandle cleanup 2015-05-17 20:39:10 +02:00
Hans-Martin Münch (h0ng10) e075495a5b string concatenation, clear \ handling 2015-05-15 06:51:42 +02:00
Hans-Martin Münch (h0ng10) 94d39c5c75 remove hard coded pipe name 2015-05-15 06:35:55 +02:00
Hans-Martin Münch (h0ng10) bb4f5da6d9 replace client.sys.config.getenv with get_env 2015-05-15 06:33:57 +02:00
Hans-Martin Münch (h0ng10) bba261a1cf Initial version 2015-05-15 00:36:03 +02:00
Tod Beardsley f423306b6f
Various post-commit fixups 
Edited modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb first landed
in #5150, @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys

Edited modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb
first landed in #5192, @joevennix's module for Safari CVE-2015-1126

Edited modules/auxiliary/gather/java_rmi_registry.rb first landed in

Edited modules/auxiliary/gather/ssllabs_scan.rb first landed in #5016,
add SSL Labs scanner

Edited modules/auxiliary/scanner/http/goahead_traversal.rb first landed
in #5101, Add Directory Traversal for GoAhead Web Server

Edited modules/auxiliary/scanner/http/owa_iis_internal_ip.rb first
landed in #5158, OWA internal IP disclosure scanner

Edited modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb
first landed in #5159, WordPress Mobile Edition Plugin File Read Vuln

Edited modules/exploits/linux/http/multi_ncc_ping_exec.rb first landed
in #4924, @m-1-k-3's DLink CVE-2015-1187 exploit

Edited modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb first
landed in #5131, WordPress Slideshow Upload

Edited modules/exploits/windows/local/run_as.rb first landed in #4649,
improve post/windows/manage/run_as and as an exploit

(These results courtesy of a delightful git alias, here:

```
  cleanup-prs = !"for i in `git status | grep modules | sed
s/#.*modules/modules/`; do echo -n \"Edited $i first landed in \" && git
log --oneline --first-parent $i | tail -1 | sed 's/.*Land //' && echo
''; done"

```

So that's kind of fun.
 2015-05-06 11:39:15 -05:00
jvazquez-r7 4224008709
Delete print_debug/vprint_debug 2015-04-21 11:14:03 -05:00
Christian Mehlmauer 352e170624
more failure reasons 2015-04-16 22:04:11 +02:00
Christian Mehlmauer ba6548db75
be consistent about naming 2015-04-16 21:44:56 +02:00
William Vu ef8c0aac69
Land #5020, spelling fixes for some modules 2015-03-28 00:36:04 -05:00
sinn3r 9cfafdd8b8
Land #4649, improve post/windows/manage/run_as and as an exploit 2015-03-27 17:31:30 -05:00
C-P f129347b51 Filed vs Failed fix 2015-03-27 11:28:50 -07:00
Tod Beardsley 49a6057f74
Grammaring harder 2015-03-24 11:10:36 -05:00
sinn3r 0c2ed21e90
Land #4318, Lateral movement through PSRemoting 2015-03-20 11:39:35 -05:00
sinn3r 23d8479683 Fix typo 2015-03-20 11:39:00 -05:00
sinn3r 0da79edb9c Add a print_status to let the user know the module is over 
If I have to run the module as a job, sometimes I can't tell if
the module has finished running or not.
 2015-03-20 11:35:18 -05:00
Meatballs 6ceab3d02d
Add a DisclosureDate 2015-03-18 23:51:18 +00:00
jvazquez-r7 1ead57a80d
Land #4928, @h0ng10's local exploit for iPass Mobile Client 2015-03-13 16:58:45 -05:00
jvazquez-r7 9894a3dc54 Change module filename 2015-03-13 16:53:17 -05:00
jvazquez-r7 b4de3ce42b Do minor cleanup 2015-03-13 16:52:26 -05:00
Hans-Martin Münch (h0ng10) b0e730d5ae Typo 2015-03-13 20:41:14 +01:00
Hans-Martin Münch (h0ng10) 726f01b8cc Initial version 2015-03-13 20:33:45 +01:00
Sigurd Jervelund Hansen c6cb1e840d Fixes persistence module by revering changes to the value returned by the write_script_to_target function, which screws up the path that is used for startup. Currently an escaped path "C://Users//..." is being used instead of using windows standards "C:\Users\...". 2015-03-10 10:26:03 +01:00
William Vu ff73b4d51a Fix duplicate hash key "DefaultOptions" 
In modules/exploits/windows/local/pxeexploit.rb.
 2015-02-24 05:19:48 -06:00
sinn3r aa8a82f44f Update MS15-001 reference 2015-02-21 08:39:21 -06:00
Jay Smith e40772efe2
Fixed open device issue for non-priv users 
Fixed the open_device call to work for users without Administrator
privileges
 2015-02-18 12:44:58 -05:00
Tod Beardsley e78d08e20d
Fix up titles, descriptions 2015-02-12 12:11:40 -06:00
William Vu 309159d876
Land #4753, updated ms14_070_tcpip_ioctl info 2015-02-12 09:57:29 -06:00
Spencer McIntyre 8ab469d3bd Update ms14-070 module information and references 2015-02-12 09:51:01 -05:00
William Vu b894050bba Fix local/pxeexploit datastore 2015-02-11 12:19:56 -06:00
Spencer McIntyre 4e0a62cb3a
Land #4664, MS14-070 Server 2003 tcpip.sys priv esc 2015-02-05 18:49:15 -05:00
Spencer McIntyre a359fe9acc Minor fixup on the ms14-070 module description 2015-02-05 18:41:58 -05:00
Spencer McIntyre dc13446536 Forgot to comment ret instruction 2015-02-05 14:09:01 -05:00
Spencer McIntyre 5a39ba32f6 Make the ret instruction for token stealing optional 2015-02-05 14:00:38 -05:00
Spencer McIntyre dabc163076 Modify the shellcode stub to save the process 2015-02-05 13:54:52 -05:00
Tod Beardsley c633c710bc
Mostly caps/grammar/spelling, GoodRanking on MBAM 2015-02-05 12:36:47 -06:00
Spencer McIntyre aebf5056ac Dont compare a string to an integer 2015-02-04 16:55:43 -05:00
jvazquez-r7 d211488e5d Add Initial version 2015-02-01 19:47:58 -06:00
Jay Smith 6c529f8f6b
Addressed feedback from @OJ and @zeroSteiner 2015-01-29 11:57:03 -05:00
Jay Smith 064ca2d02e
Updated version checking 2015-01-28 18:25:30 -05:00
Jay Smith 37c08128dc
Add in MS14-070 Priv Escalation for Windows 2003 2015-01-28 13:24:39 -05:00
Meatballs c9ca85fba8
Bail out as SYSTEM 2015-01-27 17:23:57 +00:00
Meatballs b7e9c69f72
Fix x64 injection 2015-01-27 16:34:06 +00:00
Meatballs 215a590940
Refactor and fixes for post module 2015-01-27 16:14:59 +00:00
Meatballs ea25869312
Refactor to common module 2015-01-27 10:47:02 +00:00
Meatballs 93537765d0
Add TODO 2015-01-26 15:59:22 +00:00
Meatballs 5ae65a723f
Initial 2015-01-26 15:57:52 +00:00
Brent Cook a2a1a90678
Land #4316, Meatballs1 streamlines payload execution for exploits/windows/local/wmi 
also fixes a typo bug in WMIC
 2015-01-16 11:16:22 -06:00
Brent Cook c1e604f201
Land #4562: wchen-r7's CVE addition 2015-01-15 14:34:37 -06:00
Brent Cook 47cd5a3e59
Land #4562, wchen-r7's Win8 NtApphelpCacheControl privilege escalation 2015-01-15 13:52:07 -06:00
sinn3r 09eaf80a90 Add CVE 2015-01-15 13:22:00 -06:00
sinn3r 34bbc5be90 print error message about limitation 2015-01-11 20:12:40 -06:00
sinn3r 46d1616994 Hello ARCH_X86_64 2015-01-10 06:16:22 -06:00
sinn3r 3c8be9e36d Just x86 2015-01-09 19:12:51 -06:00
sinn3r 74e8e057dd Use RDL 2015-01-09 19:02:08 -06:00
sinn3r ee5c249c89 Add EDB reference 2015-01-09 00:19:12 -06:00
sinn3r 75de792558 Add a basic check 2015-01-09 00:03:39 -06:00
sinn3r 4911127fe2 Match the title and change the description a little bit 2015-01-08 21:48:01 -06:00
sinn3r b7b3ae4d2a A little randomness 2015-01-08 21:25:55 -06:00
sinn3r b65013c5c5 Another update 2015-01-08 18:39:04 -06:00
sinn3r b2ff5425bc Some changes 2015-01-08 18:33:30 -06:00
sinn3r 53e6f42d99 This works 2015-01-08 17:57:14 -06:00
sinn3r 7ed6b3117a Update 2015-01-08 17:18:14 -06:00
Brent Cook fb5170e8b3
Land #2766, Meatballs1's refactoring of ExtAPI services 
- Many code duplications are eliminated from modules in favor of shared
   implementations in the framework.
 - Paths are properly quoted in shell operations and duplicate operations are
   squashed.
 - Various subtle bugs in error handling are fixed.
 - Error handling is simpler.
 - Windows services API is revised and modules are updated to use it.
 - various API docs added
 - railgun API constants are organized and readable now.
 2015-01-08 16:54:01 -06:00
sinn3r 0e6c7181b1 "Stash" it 2015-01-08 14:13:14 -06:00
Meatballs a9fee9c022
Fall back to runas if UAC disabled 2015-01-08 11:07:57 +00:00
OJ 844460dd87
Update bypass UAC to work on 8.1 and 2012 
This commit contains a bunch of work that comes from Meatballs1 and
Lesage, and updates the bypassuac_inject module so that it works on
Windows 8.x and Windows 2012. Almost zero of the code in this module
can be attributed to me. Most of it comes from Ben's work.

I did do some code tidying, adjustment of style, etc. but other than
that it's all down to other people.
 2015-01-08 15:39:19 +10:00
sinn3r c60b6969bc Oh so that's it 2015-01-07 10:39:46 -06:00
Meatballs dd5c638ab0
Merge remote-tracking branch 'upstream/master' into extapi_service_post 2015-01-05 22:18:44 +00:00
sinn3r 3c755a6dfa Template 2015-01-02 11:31:28 -06:00
jvazquez-r7 ebb05a64ea
Land #4357, @Meatballs1 Kerberos Support for current_user_psexec 2014-12-23 20:38:31 -06:00
Jon Cave 44084b4ef6 Correct Microsoft security bulletin for ppr_flatten_rec 2014-12-22 10:40:23 +00:00
HD Moore 4fc4866fd8 Merge code in from #2395 2014-12-12 16:22:51 -06:00
Meatballs c813c117db
Use DNS names 2014-12-10 22:25:44 +00:00
Meatballs b634bde8a1
Lateral movement through PSRemoting 2014-12-04 22:06:28 +00:00
Meatballs e471271231
Move comment 2014-12-04 20:24:37 +00:00
Meatballs c14ba11e79
If extapi dont stage payload 2014-12-04 20:17:48 +00:00
jvazquez-r7 145e610c0f Avoid shadowing new method 2014-11-17 12:22:30 -06:00
jvazquez-r7 6574db5dbb Fix the 64 bits code 2014-10-30 17:01:59 -05:00
jvazquez-r7 5e0993d756
Add OJ as author 2014-10-28 09:58:34 -05:00
Spencer McIntyre 830f631da4 Make the check routine less strict 2014-10-27 12:51:20 -04:00
Spencer McIntyre 46b1abac4a More robust check routine for cve-2014-4113 2014-10-27 11:19:12 -04:00