infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
42,130 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

21945 Commits (082ce7acb8e47be07434a51695197ae30d70dfe0)

Author SHA1 Message Date
James Lee 84dd5cd01a
Add a simple upload exec module 2017-04-17 19:34:21 -05:00
Nate Caroe 92e7183a74 Small typo fix 
Running msfconsole would generate an Ubuntu crash report (?). This seems to be the culprit.
 2017-04-17 11:14:51 -06:00
William Vu 942959f7e8
Land #8255, fixes for smb_ms17_010 2017-04-17 11:38:34 -05:00
Brent Cook 7b936b0012
Land #8184, convert IPMI protocol and modules to bindata 2017-04-17 07:40:15 -05:00
Brent Cook 6f70efcfa1 add module documentation 2017-04-17 07:39:43 -05:00
William Vu b1c7f1302b Fix report_vuln and prefer vprint_error 2017-04-17 02:48:56 -05:00
Ahmed S. Darwish e21504b22d huawei_hg532n_cmdinject: Use send_request_cgi() 'vars_get' key 
Instead of rolling our own GET parameters implementation.

Thanks @wvu-r7!
 2017-04-17 09:11:50 +02:00
nixawk 3d082814cb Fix default options 2017-04-17 01:09:48 -05:00
Ahmed S. Darwish 7daec53106 huawei_hg532n_cmdinject: Improve overall documentation 
- Add section on compiling custom binaries for the device
- Add documentation for Huawei's wget flavor (thanks @h00die)
- Abridge the module's info hash contents (thanks @wwebb-r7)
- Abridge the module's comments; reference documentation (@h00die)
 2017-04-17 08:00:51 +02:00
Ahmed S. Darwish 8a302463ab huawei_hg532n_cmdinject: Use minimum permissions for staged binary 
Use u+rwx permissions only, instead of full 777, while staging the
wget binary to target. As suggested by @wvu-r7 and @busterb.
 2017-04-17 03:27:57 +02:00
Ahmed S. Darwish 7ca7528cba huawei_hg532n_cmdinject: Spelling fixes suggested by @wvu-r7 2017-04-17 03:23:20 +02:00
Ahmed S. Darwish 7b8e5e5016 Add Huawei HG532n command injection exploit 2017-04-15 21:01:47 +02:00
Brent Cook 7950087804 Merge branch 'upstream-master' into land-8237- 2017-04-14 21:53:26 -05:00
nixawk fb001180c4 Fix generate_uri 2017-04-14 21:52:31 -05:00
nixawk 590816156f rename exp module 2017-04-14 21:32:48 -05:00
nixawk 1952529a87 Format Code 2017-04-14 21:30:26 -05:00
Brent Cook a9857eb1c2
Land #8099, Aux module to launch instances in AWS 2017-04-14 14:12:10 -05:00
Brent Cook 42122d2835
Land #8238, move SMB2 support back into smb_login, add simpler permissions checks 2017-04-14 14:06:46 -05:00
nixawk 8ab0b448fd CVE-2017-0199 exploit module 2017-04-14 13:22:59 -05:00
Brent Cook eb61241673
Land #8228, New mainframe privesc payload for z/OS 2017-04-14 13:19:41 -05:00
dmohanty-r7 d75f852d01
Land #8167, Add MS17-010 auxiliary detection module 2017-04-14 13:00:16 -05:00
David Maloney 91fb3ce6b8
collapse SMB2 support into smb_login 
converge the SMB and SMB loginscanners so that
there is only one SMB loginscanner that supports both

MS-2636
 2017-04-13 15:22:03 -05:00
David Maloney adeb4d10d7
smb2 login scanner admin check now working 
we can now check for admin privs in the smb2
login scanner

MS-2636
 2017-04-13 14:40:32 -05:00
William Webb 48560d29f3
remove keyscan_extract and modify calling modules 2017-04-13 10:42:28 -05:00
William Webb c21d78b23b
Land #8186, Convert DNS Fuzzer to use bindata 2017-04-11 23:27:08 -05:00
bigendiansmalls fa8011fd07 New mainframe privesc payload for z/OS 
This module performs a privilege escaltion on mainframe systems
runing z/OS and using RACF for their security manager.  A user
with any non-privileged credentials and the ability to write to
an apf authorized library can use this payload to add "root level"
privileges (e.g. SPECIAL / BPX.SUPERUSER) to their profile.
 2017-04-11 15:04:44 -05:00
William Webb c867b7e228
Land #8204, Add Cambian ePMP SNMP Configuration download 2017-04-11 10:59:13 -05:00
mr_me 3c2dc68e9c improved description, no point repeating the same thing\! 2017-04-11 09:55:11 -05:00
mr_me c359e15de6 updated the print statement 2017-04-11 09:31:17 -05:00
mr_me 84ac9d905c improved the description of the module 2017-04-11 09:24:43 -05:00
William Vu 288e384164
Land #8189, irssi password post gather module 2017-04-10 23:34:54 -05:00
Jonathan Claudius 96927b449c
Rework module to grab entire irssi configs 2017-04-11 00:02:40 -04:00
Jonathan Claudius 6a1531da34
Fix loot name attributes 2017-04-10 23:52:31 -04:00
Jonathan Claudius d92f94e077
Fix grammar issue 2017-04-10 23:44:18 -04:00
Jonathan Claudius d9e96a8b4f
Consolidate loot into single file 2017-04-10 23:42:50 -04:00
Jonathan Claudius 7f6bbb6ff2
Fix trailing space issue 2017-04-10 21:38:30 -04:00
Jonathan Claudius 9432a3543f
Extend irssi post mod to grab network passwords 2017-04-10 15:35:26 -04:00
mr_me b1d127e689 satisfied travis 2017-04-10 14:11:18 -05:00
Jonathan Claudius 47d74819a5
Update regex per reviewer request 2017-04-10 14:45:10 -04:00
Jonathan Claudius d816092c56
Fix missing new line 2017-04-10 14:41:25 -04:00
mr_me 0f07875a2d added CVE-2016-7552/CVE-2016-7547 exploit 2017-04-10 13:32:58 -05:00
William Vu 06ca406d18 Fix weird whitespace 2017-04-09 22:23:58 -05:00
zerosum0x0 f7c8bd2464 add rescue for ::Rex::Proto::SMB::Exceptions::LoginError 2017-04-07 15:37:56 -06:00
juushya 3c189f0cb0 Adding Cambium SNMP Loot module 2017-04-07 01:32:45 +05:30
Christian Mehlmauer 74dc7e478f
update piwik module 2017-04-05 20:19:07 +02:00
bwatters-r7 dd5a91f153
Land #8008, Added archmigrate module for windows sessions 2017-04-05 08:55:27 -05:00
Koen Riepe 08b2a97293
Changed styling to be more in line with rubocop. 2017-04-05 10:05:56 +02:00
Jonathan Claudius b8af7c1db0
Add irssi password post gather module 2017-04-05 00:56:24 -04:00
bwatters-r7 64c06a512e
Land #8020, ntfs-3g local privilege escalation 2017-04-04 09:48:15 -05:00
Brent Cook 891e7e465e convert DNS fuzzer to bindata 2017-04-04 03:03:32 -05:00
Brent Cook 46c7e822c8 convert IPMI protocol and modules to bindata 2017-04-04 02:44:17 -05:00
Brent Cook 98ffa4d380
Land #7652, add varnish cache CLI authentication scanner module 2017-04-02 21:52:45 -05:00
Brent Cook 4c0539d129
Land #8178, Add support for non-Ruby modules 2017-04-02 21:02:37 -05:00
h00die a34c01ebd2
Land #8137 shodan honeyscore module 2017-04-02 21:37:36 -04:00
h00die 0092818893
Land #8169 add exploit rank where missing 2017-04-02 20:59:25 -04:00
Bryan Chu 151ed16c02 Re-ranking files 
../exec_shellcode.rb
Rank Great -> Excellent

../cfme_manageiq_evm_upload_exec.rb
Rank Great -> Excellent

../hp_smhstart.rb
Rank Average -> Normal
 2017-04-02 18:33:46 -04:00
zerosum0x0 26fc6bc920 added report_vuln() 2017-04-01 21:48:19 -06:00
h00die e80b8cb373 move sploit.c out to data folder 2017-03-31 20:51:33 -04:00
William Webb 035f37cf42
Land #8144, Add Moxa Device Discovery Scanner Module 2017-03-31 19:11:27 -05:00
William Webb f870f94fa9
Land #8163, Add Cambium ePMP Arbitrary Command Execution 2017-03-31 19:06:19 -05:00
Adam Cammack 6910cb04dd
Add first exploit written in Python 2017-03-31 17:07:55 -05:00
h00die 823c1a6286 added more verifieds 2017-03-31 16:52:20 -04:00
h00die 23ac9214ea
land #8010 post gather module for tomcat creds 2017-03-31 16:15:55 -04:00
h00die 34a152dc76 handle no sysinfo from ssh_login 2017-03-31 16:15:16 -04:00
Pearce Barry ab4d86fd21
Land #8168, change description of alpha encoders 2017-03-31 11:37:12 -05:00
dmohanty-r7 1ce7bf3938
Land #8126, Add SolarWind LEM Default SSH Pass/RCE 2017-03-31 11:21:32 -05:00
dmohanty-r7 c445a1a85a
Wrap ssh.loop with begin/rescue 2017-03-31 11:16:10 -05:00
Koen Riepe 628827cda9
Added some documentation and gracefull error handeling. 2017-03-31 12:45:30 +02:00
Koen Riepe df2a9a4af3
Added documentation file and implemented fixes for output and linux parsing. 2017-03-31 11:19:12 +02:00
Bryan Chu 5e31a32771 Add missing ranks 
../exec_shellcode.rb
Rank = Great
This exploit is missing autodetection and version checks,
but should be ranked Great due to high number of possible targets

../cfme_manageiq_evm_upload_exec.rb
Rank = Great
This exploit implements a check to assess target availability,
and the vulnerability does not require any user action

../dlink_dcs_930l_authenticated_remote_command_execution
Rank = Excellent
Exploit utilizes command injection

../efw_chpasswd_exec
Rank = Excellent
Exploit utilizes command injection

../foreman_openstack_satellite_code_exec
Rank = Excellent
Exploit utilizes code injection

../nginx_chunked_size
Rank = Great
Exploit has explicit targets with nginx version auto-detection

../tp_link_sc2020n_authenticated_telnet_injection
Rank = Excellent
See dlink_dcs_930l_authenticated_remote_command_execution,
exploit uses OS Command Injection

../hp_smhstart
Rank = Average
Must be specific user to exploit, no autodetection,
specific versions only
 2017-03-31 02:39:44 -04:00
Christian Mehlmauer 0a398a59c5
change description 2017-03-30 20:06:23 +02:00
bwatters-r7 6bcb9b523b
Land #8165, Fix x86 mettle shellcode 2017-03-30 11:45:11 -05:00
zerosum0x0 4bd50b0ad2 Merge branch 'ms17-010' of github.com:RiskSense-Ops/metasploit-framework into ms17-010 2017-03-30 10:10:08 -06:00
zerosum0x0 a125566fc7
removed unnecessary arguments 2017-03-30 10:09:31 -06:00
Pearce Barry a13d6a7810
Land #8166, Add new SMB LoginScanner using RubySMB for SMB1/SMB2 Support 2017-03-30 11:08:17 -05:00
Pearce Barry ac83ff7e48
Land #8155, Style fixes for HWBridge RF and a couple small bug fixes 2017-03-29 20:37:13 -05:00
zerosum0x0 ef7de6d49e added MSB to description, moved a print statement 2017-03-29 17:43:49 -06:00
Carter 4bdbdc0e00 Fix response parsing 2017-03-29 18:21:12 -05:00
zerosum0x0 68f5c0e663
removed a print statement 2017-03-29 16:24:59 -06:00
zerosum0x0 7e6b8b02b8
replaced magic constant with setup_count 2017-03-29 15:37:28 -06:00
zerosum0x0 9923c39799
removed superfluous status 2017-03-29 15:32:29 -06:00
zerosum0x0 f0a1e12a7e
small typos 2017-03-29 15:30:35 -06:00
bwatters-r7 691811af5a
Land #7994, Add Windows Gather DynaZIP Saved Password Extraction post module 2017-03-29 16:04:09 -05:00
zerosum0x0 ffa376c514
added MS17-010 auxiliary detection module 2017-03-29 14:33:02 -06:00
David Maloney a571bcdba4
update module description 2017-03-29 13:58:36 -05:00
David Maloney 418e371e35
add SMB2 login scanner and module 
add smb2_login module backed by an smb2
LoginScanner class. This is a temporary alternative
to smb_login until ruby_smb catches up more on feature parity

MS-2557
 2017-03-29 11:36:33 -05:00
Adam Cammack 2758010355
Fix x86 mettle shellcode 2017-03-28 17:59:13 -05:00
juushya 30896d1fab Add Cambium ePMP Arbitrary Command Execution Module 2017-03-28 00:17:36 +05:30
William Webb 66a585ab41
Land #8050, Add Cambium ePMP System Hash Dumper 2017-03-27 12:08:53 -05:00
William Webb 935c59306b
Land #7897, Add Cambium ePMP 1000 Device Configuration file dumper 2017-03-27 12:05:11 -05:00
William Webb d705949b37
Land #7784, Cambium ePMP 1000 Login Scanner 2017-03-27 12:01:56 -05:00
Pearce Barry 31c03840bb
Style fixes for HWBridge RF and a couple small bug fixes 
I should have tweaked these earlier, my bad.
 2017-03-26 13:45:19 -05:00
juushya dd7cf39678 updated references 2017-03-25 12:31:08 +05:30
juushya 63d88c159a updated references 2017-03-25 12:27:38 +05:30
juushya fd5e25bcc2 restored version check 2017-03-25 12:08:00 +05:30
Javier Godinez 68e4b8a855 Updated user data param to load aggregator 2017-03-24 22:58:04 -07:00
Carter 82ebbfb9a7 Fix msftidy warnings 2017-03-24 23:12:48 -04:00
Carter 3e2173d4f9 Add key length check and remove mixin 
Also add a reference to the original honeyscore website
 2017-03-24 22:33:09 -04:00
Carter 581d523d5b Fix things from review 2017-03-24 21:22:23 -04:00
Pearce Barry 9db2e9fbcd
Land #8146, Add Default Secret & Deserialization Exploit for Github Enterprise 2017-03-24 14:38:47 -05:00