infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
48,569 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

48569 Commits (0b48d2371de360c66ecdcca0dfebb67386b15ecc)

Author SHA1 Message Date
OJ 8d6fcefccc
Fix crash when using sessions -x 2018-09-11 13:28:33 +10:00
Metasploit 671cda076b
automatic module_metadata_base.json update 2018-09-10 14:33:40 -07:00
Brent Cook a3d74d926c
Land #9897, Fix #8404 ListenerComm Support For Exploit::Remote::TcpServer 2018-09-10 16:25:55 -05:00
Metasploit 0d774e1cd2
automatic module_metadata_base.json update 2018-09-10 13:49:36 -07:00
Brent Cook ea2fcb6fc4
Land #10593, Refactor SSH mixins and update modules 2018-09-10 15:38:53 -05:00
Metasploit a0e0d1d626
automatic module_metadata_base.json update 2018-09-10 13:33:19 -07:00
William Vu 87eb600510
Land #10611, mRemote creds gather module fixes 
Also update #10612 to align with these changes.
 2018-09-10 15:25:09 -05:00
William Vu 93a73f5e71 Fix store_loot OID 
It's supposed to be a loot type, not the filename (now stored).
 2018-09-10 15:19:28 -05:00
Metasploit 2a307236d0
automatic module_metadata_base.json update 2018-09-10 13:15:11 -07:00
William Vu 8b4820004d
Land #10612, store_loot text/xml ctype fixes 2018-09-10 15:07:06 -05:00
William Vu 3ec4d2f22b Normalize loot type OID 
1. Include the vendor, product, and technology
2. Content type is already reported, extension changed
3. Original filename including extension is also reported

Can we get some sort of standard on the OID?
 2018-09-10 15:06:07 -05:00
Metasploit e3b28051b3
automatic module_metadata_base.json update 2018-09-10 09:57:17 -07:00
Jacob Robles 3d5da50b12
Land #10598, Store Credentials Found with PhpMyAdmin Password Extractor 2018-09-10 11:49:52 -05:00
h00die 39a2d9d2a8 save xml files as xml 2018-09-09 21:24:39 -04:00
h00die 0072d9b9b1 save as xml since it is 2018-09-09 21:22:15 -04:00
h00die 70e22707c0 vi loves tabs but i dont 2018-09-09 21:19:17 -04:00
h00die f926f6e9af fix pathing in mremoteng 2018-09-09 21:07:47 -04:00
Metasploit 741bbefae8
automatic module_metadata_base.json update 2018-09-07 13:01:40 -07:00
Wei Chen 718aaca0f4
Land #10546, Add Apache Struts exploit: CVE-2018-11776 2018-09-07 14:54:23 -05:00
Metasploit af993af870
automatic module_metadata_base.json update 2018-09-07 12:50:44 -07:00
Wei Chen bd50e00ccc Make some small changes: 
Changes made:

* DisclosureDate
* Privileged to false
* Remove gsub for ';'
* Set cmd/unix/generic as the default payload for ARCH_CMD (linux)
 2018-09-07 14:48:33 -05:00
William Vu 7f20178a05
Land #10604, CVE for ghostscript_failed_restore 2018-09-07 14:33:42 -05:00
William Vu b3cd4a89ad Move CVE ref to top as per ~standard~ 2018-09-07 14:33:25 -05:00
Adam Cammack 68ca771764
Add CVE reference to ghostscript_failed_restore.rb 2018-09-07 14:24:15 -05:00
Adam Cammack 541903936b
Land #10602, Fix windows/shell/reverse_ord_tcp doc 2018-09-07 12:06:13 -05:00
Brent Cook 55ae02ba4e DRY up doc generator 2018-09-07 11:47:29 -05:00
Brent Cook 9abb6aebb3 Fixup reverse_ord_tcp docs 2018-09-07 11:47:14 -05:00
asoto-r7 99ca6cef49
Quote-block cleanup and improved error handling 2018-09-07 11:43:04 -05:00
Shelby Pace dbace01015
modified regex lines 2018-09-07 11:13:09 -05:00
Shelby Pace 18ffd36409
storing config file, changed regex 2018-09-07 08:13:10 -05:00
asoto-r7 3671f8f6b0
Handling for Tomcat namespace issues, 'allowStaticMethodAccess' settings, and payload output 
Depending on the configuration of the Tomcat server, `allowStaticMethodAccess` may already be set.  We now try to detect this as part of `profile_target`.  But that check might fail.  If so, we'll try our best and let the user control whether we prepend OGNL to enable `allowStaticMethodAccess` via the 'ENABLE_OGNL' option.

Additionally, sometimes enabling `allowStaticMethodAccess` will cause the OGNL query to fail.

Additionally additionally, some Tomcat configurations won't provide output from the payload.  We'll detect that the payload ran successfully, but tell the user there was no output.
 2018-09-06 17:56:42 -05:00
Erin Bleiweiss 1eb703b1b5
Refactor initialization of module's notes attribute 2018-09-06 16:15:52 -05:00
Erin Bleiweiss 41d12166fd
Use a string hash key for documentation 2018-09-06 15:57:52 -05:00
Erin Bleiweiss b7ee406203
Use a 'reduce' to transform notes 2018-09-06 15:50:23 -05:00
Erin Bleiweiss 876240d18c Condense note transformation inside mod_meta_common 2018-09-06 15:48:22 -05:00
asoto-r7 7eb06b4592
Address travis errors: Updated metadata and target OS logic 2018-09-06 12:43:56 -05:00
Shelby Pace 36d125e1a8
modified line in scenarios output 2018-09-06 12:15:04 -05:00
Shelby Pace 50df5e386a
modified doc to reflect new output 2018-09-06 12:11:14 -05:00
Metasploit 8850411807
Weekly dependency update 2018-09-06 10:04:57 -07:00
Shelby Pace 6c3b1081ea
added function to grab and store user and passwd 2018-09-06 12:03:00 -05:00
asoto-r7 cb16f812ec
struts2_namespace_ognl updates from code review 
Thanks to @wvu, @firefart, and @wchen!
 2018-09-06 11:50:57 -05:00
Metasploit 9d7c37a411
automatic module_metadata_base.json update 2018-09-06 04:00:16 -07:00
Brent Cook dd476066cf
Land #10584, fix session upgrade HANDLE_TIMEOUT and upgrading osx shells 2018-09-06 05:52:40 -05:00
pwnforfun e1ec0ec899 hash_dump now working properly up to Mac OS X High Sierra (10.13.6 included) 2018-09-06 12:00:36 +02:00
William Vu 35fb0d19ab Refactor SSH mixins and update modules 2018-09-05 23:53:11 -05:00
Metasploit 0777e5d448
automatic module_metadata_base.json update 2018-09-05 19:56:26 -07:00
Wei Chen d23b252393
Land #10592, support ERB for foxit_reader_uaf.rb 2018-09-05 21:48:52 -05:00
Wei Chen 254e8b9fd0 Cleanup for foxit_reader_uaf 2018-09-05 21:47:57 -05:00
Metasploit d764b53ca2
automatic module_metadata_base.json update 2018-09-05 19:15:08 -07:00
Wei Chen 266dec45cd
Land #10564, Add Ghostscript exploit from taviso 2018-09-05 21:07:50 -05:00