infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
41,106 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

21506 Commits (184707c6fc0e19271b903a04a56e0d75ee17cb68)

Author SHA1 Message Date
Carter f5450a718a Add TARGETURI datastore option 2017-02-06 11:54:29 -05:00
Carter 99227aca1a Fix things from review 2017-02-06 09:44:35 -05:00
sekritskwurl 0cec4be107 Android Stageless Meterpreter over HTTPS 
Change to add functionality for stateless meterpreter over HTTPS
 2017-02-06 14:59:43 +04:00
William Vu 8af966a132 Add WordPress content injection module 2017-02-06 04:40:26 -06:00
Carter fb7e5ff847 Fix more msftidy warnings 2017-02-05 14:00:05 -05:00
Carter f08590982c Fix some msftidy warnings 2017-02-05 13:58:01 -05:00
Carter 609ea3700a Create netgear_password_disclosure.rb 2017-02-05 13:39:58 -05:00
MatToufoutu db77061719 do not add closed ports to database 2017-02-04 16:24:40 +01:00
Tim 9e0cb9797b
python -c payload -> echo payload | python 2017-02-04 17:57:17 +08:00
juushya d305f895ff Fixed a typo space 2017-02-04 11:59:45 +05:30
juushya 36416c20cb Updated check for extract fail case now + Minor edits 2017-02-04 03:00:31 +05:30
wchen-r7 c73c189a61 Set DisablePayloadHandler default to true 2017-02-03 11:25:50 -06:00
James Lee 83cb65d3a2
Don't spin CPU if an fopen fails 
Because PHP is happy to continue on just fine in that case and the loop
below will run unbounded spewing warnings about reading from `false`.
 2017-02-02 19:07:58 -06:00
James Lee 3c7f78167a
Push up the preamble and modernize style 2017-02-02 17:57:03 -06:00
wchen-r7 ccaa783a31 Add Microsoft Office Word Macro exploit 2017-02-02 17:44:55 -06:00
James Lee ff20cf911c
Move the preamble above all other code 2017-02-02 14:53:53 -06:00
Pearce Barry 23c2787d57
Land #7795, Hardware Bridge API. 
Initial bridge API that supports the HW rest protocol.
 2017-02-02 08:47:59 -06:00
Pearce Barry 16de745437
Minor code cleanups/corrections. 2017-02-01 16:12:45 -06:00
wchen-r7 3c6fa12aca Update firefox_smil_uaf to use BrowserExploitServer 2017-01-31 16:04:16 -06:00
William Webb 2ff170a1fa
Land #7820, Exploit for TrueOnline Billion 5200W-T 2017-01-31 11:33:56 -06:00
William Webb f167358540
Land #7821, Command Injection Exploit for TrueOnline ZyXEL P660HN 2017-01-31 11:28:46 -06:00
William Webb b3521dfb69
Land #7822, Command Injection Exploit for TrueOnline P660HN v2 2017-01-31 11:22:49 -06:00
William Webb dd60fc3598
move cisco_webex_ext to exploits/windows/browser/ 2017-01-27 16:59:20 -06:00
Brent Cook 3c9b1be649
Land #7883, Fix cisco_firepower_download to pass the username properly 2017-01-27 16:31:06 -06:00
Brent Cook 4480ea7877
Land #7827, Cisco Firepower Management Console LoginScanner 2017-01-27 16:26:40 -06:00
Brent Cook 171cc7d54e slight wording tweak 2017-01-27 16:26:23 -06:00
wchen-r7 e6de951e3e Fix cisco_firepower_download to pass the username properly 2017-01-27 16:25:34 -06:00
Brent Cook a4dd1fc846
Land #7805, Add CVE-2016-6435 - Cisco Firepower Management Console Dir Traversal 2017-01-27 16:09:14 -06:00
wchen-r7 38ea62f311
Land #7871, Add Cisco WebEx Extension 1.0.1 Remote Code Execution 2017-01-27 15:37:27 -06:00
h00die f846535d78
Land #7876 which adds an Advantech Webaccess credential gatherer 2017-01-26 19:37:36 -05:00
wchen-r7 fd6a58a348 URI decode users 2017-01-26 18:30:17 -06:00
wchen-r7 e47f38b3c9 Look at the right link to extract users 2017-01-26 18:20:06 -06:00
wchen-r7 ba50f2f88b Fix nil for empty pass 2017-01-26 17:51:20 -06:00
wchen-r7 55b9c15d68 Pass should not be forced 2017-01-26 17:48:41 -06:00
wchen-r7 4ee0a380d1 Update module description 2017-01-26 16:35:15 -06:00
wchen-r7 72b654c9b1 Update description 2017-01-26 14:58:02 -06:00
wchen-r7 94bc44b485 Add Advantech WebAccess Post Auth Credential Collector 2017-01-26 14:53:59 -06:00
wchen-r7 781bc8420a Add Advantech WebAccess LoginScanner module 2017-01-26 13:54:50 -06:00
William Webb 94f9971300
add module doc and remove the word EXPLOIT from document title 2017-01-26 13:36:18 -06:00
William Webb d87cb4b085
nfi why i didnt set ssl by default 2017-01-25 21:02:34 -06:00
William Webb ad0e2c7d95
remove extraneous warning alerts 2017-01-25 18:53:54 -06:00
William Webb d2bc8c7f7e
msftidy complaints 2017-01-25 18:24:10 -06:00
William Webb 10066e0c16
get your targets straight son 2017-01-25 18:21:58 -06:00
William Webb d4b18bb3b9
initial commit of webex rce mod 2017-01-25 18:03:19 -06:00
bwatters-r7 923184f5c5
Land #7870 Bump metasploit-payloads to 1.2.11 to incorporate: 
https://github.com/rapid7/metasploit-payloads/pull/163
https://github.com/rapid7/metasploit-payloads/pull/166
 2017-01-25 10:44:20 -06:00
bwatters-r7 2f5845bdd7 Update cached size for payloads 2017-01-25 10:26:46 -06:00
Brent Cook 9414b8ff4e
update payload sizes 2017-01-25 03:47:44 -06:00
William Vu 48ed8a72c2 Add helpful comment 2017-01-24 20:03:39 -06:00
William Vu ec8add6caa Always check and print status 2017-01-24 20:00:17 -06:00
William Vu 42a8e2a113 Remove extraneous variable 2017-01-24 19:50:31 -06:00
William Vu 97050a6c47 Fix nil bug in scan 2017-01-24 19:49:23 -06:00
wchen-r7 f4db90edeb
Land #7852, Firefox nsSMILTimeContainer::NotifyTimeChange() rce 2017-01-23 11:56:01 -06:00
wchen-r7 04648888b3 Be conservative and do NormalRanking 2017-01-23 11:55:30 -06:00
Brent Cook ff2b8dcf99
Revert "Land #7605, Mysql privilege escalation, CVE-2016-6664" - premature merge 
This reverts commit 92a1c1ece4, reversing
changes made to 9b16cdf602.
 2017-01-22 19:16:33 -06:00
Brent Cook 92a1c1ece4
Land #7605, Mysql privilege escalation, CVE-2016-6664 2017-01-22 17:17:28 -06:00
Brent Cook 15a4ec629b remove TRUE 2017-01-22 10:20:03 -06:00
Brent Cook 836da6177f Cipher::Cipher is deprecated 2017-01-22 10:20:03 -06:00
Brent Cook f69b4a330e handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations 2017-01-22 10:20:03 -06:00
h00die 12a4a62737
Land #7848, a Disk Savvy Enterprise bof 2017-01-21 09:11:43 -05:00
Gabor Seljan bda464fd6b Increase output 2017-01-21 10:51:58 +01:00
Gabor Seljan e3043b0889 Use random string as egg 2017-01-21 10:28:47 +01:00
Gabor Seljan c47f087c83 Fix check code 2017-01-21 09:39:09 +01:00
William Webb 0eb5342d83
disclosure date 2017-01-20 11:57:50 -06:00
William Webb d8f04ccc18
address msftidy complaints 2017-01-20 11:56:11 -06:00
William Webb fb74b2d8f3
initial commit of finished product 2017-01-20 11:01:36 -06:00
Jin Qian b4d3e9da8d This closes #7849 on the confusing message. 
Use result.proof which has the right message. Thanks to Wei for pointing it
 2017-01-19 15:39:10 -06:00
Gabor Seljan 905213cc41 Add module for DiskSavvy Enterprise (EDB-40854) 2017-01-19 20:34:00 +01:00
wchen-r7 b5f41b2915 Update advantech_webaccess_dbvisitor_sqli name 2017-01-18 11:09:52 -06:00
wchen-r7 82ab4fc630 Update cisco_firepower_download module & documentation 2017-01-17 13:58:10 -06:00
wchen-r7 dd60e1a113
Land #7833, update tomcat_administration module documentation 2017-01-17 13:46:37 -06:00
bwatters_r7 4035dd7485
Land #7796, Improve zip module windows script fallback 2017-01-17 10:59:04 -06:00
Pedro Ribeiro 2dca53e19a Add full disclosure link 2017-01-17 11:09:44 +00:00
Pedro Ribeiro 1160a47b55 Add full disclosure link 2017-01-17 11:09:29 +00:00
Pedro Ribeiro c2cd26a6e1 Add full disclosure link 2017-01-17 11:09:11 +00:00
juushya 657c7444bf rubocop check & msftidy clean. Few updates. 2017-01-17 00:17:57 +05:30
h00die c31d398549 more description 2017-01-16 09:46:56 -05:00
wchen-r7 a687073416 Add Cisco Firepower Management Console LoginScanner 2017-01-13 16:59:20 -06:00
bwatters_r7 bcbb7b86d6 Changed encoding on jscript contents before uploading it 2017-01-13 16:19:58 -06:00
bwatters_r7 64550a188a
Land #7797, Add module for DiskBoss Enterprise (EDB-40869) 2017-01-13 08:55:24 -06:00
Pedro Ribeiro 7fafade128 fix msftidy stuff v2 2017-01-12 18:06:13 +00:00
Pedro Ribeiro ba8dfbd9f1 fix msftidy stuff 2017-01-12 18:05:54 +00:00
Pedro Ribeiro f88e68da25 fix msftidy stuff 2017-01-12 18:04:58 +00:00
Pedro Ribeiro 2274e38925 fix msftidy stuff 2017-01-12 18:03:12 +00:00
Pedro Ribeiro b863db9d02 add billion sploit 2017-01-12 17:51:24 +00:00
Pedro Ribeiro 2827a7ea1a add 660v2 sploit 2017-01-12 17:50:57 +00:00
Pedro Ribeiro af2516d074 add 660v1 sploit 2017-01-12 17:49:28 +00:00
Gabor Seljan 483865b815 Fix reference 2017-01-11 23:28:23 +01:00
wchen-r7 abab1f17c9
Merge master to cisco_cve_2016_6433 and make sure I have the latest 2017-01-11 14:39:52 -06:00
Brent Cook 2585c8c8b5
Land #7461, convert futex_requeue (towelroot) module to use targetting and core_loadlib 2017-01-11 13:24:25 -06:00
Brent Cook 43493e310e
update payload sizes 2017-01-10 16:54:31 -06:00
Gabor Seljan 24014d8465 Minor code formatting 2017-01-10 22:59:42 +01:00
Craig Smith 8635925658 Fixed a typo about gathering realtime PIDs. 2017-01-10 13:20:04 -08:00
wchen-r7 18347a8de7
Land #7774, Fix pivoting of UDP sockets in scanners 2017-01-10 13:57:28 -06:00
wchen-r7 8194603725 Add CVE-2016-6435 - Cisco Firepower Management Console Dir Traversal 2017-01-09 14:39:37 -06:00
wchen-r7 74cea5dd04 Use Linux payloads instead of cmd/unix/interact 
As of now, cmd/unix/interact causes msfconsole to freeze, so
we can't use this.
 2017-01-09 11:11:17 -06:00
Gabor Seljan 9162374ae3 Add automatic targeting 2017-01-08 11:23:18 +01:00
juushya 93168648b4 Minor update in description 2017-01-08 13:28:07 +05:30
Gabor Seljan d2472712f3 Add module for DiskBoss Enterprise (EDB-40869) 2017-01-07 19:44:38 +01:00
Brent Cook cdcf4cce7d improve zip module windows script fallback 
- handle non-English locales
 - wait more reliably, handle network paths where FS info gets stale
 - use absolute paths correctly
 2017-01-07 12:27:03 -06:00
Craig Smith 5f07bca775 Hardware Bridge API. Initial bridge API that supports the HW rest protocol specified here: 
http://opengarages.org/hwbridge  Supports an automotive extension with UDS calls for mdoule
development.
 2017-01-06 19:51:41 -08:00