infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
45,291 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

195 Commits (1c21ec588ac406ca307bad9fef1c9e2dd5ec3086)

Author SHA1 Message Date
Brent Cook 005d34991b update architecture 2016-11-20 19:09:33 -06:00
Brent Cook f313389be4 Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch 2016-11-20 19:08:56 -06:00
h00die cfd31e32c6 renaming per @bwatters-r7 comment in #7491 2016-11-18 13:52:09 -05:00
Pearce Barry 9eb9d612ca
Minor typo fixups. 2016-11-11 16:54:16 -06:00
Pearce Barry 1dae206fde
Land #7379, Linux Kernel BPF Priv Esc (CVE-2016-4557) 2016-11-11 16:50:20 -06:00
William Vu eca4b73aab
Land #7499, check method for pkexec exploit 2016-11-03 10:59:06 -05:00
William Vu 1c746c0f93 Prefer CheckCode::Detected 2016-11-03 11:14:48 +01:00
William Vu 2cdff0f414 Fix check method 2016-11-03 11:14:48 +01:00
William Webb 31b593ac67
Land #7402, Add Linux local privilege escalation via overlayfs 2016-11-01 12:46:40 -05:00
OJ 3c56f1e1f7
Remove commented x64 arch from sock_sendpage 2016-11-01 01:29:11 +10:00
OJ 1d617ae389
Implement first pass of architecture/platform refactor 2016-10-28 07:16:05 +10:00
Julien (jvoisin) Voisin 23ab4f1fc1 Remove one last tab 2016-10-27 12:32:40 +02:00
Julien (jvoisin) Voisin d9f07183bd Please h00die ;) 2016-10-27 12:18:33 +02:00
Julien (jvoisin) Voisin 2ac54f5028 Add a check for the linux pkexec module 2016-10-27 10:28:13 +02:00
h00die 0d1fe20ae5 revamped 2016-10-15 20:57:31 -04:00
h00die 12493d5c06 moved c code to external sources 2016-10-13 20:37:03 -04:00
Pearce Barry 7b84e961ed
Minor output correction. 2016-10-09 19:01:06 -05:00
h00die 7e6facd87f added wrong file 2016-10-09 09:49:58 -04:00
h00die 2c4a069e32 prepend fork fix 2016-10-09 09:40:44 -04:00
h00die 2dfebe586e working cve-2014-0038 2016-10-08 23:58:09 -04:00
h00die 27cf5c65c4 working module 2016-10-04 23:21:53 -04:00
h00die 75bea08e0e changing branches 2016-10-04 21:08:12 -04:00
h00die e6daef62b4 egypt 2016-10-03 20:24:59 -04:00
h00die 7b0a8784aa additional doc updates 2016-09-29 19:02:16 -04:00
h00die bac4a25b2c compile or nill 2016-09-29 06:15:17 -04:00
h00die 4fac5271ae slight cleanup 2016-09-29 05:51:13 -04:00
h00die c036c258a9 cve-2016-4557 2016-09-29 05:23:12 -04:00
jvoisin 2272e15ca2 Remove some anti-patterns, in the same spirit than #7372 2016-09-29 00:15:01 +02:00
William Vu 988471b860
Land #7372, useless use of cat fix 
Obligatory: modules/exploits/linux/local/kloxo_lxsuexec.rb.
 2016-09-28 16:37:11 -05:00
William Vu 3033c16da6 Add missing rank 2016-09-28 16:37:04 -05:00
jvoisin b46073b34a Replace `cat` with Ruby's `read_file` 
Thanks to wvu-r7 for the comment
 2016-09-28 23:22:19 +02:00
William Vu 45ee59581b
Fix inverted logic in Docker exploit 
Positive condition should be tested first, imo. Confusing otherwise. My
bad, though.

Credit to @fslavin-r7.
 2016-09-28 15:36:09 -05:00
Julien (jvoisin) Voisin dbb2abeda1 Remove the `cat $FILE | grep $PATTERN` anti-pattern 
The `kloxo_lxsuexec.rb` and `netfilter_pvi_esc.rb` exploits
were using the infamous `cat+grep` anti-pattern, this commit
replaces it with `cat` and Ruby's `.include?` method.
 2016-09-28 13:41:25 +02:00
Pearce Barry 6382fffc75
Land #7326, Linux Kernel Netfilter Privesc 2016-09-26 12:38:50 -05:00
h00die 23e5556a4c binary drops work! 2016-09-24 21:31:00 -04:00
h00die 7646771dec refactored for live compile or drop binary 2016-09-22 20:07:07 -04:00
h00die edd1704080 reexploit and other docs and edits added 2016-09-18 09:01:41 -04:00
h00die 4f85a1171f reexploit and other docs and edits added 2016-09-18 08:51:27 -04:00
William Vu 4d0643f4d1
Add missing DefaultTarget to Docker exploit 2016-09-16 13:09:00 -05:00
William Vu da516cb939
Land #7027, Docker privesc exploit 2016-09-16 12:44:21 -05:00
h00die 4be4bcf7eb forgot updates 2016-09-16 02:08:09 -04:00
h00die 2e42e0f091 first commit 2016-09-16 01:54:49 -04:00
William Vu c6214d9c5e Fix and clean module 2016-09-14 14:36:29 -05:00
William Vu 2b6576b038
Land #7012, Linux service persistence module 2016-08-17 22:45:35 -05:00
forzoni 6f35a04e21 Incorporate review fixes, ensure PrependFork is true, fix echo compat. 2016-07-19 01:45:56 -05:00
h00die 03dca5fee2 updates round 2 2016-07-15 09:02:23 -04:00
h00die 33ce3ec3ed fixes round 2 2016-07-15 08:44:39 -04:00
forzoni d414ea59c3 Remove bash dependency. Oops. 2016-06-28 22:39:45 -05:00
forzoni 5f044ffda0 s/print_warning/print_error. 2016-06-28 10:26:23 -05:00
forzoni 0635fee820 Move some log lines to vprint_status. 2016-06-28 03:28:41 -05:00
forzoni 6c11692b04 Add privilege escalation for host users that can access the docker daemon. 2016-06-28 03:24:41 -05:00
h00die 1c20122648 fedora compatibility, added naming options 2016-06-25 08:43:55 -04:00
h00die 18a3bf5f62 service persistence 2016-06-22 19:22:18 -04:00
h00die 0f2c1d886c append over read and write 2016-06-21 16:56:34 -04:00
h00die c7bacebd5b slight issues found by void-in 2016-06-21 05:12:10 -04:00
h00die 4b8f572976 cron persistence 2016-06-20 21:45:04 -04:00
Christian Mehlmauer 3123175ac7
use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook 44990e9721 Revert "change Metasploit4 class names" 
This reverts commit 3da9535e22.
 2016-03-07 13:19:48 -06:00
Christian Mehlmauer 3da9535e22
change Metasploit4 class names 2016-03-07 09:57:22 +01:00
wchen-r7 11c1eb6c78 Raise Msf::NoCompatiblePayloadError if generate_payload_exe fails 
Most exploits don't check nil for generate_payload_exe, they just
assume they will always have a payload. If the method returns nil,
it ends up making debugging more difficult. Instead of checking nil
one by one, we just raise.
 2015-12-08 21:13:23 -06:00
wchen-r7 154fb585f4 Remove bad references (dead links) 
These links are no longer available. They are dead links.
 2015-10-27 12:41:32 -05:00
jvazquez-r7 3f40342ac5
Fix sock_sendpage 2015-04-21 14:17:19 -05:00
jvazquez-r7 ab94f15a60
Take care of modules using the 'DEBUG' option 2015-04-21 12:13:40 -05:00
jvazquez-r7 4224008709
Delete print_debug/vprint_debug 2015-04-21 11:14:03 -05:00
Tod Beardsley bae19405a7
Various grammar, spelling, word choice fixes 2015-01-26 11:00:07 -06:00
Tod Beardsley 264d3f9faa
Minor grammar fixes on modules 2014-12-31 11:45:14 -06:00
jvazquez-r7 121c0406e9 Beautify restart_command creation 2014-12-24 15:52:15 -06:00
jvazquez-r7 43ec8871bc Do minor c code cleanup 2014-12-24 15:45:38 -06:00
jvazquez-r7 92113a61ce Check payload 2014-12-24 15:43:49 -06:00
jvazquez-r7 36ac0e6279 Clean get_restart_commands 2014-12-24 14:55:18 -06:00
jvazquez-r7 92b3505119 Clean exploit method 2014-12-24 14:49:19 -06:00
jvazquez-r7 9c4d892f5e Use single quotes when possible 2014-12-24 14:37:39 -06:00
jvazquez-r7 bbbb917728 Do style cleaning on metadata 2014-12-24 14:35:35 -06:00
jvazquez-r7 af24e03879 Update from upstream 2014-12-24 14:25:25 -06:00
Christian Mehlmauer 544f75e7be
fix invalid URI scheme, closes #4362 2014-12-11 23:34:10 +01:00
Rasta Mouse 985838e999 Suggestions from OJ 2014-11-27 21:38:50 +00:00
Rasta Mouse 25ecf73d7d Add configurable directory, rather than relying on the session working 
directory.
 2014-11-27 17:12:37 +00:00
OJ 75e5553cd4 Change to in exploit 2014-11-26 16:53:30 +10:00
Luke Imhoff 216360d664
Add missing require 
MSP-11145
 2014-10-27 15:19:59 -05:00
William Vu d5b698bf2d
Land #3944, pkexec exploit 2014-10-17 16:30:55 -05:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI 
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
 2014-10-17 11:47:33 -05:00
0a2940 e689a0626d Use Rex.sleep :-) 
"Right is right even if no one is doing it; wrong is wrong even if everyone is doing it"

user@x:/opt/metasploit$ grep -nr "select(nil, nil, nil" . | wc -l
189
user@x:/opt/metasploit$ grep -nr "Rex.sleep" . | wc -l
25
 2014-10-10 10:05:46 +01:00
0a2940 f2b9aeed74 typo 2014-10-03 11:02:56 +01:00
0a2940 f60f6d9c92 add exploit for CVE-2011-1485 2014-10-03 10:54:43 +01:00
Jakob Lell 3e57ac838c Converted LD_PRELOAD library from precompiled binary to metasm code. 2014-09-04 21:49:55 +02:00
Jakob Lell 052327b9c6 Removed redundant string "linux_" from exploit name 2014-08-27 23:33:15 +02:00
Jakob Lell b967336b3b Small bugfix (incorrect filename in data directory) 2014-08-25 00:39:00 +02:00
Jakob Lell fc6f50058b Add desktop_linux_privilege_escalation module 2014-08-25 00:05:20 +02:00
James Lee 68205fa43c
Actually use the argument 2014-03-04 11:30:42 -06:00
sinn3r cdc425e4eb Update some checks 2014-01-24 12:08:23 -06:00
sinn3r 646f7835a3 Saving progress 2014-01-21 17:14:55 -06:00
James Lee 9e30c58495 Blow away remnants of Local::Unix 2013-11-05 13:51:45 -06:00
James Lee 36f96d343e Revert "Revert "Land #2505" to resolve new rspec fails" 
This reverts commit e7d3206dc9.
 2013-11-05 13:45:00 -06:00
Tod Beardsley e7d3206dc9
Revert "Land #2505" to resolve new rspec fails 
This reverts commit 717dfefead, reversing
changes made to 6430fa3354.
 2013-10-21 12:47:57 -05:00
William Vu 717dfefead
Land #2505, missing source fix for sock_sendpage 2013-10-21 11:47:55 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat 
[SeeRM #8496]
 2013-10-15 13:51:57 -05:00
James Lee dfe74ce36c Factorize sock_sendpage 2013-10-11 13:40:01 -05:00
James Lee b9b2c82023 Add some entropy 
* Random filename
* Stop shipping debug strings to the exploit executable

Also makes the writable path configurable, so we don't always have to
use /tmp in case it is mounted noexec, etc.
 2013-10-10 18:18:01 -05:00
James Lee 947925e3a3 Use a proper main signature with arguments 
Allows us to `unlink(argv[0])`
 2013-10-09 17:22:01 -05:00
James Lee c251596f0b Fix some bugs in preparation for factorizing 
* Stop removing \x0a characters with String#scan, which of course breaks
  the shellcode
* Fork so the original session continues to work
 2013-10-09 16:03:40 -05:00