infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
36,888 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

36888 Commits (1f58ad15ace7ebff4d03a786cfc2f8c1c8a7085e)

Author SHA1 Message Date
Chris Doughty 29ea553e03 Adding a json formatting option to the info command 2015-12-29 13:57:35 -06:00
Kyle Gray 47f9880690
Land #6395, grammar fixes for recovery_files.rb 
Improves grammar and details within the description of /post/windows/gather/forensics/recovery_files.rb
 2015-12-28 15:57:41 -06:00
William Vu cf0e982e83
Land #6386, VNC creds module fix 2015-12-28 02:32:26 -06:00
William Vu 6b9c74eec7 Prefer gsub and nix the return 2015-12-28 02:31:47 -06:00
Josh 0de69a9d40 Add post Windows privilege based migrate 2015-12-27 19:26:21 -06:00
Brent Cook e23b5c5435
Land #6179, add NTP initial crypto nak spoofing module 2015-12-24 15:46:18 -06:00
Brent Cook eec6a6f905
Land #6304, simplify Meterpreter livelness checks 2015-12-24 15:42:17 -06:00
Brent Cook 04f755dd51
Land #6367, MS15-134 Microsoft Windows Media Center MCL Information Disclosure 2015-12-24 15:24:42 -06:00
wchen-r7 10c10f2f79
Land #6397, Use bind_addresses rather than bind_address 2015-12-24 12:45:01 -06:00
wchen-r7 d41c77641f
Land #6396, Fix PACKETSTORM warnings 2015-12-24 12:38:21 -06:00
Jon Hart beb2fa9f92
Use bind_addresses rather than bind_address; fixes #6394 2015-12-24 09:20:21 -08:00
Jon Hart 283cf5b869
Update msftidy to catch more potential URL vs PACKETSTORM warnings 
Fix the affected modules
 2015-12-24 09:12:24 -08:00
Jon Hart 27a6aa0be1
Fix current msftidy warnings about PACKETSTORM vs URL 2015-12-24 09:05:02 -08:00
Jon Hart efdb6a8885
Land #6392, @wchen-r7's 'def peer' cleanup, fixing #6362 2015-12-24 08:53:32 -08:00
sinn3r 3c2e2c65e2 Merge pull request #37 from jhart-r7/pr/fixup-6392 
Remove more peers
 2015-12-24 10:39:18 -06:00
wchen-r7 e191bf8ac3 Update description, and fix a typo 2015-12-24 10:35:05 -06:00
Brent Cook 43fb27d234
Land #6111, geo and cell collection with Android Meterpreter 
This also includes meterpreter python extension fixes.
 2015-12-24 10:16:40 -06:00
Brent Cook 5bd1c11d74 update to metasploit-payloads 1.0.21 2015-12-24 10:14:46 -06:00
Brent Cook 9c410e02e3 Merge branch 'master' into land-6111-android 2015-12-24 10:13:25 -06:00
Jon Hart f8943f4821
Remove peer; defined in lib/msf/core/post/common.rb 2015-12-24 07:57:16 -08:00
Jon Hart 3535cf3d18
Remove peer; included via HttpClient in lib/msf/core/exploit/mssql_sqli.rb 2015-12-24 07:51:12 -08:00
Jon Hart 0f2f2a3d08
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/mysql.rb 2015-12-24 07:46:55 -08:00
Jon Hart cb752a4bcf
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/mysql.rb 2015-12-24 07:46:23 -08:00
Jon Hart c55f61d2d7
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/smtp.rb 2015-12-24 07:44:36 -08:00
karllll 431c6001a8 Fix recovery_files.rb Description grammar errors 2015-12-24 10:10:39 -05:00
Brent Cook 17ad41070b
Land #6380, allow linux x86 meterpreter in the pref list 2015-12-23 16:10:26 -06:00
Brent Cook e4f9594646
Land #6331, ensure generic payloads raise correct exceptions on failure 2015-12-23 15:43:12 -06:00
Brent Cook 7444f24721 update whitespace / syntax for java_calendar_deserialize 2015-12-23 15:42:27 -06:00
Jon Hart e3eafff7c9
Land #6237, @jww519's aux module for Android CVE-2012-6301 2015-12-23 13:27:09 -08:00
Brent Cook 6eda702b25
Land #6292, add reverse_tcp command shell for Z/OS (MVS) 2015-12-23 14:11:37 -06:00
jww519 6a52807673 Merge pull request #2 from jhart-r7/pr/fixup-6237 
Address style/usability concerns in Android CVE-2012-6301 module
 2015-12-23 14:42:09 -05:00
wchen-r7 cea3bc27b9 Fix #6362, avoid overriding def peer repeatedly 
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
 2015-12-23 11:44:55 -06:00
Brent Cook 5a19caf10a remove temp file 2015-12-23 11:42:09 -06:00
wchen-r7 e8c0e334a2
Land #6391, remove duplicate key warning from Ruby 2.2.x 2015-12-23 11:10:50 -06:00
Brent Cook 493700be3a remove duplicate key warning from Ruby 2.2.x 
This gets rid of the warning:

modules/exploits/multi/http/uptime_file_upload_2.rb:283: warning: duplicated key at line 284 ignored: "newuser"
 2015-12-23 10:39:35 -06:00
wchen-r7 a16a10aaf6 Fix #6371, being able to report an exception in #job_run_proc 
Fix #6371

When a browser fails to bind (probably due to an invalid port or
server IP), the module actually fails to report this exception from
exception, the method calls exploit.handle_exception(e). But since
handle_exception is not a valid method for that object, it is unable
to do so, and as a result the module fails to properly terminate
the module, or show any error on the console. For the user, this will
make it look like the module has started, the payload listener is up,
but there is no exploit job.

Rex::BindFailed actually isn't the only error that could be raised
by #job_run_proc. As far as I can tell registering the same resource
again could, too. With this patch, the user should be able to see this
error too.

Since the exploit object does not have access to the methods in
Msf::Simple::Exploit, plus there is no other code using
handle_exception and setup_fail_detail_from_exception, I decided
to move these to lib/msf/core/exploit.rb so they are actually
callable.
 2015-12-22 16:35:29 -06:00
Christian Mehlmauer 424e7b6bfe
Land #6384, more joomla rce references 2015-12-22 22:54:58 +01:00
Brent Cook 84675e352b
Land #6249, check for nil when using read_exactly_n_bytes 2015-12-22 15:48:39 -06:00
JT 18398afb56 Update joomla_http_header_rce.rb 2015-12-23 05:48:26 +08:00
Brent Cook 3f4c6eb370
Land #5383, allow tunneling reverse_tcp meterpreter sessions without 'route add' 2015-12-22 15:42:42 -06:00
JT cc40c61848 Update joomla_http_header_rce.rb 2015-12-23 05:38:57 +08:00
wchen-r7 21b628aa02
Land #6387, update exploits/multi/http/joomla_http_header_rce 
Use the new Joomla mixin
 2015-12-22 15:01:55 -06:00
Brent Cook 4848c70b76
Land #6357, allow tunneling reverse_tcp meterpreter sessions without 'route add' 
Also removes the limit of 127.0.0.1 as a host address.
 2015-12-22 14:55:53 -06:00
Brent Cook 9bbf2af86c update to metasploit_data_models 1.2.10 (remove 127.0.0.1 filter) 2015-12-22 14:53:21 -06:00
wchen-r7 9063ee44f4
Land #6381, Fix post/multi/manage/shell_to_meterprete uname 2015-12-22 14:44:28 -06:00
Christian Mehlmauer f6eaff5d96
use the new and shiny joomla mixin 2015-12-22 21:36:42 +01:00
Christian Mehlmauer 57b850c7af
Land #6373, joomla mixin 2015-12-22 21:10:46 +01:00
g0tmi1k 2f71730484 Gather VNC null byte fix + formatting 2015-12-22 17:30:37 +00:00
wchen-r7 951a76f99f
Land #6283, fix typo in nessus plugin 2015-12-22 10:02:35 -06:00
JT 314e902098 Add original exploit discoverer and exploit-db ref 
Adding Gary @ Sec-1 ltd for the original exploit and two exploit-db references. Marc-Alexandre Montpas modified Gary's exploit that uses "User-Agent" header. Marc-Alexandre Montpas used "X-FORWARDED-FOR" header to avoid default logged to access.log
 2015-12-22 22:44:59 +08:00