infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
31,921 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

16650 Commits (2c5c94288d8e5fd3b280a6ce9b4189b7218d2f95)

Author SHA1 Message Date
Meatballs 1b565b0290 Check revision 2015-03-17 09:17:07 +00:00
Meatballs 7216f2a971 Initial commit 2015-03-17 09:17:07 +00:00
Brent Cook abb8a32e68 update spec for dynamic meterpreter payloads 2015-03-16 18:08:13 -05:00
Felix Wehnert 2a525958bd fixed typo 
Does no one tested this script on x64 yet ?
 2015-03-16 20:15:26 +01:00
HD Moore 2ea984423b while(true)->loop, use thread.join 2015-03-16 14:08:01 -05:00
William Vu ac0e23d783
Land #4932, hardcoded username fix 
For mssql_escalate_execute_as_sqli.
 2015-03-16 01:46:13 -05:00
HD Moore 7e89281485 Adds proxy (with authentication) support to reverse_http(s) 2015-03-16 00:03:31 -05:00
Scott Sutherland 00dbcc12ca Removed imp_user var from escalate_privs func 2015-03-15 22:02:12 -07:00
nullbind 5bebabb005 fixed hardcoded username 2015-03-15 19:45:02 -05:00
Sven Vetsch 4d3a1a2f71 fix all duplicated keys in modules 2015-03-14 13:10:42 +01:00
jvazquez-r7 bb81107e51 Land #4927, @wchen-r7's exploit for Flash PCRE CVE-2015-0318 2015-03-13 23:58:05 -05:00
sinn3r 3bfdfbc987 Small changes 2015-03-13 18:55:11 -05:00
jvazquez-r7 1ead57a80d
Land #4928, @h0ng10's local exploit for iPass Mobile Client 2015-03-13 16:58:45 -05:00
jvazquez-r7 9894a3dc54 Change module filename 2015-03-13 16:53:17 -05:00
jvazquez-r7 b4de3ce42b Do minor cleanup 2015-03-13 16:52:26 -05:00
Hans-Martin Münch (h0ng10) b0e730d5ae Typo 2015-03-13 20:41:14 +01:00
Hans-Martin Münch (h0ng10) 726f01b8cc Initial version 2015-03-13 20:33:45 +01:00
sinn3r 182850df30 Stick to Win 7 2015-03-13 12:41:05 -05:00
sinn3r 2b199315d4 Final 2015-03-13 12:30:41 -05:00
Brent Cook b68e05e536
Land #4914, @hmoore-r7 and @BorjaMerino winhttp stagers 2015-03-13 08:24:11 -05:00
OJ 35cfdf051a Add support for meterpreter_reverse_ipv6_tcp 
New payload added, makes use of existing functionality.
 2015-03-13 20:15:31 +10:00
William Vu a32cd2ae9e
Land #4877, CVE-2015-0240 (Samba) aux module 2015-03-13 00:03:53 -05:00
scriptjunkie 6011e8b3e1
Land #4918, Rework how payload prepends work 2015-03-12 18:56:04 -05:00
jvazquez-r7 75b2ef81dc
Land #4890, @julianvilas's improvements struts_code_exec_classloader 2015-03-12 17:25:00 -05:00
jvazquez-r7 b6146b1499 Use print_warning 2015-03-12 17:22:03 -05:00
jvazquez-r7 e035e6ce51
Land #4899, @h0ng10's exploit for iPass Open Mobile CVE-2015-0925 2015-03-12 16:42:52 -05:00
jvazquez-r7 7b7ebc20d7 Fix indentation 2015-03-12 16:41:41 -05:00
jvazquez-r7 da47d368e8 Do minor style cleaning 2015-03-12 16:35:48 -05:00
jvazquez-r7 a77078b555
Add X86 target 2015-03-12 16:34:44 -05:00
jvazquez-r7 1b20bc9dca
Land #4919, @wchen-r7's new reference for ie_uxss_injection 2015-03-12 15:30:37 -05:00
HD Moore b43893ad71
Lands #4903, corrects the return value used for the script path 2015-03-12 14:05:22 -05:00
sinn3r 220a26c5a4
Land #4907, CVE-2015-1427, elasticsearch groovy code injection 2015-03-12 11:28:24 -05:00
sinn3r ac24652196
Land #4911, CVE-2015-0096 (ms15_020_shortcut_icon_dllloader) 2015-03-12 10:51:56 -05:00
sinn3r 67d05f9354 Add the PR as a reference (how to guide) 2015-03-12 10:51:01 -05:00
sinn3r 0d36115112 Update MS15-018 MSB reference 2015-03-12 10:13:37 -05:00
HD Moore 744b1a680e Reworks how payload prepends work internally, see #1674 2015-03-12 02:30:06 -05:00
HD Moore f676dc03c8
Lands #4849, prevents the target from running out of memory during NTFS reads 2015-03-12 00:01:47 -05:00
jvazquez-r7 68d69177ad Add smb module for MS15-020 2015-03-11 23:46:50 -05:00
HD Moore 24440b8c38
Lands #4913, adds OSVDB reference to nvidia module 2015-03-11 23:32:22 -05:00
jvazquez-r7 a9fa2d25aa Add SMB module for MS10-046 2015-03-11 23:23:56 -05:00
OJ 345b5cc8e1 Add stageless meterpreter support 
This commit adds plumbing which allows for the creation of stageless
meterpreter payloads that include extensions. The included transprots at
this point are bind_tcp, reverse_tcp and reverse_https, all x86.

More coming for x64. Will also validate http soon.
 2015-03-12 13:22:04 +10:00
HD Moore c3f2536ef6 Make the stager clear in the payload descriptions 2015-03-11 21:30:02 -05:00
HD Moore b105a88b95 Fix https convention 2015-03-11 21:26:31 -05:00
HD Moore 8bae58d631 Updated cache sizes 2015-03-11 21:25:12 -05:00
Tod Beardsley 99494328d2
Update Nvidia module with an OSVDB ref 
The paper is really good, but could use a more traditional reference.

[See #4884]
 2015-03-11 19:51:22 -05:00
jvazquez-r7 0e4e264325 Redo description 2015-03-11 18:19:28 -05:00
jvazquez-r7 4e6aca0209 refactor create_exploit_file 2015-03-11 18:13:09 -05:00
jvazquez-r7 5662e5c5a6 Add module for MS15-020 2015-03-11 17:29:02 -05:00
HD Moore 1135e5e073 First take on WinHTTP stagers, untested 2015-03-11 16:27:14 -05:00
HD Moore 7e3b4017f0 Rename and resynced with master, ready for refactoring 2015-03-11 14:36:27 -05:00
HD Moore ea1bc69e2e Merge branch 'master' into feature/add-reverse_winhttp-stagers 2015-03-11 14:29:34 -05:00
sinn3r 215c209f88
Land #4901, CVE-2014-0311, Flash ByteArray Uncompress UAF 2015-03-11 14:04:17 -05:00
sinn3r 43b90610b1 Temp 2015-03-11 13:53:34 -05:00
Brent Cook ceeee4446f
Land #4904, @hmoore-r7 reworks reverse_http/s stagers 
They are now assembled dynamically and support more flexible options,
such as long URLs.
 2015-03-11 10:41:59 -05:00
sinn3r 2a9d6e64e2 Starting point for CVE-2015-0318 2015-03-11 09:58:41 -05:00
HD Moore ad39adf9c2 Missing comma 2015-03-11 00:49:07 -05:00
HD Moore a89926b663 Exclude vncinject from http stagers (depends on sockedi) 2015-03-11 00:46:04 -05:00
jvazquez-r7 8a452a7cba Do somce cleanup 2015-03-10 17:10:44 -05:00
Brent Cook 9ade107325 disable reverse_http methods from upexec and shell payloads 
These don't work over http and don't appear to have ever, as far back as
I could test. They appear to be an accident perhaps.
 2015-03-10 17:08:58 -05:00
jvazquez-r7 4a84693fb0 Support windows 2015-03-10 16:58:33 -05:00
jvazquez-r7 c26bea3429 Fix credits 2015-03-10 16:27:07 -05:00
jvazquez-r7 980c83cb70 Fix metadata 2015-03-10 16:25:02 -05:00
jvazquez-r7 9e17874389 Exploit CVE-2015-1427 2015-03-10 16:17:51 -05:00
HD Moore db351317a5 Merge with PR branch 2015-03-10 14:08:35 -05:00
HD Moore 0f763c2cb3 First step to reworking the winhttp stagers 2015-03-10 14:07:25 -05:00
Borja Merino 991e72a4fa HTTP stager based on WinHttp 2015-03-10 13:40:16 -05:00
HD Moore 966848127a Refactor x86 Windows reverse_http and reverse_https stagers 2015-03-10 12:48:30 -05:00
jvazquez-r7 f8f178b1db Fix script_mvel_rce check 2015-03-10 09:39:02 -05:00
jvazquez-r7 9dc99e4207 Update check 2015-03-10 09:26:22 -05:00
Sigurd Jervelund Hansen c6cb1e840d Fixes persistence module by revering changes to the value returned by the write_script_to_target function, which screws up the path that is used for startup. Currently an escaped path "C://Users//..." is being used instead of using windows standards "C:\Users\...". 2015-03-10 10:26:03 +01:00
Brent Cook 97f09b6ab0
Land #4894: hmoore-r7 cache payload sizes on start 
Avoid the hit of regenerating all of the static-size payloads when
loading the framework. This will facilitate conversion of payloads to
use metasm later.
 2015-03-09 23:06:55 -05:00
jvazquez-r7 fc4b312879 Add template 2015-03-09 23:04:32 -05:00
Julian Vilas fe822f8d33 Modify automatic file cleanup 2015-03-10 00:45:20 +01:00
Julian Vilas 0ef303cb6c Fix Java payload 2015-03-10 00:01:27 +01:00
HD Moore 618fbf075a Update CachedSize for the fixed stager 2015-03-09 16:57:14 -05:00
HD Moore 746f18d9bb Fallback to a localhost variant to make the length predictable 2015-03-09 16:56:25 -05:00
jvazquez-r7 78167c3bb8 Use single quotes when possible 2015-03-09 16:55:21 -05:00
HD Moore 6543c3c36f Update CachedSize for the fixed stager 2015-03-09 16:54:57 -05:00
HD Moore c676ac1499 Fallback to a localhost variant to make the length predictable 2015-03-09 16:53:28 -05:00
jvazquez-r7 cb72b26874 Add module for CVE-2014-0311 2015-03-09 16:52:23 -05:00
HD Moore d0324e8ad3 Final cleanup, passing specs 2015-03-09 15:50:57 -05:00
HD Moore da81f6b2a0 Correct the :dynamic cache sizes 2015-03-09 15:44:14 -05:00
HD Moore 02509d02e4 The result of running ./tools/update_payload_cached_sizes.rb 2015-03-09 15:31:04 -05:00
Hans-Martin Münch (h0ng10) bba4223d68 Initial commit 2015-03-09 16:36:11 +01:00
Tod Beardsley df80d56fda
Land #4898, prefer URI to open-uri 2015-03-09 09:14:10 -05:00
William Vu 3075c56064 Fix "response HTML" message 
In modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb.
 2015-03-07 17:08:08 -06:00
Julian Vilas 2eb0011a99 Autotrigger JSP shell at docBase 2015-03-07 20:41:08 +01:00
Julian Vilas 3be2bde5a2 Use bypass for bulletin S2-020 2015-03-07 19:14:20 +01:00
joev d7295959ca Remove open-uri usage in msf. 2015-03-05 23:45:28 -06:00
jvazquez-r7 2134cc3d22
Modify description 2015-03-05 16:55:24 -06:00
jvazquez-r7 7b4776ee79 Deregister FOLDER_NAME 2015-03-05 16:42:07 -06:00
jvazquez-r7 1bc81ea723
Merge #4884 into updated master 2015-03-05 16:41:15 -06:00
Meatballs 33f089b1a5
Tidyup 2015-03-05 21:50:12 +00:00
jvazquez-r7 9f3f8bb727
Merging #3323 work 2015-03-05 15:44:15 -06:00
jvazquez-r7 c388fd49c2 Fix print message 2015-03-05 15:43:54 -06:00
jvazquez-r7 dd2559b748 Favor new target over new module 2015-03-05 15:41:53 -06:00
jvazquez-r7 e1a4b046a0 Add support for tomcat 7 to struts_code_exec_classloader 2015-03-05 15:40:24 -06:00
Meatballs c56679f33e
Modify for new SMB mixin 2015-03-05 21:26:13 +00:00
Tod Beardsley e429d4c04f Add reference and description for PTH on Postgres 
Dave and William did most of the work already over on PR #4871, this
just points it out in the module.
 2015-03-05 14:36:56 -06:00
sinn3r 16c86227e2 Change to OptBool and default to explicit 2015-03-05 13:07:03 -06:00