infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
43,455 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

22625 Commits (3c1abe6437228c6116f56da3d94b489ecca16749)

Author SHA1 Message Date
Tim 86ee77ffb0 add aarch64 nops and fix aarch64 cmdstager 2017-08-31 18:48:58 +08:00
Adam Cammack 195c1e041f Update payload specs and sizes 
Adds the new Aarch64 and R payloads

fix merge
 2017-08-31 18:48:56 +08:00
Tim 7b71f60ea1 fix the stack 2017-08-31 18:35:18 +08:00
Tim 26f4fa3b09 setup stack 2017-08-31 18:35:17 +08:00
Tim a2396991f0 stager not setting up stack 2017-08-31 18:35:17 +08:00
Tim 6dbe00158f fix stager 2017-08-31 18:35:17 +08:00
Brent Cook 202c936868
Land #8826, git submodule remote command execution 2017-08-29 18:11:32 -05:00
Brent Cook 46eeb1bee0 update style 2017-08-29 17:44:39 -05:00
Pearce Barry d5124fdc94
Land #8759, Add TeamTalk Gather Credentials auxiliary module 2017-08-29 13:17:28 -05:00
Tim 39299c0fb8 randomize submodule path 2017-08-29 16:54:08 +08:00
Brendan Coles c9e32fbb18 Remove last_attempted_at 2017-08-29 05:05:04 +00:00
Brent Cook 1e8edb377f
Land #8873, cleanup enable_rdp, add error handling 2017-08-28 05:50:42 -05:00
Brent Cook 582b2e238e update mettle payload to 0.2.2, add background and single-thread http comms 2017-08-28 05:31:44 -05:00
Brent Cook 15ec40f5c6 update R cached sizes 2017-08-28 05:31:42 -05:00
William Vu 924c3de9f3
Land #7382, BIND TSIG DoS 2017-08-26 10:42:35 -05:00
William Vu f9a2c3406f Clean up module 2017-08-26 10:41:10 -05:00
n00py 8f17d536a7 Update phpmailer_arg_injection.rb 
Removed second parameter as it was not necessary.  Only changed needed was to change "send_request_cgi" to "send_request_cgi!"
 2017-08-24 00:29:28 -06:00
n00py c49b72a470 Follow 301 re-direct 
I found that in some cases, the trigger URL cannot be accessed directly.  For example, if the uploaded file was example.php, browsing to "example.php" would hit a 301 re-direct to "/example".  It isn't until hitting "/example" that the php is executed.  This small change will just allow the trigger to follow one 301 redirect.
 2017-08-23 18:53:54 -06:00
Brent Cook 821121d40b
Land #8871, improve compatibility and speed of JDWP exploit 2017-08-23 18:53:47 -05:00
Jeffrey Martin cba4d36df2
provide missing bits for R platform 2017-08-23 16:58:48 -05:00
William Vu 4c285c0129
Land #8827, QNAP Transcode Server RCE 2017-08-22 23:07:01 -05:00
Brent Cook 128949217e more osx 2017-08-22 16:48:09 -05:00
Brent Cook bb120962aa more osx support 2017-08-22 14:01:48 -05:00
Brent Cook 7263c7a66e add 64-bit, osx support 2017-08-22 13:51:28 -05:00
Brent Cook 33f2ebc2aa code cleanup 2017-08-21 22:46:30 -05:00
Brent Cook 58e332cc7c only fail if the group sids fail to resolve and we actually have to add a user 2017-08-21 22:36:40 -05:00
Louis Sato e01caac9ed
removing slice operators from jdwp_debugger 2017-08-21 16:36:54 -05:00
Brent Cook 031f48725f
add missing quotes 2017-08-21 16:16:03 -05:00
Brent Cook edbe8d73c2
Revert "Revert passive stance for multi/handler" 
This reverts commit 66a4ea4f0b.
 2017-08-21 16:14:23 -05:00
Brent Cook c14daf3fcc
Land #8857, Reverse and bind shells in R 2017-08-21 15:49:24 -05:00
Brent Cook 605330faf6
Land #8842, add linux/aarch64/shell_reverse_tcp 2017-08-21 15:44:28 -05:00
Brent Cook 430251b8f6
fix compatibility with php meterpreter 2017-08-21 15:37:31 -05:00
RageLtMan 2873a899db Address msftidy complaint 2017-08-21 03:39:03 -04:00
Tim d6d6c67f33 add stage_shell.s and cleanup 2017-08-21 14:42:30 +08:00
Tim e1a7494724 linux payloads should default to /bin/sh 2017-08-21 12:25:27 +08:00
Tim 9768a89bcd aarch64 staged shell 2017-08-21 11:14:42 +08:00
RageLtMan 7ab097a784 Unix cmd versions of R payloads 
Use R to connect back from a unix shell.

Notes:
  We need to DRY this up - tons of copy pasta here, when we should
  really be instantiating the language specific payloads and just
  wrapping them with CLI execution strings.

Testing:
  None, yet, just did the quick port to wrap this and push to CI
  now that rex-arch #4 is in.
 2017-08-20 21:25:57 -04:00
Brent Cook f961495860
Land #8625, Remove OpenSSL from Windows Meterp, packet header changes, and TLV packet encryption 2017-08-20 19:13:51 -05:00
Brent Cook b864083cbd
update payload sizes 2017-08-20 19:03:53 -05:00
Brent Cook eabe4001c2
Land #8492, Add IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution module 2017-08-20 18:48:22 -05:00
Brent Cook cbd7790e95
Land #8751, Add Asterisk Gather Credentials auxiliary module 2017-08-20 18:34:27 -05:00
Brent Cook 07ee33578d
Land 8804, tidy up mdaemon credential extraction module 2017-08-20 18:26:56 -05:00
Brent Cook 85df247c84 DRY up module, fix remaining style violations 2017-08-20 18:24:41 -05:00
Brent Cook 367c760927
window move is now directly in the template 2017-08-20 17:48:59 -05:00
Brent Cook e734a7923a
Land #8267, Handle multiple entries in PSModulePath 2017-08-20 17:44:30 -05:00
Brent Cook 1225555125
remove unnecessary require 2017-08-20 17:37:42 -05:00
Brent Cook 840c0d5f56
Land #7808, add exploit for VMware VDP with known ssh private key (CVE-2016-7456) 2017-08-20 17:36:45 -05:00
Brent Cook 88f39d924b
Land #8816, added Jenkins v2 cookie support 2017-08-20 14:58:38 -05:00
Brent Cook f7dc831e9a
Land #8799, Add module to detect Docker, LXC, and systemd-nspawn containers 2017-08-20 14:45:57 -05:00
Brent Cook aa797588e8
Land #8847, Look for sp_execute_external_script in mssql_enum 2017-08-20 14:32:35 -05:00