Commit Graph

1328 Commits (3fb4c2d27c49113b63427afa7010c8c485499682)

Author SHA1 Message Date
Spencer McIntyre 3fb4c2d27c Add Windows registry manipulation support. 2013-08-09 08:39:05 -04:00
Spencer McIntyre f3f4290783 Add process enumeration for windows. 2013-08-06 22:33:43 -04:00
Spencer McIntyre 2d69174c5b Initial commit of the python meterpreter. 2013-08-05 23:38:49 -04:00
jvazquez-r7 2ceb404f7d Land #2047, @hmoore-r7 ipmi related work 2013-07-02 11:13:25 -05:00
HD Moore 1e21f0e2aa Updated output formats, top 1000 passwords 2013-06-29 22:01:25 -05:00
jvazquez-r7 a4d353fcb3 Clean a little more the VS project 2013-06-29 15:15:27 -05:00
jvazquez-r7 6878534d4b Clean Visual Studio Project 2013-06-29 09:20:40 -05:00
jvazquez-r7 7725937461 Add Module for cve-2013-3660 2013-06-28 18:18:21 -05:00
HD Moore f0db04c2a6 Updates to common password db 2013-06-28 10:47:14 -05:00
jvazquez-r7 3c1af8217b Land #2011, @matthiaskaiser's exploit for cve-2013-2460 2013-06-26 14:35:22 -05:00
jvazquez-r7 d25e1ba44e Make fixes proposed by review and clean 2013-06-25 12:58:00 -05:00
jvazquez-r7 b32513b1b8 Fix CVE-2013-2171 with @jlee-r7 feedback 2013-06-25 10:40:55 -05:00
sinn3r 6780566a54 Add CVE-2013-2171: FreeBSD 9 Address Space Manipulation Module 2013-06-24 11:50:21 -05:00
Matthias Kaiser 8a96b7f9f2 added Java7u21 RCE module
Click2Play bypass doesn't seem to work anymore.
2013-06-24 02:04:38 -04:00
HD Moore 722d33e8fa Updated common password list 2013-06-23 13:15:31 -05:00
HD Moore d9737ec03a Updated common passwords 2013-06-23 01:52:18 -05:00
HD Moore c869112407 Cleanup, reporting, and automatic cracking 2013-06-23 01:35:31 -05:00
HD Moore 5656e0cb7a Initial commit of IPMI library, scanner, & cracker 2013-06-22 23:38:28 -05:00
sinn3r 19a6f310cd Land #1927 - Add common passwords from xato.net 2013-06-07 15:24:09 -05:00
Tod Beardsley dc680e7106 Underscores because the rest are. 2013-06-07 15:16:39 -05:00
Tod Beardsley 0265dd8860 Add common passwords from xato.net
Mark Burnett publishes lists of top passwords occasionally. This PR adds
the top 500 and top 1024 passwords, as of 2011-06-20, linked from this
blog post:

http://xato.net/passwords/more-top-worst-passwords/

He also does a fair bit of frequency analysis there.

The 1024 list, should probably used instead of the original
unix_password.txt file. unix_password.txt  was added on 2010 from an
unknown source (and since edited occasionally to add known good default
passwords). Pulling those changes into this list probably would be
helpful to guess better.

As far as I can tell, there are no special licensing terms for these
lists.
2013-06-07 15:10:14 -05:00
jvazquez-r7 7090d4609b Add module for CVE-2013-1488 2013-06-07 13:38:41 -05:00
James Lee 9843dc4cb4 Land #1708, android meterpreter
Conflicts:
	data/meterpreter/ext_server_stdapi.jar
2013-05-28 12:19:45 -05:00
sinn3r 81ad280107 Landing #1856 - CVE-2013-0758 Firefox <= 17.0.1 + Flash RCE
Chained exploit using CVE-2013-0758 and CVE-2013-0757
2013-05-23 12:21:10 -05:00
Joe Vennix 4d5c4f68cb Initial commit, works on three OSes, but automatic mode fails. 2013-05-15 23:32:02 -05:00
James Lee d53d6370b3 Land #1747, mimikatz meterpreter extension
[Closes #1747]

See rapid7/meterpreter#9
2013-04-29 14:45:07 -05:00
James Lee 99f5376606 Binaries for #1747
See rapid7/meterpeter#9
2013-04-29 14:44:18 -05:00
sinn3r 1d9a695d2b Landing #1772 - Adds phpMyadmin Preg_Replace module (CVE-2013-3238)
[Closes #1772]
2013-04-28 12:17:16 -05:00
James Lee 5900a7c03f Whitespace 2013-04-26 15:24:02 -05:00
James Lee 01d790eb54 Land #1748, fix for java meterp network prefixes
[Closes #1748]
2013-04-24 12:27:28 -05:00
James Lee a7effaf9c6 Add bins for #1748 2013-04-24 12:27:05 -05:00
Tod Beardsley 80fb7b85ef Drop msfgui.jar, too. 2013-04-22 16:03:38 -05:00
Tod Beardsley 1112daaff2 Remove msfgui and armitage
This removes the Armitage and MSFGui components from the Metasploit
distribution. You can track the latest stable releases of these
alternate GUIs here:

MSFGui: http://www.scriptjunkie.us/msfgui/
Armitage: http://www.fastandeasyhacking.com/download
2013-04-22 15:26:44 -05:00
jvazquez-r7 19f2e72dbb Added module for Java 7u17 sandboxy bypass 2013-04-20 01:43:13 -05:00
timwr 32bd812bdb android meterpreter 2013-04-12 18:57:04 +01:00
James Lee 15e2ceb749 Land #1660, dlink backdoor wordlist
[Closes #1660][See #1648]
2013-04-11 23:04:02 -05:00
James Lee 8376531a32 Land #1217, java payload build system refactor
[Closes #1217]
2013-04-11 13:10:03 -05:00
James Lee 1d09d7e6e9 Java payload bins
Compiled with the shiny new maven system
2013-04-11 13:08:16 -05:00
James Lee ab0535bc41 Bins for new stdapi_fs_file_move command
See rapid7/meterpreter#6
2013-04-04 23:39:22 -05:00
James Lee 2d47be425f Latest meterpreter bins
See rapid7/meterpreter#1 and rapid7/meterpreter#5
2013-04-04 22:57:13 -05:00
Tod Beardsley bafb50a173 Merge commit for JtR recompile
Also changes a bunch of file modes to be less permissive.

[Closes #1662]
2013-03-29 09:05:12 -05:00
sinn3r 7bf87f3546 Merge branch 'mipsbe_elf' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-mipsbe_elf 2013-03-27 11:55:09 -05:00
jvazquez-r7 c225d8244e Added module for CVE-2013-1493 2013-03-26 22:30:18 +01:00
jvazquez-r7 a644ceb016 Added support for mipsbe elf 2013-03-26 17:20:43 +01:00
James Lee 73c2610822 Merge remote-tracking branch 'jvazquez-r7/mipsle_elf_support' into rapid7
[Closes 1666]
2013-03-26 10:38:32 -05:00
jvazquez-r7 e78635fc0f fix segment virtual address 2013-03-26 10:50:29 +01:00
Josh ee199f64cb Merge pull request #1664 from scriptjunkie/msfguiKaliConnect
MSFGUI service autoconnect, DB fixes
2013-03-25 21:58:28 -07:00
scriptjunkie 1b6398d4fd Service autoconnect, DB fixes
First check if database is connected before trying to connect.
Autologin in Kali with new token login.
2013-03-25 20:44:48 -05:00
jvazquez-r7 4fff624632 added initial support for ELF misple 2013-03-26 01:08:31 +01:00
Brandon Turner 83d1f8d499 Compile John the Ripper against libssl 1.0.0
We use OpenSSL 1.0.0 in installed environments.  Previously, John the
Ripper was compiled against 0.9.8 which prevented it from running.  This
recompiles the same version (jtr 1.7.8 jumbo 2) against OpenSSL 1.0.0.

[FIXRM #7834]
2013-03-25 17:12:51 -05:00