infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
38,255 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

38255 Commits (4242bbdf555d9c213e70ed5e8d74f4b4b541820d)

Author SHA1 Message Date
h00die 4242bbdf55 change report_note to report_vuln per note 2016-05-23 17:36:50 -04:00
h00die c621f689b2 more descriptive note per @sempervictus 2016-05-18 19:08:01 -04:00
h00die 815a2600a8 additional description 2016-05-17 22:07:33 -04:00
h00die 640e0b9ff7 working ready for pr 2016-05-17 21:58:32 -04:00
h00die 314d73546c additional details, not working on tablet via malicious apk meterpreter 2016-05-13 23:12:44 -04:00
h00die 5099124f3d module compiles, fails correctly but cant yet verify it works 2016-05-12 22:18:43 -04:00
wchen-r7 13adc3ee0a
Land #6865, Add CVE-2015-3224 support to rails_web_console_v2_code_exec 2016-05-12 13:56:01 -05:00
David Maloney 993709e076
Land #6862, jar payloads 
lands FireFarts jar payload pr
 2016-05-11 09:56:41 -05:00
HD Moore 32e1a19875 Fix up the disclosure date 2016-05-11 00:18:22 -05:00
HD Moore ded79ce1ff Fix CVE syntax 2016-05-10 23:18:45 -05:00
HD Moore 4a5d150716 Fixups to continue supporting Rails 4.2.x 2016-05-10 23:12:48 -05:00
HD Moore 04bb493ccb Small typo fixed 2016-05-10 23:07:51 -05:00
HD Moore 7c6958bbd8 Rework rails_web_console_v2_code_exec to support CVE-2015-3224 2016-05-10 11:08:02 -05:00
wchen-r7 3db72e9b4b
Land #6853, use send_request_cgi! for CVE-2016-0854 exploit 2016-05-09 16:10:04 -05:00
Christian Mehlmauer e2dd844e34
reenable jar format 2016-05-09 21:25:23 +02:00
Jenkins 805f98f599
Bump version of framework to 4.11.27 2016-05-06 11:32:46 -07:00
Kyle Gray 2a546d191f
Land #6854, smtp header fix 
Fixes an issue with duplicate headers when sending emails.

Fixes MS-1476
 2016-05-06 12:07:12 -05:00
William Vu c15403a426
Fix #6838, web-console module cleanup 
ommit.
 2016-05-06 12:01:21 -05:00
William Vu 2abb062070 Clean up module 2016-05-06 11:51:29 -05:00
David Maloney e4e6246692 Merge branch 'master' of github.com:rapid7/metasploit-framework 2016-05-06 10:55:52 -05:00
David Maloney 3f4d0479aa
Land #6848, ImageMagick Exploit 
lands wvu's imagemaick exploit
 2016-05-06 10:54:38 -05:00
Louis Sato 8dc7de5b84
Land #6838, add Rails web-console module 2016-05-05 15:53:52 -05:00
William Vu 2bac46097f Remove url() for MVG 
Technically unnecessary here.
 2016-05-05 14:18:42 -05:00
William Vu 1bc2ec9c11 Update vulnerable versions to include 6.x (legacy) 2016-05-05 14:18:42 -05:00
William Vu 334c432901 Force https://localhost for SVG and MVG 
https: is all that's needed to trigger the bug, but we don't want wget
and curl to gripe. localhost should be a safe host to request.
 2016-05-05 14:18:42 -05:00
William Vu 26b749ff5a Add default LHOST 
This is a massive workaround and probably shouldn't be done. :-)
 2016-05-05 14:18:42 -05:00
William Vu 5c713d9f75 Set default payload 
Land #6849 for this to be effective.
 2016-05-05 14:18:42 -05:00
William Vu decd770a0b Encode the entire SVG string 
Because why not? Not like people care about what's around the command.
 2016-05-05 14:18:42 -05:00
William Vu 232cc114de Change placeholder text to something useful 
A la Shellshock. :)
 2016-05-05 14:18:42 -05:00
William Vu f32c7ba569 Add template generation details 2016-05-05 14:18:42 -05:00
William Vu 23a0517a01 Update description 2016-05-05 14:18:42 -05:00
William Vu d7b76c3ab4 Add more references 2016-05-05 14:18:42 -05:00
William Vu 5c04db7a09 Add ImageMagick exploit 2016-05-05 14:18:42 -05:00
Adam Cammack 2e460a87dd
Remove extra assignment 2016-05-05 11:24:19 -05:00
Adam Cammack f75009a9c6
Don't duplicate headers when sending emails 
If Date: and Subject: are present, we should not try to add them again.
This made Amazon SES puke, and that made us sad :(.

MS-1476
 2016-05-05 10:47:21 -05:00
David Maloney 891a788ad4
Land #6849, mknod to mkfifo 
lands wvu's pr to switch from mknod to
mkfifo for netcat payloads
 2016-05-05 10:34:41 -05:00
Vex Woo 35a780c6a8 fix send_request_cgi redirection issues #6806 2016-05-05 09:55:32 -05:00
dmohanty-r7 f096c3bb99
Land #6821 Fix send_request_cgi! redirection 2016-05-05 09:09:30 -05:00
Brian Patterson 763c234dfe
Land #6852 Remove duplicate key in tcp.rb which was causing a warning on msfconsole start. 2016-05-04 15:51:09 -05:00
Christian Mehlmauer 9357a30725
remove duplicate key 2016-05-04 22:15:33 +02:00
David Maloney 849495e658
Land #6851, Doc fixes for priv_migrate 2016-05-04 13:39:36 -05:00
David Maloney c7f1598981
Land #6845, ruby version bump 
land FireFart's ruby version bump
 2016-05-04 13:37:09 -05:00
thao doan 08416c600f Grammatical and style fixes for priv_migrate 2016-05-04 11:14:29 -07:00
David Maloney 55b38ad089
Land #6398, content length header 
lands wei's content length header pr
 2016-05-04 11:53:46 -05:00
Jenkins e7ff4665e1
Bump version of framework to 4.11.26 2016-05-04 09:44:18 -07:00
Sonny Gonzalez 548873f623
Land #6850, bump metasploit payloads 
to fix registry class readers

See
rapid7/metasploit-payloads#100
rapid7/metasploit-payloads#99
 2016-05-04 11:21:53 -05:00
Brent Cook 94c8b51a54 bump payloads gem 2016-05-04 10:56:41 -05:00
Rob Fuller 4c9eba333e
Land #6753, MSF-side support for reverse port forwards 
Huge thanks to @OJ for making this happen.
Tested targets Win7,10,2008,2012
Tested payloads Win32 native, Win64 native, python
 2016-05-04 07:39:05 -04:00
William Vu 74e5772bbf Replace mknod with mkfifo for portability 
Works on BSD and OS X now. This has been bugging me for a while.
 2016-05-04 02:32:37 -05:00
Jenkins 7490ab1c78
Bump version of framework to 4.11.25 2016-05-03 17:09:07 -07:00