infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
48,355 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

48355 Commits (44304d33b933c4cd626fb59ccaa222b8b2abd731)

Author SHA1 Message Date
asoto-r7 3671f8f6b0
Handling for Tomcat namespace issues, 'allowStaticMethodAccess' settings, and payload output 
Depending on the configuration of the Tomcat server, `allowStaticMethodAccess` may already be set.  We now try to detect this as part of `profile_target`.  But that check might fail.  If so, we'll try our best and let the user control whether we prepend OGNL to enable `allowStaticMethodAccess` via the 'ENABLE_OGNL' option.

Additionally, sometimes enabling `allowStaticMethodAccess` will cause the OGNL query to fail.

Additionally additionally, some Tomcat configurations won't provide output from the payload.  We'll detect that the payload ran successfully, but tell the user there was no output.
 2018-09-06 17:56:42 -05:00
asoto-r7 7eb06b4592
Address travis errors: Updated metadata and target OS logic 2018-09-06 12:43:56 -05:00
Shelby Pace 36d125e1a8
modified line in scenarios output 2018-09-06 12:15:04 -05:00
Shelby Pace 50df5e386a
modified doc to reflect new output 2018-09-06 12:11:14 -05:00
Metasploit 8850411807
Weekly dependency update 2018-09-06 10:04:57 -07:00
Shelby Pace 6c3b1081ea
added function to grab and store user and passwd 2018-09-06 12:03:00 -05:00
asoto-r7 cb16f812ec
struts2_namespace_ognl updates from code review 
Thanks to @wvu, @firefart, and @wchen!
 2018-09-06 11:50:57 -05:00
Metasploit 9d7c37a411
automatic module_metadata_base.json update 2018-09-06 04:00:16 -07:00
Brent Cook dd476066cf
Land #10584, fix session upgrade HANDLE_TIMEOUT and upgrading osx shells 2018-09-06 05:52:40 -05:00
William Vu 35fb0d19ab Refactor SSH mixins and update modules 2018-09-05 23:53:11 -05:00
Metasploit 0777e5d448
automatic module_metadata_base.json update 2018-09-05 19:56:26 -07:00
Wei Chen d23b252393
Land #10592, support ERB for foxit_reader_uaf.rb 2018-09-05 21:48:52 -05:00
Wei Chen 254e8b9fd0 Cleanup for foxit_reader_uaf 2018-09-05 21:47:57 -05:00
Metasploit d764b53ca2
automatic module_metadata_base.json update 2018-09-05 19:15:08 -07:00
Wei Chen 266dec45cd
Land #10564, Add Ghostscript exploit from taviso 2018-09-05 21:07:50 -05:00
Wei Chen 6b879e3cde
Apply changes from master 2018-09-05 20:59:54 -05:00
Wei Chen 88ff85c09f
Land #10591, Fix target DisableNops not being passed to payload 2018-09-05 20:56:48 -05:00
William Vu f34146b288 Add module doc 2018-09-05 19:57:15 -05:00
William Vu 243267b2f5 Add Linux dropper target 2018-09-05 19:57:12 -05:00
William Vu 61044e8bca Refactor targets to align with current style 2018-09-05 19:56:32 -05:00
William Vu 692ddc8b8b Eschew updating imagemagick_delegate 
The hype is over, and the target was provided as a bonus. Now update the
module language to reflect that.
 2018-09-05 19:56:32 -05:00
William Vu 1491f13bd5 Add Ghostscript failed restore exploit 2018-09-05 19:56:32 -05:00
William Vu 13ff71b879 Clean up previous modules 
Missed in 35670713ff.
 2018-09-05 19:56:32 -05:00
Shelby Pace 55bf6e5dd4
removed require in erb file 2018-09-05 18:09:29 -05:00
William Vu e2428b5c20 Fix target DisableNops not being passed to payload 2018-09-05 18:07:54 -05:00
Shelby Pace 6a3a4de289
included path to erb, removed multiline pdf string 2018-09-05 14:09:10 -05:00
Shelby Pace 60cdd6dfe2
added erb file for foxit_reader_uaf exploit 2018-09-05 14:07:56 -05:00
asoto-r7 14aee3a822
Added auxiliary/fileformat/multidrop support for Word XML documents 2018-09-05 11:51:48 -05:00
Brent Cook d25aad571f
Land #10474, add documention for windows/shell/reverse_ord_tcp 2018-09-05 09:04:47 -05:00
OJ 635d92901f
Add warning for mimikatz and kiwi if OS versions are wrong 2018-09-05 09:34:34 +10:00
Tim W e20b625698
Land #10585, fix #10577, fix "Exploit failed: TypeError no implicit conversion of Array into Integer" 2018-09-05 02:53:09 +08:00
Tim W c38a7e97fd fix session.type for osx shells 2018-09-04 22:59:03 +08:00
Jacob Robles 0a2b0f8cec
Remove trailing comma 
Fix issue causes target.ret to be an array
 2018-09-04 07:43:43 -05:00
Tim W b7da75d860 fix #10576, fix session upgrade HANDLE_TIMEOUT 2018-09-04 16:46:33 +08:00
James Barnett c8f57435df
Land #10550, update msfdb to persist https data service 2018-09-03 11:21:42 -05:00
Tim W d5e78ab66f
Land #10437, sync some linux local libraries to solaris 2018-09-03 22:46:50 +08:00
Matthew Kienow 34f87efb2b
Land #10532, enhance db_connect for data services 2018-09-03 09:43:34 -04:00
James Barnett 1c8a2f3ee1
Raise an error when http service fails to connect 
Also fix a bug where failed Postgres connections werent being raised
 2018-09-02 15:51:13 -05:00
Matthew Kienow 14f2907d73
Update to handle new db_connect format 2018-08-31 23:12:23 -04:00
James Barnett b4c731d4ca
Check name validity at a higher level 2018-08-31 18:16:32 -05:00
bwatters-r7 8474c331fc
Land #10571, Bump metasploit payloads to 1.3.47 
Merge branch 'land-10571' into upstream-master
 2018-08-31 18:03:10 -05:00
bwatters-r7 4d04161556
Bump metasploit payloads to 1.3.47 2018-08-31 17:47:02 -05:00
James Barnett 084607b955
Set current_data_service when disconnecting from http 2018-08-31 16:48:33 -05:00
James Barnett 185fe56e82
Add message when connecting via yaml 2018-08-31 16:13:17 -05:00
James Barnett a413b27e57
Fix bug connecting to https servers 2018-08-31 15:49:29 -05:00
Brent Cook 85a857d115
Land #10567, Bump kiwi version 2018-08-31 15:25:40 -05:00
Wei Chen 34944ff5be
Land #10568, Update weblogic module docs 2018-08-31 14:05:46 -05:00
asoto-r7 da7a29f715
Documentation update 2018-08-31 13:57:41 -05:00
Metasploit 21f2b5e298
automatic module_metadata_base.json update 2018-08-31 11:55:00 -07:00
asoto-r7 8fe8bf62e3
Renamed to match existing `struts2_content_type_ognl` and improved comments 2018-08-31 13:48:22 -05:00