infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,462 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

11462 Commits (4e858aba896c4be9d751c75ade9675d701c6c058)

Author SHA1 Message Date
sinn3r 4e858aba89 Add CVE-2012-0262 Op5 welcome.php Remote Code Execution 2012-01-07 15:13:45 -06:00
sinn3r 4645c1c2b9 Add CVE-2012-0261 Op5 license.php Remote Code Execution 2012-01-07 15:12:49 -06:00
sinn3r 6d401b48d1 Fix typo 2012-01-07 00:02:51 -06:00
sinn3r b7e29191f5 Add Drupal 'Views' module username enumeration (Feature #6194) 2012-01-06 23:51:32 -06:00
David Maloney 40a1d8bcc8 Fixed issue with a missing nil check in ftp_login 2012-01-06 20:51:58 -08:00
David Maloney 81acfd2126 Adds hashdump and cracking modules for AIX 2012-01-06 20:31:22 -08:00
David Maloney 8e017fd4db Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-01-06 20:30:25 -08:00
James Lee c2406e0e65 Fix whitespace at EOL 2012-01-06 21:13:17 -07:00
James Lee c35c7f5fab Add tab completion for pushm 
[See #6165]
 2012-01-06 21:10:59 -07:00
James Lee 7ea5f87960 Allow proper ruby types for evasion configuration 
At some point in the distant past, the datastore was all strings and the
various option types got parsed out in the appropriate places. Then, in
the somewhat more recent past, the options started getting converted to
regular ruby types (such as TrueClass for a BOOL options, etc) earlier
in their life.  Apparently, that change broke boolean http evasions.
This commit fixes them by ensuring that +true+ is just as acceptable as
"true".

Fixes #6198, thanks Ashish for the report
 2012-01-06 20:05:29 -07:00
David Maloney bf425a6744 Fixed bug that prevented telnet sessions from opening with good creds 2012-01-06 16:59:08 -08:00
sinn3r 6ceb2f04a3 Add CVE-2011-2474 Sybase EAServer directory traversal vulnerability 2012-01-06 14:24:49 -06:00
David Maloney 9cf2af6a94 Adds exploit/windows/htt/xampp_webdav_upload_php 
This exploit abuses weak default passwords on XAMPP
for windows to uplaod a php payload and execute it.

Fixes #2170
 2012-01-06 12:00:14 -08:00
HD Moore c2a71d63b4 Tweak the logic here 2012-01-06 00:53:50 -06:00
HD Moore 7b26e33e19 Initial version 2012-01-06 00:53:50 -06:00
HD Moore 9c827abcb7 net-ssh hackery to disable agent support, disable private key support, 
and add a callback
 2012-01-05 14:10:31 -06:00
Jonathan Cran eec70706d0 make the esx driver dependent on meterpreter 2012-01-05 20:42:58 -06:00
Jonathan Cran bedc34ad44 Merge branch 'master' of r7.github.com:rapid7/metasploit-framework 2012-01-05 18:26:26 -06:00
Jonathan Cran c522514030 update the meterpreter modifier to reflect the new copy_ api 2012-01-05 18:26:05 -06:00
David Maloney 54bca49ef9 Slightly better fix to the digest request header issue 2012-01-05 12:25:32 -08:00
David Maloney ba86e8a04f Added PROPFIND support to http_login 
This allows http_login to test against WebDAV.
Also added XAMPP default usernames and passwords to default wordlists
 2012-01-05 12:10:53 -08:00
David Maloney 6cd3810094 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-01-05 12:03:21 -08:00
David Maloney e61b4ed65c Fixed issue with send_digest_request_cgi not keeping user supplied headers. 2012-01-05 12:02:21 -08:00
Tod Beardsley e28ccc33c7 Merge pull request #92 from rsmudge/armitage 
Armitage 1.5.12
 2012-01-05 11:05:35 -08:00
Raphael Mudge 46964a6be7 Armitage 1.5.12 - Performance and bandwidth optimizations in the team server, improved Java meterpreter interface, and 
greatly overhauled Armitage's data export capability. Now users may select to export all data or any workspace.
 2012-01-05 04:55:58 -05:00
HD Moore 8315709fb6 Correct typo and set the disclosure date 2012-01-04 19:46:56 -06:00
Tod Beardsley 7b692aa0b9 Adding references to vss modules. 2012-01-04 12:10:03 -06:00
Tod Beardsley 164c80d496 Adding a comment doc to the shadowcopy lib. 
Citing Tim Tomes and Mark Baggett
 2012-01-04 12:03:13 -06:00
sinn3r 8cced0a91e Add CVE-2011-2462 Adobe Reader U3D exploit 2012-01-04 03:49:49 -06:00
sinn3r c122ec34bc Add default SSH credential for Op5 system CenOS VM image 2012-01-03 15:13:35 -06:00
David Maloney 12221b0433 UAC will disrupt these modules 
Added checks for UAC.
UAC must be bypassed before using these modules.
 2012-01-03 12:07:38 -08:00
Jonathan Cran 166e3f45d6 Merge branch 'release/20111227000001' 2012-01-03 11:56:55 -06:00
Tod Beardsley 904297ee35 Merge pull request #91 from jduck/master 
Stack trace fix when mytarget is nil, actually populate the agent variable.
 2012-01-02 09:26:05 -08:00
Joshua J. Drake 958ffe6e1d Fix stack trace from unknown agents 2012-01-02 03:41:49 -06:00
HD Moore 7448ab4780 Merge pull request #90 from swtornio/master 
add osvdb ref
 2012-01-01 10:25:21 -08:00
Steve Tornio 7bfdc9eff4 add osvdb ref 2012-01-01 09:10:10 -06:00
James Lee 4cd329a943 Spawn the payload as a seperate process 
Running the payload using system() in a thread was causing some weird
interactions with ctrl-c. Fix those issues by using Process.spawn and
Process.detach. I suspect this was the original cause of #3631, java
meterpreter sessions dying unaccountably.

See #3631
 2011-12-31 12:11:34 -07:00
David Maloney dd0b07b2cc Adds mixin and post modules to manipulate Volume shadowcopy Service(VSS) 2011-12-30 15:03:04 -08:00
Joshua Smith 29b6d0d1e3 Adds previous, pushm, popm to msfconsole 
Adds the ability to set and use a stack of modules, and to easily switch
between the last two modules used.

[Fixes #6165][Closes #84]
Squashed commit of the following:

commit e41e7f704888b1ce5ad5f23caeee1de13052e3d5
Author: Joshua Smith <kernelsmith@kernelsmith.com>
Date:   Mon Dec 26 15:52:08 2011 -0500

    pushm/popm working great, let me know if you find bugs

commit 23da8d56ea08ca196e649431e8188b4f29ba97b9
Author: Joshua Smith <kernelsmith@kernelsmith.com>
Date:   Mon Dec 26 14:37:18 2011 -0500

    Adds the 'previous' command to msfconsole which will load the previously active module as the currently active module, adds @previous_module as a class variable
 2011-12-30 15:30:55 -06:00
James Lee 0fa0ceccb5 Merge branch 'master' of github-r7:rapid7/metasploit-framework 2011-12-30 10:55:48 -07:00
James Lee ba017773b2 Cleanup whitespace at EOL 2011-12-30 10:55:01 -07:00
sinn3r 23f2a189d7 Merge pull request #89 from rsmudge/armitage 
Armitage 12.30.11
 2011-12-30 08:21:04 -08:00
sinn3r d9db03dba6 Add CoCSoft StreamDown buffer overflow (Feature #6168; no CVE or OSVDB ref) 2011-12-30 10:16:29 -06:00
Raphael Mudge 3fae5ada9f Armitage 12.30.11 - This release improves performance for Armitage's collaboration mode, rewrites the MSF Scans feature, 
and adds a drag'n'drop feature to launch a module against a particular host.
 2011-12-30 03:14:43 -05:00
HD Moore 409970ec36 Merge pull request #88 from andurin/small_fixes 
RPC Client exception handling
 2011-12-29 22:13:35 -08:00
andurin 898df592be Fix2 rpc exception handling 
HD suggested a small tweak to use error_code OR res.code for the raise
 2011-12-30 07:05:26 +01:00
andurin 7b4de2380f Small fix: RPC client exception handling 
IMHO rpc client should transform the error code from Msf::RPC::Exception
into it's own Msf::RPC::ServerException and should not take the msgpack
response code.

In deep:
I ran into a '401 invalid auth token' after a token timeout (300s).
RPC Daemon raised a 401 - invalid auth token as expected but rpc client
transformed it to a '200 - invalid auth token' using the successful http
transaction to transport the exception.
 2011-12-30 05:44:26 +01:00
Tod Beardsley bc22b7de99 MSFConsole should display hostless loot, also typo fix. 
Fixes the console to display loot not associated with a host, as when
the CorpWatch modules save loot. Also fixes a typo on
corpwatch_lookup_id.rb

Fixes #6177
 2011-12-29 15:11:15 -06:00
Tod Beardsley 78da15ed15 Always check for the current workspace when calling Report#myworkspace(). 
Fixes #6175
 2011-12-29 13:48:05 -06:00
sinn3r b202c29153 Correct e-mail format 2011-12-29 11:27:10 -06:00