infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
41,247 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

41247 Commits (5383900a54ef6e9dab353bbf4e29d024cb6cba4d)

Author SHA1 Message Date
jvoisin 028d4d6077 Make the payload a bit more random 2017-02-08 09:59:22 +01:00
William Vu 13f4b0d7ae Be more specific with invalid post ID 2017-02-08 02:18:52 -06:00
Carter c16b7e42a6 Fix review stuff 2017-02-07 21:41:38 -05:00
Carter 46fbc9dd3f Fix some formatting 2017-02-07 21:32:19 -05:00
Metasploit d81bdc1c02
Bump version of framework to 4.13.21 2017-02-07 17:27:47 -08:00
Brent Cook 906c56eb90
Land #7933, bump rex-core, fix path normalization 2017-02-07 19:22:53 -06:00
Brent Cook 74e029f3b1
Land #7932, Fix CVE-2017-5229 2017-02-07 19:22:36 -06:00
Brent Cook 522c6dce8e
Land #7931, Fix CVE-2017-5231 and respect user's dest 2017-02-07 19:22:17 -06:00
Brent Cook db36cf5755
Land #7930, Fix CVE-2017-5228 2017-02-07 19:21:56 -06:00
Brent Cook 2d1989ef16 bump rex-core, fix path normalization 
Brings in fixes from https://github.com/rapid7/rex-core/pull/4
 2017-02-07 19:17:44 -06:00
Brent Cook 68a5d300fe minor style issues 2017-02-07 18:35:35 -06:00
William Vu 6f4ff89218 Add WPVDB reference 2017-02-07 18:33:58 -06:00
Brent Cook b370dd0654 Fix CVE-2017-5229 - extapi Clipboard.parse_dump() Directory Traversal 2017-02-07 18:24:06 -06:00
jvoisin cb03ca91e1 Make php_cgi_arg_injection work in certain environnement 
This commit sets two more options to `0` in the payload:

- [cgi.force_redirect](https://secure.php.net/manual/en/ini.core.php#ini.cgi.force-redirect)
- [cgi.redirect_status_env](https://secure.php.net/manual/en/ini.core.php#ini.cgi.redirect-status-env)

The configuration directive `cgi.force_redirect` prevents anyone from calling PHP
directly with a URL like http://my.host/cgi-bin/php/secretdir/script.php.
Instead, PHP will only parse in this mode if it has gone through a web server redirect rule.

The string set in the configuration directive `cgi.redirect_status_env`
is the one that PHP will look for to know it's ok to continue its
execution. This might be use together with the previous configuration
option as a security measure.

Setting those variables to 0 is (as stated in the documentation) a
security issue, but it also make the exploit work on some Apache2 setup.
 2017-02-07 18:59:27 +01:00
jvoisin 96f7b2e245 http_version now store the fngerprints 
Currently, the `http_version` module doesn't store the fingerprints
into the database; this commit should fix this behaviour.
 2017-02-07 18:36:36 +01:00
wchen-r7 cefbee2df4 Add PoC for OpenOffice macro module 2017-02-07 10:12:23 -06:00
Carter f4580a2616 Add token value check 
Sometimes it wouldn't return creds if the token is 0. It usually works after running it another time.
 2017-02-07 10:53:25 -05:00
Carter c1f9b724cf Maybe fix syntax error 2017-02-07 10:36:05 -05:00
Justin Steven 56cf6b129d
Fix CVE-2017-5228 2017-02-07 23:44:23 +10:00
Justin Steven cb74d3b05b
Fix CVE-2017-5231 and respect user's dest 2017-02-07 23:41:59 +10:00
Tim d0f6d4ef45
Land #7920, android/meterpreter_reverse_https 2017-02-07 20:42:47 +08:00
William Vu b4056a110b Print diagnostics if no posts found/given 2017-02-07 04:37:05 -06:00
William Vu a9ea09a179
Land #7909, Python process hiding for sessions -u 2017-02-07 02:28:24 -06:00
William Vu e1ade9caf8
Land #7910, closed ports fix for TCP portscan 2017-02-07 02:23:15 -06:00
sekritskwurl aac9381778 Update meterpreter_reverse_https.rb 2017-02-07 12:13:20 +04:00
sekritskwurl f584d5c1c5 Merge pull request #1 from timwr/pr-7920 
fix missing payloads_spec
 2017-02-07 12:03:21 +04:00
Tim 7f759384ab fix missing payloads_spec 2017-02-07 15:02:29 +08:00
Carter 6f5e013f4d Update netgear_password_disclosure.rb 2017-02-06 22:18:07 -05:00
Carter 00050abb73 Fix msftidy warnings 2017-02-06 22:06:50 -05:00
Carter 1f2a95c202 Use html parser instead of regex 2017-02-06 22:03:56 -05:00
Carter 115c60446e Fix weird if loop in check 2017-02-06 17:30:49 -05:00
Carter 6ebdbc3f81 Fix some stuff from review 
I'm going to change the HTML Regex to a parser a bit later, I don't have time right now
 2017-02-06 17:29:39 -05:00
Brent Cook bb3f8577ab
Land #7922, bump packetfu for bugfixes 2017-02-06 15:55:43 -06:00
Brent Cook 40c86567aa import packetfu fix for https://github.com/packetfu/packetfu/pull/163 2017-02-06 15:51:01 -06:00
William Webb badca287dd
Land #7906, Add Microsoft Word malicious macro document generator 2017-02-06 14:44:09 -06:00
h00die f531366d89
Land #7790 an aux module to extract Meteocontrol Weblog admin password 2017-02-06 15:23:06 -05:00
Carter 9b4ca31432 Fix typo 2017-02-06 12:52:41 -05:00
Carter 52cf9c44df Update netgear_password_disclosure.rb 2017-02-06 12:43:31 -05:00
Carter 16c6480629 Add response checks 
I can't test this right now as I'm not at a computer that has metasploit installed, but I'll test it when I get a chance to.
 2017-02-06 12:10:01 -05:00
Carter f5450a718a Add TARGETURI datastore option 2017-02-06 11:54:29 -05:00
Carter 99227aca1a Fix things from review 2017-02-06 09:44:35 -05:00
sekritskwurl 0cec4be107 Android Stageless Meterpreter over HTTPS 
Change to add functionality for stateless meterpreter over HTTPS
 2017-02-06 14:59:43 +04:00
William Vu 8af966a132 Add WordPress content injection module 2017-02-06 04:40:26 -06:00
William Vu 31f93de150 Update HttpClient and WordPress mixins 2017-02-06 04:40:26 -06:00
William Vu ba80e1d9e5 Fix report_vuln for aux/scanner checks 
Msf::Auxiliary::Scanner#setup sets it to nil in instance.check_simple.
 2017-02-06 01:20:18 -06:00
Josh Hale 02afc3af96 Add lines for no IPv4/IPv6 routes 2017-02-05 17:38:30 -06:00
Carter fb7e5ff847 Fix more msftidy warnings 2017-02-05 14:00:05 -05:00
Carter f08590982c Fix some msftidy warnings 2017-02-05 13:58:01 -05:00
Carter 609ea3700a Create netgear_password_disclosure.rb 2017-02-05 13:39:58 -05:00
Pearce Barry cab19dc63c
Land #7904, Fix a bug where PHP tags were in the wrong place 2017-02-05 11:43:24 -06:00