infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
21,063 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

21063 Commits (54cf7855a2c72c1849195b355c2073d338b1b52f)

Author SHA1 Message Date
bcoles 54cf7855a2 Add WebTester 5.x Command Execution exploit module 2013-10-17 16:57:57 +10:30
sinn3r 7a0671eba9
Land #2531 - rm deprecated mods 2013-10-16 20:02:58 -05:00
James Lee a54b4c7370
Land #2482, use runas when UAC is DoNotPrompt 2013-10-16 17:51:11 -05:00
Tod Beardsley f1a67ecafe
Remove overdue deprecated modules 
[See PT #56795804]
[See PT #56796034]
 2013-10-16 17:02:28 -05:00
sinn3r 855d183926
Land #2530 - Add IE7 support for MS13-080 
by egypt
 2013-10-16 16:42:00 -05:00
sinn3r 0ce221274b Change JS comments in Ruby. 2013-10-16 16:40:54 -05:00
James Lee 721ce8f6b7
Land #2526, use Find.find in msftidy 
[SeeRM #8497]
 2013-10-16 16:17:33 -05:00
James Lee ca2620f0f6
Land #2527, addonsdetect 2013-10-16 16:15:31 -05:00
James Lee 4fa3b8f820 Add support for IE7 on XP 2013-10-16 15:56:34 -05:00
James Lee d13fa7e9a5
Land #2528, base64 for ms13-080 2013-10-16 15:54:56 -05:00
Tod Beardsley 2833d58387
Add OSVDB for vbulletin exploit 2013-10-16 15:01:28 -05:00
Tod Beardsley 3c2dddd7aa
Update reference with a non-plagarised source 2013-10-16 14:44:18 -05:00
Tod Beardsley 3fc1a75a6b
Simplify msftidy with Find.find and add fixed() 
Also, enforce binary encoding like the other Metasploit tools.

This opens the door to fixing files that have things that could be fixed
programmatically.

    [SeeRM #8497]
 2013-10-16 10:40:42 -05:00
sinn3r 06a212207e Put PrependMigrate on hold because of #1674 
But I will probably still want this.
 2013-10-16 09:24:46 -05:00
sinn3r 0081e186f7 Make sure i var is local 2013-10-15 23:59:23 -05:00
sinn3r ac78f1cc5b Use Base64 encoding for OS parameter 
I didn't even realize we already added this in server.rb. So instead
of just escaping the OS parameter, we also encode the data in base64.
I also added prependmigrate to avoid unstable conditions for the payload.
 2013-10-15 23:37:11 -05:00
sinn3r 4c91f2e0f5 Add detection code MS Office 
Add detection code for MS Office XP, 2003, 2007, 2010, and 2012.

[SeeRM #8413]
 2013-10-15 16:27:23 -05:00
sinn3r 41ab4739e3
Land #2520 - Add detection for FF 22 - 24 2013-10-15 15:17:43 -05:00
Tod Beardsley e4d5960853
Land #2524, correct author name 2013-10-15 15:05:35 -05:00
jvazquez-r7 c68319d098 Fix author 2013-10-15 12:59:19 -05:00
jvazquez-r7 f60b29c7a6
Land #2503, @MrXors's local exploit using VSS 2013-10-15 12:35:26 -05:00
MrXors f345414832 Added correct spelling in info 2013-10-15 10:13:18 -07:00
jvazquez-r7 0b9cf24103 Convert vss_persistence to Local Exploit 2013-10-15 11:11:04 -05:00
jvazquez-r7 3b7be50d50 Fix typos 2013-10-15 10:03:00 -05:00
jvazquez-r7 18b4f80ca9 Add minor cleanup for vss_persistence 2013-10-15 09:56:18 -05:00
MrXors 6a1b1f35a8 Msftidy done. 2013-10-14 19:41:10 -07:00
MrXors d444ed054f Fixed RUNKEY, Fixed SCHTASKS, merged code 2013-10-14 19:36:44 -07:00
Meatballs 63e850505e
Land #2523, WDS use read_response 
This is more robust at correctly receiving the entire DCERPC response.

[Closes #2511]
 2013-10-14 23:54:56 +01:00
Tod Beardsley d0b1479d5b
Use the real timeout option for DCERPC 2013-10-14 17:41:51 -05:00
Tod Beardsley e8d0292118
Use read_response class method 
Looks like this was never implemented in other modules, but it collects
data from the socket in the usual get_once sort of way.
 2013-10-14 17:24:22 -05:00
Tod Beardsley 14be85ea5d
Land #2511, fix up NoMethodError and hanging connx 2013-10-14 16:30:19 -05:00
Meatballs a3af5d681b
Ensure TCP connection is closed 2013-10-14 21:53:22 +01:00
William Vu 31dc7c0c08 Land #2522, @todb-r7's pre-release module fixes 2013-10-14 15:37:23 -05:00
Tod Beardsley 63e40f9fba
Release time fixes to modules 
* Period at the end of a description.
  * Methods shouldn't be meth_name! unless the method is destructive.
  * "Setup" is a noun, "set up" is a verb.
  * Use the clunky post module naming convention.
 2013-10-14 15:17:39 -05:00
James Lee 29ae6be403
Land #2521, nil fix for ms13_069 2013-10-14 15:15:47 -05:00
joev 711fac08b7 Don't throw exception if createElement is missing. 2013-10-14 14:15:13 -05:00
sinn3r 15e8c3bcd6 [FixRM #8470] - can't convert nil into String 
Target selection bug in ms13_069_caret.rb. Happens when the target
is Win 7 + IE8, which actually isn't a suitable target.

[FixRM #8470]
 2013-10-14 14:10:08 -05:00
jvazquez-r7 75aaded842
Land #2471, @pyoor's exploit for CVE-2013-5743 2013-10-14 14:03:28 -05:00
jvazquez-r7 a6f17c3ba0 Clean zabbix_sqli 2013-10-14 14:01:58 -05:00
William Vu 07772cebb0 Land #2519, undefined method fix for msfcli 2013-10-14 13:56:07 -05:00
joev 183940308b Add another nil check, just to be safe. 2013-10-14 13:55:54 -05:00
joev 20a145f1e7 Check for prop in prototype, not constructor. 2013-10-14 13:51:45 -05:00
joev 488ed5bd4a Add new feature detection logic for FF 23 and 24. 2013-10-14 13:41:26 -05:00
William Vu 35dd94f0ac Land #2518, uninitialized JavascriptOSDetect fix 2013-10-14 13:32:04 -05:00
sinn3r 5514736deb [FixRM 8489] undefined method `empty?' for nil:NilClass in msfcli 
This fixes a undefined method `empty?' for nil:NilClass (NoMethodError)
in msfcli. [SeeRM 8489]
 2013-10-14 13:13:56 -05:00
sinn3r e10dbf8a5d
Land #2508 - Add nodejs payloads 2013-10-14 12:23:31 -05:00
sinn3r da3081e1c8 [FixRM 8482] Fix uninit constant Rex::Exploitation::JavascriptOSDetect 
This fixes an uninit constant Rex::Exploitation::JavascriptOSDetect
while using a module with js_os_detect. It was originally reported
by Metasploit user @viniciuskmax

[FixRM 8482]
 2013-10-14 11:40:46 -05:00
MrXors fc62b4c4ed removed global var from file_on_target and useless code 2013-10-14 09:16:54 -07:00
William Vu eab90e1a2e Land #2491, missing platform info update 2013-10-14 10:38:25 -05:00
MrXors 17e5c63f7f removed debugging prompts 2013-10-14 00:29:24 -07:00