infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
43,238 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

22527 Commits (59086af261efb1cfc4958e7560b51ab004bd23ab)

Author SHA1 Message Date
Brent Cook 59086af261
Land #8771, rewrite linux x64 stagers with Metasm 2017-08-14 02:32:29 -04:00
Brent Cook 26193216d1
Land #8686, add 'download' and simplified URI request methods to http client mixin 
Updated PDF author metadata downloader to support the new methods.
 2017-08-14 01:40:17 -04:00
Brent Cook 7d4561e0fd rename to download_log to avoid conflicting with the mixin 2017-08-14 01:10:37 -04:00
Brent Cook 5d05ca154a added http client 'download' method and updates to pdf author module from @bcoles 2017-08-14 01:08:53 -04:00
zerosum0x0 ecfe3d0235 added optional DoublePulsar check 2017-08-11 11:36:59 -06:00
Pearce Barry bb5fffebc4
Land #8796, SMBLoris Denial of Service Module. 2017-08-09 16:24:55 -05:00
Pearce Barry 901a1fdd1b
Minor tweaks. 2017-08-09 15:44:32 -05:00
Jon Hart 1b6acd768e
Land #8817, fixing @jhart-r7's ruby 2.2 blunder 2017-08-09 13:19:20 -07:00
Christian Mehlmauer 1b6b29c22b
fix error with rdp scanníng 2017-08-09 21:32:15 +02:00
bwatters-r7 dd79aa3afb
Land #8627, Add post module multi/gather/jenkins 2017-08-09 10:43:21 -05:00
Brent Cook 0ac19087cd
Land #8720, add resiliency (retries + sleep) to linux x86 stagers 2017-08-08 19:36:47 -05:00
David Maloney 67e86da50b
make SMBLoris run continuously as requested 
as per ZeroSum's request the module now runs
continuously, refreshing the connections on every pass
until manually killed
 2017-08-08 10:16:16 -05:00
Pearce Barry cfd377fbd4 Support padding on the CAN bus. 
Also use a hash for passing options around instead of individual params.
 2017-08-06 18:05:59 -05:00
David Maloney 289f03241b
add module documentation 
add module docs for the new smbloris DoS
 2017-08-04 16:10:44 -05:00
David Maloney 15cc2a9dc0
removedthreading stuff, tried keepalives 
still seem to be topping out at
about 1.3GB allocated
 2017-08-04 15:28:01 -05:00
Brent Cook 7ce813ae6e
Land #8767, Add exploit module for CVE-2017-8464 
LNK Code Execution Vulnerability
 2017-08-03 17:10:16 -05:00
Brent Cook da3ca9eb90 update some documentation 2017-08-03 17:09:44 -05:00
David Maloney e73ffe648e
tried adding supervisor model to smbloris 
tried to overcome issues with slowdown
around the 4500 connection mark by using the
supervisor pattern to terminate the threads on
the backend. this seems to get us further, but we still
hit a slowdown and the allocations die out before
we hit any serious usage
 2017-08-03 14:19:35 -05:00
David Maloney c9da2d56b9
first pass at SMBLoris DoS module 
the first pass on the DoS module for SMBLoris
running into issues with it topping out around 600MB
 2017-08-03 11:32:57 -05:00
Brent Cook ddd841c0a8 code style cleanup + add automatic targeting based on payload 2017-08-03 00:27:54 -05:00
Brent Cook b62429f6fa handle drive letters specified like E: nicely 2017-08-03 00:27:22 -05:00
Yorick Koster 46ec04dd15 Removed This PC ItemID & increased timeout in WaitForSingleObject 
Remove the This PC ItemID to bypass (some) AV.

Timeout for WaitForSingleObject is set to 2,5s. After this timeout a
mutex is released allowed a new payload to be executed.
 2017-08-02 15:47:22 -05:00
Yorick Koster e51e1d9638 Added new DLL templates to prevent crashing of Explorer 2017-08-02 15:47:21 -05:00
Yorick Koster 3229320ba9 Code review feedback from @nixawk 2017-08-02 15:46:51 -05:00
Yorick Koster 565a3355be CVE-2017-8464 LNK Remote Code Execution Vulnerability 
This module exploits a vulnerability in the handling of Windows
Shortcut files (.LNK) that contain a dynamic icon, loaded from a
malicious DLL.

This vulnerability is a variant of MS15-020 (CVE-2015-0096). The
created LNK file is similar except in an additional
SpecialFolderDataBlock is included. The folder ID set in this
SpecialFolderDataBlock is set to the Control Panel. This is enought to
bypass the CPL whitelist. This bypass can be used to trick Windows into
loading an arbitrary DLL file.
 2017-08-02 15:46:30 -05:00
Brent Cook 6f97e45b35 enable Ruby 2.2 compat checks in Rubocop, correct multi/handler compat 2017-08-02 06:18:02 -05:00
OJ 54ded4300e
Land #8791 - Update Accuvant refs to point to Optiv 2017-08-02 13:26:52 +10:00
TC Johnson 8989d6dff2
Modified Accuvant bog posts to the new Optive urls 2017-08-02 13:25:17 +10:00
Brent Cook bb2304a2d1
Land #8769, improve style, compatibility, for ssh modules 2017-08-01 21:43:32 -05:00
Brent Cook 1d75a30936 update style for other ssh exploits 2017-08-01 16:05:25 -05:00
Brent Cook 8c9fb1d529 remove unneeded netssh checks in modules 2017-08-01 14:46:10 -05:00
Brent Cook 4395f194b1 fixup style warnings in f5 bigip privkey exploit 2017-08-01 14:45:05 -05:00
Brent Cook e61cccda0b
Land #8779, Adding error handler for ms17-010 exploit where SMBv1 is disabled 2017-08-01 14:00:12 -05:00
tkmru 14507747d0 update CachedSize 2017-07-29 23:42:43 +09:00
tkmru b1e26dd17e Merge branch 'master' of https://github.com/rapid7/metasploit-framework into feature/linux_reverse_tcp_x86_retry 2017-07-29 17:24:59 +09:00
wchen-r7 c5021bf665 Land #8761, Add CVE-2017-7442: Nitro Pro PDF Reader JS API Code X 2017-07-28 17:02:59 -05:00
multiplex3r b2ecaa489d Rescue only RubySMB::Error::CommunicationError 2017-07-27 19:19:45 +10:00
multiplex3r f2091928ec Adding no SMBv1 error handler for ms17-010 exploit 2017-07-27 16:21:09 +10:00
tkmru eb536ba67c Merge branch 'master' of https://github.com/rapid7/metasploit-framework into feature/linux_reverse_tcp_x64_retry 2017-07-26 09:48:17 +09:00
1cph93 9c930aad6e Add space after comma in f5_bigip_known_privkey module to coincide with Ruby style guide 2017-07-25 19:43:29 -04:00
Brent Cook 354869205a make exploit/multi/handler passive 
This gives exploit/multi/handler a makeover, updating to use more-or-less
standard Ruby, and removing any mystical hacks at the same time (like select
instead of sleep).

This also gives it a Passive stance, and sets ExitOnSession to be false by
default, which is the setting that people use 99% of the time anyway.
 2017-07-24 15:47:06 -07:00
mr_me bf4dce19fb I added the SSD advisory 2017-07-24 14:25:10 -07:00
mr_me b099196172 deregistered SSL, added the HTA dodgy try/catch feature 2017-07-24 10:28:03 -07:00
mr_me 17b28388e9 Added the advisory, opps 2017-07-24 10:09:21 -07:00
mr_me 14ca2ed325 Added a icon loading trick by Brendan 2017-07-24 10:06:20 -07:00
mr_me b2a002adc0 Brendan is an evil genius\! 2017-07-24 09:58:23 -07:00
mr_me cc8dc002e9 Added CVE-2017-7442 2017-07-24 08:21:59 -07:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
Brent Cook 80d18fae6a update example modules to have zero violations 2017-07-24 06:15:54 -07:00
Brent Cook 1d290d2491 resurrect one print_error/bad conversion for symmetry 2017-07-24 05:55:34 -07:00