infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
38,246 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

38246 Commits (5a360be4592702922e8a54c72c81cf0c18d2b29a)

Author SHA1 Message Date
David Maloney 5a360be459
Merge branch 'master' into staging/rails-upgrade 2016-05-06 10:56:17 -05:00
David Maloney e4e6246692 Merge branch 'master' of github.com:rapid7/metasploit-framework 2016-05-06 10:55:52 -05:00
David Maloney 3f4d0479aa
Land #6848, ImageMagick Exploit 
lands wvu's imagemaick exploit
 2016-05-06 10:54:38 -05:00
David Maloney a763863ff3
remove #truncate_session_desc 
this method was absed around a char limit
for the desc column which no longer exists
trying to perform this operation generates an error
removing the method since it is not needed
 2016-05-06 09:36:12 -05:00
Louis Sato 8dc7de5b84
Land #6838, add Rails web-console module 2016-05-05 15:53:52 -05:00
William Vu 2bac46097f Remove url() for MVG 
Technically unnecessary here.
 2016-05-05 14:18:42 -05:00
William Vu 1bc2ec9c11 Update vulnerable versions to include 6.x (legacy) 2016-05-05 14:18:42 -05:00
William Vu 334c432901 Force https://localhost for SVG and MVG 
https: is all that's needed to trigger the bug, but we don't want wget
and curl to gripe. localhost should be a safe host to request.
 2016-05-05 14:18:42 -05:00
William Vu 26b749ff5a Add default LHOST 
This is a massive workaround and probably shouldn't be done. :-)
 2016-05-05 14:18:42 -05:00
William Vu 5c713d9f75 Set default payload 
Land #6849 for this to be effective.
 2016-05-05 14:18:42 -05:00
William Vu decd770a0b Encode the entire SVG string 
Because why not? Not like people care about what's around the command.
 2016-05-05 14:18:42 -05:00
William Vu 232cc114de Change placeholder text to something useful 
A la Shellshock. :)
 2016-05-05 14:18:42 -05:00
William Vu f32c7ba569 Add template generation details 2016-05-05 14:18:42 -05:00
William Vu 23a0517a01 Update description 2016-05-05 14:18:42 -05:00
William Vu d7b76c3ab4 Add more references 2016-05-05 14:18:42 -05:00
William Vu 5c04db7a09 Add ImageMagick exploit 2016-05-05 14:18:42 -05:00
David Maloney 19af279ce9
Merge branch 'master' into staging/rails-upgrade 2016-05-05 10:46:12 -05:00
David Maloney 891a788ad4
Land #6849, mknod to mkfifo 
lands wvu's pr to switch from mknod to
mkfifo for netcat payloads
 2016-05-05 10:34:41 -05:00
dmohanty-r7 f096c3bb99
Land #6821 Fix send_request_cgi! redirection 2016-05-05 09:09:30 -05:00
Brian Patterson 763c234dfe
Land #6852 Remove duplicate key in tcp.rb which was causing a warning on msfconsole start. 2016-05-04 15:51:09 -05:00
Christian Mehlmauer 9357a30725
remove duplicate key 2016-05-04 22:15:33 +02:00
David Maloney 849495e658
Land #6851, Doc fixes for priv_migrate 2016-05-04 13:39:36 -05:00
David Maloney c7f1598981
Land #6845, ruby version bump 
land FireFart's ruby version bump
 2016-05-04 13:37:09 -05:00
thao doan 08416c600f Grammatical and style fixes for priv_migrate 2016-05-04 11:14:29 -07:00
David Maloney 55b38ad089
Land #6398, content length header 
lands wei's content length header pr
 2016-05-04 11:53:46 -05:00
Jenkins e7ff4665e1
Bump version of framework to 4.11.26 2016-05-04 09:44:18 -07:00
Sonny Gonzalez 548873f623
Land #6850, bump metasploit payloads 
to fix registry class readers

See
rapid7/metasploit-payloads#100
rapid7/metasploit-payloads#99
 2016-05-04 11:21:53 -05:00
Brent Cook 94c8b51a54 bump payloads gem 2016-05-04 10:56:41 -05:00
Rob Fuller 4c9eba333e
Land #6753, MSF-side support for reverse port forwards 
Huge thanks to @OJ for making this happen.
Tested targets Win7,10,2008,2012
Tested payloads Win32 native, Win64 native, python
 2016-05-04 07:39:05 -04:00
William Vu 74e5772bbf Replace mknod with mkfifo for portability 
Works on BSD and OS X now. This has been bugging me for a while.
 2016-05-04 02:32:37 -05:00
Jenkins 7490ab1c78
Bump version of framework to 4.11.25 2016-05-03 17:09:07 -07:00
HD Moore 779a7c0f68 Switch to the default rails server port 2016-05-03 02:06:58 -05:00
HD Moore 8b04eaaa60 Clean up various whitespace 2016-05-03 02:06:37 -05:00
Christian Mehlmauer 38320d4304
bump ruby version to 2.3.1 2016-05-03 06:23:15 +02:00
OJ 60f81a69ea Remove the pfservice close call on shutdown 2016-05-03 12:03:37 +10:00
OJ d136844d3b Add error handling around double-bind of ports 2016-05-03 10:42:41 +10:00
thao doan 27542066fa Land #6843, Fixed info -d [module path] 2016-05-02 14:43:50 -07:00
thao doan a09fadc4fc Land #6840, Display the KB first if it's available for module docs 2016-05-02 14:38:49 -07:00
thao doan d617ca59f3 Land #6844, Add documentation for struts_dmi_exec 2016-05-02 14:31:34 -07:00
thao doan c3bd46f2c8 Land #6836, Add documentation for private_migrate module 2016-05-02 14:13:24 -07:00
wchen-r7 027855def4 Add module documentation for struts_dmi_exec 2016-05-02 15:43:34 -05:00
wchen-r7 68ad9b0b53
Land #6835, support Windows and Java platforms for struts_dmi_exec 2016-05-02 15:04:42 -05:00
wchen-r7 df44dc9c1c Deprecate exploits/linux/http/struts_dmi_exec 
Please use exploits/multi/http/struts_dmi_exec, which supports
Windows and Java targets.
 2016-05-02 15:03:25 -05:00
wchen-r7 ffc91a193c Fix #6841, info -d [module path] not spawning module documentation 
Fix #6841
 2016-05-02 14:23:29 -05:00
wchen-r7 71c8ad555e Resolve #6839, Make Knowledge Base as default 
Resolve #6839
 2016-05-02 14:12:09 -05:00
Brian Patterson be363411de
Land #6317, Add delay(with jitter) option to auxiliary scanner and portscan modules 2016-05-02 13:09:40 -05:00
David Maloney fb5b228984
Merge branch 'master' into staging/rails-upgrade 2016-05-02 11:33:35 -05:00
dmaloney-r7 3b893cf740 Merge pull request #6581 from bcook-r7/uuidretry 
don't send a response on invalid UUID, allow stagers to survive another day
 2016-05-02 11:23:02 -05:00
HD Moore 3300bcc5cb Make msftidy happier 2016-05-02 02:33:06 -05:00
HD Moore 67c9f6a1cf Add rails_web_console_v2_code_exec, abuse of a debug feature 2016-05-02 02:31:14 -05:00