infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
38,246 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

38246 Commits (5a360be4592702922e8a54c72c81cf0c18d2b29a)

Author SHA1 Message Date
Josh Hale 3aca699d09 Add priv_migrate.md 2016-04-30 19:02:45 -05:00
join-us 6a00f2fc5a mv exploits/linux/http/struts_dmi_exec.rb to exploits/multi/http/struts_dmi_exec.rb 2016-05-01 00:00:29 +08:00
join-us ec66410fab add java_stager / windows_stager | exploit with only one http request 2016-04-30 23:56:56 +08:00
Jenkins d4f1c78c5c
Bump version of framework to 4.11.24 2016-04-29 13:38:06 -07:00
wchen-r7 73ac6e6fef
Land #6831, Add CVE-2016-3081 Apache struts s2_032 DMI Code Exec 2016-04-29 11:53:47 -05:00
wchen-r7 d6a6577c5c Default payload to linux/x86/meterpreter/reverse_tcp_uuid 
Default to linux/x86/meterpreter/reverse_tcp_uuid for now because
of issue #6833
 2016-04-29 11:52:50 -05:00
join-us 288975a9ce rm modules/exploits/multi/http/struts_dmi_exec.rb 2016-04-30 00:44:31 +08:00
Security Corporation 9d279d2a74 Merge pull request #15 from wchen-r7/pr6831 
Changes for Apache struts from @wchen-r7
 2016-04-30 00:37:53 +08:00
join-us 15ffae4ae8 rename module name 2016-04-30 00:17:26 +08:00
join-us 1d95a8a76d rename struts_code_exec_dynamic_method_invocation.rb to struts_dmi_exec.rb 2016-04-30 00:13:34 +08:00
wchen-r7 97061c1b90 Update struts_dmi_exec.rb 2016-04-29 11:13:25 -05:00
join-us 9e56bb8358 send http request (get -> post) 2016-04-30 00:08:00 +08:00
wchen-r7 e9535dbc5b Address all @FireFart's feedback 2016-04-29 11:03:15 -05:00
wchen-r7 6f6558923b Rename module as struts_dmi_exec.rb 2016-04-29 10:34:48 -05:00
join-us 643591546e struts s2_032 rce - linux_stager 2016-04-29 10:49:56 +08:00
Sonny Gonzalez 8ade61d251
Land #6824, read large XML or .zip file fix 
Replaces REXML with Nokogiri XML reader to
fix the out of memory error when importing
large XML or .zip files
 2016-04-28 15:28:44 -05:00
dmohanty-r7 20ec56d06a Do not parse empty web_sites 
MS-255
 2016-04-28 13:17:03 -05:00
dmohanty-r7 5a4e70fdf0 Fixes indentation in check_msf_xml_version! 
MS-255
 2016-04-28 13:17:02 -05:00
dmohanty-r7 f4f607d815 Correct comments to use Nokogiri::XML::Element 
MS-255
 2016-04-28 13:17:02 -05:00
dmohanty-r7 56fd5a745e Do not parse element if empty 
MS-255
 2016-04-28 13:17:02 -05:00
dmohanty-r7 050061762b Fix db_manager rspec tests 
MS-255
 2016-04-28 13:17:02 -05:00
dmohanty-r7 0e568674d7 Add comments on parse functions 
MS-255
 2016-04-28 13:17:01 -05:00
dmohanty-r7 0759848ad5 Use Nokogiri Reader in zip import 
MS-255
 2016-04-28 13:17:01 -05:00
dmohanty-r7 83ff60c111 Force encoding on import xml 
MS-255
 2016-04-28 13:17:01 -05:00
dmohanty-r7 e4fcaefc8c Unpack and pack an unsigned integer per 8 bytes 
MS-255
 2016-04-28 13:17:01 -05:00
dmohanty-r7 e6a8d69b0b Force encoding of XML import 
MS-255
 2016-04-28 13:17:00 -05:00
dmohanty-r7 f1d8e1d693 Parse web_data in xml import 
MS-255
 2016-04-28 13:17:00 -05:00
dmohanty-r7 802dfabbe3 Converts XML importer to use Nokogiri Reader 
MS-255
 2016-04-28 13:17:00 -05:00
wchen-r7 d4b89edf9c Fix #6398, Missing Content-Length header in HTTP POST 
RFC-7230 states that a Content-Length header is normally sent in
a POST request even when the value (length) is 0, indicating an
empty payload body. Rex HTTP client failed to follow this spec,
and caused some modules to fail (such as winrm_login).

Fix #6398
 2016-04-28 11:44:10 -05:00
OJ 93ce0fe912
Land #6826 - Update payloads to 1.1.18 2016-04-28 07:55:49 +10:00
wchen-r7 2a91a876ff Update php/meterpreter_reverse_tcp size 2016-04-27 16:14:38 -05:00
wchen-r7 aa707fd63b Update gem metasploit-payloads to 1.1.8 2016-04-27 15:25:01 -05:00
wchen-r7 bf34ceeb76 Update gem metasploit-payloads to 1.1.8 2016-04-27 15:24:44 -05:00
wchen-r7 d80d2bb8d3 Land #6825, Fixed borders on code boxes 2016-04-27 11:59:52 -07:00
Brent Cook 329bd7ce47
Land #6823, Fix spec failures in ruby-2.3 2016-04-27 04:31:56 -04:00
William Vu 63c6a6dbe2
Fix #6694, typo fix 2016-04-26 15:26:33 -05:00
William Vu 0cb555f28d Fix typo 2016-04-26 15:26:22 -05:00
James Lee e7f0163c2e
Apparently super doesn't work the same here in 2.3 
But it doesn't matter, the value just needs to be before the current
time, so replace it with a simpler solution.
 2016-04-26 10:35:41 -05:00
OJ c15a2e8787
Merge branch 'upstream/master' into reverse-port-forward 
Signed-off-by: OJ <oj@buffered.io>
 2016-04-26 09:48:40 +10:00
wchen-r7 47d52a250e Fix #6806 and #6820 - Fix send_request_cgi! redirection 
This patch fixes two problems:

1. 6820 - If the HTTP server returns a relative path
   (example: /test), there is no host to extract, therefore the HOST
   header in the HTTP request ends up being empty. When the web
   server sees this, it might return an HTTP 400 Bad Request, and
   the redirection fails.

2. 6806 - If the HTTP server returns a relative path that begins
   with a dot, send_request_cgi! will literally send that in the
   GET request. Since that isn't a valid GET request path format,
   the redirection fails.

Fix #6806
Fix #6820
 2016-04-25 14:30:46 -05:00
Adam Cammack f28d280199
Land #6814, move stdapi to exist? 2016-04-24 13:41:11 -04:00
Adam Cammack f23e09f838
Land #6810, JCL payload style fixes 2016-04-24 13:32:32 -04:00
Brent Cook 12a47b7fab prefer && 2016-04-24 11:56:32 -04:00
Brent Cook 194a84c793 Modify stdapi so it also uses exist? over exists? for ruby parity 
Also add an alias for backward compatibility.
 2016-04-23 17:31:22 -04:00
Brent Cook 9a873a7eb5 more style fixes 2016-04-23 12:18:28 -04:00
Brent Cook d86174c3bf style fixes 2016-04-23 12:18:28 -04:00
Brent Cook 4250725b13 fix incorrect hex port conversion 2016-04-23 12:18:28 -04:00
Brent Cook 7ff5a5fd7e switch mainframe payloads to fixed size 2016-04-23 11:40:05 -04:00
Brent Cook 45961f75d4 Fix the payload size updater for MetasploitModule 2016-04-23 11:38:42 -04:00
William Vu 9713124e54
Land #6802, resolve command for Meterpreter 2016-04-22 17:18:31 -05:00