infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
23,322 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

12304 Commits (5a7730b4958630cfab906672b7b43d7229465649)

Author SHA1 Message Date
Meatballs 5a7730b495
Merge remote-tracking branch 'upstream/master' into bypassuac_redo 2014-02-25 23:15:47 +00:00
Meatballs 8bdb22aeb9
Merge remote-tracking branch 'upstream/master' into bypassuac_redo 
Conflicts:
	lib/msf/core/post/windows.rb
 2014-02-25 22:15:05 +00:00
Meatballs 1f08ad48a4 Fix payload_path method 2014-02-25 22:11:23 +00:00
Meatballs 6687ef80ee
Further bypassuac tidies 
Dont rescue Exception
Use ReflectiveDLLInjection post mixin
Dont keep retrieving %TEMP% path
 2014-02-25 22:03:01 +00:00
David Maloney 23381ea2cb
code tidying 
break big exploit method up into
smaller methods for better maintainability
 2014-02-25 14:07:48 -06:00
William Vu 63bbe7bef2
Land #3034, 302 redirect for http_basic 2014-02-25 13:54:58 -06:00
William Vu 4cc91095de Fix minor formatting issues 2014-02-25 13:48:37 -06:00
jvazquez-r7 a45c8c2b4a
Land #3029, @xistence Symantec endpoint exploit 2014-02-25 07:59:35 -06:00
jvazquez-r7 bfe0fdb776 Move module 2014-02-25 07:58:00 -06:00
xistence ab167baf56 Added randomness instead of payload and xxe keywords 2014-02-25 15:23:10 +07:00
jvazquez-r7 4908d80d6c Clean up module 2014-02-24 16:00:54 -06:00
kn0 6783e31c67 Used the builtin send_redirect method in Msf::Exploit::Remote::HttpServer instead of creating a redirect inline 2014-02-24 15:59:49 -06:00
kn0 f1e71b709c Added 301 Redirect option to Basic Auth module 2014-02-24 14:59:20 -06:00
William Vu 6f398f374e
Land #3032, inside_workspace_boundary? typo fix 2014-02-24 14:55:09 -06:00
James Lee d2945b55c1
Fix typo 
inside_workspace_boundary() -> inside_workspace_boundary?()
 2014-02-24 14:46:08 -06:00
sinn3r a50b4e88be Fix msftidy warning: Suspect capitalization in module title: 'encoder' 2014-02-24 11:25:46 -06:00
jvazquez-r7 c981bbeab9
Land #3011, @wchen-r7's fix for Dexter exploit 2014-02-24 10:53:10 -06:00
jvazquez-r7 b2d4048f50
Land #3027, @OJ's fix for ultraminihttp_bof 2014-02-24 10:50:08 -06:00
jvazquez-r7 c9f0885c54 Apply @jlee-r7's feedback 2014-02-24 10:49:13 -06:00
sinn3r 5cdd9a2ff3
Land #2995 - sqlmap minor cleanup, description & file tests 2014-02-24 10:39:01 -06:00
xistence 5485759353 Added Symantec Endpoint Protection Manager RCE 2014-02-24 15:04:37 +07:00
xistence 8e3f70851d Added Symantec Endpoint Protection Manager RCE 2014-02-24 15:01:13 +07:00
OJ fdd0d91817 Updated the Ultra Minit HTTP bof exploit 
After exploiting this application manually I decided to make this
an MSF exploit, only to find that other people had beaten me to it.
However, the existing exploit was broken in a few ways, and this
commit makes those problems go away. They include:

* Correct use of alpha chars in the buffer leading up to the payload
  which results in bad chars being avoided. Bad chars muck with the
  offsets because they get expanded.
* Adjustment of the payload so that it runs in another thread instead
  of in the thread of the request handler. This prevents the session
  from being killed after the hard-coded 60-second timeout that is
  baked into the application.
* The handler thread terminates itself so that the process doesn't
  crash.
* Extra targets were added based on the machines I had access to.
 2014-02-23 21:23:41 +10:00
jvazquez-r7 998fa06912
Land #2998, @bit4bit's fix for the vtigercrm exploit 2014-02-20 08:36:05 -06:00
jvazquez-r7 0b27cd13e8 Make module work 2014-02-20 08:35:37 -06:00
jvazquez-r7 e75a0ea948 Fix typo 2014-02-19 15:21:02 -06:00
jvazquez-r7 aa07065f67
Land #2959, reverse powershell payload by @Meatballs1 2014-02-19 15:14:54 -06:00
jvazquez-r7 9fad43da08 Add license information 2014-02-19 15:11:12 -06:00
sinn3r ed2ac95396 Always replace \ with / for Dexter exploit 
Fix for the following:
48199fec27 (commitcomment-5419010)
 2014-02-19 09:24:07 -06:00
sinn3r 2e7a56b4a7
Land #3001 - SUB Encoder 2014-02-19 01:54:01 -06:00
jvazquez-r7 4ca4d82d89
Land #2939, @Meatballs1 exploit for Wikimedia RCE and a lot more... 2014-02-18 17:48:02 -06:00
William Vu e7c3b94e60
Land #3006, @todb-r7's pre-release fixes 2014-02-18 14:15:12 -06:00
Tod Beardsley 721e153c7f
Land #3005 to the fixup-release branch 
Prefer the intel on #3005 over my own made up 0day guess. Thanks @wvu!

Conflicts:
	modules/exploits/windows/fileformat/audiotran_pls_1424.rb
 2014-02-18 14:08:54 -06:00
Tod Beardsley a863d0a526
Pre-release fixes, including msftidy errors. 2014-02-18 14:02:37 -06:00
William Vu 28dc742bcf Fix references and disclosure date 2014-02-18 13:59:58 -06:00
jvazquez-r7 4f9ab0b99f
Land #2903, @Meatballs1 SPN gather post module 2014-02-18 13:53:32 -06:00
jvazquez-r7 4903b05214 Fix tabs 2014-02-18 13:51:40 -06:00
William Vu c216357815
Land #3000, audiotran_pls_1424 SEH exploit 2014-02-18 13:27:14 -06:00
Meatballs 8a68323cf0
Dont keep checking domain 2014-02-18 17:52:34 +00:00
jvazquez-r7 1bc94b8a9d Merge for retab 2014-02-17 19:19:47 -06:00
Philip OKeefe 98958bc7bc Making audiotran_pls_1424 more readable and adding comments 2014-02-17 13:40:03 -05:00
sinn3r 52ac85be11
Land #2931 - Oracle Forms and Reports RCE 2014-02-17 08:54:23 -06:00
sinn3r 110ffbf342 Indent looks off for this line 2014-02-17 08:53:29 -06:00
sinn3r 632ea05688 100 columns 2014-02-17 08:52:56 -06:00
sinn3r 8da7ba131b In case people actually don't know what RCE means 2014-02-17 08:51:48 -06:00
sinn3r 73459baefd Add OSVDB references 2014-02-17 08:50:34 -06:00
Mekanismen fb7b938f8e check func fixed 2014-02-17 15:11:56 +01:00
OJ b2d09ed0d1 Add the NULL byte to the list of valid chars 
While rare, I guess it is a possibility that the NULL byte can be
used.
 2014-02-17 16:40:56 +10:00
Philip OKeefe c60ea58257 added audiotran_pls_1424 fileformat for Windows 2014-02-16 16:20:50 -05:00
Mekanismen e27d98368e fixed local server issues 2014-02-16 18:26:08 +01:00