infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
40,338 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

40338 Commits (609c8da772c775c8b903785d652e2cb00ac6d2b3)

Author SHA1 Message Date
David Maloney 3f9540d906
fix trailing whitespace 
this commit got dropped during landing
 2016-09-30 14:30:31 -05:00
David Maloney 72bd75e681
Land #7253, x64 xor encoder fix 
Land fullmetalcache's fix for the x64 xor encoder
 2016-09-30 14:28:10 -05:00
dmohanty-r7 5a05bd6a16
Land #7385, Add post module to enumerate AWS EC2 instance metadata 2016-09-30 14:01:01 -05:00
Stephen Haywood 7996c4b048 Warning about leaving files on disk. 2016-09-30 14:53:15 -04:00
Stephen Haywood 3e4a23cdf6 Removed unnecessary require statement. 2016-09-30 14:51:43 -04:00
Metasploit 73c11a63b4
Bump version of framework to 4.12.30 2016-09-30 10:03:42 -07:00
Jon Hart cf20ccaccd
Add kb for aws_ec2_instance_metadata 2016-09-30 07:02:33 -07:00
Jon Hart b3c6ec09a0
Show status when gathering, which can take a bit 2016-09-30 06:42:22 -07:00
Jon Hart abed3bf6c2
Rename 2016-09-30 06:35:26 -07:00
Jon Hart 9ee6e1931a
target_uri simplification, cleanup 2016-09-30 06:24:50 -07:00
Jon Hart 60cfe6216a
mstfidy 2016-09-29 22:00:35 -07:00
Jon Hart 558adb5e1e
Uncork module and address style issues 2016-09-29 21:59:19 -07:00
Jon Hart b2e06bed66
Initial commit of post module to gather AWS EC2 instance metadata 2016-09-29 21:52:22 -07:00
Tim e628fab86e
Land #7378, run zipalign during apk injection process 2016-09-30 12:27:27 +08:00
Brent Cook 6241e48b34
Land #7350, add 'sess' command for direct session switching support 2016-09-29 23:18:53 -05:00
nixawk ac76c3591a reference urls 2016-09-29 22:43:00 -05:00
nixawk 5929d72266 CVE-2016-6415 - cisco_ike_benigncertain.rb 2016-09-29 22:25:57 -05:00
nixawk 7368b995f2 CVE-2016-6415 Cisco - sendpacket.raw 2016-09-29 22:24:55 -05:00
Brent Cook fabb296b15 update cache and add payload test 2016-09-29 21:19:55 -05:00
h00die 7b0a8784aa additional doc updates 2016-09-29 19:02:16 -04:00
Brent Cook 49ed02a203 fix packet parsing when there is partial data 2016-09-29 17:21:59 -05:00
Brent Cook 301e38b08f use correct base class for modules 2016-09-29 17:21:59 -05:00
RageLtMan 4fdb54e6a1 Fixup transport to work with upstream 
Differences in transport configuration and the actual payload do
not allow a direct splice of the original files included.

Clean up the payload generator to work with upstream handler,
payload, and transport configuration implementation.

Initial testing shows inbound sessions are created and SSL cert
is now properly attaching to the handler.
 2016-09-29 17:21:59 -05:00
RageLtMan a7470991d9 Bring Python reverse_tcp_ssl payload upstream 
Adds TLS/SSL transport encryption for reverse tcp payloads in
python
 2016-09-29 17:21:59 -05:00
Tod Beardsley de9434870c
Land #7375, mock some rex tests for DNS lookups 
Fixes #6467, as far as @lsato-r7 and I can tell.
 2016-09-29 16:37:38 -05:00
Pearce Barry e0cd4d082a
Bump MDM ver to get pro and msf back in sync. 
Per discussion with @dmaloney-r7
 2016-09-29 13:42:13 -05:00
dana-at-cp b06a3d3c68
Refactor code that calls zipalign on injected APK 2016-09-29 07:49:50 -07:00
h00die bac4a25b2c compile or nill 2016-09-29 06:15:17 -04:00
h00die 4fac5271ae slight cleanup 2016-09-29 05:51:13 -04:00
h00die c036c258a9 cve-2016-4557 2016-09-29 05:23:12 -04:00
dana-at-cp e8d99fb3f5
Run zipalign as last step during APK injection process 
Running zipalign on an APK after signing and before distribution
is considered general best practice. Also, properly aligning an APK
makes it less likely to be flagged as suspicious by mobile security
solutions.

More on zipalign from Google:

https://developer.android.com/studio/command-line/zipalign.html
 2016-09-28 20:05:17 -07:00
William Vu bcb040c1ac
Land #7377, read_file for some modules 2016-09-28 18:00:23 -05:00
h00die 3b548dc3cd update email and paths 2016-09-28 18:37:48 -04:00
jvoisin 2272e15ca2 Remove some anti-patterns, in the same spirit than #7372 2016-09-29 00:15:01 +02:00
William Vu 075401d702
Update dynamic_size for andterp spec 2016-09-28 16:58:34 -05:00
William Vu 988471b860
Land #7372, useless use of cat fix 
Obligatory: modules/exploits/linux/local/kloxo_lxsuexec.rb.
 2016-09-28 16:37:11 -05:00
William Vu 3033c16da6 Add missing rank 2016-09-28 16:37:04 -05:00
Jeffrey Martin 21ec4915a7
Land #7292, android stageless with new payload gem 2016-09-28 16:31:45 -05:00
jvoisin b46073b34a Replace `cat` with Ruby's `read_file` 
Thanks to wvu-r7 for the comment
 2016-09-28 23:22:19 +02:00
Jeffrey Martin a457f64e2a
update to latest release payload gem 2016-09-28 16:14:29 -05:00
Jeffrey Martin 1689f10890
Land #7292, add android stageless meterpreter_reverse_tcp 2016-09-28 16:05:22 -05:00
William Vu 45ee59581b
Fix inverted logic in Docker exploit 
Positive condition should be tested first, imo. Confusing otherwise. My
bad, though.

Credit to @fslavin-r7.
 2016-09-28 15:36:09 -05:00
William Vu ab94bb9cdd
Land #7365, nonce fix for Ninja Forms exploit 2016-09-28 13:57:08 -05:00
averagesecurityguy f7e588cdeb Initial commit of module. 2016-09-28 14:55:32 -04:00
Brent Cook ea625d4ea3
Enhance #7360, more stance fixes 2016-09-28 13:49:29 -05:00
Brent Cook 5a611b0ec4 use the correct scope for the Stance names 2016-09-28 13:48:28 -05:00
Louis Sato ca683576d0 Mock rex-socket getaddress call for loginscanner 
Since we're using the rex-socket gem, we don't need to
test the getaddress call for each one of the login scanner specs
 2016-09-28 11:32:06 -05:00
Pearce Barry 76124af8b4
Land #7363, Add LPE exploit module for the capcom driver flaw 2016-09-28 11:02:14 -05:00
Julien (jvoisin) Voisin dbb2abeda1 Remove the `cat $FILE | grep $PATTERN` anti-pattern 
The `kloxo_lxsuexec.rb` and `netfilter_pvi_esc.rb` exploits
were using the infamous `cat+grep` anti-pattern, this commit
replaces it with `cat` and Ruby's `.include?` method.
 2016-09-28 13:41:25 +02:00
Tim b4a1adaf0f refactor into android.rb 2016-09-28 18:23:34 +08:00