infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
37,567 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

19688 Commits (6388578ee685e739f1a092d3ac50685330469e98)

Author SHA1 Message Date
Brent Cook a2c3b05416
Land #6405, prefer default module base class of simply 'Metasploit' 2016-03-06 17:10:55 -06:00
Brent Cook 8faae94338
Land #6592, make linux/x86/shell_reverse_tcp's shell path configurable and remove shell_reverse_tcp2 2016-03-06 15:33:53 -06:00
Brent Cook 66c697d2e4
Land #6602, update author info for dahua_dvr_auth_bypass 2016-03-06 15:13:01 -06:00
Brent Cook 4711191def remove non-specific URL 2016-03-06 15:12:25 -06:00
Brent Cook a1190f4344
Land #6598, add post module for setting wallpaper 2016-03-06 15:00:10 -06:00
Brent Cook 86845222ef add meterpreter platform workaround 2016-03-06 14:51:34 -06:00
Brent Cook c7c0e12bb3 remove various module hacks for the datastore defaults not preserving types 2016-03-05 23:11:39 -06:00
Fakhri Zulkifli b1e9f44ca2 IPv6 Neighbor Advertisement Enhancement 
http://seclists.org/nmap-dev/2011/q2/79

1. Shorten router advertisement payload lifetime.
2. Randomize address prefix.
3. Prevent from getting into default router list.
 2016-03-06 03:23:37 +08:00
William Vu 71b034a566
Land #6627, atutor_sqli regex fix 2016-03-03 16:54:38 -06:00
wchen-r7 ba4e0d304b Do regex \d+ instead 2016-03-03 11:05:16 -06:00
Brent Cook d355b0e8b7
update payload sizes 2016-03-02 13:55:32 -06:00
wchen-r7 22b69c8dee
Land #6588, Add AppLocker Execution Prevention Bypass module 2016-03-01 22:30:23 -06:00
wchen-r7 a798581fa3 Update #get_dotnet_path 2016-03-01 22:25:40 -06:00
net-ninja cda4c6b3b3 Update the regex for the number of students in ATutor 2016-03-01 09:41:17 -06:00
wchen-r7 5d64346a63
Land #6623, Add CVE-2016-2555: ATutor 2.2.1 SQL Injection Exploit Module 2016-02-29 19:33:25 -06:00
Jay Turla 62a611a472 Adding PHP Utility Belt Remote Code Execution 2016-03-01 09:22:25 +08:00
wchen-r7 274b9acb75 rm #push 2016-02-29 18:58:05 -06:00
wchen-r7 f55835cceb Merge new code changes from mr_me 2016-02-29 18:39:52 -06:00
wchen-r7 638d91197e Override print_* to always print the IP and port 2016-02-29 16:18:03 -06:00
wchen-r7 54ede19150 Use FileDropper to cleanup 2016-02-29 16:15:50 -06:00
wchen-r7 727a119e5b Report cred 2016-02-29 16:06:31 -06:00
wchen-r7 4cc690fd8d Let the user specify username/password 2016-02-29 15:45:33 -06:00
wchen-r7 726c1c8d1e There is no http_send_command, so I guess the check should not work 2016-02-29 15:43:47 -06:00
William Vu c5a9d59455
Land #6612, one final missing change 2016-02-29 15:08:42 -06:00
William Vu cb0493e5bb Recreate Msf::Exploit::Remote::Fortinet 
To match the path, even though it's kinda lame including it just for the
monkeypatch.
 2016-02-29 15:04:02 -06:00
net-ninja a3fa57c8f6 Add CVE-2016-2555: ATutor 2.2.1 SQL Injection Exploit Module 2016-02-29 14:59:26 -06:00
Brent Cook 8c2ce9687a
Land #6620, fix typo in jtr_linux 2016-02-29 14:58:58 -06:00
Brent Cook d955c6a8f6 style fixes 2016-02-29 14:06:49 -06:00
William Vu a6a37b3089
Land #6612, missing commits included 2016-02-29 14:06:21 -06:00
wchen-r7 f5ad1286d2 Fix #6615, fix typo "format" 
Fix #6615
 2016-02-29 12:44:25 -06:00
William Vu 300fdc87bb Move Fortinet backdoor to module and library 2016-02-29 12:06:33 -06:00
wchen-r7 2950996cb8
Land #6612, Add aux module for Fortinet backdoor 2016-02-29 12:02:49 -06:00
William Vu 53d703355f Move Fortinet backdoor to module and library 2016-02-29 11:57:42 -06:00
wchen-r7 53ff3051e1
Land #6531, NETGEAR ProSafe Network Management System 300 auth'd File Download 2016-02-26 10:53:16 -06:00
wchen-r7 bc050410a6 Allow max traversal depth as an option, and report cred 2016-02-26 10:52:30 -06:00
wchen-r7 7731fbf48f
Land #6530, NETGEAR ProSafe Network Management System 300 File Upload 2016-02-26 10:39:09 -06:00
Brent Cook 89b0c8a27a
Land #6571, use intent to unlock Android screens, support <= 4.3 2016-02-26 05:55:35 -06:00
wchen-r7 6188da054d Remove // 2016-02-25 22:20:48 -06:00
wchen-r7 051506694f
Land #6574, add Linknat Vos Manager Traversal aux module 2016-02-25 22:02:56 -06:00
wchen-r7 f3cf5a8a41 Resolve merge conflict with upstream-master 
Out of date author field
 2016-02-25 14:49:53 -06:00
wchen-r7 d14ec657e2
Land #6564, Add Apache Karaf Command Execution Module 2016-02-25 14:47:40 -06:00
wchen-r7 1d2ec7a239 Rescue OpenSSL::Cipher::CipherError 
Our current net/ssh library is out of date, so we need to rescue
OpenSSL::Cipher::CipherError.
 2016-02-25 14:46:53 -06:00
wchen-r7 2e268a25da
Land #6596, Apache Karaf Login Utility 2016-02-25 14:39:51 -06:00
wchen-r7 aa7c3f01a8 Update name and description 2016-02-25 14:39:19 -06:00
wchen-r7 7e25c7b87b Handle OpenSSL::Cipher::CipherError 
Our current net/ssh is petty outdated, so it is possible not being
able to connect to certain SSH servers.
 2016-02-25 14:35:37 -06:00
William Vu 7d20e26a35 Move to aux/scanner/ssh 2016-02-25 11:22:50 -06:00
William Vu f52f44cde0 Remove session_setup, since we're not in a shell 
A real shell. A real human bean.
 2016-02-25 11:21:45 -06:00
Tyler Bennett ff3a554b4d added an unless to wrap around the print and report_creds func for nas module to only execute if ftpuser and ftppass is non-blank 2016-02-24 13:53:30 -05:00
Tyler Bennett 16d7b2e6ff cleaned up unless code for nas module and setup ftpuser and ftppass to only if non blank 2016-02-23 17:37:47 -05:00
dmohanty-r7 6aa6280eff
Try USERNAME before DEFAULTCRED 2016-02-23 13:44:44 -06:00
Tyler Bennett 4eabe43273 fixed issues with capturing regex 2016-02-23 12:27:07 -05:00
Tyler Bennett c191e5b8e1 corrected authors file and cleaned up debug statements 2016-02-23 11:41:12 -05:00
Jon Hart c79eab2c7f
Land #6241, @talos-arch3y's aux module for Dahua DVR CVE-2013-6117 2016-02-23 08:20:54 -08:00
Pedro Ribeiro 5710c85a9e Style changes 2016-02-23 15:15:57 +07:00
Pedro Ribeiro 044b12d3a4 Made style changes requested by OJ and others 2016-02-23 15:14:04 +07:00
dmohanty-r7 07ac13326e
Allow user to try other login credentials 2016-02-22 17:47:32 -06:00
Tim 27af59ea7c minor tweaks 2016-02-20 08:35:56 +00:00
joev c8b28d90d1 Fix old comment. 2016-02-19 19:08:38 -06:00
William Vu 8a15c36770
Land #6563, VNC creds scraper uninstall location 2016-02-19 15:01:23 -06:00
William Vu bfd204ac50 Fix some cosmetic issues 2016-02-19 15:00:56 -06:00
dmohanty-r7 c0180b23fa
Update description 2016-02-19 13:39:13 -06:00
Louis Sato 873250dbec
Land #6557, bug fix priv_migrate user migration 2016-02-19 12:03:30 -06:00
dmohanty-r7 33aaeb4ac9
Update authors 2016-02-19 11:53:17 -06:00
joev b3e8cd4f51 Save some bytes on the padded string. 2016-02-18 20:36:52 -06:00
joev 2b784a48b9 Include cached size. 2016-02-18 20:29:42 -06:00
joev e67e477362 Make x86/shell_reverse_tcp's shell path configurable. 
Also removes shell_reverse_tcp2 shell.
 2016-02-18 20:24:35 -06:00
Brent Cook bc7bf28872
Land #6591, don't require username for wrt110 cmd exec module 2016-02-18 20:20:15 -06:00
Brent Cook 45d1cd5111
Land #6572, update play_youtube module with android support 2016-02-18 20:16:58 -06:00
Brent Cook b58166a9a8 add android platform to the hash 2016-02-18 20:13:39 -06:00
joev 3b9502cb1d Don't require username in wrt110 module. 2016-02-18 18:45:04 -06:00
wchen-r7 a82ce40c40 Update ibm_tsm_dos name 
For some reason I actually modified the name, but I didn't mean
to.
 2016-02-18 16:07:46 -06:00
James Lee adb175136e Fix extra whitespace and unused vars in call 2016-02-18 15:18:29 -06:00
OJ 6d88c26474 Change title, and remove requires 2016-02-18 14:26:38 +10:00
OJ 2ae1e6df7d Address concerns from @wvu-r7 2016-02-18 14:21:35 +10:00
OJ 2f4ec0af31 Add module for AppLocker bypass 
This commit includes a new module that allows for payloads to be
uploaded and executed from disk while bypassing AppLocker in the
process. This module is useful for when you're attempting to generate
new shells on the target once you've already got a session. It is also
a handy way of switching between 32 and 64 bit sessions (in the case of
the InstallUtil technique).

The code is taken from Casey Smith's AppLocker bypass research (added in
the references), and includes just one technique at this point. This
technique uses the InstallUtil feature that comes with .NET. Other
techiques can be added at any time.

The code creates a C# file and uploads it to the target. The csc.exe
compiler is used to create a .NET assembly that contains an uninstaller
that gets invoked by InstallUtil behind the scenes. This function is
what contains the payload.

This was tested on Windows 7 x64. It supports running of both 32 and 64
bit payloads out of the box, and checks to make sure that .NET is
installed on the target as well as having a payload that is valid for
the machine (ie. don't run x64 on x86 OSes).

This appears to work fine with both staged and stageless payloads.
 2016-02-18 13:46:32 +10:00
Brent Cook 3d1861b3f4 Land #6526, integrate {peer} string into logging by default 2016-02-15 15:19:26 -06:00
nixawk 7ca0255ea1 Module should not be marked executable 2016-02-15 12:57:43 +08:00
nixawk f35230b908 add Linknat Vos Manager Traversal 2016-02-15 12:39:40 +08:00
Nicholas Starke 3416a24dda Adding vprint_status for loot path 
Adding a vprint_status to show users the loot
path as per a comment on the pull request.
 2016-02-14 11:19:20 -06:00
Tim 5c92076a1e more cleanup 2016-02-14 09:15:25 +00:00
Spencer McIntyre c9c4f49aca Add get_file method and parse the server response 2016-02-13 17:20:37 -05:00
wchen-r7 b2765a296f
Land #6547, IBM Tivoli Storage Manager Fastback Denial of Service 2016-02-11 22:05:21 -06:00
wchen-r7 3121093898 Update metadata, plus other minor changes 2016-02-11 22:04:05 -06:00
nk bc74ceb8c5 Handle errors when parsing interfaces.xml, add check for several locations 2016-02-11 15:56:58 +01:00
Tim e738b5922d fix play_youtube to work on Android 2016-02-11 07:16:40 +00:00
Tim 9791e66683 fix remove_lock to work with 4.3 devices 2016-02-11 07:10:05 +00:00
Brent Cook ff1cb4a2a4 update payload sizes 2016-02-10 22:44:17 -06:00
Nicholas Starke cdaa2a8c43 Adding Apache Karaf Command Execution Module 
This module establishes an SSH session using default
credentials and then executes a user defined operating system
command.  This is part of GitHub Issue #4358.
 2016-02-10 16:48:08 -06:00
Nicolas Devillers 8118198628 Add vprint of the exception message 2016-02-10 22:47:51 +01:00
nk 1637891ece Add check for the uninstall location in vnc post module 2016-02-10 20:30:41 +01:00
William Webb c874699b82 removed ranking 2016-02-10 11:45:09 -06:00
William Webb 4c6cb03548 more build errors 2016-02-10 11:40:21 -06:00
William Webb 72f5a33804 addressed CI errors 2016-02-10 11:34:05 -06:00
Josh Hale 62dd82e653 Make fix easier to read 2016-02-10 11:24:45 -06:00
William Webb 51604fa24a made necessary inheritance changes 2016-02-10 10:59:11 -06:00
William Vu fc491ffa3e
Land #6555, Content-Length fix for HP modules 2016-02-10 10:39:08 -06:00
William Vu 5b3fb99231
Land #6549, module option for X-Jenkins-CLI-Port 2016-02-10 10:34:33 -06:00
William Vu c67360f436 Remove extraneous whitespace 2016-02-10 09:44:01 -06:00
Tim a93f200851
cosmetic fixes 2016-02-10 07:51:13 +00:00
wchen-r7 8a3bc83c4d Resolve #6553, remove unnecessary content-length header 
Rex will always generate a content-length header, so the module
doesn't have to do this anymore.

Resolve #6553
 2016-02-09 21:25:56 -06:00