infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
42,475 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

22126 Commits (639f341b21d6fdc8468d9a6d79a95f2b234dd62b)

Author SHA1 Message Date
William Vu 639f341b21 Clean up module 2017-06-26 15:08:37 -05:00
Borja Merino 7077ac0523 Meterpreter Post-exploitation module to mount vmdk files 2017-05-25 11:47:04 +02:00
William Vu e4ea618edf
Land #8419, ETERNALBLUE fixes (round two) 
Hope I resolved the conflicts correctly.
 2017-05-23 17:03:21 -05:00
William Vu 46eb6bdf62
Land #8399, ETERNALBLUE fixes (round one) 2017-05-23 16:51:19 -05:00
William Vu f80c3aa3f4 Correct absolute path 2017-05-23 16:50:25 -05:00
bwatters-r7 461649ed34
Land #8378, Add check in archmigrate to prevent privdesc 2017-05-23 14:37:29 -05:00
Carter c73e7673b1 Please the rubocop god 2017-05-23 15:13:55 -04:00
Carter e945773576 Update archmigrate.rb 2017-05-23 14:40:42 -04:00
Jeffrey Martin b7b1995238
Land #8274, Wordpress admin upload `check` 2017-05-22 22:08:32 -05:00
Jeffrey Martin 5395d8f17c
update python stageless payload sizes 2017-05-22 18:21:13 -05:00
Jeffrey Martin d69bfd509f
store the credential using the new store_valid_credential 2017-05-22 15:08:03 -05:00
William Webb 467f1ce0ca
Land #8411, Buffer overflow in VXSearch Enterprise v9.5.12 2017-05-22 07:37:31 -05:00
Christian Mehlmauer b5caeb29dd
only support for 32bit so far 2017-05-22 12:30:52 +02:00
HD Moore 036f063988 Fix a stack trace when no SMB response is received 2017-05-19 16:24:41 -05:00
Pearce Barry a6f416e8df
Land #8290, Hwbridge Automotive Fix and Extension Enhancements 2017-05-19 13:46:54 -05:00
lincoln b76229b5f7 removed unessessary line 2017-05-18 19:15:49 -07:00
lincoln 7ca0fe5a68 Added make_junk function 2017-05-18 19:06:09 -07:00
James Lee 4def7ce6cc
Land #8327, Simplify storing credentials 2017-05-18 16:49:01 -05:00
Daniel Teixeira c1624d0967 VX Search Enterprise GET Buffer Overflow 2017-05-18 17:12:47 +01:00
zerosum0x0 bdf121e1c0 x86 kernels will safely ret instead of BSOD 2017-05-17 23:48:14 -06:00
zerosum0x0 d944bdfab0 expect 0xC00000D 2017-05-17 23:05:20 -06:00
zerosum0x0 646ca14375 basic OS verification, ghetto socket read code 2017-05-17 22:48:45 -06:00
wchen-r7 c0bf2cc6e7 Land #8401, Buffer Overflow on Sync Breeze Enterprise 9.4.28 2017-05-17 23:39:50 -05:00
wchen-r7 3360171977 Land #8319, Add exploit module for Mediawiki SyntaxHighlight extension 2017-05-17 23:23:50 -05:00
James Lee b78749bc1b
Land #8221, move autoroute 2017-05-17 15:17:45 -05:00
Daniel Teixeira ad8788cc74 Update syncbreeze_bof.rb 2017-05-17 11:33:24 +01:00
Daniel Teixeira 5329ce56c4 Sync Breeze Enterprise GET Buffer Overflow 2017-05-17 10:53:28 +01:00
lincoln 2f39daafc5 Updated module removing hardcoded binary payload strings 
-Used only nessessary pointers needed for exploit to work removing junk/filler chars
-Repaced ROP chain with generic from msvcrt (even though original was beautiful and smaller, uses hardcoded pointers for leave instructions)
-Cannot use ropdb since 4 byte junk char during generation may result in InvalidByteSequenceError during UTF conversion
-It's been some years since my last pull request...so I might be a bit rusty to new Metasploit standards (please forgive me!)
 2017-05-16 23:22:42 -07:00
William Webb 7e2dab4ddc
Land #8303, Buffer Overflow on Dupscout Enterprise v9.5.14 2017-05-17 01:04:59 -05:00
zerosum0x0 6fb4040d11 add core buffer dump for OS version 2017-05-16 23:18:39 -06:00
William Vu 1f4ff30adb
Improve 200 fail_with in wp_phpmailer_host_header 
One. last. commit. Noticed this in the response body.
 2017-05-16 22:38:36 -05:00
wchen-r7 11da7c7c81 Land #8394, Add Moxa Credential Recovery Module 2017-05-16 16:45:22 -05:00
wchen-r7 8025eb573a Enforce check 
Because we are not able to get our hands on the hardware for testing,
and that this module may trigger a backtrace if the UDP server isn't
Moxa, we force check to make sure that doesn't happen.
 2017-05-16 16:43:22 -05:00
wchen-r7 77a9676efb Land #8347, Add Serviio Media Server checkStreamUrl Command Execution 2017-05-16 16:20:39 -05:00
William Vu 6d81ca4208
Fix Array/String TypeError in ms17_010_eternalblue 2017-05-16 15:53:34 -05:00
William Vu e24de5f110
Fix Class/String TypeError in ms17_010_eternalblue 2017-05-16 15:41:16 -05:00
James Lee e3f4cc0dfd
Land #8345, WordPress PHPMailer Exim injection 
CVE-2016-10033
 2017-05-16 15:07:21 -05:00
wchen-r7 2d7f7f9aec Pass msftidy 2017-05-16 15:05:12 -05:00
William Vu 29b7aa5b9b Update fail_with for 200 (bad user?) 2017-05-16 15:03:42 -05:00
wchen-r7 e62fc3e93c Land #8376, Add BuilderEngine 3.5 Arbitrary file upload & exec exploit 2017-05-16 14:53:32 -05:00
wchen-r7 631267480d Update module description 2017-05-16 14:48:46 -05:00
wchen-r7 2ed8ae11b4 Add doc and make minor changes 2017-05-16 14:47:19 -05:00
William Vu 7c1dea2f02 Refactor prestager to work with newer Exim 
Apparently it doesn't like reduce with extract.
 2017-05-16 14:22:43 -05:00
William Vu eff4914240
Land #8381, ETERNALBLUE exploit (to be continued) 2017-05-16 12:19:45 -05:00
zerosum0x0 53bb5a8440 Update ms17_010_eternalblue.rb 2017-05-16 10:43:43 -06:00
William Vu 7c2fb9acc1 Fix nil bug in Server header check 2017-05-16 10:43:04 -05:00
wchen-r7 20b682b2e4 Land #8391, fix a typo in vmware_enum_permissions module description 
orts
 2017-05-16 09:33:26 -05:00
Patrick DeSantis 4a0535c2d0 add moxa credential recovery module 2017-05-16 10:21:44 -04:00
William Vu 5fd6cb0890 Remove nil case, since response might be nil 
It doesn't always return something. Forgot that.
 2017-05-15 21:23:49 -05:00
William Vu b41427412b Improve fail_with granularity for 400 error 
Also corrects BadConfig to NoTarget in another one of my modules. Oops.
 2017-05-15 21:15:43 -05:00