Commit Graph

316 Commits (693a12e3077d73af4e5515dbec7a508ba6973d93)

Author SHA1 Message Date
William Webb 6349026134
Land #8442, Exploit module for Backup Exec Windows Agent UaF 2017-06-28 10:39:28 -05:00
Brent Cook eba8979914 bump payloads 2017-06-27 04:08:15 -05:00
Rob Fuller 2918b3af13
Land #8599, Dynamic DNS updater module 2017-06-25 15:08:22 -05:00
Brent Cook 7a006e0f71 bump payloads 2017-06-23 18:13:52 -05:00
OJ 87cee65a06
Bump payloads to 1.2.35 to include kiwi updates 2017-06-23 13:43:00 +10:00
Brent Cook fda2e8c73d
Land #8523, Add support for session GUIDs 2017-06-22 20:10:10 -05:00
KINGSABRI 5528084e27 add Dnsruby 2017-06-22 15:55:04 -05:00
Brent Cook ebfd920222 document why 2017-06-21 03:13:43 -05:00
Brent Cook 22db17a87a bind ruby-pg back to version 0.20 2017-06-21 03:11:11 -05:00
OJ a3f3dc0a70
Upload payloads/mettle gems, update cache sizes
Updated both the metasploit-payload and metasploit-payload-mettle gems
to the versions that match for the session GUID pull requests. Updated
the payload cached sizes to match the new payloads.
2017-06-09 17:15:52 +10:00
Brent Cook 5f10e63923 bump payloads 2017-06-05 08:43:16 -05:00
Brent Cook 43ac76ee2b
Fix #8464, use pathname when determining where .git is 2017-05-30 08:56:10 -05:00
Brent Cook b05fa9c01e add missing dirname 2017-05-30 08:50:43 -05:00
Brent Cook a01a2ead1a
Land #8467, Samba CVE-2017-7494 Improvements 2017-05-30 00:15:03 -05:00
Brent Cook e31e3fc545 add additional architectures and targets 2017-05-30 00:07:37 -05:00
Brent Cook 1a8f84083c data/gui has not existed in a long time 2017-05-26 22:57:59 -05:00
Brent Cook 0f832fd4d1 skip generating gem file contents if this is not a git checkout 2017-05-26 22:57:59 -05:00
Brent Cook ab6b5f381d msfupdate is no longer a distributed binary, it's a dev tool 2017-05-26 22:57:59 -05:00
Matthew Daley 52363aec13 Add module for CVE-2017-8895, UAF in Backup Exec Windows agent
This module exploits a use-after-free vulnerability in the handling of
SSL NDMP connections in Veritas/Symantec Backup Exec's Remote Agent for
Windows. When SSL is re-established on a NDMP connection that previously
has had SSL established, the BIO struct for the connection's previous
SSL session is reused, even though it has previously been freed.

Successful exploitation will give remote code execution as the user of
the Backup Exec Remote Agent for Windows service, almost always
NT AUTHORITY\SYSTEM.
2017-05-24 00:18:20 +12:00
Brent Cook c59371dd5e add ruby backports compat library 2017-05-17 23:41:20 -05:00
Brent Cook 337db56d4f bump payloads 2017-05-11 14:57:10 -05:00
James Lee fd05cea033
Update packetfu and remove version lock 2017-05-09 11:03:32 -05:00
Zero_Chaos 9295a39c92 update packetfu dep now that 1.1.13 is released
Please use the release instead of the pre-release
2017-05-09 11:18:28 -04:00
Brent Cook 7f1e2e6c71 bump metasploit-payloads 2017-05-08 17:34:55 -05:00
Brent Cook 0bc9d9259d meterpreter bugfixes
fixed stdapi_fs_mount_show to show full mapped drive path for Python
Meterpreter on Windows

Updated the Windows Meterpreter `getprivs` command to list all privileges
2017-05-08 16:26:32 -05:00
Brent Cook 7c11e0065d update mettle 2017-04-26 18:00:50 -05:00
Brent Cook 7613bd8964 bump metasploit-payloads, fix 64-bit builds 2017-04-16 08:52:41 -05:00
Brent Cook fe33fe5571 bump payloads with new keyscan code 2017-04-14 21:54:50 -05:00
Brent Cook 7eaba1fdee bump payloads 2017-04-14 13:17:25 -05:00
Brent Cook eedbf25f06 bump android meterpreter, adding in-app screenshot support 2017-04-14 12:38:53 -05:00
Brent Cook f8a94de671 bump metasploit-payloads, enhance windows support in python meterpreter 2017-04-14 12:28:52 -05:00
Brent Cook 5dd681ead7 we only need xmlrpc for ruby >= 2.3 2017-04-13 17:33:29 -05:00
Brent Cook cdccd1df19 add xmlrpc as an explicit dependency 2017-04-13 07:12:38 -05:00
Jeffrey Martin 157d28ab3d
make metasploit-aggregator a framework package 2017-04-12 12:33:13 -05:00
Jeffrey Martin c845745f0b
remove platform restriction on metasploit-aggregator 2017-04-06 13:09:09 -05:00
David Maloney 2d9c2321d1
add ruby_smb as a dep
added the ruby_smb library to the gemspec

MS-2557
2017-03-28 16:12:12 -05:00
Brent Cook 9542087642 bump mettle to 0.1.8 2017-03-21 16:45:25 -05:00
Brent Cook 2701fef34b bump to metasploit-payloads 1.2.29 2017-03-17 17:34:16 -05:00
Brent Cook 0631bc4c29 bump payloads and such 2017-03-16 23:51:51 -05:00
bwatters-r7 637a9b018d Bump to metasploit-payloads 1.2.17 that has needed code changes 2017-03-15 18:39:21 -05:00
Brent Cook 031285d49a update payloads 2017-02-28 03:04:53 -06:00
bwatters-r7 adcb65c66b Update gemspec file to use metasploit-payloads 1.2.15 per payloads PR#171 2017-02-24 20:15:50 -06:00
James Barnett 2631259919 Land #7973, Enable cert validation for Nexpose
This PR enables connection to a Nexpose console using the
nexpose client gem.

It also allows you to connect using a trusted certificate
instead of simply overriding the SSL validation.
2017-02-24 14:27:24 -06:00
Brent Cook 86c04cd9f4 update metasploit payloads with Python fixes 2017-02-17 18:52:14 -06:00
Brent Cook 40c86567aa import packetfu fix for https://github.com/packetfu/packetfu/pull/163 2017-02-06 15:51:01 -06:00
Jeffrey Martin eeba1e0bb2
first pass of upgrading nexpose gem to latest 2017-01-25 10:16:48 -06:00
bwatters 49da83cf74 Bump metasploit-payloads to 1.2.11 to incorporate changes to metasploit-payloads
PR# 163; timestomp fixes
2017-01-25 09:54:07 -06:00
Brent Cook 2e1d381e2e bump gem 2017-01-24 09:48:40 -06:00
Brent Cook d9602f49a2 bump payloads 2017-01-22 15:45:45 -06:00
Brent Cook 6a2d036ea8 depend on regular rb-readline, bugs fixed upstream 2017-01-22 10:20:05 -06:00
Brent Cook 28211c3b73 bump payloads 2017-01-22 10:02:41 -06:00
Brent Cook f11cf92040 bump mettle gem to include pivoting support 2017-01-10 16:43:49 -06:00
Brent Cook cd950e91a9 bump payloads gem 2016-12-29 15:59:07 -06:00
William Webb 5702bd6745
Land #7674, Move migration stub generation code into msf 2016-12-22 17:53:00 -06:00
William Webb ea704211ca incorporate payload stub generation changes 2016-12-22 17:50:43 -06:00
Brent Cook 50f95f9940
Land #7681, Get ready for stageless mettle 2016-12-09 09:31:47 -06:00
Brent Cook 6dcdf74850 bump mettle gem 2016-12-09 09:27:56 -06:00
Adam Cammack eeef8fa6ad
Add new arches to UUIDs 2016-12-08 16:29:43 -06:00
OJ fc1d601d13
Bump the payloads version to 1.2.4 2016-12-07 14:57:05 +10:00
Brent Cook 7346223a65
update payloads 2016-12-06 07:16:44 -06:00
Brent Cook d7dce28018 bump mettle to get fix for UUID encoding 2016-11-21 00:57:50 -06:00
Brent Cook 05cb5edaac update payload gems 2016-11-20 19:10:27 -06:00
Brent Cook f313389be4 Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch 2016-11-20 19:08:56 -06:00
Brent Cook fafc749447 update metasploit payloads 2016-11-14 16:51:38 -06:00
Brent Cook 422ff57335 update metasploit-payloads 2016-11-14 02:53:18 -06:00
OJ 57eabda5dc
Merge upstream/master 2016-10-29 13:54:31 +10:00
OJ 052045c101
Update rex-arch gem to 0.1.2 2016-10-29 06:40:18 +10:00
Brent Cook 1a1841d441 rebuilt metasploit-payloads without debug info 2016-10-26 05:43:36 -05:00
Brent Cook 672e275877 update gems 2016-10-23 16:43:02 -05:00
Pearce Barry 43fd0a8813
Land #7436, Put Rex-exploitation Gem Back 2016-10-18 16:03:54 -05:00
Brent Cook c5faffddbd
bump gems 2016-10-17 04:48:12 -05:00
Brent Cook 741c4b8916 updated android payload gem, removed unused extension jar 2016-10-14 09:59:06 -05:00
Brent Cook aa748ecc83 update to working mettle gem 0.0.8 2016-10-11 21:12:00 -05:00
David Maloney 7894d5b2c1 Revert "Revert "use the new rex-exploitation gem""
This reverts commit f3166070ba.
2016-10-11 17:40:43 -05:00
Brent Cook 8f8a54bf8c update to really-working payloads 1.1.21 2016-10-11 07:00:01 -05:00
Brent Cook deaa4047df bump payloads (and sqlite too) 2016-10-10 23:58:19 -05:00
Brent Cook f3166070ba
Revert "use the new rex-exploitation gem"
This reverts commit 52f6265d2e.
2016-10-08 21:55:16 -05:00
David Maloney 52f6265d2e use the new rex-exploitation gem
use the new rex-exploitation gem instead of the packaged in lbirary code
cleans up a huge ammount of space in framework

MS-1709
2016-10-05 09:05:27 -05:00
Brent Cook 55d267730e
bump metasploit-payloads 2016-10-04 07:16:39 -05:00
Jeffrey Martin a457f64e2a
update to latest release payload gem 2016-09-28 16:14:29 -05:00
Brent Cook 8f9be92b1b update to latest metasploit-payloads 2016-09-27 11:06:34 -05:00
David Maloney 7e10b5c482
use new rex-encoder gem
remove all the encoidng lbiraries and use the new gem
rex-encoder that contains them now.

MS-1708
2016-09-14 12:07:26 -05:00
David Maloney fd3b885d83
replace msfrop with the rex-rop_builder gem
moved all of this code into the new gem

MS-1722
2016-09-12 16:06:53 -05:00
Pearce Barry 4495b27e67
Land #7254, Rex::SSLScan Gemification 2016-09-08 13:20:56 -05:00
David Maloney 1b9c37ff78
Merge branch 'master' into feature/MS-1711/rex-nop 2016-09-08 10:48:07 -05:00
Brendan a30711ddcd
Land #7279, Use the rubyntlm gem (again) 2016-09-07 16:33:35 -05:00
David Maloney cd90ff7c24 pull in rex-socket gem
pull rex-socket gem in as a dep

MS-1715
2016-09-07 11:38:26 -05:00
David Maloney 1a913da08c pull in rex-core as a dep 2016-09-07 11:38:26 -05:00
Pearce Barry 9d5a276e91
Fix recent metasploit-framework.gemspec conflict. 2016-09-06 13:10:28 -05:00
David Maloney 881effbae9
use the new rex-nop gem
transfer the opty2 library to rex-nop

MS-1711
2016-09-06 11:27:06 -05:00
dmohanty-r7 e36cfa54b1
Use rex-mime gem
MS-1710
2016-09-01 11:38:07 -05:00
Pearce Barry bd71df55c3
Merge branch 'nessus-bridge-gem' of git://github.com/kost/metasploit-framework into kost-nessus-bridge-gem
Also fix minor merge conflict.
2016-08-30 17:25:46 -05:00
David Maloney 029a28c95b
use the new rex-sslscan gem
remove old integerated code and replace it
with the gem. done.

MS-1693
2016-08-30 10:43:47 -05:00
David Maloney 45ab061a88
pull in rex-socket gem
pull rex-socket gem in as a dep

MS-1715
2016-08-26 14:12:16 -05:00
David Maloney fed1016430
pull in rex-core as a dep 2016-08-26 14:00:13 -05:00
dmohanty-r7 4478136065 Unvendor openvas-omp gem
MS-1718
2016-08-19 15:14:32 -05:00
David Maloney 42b1ced4fb
remove *scan from gemspec bins
update the gemspec so that it doesn't try to build binstubs
for the *scan bins

MS-1691
2016-08-16 09:33:09 -05:00
David Maloney d2a6c2e9ca
move rex bintools into new gem
move all the *scan *parsey code out into
the new rex-bin_tools gem

MS-1691
2016-08-15 14:01:43 -05:00
Vlatko Kosturjak 46e4ee4c5b Start using gem instead of obsolete library/tool
Rationale is following:
nessus-cli is obsolete
nessus is using json rest api instead of xmlrpc
xmlrpc name is therefore obsolete

Solution: with minimal changes start using nessus_rest gem.
2016-08-14 17:57:33 +02:00
Pearce Barry bdf073516b
Switch errors over to windows_error gem... 2016-07-27 17:43:00 -05:00