infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
34,888 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

8687 Commits (6b94513a37fa641bc1a350593d60c1a62416ff6e)

Author SHA1 Message Date
aakerblom 66c92aae5d fix documentation 2015-07-31 17:12:50 -07:00
aakerblom 6fdd2f91ce rescue only Errno::ENOENT 2015-07-31 13:54:29 -07:00
aakerblom 6671df6672 add documentation 2015-07-31 13:53:56 -07:00
aakerblom 013201bd99 remove unneeded require 2015-07-31 13:49:27 -07:00
aakerblom 12a6bdb67b Add Heroes of Might and Magic III .h3m map file Buffer Overflow module 2015-07-31 02:06:47 -07:00
aakerblom d4c8d5884c Fix a small typo 2015-07-31 11:47:46 -07:00
wchen-r7 54c5c6ea38 Another update 2015-07-29 14:31:35 -05:00
wchen-r7 768de00214 Automatically pass arch & platform from cmdstager 
This allows the cmdstager mixin to automatically pass the arch
and platform information without changing the modules. This should
address the following tickets:

Fix #5727
Fix #5718
Fix #5761
 2015-07-27 14:17:21 -05:00
jvazquez-r7 bf6975c01a
Fix #4558 by restoring the old wmicexec 2015-07-27 14:04:10 -05:00
wchen-r7 2d0a26ea8b
Land #5774, Fix URIPATH=/ and stack trace on missing ntdll version match 2015-07-25 17:54:49 -05:00
HD Moore a7b5890dc5 Fix URIPATH=/ and stack trace on missing ntdll version match 2015-07-25 15:39:20 -07:00
h00die 4561241609 updates per @jvazquez-r7 comments 2015-07-24 20:34:40 -04:00
jvazquez-r7 2c9183fa56
Return check code 2015-07-24 16:14:43 -05:00
jvazquez-r7 a163606513
Delete unused SLEEP option 2015-07-24 15:29:56 -05:00
jvazquez-r7 1b1ac09d2a Merge to solve conflicts 2015-07-24 15:24:29 -05:00
William Vu 10783d60cd
Land #5763, generate_payload_exe merged opts fix 2015-07-24 10:56:29 -05:00
William Vu 50c9293aab
Land #5758, OS X DYLD_PRINT_TO_FILE privesc 2015-07-23 13:21:23 -05:00
William Vu c1a9628332 Fix some fixes 
So you can fix while you fix.
 2015-07-23 12:59:20 -05:00
Tod Beardsley 6ededbd7a7
Un-ticking the output 2015-07-23 12:23:56 -05:00
Tod Beardsley 9d8dd2f8bd
FIxup pr #5758 2015-07-23 12:21:36 -05:00
wchen-r7 6720a57659 Fix #5761, pass the correct arch and platform for exe generation 
Fix #5761
 2015-07-23 01:34:44 -05:00
joev 165cb195bf Remove python dependency, add credit URL. 2015-07-21 22:48:23 -05:00
joev 3013ab4724 Add osx root privilege escalation. 2015-07-21 21:50:55 -05:00
William Vu 928c82c96e
Land #5745, undefined variable "rop" fix 2015-07-21 11:01:49 -05:00
Tod Beardsley cadb03bac0
Fix my own blasted typo, ty @wvu-r7 2015-07-20 17:14:34 -05:00
Tod Beardsley 2052b4ef56
Fixed the HT leak attribution a little 2015-07-20 16:36:47 -05:00
Tod Beardsley f7c11d0852
More cleanups 
Edited modules/exploits/multi/browser/adobe_flash_hacking_team_uaf.rb
first landed in #5678, adobe_flash_hacking_team_uaf.rb

Edited
modules/exploits/multi/browser/adobe_flash_opaque_background_uaf.rb
first landed in #5698, Adobe Flash CVE-2015-5122 opaqueBackground

Edited modules/exploits/multi/http/sysaid_auth_file_upload.rb first
landed in #5471, @pedrib's module for SysAid CVE-2015-2994

Edited modules/exploits/multi/http/sysaid_rdslogs_file_upload.rb first
landed in #5473 Correct spelling of sysaid module
 2015-07-20 16:29:49 -05:00
Tod Beardsley ab6204ca2e
Correct spelling of sysaid module 
First landed in #5473.
 2015-07-20 16:21:50 -05:00
Pedro Ribeiro 3fe165a265 Remove whitespace at the end 2015-07-18 20:18:34 +01:00
Pedro Ribeiro 70a2247941 Pick target is not needed... 2015-07-18 20:12:49 +01:00
Pedro Ribeiro 7483e77bba Fix Linux target by trying again if exploit fails 2015-07-18 20:12:13 +01:00
wchen-r7 29defc979b Fix #5740, remove variable ROP for adobe_flashplayer_flash10o 2015-07-17 16:57:37 -05:00
wchen-r7 7113c801b1
Land #5732, reliability update for adobe_flash_hacking_team_uaf 2015-07-17 16:43:39 -05:00
wchen-r7 837eb9ea38
Land #5742, better quality coverage for adobe_flash_opaque_background_uaf 2015-07-17 16:25:14 -05:00
wchen-r7 f77f7d6916 Bump rank 2015-07-17 16:23:27 -05:00
wchen-r7 0bd1dc017e Update coverage information 2015-07-17 16:23:00 -05:00
jvazquez-r7 4e6b00fe31
Land #5473, @pedrib's exploit for Sysaid CVE-2015-2994 
* sysaid rdslogs arbitrary file upload
 2015-07-17 12:10:40 -05:00
jvazquez-r7 00adbd7f64 Fix quotes 2015-07-17 12:09:54 -05:00
jvazquez-r7 57c4a3387b
Fix paths for windows and cleanup 2015-07-17 12:09:18 -05:00
jvazquez-r7 46ffb97c1c
Land #5471, @pedrib's module for SysAid CVE-2015-2994 
* sysaid arbitrary file upload
 2015-07-17 11:27:22 -05:00
jvazquez-r7 309a86ec57
Do code cleanup 2015-07-17 11:26:54 -05:00
jvazquez-r7 255d8ed096
Improve adobe_flash_opaque_background_uaf 2015-07-16 14:56:32 -05:00
jvazquez-r7 b504f0be8e
Update adobe_flash_hacking_team_uaf 2015-07-15 18:18:04 -05:00
William Vu ea4a7d98b9
Land #5728, Arch specification for psexec 2015-07-15 15:36:27 +00:00
jvazquez-r7 886ca47dfb
Land #5650, @wchen-r7's browser autopwn 2 2015-07-15 10:21:44 -05:00
Christian Mehlmauer b31c637c1b
Land #5533, DSP-W110 cookie command injection 2015-07-15 11:22:33 +02:00
Christian Mehlmauer 21375edcb2
final cleanup 2015-07-15 11:21:39 +02:00
Brent Cook a7d866bc83 specify the 'Arch' values that psexec supports 2015-07-14 15:45:52 -06:00
h00die 57f62ffa76 changed URI to TARGETURI as per comments 2015-07-13 20:18:45 -04:00
William Vu 405261df4f
Land #5710, php_wordpress_total_cache removal 
Deprecated.
 2015-07-13 18:33:12 +00:00
William Vu 3feef639b9
Land #5711, php_wordpress_optimizepress removal 
Deprecated.
 2015-07-13 18:32:37 +00:00
William Vu 6e12cbf98f
Land #5712, php_wordpress_lastpost removal 
Deprecated.
 2015-07-13 18:31:31 +00:00
William Vu dd188b1943
Land #5713, php_wordpress_infusionsoft removal 
Deprecated.
 2015-07-13 18:31:01 +00:00
wchen-r7 4960e64597 Remove php_wordpress_foxypress, use wp_foxypress_upload 
Please use exploit/unix/webapp/wp_foxypress_upload instead.
 2015-07-13 12:53:34 -05:00
wchen-r7 dfbeb24a8f Remove php_wordpress_infusionsoft, use wp_infusionsoft_upload 
Please use exploit/unix/webapp/wp_infusionsoft_upload instead.
 2015-07-13 12:51:48 -05:00
wchen-r7 b80427aed2 Remove php_wordpress_lastpost, use wp_lastpost_exec instead. 
Please use exploit/unix/webapp/wp_lastpost_exec instead
 2015-07-13 12:49:27 -05:00
wchen-r7 90cc3f7891 Remove php_wordpress_optimizepress, use wp_optimizepress_upload 
Please use exploit/unix/webapp/wp_optimizepress_upload instead.
 2015-07-13 12:45:39 -05:00
wchen-r7 4177cdacd6 Remove php_wordpress_total_cache, please use wp_total_cache_exec 
The time is up for exploit/unix/webapp/php_wordpress_total_cache,
please use exploit/unix/webapp/wp_total_cache_exec instead.
 2015-07-13 12:41:29 -05:00
wchen-r7 e638d85f30
Merge branch 'upstream-master' into bapv2 2015-07-12 02:01:09 -05:00
h00die 8819674522 updated per feedback from PR 2015-07-11 21:03:02 -04:00
wchen-r7 f7ce6dcc9f We agreed to Normal 2015-07-11 02:07:18 -05:00
wchen-r7 0ff7333090 Lower the ranking for CVE-2015-5122 
As an initial release we forgot to lower it.
 2015-07-11 02:05:56 -05:00
wchen-r7 1289ec8863 authors 2015-07-11 01:38:21 -05:00
wchen-r7 6eabe5d48c Update description 2015-07-11 01:36:26 -05:00
wchen-r7 54fc712131 Update Win 8.1 checks 2015-07-11 01:33:23 -05:00
jvazquez-r7 6f0b9896e1
Update description 2015-07-11 00:56:18 -05:00
jvazquez-r7 115549ca75
Delete old check 2015-07-11 00:42:59 -05:00
jvazquez-r7 63005a3b92
Add module for flash CVE-2015-5122 
* Just a fast port for the exploit leaked
* Just tested on win7sp1 / IE11
 2015-07-11 00:28:55 -05:00
h00die bff92f2304 Initial add 2015-07-10 21:13:12 -04:00
jvazquez-r7 5a045677bc
Add waiting message 2015-07-10 18:48:46 -05:00
jvazquez-r7 8d52c265d9
Delete wfsdelay 2015-07-10 18:46:27 -05:00
jvazquez-r7 63e91fa50f
Add reference 2015-07-10 18:46:06 -05:00
jvazquez-r7 677cd97cc2
Update information 2015-07-10 18:39:11 -05:00
jvazquez-r7 6c6a778218
Modify arkeia_agent_exec title 2015-07-10 18:38:25 -05:00
jvazquez-r7 4995728459
Modify arkeia_agent_exec ranking 2015-07-10 18:37:24 -05:00
jvazquez-r7 858f63cdbf
Land #5693, @xistence VNC Keyboard EXEC module 2015-07-10 18:35:44 -05:00
jvazquez-r7 1326a26be5
Do code cleanup 2015-07-10 18:35:13 -05:00
jvazquez-r7 917282a1f1
Fix ranking 2015-07-10 17:49:15 -05:00
jvazquez-r7 e063e26627
Land #5689, @xistence's module for Western Digital Arkeia command injection 2015-07-10 17:11:35 -05:00
jvazquez-r7 bdd8b56336
fix comment 2015-07-10 16:28:20 -05:00
jvazquez-r7 95ae7d8cae
Fix length limitation 2015-07-10 16:24:49 -05:00
Mo Sadek 3347b90db7 Land #5676, print_status with ms14_064 2015-07-10 14:40:49 -05:00
jvazquez-r7 29a497a616
Read header as 6 bytes 2015-07-10 14:25:57 -05:00
jvazquez-r7 bed3257a3f
Change default HTTP_DELAY 2015-07-10 12:50:26 -05:00
jvazquez-r7 c9d2ab58d3
Use HttpServer::HTML 
* And make the exploit Aggressive
 2015-07-10 12:48:21 -05:00
jvazquez-r7 e1192c75a9
Fix network communication on `communicate` 
* Some protocol handling just to not read amounts of data blindly
 2015-07-10 11:57:48 -05:00
Tod Beardsley 9206df077f
Land #5694, R7-2015-08 2015-07-10 11:42:57 -05:00
jvazquez-r7 9ba515f185
Fix network communication on `check` 
* Some protocol handling just to not read amounts of data blindly
 2015-07-10 11:32:49 -05:00
jvazquez-r7 c70be64517
Fix version check 2015-07-10 10:57:55 -05:00
jvazquez-r7 34a6984c1d
Fix variable name 2015-07-10 10:44:38 -05:00
jvazquez-r7 2c7cc83e38
Use single quotes 2015-07-10 10:34:47 -05:00
jvazquez-r7 f66cf91676
Fix metadata 2015-07-10 10:33:02 -05:00
xistence b916a9d267 VNC Keyboard Exec 2015-07-10 14:08:32 +07:00
xistence 52d41c8309 Western Digital Arkeia 'ARKFS_EXEC_CMD' <= v11.0.12 Remote Code Execution 2015-07-10 09:51:28 +07:00
Michael Messner d7beb1a685 feedback included 2015-07-09 08:31:11 +02:00
HD Moore 25e0f888dd Initial commit of R7-2015-08 coverage 2015-07-08 13:42:11 -05:00
wchen-r7 a3ec56c4cb Do it in on_request_exploit because it's too specific 2015-07-08 12:32:38 -05:00
wchen-r7 cefbdbb8d3 Avoid unreliable targets 
If we can't garantee GreatRanking on specific targets, avoid them.
 2015-07-08 12:12:53 -05:00
wchen-r7 6a33807d80 No Chrome for now 2015-07-07 15:56:58 -05:00
jvazquez-r7 f8b668e894
Update ranking and References 2015-07-07 15:43:02 -05:00