infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
44,914 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

23387 Commits (6b9be37741996da3cf45168b07799963d8d880fd)

Author SHA1 Message Date
Sonny Gonzalez 667cc5bcca
Land #9653, fix Y2k38 issue (until Jan 1, 2038) 2018-03-01 09:28:11 -06:00
Wei Chen 735fbc5c9f
Land #9623, Support Win 2008/7+ for enum_ms_product_keys 
Land #9623
 2018-02-25 23:25:03 -08:00
Brent Cook bffba1e5e3
Land #9607, upgrade osx shells to osx meterpreter 2018-02-25 23:25:02 -08:00
William Vu 0a5e9d922f
Land #9601, ms17_010_eternalblue reliability fixes 2018-02-23 08:31:02 -08:00
Brent Cook 2af4f56382
Land #9611, Fix bug causing all OWA logins to appear valid 2018-02-23 08:31:01 -08:00
bwatters-r7 ac6fede928
Land #9441, Create exploit for AsusWRT LAN RCE 
Merge branch 'land-9441' into upstream-master
 2018-02-23 08:31:01 -08:00
Jacob Robles 178afdaed1
Land #9604, Fix logged errors when running without Python 3.6 / gmpy2 2018-02-22 08:27:37 -08:00
Brent Cook a189673782
Land #9584, Fix reverse_php_ssl infinite loop 2018-02-22 08:27:36 -08:00
Brent Cook 826b986018
Land #9602, Create sessions with the Fortinet SSH backdoor scanner 2018-02-22 08:27:36 -08:00
Brent Cook 4e8fe54c6c
Land #9524, prefer 'shell' channels over 'exec' channels for ssh CommandStream 2018-02-22 08:27:36 -08:00
William Vu c1d701f656
Land #9593, finger_users regex fix 2018-02-22 08:27:35 -08:00
Aaron Soto dc913b60e4
Land #9444 - `hsts_eraser` module and docs 2018-02-22 08:27:35 -08:00
Jacob Robles 40220b5ab6
Land #9594, CloudMe Sync v1.10.9 Buffer Overflow 2018-02-22 08:27:35 -08:00
Jacob Robles 72cb9f358e
Land #9561, Disk Savvy Enterprise v10.4.18 built-in server buffer overflow 2018-02-22 08:27:34 -08:00
Brent Cook 59a41f04f7 Land #9366, Add x64 staged Meterpreter for macOS 2018-02-20 09:24:41 -06:00
Brent Cook 8c2484d2da
Land #9164, add OWA 2016 support 2018-02-20 09:24:13 -06:00
Chris Higgins d2c203bcb9
Lands #9504, MagniComp SysInfo privilege escalation 2018-02-20 09:24:13 -06:00
Brent Cook d89a8c3eb9
Land #9571, specify a python encoding for the claymore DoS module 2018-02-16 15:34:49 -08:00
Brent Cook d2e71cfc8b
Land #9512, Add Claymore Dual GPU Miner<= 10.5 DoS module 2018-02-16 15:34:48 -08:00
Brent Cook 31ed50ac92
Land #9539, add bind_named_pipe transport to Windows meterpreter 2018-02-16 15:34:47 -08:00
Wei Chen 004e228a52
Land #9509, Ulterius Server < v1.9.5.0 Directory Traversal 
Land #9509
 2018-02-16 15:34:47 -08:00
Brent Cook e8ad3a98e9
Land #9558, Fix #9417, map timeout exp to a var for telnet_encrypt_overflow 2018-02-15 14:14:07 -08:00
Brent Cook 87dcb13413
update magic numbers 2018-02-15 15:25:47 -06:00
Brent Cook 0cee8485d0
Land #9557, add back udp_probe for now 2018-02-14 11:26:59 -08:00
Spencer McIntyre bdc0b47844
Land #9552, add private_type for stored tomcat pw 
Fixes #9513
 2018-02-13 19:55:54 -08:00
Jeffrey Martin aecc1f143f
Land #7699, Add UDP handlers and payloads (redux) 2018-02-13 14:46:07 -08:00
Jacob Robles f281b45384
Land #9546, Correct Typo 2018-02-13 14:46:07 -08:00
Jacob Robles e485b152e3
Land #9542, Correct Typo 2018-02-13 14:46:06 -08:00
h00die 37cb2d77e7
Land #9422 abrt race condition priv esc on linux 2018-02-12 11:55:21 -06:00
Pearce Barry 6c3168c541
Land #9536, Add Ubuntu notes to documentation 2018-02-12 11:55:19 -06:00
Pearce Barry 73bcec5d11
Land #9408, Add Juju-run Agent Privilege Escalation module (CVE-2017-9232) 2018-02-12 11:55:19 -06:00
h00die 090f7c8bd6
Land #9467 linux priv esc against glibc origin 2018-02-12 11:55:19 -06:00
h00die cd7187023c
Land #9469 linux local exploit for glibc ld audit 2018-02-12 11:55:18 -06:00
Brent Cook 32bd516e70
Land #9525, Update mysql_hashdump for MySQL 5.7 and above 2018-02-12 11:55:17 -06:00
Adam Cammack cd723ac86e Add scanner for Bleichenbacher oracle (ROBOT) 2018-02-09 11:14:30 -06:00
Brent Cook b696665adc
Land #9478, Improve Dup Scout BOF exploit 2018-02-08 10:25:39 -06:00
Brent Cook 909b787a56
Land #9521, flush pipe buffers when a process exists in mettle 2018-02-08 10:25:25 -06:00
William Vu 6c350be24e
Land #9473, new MS17-010 aux and exploit modules 2018-02-02 11:32:40 -06:00
h00die 016af01fd8
Land #9399 a linux priv esc against apport and abrt 2018-02-02 11:32:29 -06:00
Brent Cook ce3d5d77e4
Land #9481, Update native DNS spoofer for Dnsruby 2018-02-02 11:32:18 -06:00
Brent Cook ec12d61702
Land #9354, Debut embedded httpd server (Brother printers) DoS 2018-02-02 11:31:59 -06:00
bwatters-r7 64746d8325
Land # 9407, Add BMC Server Automation RSCD Agent RCE exploit module 
Merge branch 'land-9407' into upstream-master
 2018-02-01 11:23:59 -06:00
h00die b7fbffa331
Land #9445 fixes for ssl labs scanner module 2018-02-01 11:23:46 -06:00
Jacob Robles 4fa68f29d9
Land #9457, Dup Scout Enterprise v10.4.16 - Import Command Buffer Overflow 2018-02-01 11:23:26 -06:00
Aaron Soto 395320ba97 Land #9379, Oracle Weblogic RCE exploit and documentation 2018-01-26 18:08:56 -06:00
William Vu a87ae41d81 Land #9446, Post API fix for setuid_nmap 2018-01-26 18:08:47 -06:00
Matthew Kienow b515a582f0
Land #9424, Add SharknAT&To external scanner 2018-01-24 17:20:03 -06:00
Pearce Barry 926ce42a01
Land #8632, colorado ftp fixes 2018-01-24 17:13:20 -06:00
bwatters-r7 2ea9ab2625
Land #9416, Sync Breeze Enterprise 9.5.16 Import Command buffer overflow 
Merge branch 'land-9416' into upstream-master
 2018-01-24 17:13:16 -06:00
Adam Cammack a4022f7b8f
Land #9430, Improve Hyper-V checkvm checks 2018-01-24 17:13:12 -06:00
bwatters-r7 a136841794
Land #9114, Add module for Kaltura <= 13.1.0 RCE (CVE-2017-14143) 
Merge branch 'land-9114' into upstream-master
 2018-01-24 17:13:00 -06:00
Brent Cook d6beb94c59
Land #6611, add native DNS to Rex, MSF mixin, sample modules 2018-01-24 17:12:52 -06:00
Brent Cook 5ec3da843e
Land #9349, GoAhead LD_PRELOAD CGI Module 2018-01-24 17:12:47 -06:00
Brent Cook 294a8e0ada
Land #9413, Expand the number of class names searched when checking for an exploitable JMX server 2018-01-24 17:12:43 -06:00
Brent Cook bb73d2c07e
Land #9431, Fix owa_login to handle inserting credentials for a hostname 2018-01-24 17:12:39 -06:00
Brent Cook 47682e3f37
Land #9404, update module author 2018-01-24 17:12:34 -06:00
Wei Chen ab610f599b
Land #9442, Remove NoMethod Rescue for cerberus_sftp_enumusers 
Land #9442
 2018-01-24 17:12:25 -06:00
Wei Chen 10fafb62bb
Land #9436 - Fix cerberus_sftp_enumusers undefined method start for nil 
Land #9436

Thanks Steve!
 2018-01-24 17:12:16 -06:00
Brent Cook 512192d3b0
Land #9267, Add targets to sshexec 2018-01-24 17:12:12 -06:00
Brent Cook 55c345418d
Land #9438, address cmd_exec inconsistencies 2018-01-24 17:11:40 -06:00
Brent Cook 23619431aa
update stageless python sizes 2018-01-24 17:08:51 -06:00
Brent Cook d6e966b079
Land #9414, wp_admin_shell_upload - remove plugin dir after exploitation 2018-01-16 21:08:22 -06:00
William Vu e5bd36da1c
Land #9402, NIS bootparamd domain name disclosure 2018-01-15 15:36:00 -06:00
Christian Mehlmauer 2f9eebe28b
remove plugin dir 2018-01-15 14:48:59 +01:00
William Vu 736d438813 Address second round of feedback 
Brain fart on guard clauses when I've been using them all this time...
Updating the conditions made the ternary fall out of favor.

Changed some wording in the doc to suggest the domain name for a
particular NIS server may be different from the bootparamd client's
configuration.
 2018-01-13 22:55:01 -06:00
William Vu 1a8eb7bf2a Update nis_ypserv_map after bootparam feedback 
Yes, yes, I see the off-by-one "error." It's more accurate this way.
Basically, we want to ensure there's actually data to dump.
 2018-01-13 15:40:17 -06:00
William Vu c080329ee6 Update module after feedback 
Looks like I can't decide on certain style preferences.

Not keen on using blank?, but I've used it before. Time to commit?

Also, fail_with has been fixed for aux and post since #8643. Use it!
 2018-01-13 15:40:11 -06:00
William Vu eb8429cbd3
Revert "umlaut" 
This reverts commit ffd7073420.
 2018-01-12 22:57:22 -06:00
Brendan Coles ffd7073420
umlaut 2018-01-13 15:48:45 +11:00
Jeffrey Martin 1f1dc59d17
Land #9392, python meterpreter whitespace normalization 2018-01-12 21:24:13 -06:00
William Vu 2916c5ae45 Rescue Rex::Proto::SunRPC::RPCTimeout 
Coincidentally, this also fixes the rescue in the library, since
rescuing Timeout instead of Timeout::Error does nothing.
 2018-01-12 19:34:59 -06:00
William Vu 0c9f1d71d3 Add NIS bootparamd domain name disclosure 2018-01-12 19:34:53 -06:00
Agahlot 488f27bf76 Small Typo 2018-01-12 07:05:30 -05:00
Wei Chen e6c4fb1dab
Land #9269, Add a new target for Sync Breeze Enterprise GET BoF 
Land #9269
 2018-01-11 16:54:23 -06:00
Wei Chen f395e07fc6 Land #9269, add new target for Sync Breeze Enterprise GET BoF 
Land #9269
 2018-01-11 16:53:02 -06:00
William Vu 4b225c30fd
Land #9368, ye olde NIS ypserv map dumper 2018-01-10 22:02:36 -06:00
William Vu f66b11f262 Nix an unneeded variable declaration 2018-01-10 20:24:02 -06:00
Wei Chen 6510ee53bc
Land #9204, Add exploit for Samsung SRN-1670D (CVE-2017-16524) 
Land #9204
 2018-01-10 20:15:29 -06:00
Wei Chen 18c179a091 Update module and add documentation 
This updates the module to pass:

* msftidy
* Ruby style guidelines
* Proper usage of Metasploit API
* Mostly other cosmetic fixes

A documentation is also added.
 2018-01-10 20:13:42 -06:00
William Vu b66889ac86 Rescue additional errors and refactor code 
https://jvns.ca/blog/2015/11/27/why-rubys-timeout-is-dangerous-and-thread-dot-raise-is-terrifying/
 2018-01-10 20:11:25 -06:00
Wei Chen 7e2c7837e5
Land #9325, Add CVE-2017-6090 phpCollab 2.5.1 file upload exploit module 
Land #9325
 2018-01-10 17:39:50 -06:00
Wei Chen b1f3f471f3 Update phpcollab_upload_exec code (also module documentation) 2018-01-10 17:38:52 -06:00
Wei Chen dd737c3bc8
Land #9317, remove multiple deprecated modules 
Land #9317

The following modules are replaced by the following:

auxiliary/scanner/discovery/udp_probe
is replaced by:
auxiliary/scanner/discovery/udp_sweep

exploit/unix/webapp/wp_ninja_forms_unauthenticated_file_upload
is replaced by:
exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload

exploit/windows/misc/regsvr32_applocker_bypass_server
is replaced by:
exploits/multi/script/web_delivery
 2018-01-10 15:47:20 -06:00
Wei Chen 8d77f35b16
Land #9373, Add LabF nfsAxe FTP Client 3.7 Stack Buffer Overflow 
Land #9373
 2018-01-09 22:40:50 -06:00
Wei Chen 25280e3319 Update labf_nfsaxe and module documentation 2018-01-09 22:39:40 -06:00
Brent Cook f125e13278
python meterpreter whitespace normalization 2018-01-09 16:08:52 -05:00
Wei Chen 777e383568
Land #9377, Add HPE iMC dbman RestoreDBase Unauthenticated RCE exploit 
Land #9377
 2018-01-09 13:56:53 -06:00
Wei Chen a0c9cdd73d
Land #9376, Add HPE iMC dbman RestartDB Unauthenticated RCE exploit 
Land #9376
 2018-01-09 13:28:03 -06:00
Brent Cook 573ee28631
Land #9378, Detect and return on bad VNC negotiations 2018-01-09 03:46:00 -05:00
William Vu 4a5a17a8e1 Add NIS ypserv map dumper 2018-01-08 14:27:53 -06:00
Wei Chen d138f1508c
Land #9340, Add exploit for Commvault Remote Command Injection 
Land #9340
 2018-01-07 12:17:26 -06:00
Daniel Teixeira ff1806ef5f
Update labf_nfsaxe.rb 2018-01-07 16:46:06 +00:00
Daniel Teixeira a69f275a39
Update labf_nfsaxe.rb 2018-01-05 21:14:47 +00:00
Daniel Teixeira c819aebc76
Add files via upload 2018-01-05 21:11:21 +00:00
Daniel Teixeira e797ca4781
Add files via upload 2018-01-05 21:00:47 +00:00
Daniel Teixeira aca76e2a4e
Update labf_nfsaxe.rb 2018-01-05 20:58:36 +00:00
Daniel Teixeira 2643acbc25
Update labf_nfsaxe.rb 2018-01-05 20:55:49 +00:00
Daniel Teixeira b29710c66b
Add files via upload 2018-01-05 20:47:27 +00:00
Daniel Teixeira 94a1198485
Update labf_nfsaxe.rb 2018-01-05 20:41:49 +00:00
Daniel Teixeira b97785c7a9
Update labf_nfsaxe.rb 2018-01-05 18:46:33 +00:00