infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
24,197 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

466 Commits (6daae961cbfad0d1cec2be906fbee517f331d73e)

Author SHA1 Message Date
jvazquez-r7 45c86d149f Modify authors field 2014-01-07 14:50:12 -06:00
jvazquez-r7 d6639294aa Save some instructions with dup2 2014-01-07 14:41:33 -06:00
jvazquez-r7 9cf221cdd6 Delete delay slots after syscall 2014-01-07 13:18:20 -06:00
jvazquez-r7 70d4082c0c Add formatting blank lines and delete comment 2014-01-07 09:55:36 -06:00
jvazquez-r7 3edd2a50e2 Shorter mipsle shell_reverse_tcp 2014-01-07 09:45:28 -06:00
Joe Vennix 3b29c370bd Fix bug in the firefox/exec payload. 2014-01-05 11:24:41 -06:00
Joe Vennix 4329e5a21e Update firefox payloads to use async runCmd. 2014-01-04 08:49:43 -06:00
Joe Vennix fdca396bc8 Update exec to be diskless. 2014-01-04 08:48:58 -06:00
Joe Vennix a5ebdce262 Add exec payload. Cleans up a lot of code. 
Adds some yardocs and whatnot.
 2014-01-03 18:23:48 -06:00
jvazquez-r7 f5f18965b9 Move the require to the payloads as ruby and nodejs payloads do 2014-01-02 16:05:03 -06:00
Joe Vennix 06fb2139b0 Digging around to get shell_command_token to work. 2014-01-02 14:05:06 -06:00
Joe Vennix 12fece3aa6 Kill unnecessary comment. 2014-01-02 10:48:28 -06:00
Joe Vennix 1f9ac12dda DRYs up firefox payloads. 2014-01-02 10:48:28 -06:00
Joe Vennix 821aa47d7e Add firefox paylods. 
* Adds support for windows or posix shell escaping.
 2014-01-02 10:48:28 -06:00
jvazquez-r7 0725b9c69c Refactor JSP payloads 2013-12-31 08:27:37 -06:00
jvazquez-r7 aa38a23921 Add generate_war to jsp_shell payloads 2013-12-30 13:53:58 -06:00
sinn3r f1c5ab95bf
Land #2690 - typo 2013-11-25 23:53:34 -06:00
William Vu 70139d05ea Fix missed title 2013-11-25 22:46:35 -06:00
William Vu e8eb983ae1 Resplat shell_bind_tcp_random_port 2013-11-20 14:48:53 -06:00
William Vu 2c485c509e Fix caps on module titles (first pass) 2013-11-15 00:03:42 -06:00
Geyslan G. Bem 28c5dd63fd references fix 2013-11-11 17:14:50 -03:00
Geyslan G. Bem 8f6917a117 references fix 2013-11-11 17:12:45 -03:00
Geyslan G. Bem e3641158d9 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-11-11 14:29:19 -03:00
Geyslan G. Bem 030fbba539 Merge branch 'master' of https://github.com/geyslan/metasploit-framework 2013-11-11 14:22:00 -03:00
Tod Beardsley 81a7b1a9bf
Fixes for #2350, random bind shellcode 
* Moved shortlink to a reference.
  * Reformat e-mail address.
  * Fixed whitespace
  * Use multiline quote per most other module descriptions

Still need to resplat the modules, but it's no big thang to do that
after landing. Also, References do not seem to appear for post modules
in the normal msfconsole. This is a bug in the UI, not for these modules
-- many payloads would benefit from being explicit on their references,
so may as well start with these.
 2013-11-11 10:33:15 -06:00
sinn3r 1599d1171d
Land #2558 - Release fixes 2013-10-21 13:48:11 -05:00
Tod Beardsley bce8d9a90f
Update license comments with resplat. 2013-10-21 13:36:15 -05:00
Tod Beardsley c070108da6
Release-related updates 
* Lua is not an acronym
  * Adds an OSVDB ref
  * credit @jvazquez-r7, not HD, for the Windows CMD thing
 2013-10-21 13:33:00 -05:00
sinn3r 032da9be10
Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
sinn3r cacaf40276
Land #2542 - D-Link DIR-605L Captcha Handling Buffer Overflow 2013-10-21 12:03:07 -05:00
sinn3r 6430fa3354
Land #2539 - Support Windows CMD generic payload 
This also upgrades auxiliary/admin/scada/igss_exec_17 to an exploit
 2013-10-21 11:26:13 -05:00
William Vu 5a0b8095c0
Land #2382, Lua bind and reverse shells 2013-10-18 17:11:37 -05:00
jvazquez-r7 be1d6ee0d3 Support Windows CMD generic payload 2013-10-17 14:07:27 -05:00
jvazquez-r7 3d3a7b3818 Add support for OSVDB 86824 2013-10-17 01:08:01 -05:00
Tod Beardsley 5d86ab4ab8
Catch mis-formatted bracket comments. 2013-10-15 14:52:12 -05:00
Tod Beardsley c83262f4bd
Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat 
[SeeRM #8496]
 2013-10-15 13:51:57 -05:00
sinn3r e10dbf8a5d
Land #2508 - Add nodejs payloads 2013-10-14 12:23:31 -05:00
joev c7bcc97dff Add SSL support to #nodejs_reverse_tcp. 2013-10-12 03:32:52 -05:00
joev 6440a26f04 Move shared Node.js payload logic to mixin. 
- this fixes the recursive loading issue when creating a payload
  inside the cmd payload
- also dries up some of the node cmd invocation logic.
 2013-10-12 03:19:06 -05:00
Meatballs 9ca9b4ab29
Merge branch 'master' into data_dir 
Conflicts:
	lib/msf/core/auxiliary/jtr.rb
 2013-10-10 19:55:26 +01:00
joev 1e78c3ca1a Add missing require to nodejs/bind payload. 2013-10-09 11:39:05 -05:00
Tod Beardsley 4266b88a20
Move author name to just 'joev' 
[See #2476]
 2013-10-07 12:50:04 -05:00
joev da48565093 Add more payloads for nodejs. 
* Adds a reverse and bind CMD payload
* Adds a bind payload (no bind_ssl for now).
 2013-10-07 06:09:21 -05:00
Geyslan G. Bem 6492bde1c7 New Payload 
Merge remote-tracking branch 'origin'
 2013-10-05 09:17:14 -03:00
Geyslan G. Bem 31f265b411 New Shell Bind TCP Random Port Payload (x86_64) 2013-10-05 09:02:05 -03:00
Meatballs 7ba846ca24 Find and replace 2013-09-26 20:34:48 +01:00
joev 99e46d2cdb Merge branch 'master' into cve-2013-4660_js_yaml_code_exec 
Conflicts:
	modules/exploits/multi/handler.rb
 2013-09-25 00:32:56 -05:00
joev cd98c4654d Remove unecessary print from #generate in payloads. 2013-09-25 00:12:28 -05:00
Tod Beardsley c547e84fa7 Prefer Ruby style for single word collections 
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.

This change converts all Payloads to this format if there is more than
one payload to choose from.

It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.

See:
  https://github.com/bbatsov/ruby-style-guide#collections
 2013-09-24 12:33:31 -05:00
Joe Vennix 801dda2b09 Change PayloadType to NodeJS. 2013-09-23 11:31:45 -05:00
xistence 41e1a3d05b removed shell prompt in lua bind/reverse shells 2013-09-22 14:53:59 +07:00
Joe Vennix a08d195308 Add Node.js as a platform. 
* Fix some whitespace issues in platform.rb
 2013-09-20 18:14:01 -05:00
Joe Vennix a641bc41a8 Kill unnecessary comment. 2013-09-16 21:35:53 -05:00
Joe Vennix f954e5299f Now working on windows even. 2013-09-16 21:34:12 -05:00
Joe Vennix 2d936fb67c Bail from payload if require() is not available. 
* TODO: test on windows
 2013-09-16 14:05:26 -05:00
RageLtMan 08f0abafd6 Add nodejs single payloads, thanks to RageLtMan. 2013-09-16 13:38:42 -05:00
xistence 79e08c1560 added LUA bind/reverse shells 2013-09-16 17:02:08 +07:00
Geyslan G. Bem 118cc900a7 new payload 2013-09-10 19:20:48 -03:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
sinn3r 10e9b97a88 Land #2180 - Accepting args for x64 osx exec payload 2013-08-02 00:45:09 -05:00
Joe Vennix 592176137a Rewrite osx x64 cmd payload to accept args. 
[SeeRM #8260]
 2013-07-31 08:50:28 -05:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff 
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
 2013-07-29 21:47:52 -05:00
jvazquez-r7 1a5e0e10a5 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-18 13:53:57 -05:00
sinn3r b64d0429ac Format fix 
Just to make this more pleasing to the eyes
 2013-07-18 13:36:31 -05:00
Joe Vennix cd2e352971 Kill extra whitespace. 2013-07-18 11:30:54 -05:00
Joe Vennix 766a8d5817 Shellwords! Now you can use exec to get you a perl shell 2013-07-17 21:16:04 -05:00
Joe Vennix 9c1228067c Change to += syntax. 2013-07-17 21:11:24 -05:00
Joe Vennix ab088712ba Removes unnecessary copy-to-stack. Fixes arg-order issue. 
* Now I simply point to the string in instruction-memory, which saves a few bytes.
 2013-07-17 20:27:20 -05:00
Joe Vennix 5ab81e7e37 Convert to readable asm. Adds support for arguments. 
* shellcode appears to do an unnecessary copy-to-stack, so will look into
  improving that.
 2013-07-17 19:20:47 -05:00
jvazquez-r7 785639148c Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-20 17:18:42 -05:00
William Vu 589b4be384 Land #1999, zsh bind shell 2013-06-20 13:51:48 -05:00
sinn3r 86fc101c1f Add payload module bind zsh 
For #1984
 2013-06-20 13:45:02 -05:00
sinn3r 660c97f512 Add module for reverse zsh payload 
For #1985
 2013-06-20 13:40:17 -05:00
jvazquez-r7 b20a38add4 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-10 12:22:52 -05:00
Tod Beardsley f58e279066 Cleanup on module names, descriptions. 2013-06-10 10:52:22 -05:00
jvazquez-r7 e5a17ba227 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-05 09:41:23 -05:00
William Vu 1596fb478a Land #1886, awk bind shell 2013-06-05 09:05:37 -05:00
Roberto Soares Espreto f6977c41c3 Modifications done in each PR. 2013-06-05 07:55:05 -03:00
Roberto Soares Espreto b20401ca8c Modifications done in each PR. 2013-06-05 07:51:10 -03:00
Roberto Soares Espreto 34243165c5 Some changes with improvements. 2013-06-04 21:22:10 -03:00
Roberto Soares Espreto e2988727fb Some changes with improvements. 2013-06-04 21:10:51 -03:00
Roberto Soares Espreto d9609fb03e Was breaking with repeated commands 2013-05-31 18:44:48 -03:00
Roberto Soares Espreto 00debd01c6 Listen for a connection and spawn a command shell via AWK 2013-05-29 21:22:49 -03:00
Roberto Soares Espreto d4a864c29f Creates an interactive shell via AWK (reverse) 2013-05-29 21:19:08 -03:00
jvazquez-r7 a4632b773a Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-28 12:59:16 -05:00
sinn3r 1d9a695d2b Landing #1772 - Adds phpMyadmin Preg_Replace module (CVE-2013-3238) 
[Closes #1772]
 2013-04-28 12:17:16 -05:00
James Lee 9c8b93f1b7 Make sure LPORT is a string when subbing 
* Gets rid of conversion errors like this:
    [-] Exploit failed: can't convert Fixnum into String
* also removes comments from php meterp. Works for me with the
  phpmyadmin_preg_replace bug, so seems legit.
 2013-04-26 15:26:31 -05:00
jvazquez-r7 cc35591723 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-15 17:43:15 -05:00
Tod Beardsley be39079830 Trailing whitespace fix 
Note that this commit needed a --no-verify because of the erroneous
check in msftidy for writing to stdout. The particular syntax of this
payload makes it look like we're doing that when we're really not.

So don't sweat it.
 2013-04-15 13:58:06 -05:00
Tod Beardsley efdf4e3983 Lands #1485, fixes for Windows-based Ruby targets 2013-04-15 13:56:41 -05:00
Tod Beardsley e149c8670b Unconflicting ruby_string method 
Looks like the conflict was created by the msftidy fixes that happened
over on the master branch. No big deal after all.
 2013-03-20 15:49:23 -05:00
jvazquez-r7 6603dcd652 up to date 2013-03-12 17:04:13 +01:00
jvazquez-r7 627e7f6277 avoiding grouping options 2013-03-11 18:26:03 +01:00
jvazquez-r7 f0cee29100 modified CommandDispatcher::Exploit to have the change into account 2013-03-11 18:08:46 +01:00
jvazquez-r7 c9268c3d54 original modules renamed 2013-03-11 18:04:22 +01:00
James Lee 2160718250 Fix file header comment 
[See #1555]
 2013-03-07 17:53:19 -06:00
RageLtMan 7f80692457 everyone will comply, resistance is futile 2013-03-06 18:38:14 -05:00
Raphael Mudge 1cc49f75f5 move flag comment to where it's used. 2013-03-03 03:26:43 -05:00
Raphael Mudge ecdb884b13 Make download_exec work with authenticated proxies 
Adds INTERNET_FLAG_KEEP_CONNECTION to HttpOpenRequest flags to allow
download_exec to transparently authenticate to a proxy device through
wininet.

Fun trivia, Windows 7 systems uses Connection: keep-alive by default.
This flag benefits older targets (e.g., Windows XP).
 2013-03-03 01:42:17 -05:00