85e1555e13
Payload compat to work with unix/interact
2012-06-12 11:46:21 -06:00
6290bba71b
Merge branch 'master' into feature/vuln-info
2012-06-12 12:41:41 -05:00
3d5417e574
Initial commit of F5 exploit
2012-06-12 11:37:22 -06:00
21ea539648
Permissions
2012-06-12 11:50:28 -05:00
4ae786590a
php_wordpress_foxypress from patrick updated. Related to Pull Request #475
2012-06-12 17:39:05 +02:00
3902ed431e
Merge pull request #474 from swtornio/mysql-module
...
add osvdb ref
2012-06-11 21:10:37 -07:00
efbaff8b37
add osvdb ref
2012-06-11 22:47:30 -05:00
89e554de2b
Adds post module for stealing GPP Passwords
...
Post module steals Group Policy Preferences account
passwords.
2012-06-11 21:20:18 -05:00
34ecc7fd18
Adding @schierlm 's AES encryption for Java
...
Tested with and without AES, works as advertised. Set an AESPassword,
get encryptification. Score.
Squashed commit of the following:
commit cca6c5c36ca51d585b8d2fd0840ba34776bc0668
Author: Michael Schierl <schierlm@gmx.de>
Date: Wed Apr 4 00:45:24 2012 +0200
Do not break other architectures
even when using `setg AESPassword`
commit 422d1e341b3865b02591d4c135427903c8da8ac5
Author: Michael Schierl <schierlm@gmx.de>
Date: Tue Apr 3 21:50:42 2012 +0200
binaries
commit 27368b5675222cc1730ac22e4b7a387b88d0d2b3
Author: Michael Schierl <schierlm@gmx.de>
Date: Tue Apr 3 21:49:10 2012 +0200
Add AES support to Java stager
This is compatible to the AES mode of the JavaPayload project.
I'm pretty sure the way I did it in the handlers (Rex::Socket::tcp_socket_pair())
is not the supposed way, but it works :-)
2012-06-11 16:13:25 -05:00
c3c9051014
Merge branch 'php_cgi_arg_injection' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-php_cgi_arg_injection
2012-06-11 11:15:15 -05:00
026d84de00
Merge pull request #470 from jvazquez-r7/struts_code_exec_exception_delegator_on_new_session
...
struts_code_exec_exception_delegator: on_new_session handler modified
2012-06-11 03:08:54 -07:00
02a5dff51f
struts_code_exec_exception_delegator_on_new_session: on_new_session modified
2012-06-11 12:07:38 +02:00
a43cf76591
Merge pull request #463 from schierlm/struts_arch_java
...
Add ARCH_JAVA support to struts_code_exec_exception_delegator
2012-06-11 03:05:37 -07:00
c5088ad670
Merge branch 'master' into fusionvm-import
2012-06-11 02:16:43 -05:00
59f591ac46
Adds jcran's MySQL bruteforce and dump module for CVE-2012-2122
2012-06-11 01:42:06 -05:00
16dafee2c1
Adds jcran's MySQL bruteforce and dump module for CVE-2012-2122
2012-06-11 01:41:14 -05:00
93a2e29ed7
Merge branch 'darkoperator-skype_enum'
2012-06-11 01:41:01 -05:00
bbd500aca9
Show a stack trace in auxiliary timeouts [ temp ]
2012-06-11 01:40:57 -05:00
d226d80919
Make msftidy happy
2012-06-11 01:34:18 -05:00
2847ed9c43
Merge branch 'skype_enum' of https://github.com/darkoperator/metasploit-framework into darkoperator-skype_enum
2012-06-11 01:28:13 -05:00
bb80124d63
Added support for shell and tested on OSX 10.6 and 10.7. Added additional session type checks.
2012-06-10 21:59:14 -04:00
b8b2f2bfce
Merge branch 'master' into fusionvm-import
2012-06-10 18:25:01 -05:00
d975d1a236
Add counter caches for host_details, vuln_details, vuln_attempts
2012-06-10 17:15:53 -05:00
fc0dc23752
Some handling around empty elements
2012-06-10 17:04:47 -05:00
a20c85a655
Remove binding.pry call
2012-06-10 17:01:31 -05:00
f9999a3033
Add FusiuonVM Importer
...
This adds a nokogiri stream parser for XML reports from
Critical Watch's FusionVM.
2012-06-10 16:38:28 -05:00
b908ccff0f
Added module for CVE-2012-0297
2012-06-10 22:38:58 +02:00
74c6eb6f78
Change the title and add a Microsoft reference.
...
This is a MS bug, therefore it's important to point out which
bulletin it belongs to.
2012-06-10 14:45:15 -05:00
efcb206cdf
Correct a typo
2012-06-10 14:38:14 -05:00
881ec8d920
Make the description clear that it only reads 4k, default datastore['FD'] to 1
2012-06-10 13:20:02 -05:00
03004645f0
Make the description clear that it only reads 4k, default datastore['FD'] to 1
2012-06-10 13:19:22 -05:00
beefea6fb9
Merge branch 'master' into feature/vuln-info
2012-06-10 12:54:58 -05:00
4f55452153
This adds import/export support for vuln_attempts
2012-06-10 12:50:59 -05:00
9dcb3059f8
MDM update
2012-06-10 03:46:58 -05:00
7c8cb2d79e
Add vuln_attempts, track exploit attempts when a matching vuln exists.
...
This also fixes an issue with report_vuln() from exploited hosts not
setting the service correctly. This introduces a fail_reason method
to the exploit base class, which attempts to determine why an exploit
did not work (closed port, unreachable host, missing page, etc). There
is still quite a bit of work to do around this to finish it up.
2012-06-10 03:15:48 -05:00
15fa178a66
Add the MSF license text (since MSF_LICENSE is already set)
2012-06-10 02:07:27 -05:00
c7546638f2
Merge branch 'master' of https://github.com/linuxgeek247/metasploit-framework into linuxgeek247-master
2012-06-10 01:58:00 -05:00
498f3323f3
Merge branch 'ms12_005' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms12_005
2012-06-10 01:53:46 -05:00
8f6457661d
Change description
2012-06-10 01:52:26 -05:00
4743c9fb33
Add MS12-005 (CVE-2012-0013) exploit
2012-06-10 01:08:28 -05:00
2b67c5132c
Adding read_file linux shellcode
2012-06-09 20:36:47 -04:00
f0082ba38f
Added module for CVE-2012-0299
2012-06-09 22:27:27 +02:00
b4d33fb85a
Add ARCH_JAVA support to struts_code_exec_exception_delegator
2012-06-09 21:53:43 +02:00
55bdbb6ec9
Merge branch 'master' into feature/vuln-info
2012-06-09 01:37:11 -05:00
e840f7e9ee
Add additional host detail columns and parsers
2012-06-09 00:43:03 -05:00
dabda58f17
Import host_details and vuln_details now
2012-06-08 23:27:02 -05:00
465998bc17
Export host_details and vuln_details, add missing refs to db_export
2012-06-08 22:55:55 -05:00
376aaa410b
Fix tag deuplication and reset after each vuln properly
2012-06-08 22:55:37 -05:00
a9ee2b3480
Use of make_nops
2012-06-08 19:20:58 +02:00
91f5f304cb
Added module for CVE-2011-2217
2012-06-08 18:10:20 +02:00
James Lee
HD Moore
jvazquez-r7
Steve Tornio
David Maloney
Michael Schierl
sinn3r
Juan Vazquez
Carlos Perez
linuxgeek247