infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
18,227 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

9108 Commits (7b43117d874e896621420ce87974a4c7e8e8ec72)

Author SHA1 Message Date
Console 7b43117d87 Added RCE for Struts versions earlier than 2.3.14.2 
Heavily based upon my previous module for parameters
interceptor based RCE.
Tested against the POC given at the reference website successfully.
 2013-05-28 18:26:57 +01:00
jvazquez-r7 94bc3bf8eb Fix msftidy warning 2013-05-20 10:35:59 -05:00
jvazquez-r7 395aac90c2 Do minor cleanup for linksys_wrt160nv2_apply_exec 2013-05-20 10:34:39 -05:00
jvazquez-r7 08b2c9db1e Land #1801, @m-1-k-3's linksys wrt160n exploit 2013-05-20 10:33:44 -05:00
m-1-k-3 1a904ccf7d tftp download 2013-05-19 20:37:46 +02:00
jvazquez-r7 dfa19cb46d Do minor cleanup for dlink_dir615_up_exec 2013-05-19 12:43:01 -05:00
jvazquez-r7 348705ad46 Land #1800, @m-1-k-3's exploit for DLINK DIR615 2013-05-19 12:42:02 -05:00
m-1-k-3 f3a2859bed removed user,pass in request 2013-05-19 18:50:12 +02:00
m-1-k-3 aee5b02f65 tftp download check 2013-05-19 18:45:01 +02:00
m-1-k-3 4816925f83 feeback included 2013-05-19 16:19:45 +02:00
James Lee 42d8173d17 Land #1837, broken references 2013-05-16 14:32:46 -05:00
James Lee 3009bdb57e Add a few more references for those without 2013-05-16 14:32:02 -05:00
jvazquez-r7 d9bdf3d52e Do final cleanup for sap_smb_relay 2013-05-16 14:25:10 -05:00
jvazquez-r7 9dd582c526 Land #1656, @nmonkee's module for SMB Relay attacks against SAP 2013-05-16 14:23:39 -05:00
h0ng10 ccef6e12d2 changed to array in array 2013-05-16 19:03:47 +02:00
h0ng10 460542506d changed to array 2013-05-16 19:01:20 +02:00
h0ng10 378f0fff5b added missing comma 2013-05-16 18:59:46 +02:00
jvazquez-r7 c21035c0b9 Add final cleanup for sap_ctc_verb_tampering_user_mgmt 2013-05-16 10:42:09 -05:00
jvazquez-r7 7823df0478 Change module filename 2013-05-16 10:41:25 -05:00
jvazquez-r7 f3f0272395 Land #1652, @nmonkee's SAP CTC Verb Tampering for User Mgmt module 2013-05-16 10:40:17 -05:00
nmonkee 11286630d5 modifications to CLBA_ SOAP requests to fix XML kernel processor error 2013-05-16 11:24:29 +01:00
jvazquez-r7 c82bb73347 Avoid super verbose output 2013-05-15 17:45:37 -05:00
James Lee 61afe1449e Landing #1275, bash cmdstager 
Conflicts:
	lib/rex/exploitation/cmdstager.rb

Conflict was just the $Id$ tag, which is no longer used anyway.
 2013-05-15 10:44:05 -05:00
James Lee 2504aa4550 Land #1812, mailvelope chrome extension key grabber 2013-05-15 10:10:36 -05:00
jvazquez-r7 649a8829d3 Add modules for Mutiny vulnerabilities 2013-05-15 09:02:25 -05:00
jvazquez-r7 c410a54d44 Merge SAP SMB Relay abuses in just one module 2013-05-14 20:53:08 -05:00
jvazquez-r7 357ef001cc Change module filename 2013-05-14 20:52:33 -05:00
sinn3r e1111928c2 Adds patch info for ie_cgenericelement_uaf 
This one is MS13-038
 2013-05-14 14:55:02 -05:00
sinn3r 41e9f35f3f Landing #1819 - Convert sap_mgmt_con_osexec_payload to multi platform 2013-05-14 14:48:16 -05:00
sinn3r 5e925f6629 Description update 2013-05-14 14:20:27 -05:00
jvazquez-r7 42cfa72f81 Update data after test kloxo 6.1.12 2013-05-13 19:09:06 -05:00
jvazquez-r7 58f2373171 Added module for EDB 25406 2013-05-13 18:08:23 -05:00
sinn3r 5e997aaf80 Landing #1816 - lists essential information about CouchDB 2013-05-13 16:46:20 -05:00
sinn3r cba045a604 Make additional changes to the module 2013-05-13 16:42:33 -05:00
Tod Beardsley e3384439ed 64-bit, not '64 bits' 2013-05-13 15:40:17 -05:00
jvazquez-r7 e71e0c1c28 Land #1822, @wchen-r7's module for Coldfusion HTP disclosed exploit 2013-05-13 12:41:54 -05:00
jvazquez-r7 f04ca17bb9 Fix default action 2013-05-13 11:56:02 -05:00
jvazquez-r7 5b64379553 Add Coldfusion 9 target, OSVDB ref and review 2013-05-13 11:55:11 -05:00
sinn3r 60299c2adb Add EDB-25305 - That ColdFusion 10 sub0 0day stuff 
This is just an aux module that extract passwords from
password.properties. Yes, this can leverage a shell too, but
obviously that's best implemented in #1737, or as a new exploit.
We'll see.
 2013-05-12 21:23:53 -05:00
jvazquez-r7 feac292d85 Clean up for dlink_dsl320b_password_extractor 2013-05-12 17:35:59 -05:00
jvazquez-r7 ee46771de5 Land #1799, @m-1-k-3's auth bypass module for Dlink DSL320 2013-05-12 17:34:08 -05:00
m-1-k-3 981cc891bc description 2013-05-12 20:07:32 +02:00
jvazquez-r7 ce594a3ba2 Deprecate modules/exploits/windows/http/sap_mgmt_con_osexec_payload 2013-05-12 08:46:40 -05:00
jvazquez-r7 495f1e5013 Add multi platform module for SAP MC exec exploit 2013-05-12 08:46:00 -05:00
sinn3r 7fcf20201b Ranking should be the same (to GoodRanking) 2013-05-11 09:19:25 -05:00
Roberto Soares Espreto a94d078bfd Added the statement return to condition: if res.nil? 2013-05-11 00:59:05 -03:00
Roberto Soares Espreto 18ee9af59f Added couchdb_enum.rb to list essential information about CouchDB 2013-05-10 23:18:48 -03:00
James Lee 55fc1458de Simplify and clean up some 
I'd really love to make this work on Linux as well, since it's really
just a file grabber/parser. Unfortunately, the Post API for enumerating
users and homedirs isn't great for cross-platform stuff like this.

A few small changes, all verified on Windows 7:

* Reuse the key storing code instead of copy-paste with minor changes

* Use binary mode when opening the stored prefs

* Don't bother checking for incognito since we're using `steal_token`
  anyway

* Check for existence of directories instead of guessing based on OS
  match
 2013-05-10 16:58:35 -05:00
Rob Fuller 84ff72eb92 use file_exist? instead of fs.file.stat 2013-05-10 11:17:42 -04:00
Rob Fuller 25f7af43b4 use gsub instead of split/join 2013-05-10 11:12:56 -04:00