6cb331e74d
Land 7281, add vagrant default password to wordlist
2016-09-07 13:01:01 +01:00
96f81b4817
add root:vagrant to root_userpass
2016-09-07 12:59:12 +01:00
c6012e7947
add jsp payload generator
2016-09-06 22:17:21 +02:00
9d5a276e91
Fix recent metasploit-framework.gemspec conflict.
2016-09-06 13:10:28 -05:00
23a5d737fc
Add password "vagrant" to wordlists
...
The password "vagrant" is often used in Metasploitable3.
2016-09-06 12:36:02 -05:00
83160b7e49
Land #7173 , Add post module to compress (zip) a file or directory
2016-08-24 09:38:04 -05:00
e154aafaaa
On Error Resume Next for zip.vbs
2016-08-17 17:08:38 -05:00
8bece28d00
remove *scan bins as well
...
all *scan bins need to be removed as the rex-bin_tools
gem will now handle these and put them in PATH
MS-1691
2016-08-15 14:04:00 -05:00
8f7d0eae0c
Fix #7155 - Add post module to compress (zip) a file or directory
...
Fix #7155
2016-08-02 14:44:58 -05:00
21e6211e8d
add exploit for cve-2016-0189
2016-08-01 13:26:35 -05:00
d1f65b27b8
Land #7151 , Improve CVE-2016-0099 reliability
2016-07-29 09:22:11 -05:00
ee40c9d809
Land #6625 , Send base64ed shellcode and decode with certutil (Actually MSXML)
2016-07-28 13:01:05 -07:00
322fc11225
Fix whitespace
2016-07-27 12:37:14 -05:00
dbe31766af
Update CVE-2016-0099 Powershell
2016-07-27 12:35:43 -05:00
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e02167b1d9596c7
2016-07-15 12:00:31 -05:00
8f928c6ca1
Land #7006 , Add MS16-032 Local Priv Esc Exploit
2016-07-12 15:22:35 -05:00
621f3fa5a9
Change naming style
2016-07-12 15:18:18 -05:00
2b016e0216
Land #6812 , remove broken OSVDB references
2016-07-11 22:59:11 -05:00
b4b3a84fa5
refactor ms16-016 code
2016-07-05 20:50:43 -05:00
df1a9bee13
Move ps1, Use Env var, Fix license, New Cleanup
...
MS16-032 ps1 moved to external file. This ps1 will now detect windir
to find cmd.exe. The module now also detects windir to find
powershell.exe. The license is now BSD_LICENSE, and the required
copyright has been moved to the ps1. The previous optional cleanup stage
is now standard. The optional 'W_PATH' assignment is corrected to
select the user's variable unless 'W_PATH' is nil.
2016-06-22 09:25:48 -04:00
ba72d3fd92
Land #6988 , Update banners to metasploit.com, not .pro
2016-06-17 15:29:30 -05:00
cd207df6b8
adding karaf to unix lists per 4358
2016-06-15 20:31:48 -04:00
fe4cfd7e3e
Update banners to metasploit.com, not .pro
2016-06-14 15:11:04 -05:00
ab27c1b701
Merge pull request #6940 from samvartaka/master
...
Exploit for previously unknown stack buffer overflow in Poison Ivy versions 2.1.x (possibly present in older versions too)
2016-06-08 11:25:51 -05:00
5260031991
Modifications based on suggestions by @wchen-r7
2016-06-08 01:17:15 +02:00
9128ba3e57
Add popen() vuln to ImageMagick exploit
...
So... we've actually been sitting on this vuln for a while now. Now that
the cat's out of the bag [1], I'm updating the module. :)
Thanks to @hdm for his sharp eye. ;x
[1] http://permalink.gmane.org/gmane.comp.security.oss.general/19669
2016-06-02 11:35:37 -05:00
7b024d1a72
Land #6914 , add siem to the namelist
2016-05-24 14:22:44 -05:00
9d545b0a05
Update namelist.txt
2016-05-24 13:00:59 -04:00
2bac46097f
Remove url() for MVG
...
Technically unnecessary here.
2016-05-05 14:18:42 -05:00
334c432901
Force https://localhost for SVG and MVG
...
https: is all that's needed to trigger the bug, but we don't want wget
and curl to gripe. localhost should be a safe host to request.
2016-05-05 14:18:42 -05:00
decd770a0b
Encode the entire SVG string
...
Because why not? Not like people care about what's around the command.
2016-05-05 14:18:42 -05:00
232cc114de
Change placeholder text to something useful
...
A la Shellshock. :)
2016-05-05 14:18:42 -05:00
5c04db7a09
Add ImageMagick exploit
2016-05-05 14:18:42 -05:00
71c8ad555e
Resolve #6839 , Make Knowledge Base as default
...
Resolve #6839
2016-05-02 14:12:09 -05:00
d80d2bb8d3
Land #6825 , Fixed borders on code boxes
2016-04-27 11:59:52 -07:00
816bc91e45
Resolve #6807 , remove all OSVDB references.
...
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.
Resolve #6807
2016-04-23 12:32:34 -05:00
57ab974737
File.exists? must die
2016-04-21 00:47:07 -04:00
22831695dd
Land #6721 , Add additional SOLMAN default creds
2016-03-30 10:48:53 -05:00
4f84c5a3b7
Add additional SOLMAN default creds
2016-03-29 15:53:15 +01:00
629bc00696
Use MSXML decoder instead
2016-03-25 22:52:16 +09:00
57984706b8
Resolve merge conflict with Gemfile
2016-03-24 18:13:31 -05:00
76c6f8c19d
Move module_doc_template
2016-03-24 17:07:19 -05:00
e29fc5987f
Add missing stream.raw for hp_sitescope_dns_tool
...
This adds the missing stream.raw.
2016-03-15 11:06:06 -05:00
d6742c4097
Change <hr> color
2016-03-10 10:44:18 -06:00
ad0a948ae7
Update module_doc_template
2016-03-08 12:21:20 -06:00
58b8c35146
Escape HTML for KB and update rspec
2016-03-08 10:10:10 -06:00
027315eeaa
Update post_demo_template
2016-03-05 20:33:40 -06:00
03eb568af7
Add --- to make sections to stand out more
2016-03-05 15:17:19 -06:00
f4866fd5f0
Update template and web_delivery doc
2016-03-03 01:27:14 -06:00
cececa749d
Update css
2016-03-03 00:58:17 -06:00
11964c5c1a
Add remote exploit demo and web_delivery doc
2016-03-02 19:52:11 -06:00
19bd7b98f4
Fix minor indenting issue
2016-03-01 11:50:56 +09:00
c8c5549b19
Send base64ed shellcode and decode with certutil
2016-03-01 10:48:25 +09:00
fd8e3e719d
real demo
2016-02-26 14:43:53 -06:00
ed0dfa5725
basic usage
2016-02-26 14:35:07 -06:00
250ce6fb17
lets be clear
2016-02-26 14:30:12 -06:00
1c53e53d23
More info about how to write the doc
2016-02-26 14:24:24 -06:00
e40f1e69db
Update default template
2016-02-26 14:18:24 -06:00
6060c7b09b
We make this pretty
2016-02-26 14:15:54 -06:00
95a9f42996
Add a template for future module documentation
2016-02-24 19:28:17 -06:00
24530e2734
Scrollable list, tab name change, print_status
2016-02-19 20:46:39 -06:00
34d10d7829
Should be fullname
2016-02-19 00:13:55 -06:00
7444a0ff04
Make it more obvious which tab the user is viewing
2016-02-18 17:59:45 -06:00
4fc7008561
Close div properly
2016-02-18 16:12:27 -06:00
56c2ba9f75
Turn the HTML template into external
2016-02-18 15:41:14 -06:00
e5ad6fa781
Support "knowledge base"
2016-02-18 15:02:24 -06:00
f8d6a59cdc
Change wording
2016-02-18 12:19:25 -06:00
089d6985b6
Add more demo templates
2016-02-18 00:17:32 -06:00
1bfe1ad140
More demos
2016-02-17 19:04:06 -06:00
76f2c917ee
Allow no GITHUB_OAUTH_TOKEN, and gsub for demo
2016-02-17 15:38:30 -06:00
714106174e
Do external erb template
2016-02-17 14:27:29 -06:00
b0cfb4aacf
Add info -d to show module documentation in .md
2016-02-16 22:44:03 -06:00
aeb1d80e0d
Adding top 100 adobe passwords
2016-02-11 08:55:45 +08:00
b3e8bd1dab
Updated zsploit screens to use std msf colors
...
Using Rex::Ui::Text::Colors now instead of ansi codes
Thanks to @mainframed for the quick turnaround
2016-02-09 12:01:25 -06:00
90e37ea749
Added three cool new mainframe themed screens
...
Thanks to *Solider of Fortran* @mainframed for his amazing original artwork!
These set of 3 limited edition, original, one-of-a-kind screens will modernize
your msf installation to the 1960s and beyond. No seriously they are super cool
and now that metasploit-framework supports System Z - it seemed only fitting.
2016-01-20 06:10:51 -06:00
7f9b804060
Land #6410 , remove JtR binaries, update for independent framework releases
2016-01-06 14:16:49 -06:00
97ae09729c
Add john.conf to data dir as referenced by: lib/metasploit/framework/jtr/cracker.rb
2016-01-06 13:00:05 -06:00
ae57bce262
Adding wordlists back to path
2016-01-06 12:54:25 -06:00
bf764deefb
Add SCADA Default UserPass List
...
This list was based on SCADAPASS: https://github.com/scadastrangelove/SCADAPASS
2016-01-06 12:25:29 +08:00
be340774ea
Land #6432 , Piata SSH scanner wordlist
2016-01-05 10:15:17 -06:00
66e2d945d8
Add more SAP ICM paths
2016-01-05 13:05:46 +08:00
913e8ec525
Update piata_ssh_userpass.txt
2016-01-05 11:28:54 +08:00
713828d0b6
Add piata wordlist
...
Add user and pass wordlist from Piata Mass SSH scanner
2016-01-05 11:27:04 +08:00
8090bbc750
Changes to support framework as a gem
2015-12-30 11:00:45 -06:00
5f5b3ec6a1
Add MS15-134 Microsoft Windows Media Center MCL Information Disclosure
...
CVE-2015-6127
2015-12-17 22:41:58 -06:00
eb4611642d
Add Jenkins CLI Java serialization exploit module
...
CVE-2015-8103
2015-12-11 14:57:10 -06:00
c301c7c7b0
use wav with sounds plugin for windows / linux compat
2015-12-08 16:20:44 -06:00
d44224142e
Update audio files
2015-11-25 23:41:18 -06:00
776455d10a
Add another sound and event
...
Add sound: "We've got a shell"
Add event on_session_fail
2015-11-25 22:46:51 -06:00
af8c557fa9
Add the MP3s
2015-11-25 18:09:27 -06:00
fa32f43ee4
Muts says "Try harder!" or "Excellent" for the sounds plugin
...
With the sounds plugin, muts will say "excellent!" when a session
is received. If a session is terminated (either exited or lost),
muts will say "try harder!"
2015-11-25 18:06:58 -06:00
8703987535
Add HTTPS and new transport support for hop
2015-11-11 21:25:23 -06:00
9c347fbaae
Land #6195 , remove ff buildid from os.js
2015-11-05 15:01:15 -06:00
2f65405a4e
Fix missing brace and indent level
2015-11-05 14:30:26 -06:00
1f73bbe7ca
Remove obsolete files in data/gui/
2015-11-02 10:44:47 -06:00
d90f87449a
Fix merge
2015-09-22 16:55:01 -05:00
7d2a2a8b64
Fix issues with using hop for new core
2015-09-22 16:54:02 -05:00
48b06a2cd9
Fixed no detection error
2015-09-18 10:48:24 -05:00
858d3f5a55
Closes #3936 , Remove Firefox buildid from os.js
2015-09-16 16:04:22 -05:00
c7afe4f663
Land #5930 , MS15-078 (atmfd.dll buffer overflow)
2015-09-16 15:33:38 -05:00
9626596f85
Clean template code
2015-09-12 13:43:05 -05:00
53f995b9c3
Do first prototype
2015-09-10 19:35:26 -05:00
30cb93b4df
Land #5940 , @hmoore-r7's fixes for busybox post modules
2015-09-08 15:12:23 -05:00
122d57fc20
Land #5945 , Add auto-accept to osx/enum_keychain
2015-09-08 10:56:08 -05:00
1b320bae6a
Add auto-accept to osx/enum_keychain.
2015-09-07 21:17:49 -05:00
091c4d5214
Expand and reorder
2015-09-05 22:51:32 -05:00
76d74576db
Remove FTP-only default credentials
2015-09-05 22:39:51 -05:00
21b69b9430
Remove HP MPE/iX password defaults
2015-09-05 22:38:30 -05:00
eaf51a2113
Land #5722 , @vallejocc's busybox work
2015-09-04 13:36:44 -05:00
b39575928e
Update reflective exploit
2015-09-03 11:01:41 -05:00
b912e3ce65
Add exploit template
2015-09-02 17:28:35 -05:00
4090c2c8ea
Land #5880 , adds ScriptHost UAC bypass for Win7/2008
2015-09-02 14:14:18 -05:00
1b778d0650
Land #5898 , use gem version of php & python meterp
2015-08-31 16:16:36 -05:00
30830ad9e5
Land #5262 , fix webcam_chat and tidy adjacent code
2015-08-31 14:21:24 -05:00
a51d3df753
typo
2015-08-31 14:18:55 -05:00
9364982467
Land #5665 , Add osx rootpipe entitlements exploit for 10.10.3
2015-08-28 13:33:16 -05:00
11db9c2112
Land #5896 , Update ms15_004_tswbproxy to use a Reflective DLL
2015-08-27 17:11:26 -05:00
593f501571
finish move of php / python meterpreters to metasploit-payloads
2015-08-27 11:34:22 -05:00
a2d5511e39
Land #5379 , new post modules to load into powershell sessions
2015-08-26 17:11:40 -05:00
5d0ed797a3
Update DLL
2015-08-26 15:15:32 -05:00
228087dced
Initial working scripthost bypass uac
2015-08-23 20:16:15 +01:00
129edd8b2e
Original bypass script
2015-08-23 19:46:24 +01:00
d54249370b
Move tpwn source to external/source/exploits
2015-08-17 18:27:47 -05:00
efc980074c
Add tpwn exploit files
2015-08-17 17:11:07 -05:00
5dd015150c
Land #5748 , refactor google geolocate, add wlan_geolocate and send_sms to android meterpreter
2015-08-16 10:58:17 -05:00
1db376bed8
check if a process still exists before deleting it
2015-08-15 19:46:04 -05:00
5ff61ca5f3
Added modules to jailbreak and control remotely BusyBox based devices. It was added to a word list with default credentials typically used by commercial routers.
2015-08-10 18:29:41 +02:00
121fe1adda
Land #5654 : Python Meterpreter Transport
2015-07-22 10:39:06 +10:00
7113c801b1
Land #5732 , reliability update for adobe_flash_hacking_team_uaf
2015-07-17 16:43:39 -05:00
837eb9ea38
Land #5742 , better quality coverage for adobe_flash_opaque_background_uaf
2015-07-17 16:25:14 -05:00
255d8ed096
Improve adobe_flash_opaque_background_uaf
2015-07-16 14:56:32 -05:00
010e48919e
Pymet immediately change transports on tcp failure
2015-07-16 11:00:43 -04:00
0cb5000e48
Pymet use incremental backoff for http recv pkt
2015-07-16 10:29:36 -04:00
986463e489
Fix killav post module, handle errors, better output
2015-07-16 11:35:01 +10:00
8bead8fd87
av_list.txt
...
it's the av_list.txt, i sure hope this works.
2015-07-15 20:26:42 -04:00
831cb904a9
Pymet fix the new transport position
2015-07-15 19:45:34 -04:00
a637921305
Update swf
2015-07-15 18:35:41 -05:00
b504f0be8e
Update adobe_flash_hacking_team_uaf
2015-07-15 18:18:04 -05:00
18cb55f1fa
Pymet fix transport automatic roll over
2015-07-14 15:18:11 -04:00
00da619556
Pymet fix previous transport index logic
2015-07-14 14:32:57 -04:00
9f48853e00
Pymet fix the order in which transports are added
2015-07-14 14:26:27 -04:00
d6565a9aee
Merge branch 'bes_flash' into bapv2_flash_test
2015-07-14 00:34:54 -05:00
b72ba7f51c
Add AS2 flash detection code
2015-07-13 18:26:02 -05:00
8fb6bedd94
Delete as3 detecotr
2015-07-13 18:23:39 -05:00
9116460cb0
Add prototype with AS3
2015-07-13 16:33:55 -05:00
299978d0e2
Put again old exploiter
2015-07-11 00:36:32 -05:00
63005a3b92
Add module for flash CVE-2015-5122
...
* Just a fast port for the exploit leaked
* Just tested on win7sp1 / IE11
2015-07-11 00:28:55 -05:00
3d630de353
Replace with a real CVE number
2015-07-07 14:44:12 -05:00
2cdaace42f
Land #5678 , Land adobe_flash_hacking_team_uaf.r
2015-07-07 12:34:59 -05:00
d9aacf2d41
Add module for hacking team flash exploit
2015-07-07 11:19:48 -05:00
Tim
Christian Mehlmauer
Pearce Barry
wchen-r7
Brendan
David Maloney
William Webb
Brent Cook
khr0x40sh
h00die
Tod Beardsley
samvartaka
William Vu
x90" * 365
Meatballs
f7b053223a9e
l0gan
Jay Turla
Bigendian Smalls
Chris Doughty
dmohanty-r7
scriptjunkie
Louis Sato
James Lee
Mo Sadek
jvazquez-r7
joev
HD Moore
jvicente
OJ
Spencer McIntyre
Marc-Andre Meloche