66ee15f461
Merge and deconflict
2013-08-25 19:14:15 +01:00
cf5ddfeebf
Some war fixes
2013-08-23 18:59:48 +01:00
dfc606fe56
Slightly saner filenames
2013-08-23 18:06:48 +01:00
41b1b30438
vba transform
2013-08-23 18:00:19 +01:00
cd83077bec
Fix vba_exe
2013-08-23 17:42:46 +01:00
4d21b06f4f
Aspx uses transform
2013-08-23 17:22:33 +01:00
1cb1afa50a
Fix aspx
2013-08-23 17:09:51 +01:00
dd13a7e48f
Working .asp
2013-08-23 16:55:07 +01:00
7370fc3f4e
vbs transform
2013-08-23 16:26:03 +01:00
5040347521
Fix psh and add powershell transform
2013-08-23 15:59:19 +01:00
418505adc9
Fix psh-net
2013-08-23 15:21:26 +01:00
cfd6c66ffd
Fix VBS
2013-08-23 14:35:19 +01:00
86a83391fd
Merge remote-tracking branch 'upstream/master'
2013-08-21 16:16:20 -07:00
c2cf822013
Commit adding the template scripts.
2013-08-20 16:52:58 -07:00
e276b57ee7
Merge remote-tracking branch 'upstream/master' into python-meterpreter-dev
2013-08-19 08:37:12 -04:00
795ad70eab
Change directory names
2013-08-15 22:52:42 -05:00
cc5804f5f3
Add Port for OSVDB 96277
2013-08-15 18:34:51 -05:00
71285f395d
Sort import statements alphabetically.
2013-08-15 09:27:13 -04:00
fcf2d4bf19
Remove debug print and fix channel additions.
2013-08-13 12:50:52 -04:00
fdc9312272
Add process enumeration via PS for OSX.
2013-08-12 16:38:15 -04:00
dd2438dd1e
Improve process execution on Linux.
2013-08-09 10:39:19 -04:00
3fb4c2d27c
Add Windows registry manipulation support.
2013-08-09 08:39:05 -04:00
f3f4290783
Add process enumeration for windows.
2013-08-06 22:33:43 -04:00
2d69174c5b
Initial commit of the python meterpreter.
2013-08-05 23:38:49 -04:00
9f5f191a6b
Add Main.swf from 593363c
2013-07-29 21:53:40 -05:00
c7361043ae
up to date
2013-07-17 11:47:06 -05:00
11f8b351c0
Merge branch 'nvidia' of https://github.com/Meatballs1/metasploit-framework
2013-07-17 11:44:42 -05:00
22601e6cc7
Exit process when complete
2013-07-06 09:27:27 +01:00
66c2b79177
Initial commit
2013-07-05 19:48:27 +01:00
4ac5261802
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-02 11:20:26 -05:00
2ceb404f7d
Land #2047 , @hmoore-r7 ipmi related work
2013-07-02 11:13:25 -05:00
72f19181d1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-01 16:38:19 -05:00
1e21f0e2aa
Updated output formats, top 1000 passwords
2013-06-29 22:01:25 -05:00
a4d353fcb3
Clean a little more the VS project
2013-06-29 15:15:27 -05:00
6878534d4b
Clean Visual Studio Project
2013-06-29 09:20:40 -05:00
7725937461
Add Module for cve-2013-3660
2013-06-28 18:18:21 -05:00
f0db04c2a6
Updates to common password db
2013-06-28 10:47:14 -05:00
3c1af8217b
Land #2011 , @matthiaskaiser's exploit for cve-2013-2460
2013-06-26 14:35:22 -05:00
81a2d9d1d5
Merge branch 'module_java_jre17_provider_skeleton' of https://github.com/matthiaskaiser/metasploit-framework
2013-06-26 14:32:59 -05:00
d25e1ba44e
Make fixes proposed by review and clean
2013-06-25 12:58:00 -05:00
1ade467ac9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 11:10:43 -05:00
b32513b1b8
Fix CVE-2013-2171 with @jlee-r7 feedback
2013-06-25 10:40:55 -05:00
3244013b1f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 09:48:20 -05:00
6780566a54
Add CVE-2013-2171: FreeBSD 9 Address Space Manipulation Module
2013-06-24 11:50:21 -05:00
8a96b7f9f2
added Java7u21 RCE module
...
Click2Play bypass doesn't seem to work anymore.
2013-06-24 02:04:38 -04:00
722d33e8fa
Updated common password list
2013-06-23 13:15:31 -05:00
d9737ec03a
Updated common passwords
2013-06-23 01:52:18 -05:00
c869112407
Cleanup, reporting, and automatic cracking
2013-06-23 01:35:31 -05:00
5656e0cb7a
Initial commit of IPMI library, scanner, & cracker
2013-06-22 23:38:28 -05:00
9d0047ff74
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-07 16:44:52 -05:00
19a6f310cd
Land #1927 - Add common passwords from xato.net
2013-06-07 15:24:09 -05:00
dc680e7106
Underscores because the rest are.
2013-06-07 15:16:39 -05:00
0265dd8860
Add common passwords from xato.net
...
Mark Burnett publishes lists of top passwords occasionally. This PR adds
the top 500 and top 1024 passwords, as of 2011-06-20, linked from this
blog post:
http://xato.net/passwords/more-top-worst-passwords/
He also does a fair bit of frequency analysis there.
The 1024 list, should probably used instead of the original
unix_password.txt file. unix_password.txt was added on 2010 from an
unknown source (and since edited occasionally to add known good default
passwords). Pulling those changes into this list probably would be
helpful to guess better.
As far as I can tell, there are no special licensing terms for these
lists.
2013-06-07 15:10:14 -05:00
7090d4609b
Add module for CVE-2013-1488
2013-06-07 13:38:41 -05:00
66ea59b03f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-28 15:22:46 -05:00
9843dc4cb4
Land #1708 , android meterpreter
...
Conflicts:
data/meterpreter/ext_server_stdapi.jar
2013-05-28 12:19:45 -05:00
d5cf6c1fbc
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-23 12:37:54 -05:00
81ad280107
Landing #1856 - CVE-2013-0758 Firefox <= 17.0.1 + Flash RCE
...
Chained exploit using CVE-2013-0758 and CVE-2013-0757
2013-05-23 12:21:10 -05:00
4d5c4f68cb
Initial commit, works on three OSes, but automatic mode fails.
2013-05-15 23:32:02 -05:00
a7e4ba5015
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-30 08:32:24 -05:00
d53d6370b3
Land #1747 , mimikatz meterpreter extension
...
[Closes #1747 ]
See rapid7/meterpreter#9
2013-04-29 14:45:07 -05:00
99f5376606
Binaries for #1747
...
See rapid7/meterpeter#9
2013-04-29 14:44:18 -05:00
a4632b773a
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-28 12:59:16 -05:00
1d9a695d2b
Landing #1772 - Adds phpMyadmin Preg_Replace module (CVE-2013-3238)
...
[Closes #1772 ]
2013-04-28 12:17:16 -05:00
5900a7c03f
Whitespace
2013-04-26 15:24:02 -05:00
38e41f20fe
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-24 13:24:13 -05:00
01d790eb54
Land #1748 , fix for java meterp network prefixes
...
[Closes #1748 ]
2013-04-24 12:27:28 -05:00
a7effaf9c6
Add bins for #1748
2013-04-24 12:27:05 -05:00
1761b1ad7b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-23 17:35:35 -05:00
80fb7b85ef
Drop msfgui.jar, too.
2013-04-22 16:03:38 -05:00
1112daaff2
Remove msfgui and armitage
...
This removes the Armitage and MSFGui components from the Metasploit
distribution. You can track the latest stable releases of these
alternate GUIs here:
MSFGui: http://www.scriptjunkie.us/msfgui/
Armitage: http://www.fastandeasyhacking.com/download
2013-04-22 15:26:44 -05:00
b6365db0b5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-22 09:38:32 -05:00
19f2e72dbb
Added module for Java 7u17 sandboxy bypass
2013-04-20 01:43:13 -05:00
cc35591723
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-15 17:43:15 -05:00
32bd812bdb
android meterpreter
2013-04-12 18:57:04 +01:00
15e2ceb749
Land #1660 , dlink backdoor wordlist
...
[Closes #1660 ][See #1648 ]
2013-04-11 23:04:02 -05:00
9c0862ad7b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-11 21:53:07 +02:00
8376531a32
Land #1217 , java payload build system refactor
...
[Closes #1217 ]
2013-04-11 13:10:03 -05:00
1d09d7e6e9
Java payload bins
...
Compiled with the shiny new maven system
2013-04-11 13:08:16 -05:00
6f1fb4a873
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-06 17:23:24 +02:00
ab0535bc41
Bins for new stdapi_fs_file_move command
...
See rapid7/meterpreter#6
2013-04-04 23:39:22 -05:00
2d47be425f
Latest meterpreter bins
...
See rapid7/meterpreter#1 and rapid7/meterpreter#5
2013-04-04 22:57:13 -05:00
224188ddf6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-29 21:49:40 +01:00
bafb50a173
Merge commit for JtR recompile
...
Also changes a bunch of file modes to be less permissive.
[Closes #1662 ]
2013-03-29 09:05:12 -05:00
6cd6a7d6b9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-28 12:16:18 +01:00
7bf87f3546
Merge branch 'mipsbe_elf' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-mipsbe_elf
2013-03-27 11:55:09 -05:00
c225d8244e
Added module for CVE-2013-1493
2013-03-26 22:30:18 +01:00
18559e35fc
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-26 19:50:45 +01:00
a644ceb016
Added support for mipsbe elf
2013-03-26 17:20:43 +01:00
73c2610822
Merge remote-tracking branch 'jvazquez-r7/mipsle_elf_support' into rapid7
...
[Closes 1666]
2013-03-26 10:38:32 -05:00
ae56bc0b37
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-26 11:21:16 +01:00
e78635fc0f
fix segment virtual address
2013-03-26 10:50:29 +01:00
ee199f64cb
Merge pull request #1664 from scriptjunkie/msfguiKaliConnect
...
MSFGUI service autoconnect, DB fixes
2013-03-25 21:58:28 -07:00
1b6398d4fd
Service autoconnect, DB fixes
...
First check if database is connected before trying to connect.
Autologin in Kali with new token login.
2013-03-25 20:44:48 -05:00
4fff624632
added initial support for ELF misple
2013-03-26 01:08:31 +01:00
83d1f8d499
Compile John the Ripper against libssl 1.0.0
...
We use OpenSSL 1.0.0 in installed environments. Previously, John the
Ripper was compiled against 0.9.8 which prevented it from running. This
recompiles the same version (jtr 1.7.8 jumbo 2) against OpenSSL 1.0.0.
[FIXRM #7834 ]
2013-03-25 17:12:51 -05:00
5504c58b11
Add dlink pass for #1648
2013-03-25 13:25:19 -05:00
393d5d8bf5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-25 19:09:42 +01:00
660d3d5388
Merge branch 'linksys-traversal' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-linksys-traversal
2013-03-25 17:31:11 +01:00
2d5a0d6916
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-25 17:08:23 +01:00
dfcce010c1
Merge pull request #1650 from scriptjunkie/msfguiKaliConnect
...
Kali fixes, changes only affect msfgui
2013-03-24 19:34:22 -07:00
438d348fda
Kali fixes
...
Check the new database config location.
Don't crash on sporadic JRE style error.
2013-03-24 21:00:38 -05:00
36d1746c0d
linksys traversal module - initial commit
2013-03-23 17:01:02 +01:00
80d218b284
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-19 19:55:51 +01:00
27778e6ea9
fix comma typo
2013-03-19 19:20:39 +01:00
be9d4ec393
New pt for virtualprotect, and readjust size to 0x401
2013-03-19 09:25:06 -05:00
ea4c88bc2c
Java Rop null-byte free
...
Our new heap spray routine does not like double nulls, so we need
to adjust our ROP.
2013-03-18 23:42:17 -05:00
2d99b949a2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-13 09:36:35 +01:00
16fad29cb0
Update creds schema.
2013-03-12 23:07:40 -05:00
74b58185cd
up to date
2013-03-12 16:48:11 +01:00
f37d9c2834
Initial commit
2013-03-09 17:24:03 +00:00
e1859ae4b6
Merge branch 'rsmudge-armitage'
2013-03-06 19:31:44 -06:00
a30b61e4aa
Merge branch 'rsmudge-armitage'
2013-03-06 16:39:00 -06:00
4ab8315db0
Armitage 03.06.13
...
Apparently, my last update came from the future. This modification
to that future update fixes an oversight preventing Armitage from
connecting to its collaboration server because it would report the
wrong application.
2013-03-04 23:11:20 -05:00
59d2f05c94
Armitage 04.06.13
...
This update to Armitage improves its responsiveness when connected
to a team server over a high latency network. This update also adds
a publish/query/subscribe API to Cortana.
2013-03-04 18:32:45 -05:00
239e1934b8
Use migrations from metasploit_data_models
...
[#44034071 ]
metasploit_data_models version 0.5.0 copied the migrations from
metasploit-framework/data/sql/migrate to
metasploit_data_models/db/migrate so that specs could be written the Mdm
models in metasploit_data_models. As part of the specs, :null => false
columns that should be :null => true were discovered, so a new migration
was added, but to metasploit_data_models/db/migrate, so it could be
tested. Instead of replicating migrations back and forth, I'm removing
the migrations completely from metasploit-framework and changing the
default migration path in Msf::DbManager#migration_paths to
MetasploitDataModels.root.join('db', 'migrate').
2013-03-01 09:03:45 -06:00
dd9002fcab
Merges ChrisJohnRiley's new password
...
Lands https://github.com/rapid7/metasploit-framework/pull/1521
Closes #1521
(Forgive the oververbose commit message, experimenting with various
syntax hilighters)
2013-02-25 08:39:27 -06:00
28fd92a013
Added new default password foe TMSADM
...
Based on: http://blog.ptsecurity.com/2013/02/sap-unknown-default-password-for-tmsadm.html
2013-02-25 09:00:57 +01:00
d7b89a2228
added security level bypass
2013-02-20 17:50:47 +01:00
d88ad80116
Added first version of cve-2013-0431
2013-02-20 16:39:53 +01:00
bc03247386
Merge branch 'sap_url_update' of github.com:ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-sap_url_update
2013-02-19 15:08:26 -06:00
9af43bc05c
newline to sap_default.txt
2013-02-18 15:58:29 +01:00
a91bbf5f69
Merge branch 'sap_default_user_additions' of https://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-sap_default_user_additions
2013-02-18 15:57:26 +01:00
c8778587f5
rename the xml template for s4u
2013-02-18 15:25:03 +01:00
be0feecf8f
Merge branch 's4u_persistence' of https://github.com/smilingraccoon/metasploit-framework into smilingraccoon-s4u_persistence
2013-02-18 15:22:37 +01:00
6519444112
Addition defaults
2013-02-15 13:35:25 +01:00
5df03f790b
Remove end of line spaces and rerun uniq
2013-02-15 13:31:35 +01:00
fb7d0159c3
Further URLs
2013-02-15 13:26:44 +01:00
21366dd4df
Updated SAP URL list to include further known URLs
2013-02-15 13:20:23 +01:00
398e6cb202
Merge branch 'rsmudge-armitage'
2013-02-13 10:38:30 -06:00
596b62b831
Armitage 02.12.13 - Distributed Operations
...
This update adds the ability to manage multiple team server instances
through one Armitage client. This update also adds nickname completion
to the event log. Several bug fixes are included too.
2013-02-11 21:20:03 -05:00
41564fd51d
Merge branch 'aux-word_unc_injector.rb' of https://github.com/SphaZ/metasploit-framework into SphaZ-aux-word_unc_injector.rb
2013-02-11 15:05:27 +01:00
3a499b1a6d
added s4u_persistence.rb
2013-02-10 14:22:36 -05:00
447f78cb24
Handle nonstandard ports when starting new msfrpcd.
2013-02-04 17:24:41 -06:00
24de0d2274
Data files moved. Updated to use Rex::zip and Msf::Exploit::FILEFORMAT
2013-02-04 13:37:09 +01:00
293f9da5cf
Merge branch 'bug/pro-only-models'
...
Updates to use MDM 0.4.0 (was using 0.3.0)
2013-01-31 16:14:51 -06:00
d0ecb617c3
Merge branch 'joomla-scanner' of https://github.com/Newpid0/metasploit-framework into Newpid0-joomla-scanner
2013-01-25 21:47:05 +01:00
bf2b01f8ef
Delete a file and strip space
2013-01-24 09:30:04 -05:00
6e94c04a52
Code Corrections and Enhancements
2013-01-23 20:26:23 -05:00
e376bb6fab
Merge branch 'rsmudge-armitage'
2013-01-22 22:52:35 -06:00
8c86c49d43
Armitage 01.23.13
...
This update to Armitage adds the ability to assign labels to hosts
and create dynamic workspaces based on these labs. This update also
adds helpers to configure USERNAME/PASSWORD options and EXE::Custom
and EXE::Template. Several bugs were fixed as well.
2013-01-22 22:48:16 -05:00
807bd6e88a
Merge branch 'java_jre17_glassfish_averagerangestatisticimpl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_glassfish_averagerangestatisticimpl
2013-01-22 15:33:39 +01:00
78279a0397
Added new module for cve-2012-5076
2013-01-17 21:27:47 +01:00
d0b9808fc7
Added module for CVE-2012-5088
2013-01-17 21:14:49 +01:00
0b61d28e0e
added Joomla scanner and url wordlist
2013-01-17 11:36:59 -05:00
51f3f59d2f
cve and references available
2013-01-11 00:54:53 +01:00
f8e1ccc27e
Remove cred_files migration
...
[#41837027 ]
Mdm::CredFile is only used in Pro, so for metasploit_data_models 0.4.0,
Mdm::CredFiles has been moved to Pro, so the migration has been moved to
Pro too.
2013-01-10 17:50:00 -06:00
876d889d82
added exploit for j7u10 0day
2013-01-10 20:30:43 +01:00
7d1716b79f
Turnkey Linux default password
2013-01-08 22:47:53 -05:00
5348127fd2
Metasploit 4.5 Installer Environment Tweak
...
Armitage on Windows requires the user to specify their MSF
install folder. This tweak checks for an MSF 4.5 environment
and updates the specified folder to make everything work.
Like magic.
2013-01-04 13:08:47 -05:00
Meatballs
shellster
Spencer McIntyre
jvazquez-r7
Tod Beardsley
HD Moore
sinn3r
Matthias Kaiser
James Lee
Joe Vennix
timwr
Tod Beardsley
sinn3r
Josh
scriptjunkie
Brandon Turner
m-1-k-3
Raphael Mudge
Luke Imhoff
Chris John Riley
smilingraccoon
SphaZ
f8lerror
Sam Gaudet