infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
38,513 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

20220 Commits (81fa068ef0a0669c2deb124e3fcd9efdbeb5281d)

Author SHA1 Message Date
Vex Woo b5284375a7 osb_uname_jlist - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:16:53 -05:00
Vex Woo 11fedd7353 ca_totaldefense_regeneratereports - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:15:28 -05:00
Vex Woo a6405beeda ams_hndlrsvc - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:13:40 -05:00
Vex Woo 41bcdcce61 fix struts_code_exec_exception_delegator - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:11:57 -05:00
Vex Woo bc257ea628 fix struts_code_exec - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:10:32 -05:00
Vex Woo 68b83c6e3a datastore['CMD'].blank? 2016-05-17 23:56:59 -05:00
h00die 815a2600a8 additional description 2016-05-17 22:07:33 -04:00
h00die 640e0b9ff7 working ready for pr 2016-05-17 21:58:32 -04:00
Vex Woo a4e7e373f3 fix ams_xfr.rb - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-17 17:55:18 -05:00
wchen-r7 e8ac568352 doesn't look like we're using the tcp mixin 2016-05-17 03:15:26 -05:00
wchen-r7 08394765df Fix #6879, REXML::ParseException No close tag for /div 2016-05-17 03:14:00 -05:00
William Vu 9c61490676 Fix some inconsistencies 
Failed to catch these while editing. :(
 2016-05-17 02:50:12 -05:00
Jon Hart 92d07f74ff
Remove unnecessary double expand_path 2016-05-16 17:34:12 -07:00
Jon Hart 8bccfef571
Fix merge conflict 2016-05-16 17:29:45 -07:00
Brent Cook cf0176e68b
Land #6867, Add Dell SonicWALL Scrutinizer 11.0.1 MethodDetail SQL Injection 2016-05-16 19:00:10 -05:00
wchen-r7 3ea2f62376
Land #6875, update description for auxiliary/spoof/nbns/nbns_response 2016-05-15 12:34:53 -05:00
wchen-r7 8e85e8f9d7
Land #6859, Add TP-Link sc2020n Module 2016-05-15 12:33:54 -05:00
sho-luv 5361aaadbd Update nbns_response.rb 
Just correcting the description section of this module
 2016-05-14 15:24:38 -07:00
Brent Cook 21d74a64fe
Land #6874, Improve exploit for CVE-2016-0854 2016-05-14 11:08:17 -05:00
Brent Cook 0d176f2c92 remove a couple of unnecessary ternary ops 2016-05-14 11:07:43 -05:00
Brent Cook c7cbaa08c8
Land #6576, add Search Engine Subdomains Collector (Bing / Yahoo / ..) 2016-05-14 10:50:53 -05:00
Brent Cook 2e3e4f0069
Land #6296, Added a multi-platform post module to generate TCP & UDP egress traffic 2016-05-14 00:03:00 -05:00
Brent Cook 3542d907f7 simplify description, move the bulk of documentation to documentation/ 2016-05-14 00:01:51 -05:00
Brent Cook 8ce0365c7f
See rapid7/metasploit-payloads#98, update cached payload sizes 2016-05-13 23:05:34 -05:00
Brent Cook d398419971
Land #6832, Check LHOST value before running shell_to_meterpreter, add docs 2016-05-13 22:50:22 -05:00
h00die 314d73546c additional details, not working on tablet via malicious apk meterpreter 2016-05-13 23:12:44 -04:00
Brent Cook a940481f62
Land #6834, Authorized FTP JCL exploit for z/OS 2016-05-13 21:29:45 -05:00
Brent Cook 5c494480e6 handle failure more gracefully 2016-05-13 21:29:25 -05:00
wchen-r7 3b5db26ff5 Fix #6872, change upload action for CVE-2016-0854 exploit 
This patch includes the following changes:

* Instead of the uploadFile action, this patch uses uploadImageCommon
  to be able to support both Advantech WebAccess builds: 2014 and
  2015.
* It uses an explicit check instead of the passive version check.
* It cleans up the malicious file after getting a session.
* Added module documentation to explain the differences between
  different builds of Advantech WebAccess 8.0s, and 8.1.

Fix #6872
 2016-05-13 19:47:18 -05:00
h00die 5099124f3d module compiles, fails correctly but cant yet verify it works 2016-05-12 22:18:43 -04:00
Bigendian Smalls 2d5cf6cfe4 Authorized FTP JCL exploit for z/OS 
This exploit module allows a user with credentials to execute JCL on a
vulnerable mainframe system running z/OS and an appropriately configured
FTP server.
 2016-05-12 14:46:31 -05:00
Brent Cook a69432abe5 update module class and move to recon from manage 2016-05-12 12:42:04 -05:00
Brent Cook 9f923cdb00 Merge branch 'master' into land-6296-egress 2016-05-12 12:36:47 -05:00
wchen-r7 8f9762a3e5 Fix some comments 2016-05-12 00:19:18 -05:00
wchen-r7 da293081a9 Fix a typo 2016-05-11 22:48:23 -05:00
wchen-r7 9d128cfd9f Add Dell SonicWALL Scrutinizer 11.0.1 MethodDetail SQL Injection 2016-05-11 22:27:18 -05:00
Nicholas Starke 4b23d2dc58 Adjusting exception handling 
This commit adjusts the error handling to close the socket before
calling fail_with and adds specific exceptions to catch
 2016-05-11 17:18:51 -05:00
HD Moore 32e1a19875 Fix up the disclosure date 2016-05-11 00:18:22 -05:00
HD Moore ded79ce1ff Fix CVE syntax 2016-05-10 23:18:45 -05:00
HD Moore 4a5d150716 Fixups to continue supporting Rails 4.2.x 2016-05-10 23:12:48 -05:00
HD Moore 04bb493ccb Small typo fixed 2016-05-10 23:07:51 -05:00
Nicholas Starke 32ae3e881e Adding save_cred and exception handling to module 
This commit adds a save_cred method for saving off the credentials
upon a successful login attempt.  Also, exception handling surrounding
the opening of the telnet socket has been added to avoid any accidental
resource leaking.
 2016-05-10 20:54:44 -05:00
HD Moore 7c6958bbd8 Rework rails_web_console_v2_code_exec to support CVE-2015-3224 2016-05-10 11:08:02 -05:00
wchen-r7 3db72e9b4b
Land #6853, use send_request_cgi! for CVE-2016-0854 exploit 2016-05-09 16:10:04 -05:00
Nicholas Starke 8eb3193941 Adding TP-Link sc2020n Module 
This module exploits a command injection vulnerability in
TP-Link sc2020n network video cameras in order to start the
telnet daemon on a random port.  The module then connects to
the telnet daemon, which returns a root shell on the device.
 2016-05-08 14:02:50 -05:00
Kyle Gray 2a546d191f
Land #6854, smtp header fix 
Fixes an issue with duplicate headers when sending emails.

Fixes MS-1476
 2016-05-06 12:07:12 -05:00
William Vu 2abb062070 Clean up module 2016-05-06 11:51:29 -05:00
David Maloney e4e6246692 Merge branch 'master' of github.com:rapid7/metasploit-framework 2016-05-06 10:55:52 -05:00
Louis Sato 8dc7de5b84
Land #6838, add Rails web-console module 2016-05-05 15:53:52 -05:00
William Vu 1bc2ec9c11 Update vulnerable versions to include 6.x (legacy) 2016-05-05 14:18:42 -05:00
William Vu 26b749ff5a Add default LHOST 
This is a massive workaround and probably shouldn't be done. :-)
 2016-05-05 14:18:42 -05:00
William Vu 5c713d9f75 Set default payload 
Land #6849 for this to be effective.
 2016-05-05 14:18:42 -05:00
William Vu 232cc114de Change placeholder text to something useful 
A la Shellshock. :)
 2016-05-05 14:18:42 -05:00
William Vu f32c7ba569 Add template generation details 2016-05-05 14:18:42 -05:00
William Vu 23a0517a01 Update description 2016-05-05 14:18:42 -05:00
William Vu d7b76c3ab4 Add more references 2016-05-05 14:18:42 -05:00
William Vu 5c04db7a09 Add ImageMagick exploit 2016-05-05 14:18:42 -05:00
Adam Cammack 2e460a87dd
Remove extra assignment 2016-05-05 11:24:19 -05:00
David Maloney 891a788ad4
Land #6849, mknod to mkfifo 
lands wvu's pr to switch from mknod to
mkfifo for netcat payloads
 2016-05-05 10:34:41 -05:00
Vex Woo 35a780c6a8 fix send_request_cgi redirection issues #6806 2016-05-05 09:55:32 -05:00
Christian Mehlmauer 9357a30725
remove duplicate key 2016-05-04 22:15:33 +02:00
William Vu 74e5772bbf Replace mknod with mkfifo for portability 
Works on BSD and OS X now. This has been bugging me for a while.
 2016-05-04 02:32:37 -05:00
HD Moore 779a7c0f68 Switch to the default rails server port 2016-05-03 02:06:58 -05:00
HD Moore 8b04eaaa60 Clean up various whitespace 2016-05-03 02:06:37 -05:00
wchen-r7 68ad9b0b53
Land #6835, support Windows and Java platforms for struts_dmi_exec 2016-05-02 15:04:42 -05:00
wchen-r7 df44dc9c1c Deprecate exploits/linux/http/struts_dmi_exec 
Please use exploits/multi/http/struts_dmi_exec, which supports
Windows and Java targets.
 2016-05-02 15:03:25 -05:00
Brian Patterson be363411de
Land #6317, Add delay(with jitter) option to auxiliary scanner and portscan modules 2016-05-02 13:09:40 -05:00
HD Moore 3300bcc5cb Make msftidy happier 2016-05-02 02:33:06 -05:00
HD Moore 67c9f6a1cf Add rails_web_console_v2_code_exec, abuse of a debug feature 2016-05-02 02:31:14 -05:00
join-us 6a00f2fc5a mv exploits/linux/http/struts_dmi_exec.rb to exploits/multi/http/struts_dmi_exec.rb 2016-05-01 00:00:29 +08:00
join-us ec66410fab add java_stager / windows_stager | exploit with only one http request 2016-04-30 23:56:56 +08:00
wchen-r7 73ac6e6fef
Land #6831, Add CVE-2016-3081 Apache struts s2_032 DMI Code Exec 2016-04-29 11:53:47 -05:00
wchen-r7 d6a6577c5c Default payload to linux/x86/meterpreter/reverse_tcp_uuid 
Default to linux/x86/meterpreter/reverse_tcp_uuid for now because
of issue #6833
 2016-04-29 11:52:50 -05:00
join-us 288975a9ce rm modules/exploits/multi/http/struts_dmi_exec.rb 2016-04-30 00:44:31 +08:00
Security Corporation 9d279d2a74 Merge pull request #15 from wchen-r7/pr6831 
Changes for Apache struts from @wchen-r7
 2016-04-30 00:37:53 +08:00
join-us 15ffae4ae8 rename module name 2016-04-30 00:17:26 +08:00
join-us 1d95a8a76d rename struts_code_exec_dynamic_method_invocation.rb to struts_dmi_exec.rb 2016-04-30 00:13:34 +08:00
wchen-r7 97061c1b90 Update struts_dmi_exec.rb 2016-04-29 11:13:25 -05:00
join-us 9e56bb8358 send http request (get -> post) 2016-04-30 00:08:00 +08:00
wchen-r7 e9535dbc5b Address all @FireFart's feedback 2016-04-29 11:03:15 -05:00
wchen-r7 6f6558923b Rename module as struts_dmi_exec.rb 2016-04-29 10:34:48 -05:00
wchen-r7 2f66442f1d Fix #5191, bad LHOST format causes shell_to_meterpreter to backtrace 
When using shell_to_meterpreter via a pivot, the LHOST input's format
might be invalid. This is kind of a design limitation, so first we
check the input, and there is a module doc to go with it to explain
a workaround.

Fix #5191
 2016-04-28 23:03:54 -05:00
join-us 643591546e struts s2_032 rce - linux_stager 2016-04-29 10:49:56 +08:00
wchen-r7 2a91a876ff Update php/meterpreter_reverse_tcp size 2016-04-27 16:14:38 -05:00
William Vu c16a02638c Add Oracle Application Testing Suite exploit 2016-04-26 15:41:27 -05:00
William Vu 0cb555f28d Fix typo 2016-04-26 15:26:22 -05:00
Adam Cammack f28d280199
Land #6814, move stdapi to exist? 2016-04-24 13:41:11 -04:00
Brent Cook 194a84c793 Modify stdapi so it also uses exist? over exists? for ruby parity 
Also add an alias for backward compatibility.
 2016-04-23 17:31:22 -04:00
Brent Cook 9a873a7eb5 more style fixes 2016-04-23 12:18:28 -04:00
Brent Cook d86174c3bf style fixes 2016-04-23 12:18:28 -04:00
Brent Cook 4250725b13 fix incorrect hex port conversion 2016-04-23 12:18:28 -04:00
Brent Cook 7ff5a5fd7e switch mainframe payloads to fixed size 2016-04-23 11:40:05 -04:00
join-us 81af4d2675 Fix: merge error 2016-04-23 23:19:08 +08:00
join-us 1d99d08ac8 rebuild 2016-04-23 23:15:19 +08:00
join-us de9ac28db1 class Metasploit4 -> class MetasploitModule 2016-04-23 23:03:48 +08:00
join-us e2fcfc8d09 fix index / space 2016-04-23 23:02:41 +08:00
join-us fca4d53a6f add yahoo_search / bing_search exception handler 2016-04-23 22:58:39 +08:00
join-us d9633078ec merge yahoo_search_domain[ip] / bing_search_domain[ip] 2016-04-23 22:45:47 +08:00
join-us 66c0832f27 add Rex::Socket.getaddresses exception handler 2016-04-23 20:09:12 +08:00
join-us b47b83dfaa add results.nil? / results.empty? check 2016-04-23 19:47:33 +08:00