infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
47,672 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

24452 Commits (8a175f50cd86137d0c77d9f89e86bc489e9adbfa)

Author SHA1 Message Date
William Vu d3b7dffcdc Prefer res.body over res 2018-07-25 01:05:18 -05:00
William Vu bc89d7fe52
Land #10357, CouchDB improvements and docs 2018-07-25 00:54:55 -05:00
Wei Chen 625ea87ea9
Land #10368, PhpMyAdmin Login Scanner Module 2018-07-24 23:25:27 -05:00
Wei Chen 5df5ab30f6 Use store_valid_credential to save good credentials 2018-07-24 23:21:59 -05:00
Shelby Pace efa3a77adc
modified name 2018-07-24 15:00:14 -05:00
Shelby Pace 4f81fcdc87
retn versions in chk_setup, tests to reflect, doc 2018-07-24 14:51:00 -05:00
Shelby Pace 976a3464e1
added phpmyadmin login scanner and aux module 2018-07-24 09:47:01 -05:00
Matthew Kienow dac5780feb
Land #10176, creds data service CRUD operations 2018-07-23 23:36:32 -04:00
Brent Cook 5d7f40d459
Land #10362, Fix reporting in backup_file, add more docs 2018-07-23 18:22:35 -05:00
James Barnett e3da0a6828 Merge branch 'master' into remote_creds_data 2018-07-23 16:39:13 -05:00
Adam Cammack d2ed78570a
Land #10364, Handle nil for shell_reverse_tcp_ipv6 
This makes things like `msfvenom --list-options` or `info` when options
are not set work.
 2018-07-23 14:02:14 -05:00
William Vu 086af80509 Specify address family in shell_reverse_tcp_ipv6 2018-07-23 13:39:40 -05:00
asoto-r7 cb0b90435d
Land #10349, deconflict the method names in mix-ins 2018-07-23 13:38:46 -05:00
h00die 83ae5cb14d fix backup_file.rb and add a few docs 2018-07-22 20:50:22 -04:00
h00die abfed97e03 remove EOL spaces 2018-07-21 11:21:11 -04:00
h00die 8b324c19d8 update couchdb scanner 2018-07-21 11:02:50 -04:00
bwatters-r7 0c906ed8d3
Update cached payload sizes 2018-07-19 17:58:45 -05:00
bwatters-r7 658267849b
deconflict the method names in mix-ins 2018-07-19 17:01:40 -05:00
James Barnett 65d42380d3
Merge branch 'master' into remote_creds_data 2018-07-19 16:25:06 -05:00
Brendan Coles 19239c72c0 Update cmsms_upload_rename_rce check and docs 2018-07-19 18:26:42 +00:00
Wei Chen 28e3f3a5f0
Land #10327, Add CMS Made Simple Upload/Rename Authenticated RCE 2018-07-19 12:18:12 -05:00
Wei Chen c5ac4c791f Make changes based on community feedback 2018-07-19 12:17:02 -05:00
Brent Cook 08290b81c0
Land #10282, Add support for running external modules outside of msfconsole 2018-07-18 17:38:40 -05:00
Brent Cook b90583d07c don't throw an exception in haraka checks if we cannot connect 2018-07-18 17:17:45 -05:00
Adam Cammack 0024cca3bf
Land #10328, Log errors in Python ETERNALBLUE 2018-07-18 14:50:40 -05:00
Tim W 70a1df70a1
Land #9753, Linux BPF sign extension local privesc 2018-07-18 18:44:14 +08:00
Jacob Robles 08e33cad0c
Spelling fix 2018-07-17 20:12:37 -05:00
Jacob Robles 20905d1ca1
Fix syntax error 2018-07-17 18:48:07 -05:00
Jacob Robles a24666a00a
msftidy fixes 2018-07-17 18:28:33 -05:00
William Vu e5efa4faac Make failures consistent 2018-07-17 17:35:52 -05:00
William Vu 96f9e60e84 Swap return for sys.exit(1) 2018-07-17 17:25:38 -05:00
William Vu 09d347ca33 Add missed sys.exit(1) 2018-07-17 16:31:57 -05:00
William Vu e1be94e568 Pass RPORT to sess_port in Impacket 2018-07-17 13:49:38 -05:00
William Vu 0bdaa0e23a Catch connection errors and module.log them 2018-07-17 13:49:34 -05:00
William Vu 5650412cc2
Land #10317, nil fix for enum_dns 2018-07-17 13:03:06 -05:00
Jacob Robles 677b22698d
Land #10273, [clean up] iis_webdav_scstoragepathfromurl 2018-07-17 09:33:32 -05:00
Jacob Robles 1e004769ca
CMS Made Simple Upload/Rename Authenticated RCE 2018-07-17 09:00:39 -05:00
Brendan Coles 6bf184dbcf Update tested versions 2018-07-17 06:24:16 +00:00
William Vu 9a7c34e6e9
Land #10064, Claymore Dual Miner API RCE 2018-07-16 18:02:20 -05:00
Sunny Neo 8e1f68f384
Update ms15_034_http_sys_memory_dump.rb with VHOST 
Added VHOST to cater to targets that require virtual hostname to be defined
 2018-07-16 15:13:23 +08:00
Brendan Coles 7524af35ec Check if IPRANGE was supplied - Fix #10316 2018-07-15 15:38:56 +00:00
Jacob Robles 134417b598
Account for nil 2018-07-14 10:44:09 -05:00
Jacob Robles 6e450973b9
Land #10295, Add QNAP Q'Center change_passwd Command Execution exploit 2018-07-14 10:09:46 -05:00
Jacob Robles 18e65abc54
Fix link 2018-07-14 10:03:01 -05:00
Brendan Coles 9bdec97b2e Fix bpf_sign_extension_priv_esc 2018-07-13 23:01:17 +00:00
Brent Cook 72e5b94eb8
Land #10293, fixup php/base64 and add docs for cmd/unix/reverse_bash 2018-07-13 17:15:22 -05:00
Brendan Coles 4e72dff791
Update module references 2018-07-14 05:03:13 +10:00
Wei Chen b40a146723
Land #10297, Add priv escalation mod for CVE-2018-8897 2018-07-13 10:54:25 -05:00
bwatters-r7 f33d12676f
Added License, make msftidy happy, and include original cve project 
readme document.
 2018-07-13 10:19:41 -05:00
bwatters-r7 4fa2a4775d Update the target check and added cleanup 2018-07-13 09:27:41 -05:00
Wei Chen 9ba0a72ea1 Rename file 2018-07-13 01:11:37 -05:00
Wei Chen e1e8444188 Clean up ruby code for CVE-2018-8897 2018-07-13 01:06:21 -05:00
Brendan Coles a020d48caf Move module documentation to documentation directory 2018-07-13 04:46:25 +00:00
Wei Chen f02c05e530 This one is the same as cve_2018_8897_exe.rb 2018-07-12 22:09:44 -05:00
William Vu c9001699cd
Land #10027, Hadoop unauthed command execution 2018-07-12 21:58:49 -05:00
William Vu 50252c75d6 Clean up module 
With a little rubocop -a.
 2018-07-12 21:58:00 -05:00
William Vu 2f37482535
Land #10278, gitlist_arg_injection fixes 2018-07-12 19:03:52 -05:00
William Vu 9080b38dcc Add Axis camera exploit (VDOO research) 2018-07-12 18:46:49 -05:00
Wei Chen e613b2570a
Land #10299, Add 88 CVEs to various auxiliary and exploit modules 2018-07-12 18:26:07 -05:00
William Vu 88bbc50104 Utilize uniq to make char array more readable 
Hat tip @bcoles.
 2018-07-12 17:59:12 -05:00
bwatters-r7 cfcb77afd0
Rename to please msftidy 2018-07-12 17:41:06 -05:00
William Vu 3546286049 Add missed ARCH_CMD to top-level Arch array 
It's not necessary because of targets, but it's required for printing.
 2018-07-12 17:37:06 -05:00
asoto-r7 1a3a4ef5e4
Revised 88 aux and exploit modules to add CVEs / references 2018-07-12 17:34:52 -05:00
bwatters-r7 156b822401
First stab at cve-2018-8897 2018-07-12 17:31:53 -05:00
Brendan Coles 4b62f41369 Add QNAP Q'Center change_passwd Command Execution exploit 2018-07-12 20:00:17 +00:00
William Vu 3dda19f3c6 Update documentation in cmd/unix/reverse_bash 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=146464
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/215034
 2018-07-12 13:29:33 -05:00
William Vu 1f0535618d Document bareword string deprecation in php/base64 2018-07-12 13:29:33 -05:00
William Vu 378930e5f4 Prefer %w array over quoted array in php/base64 
irb(main):001:0> ["(",")",".","_","c","h","r","e","v","a","l","b","s","6","4","d","o"] == %w{( ) . _ c h r e v a l b s 6 4 d o}
=> true
irb(main):002:0>
 2018-07-12 13:29:33 -05:00
Brendan Coles 904de2dd09
Land #10238, Add ManageEngine Exchange Reporter Plus RCE exploit 2018-07-12 16:07:32 +00:00
Kacper Szurek 486225c2a8
Code review changes 
Use target_uri, split url inside normalize function, replace print with vprint, return CheckCode::Appears
 2018-07-12 14:27:28 +02:00
William Vu acb20e5a29
Land #9780, CouchDB auth bypass and RCE 2018-07-12 03:36:17 -05:00
William Vu a08420e0d0
Land #10286, Docker server version scanner 2018-07-12 03:08:41 -05:00
William Vu cce3b6f369 Clean up module 2018-07-12 02:57:14 -05:00
William Vu f53080ee60 Fix exploit and do final cleanup 2018-07-12 02:13:30 -05:00
William Vu 167745c124 Selectively add RuboCop fixes 2018-07-11 22:49:46 -05:00
William Vu ccc3267166 Correct rubocop -a 
We'll update .rubocop.yml later.
 2018-07-11 22:49:46 -05:00
William Vu ca5e496b8f Run rubocop -a 2018-07-11 21:40:19 -05:00
Agora Security 7d8b9a90d7 Add more reporting 2018-07-11 17:22:48 -04:00
Agora Security 30c43e22d9 Fix typo 2018-07-11 17:04:31 -04:00
Agora Security bb8ac4a7ab Add info & update_info 2018-07-11 16:52:16 -04:00
Shelby Pace 1ded8ffb29
Land #10260, Add phpMyAdmin v4.8.1/4.8.0 LFI RCE 2018-07-11 11:10:52 -05:00
James Barnett c26fcc0af1 Merge branch 'master' into remote_creds_data 2018-07-11 10:27:49 -05:00
Agora Security 1f0045fa03 Improve Description 2018-07-11 01:27:10 -04:00
Agora Security 00f4d3967c Add basic reporting 2018-07-11 00:47:43 -04:00
Agora Security d488b51264 Use peer instead of ip & port 2018-07-11 00:41:55 -04:00
Agora Security 5a89642ddd Simplify the module greatly 2018-07-11 00:15:56 -04:00
Agora Security ffc2f044cc Remove lines that were not required 2018-07-11 00:04:44 -04:00
Agora Security 7b1e7eb085 Minor improvement to description 2018-07-11 00:04:12 -04:00
Agora Security 2b2029b487 Align Hashrockets 2018-07-11 00:03:26 -04:00
Agora Security 9491c63778 Fix several minor details 2018-07-10 23:56:05 -04:00
Agora Security 66c207a124 Remove timeout of 25 seconds 2018-07-10 23:53:13 -04:00
Agora Security 718606c9f2 Add Auxiliary module to enumerate the Docker Server Version 2018-07-10 19:34:49 -04:00
Erin Bleiweiss ef3ea2dd44
Land #10280, Use default CheckCode in ETERNALBLUE 2018-07-10 17:39:42 -05:00
Shelby Pace 10cd6c99d9
Land #10231, Monstra Fileupload Exec 2018-07-10 14:23:15 -05:00
Shelby Pace 07dca243ff
changed grammar, removed redundant code 2018-07-10 14:13:57 -05:00
Brent Cook 1af360d7e0
Land #10108, add IBM QRadar SIEM exploit 2018-07-10 11:52:32 -05:00
Shelby Pace 171fa562a3
added parsing for repos in Gitlist source 2018-07-10 11:32:46 -05:00
William Vu f64c9588e9 Undefine check method and let the base class do it 
Preserve the to-do without rewording - should be enough.
 2018-07-10 11:05:00 -05:00
Adam Cammack 1fddbdb8ef
Specify the `command` option external modules 2018-07-10 10:24:07 -05:00
William Vu 533d87efa4 Return CheckCode::Unsupported in ETERNALBLUE 
Defining a check method in the module overrides it.
 2018-07-09 16:01:24 -05:00