infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
42,965 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

1912 Commits (9309115627f0f5c0bc54a1bc9d352aba20d8788c)

Author SHA1 Message Date
Brent Cook 345407b0a4 Rex::Encoder::XDR conflicts with the XDR gem 2017-07-12 11:52:10 -05:00
William Webb 6349026134
Land #8442, Exploit module for Backup Exec Windows Agent UaF 2017-06-28 10:39:28 -05:00
HD Moore 66f06cd4e3 Fix small typos in comments 2017-05-28 14:40:33 -05:00
HD Moore 8caaba01f1 Add share enumeration methods to the SMB mixin 2017-05-26 17:01:18 -05:00
HD Moore 18a871d6a4 Delete the .so, add PID bruteforce option, cleanup 2017-05-25 16:03:14 -05:00
Matthew Daley 52363aec13 Add module for CVE-2017-8895, UAF in Backup Exec Windows agent 
This module exploits a use-after-free vulnerability in the handling of
SSL NDMP connections in Veritas/Symantec Backup Exec's Remote Agent for
Windows. When SSL is re-established on a NDMP connection that previously
has had SSL established, the BIO struct for the connection's previous
SSL session is reused, even though it has previously been freed.

Successful exploitation will give remote code execution as the user of
the Backup Exec Remote Agent for Windows service, almost always
NT AUTHORITY\SYSTEM.
 2017-05-24 00:18:20 +12:00
Renato Piccoli 29d1022ae2 Fix the rake spec failures under ruby 2.4. 
Ths typo3_spec is giving some errors under ruby 2.4+
and OpenSSL 1.1+.
 2017-05-21 21:56:04 +02:00
James Lee 4def7ce6cc
Land #8327, Simplify storing credentials 2017-05-18 16:49:01 -05:00
wchen-r7 58d65ce4b5 Land #8380, check for command injection in smtp email addresses 
aborts
 2017-05-16 15:36:22 -05:00
Brent Cook e7be0af72e update bad mail checks 2017-05-14 22:13:31 -05:00
Brent Cook 8ac5d2d377 tidy up a bit while we're in here 2017-05-14 21:27:38 -05:00
Brent Cook 544ea6926c
trim leading and trailing whitespace in mail addresses 2017-05-14 11:22:46 -05:00
RageLtMan cf29a512d0 Upstream Msf namespace PSH decompressor & decoder 
Present convenience interfaces in Msf::Exploit::Powershell ns for
decoding and decompressing PSH strings built with Rex::Powershell
or compatible implementations.
 2017-05-10 22:44:56 -04:00
Jeffrey Martin 63b6ab5355
simplify valid credential storage 2017-05-04 22:51:40 -05:00
Brent Cook 288cb6536d fix #8305, escape unadorned periods in the front of SMTP payloads 2017-04-26 16:05:46 -05:00
Christian Mehlmauer 3c260ea452
fix #7921, HttpTrace and chunked encoding 2017-04-05 22:58:11 +02:00
William Vu 1a96fb03ae Allow start_service to specify a resource 
This overrides URIPATH and random_uri if opts['Path'] is specified.
 2017-03-09 02:33:02 -06:00
William Vu 1a0b342e68 Add srvport to HttpServer 
This allows URIPORT to override SRVPORT.
 2017-03-09 02:24:22 -06:00
wchen-r7 f27ef55391
Land #7992, Improve Signature Evasions for browser exploits 2017-02-23 16:32:49 -06:00
Jeff Tang e3f613ecc6 Bypass: Metasploit OS detection 
SEP is triggering on HTTP POSTs which start with `os_name`
 2017-02-23 15:42:04 -05:00
Jeff Tang 84ab3c66cc Use obfuscated JS in BES 2017-02-22 12:47:36 -05:00
William Vu b06895b604 Hide RPORT more intelligently 2017-02-08 09:40:42 -06:00
William Vu 31f93de150 Update HttpClient and WordPress mixins 2017-02-06 04:40:26 -06:00
James Lee 3c7f78167a
Push up the preamble and modernize style 2017-02-02 17:57:03 -06:00
Pearce Barry 9b16cdf602
Land #7845, Fix Msf::Exploit::EXE shellcode/template mismatch 2017-01-22 16:09:41 -06:00
Brent Cook 836da6177f Cipher::Cipher is deprecated 2017-01-22 10:20:03 -06:00
Brent Cook f69b4a330e handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations 2017-01-22 10:20:03 -06:00
William Vu d8da7c6d43 Fix Msf::Exploit::EXE shellcode/template mismatch 
Initialize EXE options unless code is supplied with platform/arch.
 2017-01-19 00:07:35 -06:00
David Maloney 38a4c2aa97 fix autotargeting failure 
the fallback to the original default was failing because
it was assuming rhost was already set, so it would always
go back to the first default target. now the auto_target? method
only returns true if can pull an auto_target_host
 2017-01-10 14:12:28 -06:00
David Maloney 8c395338af
Land #7743, wchen's digest auth nonce fix 
land sinn3r's pr for fixing the Digest Auth nonce
 2017-01-09 14:16:09 -06:00
David Maloney 2108913e77
target_host method had a name collision 
this method appears to have been accidentaly overriding another
method causing sessions to never finish being established
 2017-01-06 12:44:37 -06:00
wchen-r7 180795f209 Fix #7743, nil @cnonce in rex/proto/http/client.rb 
Fix #7743
 2017-01-04 11:50:31 -06:00
David Maloney 5fd531028c ome minor guards and spec fixes 
some minor conditional guards and spec fixes
 2017-01-03 14:38:51 -06:00
David Maloney 2d5158403b add YARD docs to auto target methods 
added YARD docs

MS-2325
 2017-01-03 14:38:51 -06:00
David Maloney 3d2957dff1 tying it all together 
insert our autotarget routine into
the main target selection process

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 44830dfc54 prefer authour's target over ours 
if the module authour added an automatic target
we skip our routine, to let the module's own automatic targeting
take over as it likely be better

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 1afc57da40 determine most precise filter 
drop back to our most precise level of filtering

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 201b65e43d remaining os filtering 
now can filter by os name and service pack
need to do final logic to turn that into an actual
target selection

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 05ac2ee6ed convert first stage to os_family 
added the new os-family column to Host
so now we use that as our first stage filter
for targets

MS-2325
 2017-01-03 14:38:49 -06:00
David Maloney 95d5c7a778 filtering by os_name 
targets now filtered by OS name, but a little
more processing may be needed on this part because
it looks like what you'd expect in os_flavor gets jammed
into name instead

MS-2325
 2017-01-03 14:38:49 -06:00
David Maloney 84d5e42e4f start gearing up for testing 
start getting auto-targeting test framework in place
so we can have unit tests for this behaviour

MS-2325
 2017-01-03 14:38:45 -06:00
William Vu 0321000ea7 Update Http mixin for opts[:ssl] 
1. Add opts[:ssl]
2. Remove opts[:busybox]
3. Refactor logic
4. Remove resource_uri
 2016-12-30 00:56:02 -06:00
William Vu 34d358b8d7 Update CmdStager with new toys 2016-12-30 00:56:02 -06:00
William Vu 58dd59fad5 Add Http mixin for CmdStager 2016-12-30 00:56:02 -06:00
Adam Cammack 62d8cc7b21
Handle some error conditions with SMTP delivery 2016-12-16 16:06:02 -06:00
Adam Cammack 47df88a5cc
Make SMTP delivery work with a range of server SSL 2016-12-15 16:57:08 -06:00
Tim 78480e31e7
remove AutoLoadAndroid 2016-11-30 21:23:14 +08:00
Jin Qian 9f4784354a Disconnect after making the HTTP transaction in send_request_cgi 
Add a disconnect call after cgi is done.
 2016-11-23 11:20:10 -06:00
Brent Cook f313389be4 Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch 2016-11-20 19:08:56 -06:00
Brent Cook f08a7ac10b modernize default smtp_deliver TLS options 2016-11-01 05:42:05 -05:00