infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
37,792 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

19753 Commits (940a3c1dedbb91e5a8c251f77d435f8dbdc1d75d)

Author SHA1 Message Date
wchen-r7 7b2d717280 Change ranking to manual and restore BAP2 count to 21 
Since the exploit requires the target to be configured manually,
it feel more appropriate to be ManualRanking.
 2016-03-17 14:39:28 -05:00
James Lee 1375600780
Land #6644, datastore validation on assignment 2016-03-17 11:16:12 -05:00
Brent Cook e9f87d2883
Land #6685, ensure platform variable is set for non-osx 2016-03-17 08:25:42 -05:00
James Lee 9e7a330ac8
OptInt -> OptPort 2016-03-16 15:47:29 -05:00
James Lee af642379e6
Fix some OptInts 2016-03-16 14:13:18 -05:00
James Lee c21bad78e8
Fix some more String defaults 2016-03-16 14:13:18 -05:00
Spencer McIntyre 4e3a188f75
Land #6401, EasyCafe server file retrieval module 2016-03-16 13:24:54 -04:00
Spencer McIntyre 9ac4ec4bfc Update the class name to MetasploitModule 2016-03-16 13:22:06 -04:00
Spencer McIntyre 53f1338ad0 Update module to remove references to print peer 2016-03-16 13:10:39 -04:00
Brent Cook 1769bad762 fix FORCE logic 2016-03-16 09:53:09 -05:00
Brent Cook d70308f76e undo logic changes in adobe_flas_otf_font 2016-03-16 09:52:21 -05:00
Tim f83cb4ee32 fix set_wallpaper 2016-03-16 13:07:41 +00:00
Adam Cammack 05f585157d
Land #6646, add SSL SNI and unify SSLVersion opts 2016-03-15 16:35:22 -05:00
l0gan e29fc5987f Add missing stream.raw for hp_sitescope_dns_tool 
This adds the missing stream.raw.
 2016-03-15 11:06:06 -05:00
wchen-r7 38153d227c Move apache_karaf_command_execution to the SSH directory 
apache_karaf_command_execution does not gather data, therefore
it is not suitable to be in the gather directory.
 2016-03-14 00:32:59 -05:00
William Vu 6323f7f872 Fix a couple overlooked issues 2016-03-13 23:35:05 -05:00
Brent Cook df0ff30468
Land #6642, make ipv6_neighbor_router_advertisement discovery smarter 2016-03-13 16:53:11 -05:00
Brent Cook 635e31961a generate valid prefixes 2016-03-13 16:44:57 -05:00
Brent Cook cd84ac37d6
Land #6569, check if USERNAME env var exists before using in enum_chrome post module 2016-03-13 15:12:51 -05:00
Brent Cook a50b21238e
Land #6669, remove debug code from apache_roller_ognl_injection that breaks Windows 2016-03-13 14:14:10 -05:00
Brent Cook 23eeb76294
update php_utility_belt_rce to use MetasploitModule 2016-03-13 13:59:47 -05:00
Brent Cook a6316d326e
Land #6662, update disclosure date for php_utility_belt_rce 2016-03-13 13:58:04 -05:00
Brent Cook c89e53d0a3
Land #6666, fix filezilla_server display bug showing the session ID 2016-03-13 13:56:44 -05:00
Brent Cook dabe5c8465
Land #6655, use MetasploitModule as module class name 2016-03-13 13:48:31 -05:00
wchen-r7 b22a057165 Fix #6554, hardcoded File.open path in apache_roller_ognl_injection 
The hardcoded File.open path was meant for debugging purposes during
development, but apparently we forgot to remove it. This line causes
the exploit to be unusable on Windows platform.

Fix #6554
 2016-03-11 18:48:17 -06:00
wchen-r7 51cdb57d42 Fix #6569, Add a check for USERNAME env var in enum_chrome post mod 
Fix #6569

Depending on the context, the USERNAME environment variable might
not always be there.
 2016-03-11 15:36:44 -06:00
James Lee 8217d55e25
Fix display issue when SESSION is -1 2016-03-11 11:37:22 -06:00
Jay Turla 8953952a8f correction for the DisclosureDate based on Exploit-DB 2016-03-11 14:05:26 +08:00
James Barnett 7009682100
Landing #6659, Fix bug in MS08-067 related to incorrect service pack identification when fingerprinting 2016-03-10 14:29:29 -06:00
William Vu 8d22358892
Land #6624, PHP Utility Belt exploit 2016-03-09 14:12:45 -06:00
William Vu 52d12b68ae Clean up module 2016-03-09 14:08:26 -06:00
wchen-r7 179d38b914 Fix #6658, MS08-067 unable to find the right target for W2k3SP0 
Fix #6658.

When there is no service pack, the
Msf::Exploit::Remote::SMB#smb_fingerprint_windows_sp method returns
an empty string. But in the MS08-067 exploit, instead of check an
empty string, it checks for "No Service Pack", which causes it to
never detect the right target for Windows Server 2003 SP0.
 2016-03-09 11:05:34 -06:00
Fakhri Zulkifli 45c7e4b6ae Update ipv6_neighbor_router_advertisement.rb 2016-03-09 11:21:24 +08:00
Fakhri Zulkifli e417909111 Update ipv6_neighbor_router_advertisement.rb 2016-03-09 11:21:07 +08:00
Christian Mehlmauer 3123175ac7
use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
wchen-r7 c2f99b559c Add documentation for auxiliary/scanner/http/tomcat_enum 
Also fix a typo in normalizer
 2016-03-07 15:39:15 -06:00
Brent Cook f703fa21d6 Revert "change Metasploit3 class names" 
This reverts commit 666ae14259.
 2016-03-07 13:19:55 -06:00
Brent Cook 44990e9721 Revert "change Metasploit4 class names" 
This reverts commit 3da9535e22.
 2016-03-07 13:19:48 -06:00
Brent Cook 0e46cc0259 Revert "change remaining class names" 
This reverts commit 62217fff2b.
 2016-03-07 13:19:42 -06:00
Brent Cook aa5b201427 Revert "revert ssl_login_pubkey for now" 
This reverts commit 7d773b65b6.
 2016-03-07 13:19:33 -06:00
Christian Mehlmauer 7d773b65b6
revert ssl_login_pubkey for now 2016-03-07 14:44:23 +01:00
Christian Mehlmauer 62217fff2b
change remaining class names 2016-03-07 09:58:21 +01:00
Christian Mehlmauer 3da9535e22
change Metasploit4 class names 2016-03-07 09:57:22 +01:00
Christian Mehlmauer 666ae14259
change Metasploit3 class names 2016-03-07 09:56:58 +01:00
Brent Cook bb36cd016e Fix #6643, Pcap.lookupaddrs does not exist 2016-03-06 22:15:39 -06:00
Brent Cook eea8fa86dc unify the SSLVersion fields between modules and mixins 
Also actually handle the 'Auto' option that we had in the crawler and remove
hardcoded defaults in modules that do not need them.
 2016-03-06 22:06:27 -06:00
Brent Cook a2c3b05416
Land #6405, prefer default module base class of simply 'Metasploit' 2016-03-06 17:10:55 -06:00
Brent Cook 8faae94338
Land #6592, make linux/x86/shell_reverse_tcp's shell path configurable and remove shell_reverse_tcp2 2016-03-06 15:33:53 -06:00
Brent Cook 66c697d2e4
Land #6602, update author info for dahua_dvr_auth_bypass 2016-03-06 15:13:01 -06:00
Brent Cook 4711191def remove non-specific URL 2016-03-06 15:12:25 -06:00
Brent Cook a1190f4344
Land #6598, add post module for setting wallpaper 2016-03-06 15:00:10 -06:00
Brent Cook 86845222ef add meterpreter platform workaround 2016-03-06 14:51:34 -06:00
Brent Cook c7c0e12bb3 remove various module hacks for the datastore defaults not preserving types 2016-03-05 23:11:39 -06:00
Meatballs c7f9fbcdfa Change to enable/disable 2016-03-06 04:31:24 +00:00
Meatballs 6b510005da Reverse os checks 2016-03-06 04:31:23 +00:00
Meatballs 0e52fda708 Initial tidy 2016-03-06 04:31:23 +00:00
Fakhri Zulkifli b1e9f44ca2 IPv6 Neighbor Advertisement Enhancement 
http://seclists.org/nmap-dev/2011/q2/79

1. Shorten router advertisement payload lifetime.
2. Randomize address prefix.
3. Prevent from getting into default router list.
 2016-03-06 03:23:37 +08:00
William Vu 71b034a566
Land #6627, atutor_sqli regex fix 2016-03-03 16:54:38 -06:00
wchen-r7 ba4e0d304b Do regex \d+ instead 2016-03-03 11:05:16 -06:00
Brent Cook d355b0e8b7
update payload sizes 2016-03-02 13:55:32 -06:00
wchen-r7 22b69c8dee
Land #6588, Add AppLocker Execution Prevention Bypass module 2016-03-01 22:30:23 -06:00
wchen-r7 a798581fa3 Update #get_dotnet_path 2016-03-01 22:25:40 -06:00
net-ninja cda4c6b3b3 Update the regex for the number of students in ATutor 2016-03-01 09:41:17 -06:00
wchen-r7 5d64346a63
Land #6623, Add CVE-2016-2555: ATutor 2.2.1 SQL Injection Exploit Module 2016-02-29 19:33:25 -06:00
Jay Turla 62a611a472 Adding PHP Utility Belt Remote Code Execution 2016-03-01 09:22:25 +08:00
wchen-r7 274b9acb75 rm #push 2016-02-29 18:58:05 -06:00
wchen-r7 f55835cceb Merge new code changes from mr_me 2016-02-29 18:39:52 -06:00
wchen-r7 638d91197e Override print_* to always print the IP and port 2016-02-29 16:18:03 -06:00
wchen-r7 54ede19150 Use FileDropper to cleanup 2016-02-29 16:15:50 -06:00
wchen-r7 727a119e5b Report cred 2016-02-29 16:06:31 -06:00
wchen-r7 4cc690fd8d Let the user specify username/password 2016-02-29 15:45:33 -06:00
wchen-r7 726c1c8d1e There is no http_send_command, so I guess the check should not work 2016-02-29 15:43:47 -06:00
William Vu c5a9d59455
Land #6612, one final missing change 2016-02-29 15:08:42 -06:00
William Vu cb0493e5bb Recreate Msf::Exploit::Remote::Fortinet 
To match the path, even though it's kinda lame including it just for the
monkeypatch.
 2016-02-29 15:04:02 -06:00
net-ninja a3fa57c8f6 Add CVE-2016-2555: ATutor 2.2.1 SQL Injection Exploit Module 2016-02-29 14:59:26 -06:00
Brent Cook 8c2ce9687a
Land #6620, fix typo in jtr_linux 2016-02-29 14:58:58 -06:00
Brent Cook d955c6a8f6 style fixes 2016-02-29 14:06:49 -06:00
William Vu a6a37b3089
Land #6612, missing commits included 2016-02-29 14:06:21 -06:00
wchen-r7 f5ad1286d2 Fix #6615, fix typo "format" 
Fix #6615
 2016-02-29 12:44:25 -06:00
William Vu 300fdc87bb Move Fortinet backdoor to module and library 2016-02-29 12:06:33 -06:00
wchen-r7 2950996cb8
Land #6612, Add aux module for Fortinet backdoor 2016-02-29 12:02:49 -06:00
William Vu 53d703355f Move Fortinet backdoor to module and library 2016-02-29 11:57:42 -06:00
wchen-r7 53ff3051e1
Land #6531, NETGEAR ProSafe Network Management System 300 auth'd File Download 2016-02-26 10:53:16 -06:00
wchen-r7 bc050410a6 Allow max traversal depth as an option, and report cred 2016-02-26 10:52:30 -06:00
wchen-r7 7731fbf48f
Land #6530, NETGEAR ProSafe Network Management System 300 File Upload 2016-02-26 10:39:09 -06:00
Brent Cook 89b0c8a27a
Land #6571, use intent to unlock Android screens, support <= 4.3 2016-02-26 05:55:35 -06:00
wchen-r7 6188da054d Remove // 2016-02-25 22:20:48 -06:00
wchen-r7 051506694f
Land #6574, add Linknat Vos Manager Traversal aux module 2016-02-25 22:02:56 -06:00
wchen-r7 f3cf5a8a41 Resolve merge conflict with upstream-master 
Out of date author field
 2016-02-25 14:49:53 -06:00
wchen-r7 d14ec657e2
Land #6564, Add Apache Karaf Command Execution Module 2016-02-25 14:47:40 -06:00
wchen-r7 1d2ec7a239 Rescue OpenSSL::Cipher::CipherError 
Our current net/ssh library is out of date, so we need to rescue
OpenSSL::Cipher::CipherError.
 2016-02-25 14:46:53 -06:00
wchen-r7 2e268a25da
Land #6596, Apache Karaf Login Utility 2016-02-25 14:39:51 -06:00
wchen-r7 aa7c3f01a8 Update name and description 2016-02-25 14:39:19 -06:00
wchen-r7 7e25c7b87b Handle OpenSSL::Cipher::CipherError 
Our current net/ssh is petty outdated, so it is possible not being
able to connect to certain SSH servers.
 2016-02-25 14:35:37 -06:00
William Vu 7d20e26a35 Move to aux/scanner/ssh 2016-02-25 11:22:50 -06:00
William Vu f52f44cde0 Remove session_setup, since we're not in a shell 
A real shell. A real human bean.
 2016-02-25 11:21:45 -06:00
Tyler Bennett ff3a554b4d added an unless to wrap around the print and report_creds func for nas module to only execute if ftpuser and ftppass is non-blank 2016-02-24 13:53:30 -05:00
Tyler Bennett 16d7b2e6ff cleaned up unless code for nas module and setup ftpuser and ftppass to only if non blank 2016-02-23 17:37:47 -05:00
dmohanty-r7 6aa6280eff
Try USERNAME before DEFAULTCRED 2016-02-23 13:44:44 -06:00
Tyler Bennett 4eabe43273 fixed issues with capturing regex 2016-02-23 12:27:07 -05:00