infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
36,031 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

1173 Commits (9f4f478d2ddc021fcc1a810bee7f42030a243566)

Author SHA1 Message Date
Roberto Soares 0ba03f7a06 Fix words. 2015-09-09 21:27:57 -03:00
Roberto Soares bc3f5b43ab Removerd WordPress mixin. 2015-09-09 21:26:15 -03:00
Roberto Soares 4e31dd4e9f Add curesec team as vuln discovery. 2015-09-09 21:13:51 -03:00
Roberto Soares 6336301df3 Add Nibbleblog File Upload Vulnerability 2015-09-09 21:05:36 -03:00
Roberto Soares d3aa61d6a0 Move bolt_file_upload.rb to exploits/multi/http 2015-09-09 13:41:44 -03:00
JT 31a8907385 Update simple_backdoors_exec.rb 2015-09-09 08:30:21 +08:00
JT 4e23bba14c Update simple_backdoors_exec.rb 
removing the parenthesis for the if statements
 2015-09-08 15:47:38 +08:00
JT 002aada59d Update simple_backdoors_exec.rb 
changed shell to res
 2015-09-08 14:54:26 +08:00
JT 467f9a8353 Update simple_backdoors_exec.rb 2015-09-08 14:45:54 +08:00
JT 37c28ddefb Update simple_backdoors_exec.rb 
Updated the description
 2015-09-08 13:42:12 +08:00
JT 0f8123ee23 Simple Backdoor Shell Remote Code Execution 2015-09-08 13:08:47 +08:00
James Lee b2c401696b
Add certutil support. 
Tested while landing #5736
 2015-09-03 14:24:37 -05:00
James Lee 1e6a1f6d05 Revert "Fix spec like I shoulda done before landing #5736" 
This reverts commit 956c8e550d.

Conflicts:
	spec/lib/rex/exploitation/cmdstager/certutil_spec.rb
 2015-09-03 14:18:55 -05:00
James Lee b4547711f3
Add certutil support. 
Tested while landing #5736
 2015-09-03 13:27:10 -05:00
HD Moore cd65478d29
Land #5826, swap ExitFunction -> EXITFUNC 2015-09-01 13:58:12 -05:00
Christian Mehlmauer 3e613dc333
change exitfunc to thread 2015-09-01 10:43:45 +02:00
Christian Mehlmauer 648c034d17
change exitfunc to thread 2015-09-01 10:42:15 +02:00
Brent Cook d670a62000
Land #5822, migrate obsolete payload compatibility options 2015-08-31 15:20:20 -05:00
Christian Mehlmauer 80a22412d9 use EXITFUNC instead of ExitFunction 2015-08-13 21:22:32 +02:00
William Vu c94a185610
Land #5697, Werkzeug debug RCE 2015-08-13 13:32:27 -05:00
William Vu d54ee19ce9 Clean up module 2015-08-13 13:32:22 -05:00
jvazquez-r7 203c231b74
Fix #5659: Update CMD exploits payload compatibility options 2015-08-10 17:12:59 -05:00
h00die eab9b3bf5b interpolation fix on secret 2015-08-01 14:39:12 -04:00
h00die ceb49a51a6 thanks @espreto for help 2015-08-01 11:11:37 -04:00
h00die 4561241609 updates per @jvazquez-r7 comments 2015-07-24 20:34:40 -04:00
jvazquez-r7 2c9183fa56
Return check code 2015-07-24 16:14:43 -05:00
jvazquez-r7 a163606513
Delete unused SLEEP option 2015-07-24 15:29:56 -05:00
jvazquez-r7 1b1ac09d2a Merge to solve conflicts 2015-07-24 15:24:29 -05:00
Tod Beardsley cadb03bac0
Fix my own blasted typo, ty @wvu-r7 2015-07-20 17:14:34 -05:00
Tod Beardsley f7c11d0852
More cleanups 
Edited modules/exploits/multi/browser/adobe_flash_hacking_team_uaf.rb
first landed in #5678, adobe_flash_hacking_team_uaf.rb

Edited
modules/exploits/multi/browser/adobe_flash_opaque_background_uaf.rb
first landed in #5698, Adobe Flash CVE-2015-5122 opaqueBackground

Edited modules/exploits/multi/http/sysaid_auth_file_upload.rb first
landed in #5471, @pedrib's module for SysAid CVE-2015-2994

Edited modules/exploits/multi/http/sysaid_rdslogs_file_upload.rb first
landed in #5473 Correct spelling of sysaid module
 2015-07-20 16:29:49 -05:00
Tod Beardsley ab6204ca2e
Correct spelling of sysaid module 
First landed in #5473.
 2015-07-20 16:21:50 -05:00
Pedro Ribeiro 3fe165a265 Remove whitespace at the end 2015-07-18 20:18:34 +01:00
Pedro Ribeiro 70a2247941 Pick target is not needed... 2015-07-18 20:12:49 +01:00
Pedro Ribeiro 7483e77bba Fix Linux target by trying again if exploit fails 2015-07-18 20:12:13 +01:00
jvazquez-r7 4e6b00fe31
Land #5473, @pedrib's exploit for Sysaid CVE-2015-2994 
* sysaid rdslogs arbitrary file upload
 2015-07-17 12:10:40 -05:00
jvazquez-r7 00adbd7f64 Fix quotes 2015-07-17 12:09:54 -05:00
jvazquez-r7 57c4a3387b
Fix paths for windows and cleanup 2015-07-17 12:09:18 -05:00
jvazquez-r7 46ffb97c1c
Land #5471, @pedrib's module for SysAid CVE-2015-2994 
* sysaid arbitrary file upload
 2015-07-17 11:27:22 -05:00
jvazquez-r7 309a86ec57
Do code cleanup 2015-07-17 11:26:54 -05:00
h00die 57f62ffa76 changed URI to TARGETURI as per comments 2015-07-13 20:18:45 -04:00
h00die 8819674522 updated per feedback from PR 2015-07-11 21:03:02 -04:00
h00die bff92f2304 Initial add 2015-07-10 21:13:12 -04:00
h00die 1d50bda609 initial add of blank file 2015-06-27 21:38:25 -04:00
jvazquez-r7 a10fa02b00
Land #5606, @wchen-r7's glassfish fixes 2015-06-26 14:12:50 -05:00
wchen-r7 3b5e2a0c6e Use TARGETURI 2015-06-26 14:02:17 -05:00
wchen-r7 b46e1be22f
Land #5371, Add file checking to the on_new_session cleanup 2015-06-26 13:33:57 -05:00
wchen-r7 c70e38a14e Do more reporting 2015-06-25 22:39:56 -05:00
wchen-r7 5ef4cc2bb4 Save creds 2015-06-25 17:10:20 -05:00
wchen-r7 1a371b11b0 Update description 2015-06-25 17:04:31 -05:00
wchen-r7 c330d10403 Make SSL as a basic option 
Also:

Fix #5558
 2015-06-25 02:06:51 -05:00
wchen-r7 5c98da05fb This works for Glassfish 4.0 & 9.1 2015-06-25 01:58:24 -05:00
wchen-r7 c826785ebb Fix auth bypass 2015-06-24 19:49:04 -05:00
wchen-r7 8e4fa80728 This looks good so far 2015-06-24 19:30:02 -05:00
wchen-r7 380af29482 Progress? 2015-06-24 14:17:45 -05:00
wchen-r7 6046994138 version does not return nil 2015-06-23 10:31:01 -05:00
Pedro Ribeiro ea49fd2fdc Update sysaid_rdslogs_fle_upload.rb 2015-06-20 16:59:28 +01:00
Pedro Ribeiro 3181d76e63 Update sysaid_auth_file_upload.rb 2015-06-20 16:53:33 +01:00
William Vu b994801172 Revert auto tab replacement 2015-06-19 11:22:40 -05:00
g0tmi1k ce9481d2b7 Inconstancy - If datastore['VERBOSE'] vs vprint 2015-06-18 09:27:01 +01:00
Pedro Ribeiro d5b33a0074 Update sysaid_rdslogs_fle_upload.rb 2015-06-03 22:01:13 +01:00
Pedro Ribeiro 37827be10f Update sysaid_auth_file_upload.rb 2015-06-03 22:00:44 +01:00
Pedro Ribeiro 62993c35d3 Create sysaid_rdslogs_fle_upload.rb 2015-06-03 21:45:14 +01:00
Pedro Ribeiro 193b7bcd2e Create sysaid_auth_file_upload.rb 2015-06-03 21:44:02 +01:00
jvazquez-r7 0fb21af247
Verify deletion at on_new_session moment 2015-05-11 18:56:18 -05:00
William Vu 71518ef613
Land #5303, metasploit-payloads Java binaries 2015-05-07 22:39:54 -05:00
William Vu 2f2169af90 Use single quotes consistently 2015-05-07 22:39:36 -05:00
Brent Cook a066105a86 prefer reading directly with MetasploitPayloads where possible 2015-05-07 16:59:02 -05:00
William Vu b8c7161819 Fix up NameError'd payload_exe 2015-05-06 11:34:05 -05:00
Brent Cook a0c806c213 Update java meterpreter and payload references to use metasploit-payloads 2015-05-05 15:01:00 -05:00
jvazquez-r7 a531ad9ec2
Land #5096, @pedrib's exploit for Novell ZCM CVE-2015-0779 2015-05-01 14:35:28 -05:00
jvazquez-r7 0ff33572a7
Fix waiting loop 2015-05-01 14:34:43 -05:00
jvazquez-r7 645f239d94
Change module filename 2015-05-01 14:18:34 -05:00
jvazquez-r7 11a3f59b0b
Return false if there isn't a positive answer 2015-05-01 14:06:57 -05:00
jvazquez-r7 093c2e3ace
Do minor style cleanup 2015-05-01 13:56:48 -05:00
jvazquez-r7 d38adef5cc
Make TOMCAT_PATH optional 2015-05-01 13:54:39 -05:00
jvazquez-r7 d2a7d83f71
Avoid long sleep times 2015-05-01 13:51:52 -05:00
jvazquez-r7 8fcf0c558d
Use single quotes 2015-05-01 13:20:27 -05:00
jvazquez-r7 4224008709
Delete print_debug/vprint_debug 2015-04-21 11:14:03 -05:00
wchen-r7 4f903a604c Fix #5103, Revert unwanted URI encoding 
Fix #5103. By default, Httpclient will encode the URI but
we don't necessarily want that. These modules originally
didn't use URI encoding when they were written so we should
just keep them that way.
 2015-04-17 13:59:49 -05:00
Christian Mehlmauer 352e170624
more failure reasons 2015-04-16 22:04:11 +02:00
Christian Mehlmauer 8c5890d506
more fixes 2015-04-16 21:56:42 +02:00
Christian Mehlmauer ba6548db75
be consistent about naming 2015-04-16 21:44:56 +02:00
Christian Mehlmauer 4dc402fd3c
moar fail_with's 2015-04-16 21:16:52 +02:00
Jon Cave c6f062d49e Ensure that local variable `upload_path` is defined 
Merge `upload_payload` and `parse_upload_response` so that the
`upload_path` variable is defined for use in error messages in the event
of failure.
 2015-04-10 10:58:20 +01:00
Pedro Ribeiro 4808d61af3 Add OSVDB id and full disclosure URL 2015-04-09 16:32:22 +01:00
Pedro Ribeiro cf8b92b747 Create zcm_file_upload.rb 2015-04-07 16:05:51 +01:00
William Vu e1af495d21 Add extra release fixes 2015-04-06 13:08:40 -05:00
Tod Beardsley 1e6d895975
Description fixes on #4784, jboss exploit 
Also, needed to run through msftidy.

[See #4784]
 2015-04-06 12:34:49 -05:00
William Vu 56dc7afea6
Land #5068, @todb-r7's module author cleanup 2015-04-03 16:00:36 -05:00
scriptjunkie 0f7c644fff
Land #4784, JBoss Seam 2 upload exec exploit 2015-04-02 22:32:35 -05:00
Tod Beardsley 4bbec88882
Various other one-off nonhuman author credits 
[See #5012]
 2015-04-02 15:25:47 -05:00
Tod Beardsley 6532fad579
Remove credits to Alligator Security Team 
All but one of these modules credits both a team name and individual
team members. We should just be crediting team members. The domain
persists in all the other credits.

The one that didn't was credited to dflah_ specifically, so merely
changed the author name.

Longer description, if needed, wrapped at 72 characters.

[See #5012]
 2015-04-02 15:12:22 -05:00
g0tmi1k 127d07342e Remove trailing space 2015-03-20 01:36:56 +00:00
g0tmi1k 7426e72317 Grammar - traq_plugin_exec 2015-03-20 01:31:01 +00:00
g0tmi1k 5709d49aae Clean up traq_plugin_exec 2015-03-20 01:19:46 +00:00
jvazquez-r7 b6146b1499 Use print_warning 2015-03-12 17:22:03 -05:00
Julian Vilas fe822f8d33 Modify automatic file cleanup 2015-03-10 00:45:20 +01:00
Julian Vilas 0ef303cb6c Fix Java payload 2015-03-10 00:01:27 +01:00
Julian Vilas 2eb0011a99 Autotrigger JSP shell at docBase 2015-03-07 20:41:08 +01:00
Julian Vilas 3be2bde5a2 Use bypass for bulletin S2-020 2015-03-07 19:14:20 +01:00