infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
18,829 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

1315 Commits (a7ee95381b29066dd3d3b1e190e0e351a3ad9881)

Author SHA1 Message Date
jvazquez-r7 3c1af8217b Land #2011, @matthiaskaiser's exploit for cve-2013-2460 2013-06-26 14:35:22 -05:00
jvazquez-r7 d25e1ba44e Make fixes proposed by review and clean 2013-06-25 12:58:00 -05:00
jvazquez-r7 b32513b1b8 Fix CVE-2013-2171 with @jlee-r7 feedback 2013-06-25 10:40:55 -05:00
sinn3r 6780566a54 Add CVE-2013-2171: FreeBSD 9 Address Space Manipulation Module 2013-06-24 11:50:21 -05:00
Matthias Kaiser 8a96b7f9f2 added Java7u21 RCE module 
Click2Play bypass doesn't seem to work anymore.
 2013-06-24 02:04:38 -04:00
sinn3r 19a6f310cd Land #1927 - Add common passwords from xato.net 2013-06-07 15:24:09 -05:00
Tod Beardsley dc680e7106 Underscores because the rest are. 2013-06-07 15:16:39 -05:00
Tod Beardsley 0265dd8860 Add common passwords from xato.net 
Mark Burnett publishes lists of top passwords occasionally. This PR adds
the top 500 and top 1024 passwords, as of 2011-06-20, linked from this
blog post:

http://xato.net/passwords/more-top-worst-passwords/

He also does a fair bit of frequency analysis there.

The 1024 list, should probably used instead of the original
unix_password.txt file. unix_password.txt  was added on 2010 from an
unknown source (and since edited occasionally to add known good default
passwords). Pulling those changes into this list probably would be
helpful to guess better.

As far as I can tell, there are no special licensing terms for these
lists.
 2013-06-07 15:10:14 -05:00
jvazquez-r7 7090d4609b Add module for CVE-2013-1488 2013-06-07 13:38:41 -05:00
James Lee 9843dc4cb4 Land #1708, android meterpreter 
Conflicts:
	data/meterpreter/ext_server_stdapi.jar
 2013-05-28 12:19:45 -05:00
sinn3r 81ad280107 Landing #1856 - CVE-2013-0758 Firefox <= 17.0.1 + Flash RCE 
Chained exploit using CVE-2013-0758 and CVE-2013-0757
 2013-05-23 12:21:10 -05:00
Joe Vennix 4d5c4f68cb Initial commit, works on three OSes, but automatic mode fails. 2013-05-15 23:32:02 -05:00
James Lee d53d6370b3 Land #1747, mimikatz meterpreter extension 
[Closes #1747]

See rapid7/meterpreter#9
 2013-04-29 14:45:07 -05:00
James Lee 99f5376606 Binaries for #1747 
See rapid7/meterpeter#9
 2013-04-29 14:44:18 -05:00
sinn3r 1d9a695d2b Landing #1772 - Adds phpMyadmin Preg_Replace module (CVE-2013-3238) 
[Closes #1772]
 2013-04-28 12:17:16 -05:00
James Lee 5900a7c03f Whitespace 2013-04-26 15:24:02 -05:00
James Lee 01d790eb54 Land #1748, fix for java meterp network prefixes 
[Closes #1748]
 2013-04-24 12:27:28 -05:00
James Lee a7effaf9c6 Add bins for #1748 2013-04-24 12:27:05 -05:00
Tod Beardsley 80fb7b85ef Drop msfgui.jar, too. 2013-04-22 16:03:38 -05:00
Tod Beardsley 1112daaff2 Remove msfgui and armitage 
This removes the Armitage and MSFGui components from the Metasploit
distribution. You can track the latest stable releases of these
alternate GUIs here:

MSFGui: http://www.scriptjunkie.us/msfgui/
Armitage: http://www.fastandeasyhacking.com/download
 2013-04-22 15:26:44 -05:00
jvazquez-r7 19f2e72dbb Added module for Java 7u17 sandboxy bypass 2013-04-20 01:43:13 -05:00
timwr 32bd812bdb android meterpreter 2013-04-12 18:57:04 +01:00
James Lee 15e2ceb749 Land #1660, dlink backdoor wordlist 
[Closes #1660][See #1648]
 2013-04-11 23:04:02 -05:00
James Lee 8376531a32 Land #1217, java payload build system refactor 
[Closes #1217]
 2013-04-11 13:10:03 -05:00
James Lee 1d09d7e6e9 Java payload bins 
Compiled with the shiny new maven system
 2013-04-11 13:08:16 -05:00
James Lee ab0535bc41 Bins for new stdapi_fs_file_move command 
See rapid7/meterpreter#6
 2013-04-04 23:39:22 -05:00
James Lee 2d47be425f Latest meterpreter bins 
See rapid7/meterpreter#1 and rapid7/meterpreter#5
 2013-04-04 22:57:13 -05:00
Tod Beardsley bafb50a173 Merge commit for JtR recompile 
Also changes a bunch of file modes to be less permissive.

[Closes #1662]
 2013-03-29 09:05:12 -05:00
sinn3r 7bf87f3546 Merge branch 'mipsbe_elf' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-mipsbe_elf 2013-03-27 11:55:09 -05:00
jvazquez-r7 c225d8244e Added module for CVE-2013-1493 2013-03-26 22:30:18 +01:00
jvazquez-r7 a644ceb016 Added support for mipsbe elf 2013-03-26 17:20:43 +01:00
James Lee 73c2610822 Merge remote-tracking branch 'jvazquez-r7/mipsle_elf_support' into rapid7 
[Closes 1666]
 2013-03-26 10:38:32 -05:00
jvazquez-r7 e78635fc0f fix segment virtual address 2013-03-26 10:50:29 +01:00
Josh ee199f64cb Merge pull request #1664 from scriptjunkie/msfguiKaliConnect 
MSFGUI service autoconnect, DB fixes
 2013-03-25 21:58:28 -07:00
scriptjunkie 1b6398d4fd Service autoconnect, DB fixes 
First check if database is connected before trying to connect.
Autologin in Kali with new token login.
 2013-03-25 20:44:48 -05:00
jvazquez-r7 4fff624632 added initial support for ELF misple 2013-03-26 01:08:31 +01:00
Brandon Turner 83d1f8d499 Compile John the Ripper against libssl 1.0.0 
We use OpenSSL 1.0.0 in installed environments.  Previously, John the
Ripper was compiled against 0.9.8 which prevented it from running.  This
recompiles the same version (jtr 1.7.8 jumbo 2) against OpenSSL 1.0.0.

[FIXRM #7834]
 2013-03-25 17:12:51 -05:00
sinn3r 5504c58b11 Add dlink pass for #1648 2013-03-25 13:25:19 -05:00
jvazquez-r7 660d3d5388 Merge branch 'linksys-traversal' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-linksys-traversal 2013-03-25 17:31:11 +01:00
Josh dfcce010c1 Merge pull request #1650 from scriptjunkie/msfguiKaliConnect 
Kali fixes, changes only affect msfgui
 2013-03-24 19:34:22 -07:00
scriptjunkie 438d348fda Kali fixes 
Check the new database config location.
Don't crash on sporadic JRE style error.
 2013-03-24 21:00:38 -05:00
m-1-k-3 36d1746c0d linksys traversal module - initial commit 2013-03-23 17:01:02 +01:00
jvazquez-r7 27778e6ea9 fix comma typo 2013-03-19 19:20:39 +01:00
sinn3r be9d4ec393 New pt for virtualprotect, and readjust size to 0x401 2013-03-19 09:25:06 -05:00
sinn3r ea4c88bc2c Java Rop null-byte free 
Our new heap spray routine does not like double nulls, so we need
to adjust our ROP.
 2013-03-18 23:42:17 -05:00
scriptjunkie 16fad29cb0 Update creds schema. 2013-03-12 23:07:40 -05:00
sinn3r e1859ae4b6 Merge branch 'rsmudge-armitage' 2013-03-06 19:31:44 -06:00
sinn3r a30b61e4aa Merge branch 'rsmudge-armitage' 2013-03-06 16:39:00 -06:00
Raphael Mudge 4ab8315db0 Armitage 03.06.13 
Apparently, my last update came from the future. This modification
to that future update fixes an oversight preventing Armitage from
connecting to its collaboration server because it would report the
wrong application.
 2013-03-04 23:11:20 -05:00
Raphael Mudge 59d2f05c94 Armitage 04.06.13 
This update to Armitage improves its responsiveness when connected
to a team server over a high latency network. This update also adds
a publish/query/subscribe API to Cortana.
 2013-03-04 18:32:45 -05:00