infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
23,316 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

23316 Commits (a8d919feb0fa60ec5517e2ce839bebe7b9709410)

Author SHA1 Message Date
OJ fdd0d91817 Updated the Ultra Minit HTTP bof exploit 
After exploiting this application manually I decided to make this
an MSF exploit, only to find that other people had beaten me to it.
However, the existing exploit was broken in a few ways, and this
commit makes those problems go away. They include:

* Correct use of alpha chars in the buffer leading up to the payload
  which results in bad chars being avoided. Bad chars muck with the
  offsets because they get expanded.
* Adjustment of the payload so that it runs in another thread instead
  of in the thread of the request handler. This prevents the session
  from being killed after the hard-coded 60-second timeout that is
  baked into the application.
* The handler thread terminates itself so that the process doesn't
  crash.
* Extra targets were added based on the machines I had access to.
 2014-02-23 21:23:41 +10:00
Meatballs 9f4b9e2f62
Land #3021, Post::Windows::LDAP Yarddoc fixes 2014-02-22 19:51:59 +00:00
ribeirux 8f7f1d0497 Add module for CVE-2014-0050 2014-02-22 14:56:59 +01:00
sho-luv ce94475810 added auto lhost to msfpayload 2014-02-21 21:58:44 -06:00
sho-luv b598a5e4de added auto lhost to msfvenom 2014-02-21 21:51:07 -06:00
Michael Messner ec8e1e3d6f small fixes 2014-02-21 21:59:45 +01:00
Michael Messner 1384150b7a make msftidy happy 2014-02-21 21:56:46 +01:00
Michael Messner c77fc034da linksys wrt120 admin reset exploit 2014-02-21 21:53:56 +01:00
James Lee 0179faa66f
Fix yardoc for Post::Windows::LDAP 
Also fix some style issues and warnings.
 2014-02-21 13:25:11 -06:00
jvazquez-r7 998fa06912
Land #2998, @bit4bit's fix for the vtigercrm exploit 2014-02-20 08:36:05 -06:00
jvazquez-r7 0b27cd13e8 Make module work 2014-02-20 08:35:37 -06:00
jvazquez-r7 0b5e617236
Land #3016 lsanchez-r7's send_message mod to return info 2014-02-19 17:01:06 -06:00
jvazquez-r7 c0cdea37f7 Initialize send_status at the function's start 2014-02-19 16:54:29 -06:00
lsanchez-r7 f7a483523c changing the initial state from false to nil 2014-02-19 16:45:00 -06:00
jvazquez-r7 e75a0ea948 Fix typo 2014-02-19 15:21:02 -06:00
jvazquez-r7 aa07065f67
Land #2959, reverse powershell payload by @Meatballs1 2014-02-19 15:14:54 -06:00
jvazquez-r7 9fad43da08 Add license information 2014-02-19 15:11:12 -06:00
sinn3r ed2ac95396 Always replace \ with / for Dexter exploit 
Fix for the following:
48199fec27 (commitcomment-5419010)
 2014-02-19 09:24:07 -06:00
Joe Vennix 212ebb568c EXITFUNC option should be an OptEnum. 2014-02-19 03:06:15 -06:00
sinn3r 2e7a56b4a7
Land #3001 - SUB Encoder 2014-02-19 01:54:01 -06:00
jvazquez-r7 4ca4d82d89
Land #2939, @Meatballs1 exploit for Wikimedia RCE and a lot more... 2014-02-18 17:48:02 -06:00
lsanchez-r7 07fd3494e5 changing send_message to return more information 2014-02-18 16:48:52 -06:00
William Vu e7c3b94e60
Land #3006, @todb-r7's pre-release fixes 2014-02-18 14:15:12 -06:00
Tod Beardsley 721e153c7f
Land #3005 to the fixup-release branch 
Prefer the intel on #3005 over my own made up 0day guess. Thanks @wvu!

Conflicts:
	modules/exploits/windows/fileformat/audiotran_pls_1424.rb
 2014-02-18 14:08:54 -06:00
Tod Beardsley a863d0a526
Pre-release fixes, including msftidy errors. 2014-02-18 14:02:37 -06:00
William Vu 28dc742bcf Fix references and disclosure date 2014-02-18 13:59:58 -06:00
jvazquez-r7 4f9ab0b99f
Land #2903, @Meatballs1 SPN gather post module 2014-02-18 13:53:32 -06:00
jvazquez-r7 4903b05214 Fix tabs 2014-02-18 13:51:40 -06:00
Tod Beardsley 8e0a4aaa58
Land #2983, webcam_chat for Meterpreter 2014-02-18 13:43:42 -06:00
William Vu c216357815
Land #3000, audiotran_pls_1424 SEH exploit 2014-02-18 13:27:14 -06:00
sinn3r 13ff787c23
Land #3002 - standalone iplist creator 2014-02-18 13:12:12 -06:00
Rob Fuller b19a652d78 add -i option as a requirement 2014-02-18 14:08:57 -05:00
Rob Fuller fadb688143 Merge pull request #6 from wchen-r7/pr3002-v2 
Multiple improvements for tool makeiplist.rb
 2014-02-18 14:01:15 -05:00
sinn3r b5dcc0eb1d Make several changes. 
Some important changes:

* Uses optparse to parse argumnets
* Prevent file handle leaks
 2014-02-18 12:43:11 -06:00
Meatballs 8a68323cf0
Dont keep checking domain 2014-02-18 17:52:34 +00:00
Meatballs 5c8af63063
Fix regression 2014-02-18 17:41:35 +00:00
Meatballs1 dc98fd522e Merge pull request #40 from jvazquez-r7/conflict_2903 
Conflicts in Post::Windows - Service Principal Name
 2014-02-18 17:29:54 +00:00
sinn3r e8f95c6cc0 Change error msg 2014-02-18 00:02:16 -06:00
sinn3r 608f800274 Support error handling in the message box 2014-02-18 00:01:44 -06:00
sinn3r 0519abb558 Fix the wrong conversion 2014-02-17 23:17:19 -06:00
jvazquez-r7 1bc94b8a9d Merge for retab 2014-02-17 19:19:47 -06:00
jvazquez-r7 f07efc91a8 Land #2915, @Meatballs1 improvements for LDAP post mixin 2014-02-17 19:14:59 -06:00
Rob Fuller 6746793848 make write cleaner 2014-02-17 17:09:50 -05:00
Spencer McIntyre 7f9b4a4bf4
Land #2655, Re-do exe-small for scripting payloads. 2014-02-17 15:56:23 -05:00
Philip OKeefe 98958bc7bc Making audiotran_pls_1424 more readable and adding comments 2014-02-17 13:40:03 -05:00
Rob Fuller 11945786c9 standalone iplist creator 2014-02-17 11:22:15 -05:00
sinn3r 52ac85be11
Land #2931 - Oracle Forms and Reports RCE 2014-02-17 08:54:23 -06:00
sinn3r 110ffbf342 Indent looks off for this line 2014-02-17 08:53:29 -06:00
sinn3r 632ea05688 100 columns 2014-02-17 08:52:56 -06:00
sinn3r 8da7ba131b In case people actually don't know what RCE means 2014-02-17 08:51:48 -06:00