infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
23,942 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

23942 Commits (ac0cafcca6267cd471d4bb51362b0e42abccbc68)

Author SHA1 Message Date
sinn3r 84b08a5a35 Fix check command host selection behavior 
[SeeRM #8768] Instead of using the saved value for host, the check
command should use whatever the user specifies.
 2014-03-12 22:54:01 -05:00
Brandon Perry 7540dd83eb randomize markers 2014-03-12 20:11:55 -05:00
Brandon Perry 3fedafb530 whoops, extra char 2014-03-12 19:54:58 -05:00
Brandon Perry aa00a5d550 check method 2014-03-12 19:47:39 -05:00
Michael Messner f39e784d19 mipsle execve payload 2014-03-12 21:08:40 +01:00
William Vu 5cf5643337
Land #3092, Rapid7, Inc. thing 2014-03-12 14:49:02 -05:00
Brandon Perry 9cb1c1a726 whoops, typoed the markers 2014-03-12 10:58:34 -07:00
Brandon Perry 6636d43dc5 initial module 2014-03-12 10:46:56 -07:00
Tod Beardsley 9d4ceaa3a0
Let's try to be consistent about Rapid7 Inc. 
According to

http://www.sec.gov/Archives/edgar/data/1560327/000156032712000001/0001560327-12-000001.txt

Rapid7 is actually "Rapid7 Inc" not "Rapid7, LLC" any more.

This does not address the few copyright/license statements around
"Metasploit LLC," whatever that is.
 2014-03-12 11:20:17 -05:00
Joe Vennix 851fca2107 Add posix fork() call before running code. 2014-03-12 02:56:26 -05:00
Joe Vennix 7afcb6aee8 Add CreateThread wrapper for windows. 2014-03-12 02:49:09 -05:00
Joe Vennix ce0c5380a5
Kill stray //. 2014-03-12 02:20:49 -05:00
Joe Vennix 9bdf570763
All working now. In-memory meterpreter even. 2014-03-12 02:19:28 -05:00
Tod Beardsley 206660ddde
Recreate the intent of cfebdae from @parzamendi-r7 
The idea was to rescue on a NoReply instead of just fail, and was part
of a fix in #2656.

[SeeRM #8730]
 2014-03-11 14:30:01 -05:00
Spencer McIntyre 5ea26688d7 Fix a syntax error for Python 2.4 2014-03-11 15:22:52 -04:00
sho-luv f7af9780dc
Rescue InvalidWordCount error 
This is a cherry-pick of commit ea86da2 from PR #2656
 2014-03-11 14:17:36 -05:00
Spencer McIntyre f3493ce220 Merge branch 'master' into pymeterpreter-net 
Conflicts:
	data/meterpreter/ext_server_stdapi.py
 2014-03-11 15:15:02 -04:00
Tod Beardsley 2d15ef68cc
Land #3087, lots of title/desc changes for msftidy 
While this does not close the associated redmine issue, it makes
progress toward closing.

[SeeRM #8498]
 2014-03-11 13:45:49 -05:00
Spencer McIntyre e874223421
Land #3083, fix pymet when ctypes isn't available 2014-03-11 14:31:44 -04:00
sinn3r b431bf3da9
Land #3052 - Fix nil error in BES 2014-03-11 12:51:03 -05:00
William Vu 517f264000 Add last chunk of fixes 2014-03-11 12:46:44 -05:00
James Lee f51ee2d6b4
snmp_enum: Treat missing timestamp elements as 0 
Timestamps don't always have all the elements we expect. This treats
them as zeroes to ensure that we don't raise silly exceptions in that
case.
 2014-03-11 12:44:07 -05:00
James Lee b87c2dca0b
Use older hash modules when hashlib isn't there 2014-03-11 12:25:54 -05:00
William Vu 25ebb05093 Add next chunk of fixes 
Going roughly a third at a time.
 2014-03-11 12:23:59 -05:00
William Vu 170608e97b Fix first chunk of msftidy "bad char" errors 
There needs to be a better way to go about preventing/fixing these.
 2014-03-11 11:18:54 -05:00
William Vu 045900bed1
Land #3084, msftidy for mipsle reboot shellcode 2014-03-11 09:56:56 -05:00
OJ 3ea3968d88
Merge branch 'upstream/master' into stop_abusing_expand_path 
Conflicts:
	lib/msf/core/post/windows/shadowcopy.rb
	modules/exploits/windows/local/bypassuac.rb
	modules/post/windows/gather/wmic_command.rb
	modules/post/windows/manage/persistence.rb
 2014-03-11 23:13:39 +10:00
OJ 1d70411ea7 Support service_control and new status field in query 
This code adds support for the new service_control feature in meterpreter
and also supports the status field that comes from the service_query function.
 2014-03-11 14:50:19 +10:00
joev 46c11ea2eb Small fixes to m-1-k-3's mipsle reboot shellcode. 2014-03-10 17:17:23 -05:00
joev 7da54eb9cf
Merge branch 'landing-3041' into upstream-master 
Lands PR #3041, @m-1-k-3's reboot shellcode.
 2014-03-10 17:11:06 -05:00
Joe Vennix 78393057fe Fix failing spec 2014-03-10 16:40:46 -05:00
James Lee 75c94cc5d7
Derp 2014-03-10 16:30:55 -05:00
James Lee e508079aff
Don't crash when ctypes isn't available 2014-03-10 16:10:24 -05:00
sinn3r 8b4f8ec21a
Land #3082 - Release fixes 2014-03-10 15:19:13 -05:00
Tod Beardsley 2086224a4c
Minor fixes. Includes a test module. 2014-03-10 14:49:45 -05:00
Tod Beardsley 26be236896
Pass MSFTidy please 2014-03-10 14:45:56 -05:00
Joe Vennix c07f390382 Add CookieExpiration option, add trailing slash to URI. 2014-03-10 13:07:17 -05:00
Tod Beardsley 368df03ae1
Land #3081, Yokogawa SCADA vulns 
I know it looks like I'm landing my own PR, but it's an illusion; I am
merely shoving bits around on @jvazquez-r7's behalf while he is
technically (and now actually) on vacation.
 2014-03-10 12:44:00 -05:00
Tod Beardsley 6e279da6bd
Land todb-r7#13 for rapid7#3081 credit update 2014-03-10 10:24:05 -05:00
jvazquez-r7 8cfa5679f2 More nick instead of name 2014-03-10 16:12:44 +01:00
jvazquez-r7 bc8590dbb9 Change DoS module location 2014-03-10 16:12:20 +01:00
jvazquez-r7 1061036cb9 Use nick instead of name 2014-03-10 16:11:58 +01:00
Tod Beardsley 5485028501
Add 3 Yokogawa SCADA vulns 
These represent our part for public disclosure of the issues listed
here:

http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf

Yokogawa is calling these YSAR-14-0001E, and I think that they map
thusly:

YSAR-14-0001E Vulnerability 1 :: R7-2013-19.1
YSAR-14-0001E Vulnerability 2 :: R7-2013-19.3
YSAR-14-0001E Vulnerability 3 :: R7-2013-19.4

@jvazquez-r7 if you could confirm, I'd be delighted to land these and
get your disclosure blog post published at:

https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities

Thanks for all the work on these!
 2014-03-10 09:33:54 -05:00
sinn3r e32ff7c775
Land #3077 - Allow TFTP server to take a host/port argument 2014-03-08 00:58:52 -06:00
Tod Beardsley 151e2287b8
OptPath, not OptString. 2014-03-07 10:52:45 -06:00
Tod Beardsley 5cf1f0ce4d
Since dirs are required, server will send/recv 
This does change some of the meaning of the required-ness of the
directories. Before, if you wanted to serve files, but not receive any,
you would just fail to set a OUTPUTPATH.

Now, since both are required, users are required to both send and
recieve. This seems okay, you can always just set two different
locations and point the one you don't want at /dev/null or something.
 2014-03-07 10:49:11 -06:00
Tod Beardsley 37fa4a73a1
Make the path options required and use /tmp 
Otherwise it's impossible to run this module without setting the options
which were not otherwise validated anyway.
 2014-03-07 10:41:18 -06:00
sinn3r c76a1ab9f4
Land #3065 - Safari User-Assisted Download & Run Attack 2014-03-07 10:29:56 -06:00
Spencer McIntyre ebee365fce
Land #2742, report_vuln for MongoDB no auth 2014-03-06 19:34:45 -05:00
Spencer McIntyre 84f280d74f
Use a more descriptive MongoDB vulnerability title 2014-03-06 19:20:52 -05:00