infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
22,629 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

11911 Commits (ad1dce38d2345e7cf835bbeee98ea45862409dd8)

Author SHA1 Message Date
sinn3r 8534f7948a Change the post module's default api key as well (to Metasploit's) 2014-01-10 17:59:51 -06:00
sgabe 8449005b2a Fixed CVE identifier. 2014-01-10 23:45:34 +01:00
sinn3r 140d1fbf90
Land #2847 - Add MIPS big endian single shell_bind_tcp payload 2014-01-10 15:06:35 -06:00
sinn3r 202e19674c
Land #2856 - Fix ARMLE stagers 2014-01-10 15:05:03 -06:00
sinn3r 96ba41a4b0
Land #2844 - Fix the mipsbe shell_reverse_tcp payload 2014-01-10 15:00:39 -06:00
sinn3r cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells 2014-01-10 14:29:32 -06:00
sinn3r 238d052073 Update description 
key is no longer required.
 2014-01-10 04:02:01 -06:00
sinn3r da273f1440 Update the use of report_note 2014-01-10 01:49:07 -06:00
sinn3r 807d8c12c7 Have a default API key 
Modules now should have a default API key. See the following for
details:
http://blog.virustotal.com/2012/12/public-api-request-rate-limits-and-tool.html
 2014-01-10 01:26:42 -06:00
jvazquez-r7 4e8092aceb Fix armle stagers 2014-01-09 17:34:59 -06:00
jvazquez-r7 9d14dd59eb Delete parentheses 2014-01-09 15:17:13 -06:00
jvazquez-r7 4a64c4651e
Land #2822, @mandreko's aux module for OSVDB 101653 2014-01-09 15:15:37 -06:00
jvazquez-r7 410302d6d1 Fix indentation 2014-01-09 15:14:52 -06:00
Matt Andreko b1073b3dbb Code Review Feedback 
Removed the parameters from get() since it works without them
 2014-01-09 15:54:23 -05:00
William Vu d69b658de0
Land #2848, @sho-luv's MS08-067 scanner 2014-01-09 14:39:25 -06:00
Matt Andreko 2a0f2acea4 Made fixes from the PR from jvazquez-r7 
The get_once would *only* return "MMcS", and stop. I
modified it to be a get(3, 3). Additionally, the command
length was set to 0x01 when it needed to be 0x00.
 2014-01-09 15:33:04 -05:00
William Vu fc616c4413 Clean up formatting 2014-01-09 14:16:31 -06:00
Matt Andreko 93668b3286 Code Review Feedback 
Made it less verbose, converting to vprint_error
 2014-01-09 14:53:33 -05:00
jvazquez-r7 be6958c965 Clean sercomm_dump_config 2014-01-09 13:42:11 -06:00
Matt Andreko e21c97fd4d Added missing metadata 
Add credit where due
Add disclosure date and references
 2014-01-09 14:33:54 -05:00
Matt Andreko 9456d26467 Added Scanner module for SerComm backdoor 2014-01-09 14:25:28 -05:00
jvazquez-r7 85203c2f2a
Land #2823, @mandreko's exploit module for OSVDB 101653 2014-01-09 10:27:44 -06:00
Matt Andreko 40d2299ab4 Added tested device 2014-01-09 10:46:14 -05:00
Matt Andreko c50f7697a5 Merge branch 'review_2823' of https://github.com/jvazquez-r7/metasploit-framework into sercomm_exec 2014-01-09 10:39:12 -05:00
Matt Andreko 01c5585d44 Moved auxiliary module to a more appropriate folder 2014-01-09 10:17:26 -05:00
Matt Andreko d9e737c3ab Code Review Feedback 
Refactored the configuration settings so that creds could be reported to
the database more easily, while still being able to print general
configuration settings separately.
 2014-01-09 10:14:34 -05:00
Matt Andreko 81adff2bff Code Review Feedback 
Changed datastore['rhost'] to rhost
Made the array storing configuration values into a class const
Moved superfluous array look-over to not be executed unless in verbose
mode
 2014-01-09 09:19:13 -05:00
jvazquez-r7 bbaaecd648 Delete commas 2014-01-09 08:01:11 -06:00
jvazquez-r7 5e510dc64c Add minor fixes, mainly formatting 2014-01-09 07:51:42 -06:00
Matt Andreko ed6723655d Code Review Feedback 
Fixed some handling of errors and invalid hosts
 2014-01-09 08:44:01 -05:00
William Vu 8414973746
Land #2833, rm linksys_wrt110_cmd_exec_stager 2014-01-09 01:21:22 -06:00
William Vu 7fd4935263 Make the module output prettier 2014-01-09 01:03:01 -06:00
William Vu 27f079ad7c Move {begin,end}_job from libs to modules 2014-01-09 01:03:01 -06:00
William Vu 131bfcaf41 Refactor away leftover get_rdymsg 2014-01-09 01:03:01 -06:00
William Vu d3bbe5b5d0 Add filesystem commands and new PoC modules 
This commit also refactors some of the code.
 2014-01-09 01:03:01 -06:00
William Vu af66310e3a Address @jlee-r7's comments 2014-01-09 01:03:01 -06:00
William Vu bab32d15f3 Address @wchen-r7's comments 2014-01-09 01:03:00 -06:00
William Vu 1c889beada Add Rex::Proto::PJL and PoC modules 2014-01-09 01:03:00 -06:00
Matt Andreko d2458bcd2a Code Review Feedback 
Migrated the Sercomm module to use the CmdStager mixin to provide
uploading of the ELF binary.
Modified the CmdStagerEcho mixin to allow bypass of the "-en " since in
this case, the device messed up when it was used, and would actually
write the "-en " to the file, from some flaky busybox version of "echo".
 2014-01-08 22:21:32 -05:00
sho-luv a8fcf13972 Added credits and clean initialize 
Added wvu to creds as he did most of work. ;)
 2014-01-08 21:16:09 -05:00
William Vu 8993c74083 Fix even moar outstanding issues 2014-01-08 19:38:54 -06:00
sinn3r a99e2eb567 Update the post module 2014-01-08 18:41:22 -06:00
sinn3r 130a99f52b Add a post module that checks with VirusTotal with a checksum 
This post module will submit a SHA1 checksum to VirusTotal to see
if it's a malicious file.
 2014-01-08 18:26:40 -06:00
William Vu 1dd29d3b64 Fix moar outstanding issues 2014-01-08 18:11:18 -06:00
William Vu 945a2a296a Fix outstanding issues 2014-01-08 17:09:41 -06:00
jvazquez-r7 4e581a35ac Fix encoder architecture 2014-01-08 16:18:30 -06:00
sho-luv 35ac9712ab Added auxiliary check for MS08_067 
I simply copied the check from ms08_0867_netapi.rb and put them in
a auxiliary check so I could scan for it. This was done because
Nmap's check is not safe and this is more stable.
 2014-01-08 16:41:44 -05:00
jvazquez-r7 a0879b39e0 Add mips be shell_bind_tcp payload 2014-01-08 14:48:54 -06:00
jvazquez-r7 1727b7fb37 Allow the Msf::Payload::Linux's generate to make its work 2014-01-08 12:41:10 -06:00
jvazquez-r7 83e5169734 Don't use temporal register between syscals and save some bytes on the execve 2014-01-08 11:45:27 -06:00
jvazquez-r7 5f7582b72d Don't use a temporary registerfor the dup2 loop counter 2014-01-07 18:02:55 -06:00
jvazquez-r7 c2dce19768 Don't use a temporary registerfor the dup2 loop counter 2014-01-07 17:39:27 -06:00
jvazquez-r7 a85492a2d7 Fix my own busted dup2 sequence 2014-01-07 16:27:01 -06:00
Joe Vennix fb1a038024 Update async API to actually be async in all cases. 
This avoids zalgo. Also optionally checks the return value
of the compiled Function in XSS to allow you to use send()
or an explicit return, which is maybe more natural for
synchronous xss payloads.
 2014-01-07 16:17:34 -06:00
jvazquez-r7 3230b193e1 Make better comment 2014-01-07 15:32:46 -06:00
jvazquez-r7 80dcda6f76 Fix bind call 2014-01-07 15:31:42 -06:00
Niel Nielsen 266b040457 Update cachedump.rb 
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
 2014-01-07 22:14:10 +01:00
Niel Nielsen d567737657 Update reverse_tcp_rc4_dns.rb 
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
 2014-01-07 22:12:38 +01:00
Niel Nielsen 385ae7ec38 Update reverse_tcp_rc4.rb 
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
 2014-01-07 22:11:16 +01:00
Niel Nielsen 693d95526b Update bind_tcp_rc4.rb 
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
 2014-01-07 22:09:53 +01:00
Niel Nielsen 1479ef3903 Update typo3_winstaller_default_enc_keys.rb 
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
 2014-01-07 22:08:10 +01:00
jvazquez-r7 b5524654d5 Delete comment 2014-01-07 14:50:26 -06:00
jvazquez-r7 45c86d149f Modify authors field 2014-01-07 14:50:12 -06:00
jvazquez-r7 d6639294aa Save some instructions with dup2 2014-01-07 14:41:33 -06:00
Niel Nielsen e79ccb08cb Update rails_secret_deserialization.rb 
When using aws-sdk with Ruby 2.1.0-rc1, many "Digest::Digest is deprecated; use Digest" warnings are printed.
Even in Ruby 1.8.7-p374, OpenSSL::Digest::Digest is only provided for backward compatibility.
 2014-01-07 21:41:15 +01:00
jvazquez-r7 9cf221cdd6 Delete delay slots after syscall 2014-01-07 13:18:20 -06:00
jvazquez-r7 590547ebc7 Modify title to avoid versions 2014-01-07 13:01:10 -06:00
Joe Vennix c34af35230 Add wrt100 to the description and title. 
* The wrt110 and wrt100 share the same firmware, and are both vulnerable to this
bug.
 2014-01-07 10:26:15 -06:00
Joe Vennix 1057cbafee Remove deprecated linksys module. 2014-01-07 10:22:35 -06:00
jvazquez-r7 70d4082c0c Add formatting blank lines and delete comment 2014-01-07 09:55:36 -06:00
jvazquez-r7 3edd2a50e2 Shorter mipsle shell_reverse_tcp 2014-01-07 09:45:28 -06:00
Tod Beardsley c0a82ec091
Avoid specific versions in module names 
They tend to be a lie and give people the idea that only that version is
vulnerable.
 2014-01-06 13:47:24 -06:00
Joe Vennix 49d1285d1b Add explicit json require. 2014-01-06 11:15:10 -06:00
sinn3r 1cdfbfeed5
Land #2820 - vTigerCRM SOAP AddEmailAttachment Arbitrary File Upload 2014-01-06 10:36:02 -06:00
Joe Vennix 3b29c370bd Fix bug in the firefox/exec payload. 2014-01-05 11:24:41 -06:00
Joe Vennix 723c0480ab Fix description to be accurate. 2014-01-04 19:06:01 -06:00
Joe Vennix f2f68a61aa Use shell primitives instead of resorting to 
echo hacks.
 2014-01-04 19:00:36 -06:00
Joe Vennix 4329e5a21e Update firefox payloads to use async runCmd. 2014-01-04 08:49:43 -06:00
Joe Vennix fdca396bc8 Update exec to be diskless. 2014-01-04 08:48:58 -06:00
Joe Vennix b9c46cde47 Refactor runCmd, allow js exec. 
* Updates exec payload to not touch disk
* Adds XSS module that uses hiddenWindow (to avoid X-Frame-Options)
 2014-01-04 08:46:57 -06:00
Joe Vennix a5ebdce262 Add exec payload. Cleans up a lot of code. 
Adds some yardocs and whatnot.
 2014-01-03 18:23:48 -06:00
Tod Beardsley cd38f1ec5d
Minor touchups to recent modules. 2014-01-03 13:39:14 -06:00
Matt Andreko 41ac66b5e5 Removed stupid debug line I left in 2014-01-03 11:00:13 -05:00
Matt Andreko aaa9fa4d68 Removed RequiredCmd options that didn't work successfully. 2014-01-03 10:56:01 -05:00
Matt Andreko 20b073006d Code Review Feedback 
Removed Payload size restriction. I tested with 10,000 characters and it
worked.
Removed handler for now, since it's unable to get a shell. It's
currently limited to issuing commands.
 2014-01-03 10:54:16 -05:00
Matt Andreko 570e7f87d3 Moved to more appropriate folder 2014-01-02 20:58:46 -05:00
Matt Andreko b24e927c1a Added module to execute commands on certain Sercomm devices through 
backdoor
See more: https://github.com/elvanderb/TCP-32764
 2014-01-02 20:54:02 -05:00
Matt Andreko c5a3a0b5b7 Cleanup 2014-01-02 20:44:18 -05:00
Matt Andreko 6effdd42fa Added module to enumerate certain Sercomm devices through backdoor 
See more: https://github.com/elvanderb/TCP-32764
 2014-01-02 20:42:42 -05:00
William Vu 2d25781cf0
Land #2804 for real (thanks, @jvazquez-r7!) 
It was the wrong time to mess with my workflow.
 2014-01-02 16:39:02 -06:00
William Vu 67a796021d
Land #2804, IBM Forms Viewer 4.0 exploit 2014-01-02 16:10:02 -06:00
jvazquez-r7 eaeb457d5e Fix disclosure date and newline as pointed by @wvu-r7 2014-01-02 16:08:44 -06:00
jvazquez-r7 3f0ee081d9 Beautify description 2014-01-02 15:37:58 -06:00
Joe Vennix 06fb2139b0 Digging around to get shell_command_token to work. 2014-01-02 14:05:06 -06:00
jvazquez-r7 d5e196707d Include Msf::Post::Windows::Error 2014-01-02 13:41:37 -06:00
jvazquez-r7 ec8d24c376 Update against upstream 2014-01-02 12:55:46 -06:00
jvazquez-r7 3bccaa407f Beautify use of Regexp 2014-01-02 12:54:54 -06:00
jvazquez-r7 90158b9932
Land #2791, @morisson's support to remote dns resolution on sap_router_portscanner 2014-01-02 12:19:50 -06:00
jvazquez-r7 f75782bc2f Use RHOST, RPORT for the SAPROUTER options 2014-01-02 12:18:54 -06:00
jvazquez-r7 1b893a5c26 Add module for CVE-2013-3214, CVE-2013-3215 2014-01-02 11:25:52 -06:00