infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
45,359 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

23500 Commits (b0012d6f360e0dee69d1b32c081fa79df4ebb5a6)

Author SHA1 Message Date
James Barnett 08f10d7da1
Comments 2018-02-22 14:51:17 -06:00
James Barnett 1cee532526 Merge branch 'rapid7/master' into goliath 2018-02-22 14:49:45 -06:00
James Barnett e396dbabcd
Dont save email addresses as valid users 
Also add initial module doc for owa_login
 2018-02-22 14:48:35 -06:00
James Barnett e531dbc976
Fix bug causing all logins to appear valid 
The headers we were looking for were a little too loose
and were incorrectly identifying all responses as successful
login attempts
 2018-02-22 11:25:35 -06:00
bwatters-r7 4b8a8fa2b1
Land #9441, Create exploit for AsusWRT LAN RCE 
Merge branch 'land-9441' into upstream-master
 2018-02-22 10:40:45 -06:00
Jacob Robles 738d6ab33a
Land #9604, Fix logged errors when running without Python 3.6 / gmpy2 2018-02-22 08:11:30 -06:00
Brent Cook 99e278fa29
Land #9584, Fix reverse_php_ssl infinite loop 2018-02-22 07:03:52 -06:00
Trevor Sibanda 77b3673e38 Fix reverse_php_ssl infinite loop 2018-02-22 08:42:54 +00:00
Brent Cook 7e665ab287 check for extra libraries explicitly, fail gracefully 2018-02-21 21:54:58 -06:00
William Vu 3880f6a65e Finally fix "Unknown admin user ''" after 2yrs 
The failed password auth was necessary after all. I misread the PoC. :'(

Apparently the password auth sets the username, while the backdoored
keyboard-interactive auth sets the password.
 2018-02-21 20:44:35 -06:00
William Vu cc2495dd9c Explain fortinet-backdoor -> FortinetBackdoor 2018-02-21 17:05:30 -06:00
William Vu a5d78b82d4 Add require for Net::SSH::CommandStream 2018-02-21 15:51:53 -06:00
William Vu 854ac67b8e Use start_session in fortinet_backdoor 
Still get "Unknown admin user ''" from a shell channel request,
@busterb's more complete implementation notwithstanding.

Hoping we fix this in a subsequent commit or related PR.

Please see #6612 and #9524.
 2018-02-21 15:33:34 -06:00
Brent Cook 78822fd799
Land #9524, prefer 'shell' channels over 'exec' channels for ssh CommandStream 2018-02-21 06:59:09 -06:00
William Vu 9cbc55ce40
Land #9593, finger_users regex fix 2018-02-21 01:27:40 -06:00
Aaron Soto bda7fefa7f
Land #9444 - `hsts_eraser` module and docs 2018-02-20 21:22:55 -06:00
Jacob Robles b2cb4c425d
Land #9594, CloudMe Sync v1.10.9 Buffer Overflow 2018-02-20 17:49:19 -06:00
Jacob Robles 6a62ca15e7
Remove NOPS 
[ticket: #9594]
 2018-02-20 17:40:33 -06:00
Daniel Teixeira 745ad4d727
CloudMe Sync Client BoF 2018-02-20 21:57:13 +00:00
James Lee d6206dc046
Better regex in finger_users 2018-02-20 15:48:00 -06:00
Jacob Robles 107a41a4ce
Land #9561, Disk Savvy Enterprise v10.4.18 built-in server buffer overflow 2018-02-20 15:42:12 -06:00
Jacob Robles d02bf40d69
Modified Exploit 
Remove NOPS that weren't needed and freed up space for a larger payload.

[ticket: #9561]
 2018-02-20 15:35:43 -06:00
Brent Cook 05e002e3c5
Land #9366, Add x64 staged Meterpreter for macOS 2018-02-19 23:15:03 -06:00
Brent Cook 69c7e83a55
Land #9164, add OWA 2016 support 2018-02-19 23:12:27 -06:00
Chris Higgins 74c6e21f49
Lands #9504, MagniComp SysInfo privilege escalation 2018-02-19 22:47:33 -06:00
Brent Cook 56c00a8cb6 initial OWA 2016 support 2018-02-19 21:43:49 -06:00
Brent Cook ac7fe99a2b specify a python encoding for the module 2018-02-16 16:17:52 -06:00
Brent Cook 242f2d3117
Land #9512, Add Claymore Dual GPU Miner<= 10.5 DoS module 2018-02-16 10:46:48 -06:00
Brent Cook 25d2b551d8
Land #9539, add bind_named_pipe transport to Windows meterpreter 2018-02-15 17:39:32 -06:00
Brent Cook d28f6888b2 bump payloads, include bind_named_pipe support 2018-02-15 17:37:33 -06:00
Wei Chen b533ec6019
Land #9509, Ulterius Server < v1.9.5.0 Directory Traversal 
Land #9509
 2018-02-15 16:34:31 -06:00
Wei Chen 949b474a0a Avoid target_uri.path 
It doesn't look like target_uri.path is suitable for this scenario,
because it causes our input to be modified and hard to use.
 2018-02-15 16:31:09 -06:00
Brent Cook 38b03fdfff Merge branch 'upstream-master' into land-9539- 2018-02-15 16:22:13 -06:00
Wei Chen 5467f4c97e Add header 2018-02-15 16:19:54 -06:00
Brent Cook c4c864f391
Land #9558, Fix #9417, map timeout exp to a var for telnet_encrypt_overflow 2018-02-15 15:54:23 -06:00
Brent Cook 67dc579fd3
update magic numbers 2018-02-15 15:10:26 -06:00
Daniel Teixeira 651ddbb7eb
Disk Savvy Server Buffer Overflow 2018-02-15 10:09:07 +00:00
Daniel Teixeira 929027ab96
Disk Savvy Server Buffer Overflow 2018-02-14 20:35:32 +00:00
Wei Chen ef948ccc38 Fix #9417, map timeout exp to a var for telnet_encrypt_overflow 
Fix #9417
 2018-02-14 09:19:28 -06:00
HD Moore 7cfc17860d udp_probe is necessary for pivot scans 2018-02-14 08:45:46 -06:00
HD Moore ef13f01820 Remove actually deprecated modules 2018-02-14 08:43:20 -06:00
HD Moore 234f5a316b Revert "Remove old deprecated modules" 
This reverts commit a2c5cc0ffb.
 2018-02-14 08:42:44 -06:00
Spencer McIntyre 5063415b79
Land #9552, add private_type for stored tomcat pw 
Fixes #9513
 2018-02-13 19:25:27 -05:00
Jeffrey Martin 3811665b69
Land #7699, Add UDP handlers and payloads (redux) 2018-02-13 14:50:09 -06:00
Jeffrey Martin d56111a33c
update cache sizes from new tests 2018-02-13 14:34:21 -06:00
Wei Chen fbeba8bfd2 Fix #9513, Add private_type to be able to store password for Tomcat 
If there is no :private_type, the create_credential method in
Metasploit::Credential::Creation will quietly skip the password,
which makes it look like a bug when the user is trying to view
the password from the creds command.

Fix #9513
 2018-02-13 14:31:56 -06:00
Jeffrey Martin 2221779ddd
update package namespaces 2018-02-13 13:33:36 -06:00
Agahlot de24451035 Correct Typo 2018-02-13 15:57:09 +05:30
follower ecb5fffb0b
Typo fix: "withint" --> "within" 2018-02-13 06:20:57 +13:00
UserExistsError bad1429989 reverted CachedSize values 2018-02-11 19:07:41 -07:00