infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
47,850 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

1254 Commits (b1041093f2503d62d7dbb94e11d4528455feed2f)

Author SHA1 Message Date
William Vu 129fd44350
Land #10305, SonicWall XML-RPC RCE 2018-07-30 14:14:26 -05:00
William Vu 38f6b8aada Clean up module 2018-07-30 14:06:33 -05:00
Wei Chen 2dff66aacb Check nil 2018-07-26 11:23:16 -05:00
Sonny Gonzalez f5ccdcfcd2
Net SSH CommandStream fixes implemented 
* Net::SSH::CommandStream typos fixed
* Net::SSH::CommandStream cleanup made more robust and refactored
* require 'net/ssh/command_stream' added to various modules
 2018-07-25 11:22:28 -05:00
asoto-r7 1a3a4ef5e4
Revised 88 aux and exploit modules to add CVEs / references 2018-07-12 17:34:52 -05:00
flandini 7d8a95de9f Fixed requested changes for PR 2018-07-09 12:44:38 -05:00
Wei Chen 5fc5a47cd2 Update CVE references for exploit modules 
These are based on cross references by EDB, OSVDB, module short
name, blog post and BID.
 2018-07-08 18:46:04 -05:00
flandini b00f0e87e0 Add SonicWall XML-RPC Remote Code Execution exploit module 2018-07-05 12:06:13 -05:00
Brendan Coles 6d3c141553 Update patched version check 2018-06-22 15:08:19 +00:00
Brendan Coles a71a5a10d5 Add Quest KACE Systems Management Command Injection 2018-06-22 08:07:18 +00:00
William Vu f4bb00b9a5 Remove stray PayloadType outside Compat 2018-06-12 14:59:29 -05:00
Kevin Kirsche 93e9c96a1c Adjust link / name ordering to be alphabetical by key (not sorted by value) 2018-05-21 14:42:13 -04:00
Kevin Kirsche c665a32eb9 Add privileged and fix PayloadType hash style 2018-05-19 19:06:50 -04:00
Kevin Kirsche d9d226376c Fix missing comma 2018-05-19 09:23:23 -04:00
Kevin Kirsche 4bf259e767 Add github and EDB ID number 2018-05-19 09:04:18 -04:00
Kevin Kirsche b0f556639f Change rand text length and remove disable nops 2018-05-19 09:02:00 -04:00
Kevin Kirsche 6d0c6a7051 Randomize the starting letter 2018-05-18 15:14:40 -04:00
Kevin Kirsche 1efa5c4061 Move to PayloadType instead of Compat 2018-05-18 14:55:33 -04:00
Kevin Kirsche 599979be37 Add AKA and remove filename 2018-05-18 14:49:12 -04:00
Kevin Kirsche 0951aca881 Fix require that’s included by mixin 2018-05-18 13:31:20 -04:00
Kevin Kirsche 35ee1b5fa1 Use https instead of http in the comments 2018-05-18 13:10:47 -04:00
Kevin Kirsche 8f0242344d Fix style to use curly braces instead of pipes 2018-05-18 13:06:38 -04:00
Kevin Kirsche f1b9088609
Fix msf/core include requirement 
```
modules/exploits/unix/dhcp/rhel_dhcp_client_command_injection.rb - [WARNING] Explicitly requiring/loading msf/core is not necessary
```

removes `require msf/core`
 2018-05-18 13:04:55 -04:00
Kevin Kirsche 164f3ef48d Add CVE-2018-1111 exploit 2018-05-18 12:47:08 -04:00
miluxsec 5ed1bde65f Removed unused FileDropper include 2018-05-08 18:10:29 +02:00
miluxsec 5038098efb Remove need for writable directory when using xdebug exploit 
By base64 encoding the exploit code and decoding it on the target the
need for writing a temporary file is removed.
See #9918
 2018-05-07 22:11:21 +02:00
William Vu 88f09dc302 Update a few stragglers in Drupalgeddon 2 
1. I added a missed header and YARD to the Drupal mixin.
2. I decided to match discovered versions more liberally.
 2018-05-03 18:35:25 -05:00
William Vu 728d7bc065 Fix #9876, second round of Drupalgeddon 2 updates 
Thanks to a reviewer for noticing my drupal_unpatched? method was
tri-state because of an unrefactored return. Oops! :)
 2018-05-03 17:38:32 -05:00
Aaron Soto 82fc4aba64
Land #9918, XDebug Unauthenticated OS command execution 2018-04-27 17:08:58 -05:00
William Vu 873cbcee27 Fix #9876, minor updates to Drupalgeddon 2 
1. Tested versions are already listed in the module doc, and we've
tested more than just 7.57 and 8.4.5 now. Removing a source of potential
inconsistency in the future.
2. No problem with ivars anymore. No idea what happened, but maybe I was
just too tired to code. Removing cleanup method.
 2018-04-25 18:09:54 -05:00
William Vu b8eb7f2a86 Set target type instead of regexing names 
We're no longer matching multiple targets like /In-Memory/ or /Dropper/,
so it makes sense to match on a specific value now.

Old matching in this commit: 1900aa2708.
 2018-04-25 11:53:26 -05:00
William Vu 910e9337fb Use print_good for patch level check, oops 2018-04-24 23:21:22 -05:00
William Vu b7ac16038b Correct comment about PHP CLI (it's not our last!) 2018-04-24 23:18:51 -05:00
William Vu ec43801564 Add check for patch level in CHANGELOG.txt 
Looks like 8.x has core/CHANGELOG.txt instead.
 2018-04-24 23:12:33 -05:00
William Vu 2ff0e597a0 Add SA-CORE-2018-002 as an AKA ref 
Makes sense to me. Even though it's technically the advisory.
 2018-04-24 22:51:33 -05:00
William Vu 8bc1417c8c Use PHP_FUNC as a fallback in case assert() fails 
Additionally drop a file in a writable directory in case CWD fails.
 2018-04-24 22:29:27 -05:00
William Vu 8ff4407ca6 Clarify version detection error message 
This was supposed to imply that we couldn't configure the exploit for a
targetable version. Instead, it just read weirdly. I think it was
missing "to target" at the end. "Determine" is a much better word,
though, since we may be doing detection instead of mere configuration.
 2018-04-24 20:51:51 -05:00
William Vu cfaca5baa3 Restore a return lost in the refactor :( 
Also spiff up comments.
 2018-04-24 11:25:55 -05:00
William Vu b507391f1b Change back to vprint_status for the nth time 
I really couldn't decide, especially once I got rid of CmdStager.

Also fully document the module options.
 2018-04-24 04:23:52 -05:00
William Vu c8b6482ab0 Rewrite PHP targets to work with 7.x and 8.x 
Win some, lose some. php -r spawns a new (obvious) command. :/

Check method and version detection also rewritten. :)
 2018-04-24 03:38:05 -05:00
William Vu 8be58d315c Stop being lazy about badchar analysis 
Badchars apply to all targets.
 2018-04-20 19:30:38 -05:00
William Vu fcfe927b7a Add PHP dropper functionality and targets 2018-04-19 05:11:21 -05:00
William Vu 62aca93d8b Cache version detection and print only once 
Oops. This is the problem with overloading methods.
 2018-04-19 04:59:07 -05:00
William Vu 2670d06f99 Add in-memory PHP execution using assert() 2018-04-19 02:18:56 -05:00
William Vu 7a2cc991ff Refactor once more with feeling 
Nested conditionals are the devil. Printing should be consistent now.
 2018-04-18 23:59:14 -05:00
William Vu 3d116d721d Add version detection and automatic targeting 
I also refactored error handling. Should be cleaner now.
 2018-04-18 21:40:22 -05:00
William Vu 86ffbc753e Refactor clean URL handling and remove dead code 2018-04-18 19:56:42 -05:00
William Vu 1900aa2708 Refactor module and address review comments 2018-04-17 19:05:45 -05:00
William Vu d8508b8d7d Add Drupal Drupalgeddon 2 2018-04-14 00:22:30 -05:00
Brent Cook 8c2138f13b
Land #9742, QNX exploit improvements 2018-04-03 07:50:29 -05:00