infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
31,219 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

16362 Commits (c0f1509f83455f23dbb5e930c920dda7dd407324)

Author SHA1 Message Date
sinn3r c39d6e152e
Land #4819, Normalize HTTP LoginScanner modules 2015-02-23 11:43:42 -06:00
William Vu 933c4a05b4
Land #4814, ms04_011_pct improved error messages 2015-02-22 23:51:14 -06:00
HD Moore ea54696d99 Remove redundant params now provided by the mixin helper 2015-02-22 02:32:28 -06:00
HD Moore 8e8a366889 Pass Http::Client parameters into LoginScanner::Http (see #4803) 2015-02-22 02:26:15 -06:00
Christian Mehlmauer c820431879
Land #4770, Wordpress Ultimate CSV Importer user extract module 2015-02-22 08:52:45 +01:00
William Vu 2609a2acee
Land #4815, MS15-001 reference update 2015-02-21 21:05:03 -06:00
rastating f9dbff8a6c Add store path output 2015-02-21 23:41:26 +00:00
Christian Mehlmauer 7d42dcee9c
Land #4769, Wordpress holding-pattern theme file upload 2015-02-21 23:13:06 +01:00
Christian Mehlmauer 9223c23eb4
Land #4808, Wordpress plugin upload module 2015-02-21 23:01:15 +01:00
sinn3r aa8a82f44f Update MS15-001 reference 2015-02-21 08:39:21 -06:00
rastating 708340ec5a Tidy up various bits of code 2015-02-21 12:53:33 +00:00
jvazquez-r7 ef62e1fc04
Land #4798, @wchen-r7's deletion of x64 support on ms13_022_silverlight_script_object 
* Ungenuine support, well deleted
 2015-02-21 01:11:09 -06:00
jvazquez-r7 ef990223d5 Move arch out of target 2015-02-21 01:10:35 -06:00
sinn3r 441c301fd3 Fix #4458, more informative errors for ms04_011 
Fix #4458
 2015-02-21 00:32:20 -06:00
rastating 76a64b31d7 Resolve msftidy issues 2015-02-21 01:41:29 +00:00
rastating 7d30b214ee Add WordPress admin shell upload module 2015-02-21 01:31:33 +00:00
sinn3r 40972220e3
Land #4804, HP Client Automation Command Injection 2015-02-20 16:56:03 -06:00
Brent Cook 58436fcc98
Land #4706 jvazquez-r7 adds NTLMSSP support for smb_relay 2015-02-20 15:15:00 -06:00
William Vu c9ddd0dac9
Land #4795, f5_bigip_cookie_disclosure update 2015-02-20 13:11:42 -06:00
William Vu b676f5a07e Clean up #4795 2015-02-20 13:10:31 -06:00
Brent Cook b624278f9d Merge branch 'master' into land-4706-smb_reflector 2015-02-20 10:26:04 -06:00
Brent Cook 5297ebc1a1 Merge branch 'master' into land-1396-http_proxy_pstore 
Bring things back to the future
 2015-02-20 08:50:17 -06:00
Brent Cook 91b4a59fc7 msftidy fixes 2015-02-20 08:42:54 -06:00
jvazquez-r7 1633a6d4fd Read response back while staging 2015-02-20 01:06:47 -06:00
jvazquez-r7 b0c6671721 Add module for ZDI-15-038, HPCA command injection 2015-02-20 00:41:17 -06:00
sinn3r 49f4b68671
Land #4790, injecting code into eval-based Javascript unpackers 2015-02-19 12:33:52 -06:00
sinn3r 036a6089eb Drop ungenuine x64 support in ms13_022_silverlight_script_object 
The MS13-022 exploit does not actually run as x64. IE by default
still runs x86 so BES will always automatically select that target.

If IE forces x64 (which can be done manually), the BES detection
code will see it as ARCH_X86_64, and the payload generator will
still end up generating a x86 payload anyway.

If the user actually chooses a x64 payload, such as
windows/x64/meterpreter/reverse_tcp, the exploit is going to crash
because you can't run x64 shellcode on an x86 architecture.
 2015-02-19 10:39:43 -06:00
dnkolegov f6c871a8e5 Deleted spaces at EOL 2015-02-19 05:06:00 -05:00
dnkolegov caabb82975 Fixed indentation errors 2015-02-19 05:02:10 -05:00
dnkolegov 2a584da6d9 Added cookie value in print function 2015-02-19 00:43:57 -05:00
Spencer McIntyre fe840635e5
Land #4791, fix ms14-070 CreateFile arguments 
The arguments to CreateFileA used to require that the user had
some level of access on the \\.\tcp device.
 2015-02-18 17:15:45 -05:00
David Maloney ffa6550aec
Land #4787, HD's new Zabbix and Chef LoginScanners 
Lands the new LoginScanners HD wrote for Zabbix
and the Chef WebUI
 2015-02-18 14:51:16 -06:00
David Maloney 804db0ff0c
add leixcal sorting to methods 
lexical sort the new methods except for
msf module entrypoint methods which should always be at
the top
 2015-02-18 14:50:33 -06:00
joev 483a145d19 Fix msftidy issues. 2015-02-18 14:08:03 -06:00
William Vu 35511636cc
Land #4788, splunk_web_login new version support 2015-02-18 11:54:54 -06:00
Jay Smith e40772efe2
Fixed open device issue for non-priv users 
Fixed the open_device call to work for users without Administrator
privileges
 2015-02-18 12:44:58 -05:00
joev f8609ab0ba Add file format exploit for injecting code into unpackers. 2015-02-18 11:26:45 -06:00
William Vu 10960310da
Land #4786, cosmetic fixes from @hmoore-r7 
For {axis,glassfish}_login.
 2015-02-18 03:56:13 -06:00
HD Moore cc6899d783 Fix a stack trace on null response, thanks @jlee-r7 2015-02-18 00:38:55 -06:00
HD Moore f4d8a25981 Add support for newer Splunk versions 2015-02-18 00:30:47 -06:00
HD Moore 2847507f03 Add a chef brute force module 2015-02-17 23:49:57 -06:00
HD Moore 27d5ab45b4 Add a zabbix brute force module 2015-02-17 22:56:08 -06:00
HD Moore f0e69cb526 Fix two cosmetic typos in the axis/glassfish modules 2015-02-17 21:01:35 -06:00
sinn3r 6acbe64dbd The MSB reference in the title is wrong 
It should be MS13-022.

MS12-022 is MSFT Expression Design.
 2015-02-17 14:56:14 -06:00
William Vu be5a0ee9c2
Land #4777, @todb-r7's release fixes 2015-02-17 13:45:00 -06:00
rastating e0d87a8886 Update to use store_loot for CSV export 2015-02-17 19:21:31 +00:00
Tod Beardsley fb06cb13cc
Land #4774, Chromecast HTTP scanner 2015-02-17 13:11:25 -06:00
Tod Beardsley a8108cfc17
Be less stupid in the description 
[See #4774]
 2015-02-17 13:04:26 -06:00
Tod Beardsley 71c5f622ca
Land #4775, Kindle Fire TV Stick controller 2015-02-17 12:59:54 -06:00
Tod Beardsley 053de8e62c
Fix whitespace in author name 
[See #4777]
 2015-02-17 12:57:36 -06:00