infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
25,211 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

13499 Commits (c957d0a1e7ca3b8a9ad8cf672998400478e646d7)

Author SHA1 Message Date
jvazquez-r7 bf9c64d3ee
Land #3483, @hmoore-r7's title change for ipmi_cipher_zero 2014-06-30 17:31:12 -05:00
Meatballs cf720a88e8
Be verbose about error codes 2014-06-30 19:10:03 +01:00
Meatballs f8ef6c50b4
Land #3470, Cerberus SFTP User Enumeration 2014-06-30 19:01:15 +01:00
Meatballs 94c5a0b603
More verbose around connection errors 2014-06-30 18:56:30 +01:00
Meatballs 183d601aae
Small tidyup 2014-06-30 18:17:49 +01:00
attackdebris 004afa6e0c Clean commit of Cerberus FTP User Enumeration Module 2014-06-30 17:53:46 +01:00
HD Moore 72d8d8a40c RAKP defines auth, not cipher-0 bypass, see below. 
Dan Farmer noted that the RAKP reference in the title was not correct
and that RAKP is a separate issue and protocol implementation than
the use of Cipher Zero to perform an authentication bypass.

Cosmetic only change
 2014-06-30 00:52:40 -05:00
jvazquez-r7 1acd5e76cb Add check code for event processing 12 2014-06-29 15:47:57 -05:00
jvazquez-r7 a94396867c Add module for ZDI-14-106, Oracle Event Processing 2014-06-29 15:44:20 -05:00
Spencer McIntyre faa9c11450 Dont deregister an option that is in use 2014-06-28 18:22:17 -04:00
Spencer McIntyre 748589f56a Make cmdstager flavor explicit or from info 
Every module that uses cmdstager either passes the flavor
as an option to the execute_cmdstager function or relies
on the module / target info now.
 2014-06-28 17:40:49 -04:00
Spencer McIntyre bd49d3b17b Explicitly use the echo stager and deregister options 
Certain modules will only work with the echo cmd stager so
specify that one as a parameter to execute_cmdstager and
remove the datastore options to change it.
 2014-06-28 16:21:08 -04:00
Spencer McIntyre 42ac3a32fe Multi-fy two new linux/http/dlink exploits 2014-06-27 08:40:27 -04:00
Spencer McIntyre 41d721a861 Update two modules to use the new unified cmdstager 2014-06-27 08:34:57 -04:00
Spencer McIntyre 952c935730 Use a semi-intelligent OptEnum for CMDSTAGER::FLAVOR 2014-06-27 08:34:57 -04:00
Spencer McIntyre 219153c887 Raise NotImplementedError and let :flavor be guessed 2014-06-27 08:34:56 -04:00
Spencer McIntyre 4d4c5e5d6e Update two modules to use the new cmd stager 2014-06-27 08:34:56 -04:00
jvazquez-r7 45248dcdec Add YARD documentation for methods 2014-06-27 08:34:56 -04:00
jvazquez-r7 870fa96bd4 Allow quotes in CmdStagerFlavor metadata 2014-06-27 08:34:56 -04:00
jvazquez-r7 91e2e63f42 Add CmdStagerFlavor to metadata 2014-06-27 08:34:55 -04:00
jvazquez-r7 dd7b2fc541 Use constants 2014-06-27 08:34:55 -04:00
jvazquez-r7 9e413670e5 Include the CMDStager 2014-06-27 08:34:55 -04:00
jvazquez-r7 d47994e009 Update modules to use the new generic CMDstager mixin 2014-06-27 08:34:55 -04:00
jvazquez-r7 8bf36e5915 AutoDetection should work 2014-06-27 08:34:55 -04:00
jvazquez-r7 778f34bab6 Allow targets and modules to define compatible stagers 2014-06-27 08:34:55 -04:00
jvazquez-r7 7ced5927d8 Use One CMDStagermixin 2014-06-27 08:34:55 -04:00
Spencer McIntyre 2a442aac1f No long needs to extend bourne, and specify a flavor. 2014-06-27 08:34:55 -04:00
Spencer McIntyre 1a392e2292 Multi-fy the hyperic_hq_script_console exploit. 2014-06-27 08:34:55 -04:00
Spencer McIntyre 80bdf750e9 Multi-fy the new printf stager and add to sshexec. 2014-06-27 08:34:55 -04:00
Spencer McIntyre ae25c300e5 Initial attempt to unify the command stagers. 2014-06-27 08:34:55 -04:00
sinn3r a60dfdaacb
Land #3471 - HP AutoPass License Server File Upload 2014-06-26 14:34:32 -05:00
sinn3r ce5d3b12e7
Land #3403 - MS13-097 Registry Symlink IE Sandbox Escape 2014-06-26 13:48:28 -05:00
sinn3r 0b6f7e4483
Land #3404 - MS14-009 .NET Deployment Service IE Sandbox Escape 2014-06-26 11:45:47 -05:00
sinn3r 6075c795e9
Land #3467 - failure message for nil payload 2014-06-26 11:12:37 -05:00
Chris Doughty 9b35b0e13a Revert "Land #3446 -- Meterpreter bins gem switch" due to build failures 
This reverts commit bba8bd3498, reversing
changes made to 002234993f.
 2014-06-25 13:24:07 -05:00
Rob Fuller 920bd1132e replace manual packing with rex version 2014-06-25 00:16:28 -04:00
Joshua Smith 3ed7050b67
Lands 3420 after wrapping most lines at 80 2014-06-24 17:37:43 -05:00
Joshua Smith 3fe162a8b1 wraps most lines at 80 2014-06-24 17:36:10 -05:00
OJ bba8bd3498
Land #3446 -- Meterpreter bins gem switch 2014-06-25 03:00:11 +10:00
HD Moore 002234993f
SMB lib fixes, unattend.xml cred gathering 2014-06-23 20:08:42 -05:00
Meatballs 615aeb66a5
Dont use or 2014-06-23 23:11:04 +01:00
Meatballs 752007848b
Tidy up code 
Dont rescue Exception
Remove eol spaces
Dont use and
More verbose path
 2014-06-23 23:08:33 +01:00
HD Moore 2772d84a18 Major rework of this module, please see the diff 2014-06-23 16:13:42 -05:00
Rob Fuller 86869f0a81 remove extra parenthesis 2014-06-23 17:10:31 -04:00
Rob Fuller 8e37aea7c2 remove use of Q in packing and unpacking 2014-06-23 16:52:53 -04:00
Rob Fuller a7d00f8144 simplify SHA1 code 2014-06-23 15:39:06 -04:00
Rob Fuller 77620193a1 remove character restriction on aes.final call 2014-06-23 15:37:19 -04:00
Rob Fuller 2d0b4b96ee remove verbose exit if no salt found 2014-06-23 15:34:07 -04:00
Rob Fuller 275d8826bd skype post module to extract password hash 2014-06-23 15:16:50 -04:00
William Vu a0aca251f5
Land #3472, releae fixes 2014-06-23 11:41:35 -05:00
Tod Beardsley 0219c4974a
Release fixups, word choice, refs, etc. 2014-06-23 11:17:00 -05:00
jvazquez-r7 267642aa4b Fix description 2014-06-23 09:20:47 -05:00
jvazquez-r7 cc3c06440f Add module for ZDI-14-195, HP AutoPass License Traversal 2014-06-23 09:19:56 -05:00
William Vu 40d1ec551e
Add WEP, PSK, and MGT 2014-06-21 23:15:20 -05:00
Spencer McIntyre 61f4c769eb
Land #3461, Chromecast factory reset module 2014-06-21 17:43:31 -04:00
William Vu 79bf80e6bf
Add generic error handling 
Just in case a factory reset happens to fail.
 2014-06-21 15:35:03 -05:00
jvazquez-r7 469fae7058
Land #3465, @hmoore-r7's module for SMC IPMI Port 49152 file exposure vulnerability 2014-06-20 17:22:28 -05:00
jvazquez-r7 252d917bbb Fix msftidy and favor && over and 2014-06-20 17:21:10 -05:00
jvazquez-r7 e8b914a62f Download rankings for reliable exploit, but depending on a specific version without autodetection 2014-06-20 14:33:02 -05:00
jvazquez-r7 191c871e9b [SeeRM #8815] Dont try to exploit when generate_payload_exe fails 2014-06-20 14:07:49 -05:00
jvazquez-r7 f0d04fe77e Do some randomizations 2014-06-20 11:38:10 -05:00
jvazquez-r7 f26f8ae5db Change module filename 2014-06-20 11:27:49 -05:00
jvazquez-r7 33eaf643aa Fix usage of :concat_operator operator 2014-06-20 11:27:23 -05:00
jvazquez-r7 5542f846d6 Merge to solve conflicts 2014-06-20 11:24:08 -05:00
jvazquez-r7 4203e75777
Land #3408, @m-1-k-3's exploit for D-Link hedwig.cgi OSVDB 95950 2014-06-20 10:27:32 -05:00
jvazquez-r7 f74594c324 Order metadata 2014-06-20 10:26:50 -05:00
jvazquez-r7 a081beacc2 Use Gem::Version for string versions comparison 2014-06-20 09:44:29 -05:00
Tod Beardsley 5d6b582adc
Update modules to use new path. 2014-06-19 18:44:19 -05:00
Joshua Smith 45dc197827
Lands 3454, exploits/linux/ids/alienvault_centerd_soap_exec 2014-06-19 15:58:33 -05:00
jvazquez-r7 d28ced5b7b change module filename 2014-06-19 15:56:55 -05:00
jvazquez-r7 a0386f0797 Fix cmd_concat_operator 2014-06-19 15:52:55 -05:00
HD Moore fa5fc724eb Fix the disclosure date 2014-06-19 15:36:17 -05:00
HD Moore f7fd17106a Add the final cari.net URL 2014-06-19 15:33:06 -05:00
Michael Messner 86f523f00c concator handling 2014-06-18 18:15:58 +02:00
William Vu 075eec39e1
Add Chromecast factory reset module 2014-06-18 10:04:17 -05:00
jvazquez-r7 45ea59050c Fix the if cleanup 2014-06-17 23:40:00 -05:00
Joshua Smith 288430d813 wraps some long lines 2014-06-17 22:30:28 -05:00
Spencer McIntyre c685e0d06e
Land #3444, chromecast wifi enumeration 2014-06-17 22:09:58 -04:00
OJ 5879ca3340
Merge branch 'upstream/master' into meatballs x64_injection 2014-06-18 10:24:33 +10:00
Joshua Smith bab1e30557
Land #3460, Ericom AccessNow Server BOF exploit 2014-06-17 19:10:34 -05:00
Joshua Smith 9af9d2f5c2 slight cleanup 2014-06-17 19:08:31 -05:00
jvazquez-r7 1133332702 Finish module 2014-06-17 15:01:35 -05:00
William Vu 1394ad1431
Break my double quote habit 
Doesn't it feel better? C doesn't love me anymore.
 2014-06-17 14:22:55 -05:00
jvazquez-r7 8f8af0e93a Add draft version 2014-06-17 14:21:49 -05:00
Christian Mehlmauer 03fa858089
Added newline at EOF 2014-06-17 21:05:00 +02:00
Christian Mehlmauer 8e1949f3c8
Added newline at EOF 2014-06-17 21:03:18 +02:00
William Vu 8376b4aa2b
Map constants to readable values 
Thanks, @zeroSteiner and @kernelsmith. :)
 2014-06-17 13:10:08 -05:00
OJ b710014ece
Land #3435 -- Rocket Servergraph ZDI-14-161/162 2014-06-17 18:06:03 +10:00
Michael Messner 508998263b removed wrong module file 2014-06-17 08:57:46 +02:00
Michael Messner 6f45eb13c7 moved module file 2014-06-17 08:56:07 +02:00
Michael Messner a5eed71d50 renamed and other module removed 2014-06-17 08:50:09 +02:00
Michael Messner e908b7bc25 renamed and other module removed 2014-06-17 08:49:46 +02:00
jvazquez-r7 d44d409ff2
Land #3407, @julianvilas's exploit for Java JDWP RCE 2014-06-16 13:38:51 -05:00
jvazquez-r7 6a780987d5 Do minor cleanup 2014-06-16 13:37:44 -05:00
jvazquez-r7 f7b892e55b Add module for AlienVault's ZDI-14-202 2014-06-16 12:10:30 -05:00
Tod Beardsley 19da7d551e
Kill newline (race @wvu-r7 on this) 
See PR #3453
 2014-06-16 11:46:08 -05:00
Tod Beardsley 2aa26fa290
Minor spacing and word choice fixups 2014-06-16 11:40:21 -05:00
joev 461fba97d7
Update forgotten call to js() in webview exploit. 2014-06-15 23:43:05 -05:00
scriptjunkie 5fe8814af6
Land #3330 adding admin check to smb_login 2014-06-15 14:42:26 -05:00
Julian Vilas caa1e10370 Add feature for disabling Java Security Manager 2014-06-15 20:35:19 +02:00