infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
27,810 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

14745 Commits (cb3a4afac5670c9363f29678404cb559f06b578e)

Author SHA1 Message Date
jvazquez-r7 d913bf1c35 Fix metadata 2014-10-08 10:29:59 -05:00
Tod Beardsley a901916b0b
Remove nonfunctional jtr_unshadow 
This module hasn't been doing anything but print_error a go away message
since June, so may as well get rid of it.
 2014-10-08 10:23:29 -05:00
Brendan Coles e0016d4af3 Remove hash rocket from refs array #3766 
[SeeRM #8776]
 2014-10-08 09:16:38 +00:00
Brendan Coles 3c7be9c4c5 Remove hash rockets from references #3766 
[SeeRM #8776]
 2014-10-08 09:01:19 +00:00
sinn3r c5494e037d
Land #3900 - Add F5 iControl Remote Root Command Execution 2014-10-08 00:30:07 -05:00
nullbind 031fb19153 requested updates 2014-10-06 23:52:30 -05:00
William Vu 399a61d52e
Land #3946, ntp_readvar updates 2014-10-06 21:57:57 -05:00
nstarke e1b0ba5d3d Removing 'require pry' 
I accidentally left a reference to pry in my code.
Removing
 2014-10-06 21:40:39 -05:00
nstarke b8c2643d56 Converting Module to LoginScanner w/ Specs 
The previous commits for this Jenkins CI module relied on an
obsolete pattern.  Consequently, it was necessary to write
this module as a LoginScanner and incorporate the appropriate
specs so that the tests will run properly.
 2014-10-06 21:14:10 -05:00
sinn3r d3354d01f0 Fix #3808 - NoMethodError undefined method `map' 
NoMethodError undefined method `map' due to an incorrect use of
load_password_vars
 2014-10-06 15:42:51 -05:00
Jon Hart 8c8ccc1d54
Update Authors 2014-10-06 11:30:39 -07:00
us3r777 03888bc97b Change the check function 
Use regex based detection
 2014-10-06 18:56:01 +02:00
us3r777 29111c516c Wordpress Infusionsoft Gravity Forms CVE-2014-6446 
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for
WordPress does not properly restrict access, which allows remote
attackers to upload arbitrary files and execute arbitrary PHP
code via a request to utilities/code_generator.php.
 2014-10-06 14:10:01 +02:00
nstarke 69400cf280 Fixing Author Declaration 
I had accidentally listed myself three times as the author.
Fixing that issue so that I am only declaring myself once.
 2014-10-05 23:17:28 -05:00
nstarke c0a3691817 Adding Jenkins-CI Login Scanner 
Per Github issue #3871 (RM8774), I have added a
login scanner module for Jenkins-CI installations.
 2014-10-05 22:08:34 -05:00
James Lee a65ee6cf30
Land #3373, recog 
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
 2014-10-03 18:05:58 -05:00
Jon Hart a341756e83
Support spoofing source IPs for NTP readvar, include status messages 2014-10-03 14:05:57 -07:00
Jon Hart fa4414155a
Only include the exact readvar payload, not any padding 2014-10-03 13:58:13 -07:00
Jon Hart 65c1a8230a
Address most Rubocop complaints 2014-10-03 13:47:29 -07:00
Jon Hart 0715c671c6
Update NTP readvar module to detect DRDoS, UDPScanner to be faster 2014-10-03 13:28:30 -07:00
William Vu f7e709dcb3
Land #3941, new WPVDB reference 2014-10-03 10:17:02 -05:00
Christian Mehlmauer f45b89503d change WPVULNDBID to WPVDB 2014-10-03 17:13:18 +02:00
Brandon Perry 2c9446e6a8 Update f5_icontrol_exec.rb 2014-10-02 17:56:24 -05:00
Christian Mehlmauer 33b37727c7 Added wpvulndb links 2014-10-02 23:03:31 +02:00
Joe Vennix 5a8eca8946
Adds a :vuln_test option to BES, just like in BAP. 
I needed this to run a custom JS check for the Android
webview vuln when the exploit is served straight
through BES. The check already existed when using BAP,
so I tried to preserve that syntax, and also added a
:vuln_test_error as an optional error message.

This commit also does some mild refactoring of un-
useful behavior in BES.
 2014-10-01 23:34:31 -05:00
HD Moore 0380c5e887 Add CVE-2014-6278 support, lands #3932 2014-10-01 18:25:41 -05:00
William Vu c1b0acf460
Add CVE-2014-6278 support to the exploit module 
Same thing.
 2014-10-01 17:58:25 -05:00
William Vu 5df614d39b
Land #3928, release fixes 2014-10-01 17:21:08 -05:00
HD Moore 77bb2df215 Adds support for both CVEs, lands #3931 2014-10-01 17:06:59 -05:00
William Vu 51bc5f52c1
Add CVE-2014-6278 support 
Going with an OptEnum to simplify the code for now...
 2014-10-01 16:40:55 -05:00
Spencer McIntyre 8cf718e891 Update pureftpd bash module rank and description 2014-10-01 17:19:31 -04:00
James Lee 7e05ff343e
Fix smbdirect 
Also some whitespace and a typo in output message
 2014-10-01 16:02:59 -05:00
James Lee a21752bc9c
Fix NoMethodError on os, mark DCs as 'server' 2014-10-01 16:02:46 -05:00
Tod Beardsley 4fbab43f27
Release fixes, all titles and descs 2014-10-01 14:26:09 -05:00
Spencer McIntyre cf6029b2cf Remove the less stable echo stager from the exploit 2014-10-01 15:15:07 -04:00
Spencer McIntyre 632edcbf89 Add CVE-2014-6271 exploit via Pure-FTPd ext-auth 2014-10-01 14:57:40 -04:00
William Vu 9bfd013e10
Land #3923, mv misc/pxexploit to local/pxeexploit 
Also renamed typo'd pxexploit -> pxeexploit.
 2014-09-30 17:48:06 -05:00
William Vu 039e544ffa
Land #3925, rm indeces_enum 
Deprecated.
 2014-09-30 17:45:38 -05:00
sinn3r be1df68563 Remove auxiliary/scanner/elasticsearch/indeces_enum.rb 
Time is up, so good bye.
 2014-09-30 17:24:21 -05:00
sinn3r b17396931f Fixes #3876 - Move pxeexploit to local directory 2014-09-30 17:16:13 -05:00
William Vu 5ea968f3ee
Update description to prefer the exploit module 2014-09-30 11:34:28 -05:00
William Vu 162e42080a
Update title to reflect scanner status 2014-09-30 11:04:17 -05:00
William Vu de65ab0519
Fix broken check in exploit module 
See 71d6b37088.
 2014-09-29 23:03:09 -05:00
William Vu 12d7073086
Use idiomatic Ruby for the marker 2014-09-29 22:32:07 -05:00
William Vu 71d6b37088
Fix bad header error from pure Bash CGI script 2014-09-29 22:25:42 -05:00
William Vu df44dfb01a
Add OSVDB and EDB references to Shellshock modules 2014-09-29 21:39:07 -05:00
sinn3r b2d2101be2
Land #3913 - Change hardcoded table prefixes 2014-09-29 17:55:45 -05:00
sinn3r 8f3e03d4f2
Land #3903 - ManageEngine OpManager / Social IT Arbitrary File Upload 2014-09-29 17:53:43 -05:00
Christian Mehlmauer b266233e95 fix bug 2014-09-30 00:21:52 +02:00
Pedro Ribeiro 533b807bdc Add OSVDB id 2014-09-29 21:52:44 +01:00
HD Moore 878f3d12cd Remove kind_of? per @trosen-r7 2014-09-29 15:39:10 -05:00
HD Moore 77efa7c19a Change if/else to case statement 2014-09-29 15:37:58 -05:00
HD Moore bfadfda581 Fix typo on match string for opera_configoverwrite 2014-09-29 15:34:35 -05:00
sinn3r ffe5aafb2f
Land #3905 - Update exploits/multi/http/apache_mod_cgi_bash_env_exec 2014-09-29 15:19:35 -05:00
sinn3r 21b2d9eb3f
Land #3899 - WordPress custom-contact-forms Plugin SQL Upload 2014-09-29 14:40:28 -05:00
sinn3r 9e5826c4eb
Land #3844 - Add the JSObfu mixin to Firefox exploits 2014-09-29 11:15:14 -05:00
sinn3r ababc3d8ff
Land #3869 - HP Network Node Manager I PMD Buffer Overflow 2014-09-29 11:00:12 -05:00
Meatballs d5959d6bd6
Land #2585, Refactor Bypassuac with Runas Mixin 2014-09-28 09:24:22 +01:00
Spencer McIntyre fe12ed02de Support a user defined header in the exploit too 2014-09-27 18:58:53 -04:00
Pedro Ribeiro f20610a657 Added full disclosure URL 2014-09-27 21:34:57 +01:00
Pedro Ribeiro 030aaa4723 Add exploit for CVE-2014-6034 2014-09-27 19:33:49 +01:00
HD Moore 64dbc396dd Add header specification to check module, lands #3902 2014-09-27 12:58:29 -05:00
William Vu 044eeb87a0
Add variable HTTP header 
Also switch from OptEnum to OptString for flexibility.
 2014-09-27 12:39:24 -05:00
Brandon Perry 161a145ec2 Create f5_icontrol_exec.rb 2014-09-27 10:40:13 -05:00
Christian Mehlmauer c51c19ca88 bugfix 2014-09-27 14:56:34 +02:00
Christian Mehlmauer 9a424a81bc fixed bug 2014-09-27 13:46:55 +02:00
Christian Mehlmauer 1c30c35717 Added WordPress custom_contact_forms module 2014-09-27 13:42:49 +02:00
sinn3r c75a0185ec
Land #3897 - Fix check for apache_mod_cgi_bash_env & apache_mod_cgi_bash_env_exec 2014-09-26 17:06:23 -05:00
jvazquez-r7 80d9af9b49 Fix spacing in description 2014-09-26 17:03:28 -05:00
jvazquez-r7 9e540637ba Add module for CVE-2014-5377 ManageEngine DeviceExpert User Credentials 2014-09-26 17:02:27 -05:00
jvazquez-r7 3259509a9c Use return 2014-09-26 16:04:15 -05:00
jvazquez-r7 0a3735fab4 Make it better 2014-09-26 16:01:10 -05:00
jvazquez-r7 3538b84693 Try to make a better check 2014-09-26 15:55:26 -05:00
jvazquez-r7 6e2d297e0c Credit the original vuln discoverer 2014-09-26 13:45:09 -05:00
jvazquez-r7 e1f00a83bc Fix Rex because domainname and domain_name were duplicated 2014-09-26 13:40:52 -05:00
jvazquez-r7 5044117a78 Refactor dhclient_bash_env to use the egypt's mixin mods 2014-09-26 13:34:44 -05:00
nullbind ebf4e5452e Added mssql_escalate_dbowner module 2014-09-26 10:29:35 -05:00
jvazquez-r7 a4bc17ef89 deregister options needed for exploitation 2014-09-26 10:15:46 -05:00
jvazquez-r7 54e6763990 Add injection to HOSTNAME and URL 2014-09-26 10:13:24 -05:00
jvazquez-r7 a31b4ecad9
Merge branch 'review_3893' into test_land_3893 2014-09-26 08:41:43 -05:00
James Lee 86f85a356d
Add DHCP server module for CVE-2014-6271 2014-09-26 01:24:42 -05:00
sinn3r 38c8d92131
Land #3888 - exploit module version of CVE-2014-6271 2014-09-26 00:31:41 -05:00
HD Moore b878ad2b75 Add a module to exploit bash via DHCP, lands #3891 
This module is just a starting point for folks to test their DHCP client implementations and we plan to significantly overhaul this once we get a bit of breathing room.
 2014-09-25 23:38:40 -05:00
Ramon de C Valle 9c11d80968 Add dhclient_bash_env.rb (Bash exploit) 
This module exploits a code injection in specially crafted environment
variables in Bash, specifically targeting dhclient network configuration
scripts through the HOSTNAME, DOMAINNAME, and URL DHCP options.
 2014-09-26 01:37:00 -03:00
jvazquez-r7 ad864cc94b Delete unnecessary code 2014-09-25 16:18:01 -05:00
Joe Vennix 2b02174999
Yank Android->jsobfu integration. Not really needed currently. 2014-09-25 16:00:37 -05:00
jvazquez-r7 9245bedf58 Make it more generic, add X86_64 target 2014-09-25 15:54:20 -05:00
Samuel Huckins be6552dae7
Clarifying VMware priv esc via bash module name 2014-09-25 14:34:09 -05:00
jvazquez-r7 d8c03d612e Avoid failures due to bad payload selection 2014-09-25 13:49:04 -05:00
jvazquez-r7 91e5dc38bd Use datastore timeout 2014-09-25 13:36:05 -05:00
jvazquez-r7 8a43d635c3 Add exploit module for CVE-2014-6271 2014-09-25 13:26:57 -05:00
jvazquez-r7 e0fc30c040
Land #3884, @wvu's check and reporting for apache_mod_cgi_bash_env 2014-09-25 09:52:17 -05:00
William Vu f66c854ad6
Fix description to be less lulzy 2014-09-25 07:09:08 -05:00
William Vu 9ed28408e1
Favor check_host for a scanner 2014-09-25 07:06:12 -05:00
William Vu 62b74aeaed
Reimplement old check code I was testing before 
I would like to credit @wchen-r7 for providing advice and feedback.

@jvazquez-r7, too! :)
 2014-09-25 06:38:25 -05:00
William Vu d9120cd586
Fix typo in description 
Running on fumes here...
 2014-09-25 01:22:08 -05:00
William Vu 790df96396
Fix missed var 2014-09-25 01:19:14 -05:00
Rob Fuller f13289ab65 remove debugging 2014-09-25 02:16:19 -04:00
William Vu e051cf020d
Add missed mixin 2014-09-25 01:14:58 -05:00
William Vu 27b8580f8d
Add protip to description 
This gets you lots of shells.
 2014-09-25 01:10:22 -05:00