infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
24,420 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

213 Commits (cc8ab9bcba52a2c1e17ce17080a4453a0b8754ae)

Author SHA1 Message Date
jvazquez-r7 9d0047ff74 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-07 16:44:52 -05:00
jvazquez-r7 7090d4609b Add module for CVE-2013-1488 2013-06-07 13:38:41 -05:00
jvazquez-r7 d5cf6c1fbc Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-23 12:37:54 -05:00
sinn3r 81ad280107 Landing #1856 - CVE-2013-0758 Firefox <= 17.0.1 + Flash RCE 
Chained exploit using CVE-2013-0758 and CVE-2013-0757
 2013-05-23 12:21:10 -05:00
Joe Vennix 4d5c4f68cb Initial commit, works on three OSes, but automatic mode fails. 2013-05-15 23:32:02 -05:00
jvazquez-r7 b6365db0b5 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-22 09:38:32 -05:00
jvazquez-r7 19f2e72dbb Added module for Java 7u17 sandboxy bypass 2013-04-20 01:43:13 -05:00
jvazquez-r7 6cd6a7d6b9 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-28 12:16:18 +01:00
jvazquez-r7 c225d8244e Added module for CVE-2013-1493 2013-03-26 22:30:18 +01:00
jvazquez-r7 74b58185cd up to date 2013-03-12 16:48:11 +01:00
jvazquez-r7 d7b89a2228 added security level bypass 2013-02-20 17:50:47 +01:00
jvazquez-r7 d88ad80116 Added first version of cve-2013-0431 2013-02-20 16:39:53 +01:00
jvazquez-r7 c8778587f5 rename the xml template for s4u 2013-02-18 15:25:03 +01:00
jvazquez-r7 be0feecf8f Merge branch 's4u_persistence' of https://github.com/smilingraccoon/metasploit-framework into smilingraccoon-s4u_persistence 2013-02-18 15:22:37 +01:00
smilingraccoon 3a499b1a6d added s4u_persistence.rb 2013-02-10 14:22:36 -05:00
SphaZ 24de0d2274 Data files moved. Updated to use Rex::zip and Msf::Exploit::FILEFORMAT 2013-02-04 13:37:09 +01:00
jvazquez-r7 807bd6e88a Merge branch 'java_jre17_glassfish_averagerangestatisticimpl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_glassfish_averagerangestatisticimpl 2013-01-22 15:33:39 +01:00
jvazquez-r7 78279a0397 Added new module for cve-2012-5076 2013-01-17 21:27:47 +01:00
jvazquez-r7 d0b9808fc7 Added module for CVE-2012-5088 2013-01-17 21:14:49 +01:00
jvazquez-r7 51f3f59d2f cve and references available 2013-01-11 00:54:53 +01:00
jvazquez-r7 876d889d82 added exploit for j7u10 0day 2013-01-10 20:30:43 +01:00
jvazquez-r7 133ad04452 Cleanup of #1062 2012-12-07 11:55:48 +01:00
jvazquez-r7 b7f304f0db added build exec_payload.msi 2012-11-28 21:51:01 +01:00
jvazquez-r7 5076198ba2 fixing bperry comments 2012-11-11 20:18:19 +01:00
jvazquez-r7 8619c5291b Added module for CVE-2012-5076 2012-11-11 17:05:51 +01:00
David Maloney c30ada5eac Adds temp vbs mod and tweaked decoder stub 2012-11-04 12:49:15 -06:00
jvazquez-r7 b4485fdb2b added chm templates 2012-10-10 19:21:47 +02:00
h0ng10 2b6aa6bbdb Added Exploit for deployfilerepository via JMX 2012-09-03 13:50:16 -04:00
jvazquez-r7 363c0913ae changed dir names according to CVE 2012-08-28 16:33:01 +02:00
jvazquez-r7 52ca1083c2 Added java_jre17_exec 2012-08-27 11:25:04 +02:00
sinn3r f715527423 Improve CVE-2012-1535 2012-08-21 19:58:21 -05:00
sinn3r 13df1480c8 Add exploit for CVE-2012-1535 2012-08-17 12:16:54 -05:00
HD Moore 430351fe79 Better handle of module cache when db_connect is run manually 2012-07-10 23:56:48 -05:00
LittleLightLittleFire e9ac90f7b0 added CVE-2012-1723 2012-07-10 12:20:37 +10:00
Tod Beardsley 414214eb9d Permissions. 2012-06-28 11:42:37 -05:00
jvazquez-r7 6ec990ed85 Merge branch 'Openfire-auth-bypass' of https://github.com/h0ng10/metasploit-framework into h0ng10-Openfire-auth-bypass 2012-06-27 23:09:26 +02:00
h0ng10 428ae21928 Changed readme.html file (was from the statistics plugin) 2012-06-26 12:03:52 -04:00
h0ng10 6cc8390da9 Module rewrite, included Java support, direct upload, plugin deletion 2012-06-26 11:56:44 -04:00
HD Moore 6a91626d94 Permissions 2012-06-25 00:36:39 -05:00
h0ng10 65197e79e2 added Exploit for CVE-2008-6508 (Openfire Auth bypass) 2012-06-24 07:35:38 -04:00
jvazquez-r7 b891e868f5 Added actionscript and swf needed 2012-06-23 08:36:35 +02:00
sinn3r d7d314862f Need the trigger to actually make it work, duh! 2012-06-22 23:16:12 -05:00
Tod Beardsley 572fb4cb0c Permissions fix 2012-06-21 15:39:17 -05:00
Steven Seeley fcf42d3e7b added adobe flashplayer array indexing exploit (CVE-2011-2110) 2012-06-20 12:52:37 +10:00
HD Moore 5922ec1f7a Permissions 2012-06-12 15:20:25 -05:00
sinn3r 4743c9fb33 Add MS12-005 (CVE-2012-0013) exploit 2012-06-10 01:08:28 -05:00
HD Moore e8af6882eb Permissions 2012-06-06 20:05:29 -05:00
jvazquez-r7 93741770e2 Added module for CVE-2011-3400 2012-06-05 18:21:55 +02:00
jvazquez-r7 287d68f304 added module for CVE-2008-0320 2012-05-23 17:14:11 +02:00
jvazquez-r7 14d8ba00af Added batik svg java module 2012-05-17 16:48:38 +02:00
James Lee 7a05f3eab4 Mark failed logins as inactive 2012-05-08 16:51:22 -06:00
James Lee 318b14af4c Fix improper reporting and stack traces when we missed a banner 
Also makes sure we delete the session if we got a 221 response, even if
we haven't seen a login yet.
 2012-05-08 16:40:56 -06:00
James Lee 1eec1cebb5 Fix improper reporting 
:proto is always tcp, udp, etc., name is the higher layer name
 2012-05-08 16:39:32 -06:00
James Lee 536fa39ae8 Keep the client and the server on tracked tcp sessions 2012-05-08 16:38:12 -06:00
Alexandre Maloteaux 452cead1e9 Merge psnuffle ntlmv2 support from Alex Malateaux 
Testing this with smbclient requires setting "client ntlmv2 auth = yes"
in /etc/samba/smb.conf

Squashed commit of the following:

commit 7acc32f5f00914fed355a080ca237543448f80ca
Author: Alexandre Maloteaux <a.maloteaux@gmail.com>
Date:   Thu Apr 12 01:52:49 2012 +0100

    psnuffle : move protocol filtering in load function

commit 9c9ae9711c760b4f072271b7e5993f9bf8366671
Author: Alexandre Maloteaux <a.maloteaux@gmail.com>
Date:   Thu Apr 12 01:50:48 2012 +0100

    psnuffle : add hash exctratiopn from smbv2 session

[Closes #327]
 2012-05-08 13:41:42 -06:00
HD Moore f6005ba06e Permission change, ignore 2012-04-23 13:42:18 -05:00
sinn3r 9a00823828 Merge branch '0a2940-CVE-2008-5499_adobe_flashplayer_aslaunch' 2012-04-19 18:08:22 -05:00
Tod Beardsley 18d83ee6c1 Permissions fix for modicon_ladder.apx 2012-04-12 14:26:27 -05:00
0a2940 654701f1b2 new file: data/exploits/CVE-2008-5499.swf 
new file:   external/source/exploits/CVE-2008-5499/Exploit.as
	new file:   modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb
 2012-04-10 20:58:22 +01:00
Tod Beardsley 14d9953634 Adding DigitalBond SCADA modules 2012-04-05 12:35:48 -05:00
Tod Beardsley ab269ac4ec Permissions fix for exploit jar file 2012-04-02 09:27:35 -05:00
James Lee 025d905c01 Compiled jar with -target 1.2 so it works on older JVMs 2012-03-30 17:05:20 -06:00
sinn3r e018c6604f Modify CVE-2012-0507 2012-03-30 02:06:56 -05:00
Tod Beardsley bec8d40a6c File permissions fix 2012-03-29 16:24:31 -05:00
sinn3r 791ebdb679 Add CVE-2012-0507 (Java) 2012-03-29 10:31:14 -05:00
HD Moore c8c73b076d Permisssions (ignore) 2012-03-08 16:16:13 -06:00
HD Moore 3e6cbe9486 Add source code to the player 2012-03-08 15:23:10 -06:00
HD Moore b0db18674c Test out new player code 2012-03-08 15:05:12 -06:00
sinn3r f2eab70c3f Add swf file for CVE-2012-0754 2012-03-07 19:23:11 -06:00
David Maloney d3fad51f3a Fix my screwup in winscp for servicename 2012-02-21 20:31:52 -06:00
juan e69037959f Added CVE-2010-0842 2012-02-15 23:32:31 +01:00
scriptjunkie 1e811aed02 Adds scriptjunkie's multilingual admin fie for pxexploit 
Also removes duplicated code between external/source/exploits/pxesploit
and external/source/pxesploit.

[Closes #63]

Squashed commit of the following:

commit 325f52527233ded1bf6506c366ec8cb9efdc2610
Author: scriptjunkie <scriptjunkie@scriptjunkie.us>
Date:   Fri Dec 16 12:14:18 2011 -0600

    Jetzt auf Deutsch! y español! 中國人!
    [update pxexploit to resolve administrators' group name rather than assume the English 'Administrators']
    Also remove duplicate/old pxexploit source code from the tree.
 2011-12-23 12:24:45 -06:00
David Maloney d939e33f1e Allows for Loot and Tasks to be imported from an MSF ZIP. 
This should bring any loots and tasks along with
everything else when doing an improt from an MSF ZIP file.
 2011-12-05 22:30:34 -05:00
sinn3r c5302e13ac Slight changes 2011-12-01 03:02:08 -06:00
sinn3r f64f0eefda Add class file for CVE-2011-3544 2011-11-29 18:06:20 -06:00
David Maloney 30d1451159 Consolidation of the Axis2 Deployer Exploits 
Fixes #5276
 2011-11-22 08:47:53 -08:00
sinn3r 3185b3471b Add template for CVE-2010-0822 2011-11-21 11:36:27 -06:00
scriptjunkie 8d58ea227f Add UAC bypass to default pxesploit attack. 2011-11-16 08:16:22 -08:00
HD Moore 96766edfd0 Permission changes (to sync) 2011-11-10 19:48:32 -06:00
Wei Chen aeaea65896 Add template file for ms11-021 
git-svn-id: file:///home/svn/framework3/trunk@14168 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-05 23:04:54 +00:00
Mario Ceballos 2f2421badc initial coverage of the pnsize bug (fileformat) 
git-svn-id: file:///home/svn/framework3/trunk@13691 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-03 21:17:58 +00:00
David Rude 0b72c931b6 Adds the nsepa.ocx ActiveX control for CVE-2011-2882 
git-svn-id: file:///home/svn/framework3/trunk@13668 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-30 22:23:27 +00:00
Matt Weeks ce9db06589 Add localboot config for PXE. 
git-svn-id: file:///home/svn/framework3/trunk@13628 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-24 21:26:41 +00:00
Wei Chen 5559eec7c9 Add trigger file for MS10-026 
git-svn-id: file:///home/svn/framework3/trunk@13545 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-12 19:01:59 +00:00
Matt Weeks f12742a05f Better cleanup for PXE attacks. 
git-svn-id: file:///home/svn/framework3/trunk@13518 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-11 02:57:02 +00:00
Matt Weeks b2733c04db More PXE dust for extra magic! 
git-svn-id: file:///home/svn/framework3/trunk@13493 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-05 17:10:27 +00:00
amaloteaux b9bb5c454d psnuffle : add a smb protocol decoder 
git-svn-id: file:///home/svn/framework3/trunk@13375 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-27 18:06:28 +00:00
Tod Beardsley c54e18d757 Fixes #5038. Removes all instances of Racket objects, as far as I can tell. If I missed any through my mighty grep -ril racket . statement, please reopen! 
git-svn-id: file:///home/svn/framework3/trunk@13342 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-26 01:29:21 +00:00
Matt Weeks 338a13baac Fix minor error. 
git-svn-id: file:///home/svn/framework3/trunk@13167 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-14 02:36:42 +00:00
James Lee d1b971c5f2 no need for a static sig anymore 
git-svn-id: file:///home/svn/framework3/trunk@12835 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-03 00:13:44 +00:00
Matt Weeks 971b6f96f6 pxesploit update; compatibility with x64, compatibility with different windows versions. 
Still no custom payload yet.



git-svn-id: file:///home/svn/framework3/trunk@12430 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-25 02:51:07 +00:00
Wei Chen ce2687cafe Added swf trigger file 
git-svn-id: file:///home/svn/framework3/trunk@12329 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-16 02:08:03 +00:00
David Rude 8c614a9296 made the shellcode request random to avoid signatures 
git-svn-id: file:///home/svn/framework3/trunk@12148 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-26 16:00:52 +00:00
David Rude ff3659aa37 Lots of work to make this a lot more reliable =) 
git-svn-id: file:///home/svn/framework3/trunk@12146 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-26 06:35:28 +00:00
Wei Chen bdccc67d1d Added Crash file for CVE-2010-3275 (VLC AMV file) 
git-svn-id: file:///home/svn/framework3/trunk@12136 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-25 21:01:30 +00:00
Tod Beardsley 9895d01d51 Moving lib_mysqludf_sys*.dll to a more obvious subdirectory of the exploit binaries. 
git-svn-id: file:///home/svn/framework3/trunk@12128 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-24 17:48:19 +00:00
Tod Beardsley b1178686cf Fixes #3988. Adds a command execution module for PostgreSQL by uploading a UDF library and adding sys_exec() as a temporary function. Requires the target to be Windows, uses Bernardo Damele A. G.'s binaries. 
Also fixes a typo in the arguments to handler which clears up a heretofore mysterious exception (see exploit.rb).



git-svn-id: file:///home/svn/framework3/trunk@12111 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 19:36:07 +00:00
David Rude d7266b6551 Add CVE-2011-0609 exploit for Adobe Flash 
git-svn-id: file:///home/svn/framework3/trunk@12089 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 04:31:48 +00:00
Joshua Drake fb6107ffb5 enable java payloads, currently via one-off method 
git-svn-id: file:///home/svn/framework3/trunk@12012 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-17 23:57:11 +00:00
Joshua Drake 4644110962 add exploit for cve-2010-4452, currently windows only and no payloads :( 
git-svn-id: file:///home/svn/framework3/trunk@11982 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-16 04:50:25 +00:00