infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
40,393 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

21221 Commits (cd90fd3b1cd430628265db0b1a899e13cae05554)

Author SHA1 Message Date
Spencer McIntyre cd90fd3b1c Fix PHPMailer targets since 5.2.20 is not affected 2016-12-30 15:31:15 -05:00
Spencer McIntyre 1eab4b3a7d Add an optional explicit triggeruri for phpmailer 2016-12-30 14:24:07 -05:00
Spencer McIntyre 64037b0d6e Use a proper target instead of VERSION 2016-12-29 17:37:16 -05:00
Spencer McIntyre c9dd7a50b6 Add the PHPMailer Argument Injection exploit 2016-12-29 17:17:06 -05:00
dmohanty-r7 77dd952370
Land #7592, check nil return value when using redis_command 2016-12-09 16:07:12 -06:00
Brent Cook 50f95f9940
Land #7681, Get ready for stageless mettle 2016-12-09 09:31:47 -06:00
Jon Hart 4614b7023d
Land #7604, @godinezj's post module for creating AWS IAM accounts 2016-12-08 14:26:22 -08:00
Jon Hart aa29fcad80
Update docs and pretty print the loot 2016-12-08 14:25:07 -08:00
Jon Hart 70668c289f
Use better loot args 2016-12-08 13:14:36 -08:00
Jon Hart 162204b338
Support creating a password for the user, etc 2016-12-08 12:56:00 -08:00
wchen-r7 ba9ce3fcfb
Land #7665, Add ABORT_ON_LOCKOUT option for smb_login 2016-12-07 15:52:50 -06:00
Javier Godinez a9cb08a352 Token should be passed as nil if not set 2016-12-07 10:16:41 -08:00
OJ b902b4c28a
Update payload sizes 2016-12-07 15:08:45 +10:00
Rich Whitcroft d3a8409a49 prevent further lockouts in smb_login 2016-12-06 21:53:08 -05:00
Jon Hart 1c3f0437ed
Move some options back to non-advanced 2016-12-06 17:39:37 -08:00
Jon Hart a13382c80b
Address most of rubocop's nits 2016-12-06 17:10:34 -08:00
Jon Hart 8f21a1f68c
move most options to advance, since they never change 
Also, doc empty username
 2016-12-06 16:29:00 -08:00
Adam Cammack c5641c9681
Factor out mettle configuration 
Also cleans up some stuff: s/url/uri/ and base-64 encodes UUIDs
 2016-12-06 18:28:48 -06:00
Brent Cook 7346223a65
update payloads 2016-12-06 07:16:44 -06:00
Jin Qian 4a35f8449a Fixed issue #7650 by matching Server header using regex as Wei suggested 
The suggestion by Wei is simpler than the one I checked in which checks for presence of Server header before calling include method.
 2016-12-02 20:26:38 -06:00
Jin Qian 35fdf1473b Fixed issue #7650 where etherpad_duo_login module may crash 
Add check for presence of Server header.
 2016-12-02 18:07:18 -06:00
William Vu ff8141c1b5
Land #7644, cred fix for vbulletin_vote_sqli_exec 2016-12-01 15:47:31 -06:00
Jin Qian 11906eb540 Fix issue #7645 where dolibarr_login module crashed 
Add "res" (http response) when trying to retrieve the cookie
 2016-12-01 15:38:26 -06:00
wchen-r7 41355898fa Remove extra def report_cred in vbulletin_vote_sqli_exec 2016-12-01 15:31:24 -06:00
wchen-r7 9325ef8d8f
Land #7573, Add WP Symposium Plugin SQLI aux mod to steal credentials 2016-12-01 14:56:30 -06:00
wchen-r7 6b5dba72d4 Update description 2016-12-01 14:55:16 -06:00
wchen-r7 64bc029106 Fix Ruby style 2016-12-01 14:53:55 -06:00
wchen-r7 90ec367a99 Add method to save creds to database 2016-12-01 14:52:51 -06:00
wchen-r7 174cd74900
Land #7532, Add bypass UAC local exploit via Event Viewer module 2016-12-01 11:16:49 -06:00
wchen-r7 1e9d80c998 Fix another typo 2016-12-01 11:16:06 -06:00
wchen-r7 b8243b5d10 Fix a typo 2016-12-01 11:15:26 -06:00
William Vu 54684d31bd
Land #7641, check_conn? fix for cisco_ssl_vpn 2016-11-30 21:14:19 -06:00
William Vu 032312d40b Properly check res 2016-11-30 21:03:29 -06:00
William Vu 1d6ee7192a
Land #7427, new options for nagios_xi_chained_rce 2016-11-30 17:11:02 -06:00
William Vu 3e8cdd1f36 Polish up USER_ID and API_TOKEN options 2016-11-30 17:10:52 -06:00
Jin Qian ec83a861c8 Fix issue #7640 where cisco SSL VPN not move despite server responded 
Add the "return true" statement that was missing.
 2016-11-30 16:25:13 -06:00
OJ ebf5121359
Merge branch 'upstream/master' into add-bypassuac-eventvwr 2016-12-01 07:58:16 +10:00
OJ 6890e56b30
Remove call to missing function 2016-12-01 07:57:54 +10:00
wchen-r7 56505d2cc1 Resolve merge conflict 2016-11-30 14:33:23 -06:00
wchen-r7 c70c3701c5 Fix #7628, concrete5_member_list HTML parser 
Fix #7628
 2016-11-30 14:20:36 -06:00
William Webb b6bb1995ad Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master 2016-11-30 12:00:45 -06:00
William Webb c31758e0ea
Land #7627, Fix typo in payloads/linux/armle/mettle 2016-11-30 11:58:47 -06:00
wchen-r7 530e9a9bc6
Land #7633, fix dell_idrac to stop trying on a user after a valid login 2016-11-30 11:46:31 -06:00
David Maloney d1be2d735f
Land #7578, pdf-shaper exploit 
Land lsato's work on the pdf-shaper buffer overflow
exploit
 2016-11-30 11:13:12 -06:00
Jin Qian afed1f465e Fix issue 7632 where MSF keeps trying after success. 
Thanks to Wei who suggested adding "return :next_user" after success.
 2016-11-29 14:57:15 -06:00
David Maloney 3c9ebb97be
Land #7624, Wvu's style fixes 
land's wvu's style and text fixes for the
OS X archived messages module
 2016-11-29 14:05:05 -06:00
Javier Godinez 497e02955b Fixed checking for access keys being retrieved 2016-11-29 11:08:55 -08:00
Jin Qian 1beeb99d44 Fix issue 7628, username extracted became garbled 
Make the regular expression less aggressive.
 2016-11-29 12:52:57 -06:00
Adam Cammack 878779e14c
Fix typo in payloads/linux/armle/mettle 2016-11-29 10:12:17 -06:00
Javier Godinez cb0313642b Fixed setting IAM_USERNAME 2016-11-29 00:54:49 +00:00