infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
44,847 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

1639 Commits (d756db4f9dd585ba3e68f641cc7f5875de8dce1e)

Author SHA1 Message Date
h00die 9528f279a5 cleaned up version, and docs 2017-09-23 10:51:52 -04:00
Mehmet Ince 3d543b75f5
Fixing typos and replacing double quotes with single 2017-09-21 23:48:12 +03:00
Mehmet Ince 1031d7960a
Moving token extraction to the seperated function 2017-09-20 10:23:32 +03:00
Mehmet Ince ee969ae8e5
Adding DenyAll RCE module 2017-09-19 14:53:37 +03:00
dmohanty-r7 c91ef1f092
Land #8768, Add Docker Daemon TCP exploit module 2017-09-08 12:50:00 -05:00
James Barnett 7e9d0b3e9b
Fix permissions in docker priv_esc module 
The previous command didn't give the original user enough permissions
to execute the payload. This was resulting in permission denied
and preventing me from getting a root shell.

Fixes #8937
 2017-09-07 16:48:02 -05:00
Tod Beardsley 642a13e820 Out out damn tick 2017-08-31 14:29:05 -05:00
Calum Hutton 3b745bd17c Rework the bash, redirect stdout/err to /dev/null 
Dont need the -
 2017-08-30 03:49:30 +01:00
Calum Hutton 9387a765e5 Fix msftidy warns/errs 2017-08-30 03:10:46 +01:00
Calum Hutton 4934023fa5 Use alternate system() payload, dont worry about restarts 
Use nohup and & to background the meterpreter process
 2017-08-30 03:10:46 +01:00
Calum Hutton d53f10554d Configurable restart command 2017-08-30 03:10:46 +01:00
Calum Hutton d0ff2694b3 Restart after payload process ends 2017-08-30 03:10:46 +01:00
Calum Hutton aee44e3bd2 Working meterpreter exploit 
No service restart
 2017-08-30 03:10:46 +01:00
Calum Hutton 7cfb5fcc97 Rename 2017-08-30 03:10:46 +01:00
Calum Hutton 8b67b710fa Add template 2017-08-30 03:10:46 +01:00
h00die a40429158f 40% done 2017-08-28 20:17:58 -04:00
William Vu 4c285c0129
Land #8827, QNAP Transcode Server RCE 2017-08-22 23:07:01 -05:00
Brent Cook 1225555125
remove unnecessary require 2017-08-20 17:37:42 -05:00
Brent Cook 840c0d5f56
Land #7808, add exploit for VMware VDP with known ssh private key (CVE-2016-7456) 2017-08-20 17:36:45 -05:00
William Vu d659cdc8f6 Convert quest_pmmasterd_bof to cmd_interact/find 2017-08-18 00:19:09 -05:00
Brendan Coles ac976eee8e Add author 2017-08-15 03:27:40 +00:00
Brendan Coles 0a374b1a88 Add QNAP Transcode Server Command Execution exploit module 2017-08-13 09:13:56 +00:00
Martin Pizala 2383afd8dc
Fix improved error handling 2017-08-04 23:42:44 +02:00
Martin Pizala b78cb12546
Ruby 2.2 support. See #8792 2017-08-02 18:06:48 +02:00
Brent Cook 4395f194b1 fixup style warnings in f5 bigip privkey exploit 2017-08-01 14:45:05 -05:00
Martin Pizala 60c3882b84
Improved error handling 2017-07-30 09:07:52 +02:00
Martin Pizala 6a20e1ac7d
Add module Rancher Server - Docker Exploit 2017-07-28 08:04:21 +02:00
Martin Pizala 853ae9a6ce
Add new reference 2017-07-26 02:16:56 +02:00
1cph93 9c930aad6e Add space after comma in f5_bigip_known_privkey module to coincide with Ruby style guide 2017-07-25 19:43:29 -04:00
Martin Pizala cd418559bc
Docker Daemon - Unprotected TCP Socket Exploit 2017-07-26 00:21:35 +02:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
Brent Cook 838b066abe Merge branch 'master' into land-8716 2017-07-24 05:51:44 -07:00
g0tmi1k 524373bb48 OCD - Removed un-needed full stop 2017-07-21 07:41:51 -07:00
g0tmi1k 772bec23a1 Fix various typos 2017-07-21 07:40:08 -07:00
bwatters-r7 ffad0d1bbf
Land #8559, Ipfire oinkcode exec 2017-07-19 14:31:18 -05:00
bwatters-r7 116a838cb0 Version check update and stylistic fix 2017-07-19 13:26:40 -05:00
g0tmi1k ef826b3f2c OCD - print_good & print_error 2017-07-19 12:48:52 +01:00
g0tmi1k b8d80d87f1 Remove last newline after class - Make @wvu-r7 happy 2017-07-19 11:19:49 +01:00
g0tmi1k 3d4feffc62 OCD - Spaces & headings 2017-07-19 11:04:15 +01:00
g0tmi1k a008f8e795 BruteForce - > Brute Force 2017-07-19 10:39:58 +01:00
bwatters-r7 ba92d42b57 Updated version check per @bcoles 2017-07-17 15:52:50 -05:00
g0tmi1k 4720d1a31e OCD fixes - Spaces 2017-07-14 08:46:59 +01:00
g0tmi1k 9309115627 OCD - Banner clean up 2017-07-14 08:19:50 +01:00
g0tmi1k fd843f364b Removed extra lines 2017-07-14 08:17:16 +01:00
g0tmi1k 424522147e OCD fixes - Start of *.rb files 2017-07-13 23:53:59 +01:00
Brendan Coles 8e2ff7a4c5 Add command stager and code cleanup 2017-07-07 16:54:56 -05:00
Brent Cook f4820d24fb add a few more AKA references 2017-07-06 22:43:46 -05:00
Pearce Barry a2602bf514
Land #8600, Add GoAutoDial 3.3 RCE Command Injection / SQL injection module 2017-06-30 17:32:51 -05:00
Pearce Barry dd530a2953
Minor indentation tweaks. 2017-06-30 17:29:43 -05:00
Brent Cook d20036e0fb revise spelling, add heartbleed and tidy checks 2017-06-28 18:50:20 -04:00
Brent Cook 461ab4501d add 'Also known as', AKA 'AKA', to module references 2017-06-28 15:53:00 -04:00
h00die f9493f46d7 bcole fixes 2017-06-24 14:06:11 -04:00
dmohanty-r7 18410d8230
Land #8540, Add Symantec Messaging Gateway RCE 2017-06-22 19:00:32 -05:00
Brent Cook 4fdd77f19a
Land #8051, Add Netgear DGN2200v1/v2/v3/v4 Command Injection Module 2017-06-22 11:46:40 -05:00
Brent Cook a4e8cdfa6e msftidy fixes 2017-06-22 11:44:40 -05:00
Jin Qian b51fc0a34e
Land #8489, more httpClient modules use store_valid_credential 2017-06-21 17:18:34 -05:00
Brendan Coles e20169c428 Disable VMware hint popups 2017-06-20 11:39:57 +00:00
Brendan Coles 668aa4edaf Use WfsDelay 2017-06-20 08:56:33 +00:00
Brendan Coles 4f6eab102f Code cleanup 2017-06-20 00:55:33 +00:00
Brendan Coles 1bd7a0ea2a Replace tabs with spaces 2017-06-20 00:06:50 +00:00
Brendan Coles cf8cf564b2 Add VMware Workstation ALSA Config File Privesc module 2017-06-18 11:16:25 +00:00
mccurls 8c23769cbc Updated module to use an instance variable for using HTTP session tokens across functions. 2017-06-18 12:59:34 +10:00
mccurls 19ceb53304 Modified payload handling and uploaded documentation 2017-06-18 02:04:22 +10:00
mccurls 07051d1f00 Removed whitespace 2017-06-17 09:59:46 +10:00
mccurls 8eb59eac3f Stuffed up regex.. left some random $ characters floating around and have now removed them. 2017-06-17 08:03:09 +10:00
mccurls 6363a319d2 Fixed Typo 2017-06-17 07:32:17 +10:00
mccurls b34bf76fea Adding GoAutoDial RCE module 2017-06-17 07:22:41 +10:00
h00die e005e51f05 some edits finished 2017-06-16 06:48:31 -04:00
Tod Beardsley 49383f8f3a Update and fix grammar to the CryptoLog module 
After talking to the vendor, it appears that the PHP version of CryptoLog has been EOL'ed since 2009. It has since been replaced with an ASP.NET version, which, obviously, is no longer vulnerable to these PHP exposures.
 2017-06-15 13:00:44 -05:00
h00die 46ffd250a0 module working and docs 2017-06-14 21:15:56 -04:00
Mehmet Ince c147779097
Add CVE number to the symantec-messaging-gateway-exec module 2017-06-14 23:07:58 +03:00
h00die c35dffc648 first draft of oinkcode 2017-06-14 08:04:17 -04:00
James Lee 55f0edb732
Land #8491, fixes for service_persistence 2017-06-13 17:17:53 -05:00
Mehmet Ince 6ae540d889
Adding Symantec messaging gateway rce 2017-06-10 12:23:12 +03:00
William Vu 3e20296cf5 Add service_details for SSH 2017-06-08 13:28:29 -05:00
William Vu e22334343e Use store_valid_credential in my modules 
I used report_note because using the creds API was a pain in the ass.
 2017-06-08 00:57:51 -05:00
Brent Cook bac17a8e80
Land #8053, Add DC/OS Marathon UI Exploit 2017-06-06 09:29:26 -05:00
h00die 361cc2dbeb fix newline issue and service call 2017-05-30 22:37:26 -04:00
h00die f98b40d038 adds check on service writing before running it 2017-05-30 22:14:49 -04:00
Jeffrey Martin 0e145573fc
more httpClient modules use store_valid_credential 2017-05-30 14:56:05 -05:00
wolfthefallen 9c93aae412 Removed self.class from register 2017-05-30 10:07:07 -04:00
wolfthefallen bac23757a4 Updated based on busterb comments 2017-05-30 09:33:03 -04:00
Brent Cook 28fb5cc7da spelling 2017-05-30 00:14:33 -05:00
Brent Cook e31e3fc545 add additional architectures and targets 2017-05-30 00:07:37 -05:00
HD Moore 66f06cd4e3 Fix small typos in comments 2017-05-28 14:40:33 -05:00
HD Moore 965915eb19 Fix typo, thanks! 2017-05-27 22:22:34 -05:00
HD Moore 38491fd7ba Rename payloads with os+libc, shrink array inits 2017-05-27 19:50:31 -05:00
HD Moore f9ecdf2b4d Add some bonus archs for interact mode 2017-05-27 17:26:50 -05:00
HD Moore 41253ab32b Make msftidy happy 2017-05-27 17:17:20 -05:00
HD Moore 184c8f50f1 Rework the Samba exploit & payload model to be magic. 2017-05-27 17:03:01 -05:00
HD Moore 78d649232b Remove obsolete module options 2017-05-26 21:21:05 -05:00
HD Moore 123a03fd21 Detect server-side path, work on Samba 3.x and 4.x 2017-05-26 17:02:18 -05:00
HD Moore 072ab7291c Add /tank (from ryan-c) to search path 2017-05-26 06:56:41 -05:00
HD Moore 1474faf909 Remove ARMLE for now, will re-PR once functional 2017-05-25 16:14:35 -05:00
HD Moore 2ad386948f Small cosmetic typo 2017-05-25 16:10:37 -05:00
HD Moore 18a871d6a4 Delete the .so, add PID bruteforce option, cleanup 2017-05-25 16:03:14 -05:00
HD Moore cf7cfa9b2c Add check() implementation based on bcoles notes 2017-05-25 09:49:45 -05:00
HD Moore 0520d7cf76 First crack at Samba CVE-2017-7494 2017-05-24 19:42:04 -05:00
James Lee e3f4cc0dfd
Land #8345, WordPress PHPMailer Exim injection 
CVE-2016-10033
 2017-05-16 15:07:21 -05:00
William Vu 35670713ff Remove budding anti-patterns to avoid copypasta 
While it offers a better OOBE, don't set a default LHOST. Force the user
to think about what they're setting it to. Also, RequiredCmd is largely
unnecessary and difficult to determine ahead of time unless the target
is a virtual appliance or something else "shipped."
 2017-05-15 12:56:14 -05:00
William Vu 231510051c Fix uri_str for exploit 2017-05-11 16:30:10 -05:00
Brent Cook e414bdb876 don't try to guess intent for specified default targets, leave auto-auto targeting to unspecified modules 2017-05-11 15:19:11 -05:00
Brent Cook 30c48deeab msftidy and misc. fixups for Quest BoF module 2017-05-11 08:07:39 -05:00
William Webb e8aed42ecd
Land #8223, Quest Privilege Manager pmmasterd Buffer Overflow 2017-05-11 00:44:19 -05:00
Adam Cammack 18d95b6625
Land #8346, Templatize shims for external modules 2017-05-10 18:15:54 -05:00
Brent Cook fede672a81 further revise templates 2017-05-08 14:26:24 -05:00
William Vu b794bfe5db
Land #8335, rank fixes for the msftidy god 2017-05-07 21:20:33 -05:00
Bryan Chu 88bef00f61 Add more ranks, remove module warnings 
../vmware_mount.rb
Rank = Excellent
Exploit uses check code for target availability,
the vulnerability does not require user action,
and the exploit uses privilege escalation to run
arbitrary executables

../movabletype_upgrade_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../uptime_file_upload_2.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../zpanel_information_disclosure_rce.rb
Rank = ExcellentRanking
Exploit allows remote code execution,
implements version check for pChart

../spip_connect_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../wp_optimizepress_upload.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../wing_ftp_admin_exec.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../novell_mdm_lfi.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../run_as.rb
Rank = ExcellentRanking
Exploit utilizes command injection,
checks system type, and does not require user action
 2017-05-07 15:41:26 -04:00
m0t ab245b5042 added note to description 2017-05-07 13:56:50 +01:00
m0t 4f12a1e271 added note to description 2017-05-07 13:54:28 +01:00
Jeffrey Martin 05bf16e91e
Land #8331, Adding module CryptoLog Remote Code Execution 2017-05-05 18:24:14 -05:00
Mehmet Ince 720a02f5e2
Addressing Spaces at EOL issue reported by Travis 2017-05-05 11:05:17 +03:00
Mehmet Ince 58d2e818b1
Merging multiple sqli area as a func 2017-05-05 10:49:05 +03:00
darkbushido 81bcf2ca70 updating all LHOST to use the new opt type 2017-05-04 12:57:50 -05:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings 
Also fixed rex requires.
 2017-05-03 15:44:51 -05:00
Mehmet Ince d04e7cba10
Rename the module as well as title 2017-05-03 19:18:46 +03:00
Mehmet Ince ae8035a30f
Fixing typo and using shorter sqli payload 2017-05-03 16:45:17 +03:00
Mehmet Ince db2a2ed289
Removing space at eof and self.class from register_options 2017-05-03 01:31:13 +03:00
Mehmet Ince 77acbb8200
Adding cryptolog rce 2017-05-03 01:05:40 +03:00
Adam Cammack 494711ee65
Land #8307, Add lib for writing Python modules 2017-05-02 15:53:13 -05:00
Brent Cook 037fdf854e move common json-rpc bits to a library 2017-04-26 18:08:08 -05:00
Brent Cook a60e5789ed update mettle->meterpreter references in modules 2017-04-26 17:55:10 -05:00
William Vu bbee7f86b5
Land #8263, Mercurial SSH exec module 2017-04-26 01:38:01 -05:00
William Vu f60807113b Clean up module 2017-04-26 01:37:49 -05:00
wchen-r7 e333cb65e5 Restore require 'msf/core' 2017-04-24 17:09:02 -05:00
Matthias Brun d3aba846b9 Make minor changes 2017-04-24 23:35:36 +02:00
h00die 8e4c093a22 added version numbers 2017-04-22 09:45:55 -04:00
Matthias Brun 714ada2b66 Inline execute_cmd function 2017-04-21 15:32:15 +02:00
Matthias Brun 8218f024e0 Add WiPG-1000 Command Injection module 2017-04-20 16:32:23 +02:00
Jonathan Claudius f5430e5c47
Revert Msf::Exploit::Remote::Tcp 2017-04-18 19:27:35 -04:00
Jonathan Claudius 9a870a623d
Make use of Msf::Exploit::Remote::Tcp 2017-04-18 19:17:48 -04:00
Jonathan Claudius 03e3065706
Fix MSF tidy issues 2017-04-18 18:56:42 -04:00
Jonathan Claudius 32f0b57091
Fix new line issues 2017-04-18 18:52:53 -04:00
Jonathan Claudius bfca4da9b0
Add mercurial ssh exec 2017-04-18 16:33:23 -04:00
Tod Beardsley 1fcc1f7417
Trailing comma. Why isn't this Lua? 2017-04-18 14:27:44 -05:00
Tod Beardsley 4ec71f9272
Add a reference to the original PR 
This was the source of first public disclosure, so may as well include
it.
 2017-04-18 14:20:25 -05:00
Nate Caroe 92e7183a74 Small typo fix 
Running msfconsole would generate an Ubuntu crash report (?). This seems to be the culprit.
 2017-04-17 11:14:51 -06:00
Ahmed S. Darwish e21504b22d huawei_hg532n_cmdinject: Use send_request_cgi() 'vars_get' key 
Instead of rolling our own GET parameters implementation.

Thanks @wvu-r7!
 2017-04-17 09:11:50 +02:00
Ahmed S. Darwish 7daec53106 huawei_hg532n_cmdinject: Improve overall documentation 
- Add section on compiling custom binaries for the device
- Add documentation for Huawei's wget flavor (thanks @h00die)
- Abridge the module's info hash contents (thanks @wwebb-r7)
- Abridge the module's comments; reference documentation (@h00die)
 2017-04-17 08:00:51 +02:00
Ahmed S. Darwish 8a302463ab huawei_hg532n_cmdinject: Use minimum permissions for staged binary 
Use u+rwx permissions only, instead of full 777, while staging the
wget binary to target. As suggested by @wvu-r7 and @busterb.
 2017-04-17 03:27:57 +02:00
Ahmed S. Darwish 7ca7528cba huawei_hg532n_cmdinject: Spelling fixes suggested by @wvu-r7 2017-04-17 03:23:20 +02:00
Ahmed S. Darwish 7b8e5e5016 Add Huawei HG532n command injection exploit 2017-04-15 21:01:47 +02:00
m0t 5e42dde6b6 msftidy clean up 2017-04-12 16:25:21 +01:00
m0t 374d7809b5 last fixes and tests 2017-04-11 09:48:57 +01:00
m0t 9a0789f839 Exploit for pmmasterd Buffer Overflow (CVE-2017-6553) 2017-04-05 17:59:54 +01:00
bwatters-r7 64c06a512e
Land #8020, ntfs-3g local privilege escalation 2017-04-04 09:48:15 -05:00
Brent Cook 4c0539d129
Land #8178, Add support for non-Ruby modules 2017-04-02 21:02:37 -05:00
h00die 0092818893
Land #8169 add exploit rank where missing 2017-04-02 20:59:25 -04:00
Bryan Chu 151ed16c02 Re-ranking files 
../exec_shellcode.rb
Rank Great -> Excellent

../cfme_manageiq_evm_upload_exec.rb
Rank Great -> Excellent

../hp_smhstart.rb
Rank Average -> Normal
 2017-04-02 18:33:46 -04:00
h00die e80b8cb373 move sploit.c out to data folder 2017-03-31 20:51:33 -04:00