infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
27,000 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

7076 Commits (d83131f1d97633f7308c74e7f707fa4a4147dd69)

Author SHA1 Message Date
sinn3r 85b48fd437
Land #3736 - Revert initial ff xpi prompt bypass for Firefox 22-27 2014-09-04 16:08:15 -05:00
jvazquez-r7 f063dcf0f4
Land #3741, @pedrib's module for CVE-2014-5005 Desktop Central file upload 2014-09-04 15:44:21 -05:00
jvazquez-r7 f466b112df Minor cleaning on check 2014-09-04 15:43:59 -05:00
jvazquez-r7 74b8e8eb40 Change module filename 2014-09-04 15:39:34 -05:00
jvazquez-r7 7563c0bd0e Use Gem::Version 2014-09-04 14:40:13 -05:00
jvazquez-r7 2615a7a3be Favor \&\& and || operands 2014-09-04 14:35:37 -05:00
Pedro Ribeiro f0e3fa18a3 Restore the original filename 2014-09-03 21:32:05 +01:00
Pedro Ribeiro d69049008c Refactor and rename desktopcentra_file_upload 
- Rewrite check method
- Declare that v7 is also exploitable (tested and it works)
- Rename to dc_agentlogupload_file_upload to match the other DC module's naming convention
- Add CVE / OSVDB / Full disclosure references
 2014-09-02 23:12:33 +01:00
Pedro Ribeiro 05856016c9 Add exploit for CVE-2014-5005 2014-09-02 23:09:10 +01:00
Joe Vennix f7617183d9
Revert "Add initial firefox xpi prompt bypass." 
This reverts commit ebcf972c08.
 2014-09-02 12:27:41 -05:00
Spencer McIntyre 1cdf1c2c6e
Land #3709, @nnam's wing ftp admin console cmd exec 2014-08-29 13:46:01 -04:00
Spencer McIntyre 8095b4893c Rename and apply rubocop style to wing_ftp_admin_exec 2014-08-29 13:42:11 -04:00
nnam 02bbd53b82 Fix failure messages for check(). 2014-08-28 12:09:35 -07:00
Nicholas Nam 6c90a50e47 Handle res.nil case in check(). Revert check for res.nil in 
execute_command() because it was failing prior to the reverse_shell
connecting.
 2014-08-28 10:57:52 -07:00
Nicholas Nam 0788ce9745 Removed unused require and import. Handle the res.nil case in 
execute_command() and authenticate().
 2014-08-28 10:30:30 -07:00
jvazquez-r7 58091b9e2b
Land #3708, @pedrib fix for manage_engine_dc_pmp_sqli 2014-08-28 10:47:03 -05:00
jvazquez-r7 9d3d25a3b3 Solve conflicts 2014-08-28 10:19:12 -05:00
sinn3r 633eaab466
Land #3714 - Firefox 22-27 WebIDL Privileged Javascript Injection 2014-08-27 01:45:18 -05:00
Joe Vennix 26cfed6c6a
Rename exploit module. 2014-08-26 23:05:41 -05:00
Joe Vennix 96276aa6fa
Get the disclosure date right. 2014-08-26 20:36:58 -05:00
Joe Vennix 52f33128cd
Add Firefox WebIDL Javascript exploit. 
Also removes an incorrect reference from another FF exploit.
 2014-08-26 20:35:17 -05:00
William Vu 9f6a40dfd6
Fix bad pack in mswin_tiff_overflow 
Reported by @egyjuzer in #3706.
 2014-08-26 11:14:44 -05:00
Nicholas Nam 40b66fae33 Add Wing FTP Server post-auth remote command execution module 2014-08-26 07:28:41 -07:00
Pedro Ribeiro a8d03aeb59 Fix bug with PMP db paths 2014-08-26 12:54:31 +01:00
Pedro Ribeiro 473341610c Update name to mention DC; correct servlet name 2014-08-26 12:39:48 +01:00
jvazquez-r7 0031913b34 Fix nil accesses 2014-08-22 16:19:11 -05:00
jvazquez-r7 38e6576990 Update 2014-08-22 13:22:57 -05:00
jvazquez-r7 e93fbbd904
Land #3685, @pedrib's exploit for CVE-2014-3996 2014-08-22 11:45:41 -05:00
jvazquez-r7 cf147254ad Use snake_case in the filename 2014-08-22 11:44:35 -05:00
jvazquez-r7 823649dfa9 Clean exploit, just a little 2014-08-22 11:43:58 -05:00
jvazquez-r7 9815b1638d Refactor pick_target 2014-08-22 11:31:06 -05:00
jvazquez-r7 ecace8beec Refactor check method 2014-08-22 11:05:36 -05:00
Brandon Turner 05f0d09828
Merge branch staging/electro-release into master 
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master.  Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63 and
82760bf5b3).

We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3).

This merge commit merges the staging/electro-release branch
(62b81d6814) into master
(48f0743d1b).  It ensures that any changes
committed to master since the original squashed merge are retained.

As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
 2014-08-22 10:50:38 -05:00
jvazquez-r7 ced65734e9 Make some datastore options advanced 2014-08-22 10:26:04 -05:00
jvazquez-r7 b4e3e84f92 Use CamelCase for target keys 2014-08-22 10:23:36 -05:00
jvazquez-r7 b58550fe00 Indent description and fix title 2014-08-22 10:21:08 -05:00
Brandon Turner 19ba7772f3
Revert "Various merge resolutions from master <- staging" 
This reverts commit 149c3ecc63.

Conflicts:
	lib/metasploit/framework/command/base.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/require.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/smb/smb_login.rb
	msfconsole
 2014-08-22 10:17:44 -05:00
Pedro Ribeiro da752b0134 Add exploit for CVE-2014-3996 2014-08-21 15:30:28 +01:00
sinn3r e2e2dfc6a3 Undo FF 2014-08-19 17:47:44 -05:00
sinn3r 777efb5e48
Land #3669 - Deprecate ff 17 svg exploit 2014-08-19 17:42:31 -05:00
sinn3r c73ec66c7a
Land #3659 - Add HybridAuth install.php PHP Code Execution 2014-08-19 17:19:01 -05:00
joev b93fda5cef
Remove browser_autopwn hook from deprecated FF module. 2014-08-18 15:33:43 -05:00
joev 87aa63de6e
Deprecate FF17 SVG exploit. 
This exploit needs flash, the tostring_console injection one does not.
 2014-08-18 15:32:51 -05:00
Brendan Coles 564431fd41 Use arrays in refs for consistency 2014-08-18 18:54:54 +00:00
Tod Beardsley cad281494f
Minor caps, grammar, desc fixes 2014-08-18 13:35:34 -05:00
HD Moore d8e82b9394 Lands #3655, fixes pack operators 
the commit.
he commit.
 2014-08-17 17:25:52 -05:00
Brendan Coles b8b2e3edff Add HybridAuth install.php PHP Code Execution module 2014-08-16 23:31:46 +00:00
sinn3r e656a81c63
Land #3656 - FF toString console.time Privileged Javascript Injection 2014-08-15 17:07:23 -05:00
joev 6d958475d6
Oops, this doesn't work on 23, only 22. 2014-08-15 17:00:58 -05:00
joev fb1fe7cb8b
Add some obfuscation. 2014-08-15 16:54:30 -05:00