infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
32,076 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

1741 Commits (d84c48cb7d99cf236c6ff60f27a60b811866928a)

Author SHA1 Message Date
jvazquez-r7 ad276f0d52 Retrieve version with Rex::Java::Serialization instead of binary streams 2015-01-22 14:52:19 -06:00
jvazquez-r7 c866caac43 Randomize MLet name 2015-01-21 00:36:34 -06:00
jvazquez-r7 37ed1b1e62 Delete default values for datastore options 2015-01-21 00:14:46 -06:00
jvazquez-r7 a996efc807 Refactor exploit code 2015-01-21 00:07:00 -06:00
jvazquez-r7 2de2e657f0 Refactor get_mbean_server 2015-01-20 23:44:33 -06:00
jvazquez-r7 d90f856c00 Delete sock_server variable 2015-01-20 20:51:20 -06:00
jvazquez-r7 b792c0a5bf Create exploit_mbean_server method 2015-01-20 20:44:10 -06:00
jvazquez-r7 0b2d65749b Do better argument handling on Msf::Jmx::Mbean::ServerConnection 2015-01-20 18:46:09 -06:00
jvazquez-r7 b97c0fe398 Add Msf::Jmx::Util#extract_unicast_ref 2015-01-20 17:46:42 -06:00
jvazquez-r7 f7aaad1cf1
Delete some extraneous commas 2015-01-19 17:25:45 -06:00
jvazquez-r7 dbc77a2857
Land #4517, @pedrib's exploit for ManageEngine Multiple Products Authenticated File Upload 
* CVE-2014-5301
 2015-01-19 17:23:39 -06:00
jvazquez-r7 6403098fbc Avoid sleep(), survey instead 2015-01-19 17:22:04 -06:00
jvazquez-r7 a6e351ef5d Delete unnecessary request 2015-01-19 17:14:23 -06:00
jvazquez-r7 ed26a2fd77 Avoid modify datastore options 2015-01-19 17:11:31 -06:00
jvazquez-r7 3c0efe4a7e Do minor style changes 2015-01-19 15:36:05 -06:00
jvazquez-r7 ddda0b2f4b Beautify metadata 2015-01-19 14:59:31 -06:00
jvazquez-r7 3a3e37ba6c Refactor extract_mbean_server 2015-01-18 01:20:13 -06:00
jvazquez-r7 4247747fc5 Refactor extract_object 2015-01-18 01:13:00 -06:00
jvazquez-r7 d9c6c56779 Refactor extract_rmi_connection_stub 2015-01-15 23:15:30 -06:00
jvazquez-r7 2d2f26a0e3 Change method names for stream builders 2015-01-15 23:01:27 -06:00
jvazquez-r7 00117fc963 Do first and ugly refactoring 2015-01-15 21:18:03 -06:00
jvazquez-r7 4d35131f59 Provide description and authentication support 2015-01-15 17:57:35 -06:00
jvazquez-r7 2cd15d0155 Delete comments 2015-01-15 16:43:03 -06:00
jvazquez-r7 cab4787172 Add initial JMX module 2015-01-15 16:41:37 -06:00
Pedro Ribeiro 3768cf0a69 Change version to int and add proper timestamp 2015-01-14 22:59:11 +00:00
jvazquez-r7 621cada2ac Undo build_gc_call_data refactoring 2015-01-14 16:47:28 -06:00
David Lanner c5cfc11d84 fix cookie regex by removing a space 2015-01-12 23:13:18 -05:00
Jon Hart e4547eb474
Land #4537, @wchen-r7's fix for #4098 2015-01-08 17:57:16 -08:00
Jon Hart f13e56aef8
Handle bracketed and unbracketed results, add more useful logging 2015-01-08 17:51:31 -08:00
Jon Hart 14db112c32 Add logging to show executed Java and result 2015-01-08 16:53:12 -08:00
Pedro Ribeiro c76aec60b0 Add OSVDB id and full disclosure URL 2015-01-08 23:29:38 +00:00
jvazquez-r7 fa5cd928a1 Refactor exploit to use the mixin 2015-01-08 16:04:56 -06:00
jvazquez-r7 873ade3b8a Refactor exploit module 2015-01-08 14:52:55 -06:00
William Vu ea793802cc
Land #4528, mantisbt_php_exec improvements 2015-01-08 04:50:00 -06:00
sinn3r ef97d15158 Fix msftidy and make sure all print_*s in check() are vprint_*s 2015-01-07 12:12:25 -06:00
James Lee 3e80efb5a8
Land #4521, Pandora FMS upload 2015-01-07 11:13:57 -06:00
James Lee 1ccef7dc3c
Shorter timeout so we get shell sooner 
The request to execute our payload will never return, so waiting for the
default timeout (20 seconds) is pointless.
 2015-01-07 11:11:33 -06:00
sinn3r 4c240e8959 Fix #4098 - False negative check for script_mvel_rce 
Fix #4098, thanks @arnaudsoullie
 2015-01-07 10:40:58 -06:00
James Lee efe83a4f31
Whitespace 2015-01-07 10:19:17 -06:00
Christian Mehlmauer 09bd0465cf
fix regex 2015-01-07 11:54:55 +01:00
rcnunez b3def856fd Applied changes recommended by jlee-r7 
used Rex::ConnectionError
refactor begin/rescue blocks
removed ::URI::InvalidURIError
changed @peer with peer
used Exploit::CheckCode:Appears instead of Exploit::CheckCode::Vulnerable
 2015-01-07 18:38:19 +08:00
Christian Mehlmauer eaad4e0bea
fix check method 2015-01-07 11:01:08 +01:00
Christian Mehlmauer 862af074e9
fix bug 2015-01-07 09:10:50 +01:00
Christian Mehlmauer d007b72ab3
favor include? over =~ 2015-01-07 07:33:16 +01:00
Christian Mehlmauer 4277c20a83
use include? 2015-01-07 06:51:28 +01:00
Christian Mehlmauer 39e33739ea
support for anonymous login 2015-01-07 00:08:04 +01:00
Christian Mehlmauer bf0bdd00df
added some links, use the res variable 2015-01-06 23:25:11 +01:00
Christian Mehlmauer f9f2bc07ac
some improvements to the mantis module 2015-01-06 11:33:45 +01:00
rcnunez 547b7f2752 Syntax and File Upload BugFix 
Fix unexpected ) in line 118
Fix file cleanup missing _
Fix more robust version check script
Fix file upload
 2015-01-05 19:23:22 +08:00
Pedro Ribeiro c9b76a806a Create manageengine_auth_upload.rb 2015-01-04 17:05:53 +00:00
Tod Beardsley c1718fa490
Land #4440, git client exploit from @jhart-r7 
Also fixes #4435 and makes progress against #4445.
 2015-01-01 13:18:43 -06:00
Tod Beardsley d7564f47cc
Move Mercurial option to advanced, update ref url 
See #4440
 2015-01-01 13:08:36 -06:00
Tod Beardsley 914c724abe
Rename module 
See rapid7#4440
 2015-01-01 13:03:17 -06:00
Jon Hart 65977c9762
Add some more useful URLs 2014-12-31 10:54:04 -08:00
Spencer McIntyre 6d966dbbcf
Land #4203, @jvazquez-r7's cleanup for java_rmi_server 2014-12-31 11:25:19 -05:00
Christian Mehlmauer 96fe693c54
update drupal regex 2014-12-30 09:12:39 +01:00
Jon Hart 51049152b6
Use Rex::Text.rand_mail_address for more realistic fake commit 2014-12-26 10:39:52 -08:00
Jon Hart a692656ab7
Update comments to reflect reality, minor cleanup 2014-12-23 19:09:45 -08:00
Jon Hart 59f75709ea
Print out malicious URLs that will be used by default 2014-12-23 10:10:31 -08:00
Jon Hart 905f483915
Remove unused and commented URIPATH 2014-12-23 09:40:27 -08:00
Jon Hart 8e57688f04
Use random URIs by default, different method for enabling/disabling Git/Mercurial 2014-12-23 09:39:39 -08:00
Jon Hart bd3dc8a5e7
Use fail_with rather than fail 2014-12-23 08:20:03 -08:00
Jon Hart 015b96a24a
Add back perl and bash related payloads since Windows git will have these and OS X should 2014-12-23 08:13:00 -08:00
Meatballs 16302f752e
Enable generic command 2014-12-23 14:22:26 +00:00
Meatballs a3b0b9de62
Configure module to target bash by default 2014-12-23 14:19:51 +00:00
Meatballs 313d6cc2f8
Add super call 2014-12-23 14:12:47 +00:00
Meatballs 43221d4cb0
Remove redundant debugging stuff 2014-12-23 14:09:12 +00:00
Meatballs 42a10d6d50
Add Powershell target 2014-12-23 14:07:57 +00:00
Meatballs 40c1fb814e
one line if statement 2014-12-23 11:20:24 +00:00
Meatballs b41e259252
Move it to a common method 2014-12-23 11:16:07 +00:00
Jon Hart abec7c206b
Update description to describe current limitations 2014-12-22 20:32:45 -08:00
Jon Hart 1505588bf6
Rename the file to reflect what it really is 2014-12-22 20:27:40 -08:00
Jon Hart ff440ed5a4
Describe vulns in more detail, add more URLs 2014-12-22 20:20:48 -08:00
Jon Hart b4f6d984dc
Minor style cleanup 2014-12-22 17:51:35 -08:00
Jon Hart 421fc20964
Partial mercurial support. Still need to implement bundle format 2014-12-22 17:44:14 -08:00
Jon Hart fdd1d085ff
Don't encode the payload because this only complicates OS X 2014-12-22 13:36:38 -08:00
Joe Vennix 0bf3a9cd55
Fix duplicate :ua_maxver key. 2014-12-22 14:57:44 -06:00
Jon Hart ea9f5ed6ca
Minor cleanup 2014-12-22 12:16:53 -08:00
Jon Hart dd73424bd1
Don't link to unused repositories 2014-12-22 12:04:55 -08:00
Jon Hart 6c8cecf895
Make git/mercurial support toggle-able, default mercurial to off 2014-12-22 11:36:50 -08:00
Jon Hart 574d3624a7
Clean up setup_git verbose printing 2014-12-22 11:09:08 -08:00
Jon Hart 16543012d7
Correct planted clone commands 2014-12-22 10:56:33 -08:00
Jon Hart 01055cd41e
Use a trigger to try to only start a handler after the malicious file has been requested 2014-12-22 10:43:54 -08:00
Jon Hart 3bcd67ec2e
Unique URLs for public repo page and malicious git/mercurial repos 2014-12-22 10:03:30 -08:00
Jon Hart 308eea0c2c
Make malicious hook file name be customizable 2014-12-22 08:28:55 -08:00
Jon Hart 7f3cfd2207
Add a ranking 2014-12-22 07:51:47 -08:00
Jon Hart 74783b1c78
Remove ruby and telnet requirement 2014-12-21 10:06:06 -08:00
Jon Hart 31f320c901
Add mercurial debugging 2014-12-20 20:00:12 -08:00
Jon Hart 3da1152743
Add better logging. Split out git support in prep for mercurial 2014-12-20 19:34:55 -08:00
Jon Hart 58d5b15141
Add another useful URL. Use a more git-like URIPATH 2014-12-20 19:11:56 -08:00
Jon Hart f41d0fe3ac
Randomize most everything about the malicious commit 2014-12-19 19:31:00 -08:00
Jon Hart 805241064a
Create a partially capitalized .git directory 2014-12-19 19:07:45 -08:00
Jon Hart f7630c05f8
Use payload.encoded 2014-12-19 18:52:34 -08:00
Jon Hart 7f2247f86d
Add description and URL 2014-12-19 15:50:16 -08:00
Jon Hart 9b815ea0df
Some style cleanup 2014-12-19 15:35:09 -08:00
Jon Hart 4d0b5d1a50
Add some vprints and use a sane URIPATH 2014-12-19 15:33:26 -08:00
Tod Beardsley d3050de862
Remove references to Redmine in code 
See #4400. This should be all of them, except for, of course, the module
that targets Redmine itself.

Note that this also updates the README.md with more current information
as well.
 2014-12-19 17:27:08 -06:00
Jon Hart 48444a27af
Remove debugging pp 2014-12-19 15:27:06 -08:00
Jon Hart 1c7fb7cc7d
Mostly working exploit for CVE-2014-9390 2014-12-19 15:24:27 -08:00
Jon Hart 4888ebe68d
Initial commit of POC module for CVE-2013-9390 (#4435) 2014-12-19 12:58:02 -08:00