infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
48,263 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

11679 Commits (e2428b5c200c45b7e9950934fa7a69c752511dec)

Author SHA1 Message Date
William Vu 7c7f63df45 Fix missing normalize_uri in struts2_rest_xstream 
I missed this one previously. May not be necessary but nice to have.
 2018-08-30 15:56:43 -05:00
Shelby Pace 6ec8522786
Land #10482, Add Network Manager VPNC Privesc 2018-08-30 10:46:54 -05:00
Jacob Robles 9d3e1c1942
Land #10540, weblogic_deserialize, add check method and linux target 2018-08-30 06:08:03 -05:00
Jacob Robles 953bafc7e7
Land #10545, foxit fix generated strings, update doc 2018-08-30 05:55:44 -05:00
Jacob Robles 3161beff69
Prefer opt hash 2018-08-29 14:56:31 -05:00
Adam Cammack a57e5ac5c0
Land #10594, Remove trailing space from CVE number 2018-08-29 14:31:21 -05:00
Jacob Robles bc4442694e
Fix Windows target options, remove comspec 2018-08-29 14:23:00 -05:00
Ben Schmeckpeper c4d697a629
Remove trailing space from CVE identifier 
ASUS Net4Switch ipswcom exploit mistakenly included a trailing space at the end of its CVE reference.
 2018-08-29 14:12:49 -05:00
William Vu 468613f688
Land #10536, https:// reference check for msftidy 2018-08-29 11:14:42 -05:00
Jacob Robles d5ad683ba6
More doc updates 2018-08-29 10:59:36 -05:00
Jacob Robles 086ec5bdfb
Fix generated strings in pdf 2018-08-29 06:24:20 -05:00
William Vu 326f006146
Land #10542, CVE ref for office_ms17_11882 exploit 2018-08-29 00:42:53 -05:00
Christian Mehlmauer 14fa41a376
merge changes 2018-08-29 06:09:40 +02:00
William Vu f6b868bac2 Prefer regex for target check in exploit method 
This is how I initially wrote it out, and I think I like it better.
Obviously we'll still check individual symbols in execute_command, since
some of the matching is disjoint.
 2018-08-28 15:56:45 -05:00
William Vu 3dec79da23 Add Windows ARCH_CMD target and refactor again 
Must have been an oversight that I didn't add the target.
 2018-08-28 15:03:41 -05:00
Ben Schmeckpeper 6335d867ec
Add CVE reference to office_ms17_11882 exploit 
The CVE identifier appears in a  GitHub URI but is not referenced separately.
 2018-08-28 13:44:01 -05:00
Jacob Robles 94e8cdac37
Move files to correct location 2018-08-28 12:38:54 -05:00
Jacob Robles 2986a9538d
Whitespace fix 2018-08-28 11:53:08 -05:00
Jacob Robles 49c5a91fa7
Add linux target to weblogic_deserialize module 2018-08-28 11:51:04 -05:00
Jacob Robles 12e9cf6af7
Version output 2018-08-28 08:20:02 -05:00
Jacob Robles f92d2263d0
Add check to weblogic_deserialize module 2018-08-28 08:09:30 -05:00
Christian Mehlmauer a66556b436
fix msftidy errors 2018-08-28 13:12:43 +02:00
William Vu 7d21c2094e Improve PSH target and refactor check code 2018-08-27 20:18:35 -05:00
William Vu df5f4caaae Uncomment PSH target in struts2_rest_xstream 
I'm full of shit. It works.

msf5 exploit(multi/http/struts2_rest_xstream) > run

[*] Started reverse TCP handler on 192.168.56.1:4444
[*] Powershell command length: 2467
[*] Sending stage (206403 bytes) to 192.168.56.101
[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.101:49691) at 2018-08-27 20:00:47 -0500

meterpreter > getuid
Server username: MSEDGEWIN10\IEUser
meterpreter > sysinfo
Computer        : MSEDGEWIN10
OS              : Windows 10 (Build 17134).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 3
Meterpreter     : x64/windows
meterpreter >
 2018-08-27 20:01:00 -05:00
Brent Cook 47ca6c6a14
Land #10527, Fix msftdiy EDB link check, enable HTTPS 2018-08-27 10:49:20 -05:00
Jacob Robles 79b3e4564a
Land #10487, add php5 session file target 2018-08-27 06:22:28 -05:00
Brendan Coles 9725e90ba7 Fix msftdiy EDB link check 2018-08-26 04:18:38 +00:00
William Vu 6df235062b
Land #10505, post-auth and default creds info 2018-08-24 18:08:15 -05:00
Jacob Robles f6674a96d9
Update poc link 2018-08-24 10:52:01 -05:00
Jacob Robles 7f3824b067
Additional path for Linux target 2018-08-24 07:18:24 -05:00
William Vu 672dbb7acb
Land #9364, HP PJL/SNMP CVE-2017-2741 exploit 
Finally!
 2018-08-23 22:47:09 -05:00
Wei Chen 2193dd662d
Land #10504, add Foxit Reader UAF Module and Docs 2018-08-23 18:56:07 -05:00
Matthew Kienow ecc6c473d8
Add note about unauthenticated telnetd service 2018-08-23 15:50:41 -04:00
Jacob Robles 7ceae8df58
Remove '.exe' from share name 2018-08-23 14:38:46 -05:00
Matthew Kienow 56433c8ed2
Functional decomposition refactor and cleanup 2018-08-23 15:23:42 -04:00
Matthew Kienow 961769c346
Fix SNMP Null class comparison 2018-08-23 15:23:42 -04:00
Matthew Kienow 9c05f14a70
Modify SNMP null and error handling 2018-08-23 15:23:42 -04:00
Matthew Kienow 934bb38a44
Omit parentheses for no argument method calls 2018-08-23 15:23:41 -04:00
Matthew Kienow c5958c6e38
Restore original rport value 2018-08-23 15:23:41 -04:00
Matthew Kienow 70a0b9b1be
Remove payload RequiredCmd and reformat info 2018-08-23 15:23:41 -04:00
Matthew Kienow dafa62dec4
Use string interpolation over concatenation 2018-08-23 15:23:40 -04:00
Matthew Kienow 7c03454a0b
Remove unnecessary explicit msf/core require 2018-08-23 15:23:40 -04:00
Matthew Kienow b1a308f3ae
Remove final debug output 2018-08-23 15:23:40 -04:00
Matthew Kienow e21ea4180f
Clean up module and payload 
Update module info, remove intermediate ARCH_ARMLE target, simply
options and add cleanup command so that the payload kills telnetd
 2018-08-23 15:23:40 -04:00
Matthew Kienow 81f1555439
Rename module, exploits multiple printer models 2018-08-23 15:23:40 -04:00
Matthew Kienow df18e354e1
Add bind_busybox_telnetd payload, misc cleanup 2018-08-23 15:23:39 -04:00
Matthew Kienow c0c3e12c74
WIP - hp officejet pro exploit, enhance PJL lib 2018-08-23 14:53:54 -04:00
Wei Chen b899839c53 Oops I made boo-boos 2018-08-21 08:53:43 -05:00
Jacob Robles fd6880d0d0
Add Foxit Reader UAF Module and Docs 2018-08-21 08:21:51 -05:00
Wei Chen ad0291e552 Update false negatives 2018-08-20 18:08:19 -05:00