infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
32,738 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

17011 Commits (e6c61c461e2cc6dbbedc86bce49e482b56551c75)

Author SHA1 Message Date
William Vu 41885133d8 Refactor and clean 
Finally breaking free of some stubborn old habits. :)
 2015-04-10 11:22:27 -05:00
William Vu a7601c1b9a Use zsh to avoid dropping privs 
Also add some configurable options.
 2015-04-10 11:22:00 -05:00
William Vu 4cc6ac6eaa Clarify vulnerable versions 2015-04-10 11:22:00 -05:00
William Vu c4b7b32745 Add Rootpipe exploit 2015-04-10 11:22:00 -05:00
Jon Cave b2b7da2dc5 Fix spelling of Microsoft in module name 2015-04-10 11:09:16 +01:00
Jon Cave c6f062d49e Ensure that local variable `upload_path` is defined 
Merge `upload_payload` and `parse_upload_response` so that the
`upload_path` variable is defined for use in error messages in the event
of failure.
 2015-04-10 10:58:20 +01:00
root 7810f3d9a3 Add previous nessus_xmlrpc_login file 2015-04-10 12:32:42 +05:00
root bbbd4d3634 change name to keep both XML and REST modules 2015-04-10 12:20:43 +05:00
jvazquez-r7 91f5d0af5a
Add module for CVE-2014-0569 
* Adobe flash, Integer overflow on casi32
 2015-04-09 19:37:26 -05:00
root b6e750d7eb Nessus auxiliary scanner for updated REST API 2015-04-09 11:36:17 +05:00
William Vu c9bf8f3140
Land #5105, @joevennix's cable modem 0day 2015-04-08 16:09:46 -05:00
William Vu 831a59b10b Fix whitespace 2015-04-08 16:09:28 -05:00
Tod Beardsley 52f1b95222 Add disclosure link 2015-04-08 16:07:33 -05:00
sinn3r 1bfda9e78f
Land #5101, Add Directory Traversal for GoAhead Web Server 2015-04-08 15:30:23 -05:00
Brent Cook e03f2df691
Land #5002, RMI/JMX improvements 2015-04-08 15:23:29 -05:00
Tod Beardsley 7ed1655976
Adding module for R7-2015-01 
Disclosure coming soon, will update this module with a pointer to the
correct reference.
 2015-04-08 12:34:31 -05:00
Roberto Soares dc14c770be Changed the traversal variable to just one line 2015-04-08 02:26:59 -03:00
Roberto Soares 441042ed37 Removed the segments variable 2015-04-08 01:29:45 -03:00
Roberto Soares d399d05383 Add Directory Traversal for GoAhead Web Server 2015-04-07 20:22:06 -03:00
OJ 9fd40870d0 Update http(s) generator functions 
Methods now require a hash. I went with the hash because 1) that's what
we seem to use everywhere else, and 2) I couldn't get the new keyword
arguments working nicely with the block syntax (I'm clearly stupid).
 2015-04-08 07:56:54 +10:00
OJ 8f58e08c13 Add support for stageless reverse_http payloads 
This includes both x64 and x86.
 2015-04-07 11:01:24 +10:00
OJ 38a77c930e
Land #5072 : Support and embed payload UUIDs 2015-04-07 10:10:36 +10:00
William Vu 7a2d3f5ebd
Land #5082, firefox_proxy_prototype autopwn_info 2015-04-06 13:36:03 -05:00
William Vu e1af495d21 Add extra release fixes 2015-04-06 13:08:40 -05:00
Tod Beardsley b62011121b
Minor word choice fix on Solarwinds exploit 
Removing the second person pronoun usage.

[See #5050]
 2015-04-06 12:40:22 -05:00
Tod Beardsley 5be5b6097c
Minor grammar on #5030, Adobe Flash 
[See #5030]
 2015-04-06 12:36:25 -05:00
Tod Beardsley 1e6d895975
Description fixes on #4784, jboss exploit 
Also, needed to run through msftidy.

[See #4784]
 2015-04-06 12:34:49 -05:00
root cd65e6f282 Add browser_autopwn info to firefox_proxy_prototype 2015-04-06 10:42:32 +05:00
HD Moore 78c73cc2a3 Update cached sizes with the new uri defaults 2015-04-05 22:11:12 -05:00
Jon Cave 7aceb9218e Use bitwise OR to select both primary and backup DCs 
SV_TYPE_DOMAIN_CTRL || SV_TYPE_DOMAIN_BAKCTRL returns
SV_TYPE_DOMAIN_CTRL rather than ORing the bits together.
 2015-04-05 11:05:42 +01:00
HD Moore c9696d3f6c Merge in stageless/transport work, deconflict 2015-04-04 11:52:26 -07:00
William Vu 56dc7afea6
Land #5068, @todb-r7's module author cleanup 2015-04-03 16:00:36 -05:00
jvazquez-r7 79b2a23dff
Land #5015, @espreto file traversal scanner for RIPS 2015-04-03 15:35:58 -05:00
jvazquez-r7 ce6e5e12d8
Make depth an option 2015-04-03 15:33:27 -05:00
jvazquez-r7 70fad73092
Add metadata 2015-04-03 15:27:28 -05:00
jvazquez-r7 e3bbb7c297 Solve conflicts 2015-04-03 14:57:49 -05:00
jvazquez-r7 e729185804
Land #5051, @nullbind's new options for mssql_enum_domain_accounts_sqli 2015-04-03 14:44:20 -05:00
jvazquez-r7 fe9fbfd157
Make calculations easier 2015-04-03 14:43:01 -05:00
jvazquez-r7 6c36a82f78
Land #5059, @void-in's documentation clean up 2015-04-03 14:16:34 -05:00
jvazquez-r7 828301a6cc
Land #5050, @wchen-r7's exploit for Solarwinds Firewall Security Manager 
* CVE-2015-2284
 2015-04-03 13:45:30 -05:00
jvazquez-r7 7c9b19c6f8
Do minor cleanup 2015-04-03 11:53:50 -05:00
root 452ebcf9ad travis 2015-04-03 16:29:35 +05:00
root be829e77ba cravis error solve 2015-04-03 16:25:18 +05:00
root 4bd40fed7f yard doc and comment corrections for auxiliary 2015-04-03 16:12:23 +05:00
Brent Cook 16cb334325
Land #5065: OJ fix missed merges for uri_checksum and others 2015-04-02 22:53:29 -05:00
OJ fd043d4842 Fix up build and missing uri_checksum stuff 
Somehow this made it into a merge when it shouldn't have. This fix moves
the URI checksum module to where it needs to be and updates all the
references where required. This will result in a class with the dynamic
transport branch, but I can fix that after.
 2015-04-03 13:42:25 +10:00
scriptjunkie 0f7c644fff
Land #4784, JBoss Seam 2 upload exec exploit 2015-04-02 22:32:35 -05:00
OJ 5b5dc3ef59 Merge branch 'upstream/master' into stageless-x64 
Merge required adjustment of the proxy datastore names that were changed.
 2015-04-03 08:53:09 +10:00
Tod Beardsley 3ff91d74ca
More cleanup, mostly abysssec 
[See #5012]
 2015-04-02 16:16:38 -05:00
Tod Beardsley 11057e5b3b
Fix up the last couple from Tenable, missed last 
[See #5012]
 2015-04-02 15:27:46 -05:00
Tod Beardsley 4bbec88882
Various other one-off nonhuman author credits 
[See #5012]
 2015-04-02 15:25:47 -05:00
Tod Beardsley 6d5bcb93a8
Normalize the SecurityXploded Team credits 
[See #5012]
 2015-04-02 15:15:37 -05:00
Tod Beardsley 6532fad579
Remove credits to Alligator Security Team 
All but one of these modules credits both a team name and individual
team members. We should just be crediting team members. The domain
persists in all the other credits.

The one that didn't was credited to dflah_ specifically, so merely
changed the author name.

Longer description, if needed, wrapped at 72 characters.

[See #5012]
 2015-04-02 15:12:22 -05:00
HD Moore db5293eeee
Lands #5054, adds a module for the Ceragon mateidu SSH issue 2015-04-01 14:32:56 -05:00
Tod Beardsley b17727d244
Switching to privileged => false 2015-04-01 14:35:45 -05:00
sinn3r a592f645f0
Land #5039, Webdorado gallery wd 1.2.5 unauthenticated SQLi scanner 2015-04-01 14:34:58 -05:00
Tod Beardsley 0825534d2c
Fix reference 2015-04-01 14:16:45 -05:00
Tod Beardsley 8ec71e9daf
Add a module for R7-2015-05 2015-04-01 14:05:41 -05:00
jvazquez-r7 02a5730d92
Use calculate_interface_hash 2015-04-01 12:09:42 -05:00
sinn3r 0b14a18ad2 This is final 2015-04-01 12:00:49 -05:00
jvazquez-r7 f954ff78c0
Fix typo 2015-04-01 10:51:54 -05:00
nullbind 91aeef0a8a added startrid and endrid 2015-04-01 10:09:13 -05:00
sinn3r 0ee858cd65 Some useful messages 2015-04-01 01:41:31 -05:00
sinn3r 8ad07cdc0f This should be on the right track 2015-04-01 01:27:50 -05:00
OJ 24171a1a08
Land #5045 : Convert stageless proxy to new format 2015-04-01 12:06:57 +10:00
sinn3r 6795c90eac Some progress 2015-03-31 20:46:34 -05:00
sinn3r 97305629cb Add Solarwinds FSM module 
starter
 2015-03-31 16:21:52 -05:00
HD Moore 34ff94e0da Fix the proxy user/pass options 2015-03-31 15:49:43 -05:00
HD Moore df15892958 Convert stageless proxy settings to the new format 2015-03-31 15:46:15 -05:00
HD Moore a39ba05383 Functional Payload UUID embedding via PayloadUUIDSeed 2015-03-31 15:44:18 -05:00
David Maloney 63da27ece0
add missing HKLM root to regkey 
the chevkm windows psot module had HKLM
missing from the front of one of it's reg key
paths. This was missed in Rails 3 due to the
error being swallowed unexpectedly. in rails 4
we actually see this cause a stack trace

MSP-12384
 2015-03-31 14:17:18 -05:00
Tod Beardsley d1318d1b48
Fixups for release 2015-03-31 11:02:12 -05:00
OJ 633b46874d Merge branch 'upstream/master' 2015-03-31 14:53:48 +10:00
Brandon Perry e73286cfa5 update stale references 2015-03-30 17:17:48 -05:00
OJ 253e5d7dff Include correct module, remove specified encoder type 2015-03-31 07:23:51 +10:00
sinn3r 613f4777ce Land #5024, add joomla_ecommercewd_sqli_scanner.rb 2015-03-30 12:45:09 -05:00
sinn3r 8ea1ffc6ff
Land #5030, CVE-2015-0313 Flash Exploit 2015-03-30 11:31:53 -05:00
jvazquez-r7 ee404713f1
Land #5014, @wchen-r7's module for MS14-052 
* As auxiliary module to gather info about existent local files
 2015-03-30 11:02:56 -05:00
jvazquez-r7 8ff54ff98d
Add msb reference 2015-03-30 10:58:08 -05:00
sinn3r 9af1e76bf7 Obfuscate js 2015-03-30 10:52:01 -05:00
sinn3r c7fa01c5ae Rename file 2015-03-30 10:39:33 -05:00
OJ c28cc66398 Add x64 bind_tcp and reverse_ipv6_tcp 
Also fix up a couple of modules to use Metasploit4 instead of
Metasploit3.
 2015-03-30 18:59:30 +10:00
OJ 26792975eb Refactor of code to reduce duplication 
Add mixin for the stageless http preparation
 2015-03-30 13:18:56 +10:00
OJ f8851551c5 Add initial x64 stageless meterrpeter module 2015-03-30 11:23:51 +10:00
OJ ce8f6d72e1 More work on x64 stageless 
Testing with HD's new changes that allow for generation of larger x64
payloads
 2015-03-30 09:51:04 +10:00
h00die 28b9e89963 removed duplicate "uses" from description 2015-03-29 19:40:31 -04:00
OJ 17dc2b184d Merging upstream/master 2015-03-30 09:12:20 +10:00
Meatballs c430e5fab1
@m7x forgot to put a reference in 2015-03-29 02:13:31 +01:00
Brandon Perry de2bf0181c add first pass at gallerywd sqli scanner 2015-03-28 16:15:51 -05:00
Brandon Perry 9f0483248c add TARGETURI datastore option 2015-03-28 15:46:41 -05:00
Meatballs 2ed9489f38 Delete load line 2015-03-28 20:31:35 +00:00
Meatballs 99f79e8533 Use incognito token stealing rather than process migration if we have 
the privileges required for successful impersonation.
 2015-03-28 20:31:35 +00:00
Meatballs f83f4ae764 Move hashdump to gather 2015-03-28 20:31:35 +00:00
Meatballs e2af15a0df Refactor MSSQL Post 2015-03-28 20:31:35 +00:00
root 1558190a9d Add module mssql_local_hashdump 2015-03-28 20:31:35 +00:00
Brandon Perry 6ede476423 Update joomla_ecommercewd_sqli_scanner.rb 2015-03-28 08:38:12 -05:00
William Vu ef8c0aac69
Land #5020, spelling fixes for some modules 2015-03-28 00:36:04 -05:00
Brandon Perry 0dbd8544b4 Update joomla_ecommercewd_sqli_scanner.rb 2015-03-27 21:20:59 -05:00
Brandon Perry 31be47d5bc Create joomla_ecommercewd_sqli_scanner.rb 2015-03-27 20:25:33 -05:00
jvazquez-r7 f84a46df63
Add module for CVE-2015-0313 2015-03-27 18:51:13 -05:00
sinn3r 9cfafdd8b8
Land #4649, improve post/windows/manage/run_as and as an exploit 2015-03-27 17:31:30 -05:00
C-P 4f4bf9debb paylod vs payload 2015-03-27 11:55:15 -07:00
C-P 0a8fe781d1 paylod vs payload 2015-03-27 11:54:14 -07:00
C-P 5ba614a325 payloda vs payload 2015-03-27 11:53:20 -07:00
C-P 2d81460583 Explot vs Exploit 2015-03-27 11:37:11 -07:00
C-P f129347b51 Filed vs Failed fix 2015-03-27 11:28:50 -07:00
C-P 48484c1f09 Filed vs Failed fix 2015-03-27 11:27:36 -07:00
Roberto Soares 3e104fd8e6
Add Directory Traversal for RIPS Scanner 2015-03-27 05:08:43 -03:00
sinn3r f996c5a888 Update description 2015-03-27 02:31:36 -05:00
sinn3r 67dc46791d Limit the module to IE 8 and IE9 2015-03-27 02:30:04 -05:00
sinn3r f88d9651b6 I don't think it's worth putting the js in ie_addons.js 2015-03-27 02:26:50 -05:00
sinn3r bd2763292a Properly credit Soroush Dalili 2015-03-26 23:36:16 -05:00
sinn3r 560f31c34d Minor changes 2015-03-26 23:29:44 -05:00
sinn3r 68624dd56e Final for ie_files_disclosure.rb 2015-03-26 22:49:22 -05:00
sinn3r b0b17775c2 First working version 2015-03-26 21:53:26 -05:00
Brent Cook e0568e95c2
Land #4978 @zerosteiner adds reverse https for python meterpreter 2015-03-26 19:16:46 -05:00
sinn3r 955c0557e0
Land #4988, Relative URL for ms14_064_ole_code_execution 2015-03-26 13:36:37 -05:00
m-1-k-3 d81a246660 target_uri 2015-03-26 12:16:20 +01:00
m-1-k-3 b7f469b747 feedback 2015-03-26 07:39:36 +01:00
Spencer McIntyre 10e8cefd6d Pymet dont validate ssl certs for 2.7.9/3.4.3 2015-03-25 19:49:42 -04:00
sinn3r 68cb766681
Land #5007, Ruby 1.9+ syntax 2015-03-25 16:11:53 -05:00
William Vu 632879ceb6
Land #5001, wp_easycart_privilege_escalation CVE 2015-03-25 13:54:44 -05:00
jvazquez-r7 d84c48cb7d
Use newer hash syntax 2015-03-25 13:39:34 -05:00
jvazquez-r7 72a0909e9b
Land #4992, @wchen-r7's support for multiple ActiveX controls on BrowserExploitServerMerge 2015-03-25 13:30:36 -05:00
jvazquez-r7 0540e25db2
Calculate the java/rmi/registry/RegistryImpl_Stub hash dinamically 2015-03-25 11:29:07 -05:00
jvazquez-r7 356e8c727c
Add specs for Msf::Java::Rmi::Client::Jmx::Server 2015-03-24 18:56:58 -05:00
rastating 7a0fe05803 Add CVE-ID to module references 2015-03-24 22:30:43 +00:00
Christian Mehlmauer 7bf00f8f47
Land #4789, @rastating WPLMS wordpress module 2015-03-24 20:46:38 +01:00
jvazquez-r7 39e87f927a
Make code consistent 2015-03-24 11:44:26 -05:00
Tod Beardsley 49a6057f74
Grammaring harder 2015-03-24 11:10:36 -05:00
William Vu 7c456f2ad8
Land #4993, ams_xfr "payload_exe" NameError fix 2015-03-24 00:51:49 -05:00
sinn3r 8255e7a2dc Fix #4987 - undef payload_exe for ams_xfr 
Fix #4987
 2015-03-24 00:42:22 -05:00
William Vu 3dac6377d0
Fix #4983, bad copy pasta'd deprecation year 2015-03-24 00:34:54 -05:00
William Vu fadac30f00 Fix deprecated year 2015-03-24 00:34:38 -05:00
William Vu 6353154865
Land #4983, renamed WordPress modules 2015-03-23 23:49:40 -05:00
William Vu e338b77389 Readd and deprecate renamed WordPress modules 2015-03-23 23:48:56 -05:00
sinn3r db243a8225 x360_video_player_set_text_bof actually uses SetText for ActiveX 2015-03-23 23:36:20 -05:00
sinn3r 3248f02c2c These exploits use :activex, so I update the usage for them 2015-03-23 19:34:24 -05:00
jvazquez-r7 04341bfc78
Support JMX_ROLE again 2015-03-23 17:32:26 -05:00
Brent Cook 1869977921
Land #4962: OJ adjusts MSF to new metsrv needs 
bump meterpreter bins to 0.0.17
 2015-03-23 17:18:06 -05:00
jvazquez-r7 d8d4c23d60
JMX code refactoring 2015-03-23 17:06:51 -05:00
OJ 24d74b26e3 Beginning work for stageless x64 meterpreter 2015-03-24 06:50:06 +10:00
jvazquez-r7 962bb670de
Remove old JMX mixin 2015-03-23 15:48:10 -05:00
andygoblins 89e27d98ab Use relative URL to GET payload for WinXP 
Relative URLs are simpler, and allow the exploit to work on attack machines in NAT environments. Example: attack machine is NATed and does not have a DNS hostname. SRVHOST must be 0.0.0.0 but the victim cannot access the attacker from Rex::Socket.source_address
 2015-03-23 14:40:06 -05:00
Tod Beardsley 21a97c0926
Add exploit for R7-2015-04, Firefox Proxy RCE 2015-03-23 13:44:41 -05:00
sinn3r 156520338d Making some changes to how BES handles ActiveX 2015-03-23 12:21:27 -05:00
jvazquez-r7 79068c8ec2
Delete JMX discovery stream 2015-03-23 10:21:37 -05:00
aushack b191f92713 Renamed WordPress files to fit majority naming convention. 2015-03-23 18:15:04 +11:00
OJ 9c9d333a1b Create verify ssl mixin, adjust some formatting 2015-03-23 13:21:08 +10:00
jvazquez-r7 2d1adf6ef4
Land #4923, @m-1-k-3's exploit for overflow on belkin routers 2015-03-22 02:05:35 -05:00
jvazquez-r7 ee74bb3c5b
The default concat operator should be ok 2015-03-22 02:05:02 -05:00
jvazquez-r7 5499b68e02
Do code cleanup 2015-03-22 01:58:32 -05:00
Spencer McIntyre a407bc8d65 Fix the reverse_https stager CachedSize for the spec 2015-03-21 13:05:44 -04:00
Spencer McIntyre 7282968d8a Python reverse HTTPS stager 2015-03-21 12:43:14 -04:00
William Vu 07b82ec640
Land #4974, minishare_get_overflow WfsDelay change 2015-03-20 18:55:58 -05:00
William Vu 859b54f8a3
Land #4956, Qualys' Exim GHOST module 2015-03-20 18:44:30 -05:00
jvazquez-r7 8c3e39acf0
Land #4847 @rastating's module for WordPress WP EasyCart privilege escalation 2015-03-20 18:23:05 -05:00
jvazquez-r7 349d7cb9ee
Do minor cleanup 2015-03-20 18:20:45 -05:00
Adam Ziaja 921b9eab8e Update minishare_get_overflow.rb 
set WfsDelay 30
 2015-03-20 23:42:54 +01:00
William Vu 4004771aed
Land #4972, minishare_get_overflow targets 
Windows 2003 SP1 English and Windows 2003 SP2 English.
 2015-03-20 17:27:34 -05:00
William Vu 6f51946aa0
Land #4969, GitLab module references 2015-03-20 17:26:51 -05:00
William Vu 99f3de0843 Clean up info hash formatting 2015-03-20 17:26:21 -05:00
Adam Ziaja 505ecd32fb Update minishare_get_overflow.rb 
Windows 2003 SP1 English, Windows 2003 SP2 English
 2015-03-20 23:09:50 +01:00
jvazquez-r7 1226b3656f
Land #4945, @wchen-r7's login scanner for Symantec web gateway 2015-03-20 14:44:05 -05:00
jvazquez-r7 2f35fcff99
Fix require 2015-03-20 14:43:42 -05:00
Meatballs 8ee520e749
Add reference 2015-03-20 19:17:34 +00:00
sinn3r b19f766728
Land #4942, Gitlab Login Scanner 2015-03-20 13:02:12 -05:00
sinn3r a2ce14a31e
Land #4941, Gitlab Unauth User Enumeration 2015-03-20 12:28:35 -05:00
sinn3r 235124a40a Fix typo 2015-03-20 12:27:23 -05:00
sinn3r 84164b44b2 Should also rescue JSON::ParserError for banner parsing 2015-03-20 12:27:02 -05:00
sinn3r 0c2ed21e90
Land #4318, Lateral movement through PSRemoting 2015-03-20 11:39:35 -05:00
sinn3r 23d8479683 Fix typo 2015-03-20 11:39:00 -05:00
sinn3r 0da79edb9c Add a print_status to let the user know the module is over 
If I have to run the module as a job, sometimes I can't tell if
the module has finished running or not.
 2015-03-20 11:35:18 -05:00
sinn3r 1b67a06d35 No banner var 2015-03-20 02:26:59 -05:00
sinn3r b55ffc9ff1 Change option to FORCE_EXPLOIT 2015-03-20 01:44:10 -05:00
oj@buffered.io fd4ad9bd2e Rework changes on top of HD's PR 
This commit removes duplication, tidies up a couple of things and puts
some common code into the x509 module.
 2015-03-20 13:06:57 +10:00
OJ 7b4161bdb4 Update code to handle cert validation properly 
This code contains duplication from HD's PR. Once his has been landed
this code can be fixed up a bit so that duplication is removed.
 2015-03-20 12:52:47 +10:00
William Vu 7eec88c086
Land #4957, glassfish_login symbol cleanup 2015-03-19 21:20:33 -05:00
jvazquez-r7 b839547dc3 Add documentation for Registry modules and methods 2015-03-19 17:57:21 -05:00
jvazquez-r7 a7f1244251
Finish the java_rmi_registry gather module 2015-03-19 17:33:45 -05:00
sinn3r 94ab2f94fd Remove symbols that aren't used 
These symbols belong to the AuthBrute mixin, but we are not using
AuthBrute for login testing.
 2015-03-19 14:14:01 -05:00
sinn3r d8539ef91a Change datastore option's description 2015-03-19 12:22:42 -05:00
sinn3r a2ba81f84f This should be true (required) 2015-03-19 11:54:03 -05:00
sinn3r d8c8bd1669 Move the details to a wiki 2015-03-19 11:52:17 -05:00
jvazquez-r7 5c3134a616
Add first support to gather information from RMI registries 2015-03-19 11:16:04 -05:00
OJ 7899881416 Update POSIX bins from master 2015-03-19 14:50:14 +10:00
OJ 1a2f35d806
Land #4951: Dynamic URI generation for Java/Python reverse_http(s) 2015-03-19 12:41:20 +10:00
Spencer McIntyre 076f15f933
Land #4792 @jakxx Publish It PUI file exploit 2015-03-18 20:59:54 -04:00
Spencer McIntyre 3f8ed56a9a
Add available space to the payload info 2015-03-18 20:57:58 -04:00
Meatballs 6ceab3d02d
Add a DisclosureDate 2015-03-18 23:51:18 +00:00
sinn3r 968a8758ad Add CVE-2015-0235 Exim GHOST (glibc gethostbyname) Buffer Overflow 
This was originally written by Qualys
 2015-03-18 18:51:16 -05:00
joev b33e7f477c
Land #4947, h0ng10's TWiki exploit. 2015-03-18 17:17:34 -05:00
HD Moore 346b1d539f Revert Java back to static size for cache purposes (less cpu usage on startup) 2015-03-18 16:24:01 -05:00
HD Moore 33bbf7cb7e Dynamic URI generation for python/java http(s) stagers 2015-03-18 16:08:11 -05:00
jvazquez-r7 ae84c8ee30
Delete even more comments 2015-03-18 15:55:52 -05:00
jvazquez-r7 f956ba1a46 Do first JMX cleaning try 2015-03-18 15:37:07 -05:00
rwhitcroft 7ae97393e0 fix x64/reverse_https stager shellcode 2015-03-18 15:34:31 -04:00
OJ e943cb550f
Land #4585 : CVE-2015-0975 XXE in OpenNMS 2015-03-18 22:34:52 +10:00
OJ d1a2f58303 Fix of regex for file capture and format tweaks 2015-03-18 22:17:44 +10:00
Hans-Martin Münch (h0ng10) 5dd718e4fa Better description 2015-03-18 09:51:51 +01:00