infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
27,476 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

14562 Commits (f20610a65706c7c6d9ea9f3f9f1fb3bbc8ec9ac5)

Author SHA1 Message Date
William Vu 35b8c2be4b
Land #3800, release fixes 2014-09-16 14:05:23 -05:00
Joe Vennix 59dfa624c4
Add a REMOTE_JS datastore option for BeEf hooks etc. 2014-09-16 13:31:03 -05:00
sinn3r 3e09283ce5
Land #3777 - Fix struts_code_exec_classloader on windows 2014-09-16 13:09:58 -05:00
sinn3r 158d4972d9 More references and pass msftidy 2014-09-16 12:54:27 -05:00
Tod Beardsley bd17c96a6e
Dropped a hyphen in the title 2014-09-16 12:47:44 -05:00
Vincent Herbulot 7a7b6cb443 Some refactoring 
Use EDB instead of URL for Exploit-DB.
Remove peer variable as peer comes from HttpClient.
 2014-09-16 17:49:45 +02:00
us3r777 4c615ecf94 Module for CVE-2014-5519, phpwiki/ploticus RCE 2014-09-16 00:09:41 +02:00
jvazquez-r7 7d4c4c3658
Land #3699, @dmaloney-r7's ipboard login refactor 2014-09-15 08:29:42 -05:00
jvazquez-r7 3a6066792d Work in rop chain... 2014-09-13 17:38:19 -05:00
jvazquez-r7 83bf220a10
Land #3730, @TomSellers's post module for Remote Desktop Connection Manager 2014-09-12 15:38:33 -05:00
jvazquez-r7 5da6a450f1 fix find condition 2014-09-12 15:21:50 -05:00
jvazquez-r7 1749fc73c2 Change module filename 2014-09-12 15:05:33 -05:00
jvazquez-r7 95b6529579 Fix run method 2014-09-12 14:27:25 -05:00
jvazquez-r7 373861abb0
Land #3526, @jhart-r7's soap_xml scanner cleanup 2014-09-12 13:29:52 -05:00
jvazquez-r7 12f949781a Use double quote for xml strings 2014-09-12 13:18:48 -05:00
jvazquez-r7 67c0ee654b Use Gem::Version 2014-09-12 10:35:12 -05:00
jvazquez-r7 0d054d8354 Update with master changes 2014-09-12 09:52:32 -05:00
jvazquez-r7 e2ef927177 Add first version for ZDI-14-255 2014-09-12 08:57:54 -05:00
William Vu 60b29cbd5e
Fix word splitting problem 2014-09-12 06:50:53 -05:00
William Vu 8a6a205e39
Land #3724, NetworkManager creds module 2014-09-12 05:48:35 -05:00
William Vu 131401f024
Remove unused method 2014-09-12 05:48:11 -05:00
Luke Imhoff 706655f755
Land #3779, Glassfish LoginScanner exception 
MSP-11343
 2014-09-11 15:57:47 -05:00
Tod Beardsley d2f2b142b4
Land #3760, Arris WEP/WPA leak from @dheiland-r7 2014-09-11 15:39:19 -05:00
Tod Beardsley 4fc1ec09c7
Land #3759, Android UXSS, with ref/desc fixes 
Incidentally, this also closes jvennix-r7#14 (let's see if I can close a
PR by merging from another repo!)

Also fixes #3782 (opened by accident).
 2014-09-11 14:27:51 -05:00
Tod Beardsley fbba4b32e0
Update the title and desc to be more descriptive 
See #3759
 2014-09-11 14:06:14 -05:00
Tod Beardsley d627ab7628
Add refs for Android UXSS 
See #3759
 2014-09-11 14:05:50 -05:00
James Lee 8aa06b8605
Better api for check_setup 2014-09-10 23:43:54 -05:00
James Lee c1658e5d51 Add a check_setup method 2014-09-10 20:09:46 -05:00
James Lee 84e4db9035 Don't raise in the middle 
MSP-11343

This means we don't bomb out with an unhandled exception, instead
continuing attempting logins against the host even though it will never
succeed. Next up: verify state before running scan!()
 2014-09-10 20:09:33 -05:00
Deral Heiland 872ba6a53b Update arris_dg950 module with required changes 
Collapsed several levels of the if/else statement and changed out 2 with
case. Changed print_good to print_line. Removed rescue ::Interrupt and
altered variable names to make them more readable
 2014-09-10 19:07:53 -04:00
jvazquez-r7 373eb3dda0 Make struts_code_exec_classloader to work on windows 2014-09-10 18:00:16 -05:00
Jon Hart e317bfe0d5
Add preliminary module for discovering services with empty UDP probes 2014-09-10 10:58:22 -07:00
sinn3r 280e16c241
Land #3677 - Updated shodan_search for new API 2014-09-10 11:39:00 -05:00
sinn3r 006393360e Add conditions to check healthy shodan results 2014-09-10 11:38:06 -05:00
James Lee 257f0fc93e
Quick fix for ssh_login_pubkey 
Fixes #3772, closes #3774
 2014-09-10 09:57:17 -05:00
Jon Hart 495e1c14a1
Land #3721, @brandonprry's module for Railo CVE-2014-5468 2014-09-09 19:10:46 -07:00
Jon Hart 26d8432a22
Minor style and usability changes to @brandonprry's #3721 2014-09-09 19:09:45 -07:00
Brandon Perry db6052ec6a Update check method 2014-09-09 18:51:42 -05:00
sinn3r 0a6ce1f305
Land #3727 - SolarWinds Storage Manager exploit AND Msf::Payload::JSP 2014-09-09 17:21:03 -05:00
sinn3r 027f543bdb
Land #3732 - Eventlog Analzyer exploit 2014-09-09 11:33:20 -05:00
sinn3r 75269fd0fa Make sure we're not doing a 'negative' timeout 2014-09-09 11:26:49 -05:00
Joe Vennix 7793ed4fea
Add some common UXSS scripts. 2014-09-09 02:31:27 -05:00
James Lee b8000517cf
Land #3746, reinstate DB_ALL_CREDS 2014-09-08 17:24:12 -05:00
David Maloney 2ac15f2088
some fixes based on Christruncer's feedback 
fixed some stuff i borked, back to you chris
 2014-09-08 15:27:01 -05:00
David Maloney cd3cdc5384
Merge branch 'master' into feature/ipboard-login-refactor 2014-09-08 14:48:37 -05:00
Tod Beardsley 4abee39ab2
Fixup for release 
Ack, a missing disclosure date on the GDB exploit. I'm deferring to the
PR itself for this as the disclosure and URL reference.
 2014-09-08 14:00:34 -05:00
David Maloney 09e6c2f51f
Merge branch 'master' into feature/MSP-11162/db-all-creds 2014-09-08 12:52:25 -05:00
William Vu ae5a8f449c
Land #3691, gdbserver hax 2014-09-08 11:48:39 -05:00
Deral Heiland 9a6ee5090a Add Arris DG950A SNMP data extraction module 
This module will extract critical data such as WPA and WEP keys from
the Arris DG950a model cable modem via the SNMP protocal.
 2014-09-08 11:04:31 -04:00
sinn3r 0ccb39c057
Land #3726 - Fix typos in wordpress login 2014-09-08 09:40:57 -05:00
cx 1b5e40ff78 New Creds model added 2014-09-08 11:42:05 +03:00
Joe Vennix 27889ea411
Add a safety fallback on js load. 2014-09-08 00:46:47 -05:00
Joe Vennix 8407d45c9c
Rework the timers. 2014-09-08 00:40:00 -05:00
Joe Vennix 5c9c8edfcf
Fix refs. 2014-09-07 23:33:45 -05:00
Joe Vennix 5efaf7d4cf
rename module, handle asyncness. 2014-09-07 23:25:08 -05:00
jvazquez-r7 10bb77af9f
Land #3716, @wchen-r7's Glassfish LoginScanner update 2014-09-07 21:54:34 -05:00
Joe Vennix 1bf89fb6bd Add Android <= 4.3 AOSP UXSS module. 2014-09-07 20:44:03 -05:00
jvazquez-r7 c86d01a667 Fix win.ini signature 2014-09-07 01:46:38 -05:00
sinn3r 44b9dc9b28 Update tmlisten_traversal 2014-09-06 01:18:11 -05:00
jvazquez-r7 df278dd2dc Conver to exploit 2014-09-05 14:47:33 -05:00
jvazquez-r7 d4a8b7e00d Move to exploits 2014-09-05 10:38:28 -05:00
jvazquez-r7 892f72e4ce Move module path 2014-09-05 10:30:27 -05:00
jvazquez-r7 d041ee6629 Delete exploit modules from this branch 2014-09-05 10:29:24 -05:00
Chris Hebert abffdd8705 Update alienvault_newpolicyform_sqli.rb 
cleaned up according to msftidy.rb suggestions

modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:17 - [WARNING] Spaces at EOL
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:18 - [WARNING] Tabbed indent: "\tlack of input filtering to read an arbitrary file from the file system.\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Space-Tab mixed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Tabbed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Space-Tab mixed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Tabbed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:110 - [WARNING] Spaces at EOL
 2014-09-04 21:46:37 -04:00
Chris Hebert 664cc131e3 Update alienvault_newpolicyform_sqli.rb 
added 'ctx' variable relating to jvazquez-r7 note added on Jun 9
 2014-09-04 21:34:24 -04:00
sinn3r 08ce278cca Got these wrong 2014-09-04 17:05:51 -05:00
sinn3r cb490fc00e [SeeRM #8836] Change boot.ini to win.ini 2014-09-04 17:03:21 -05:00
jvazquez-r7 d83131f1d9
Land #3750, @wvu favoring unless 2014-09-04 16:17:07 -05:00
jvazquez-r7 ff210a7c0a delete parenthesis 2014-09-04 16:16:29 -05:00
sinn3r 85b48fd437
Land #3736 - Revert initial ff xpi prompt bypass for Firefox 22-27 2014-09-04 16:08:15 -05:00
jvazquez-r7 f063dcf0f4
Land #3741, @pedrib's module for CVE-2014-5005 Desktop Central file upload 2014-09-04 15:44:21 -05:00
jvazquez-r7 f466b112df Minor cleaning on check 2014-09-04 15:43:59 -05:00
jvazquez-r7 74b8e8eb40 Change module filename 2014-09-04 15:39:34 -05:00
jvazquez-r7 c32b977a27
Land #3747, @wvu changes to printer_ready_message 2014-09-04 15:26:52 -05:00
William Vu 2d8c7a7a4d
Refactor if statement to early return 
This eliminates the protracted if statement and aligns the code body.
 2014-09-04 15:05:30 -05:00
William Vu 614c7c178d
Land #3749, jtr_oracle_fast missing require fix 2014-09-04 15:03:37 -05:00
jvazquez-r7 c1bca5c138
Land #3742, @pedrib's changes to desktopcentral_file_upload check method 2014-09-04 14:47:36 -05:00
jvazquez-r7 7563c0bd0e Use Gem::Version 2014-09-04 14:40:13 -05:00
HD Moore 34455b5dc6 Fix missing require for jtr_oracle_fast 2014-09-04 14:38:07 -05:00
William Vu 50ac8366fd
Refactor CHANGE/RESET to actions 
Missed in c1fdc4d945.
 2014-09-04 14:36:04 -05:00
jvazquez-r7 2615a7a3be Favor \&\& and || operands 2014-09-04 14:35:37 -05:00
sinn3r 0dcf481d76 This one is good to go 2014-09-04 14:13:33 -05:00
William Vu 84f9ec0aad
Refactor implicit options hash 
Missed in c1fdc4d945.
 2014-09-04 13:30:06 -05:00
David Maloney 00ec47fb83
call new prepend cred methods 
add method calls o all the lgoinscanner modules
so that they call the prepend_db_* methods as approrpiate
these methods automatically check to see if DB_ALL_CREDS was
selected
 2014-09-04 12:32:35 -05:00
David Maloney c5755824a6
pass in vhost and useragent 
have http loginscanner modules pass in VHOST
and Useragent to the LoginScanner classes
 2014-09-04 11:02:19 -05:00
sinn3r dd4fd7bb39 The reporting part 2014-09-03 16:32:23 -05:00
sinn3r e1694ec3e5 LoginScanner update for hp_sys_mgmt_login 
Work in progress
 2014-09-03 16:23:57 -05:00
Joe Vennix 0e18d69aab
Add extended mode to prevent service from dying. 2014-09-03 16:07:27 -05:00
Joe Vennix 4293500a5e
Implement running exe in multi. 2014-09-03 15:56:21 -05:00
Pedro Ribeiro f0e3fa18a3 Restore the original filename 2014-09-03 21:32:05 +01:00
Joe Vennix 268d42cf07
Add PrependFork to payload options. 2014-09-03 14:56:22 -05:00
jvazquez-r7 185ce36859
Land #3701, @wchen-ru's AppleTV modules 2014-09-03 12:30:50 -05:00
jvazquez-r7 10dee28fbd Add http socket to the module sockets and allow the framework to cleanup 2014-09-03 12:01:48 -05:00
sinn3r 5acbcc80e2 no threading 2014-09-03 11:37:30 -05:00
Pedro Ribeiro ded085f5cc Add CVE ID 2014-09-03 07:22:10 +01:00
Brandon Perry ee3e5c9159 Add check method 2014-09-02 21:35:47 -05:00
Pedro Ribeiro c672fad9ef Add OSVDB ID, remove comma from Author field 2014-09-02 23:17:10 +01:00
Pedro Ribeiro d69049008c Refactor and rename desktopcentra_file_upload 
- Rewrite check method
- Declare that v7 is also exploitable (tested and it works)
- Rename to dc_agentlogupload_file_upload to match the other DC module's naming convention
- Add CVE / OSVDB / Full disclosure references
 2014-09-02 23:12:33 +01:00
Pedro Ribeiro 05856016c9 Add exploit for CVE-2014-5005 2014-09-02 23:09:10 +01:00
Joe Vennix f7617183d9
Revert "Add initial firefox xpi prompt bypass." 
This reverts commit ebcf972c08.
 2014-09-02 12:27:41 -05:00
cx aaeb5a2f5f jhart-r7 suggestions added 2014-09-02 12:05:54 +03:00
John Sawyer 3281781f6a Addressed r7 comments, fixed bug in results loop 2014-09-01 13:43:31 -04:00
Pedro Ribeiro d480a5e744 Credit h0ng10 properly 2014-09-01 07:58:26 +01:00
Pedro Ribeiro 59847eb15b Remove newline at the top 2014-09-01 07:56:53 +01:00
Pedro Ribeiro 6a370a5f69 Add exploit for eventlog analyzer file upload 2014-09-01 07:56:01 +01:00
Tom Sellers 20a02a9d29 Cleanup 2014-08-31 14:01:13 -05:00
Tom Sellers 6f7bc94db4 Creation of rdcmanager_creds.rb 2014-08-31 13:38:08 -05:00
jvazquez-r7 c05edd4b63 Delete debug print_status 2014-08-31 01:34:47 -05:00
jvazquez-r7 8b1791da22 Modify modules to keep old behavior 2014-08-31 01:18:53 -05:00
jvazquez-r7 559ec4adfe Add module for ZDI-14-299 2014-08-31 01:11:46 -05:00
DrDinosaur 8ba5488198 Update wordpress_login_enum.rb 
Fixed some typos.
 2014-08-30 13:37:48 -10:00
jvazquez-r7 e1b6ee283f Allow Msf::Payload::JSP to guess system shell path if it isnt provided 2014-08-30 16:27:02 -05:00
Brandon Perry 438f0e6365 typos 2014-08-30 09:22:58 -05:00
Brandon Perry f72cce9ff2 Update railo_cfml_rfi.rb 2014-08-29 17:33:15 -05:00
David Maloney a142e78a66
refactor wordpress_xml_rpc_login 
refactor the login module to use the loginscanner class
 2014-08-29 13:09:09 -05:00
David Maloney 0e14b271a1
Merge branch 'master' into wordpress-xmlrpc-login-scanner 2014-08-29 12:50:34 -05:00
Spencer McIntyre 1cdf1c2c6e
Land #3709, @nnam's wing ftp admin console cmd exec 2014-08-29 13:46:01 -04:00
Spencer McIntyre 8095b4893c Rename and apply rubocop style to wing_ftp_admin_exec 2014-08-29 13:42:11 -04:00
cx bd9417490e Merge branch 'master' into linux-post-enum-psk 2014-08-29 15:50:28 +03:00
cx eaf73f9f84 Linux Gather 802-11-Wireless Security Credentials 2014-08-29 11:08:08 +03:00
sinn3r f7091d854e Add a timeout 2014-08-28 22:26:38 -05:00
jvazquez-r7 40f581458a
Land #3570, @ikkini scanner for rsync 2014-08-28 18:48:32 -05:00
jvazquez-r7 9fb9ab813c Add URL reference 2014-08-28 18:47:56 -05:00
jvazquez-r7 bc542a011d Change module filename 2014-08-28 18:42:30 -05:00
jvazquez-r7 213fe23970 Clean rsync_modules_list 2014-08-28 18:40:55 -05:00
nnam 02bbd53b82 Fix failure messages for check(). 2014-08-28 12:09:35 -07:00
Nicholas Nam 6c90a50e47 Handle res.nil case in check(). Revert check for res.nil in 
execute_command() because it was failing prior to the reverse_shell
connecting.
 2014-08-28 10:57:52 -07:00
Nicholas Nam 0788ce9745 Removed unused require and import. Handle the res.nil case in 
execute_command() and authenticate().
 2014-08-28 10:30:30 -07:00
sinn3r f097ef96e0 Use && 2014-08-28 12:13:03 -05:00
sinn3r d0d9949d91 Do SSL options correctly 2014-08-28 12:04:14 -05:00
jvazquez-r7 58091b9e2b
Land #3708, @pedrib fix for manage_engine_dc_pmp_sqli 2014-08-28 10:47:03 -05:00
jvazquez-r7 d8c15766bd
Land #3567 @OJ's fixes to the MQAC local exploit solving conflicts 2014-08-28 10:19:47 -05:00
jvazquez-r7 9d3d25a3b3 Solve conflicts 2014-08-28 10:19:12 -05:00
Matt Andreko 784ece574e Found additional typos. 2014-08-28 09:03:19 -05:00
Matt Andreko cb634cfef3 Fixed annoying typo that shows up in validation screenshots 2014-08-28 08:50:30 -05:00
Brandon Perry f4965ec5cf Create railo_cfml_rfi.rb 2014-08-28 08:42:07 -05:00
inkrypto 4a479d17a9 Randomize padding on aux module, fix spacing on exploits 2014-08-27 20:41:33 -04:00
Tod Beardsley 6d45f75b47
Land #3690, credential_collect refactor 
@TomSellers strikes again!
 2014-08-27 18:31:59 -05:00
Tom Sellers 9b0c5dfb0c Minor fix 2014-08-27 18:31:13 -05:00
sinn3r 0ba2f1e457 Leave a note about the old empty password issue 2014-08-27 17:06:11 -05:00
sinn3r d5b70cca24 "Auth bypass" does not really describe what the feature actually does 2014-08-27 16:56:07 -05:00
sinn3r a32ffc4c26 Add the final portion for Glassfish login module 2014-08-27 15:09:11 -05:00
sinn3r 633eaab466
Land #3714 - Firefox 22-27 WebIDL Privileged Javascript Injection 2014-08-27 01:45:18 -05:00
sinn3r 5d8cbe0544 Early version of Glassfish using LoginScanner 2014-08-27 01:23:02 -05:00
Joe Vennix 26cfed6c6a
Rename exploit module. 2014-08-26 23:05:41 -05:00
Joe Vennix 96276aa6fa
Get the disclosure date right. 2014-08-26 20:36:58 -05:00
Joe Vennix 52f33128cd
Add Firefox WebIDL Javascript exploit. 
Also removes an incorrect reference from another FF exploit.
 2014-08-26 20:35:17 -05:00
Tom Sellers d5e39ae284 Adjustments for new LoginScanner code 2014-08-26 18:13:00 -05:00
HD Moore ba1f7c3bf6 Land #3687, reworks the nat-pmp portscanner 2014-08-26 14:34:46 -05:00
HD Moore ed9bb3e52c Fix a small typo 2014-08-26 14:34:10 -05:00