infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
44,950 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

2514 Commits (f4d9788454a19ce25cbb0ac8284dba443bf37cad)

Author SHA1 Message Date
Aaron Soto c38bca1799
Land #9908, msfd_rce_remote and msfd_rce_browser 2018-04-30 09:49:50 -05:00
Brent Cook 62c6340d70
Land #9794, Added support for regional dialects 2018-04-06 14:20:42 -07:00
Chris Higgins ded6a50883
Land #8539, ProcessMaker Plugin Upload exploit 2018-04-04 19:06:18 -07:00
William Vu b870091380
Land #9423, PSH for jenkins_xstream_deserialize 2018-03-27 14:21:47 -05:00
h00die c56e571b18
Land #9702 exploit for clipbucket 2018-03-27 13:55:43 -05:00
Jacob Robles fbee660136
Land #9554, Eclipse Equinoxe OSGi console RCE 2018-03-07 07:49:31 -08:00
William Vu 3fd2862f76
Land #9639, multi/handler exit on disabled handler 
If DisablePayloadHandler is set, abort instead of hanging.
 2018-03-01 07:48:02 -08:00
Sonny Gonzalez 667cc5bcca
Land #9653, fix Y2k38 issue (until Jan 1, 2038) 2018-03-01 09:28:11 -06:00
Chris Higgins d2c203bcb9
Lands #9504, MagniComp SysInfo privilege escalation 2018-02-20 09:24:13 -06:00
bwatters-r7 64746d8325
Land # 9407, Add BMC Server Automation RSCD Agent RCE exploit module 
Merge branch 'land-9407' into upstream-master
 2018-02-01 11:23:59 -06:00
Aaron Soto 395320ba97 Land #9379, Oracle Weblogic RCE exploit and documentation 2018-01-26 18:08:56 -06:00
Brent Cook 294a8e0ada
Land #9413, Expand the number of class names searched when checking for an exploitable JMX server 2018-01-24 17:12:43 -06:00
Brent Cook 512192d3b0
Land #9267, Add targets to sshexec 2018-01-24 17:12:12 -06:00
William Vu 366a20a4a4
Fix #9215, minor style nitpick 2018-01-03 23:11:51 -06:00
William Vu a1d43c8f33
Land #9215, new Drupageddon vector 2018-01-03 14:45:32 -06:00
William Vu caae33b417
Land #9170, Linux UDF for mysql_udf_payload 2017-12-21 20:48:24 -06:00
Brent Cook 210f137b7b Merge branch 'upstream-master' into land-9296- 2017-12-20 12:07:53 -06:00
William Vu e9b9c80841
Fix #9307, credit to @r0610205 2017-12-18 03:55:01 -06:00
William Vu 76823e9fe6
Land #9183, Jenkins Groovy XStream RCE 2017-12-18 03:38:27 -06:00
Tim c4e20e01e3 iOS meterpreter 2017-12-12 23:23:21 +08:00
WhiteWinterWolf bfd5c2d330
Keep the initial option name 'ADMIN_ROLE' 2017-11-22 22:03:56 +01:00
WhiteWinterWolf 2be3433bdb Update references URLs 2017-11-17 13:27:35 +01:00
WhiteWinterWolf a636380e4b Merge the new method into drupal_drupageddon.rb 2017-11-17 13:00:15 +01:00
WhiteWinterWolf 704514a420
New exploit method for Drupageddon (CVE-2014-3704) 
This new script exploits the same vulnerability as
 *exploits/multi/http/drupal_drupageddon.rb*, but in a more efficient way.
 2017-11-16 20:47:44 +01:00
Adam Cammack 4219959c6d
Bump ranking to Excellent 2017-11-15 15:00:47 -06:00
Steven Patterson df2b62dc27
Add Mako Server CMD injection Linux support, update docs, move to multi 2017-11-10 16:28:39 -05:00
attackdebris 500bde1150 get_vars tweak 2017-11-09 04:16:34 -05:00
attackdebris a04bc0a25b Add get_vars, remove a https instance 2017-11-08 16:30:59 -05:00
Patrick Webster 2f6da89674 Change author name to nick. 2017-11-09 03:00:24 +11:00
attackdebris 7173e7f4b4 Add CVE to module description 2017-11-07 11:05:14 -05:00
attackdebris 371f3c333a This commit adds the jenkins_xstream_deserialize module 2017-11-07 09:46:42 -05:00
Brent Cook cfeb0b7bda prefer threadsafe sleep here 2017-11-06 01:37:09 -06:00
Brent Cook 897b5b5dd1 revert passive handler stance 2017-11-06 01:37:09 -06:00
h00die 697031eb36 mysql UDF now multi 2017-11-03 05:26:05 -04:00
Jeffrey Martin 43b67fe80b
remove errant bracket, formatting update 2017-10-26 15:01:53 -05:00
Jeffrey Martin f2cba8d920
Land #8933, Web_Delivery - Merge regsvr32_applocker_bypass_server & Add PSH(Binary) 
This restores the original PR
 2017-10-25 16:29:11 -05:00
Jeffrey Martin ca28abf2a2 Revert "Land #8933, Web_Delivery - Merge regsvr32_applocker_bypass_server & Add PSH(Binary)" 
This reverts commit 4999606b61, reversing
changes made to 4274b76473.
 2017-10-25 16:19:14 -05:00
Jeffrey Martin 0a858cdaa9
Revert "fix my comments from #8933" 
This reverts commit 02a2839577.
 2017-10-25 16:13:00 -05:00
Jeffrey Martin 02a2839577 fix my comments from #8933 2017-10-25 14:46:41 -05:00
Jeffrey Martin 4999606b61 Land #8933, Web_Delivery - Merge regsvr32_applocker_bypass_server & Add PSH(Binary) 2017-10-25 12:44:04 -05:00
Jeffrey Martin cfaa34d2a4
more style cleanup for tomcat_jsp_upload_bypass 2017-10-11 15:53:35 -05:00
Jeffrey Martin 9885dc07f7
updates for style 2017-10-11 15:29:47 -05:00
root 03e7797d6c fixed msftidy errors and added documentation 2017-10-11 07:57:01 -04:00
peewpw facc38cde1 set timeout for DELETE request 2017-10-09 21:53:31 -04:00
peewpw be8680ba3d Create tomcat_jsp_upload_bypass.rb 
Created a module for CVE-2017-12617 which uploads a jsp payload and executes it.
 2017-10-08 21:48:47 -04:00
h00die 7535fe255f
land #8736 RCE for orientdb 2017-10-06 14:35:42 -04:00
William Vu 98ae054b06
Land #8931, Node.js debugger exploit 2017-09-25 14:00:13 -05:00
g0tmi1k 1ee590ac07 Move over to rex-powershell and version bump 
Version bump for:
- https://github.com/rapid7/rex-powershell/pull/10
- https://github.com/rapid7/rex-powershell/pull/11
 2017-09-25 13:45:06 +01:00
Tod Beardsley 5f66b7eb1a
Land #8940, @h00die's second round of desc fixes 
One ninja edit along the way as well.
 2017-09-11 13:05:13 -05:00
Patrick Thomas 2966fb7c8c Accept @shawizard suggestion for formatting msg_body 2017-09-10 11:23:52 -07:00