infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
23,530 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

12417 Commits (fc841331d280e0b8b187a259be3c7a4af0dcce7e)

Author SHA1 Message Date
Joe Vennix fc841331d2 Add a test on echo to check for hex support. 
* This is much nicer than checking version on userAgent, which
is often changed when rendered in an embedded webview.
 2014-04-08 17:58:31 -05:00
joev 2e4c2b1637 Disable Android 4.0, add arch detection. 
Android 4.0, it turns out, has a different echo builtin than the other androids.
Until we can figure out how to drop a payload on a 4.0 shell, we cannot support it.

Arch detection allows mips/x86/arm ndkstagers to work, unfortunately
x86 ndkstager was not working, so it is disabled for now.
 2014-04-07 09:44:43 -05:00
Joe Vennix 55500ea2f3 Avoid the nullchar. 2014-04-02 21:53:12 -05:00
Joe Vennix 176cc84865 Remove BES and calculate the pid manually. 2014-04-02 17:21:13 -05:00
Tim 25ca0552e0 cleanup files after exploit 2014-03-23 17:00:29 +00:00
Tim f9972239cf randomize payload filename 2014-03-23 16:36:26 +00:00
Joe Vennix facd743f1f Oops. Add missing dir to dalvikstager path. 2014-03-11 19:48:39 -05:00
Joe Vennix 15b1a5931c Remove extra resources from android reverse_http(s). 2014-03-11 11:56:05 -05:00
Joe Vennix 5c2168513a Update path in #dalvikstager. 2014-03-11 11:03:36 -05:00
Tim c76924e946 native jni stager 2014-03-10 21:50:00 -05:00
Tim 4f31eba7f4 android payload golf 2014-03-10 21:50:00 -05:00
AnwarMohamed ad8b0ef3d1 using http(s)://LHOST:LPORT 2014-03-10 21:50:00 -05:00
AnwarMohamed b45524ecdd generate cert @ payload/dalvik.rb 2014-03-10 21:50:00 -05:00
AnwarMohamed 99cc94e6fc moving string_sub() to payload/dalvik.rb 2014-03-10 21:49:59 -05:00
AnwarMohamed dc8992924f android reverse_http/s 2014-03-10 21:49:59 -05:00
sinn3r c76a1ab9f4
Land #3065 - Safari User-Assisted Download & Run Attack 2014-03-07 10:29:56 -06:00
Spencer McIntyre ebee365fce
Land #2742, report_vuln for MongoDB no auth 2014-03-06 19:34:45 -05:00
Spencer McIntyre 84f280d74f
Use a more descriptive MongoDB vulnerability title 2014-03-06 19:20:52 -05:00
Joe Vennix 9638bc7061 Allow a custom .app bundle. 
* adds a method to Rex::Zip::Archive to allow recursive packing
 2014-03-06 16:11:30 -06:00
Joe Vennix 5abb442757 Adds more descriptive explanation of 10.8+ settings. 2014-03-06 15:15:27 -06:00
Joe Vennix 43d315abd5 Hardcode the platform in the safari exploit. 2014-03-06 13:04:47 -06:00
Brendan Coles df2bdad4f9 Include 'msf/core/exploit/powershell' 
Prevent:

```
[-] 	/pentest/exploit/metasploit-framework/modules/exploits/windows/misc/hp_dataprotector_exec_bar.rb: NameError uninitialized constant Msf::Exploit::Powershell
```
 2014-03-06 12:57:43 +11:00
Joe Vennix 38a2e6e436 Minor fixes. 2014-03-05 19:03:54 -06:00
Joe Vennix dca807abe9 Tweaks for BES. 2014-03-05 19:00:15 -06:00
Joe Vennix 12cf5a5138 Add BES, change extra_plist -> plist_extra. 2014-03-05 18:51:42 -06:00
sinn3r 9d0743ae85
Land #3030 - SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write 2014-03-05 16:34:54 -06:00
bcoles 1ea35887db Add OSVDB reference 2014-03-06 01:40:15 +10:30
jvazquez-r7 4e9350a82b Add module for ZDI-14-008 2014-03-05 03:25:13 -06:00
Joe Vennix cd3c2f9979 Move osx-app format to EXE. 2014-03-04 22:54:00 -06:00
OJ a1aef92652
Land #2431 - In-memory bypass uac 2014-03-05 11:15:54 +10:00
sinn3r 7cb6e7e261
Land #3057 - MantisBT Admin SQL Injection Arbitrary File Read 2014-03-04 17:52:29 -06:00
sinn3r f0e97207b7 Fix email format 2014-03-04 17:51:24 -06:00
Joe Vennix 32c27f6be0 Tweak timeouts. 2014-03-04 17:16:23 -06:00
Joe Vennix 40047f01d3 Adds Safari User Assisted download launch module. 2014-03-04 17:02:51 -06:00
sinn3r caaa419ef8
Land #3054 - Fix crash in osx/x64/exec on 10.9 Mavericks 2014-03-04 15:24:02 -06:00
Brandon Perry c86764d414 update default password to root 2014-03-04 11:55:30 -08:00
Brandon Perry 2b06791ea6 updates regarding PR comments 2014-03-04 10:08:31 -08:00
William Vu e30238fe0d
Land #3062, unused arg fix for vmware_mount 2014-03-04 11:37:41 -06:00
James Lee 68205fa43c
Actually use the argument 2014-03-04 11:30:42 -06:00
sinn3r f8310b86d1
Land #3059 - ALLPlayer M3U Buffer Overfloww 2014-03-04 11:29:52 -06:00
David Maloney db76962b4a
Land #2764, WMIC Post Mixin changes 
lands Meatballs WMIC changes
 2014-03-04 10:21:46 -06:00
Brandon Perry a3523bdcb9 Update mantisbt_admin_sqli.rb 
remove extra new line and fix author line
 2014-03-04 08:44:53 -06:00
OJ f0868c35bf
Land #3050 - Fix tained perl payloads 2014-03-04 10:05:47 +10:00
sgabe 408fedef93 Add module for OSVDB-98283 2014-03-04 00:51:01 +01:00
Meatballs 32d83887d3
Merge remote-tracking branch 'upstream/master' into wmic_post 2014-03-03 21:56:31 +00:00
Brandon Perry 98b59c4103 update desc 2014-03-03 12:40:58 -08:00
Brandon Perry c5d1071456 add mantisbt aux module 2014-03-03 12:36:38 -08:00
Tod Beardsley de6be50d64
Minor cleanup and finger-wagging about a for loop 2014-03-03 14:12:22 -06:00
Joe Vennix 6a02a2e3b3 NULL out envp pointer before execve call. 
This was causing a crash on 10.9.
 2014-03-03 08:56:52 -06:00
Sagi Shahar 8c4b663643 Fix payloads to bypass Perl's Taint mode. 2014-03-02 18:39:05 +02:00