infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
44,409 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

44409 Commits (fe4c7010161aca6f6b050ae2b76f373fc04a9d84)

Author SHA1 Message Date
Jeffrey Martin fe4c701016 Merge released '4.x' 2017-12-19 14:14:22 -06:00
Brent Cook 9f144ce8d4
Land #9151, mettle extension support + sniffer module 2017-12-18 21:49:40 -06:00
Metasploit 66b1a555a1
Bump version of framework to 4.16.25 2017-12-18 16:33:25 -08:00
James Barnett 3d76c36511
Land #9314, remove libsodium 
Removing libsodium to fix build issues on various platforms
 2017-12-18 18:16:23 -06:00
Tod Beardsley 01341aedc1
Land #9180, @RootUp's Samsung Browser SOP module 
Also lands #9311, the docs for the same.
 2017-12-18 17:44:07 -06:00
Tod Beardsley 8c1f1696af
Kill trailing whitespace in docs 2017-12-18 17:35:49 -06:00
Tod Beardsley 4aa480d655
Land #9311, docs for #9180 2017-12-18 17:34:55 -06:00
Tod Beardsley f0df1750de
Land #9180 
Land @RootUp's Samsung browser SOP module
 2017-12-18 17:28:03 -06:00
Tod Beardsley 6631ec6126 Merge remote-tracking branch 'upstream/master' 2017-12-18 16:48:33 -06:00
Jeffrey Martin 04f294bd53
Fix #8972, Remove libsodium until packaged better 
Due to issues with packaging for multiple platforms libsodium as an optional dependency for 'rbnacl' is being removed.  Once packaging issue are resolved this will be restored.  This removes support for `ed25519` keys used with ssh for the time being however manual installation of this gem allows user to workaround this limitation.
 2017-12-18 15:21:27 -06:00
Jon Hart a33ed82a40
Land #9214, @realoriginal's update to the Cisco SMI scanner to also fetch Cisco IOS configs 2017-12-18 12:22:26 -08:00
Brent Cook 2a94a4417a bump payloads 2017-12-18 10:01:10 -06:00
William Vu e9b9c80841
Fix #9307, credit to @r0610205 2017-12-18 03:55:01 -06:00
William Vu 76823e9fe6
Land #9183, Jenkins Groovy XStream RCE 2017-12-18 03:38:27 -06:00
William Vu d3638d0487
Land #9154, Tuleap PHP object injection exploit 2017-12-18 03:19:42 -06:00
William Vu 0e2a158abd Fix global var $is_check (make ivar @is_check) 2017-12-18 03:15:33 -06:00
Pearce Barry 880a1d4283
Land #9312, Module acting as a Pyrotechnical Device Deployment Tool (PDT) for Hardware Bridge 2017-12-17 18:32:28 -06:00
Pearce Barry 8344401484
Add docs, minor tweaks. 2017-12-17 18:15:49 -06:00
RootUp 95e2f1da95
Update samsung_browser_sop_bypass.md 2017-12-17 11:02:24 +05:30
RootUp 53a098a7f3
Update samsung_browser_sop_bypass.md 2017-12-16 22:46:29 +05:30
RootUp 6b54fe6775
Create samsung_browser_sop_bypass.md 2017-12-16 22:26:08 +05:30
RootUp 917dd8e846
Update samsung_browser_sop_bypass.rb 2017-12-16 22:10:02 +05:30
RootUp 8f91377acb
Update samsung_browser_sop_bypass.rb 2017-12-16 22:09:21 +05:30
RootUp 88a21d14f8
Merge pull request #3 from todb-r7/pr-9180 
Thanks @todb-r7 works perfect !
 2017-12-16 22:04:33 +05:30
Brent Cook 90b97d6581 Merge branch 'upstream-master' into land-9151- 2017-12-15 14:15:14 -06:00
Brent Cook 36a3088a67
Land #9303, allow arguments to the editor with the 'edit' command 2017-12-15 13:46:15 -06:00
William Vu 0a1eea9860 Allow local_editor in cmd_edit to take arguments 
Such as vim -i NONE. This may allow command injection via arguments.
However, you can already start an arbitrary program by setting
LocalEditor or escaping the editor.

msf > setg LocalEditor /bin/sh
LocalEditor => /bin/sh
msf > edit -i
[*] Launching /bin/sh -i
$
 2017-12-14 19:51:57 -06:00
Tod Beardsley 3b3b0e6e96
And this is why I hate using single quotes 
Also, restored the store_cred call.

This will fix up RootUp/metasploit-framework#3 for PR #9180
 2017-12-14 14:28:25 -06:00
William Webb 234ef5627e
Land #9299, Add arch to MS17-010 detection 2017-12-14 12:20:56 -08:00
Metasploit be4f9236f2
Bump version of framework to 4.16.24 2017-12-14 10:08:05 -08:00
bwatters-r7 9ea7747a5c
Land #9233, Fix #9232 corruption of non-latin characters in W methods 
Merge branch 'land-9233' into upstream-master
 2017-12-14 11:54:36 -06:00
Pearce Barry 048b39ccd6
Initial commit of pdt module. 2017-12-14 09:23:21 -06:00
William Vu 3cd287ddd6 Update the MS17-010 scanner to use dcerpc_getarch 2017-12-14 02:08:30 -06:00
William Vu 8e4b007edc Move verify_arch to dcerpc_getarch 
We can use this code elsewhere, such as the MS17-010 scanner.
 2017-12-14 02:08:25 -06:00
Brent Cook c6a2ae2551
Land #9248, Add wd_mycloud_multiupload_upload exploit 2017-12-13 18:51:02 -06:00
Brent Cook 125a079fa9 add cve reference 2017-12-13 18:50:21 -06:00
h00die d7ad443be1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework into upstream-master 2017-12-13 19:33:05 -05:00
h00die c0a534140d
Land #9284 a regex dos for ua_parser_js npm module 2017-12-13 19:31:49 -05:00
h00die 544e4e3d0b fix md formatting 2017-12-13 19:30:50 -05:00
Wei Chen deacebc46b
Land #9264, Add private type when storing SSH password 
Land #9264
 2017-12-13 18:24:31 -06:00
Wei Chen cfec0f4965
Land #9282, Add exploit for MSFT Office DDR in RTF format 
Land #9282
 2017-12-13 18:16:04 -06:00
Tod Beardsley 5226181d6d
Better conditionals from @bcoles 2017-12-13 16:48:05 -06:00
Tod Beardsley 966060d470
Nits picked by @bcoles: commas, quotes, and <head> 2017-12-13 16:38:17 -06:00
Nicholas Starke dd5532c5de Addressing Formatting Issues 
There were several formatting and layout issues
that are fixed in this commit.  Also changing
`RHOSTS` to `RHOST`.
 2017-12-13 14:26:27 -06:00
Wei Chen b99663fb6c
Bring #9282 up to date with upstream-master 2017-12-13 13:16:30 -06:00
RootUp f0fc1bcecd
Merge pull request #2 from todb-r7/pr-9180 
Hi @todb-r7 
This works perfect in we can save creds in our MSF `creds`
 2017-12-13 11:13:42 +05:30
Wei Chen 37514eec17
Land #9234, Add exploit for ClickJacking vuln for pfSense 
Land #9234
 2017-12-12 14:56:21 -06:00
Wei Chen c7019e5aee Only load files once 2017-12-12 14:54:49 -06:00
Tod Beardsley f18f90e7e4 Merge remote-tracking branch 'upstream/master' 2017-12-12 14:48:58 -06:00
Tod Beardsley 622050ddfc
Oops, leftover comment 2017-12-12 14:48:00 -06:00