adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
68,051 Commits 27 Branches 1,043 Tags
052d233bd973e6a7e8b39da038962ceffa4cc6de
Commit Graph

2713 Commits

Author SHA1 Message Date
adfoster-r7 3a281234df Add feature flagged datastore rewrite, with support for option fallback lookups 2022-09-16 12:59:02 +01:00
Jeffrey Martin c45262cd46 Land #16800, Add support for OpenSSL 3 2022-08-05 14:20:51 -05:00
Christophe De La Fuente 9c6a198453 Land #16796, Path traversal vulnerability in RARLAB UnRAR < 6.12 with Zimbra RCE module 2022-08-04 19:44:57 +02:00
Ron Bowes a314423e81 Some changes requested by @cdelafuente-r7 2022-08-03 14:51:51 -07:00
adfoster-r7 f65119b353 Support OpenSSL3 and run Ubuntu 22.04 in test matrix 2022-08-03 15:49:53 +01:00
Ron Bowes c66f98bae6 Make lint happy 2022-08-01 10:03:35 -07:00
Ron Bowes e7edafbcfb Throw errors in the rar-generator library rather than returning nil 2022-08-01 09:54:31 -07:00
Ron Bowes d36bee8755 A few simple feedback changes 2022-07-29 10:48:07 -07:00
Ron Bowes f279e8d6ca Split the CVE-2022-30333 unrar module into two different modules with a shared mixin to generate the file 2022-07-27 12:45:47 -07:00
Christophe De La Fuente f9a951d034 Land #16737, Remove initial code duplication between mssql clients 2022-07-20 19:44:25 +02:00
bcoles 1dcfc3406a Add Rex::Exploitation::CmdStagerFtpHttp to Msf::Exploit::CmdStager 2022-07-16 18:10:28 +10:00
bcoles 39f288bfe3 Rex::Proto::Http: Add evasion options to shuffle GET / POST parameters 2022-07-11 01:37:41 +10:00
adfoster-r7 5bc618e642 Remove initial code duplication between mssql clients 2022-07-01 14:26:04 +01:00
bcoles 66009ca5e5 Exploit::CmdStager: Expose CMDSTAGER::URIPATH option for HTTP stagers 2022-06-25 23:49:47 +10:00
Grant Willcox b10386ba08 Land #16650, Add #read_from_file for MSSQL and PostgreSQL, fix the MySQL implementation 2022-06-17 14:58:22 -05:00
Redouane NIBOUCHA d47d1bc259 Remove newlines from base64 output on MySQL also 2022-06-17 00:51:52 +02:00
Grant Willcox 63822f6e37 Land #16651, [SQLi library] Ensure the encoder is always used in the #test_vulnerable methods 2022-06-08 17:15:22 -05:00
Redouane NIBOUCHA 88036a7f1f Check for nil before using the decoder in test_vulnerable 2022-06-08 22:00:03 +02:00
Jack Heysel 67ea2bc23c Land #16630 Fix duplicate ntlm hash storage 
Net-NTLM (v1 and v2) hashes were being duplicated when
stored in the database due to the unique data in the challenge
dispite being the same. This fixes that issue
 2022-06-08 14:07:34 -04:00
jheysel-r7 1a7cbe5b4f Update lib/msf/core/exploit/remote/smb/server/hash_capture.rb 2022-06-08 13:45:57 -04:00
Grant Willcox a983bbd8ba Land #16615, Solicited multicast-address creation bugfix 2022-06-07 14:41:52 -05:00
jheysel-r7 2b99967d0c Merge branch 'master' into fix/duplicate-netntlm 2022-06-07 11:42:51 -04:00
Redouane NIBOUCHA 5331c343a0 Use the encoder in all the #test_vulnerable methods from the common class 2022-06-06 23:13:26 +02:00
Redouane NIBOUCHA 6d9c789f4d Add method #read_from_file for MSSQL and PostgreSQL, and update the MySQL #read_from_file method 2022-06-06 23:07:25 +02:00
Jack Heysel 8ccc1ebf91 Land PR #16628, Log ntlm_session hashes 
This PR fixes the logging and storing of
NTLM session hashes
 2022-06-02 11:20:37 -04:00
space-r7 6d3ccab1be Land #16435, add Microsoft SQL Server sqli support 2022-06-01 10:27:48 -05:00
Spencer McIntyre a47b3fe694 Don't report duplicate Net-NTLM hashes 2022-05-27 14:13:06 -04:00
Spencer McIntyre 1e5f86703f Report the correct JtR type 2022-05-27 10:16:02 -04:00
Spencer McIntyre 862c6a94a2 Log ntlm_session hashes too 
Despite being called ntlm_session, these hashes are capable of being
cracked as the John 'netntlm' format. Additionally the format is
reported as NTLMv1-SSP in similar tools.
 2022-05-27 10:07:39 -04:00
NikitaKovaljov c33f284786 change from lambda to line by line logic 2022-05-24 16:24:15 +03:00
NikitaKovaljov 7f9ead454e bugfix of improper solicited address creation 2022-05-23 15:25:53 +03:00
Spencer McIntyre 19a9ff1198 Update a couple of modules for the new SMB server 2022-05-16 14:39:45 -04:00
Spencer McIntyre e0b9002238 Fix an SMB relay bug 2022-05-16 14:39:45 -04:00
Spencer McIntyre f14f8da1df Use the new thread_factory 2022-05-16 14:39:45 -04:00
Spencer McIntyre b79b550d6c Centralize the log adapter 
This should eventually be updated to map the levels to the framework
logger and appropriate module-print_* function.
 2022-05-16 14:39:45 -04:00
Spencer McIntyre 7c15b144c4 Update the SMB capture server 2022-05-16 14:39:44 -04:00
Spencer McIntyre 22993e910e Move server code into the server mixin 2022-05-16 14:39:44 -04:00
Spencer McIntyre c39fd87073 Finish removing unneeded server code 2022-05-16 14:39:44 -04:00
Spencer McIntyre 475f6eee8c Capture hash when serving files over SMB 2022-05-16 14:39:44 -04:00
Spencer McIntyre d740786211 Add the on_client_connect callback 
Also update the group_policy_startup module.
 2022-05-16 14:39:44 -04:00
Spencer McIntyre 317516d90f Enable guest access 2022-05-16 14:39:44 -04:00
Spencer McIntyre 882bcf08f7 Fix bugs when stopping the service 2022-05-16 14:39:44 -04:00
Spencer McIntyre 09dc65eb6a Remove the FILE_CONTENTS datastore option 
None of the 14 modules use this option, they all deregister it.
 2022-05-16 14:39:44 -04:00
Spencer McIntyre 63af7cdef7 Initial update to the RubySMB share server 2022-05-16 14:39:44 -04:00
Spencer McIntyre 013a819cff Out with the old 2022-05-16 14:39:44 -04:00
Spencer McIntyre 879591f686 Land #16499, Specify peer hostname for SNI 2022-05-16 14:21:57 -04:00
adfoster-r7 0196b6fa75 Land #16555, move duplicated retry_until_truthy code into centralized location 2022-05-16 18:31:57 +01:00
adfoster-r7 db694efd36 Improve relative redirect handling 2022-05-16 12:03:24 +01:00
Spencer McIntyre 1aceb71971 Rename the function to emphasize truthy 2022-05-13 09:16:01 -04:00
Spencer McIntyre 3d37f2f811 Change the timeout value to be nil 2022-05-13 09:14:23 -04:00