adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
43,178 Commits 27 Branches 1,043 Tags
0ac19087cd6015e596fff45a4ca1bed65afcc8ef
Commit Graph

1922 Commits

Author SHA1 Message Date
William Vu c9853a6bfe Land #8735, robots.txt for HttpServer 2017-07-24 18:26:41 -05:00
William Vu a950ecc345 Clean up style 2017-07-24 18:26:05 -05:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
Brent Cook 800cdcc866 Land #8737, better handle sudden disconnects with SMTP servers 2017-07-23 15:04:50 -07:00
Brent Cook df22e098ed Land #8695, Fix #8675, Add Cache-Control header, also meta tag for BAP2 2017-07-23 07:17:45 -07:00
Jin Qian 0f31edfe39 Change tab into space to be standard compliant 
Thanks to Brent and Dave for pointing it out.
 2017-07-18 16:17:53 -05:00
Jin Qian 6385593148 Fix SE campaign exception. 
MS-2705, SE_campaign will crash when RCPT command got socket closure as a response. Thanks to Pearce for the triage.
 2017-07-18 14:30:44 -05:00
Dave Farrow 378375c822 replaced devil tabs with spaces 2017-07-17 20:29:33 -07:00
Dave Farrow e6fe90ea08 added robots.txt support for http exploit server 2017-07-17 17:47:36 -07:00
Brent Cook 345407b0a4 Rex::Encoder::XDR conflicts with the XDR gem 2017-07-12 11:52:10 -05:00
wchen-r7 50b1ec4044 Fix #8675, Add Cache-Control header, also meta tag for BAP2 
Hopefully that browsers will respect this.

Fix #8675
 2017-07-10 16:05:09 -05:00
William Webb 6349026134 Land #8442, Exploit module for Backup Exec Windows Agent UaF 2017-06-28 10:39:28 -05:00
HD Moore 66f06cd4e3 Fix small typos in comments 2017-05-28 14:40:33 -05:00
HD Moore 8caaba01f1 Add share enumeration methods to the SMB mixin 2017-05-26 17:01:18 -05:00
HD Moore 18a871d6a4 Delete the .so, add PID bruteforce option, cleanup 2017-05-25 16:03:14 -05:00
Matthew Daley 52363aec13 Add module for CVE-2017-8895, UAF in Backup Exec Windows agent 
This module exploits a use-after-free vulnerability in the handling of
SSL NDMP connections in Veritas/Symantec Backup Exec's Remote Agent for
Windows. When SSL is re-established on a NDMP connection that previously
has had SSL established, the BIO struct for the connection's previous
SSL session is reused, even though it has previously been freed.

Successful exploitation will give remote code execution as the user of
the Backup Exec Remote Agent for Windows service, almost always
NT AUTHORITY\SYSTEM.
 2017-05-24 00:18:20 +12:00
Renato Piccoli 29d1022ae2 Fix the rake spec failures under ruby 2.4. 
Ths typo3_spec is giving some errors under ruby 2.4+
and OpenSSL 1.1+.
 2017-05-21 21:56:04 +02:00
James Lee 4def7ce6cc Land #8327, Simplify storing credentials 2017-05-18 16:49:01 -05:00
wchen-r7 58d65ce4b5 Land #8380, check for command injection in smtp email addresses 
aborts
 2017-05-16 15:36:22 -05:00
Brent Cook e7be0af72e update bad mail checks 2017-05-14 22:13:31 -05:00
Brent Cook 8ac5d2d377 tidy up a bit while we're in here 2017-05-14 21:27:38 -05:00
Brent Cook 544ea6926c trim leading and trailing whitespace in mail addresses 2017-05-14 11:22:46 -05:00
RageLtMan cf29a512d0 Upstream Msf namespace PSH decompressor & decoder 
Present convenience interfaces in Msf::Exploit::Powershell ns for
decoding and decompressing PSH strings built with Rex::Powershell
or compatible implementations.
 2017-05-10 22:44:56 -04:00
Jeffrey Martin 63b6ab5355 simplify valid credential storage 2017-05-04 22:51:40 -05:00
Brent Cook 288cb6536d fix #8305, escape unadorned periods in the front of SMTP payloads 2017-04-26 16:05:46 -05:00
Christian Mehlmauer 3c260ea452 fix #7921, HttpTrace and chunked encoding 2017-04-05 22:58:11 +02:00
William Vu 1a96fb03ae Allow start_service to specify a resource 
This overrides URIPATH and random_uri if opts['Path'] is specified.
 2017-03-09 02:33:02 -06:00
William Vu 1a0b342e68 Add srvport to HttpServer 
This allows URIPORT to override SRVPORT.
 2017-03-09 02:24:22 -06:00
wchen-r7 f27ef55391 Land #7992, Improve Signature Evasions for browser exploits 2017-02-23 16:32:49 -06:00
Jeff Tang e3f613ecc6 Bypass: Metasploit OS detection 
SEP is triggering on HTTP POSTs which start with `os_name`
 2017-02-23 15:42:04 -05:00
Jeff Tang 84ab3c66cc Use obfuscated JS in BES 2017-02-22 12:47:36 -05:00
William Vu b06895b604 Hide RPORT more intelligently 2017-02-08 09:40:42 -06:00
William Vu 31f93de150 Update HttpClient and WordPress mixins 2017-02-06 04:40:26 -06:00
James Lee 3c7f78167a Push up the preamble and modernize style 2017-02-02 17:57:03 -06:00
Pearce Barry 9b16cdf602 Land #7845, Fix Msf::Exploit::EXE shellcode/template mismatch 2017-01-22 16:09:41 -06:00
Brent Cook 836da6177f Cipher::Cipher is deprecated 2017-01-22 10:20:03 -06:00
Brent Cook f69b4a330e handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations 2017-01-22 10:20:03 -06:00
William Vu d8da7c6d43 Fix Msf::Exploit::EXE shellcode/template mismatch 
Initialize EXE options unless code is supplied with platform/arch.
 2017-01-19 00:07:35 -06:00
David Maloney 38a4c2aa97 fix autotargeting failure 
the fallback to the original default was failing because
it was assuming rhost was already set, so it would always
go back to the first default target. now the auto_target? method
only returns true if can pull an auto_target_host
 2017-01-10 14:12:28 -06:00
David Maloney 8c395338af Land #7743, wchen's digest auth nonce fix 
land sinn3r's pr for fixing the Digest Auth nonce
 2017-01-09 14:16:09 -06:00
David Maloney 2108913e77 target_host method had a name collision 
this method appears to have been accidentaly overriding another
method causing sessions to never finish being established
 2017-01-06 12:44:37 -06:00
wchen-r7 180795f209 Fix #7743, nil @cnonce in rex/proto/http/client.rb 
Fix #7743
 2017-01-04 11:50:31 -06:00
David Maloney 5fd531028c ome minor guards and spec fixes 
some minor conditional guards and spec fixes
 2017-01-03 14:38:51 -06:00
David Maloney 2d5158403b add YARD docs to auto target methods 
added YARD docs

MS-2325
 2017-01-03 14:38:51 -06:00
David Maloney 3d2957dff1 tying it all together 
insert our autotarget routine into
the main target selection process

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 44830dfc54 prefer authour's target over ours 
if the module authour added an automatic target
we skip our routine, to let the module's own automatic targeting
take over as it likely be better

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 1afc57da40 determine most precise filter 
drop back to our most precise level of filtering

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 201b65e43d remaining os filtering 
now can filter by os name and service pack
need to do final logic to turn that into an actual
target selection

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 05ac2ee6ed convert first stage to os_family 
added the new os-family column to Host
so now we use that as our first stage filter
for targets

MS-2325
 2017-01-03 14:38:49 -06:00
David Maloney 95d5c7a778 filtering by os_name 
targets now filtered by OS name, but a little
more processing may be needed on this part because
it looks like what you'd expect in os_flavor gets jammed
into name instead

MS-2325
 2017-01-03 14:38:49 -06:00