adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
35,959 Commits 27 Branches 1,043 Tags
0ae2e64bc56dd8543a97cc4ebc94de4738376488
Commit Graph

975 Commits

Author SHA1 Message Date
Mark Schloesser 9e9954e831 fix placeholder to show the firmware version I used 2014-11-19 21:23:39 +01:00
Mark Schloesser a718e6f83e add exploit for r7-2014-18 / CVE-2014-4880 2014-11-19 21:07:02 +01:00
HD Moore 6b4eb9a8e2 Differentiate failed binds from connects, closes #4169 
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:

1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.

Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
 2014-11-11 14:59:41 -06:00
Joe Vennix c6bbc5bccf Merge branch 'landing-4055' into upstream-master 2014-10-28 11:18:20 -05:00
Luke Imhoff 216360d664 Add missing require 
MSP-11145
 2014-10-27 15:19:59 -05:00
sinn3r 7cb4320a76 Land #3561 - unix cmd generic_sh encoder 2014-10-23 15:48:00 -05:00
sinn3r 13fd6a3374 Land #4046 - Centreon SQL and Command Injection 2014-10-23 13:17:00 -05:00
sinn3r ce841e57e2 Rephrase about centreon.session 2014-10-23 13:15:55 -05:00
sinn3r 889045d1b6 Change failure message 2014-10-23 12:55:27 -05:00
William Vu d5b698bf2d Land #3944, pkexec exploit 2014-10-17 16:30:55 -05:00
jvazquez-r7 7652b580cd Beautify description 2014-10-17 15:31:37 -05:00
jvazquez-r7 d831a20629 Add references and fix typos 2014-10-17 15:29:28 -05:00
URI Assassin 35d3bbf74d Fix up comment splats with the correct URI 
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
 2014-10-17 11:47:33 -05:00
0a2940 e689a0626d Use Rex.sleep :-) 
"Right is right even if no one is doing it; wrong is wrong even if everyone is doing it"

user@x:/opt/metasploit$ grep -nr "select(nil, nil, nil" . | wc -l
189
user@x:/opt/metasploit$ grep -nr "Rex.sleep" . | wc -l
25
 2014-10-10 10:05:46 +01:00
sinn3r c5494e037d Land #3900 - Add F5 iControl Remote Root Command Execution 2014-10-08 00:30:07 -05:00
jvazquez-r7 299d9afa6f Add module for centreon vulnerabilities 2014-10-07 14:40:51 -05:00
jvazquez-r7 3daa1ed4c5 Avoid changing modules indentation in this pull request 2014-10-07 10:41:25 -05:00
jvazquez-r7 341d8b01cc Favor echo encoder for back compatibility 2014-10-07 10:24:32 -05:00
jvazquez-r7 0089810026 Merge to update 2014-10-06 19:09:31 -05:00
jvazquez-r7 212762e1d6 Delete RequiredCmd for unix cmd encoders, favor EncoderType 2014-10-06 18:42:21 -05:00
0a2940 f2b9aeed74 typo 2014-10-03 11:02:56 +01:00
0a2940 f60f6d9c92 add exploit for CVE-2011-1485 2014-10-03 10:54:43 +01:00
Brandon Perry 2c9446e6a8 Update f5_icontrol_exec.rb 2014-10-02 17:56:24 -05:00
Tod Beardsley 4fbab43f27 Release fixes, all titles and descs 2014-10-01 14:26:09 -05:00
William Vu 039e544ffa Land #3925, rm indeces_enum 
Deprecated.
 2014-09-30 17:45:38 -05:00
Brandon Perry 161a145ec2 Create f5_icontrol_exec.rb 2014-09-27 10:40:13 -05:00
jvazquez-r7 f2cfbebbfb Add module for ZDI-14-305 2014-09-24 00:22:16 -05:00
Jon Hart 495e1c14a1 Land #3721, @brandonprry's module for Railo CVE-2014-5468 2014-09-09 19:10:46 -07:00
Jon Hart 26d8432a22 Minor style and usability changes to @brandonprry's #3721 2014-09-09 19:09:45 -07:00
Brandon Perry db6052ec6a Update check method 2014-09-09 18:51:42 -05:00
Jakob Lell 3e57ac838c Converted LD_PRELOAD library from precompiled binary to metasm code. 2014-09-04 21:49:55 +02:00
Brandon Perry ee3e5c9159 Add check method 2014-09-02 21:35:47 -05:00
Brandon Perry 438f0e6365 typos 2014-08-30 09:22:58 -05:00
Brandon Perry f72cce9ff2 Update railo_cfml_rfi.rb 2014-08-29 17:33:15 -05:00
Brandon Perry f4965ec5cf Create railo_cfml_rfi.rb 2014-08-28 08:42:07 -05:00
Jakob Lell 052327b9c6 Removed redundant string "linux_" from exploit name 2014-08-27 23:33:15 +02:00
Jakob Lell b967336b3b Small bugfix (incorrect filename in data directory) 2014-08-25 00:39:00 +02:00
Jakob Lell fc6f50058b Add desktop_linux_privilege_escalation module 2014-08-25 00:05:20 +02:00
jvazquez-r7 f6f8d7b993 Delete debug print_status 2014-07-22 15:00:03 -05:00
jvazquez-r7 b086462ed6 More cleanups of modules which REALLY need the 'old' generic encoder 2014-07-22 14:57:53 -05:00
jvazquez-r7 3d7ed10ea0 Second review of modules which shouldn't be affected by changes 2014-07-22 14:33:57 -05:00
jvazquez-r7 5e8da09b2d Allow some modules to use the old encoder 2014-07-22 14:28:11 -05:00
jvazquez-r7 b0f8d8eaf1 Delete debug print_status 2014-07-22 13:29:00 -05:00
jvazquez-r7 f546eae464 Modify encoders to allow back compatibility 2014-07-22 13:27:12 -05:00
William Vu ff6c8bd5de Land #3479, broken sock.get fix 2014-07-16 14:57:32 -05:00
Tod Beardsley 6c595f28d7 Set up a proper peer method 2014-07-14 13:29:07 -05:00
Michael Messner 1b7008dafa typo in name 2014-07-13 13:24:54 +02:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
jvazquez-r7 eb9d2f130c Change title 2014-07-11 12:03:09 -05:00
jvazquez-r7 a356a0e818 Code cleanup 2014-07-11 12:00:31 -05:00