adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
42,493 Commits 27 Branches 1,043 Tags
123a03fd218367dbeb2dfcfc8a978cc9ad080723
Commit Graph

22137 Commits

Author SHA1 Message Date
HD Moore 123a03fd21 Detect server-side path, work on Samba 3.x and 4.x 2017-05-26 17:02:18 -05:00
HD Moore eebfd9b7f2 Switch to the mixin-provided SMB share enumeration methods 2017-05-26 17:02:06 -05:00
HD Moore 072ab7291c Add /tank (from ryan-c) to search path 2017-05-26 06:56:41 -05:00
wchen-r7 2835c165d7 Land #8390, Add module to execute powershell on Octopus Deploy server 2017-05-25 17:33:07 -05:00
wchen-r7 330526af72 Update check method 2017-05-25 17:30:58 -05:00
William Vu ae22b4ccf4 Land #8450, Samba is_known_pipename() exploit 2017-05-25 16:36:28 -05:00
HD Moore 1474faf909 Remove ARMLE for now, will re-PR once functional 2017-05-25 16:14:35 -05:00
HD Moore 2ad386948f Small cosmetic typo 2017-05-25 16:10:37 -05:00
HD Moore 18a871d6a4 Delete the .so, add PID bruteforce option, cleanup 2017-05-25 16:03:14 -05:00
nks 1a8961b5e3 fied typo 2017-05-25 19:14:59 +02:00
HD Moore cf7cfa9b2c Add check() implementation based on bcoles notes 2017-05-25 09:49:45 -05:00
HD Moore 0520d7cf76 First crack at Samba CVE-2017-7494 2017-05-24 19:42:04 -05:00
William Vu e4ea618edf Land #8419, ETERNALBLUE fixes (round two) 
Hope I resolved the conflicts correctly.
 2017-05-23 17:03:21 -05:00
William Vu 46eb6bdf62 Land #8399, ETERNALBLUE fixes (round one) 2017-05-23 16:51:19 -05:00
William Vu f80c3aa3f4 Correct absolute path 2017-05-23 16:50:25 -05:00
bwatters-r7 461649ed34 Land #8378, Add check in archmigrate to prevent privdesc 2017-05-23 14:37:29 -05:00
Carter c73e7673b1 Please the rubocop god 2017-05-23 15:13:55 -04:00
Carter e945773576 Update archmigrate.rb 2017-05-23 14:40:42 -04:00
Jeffrey Martin b7b1995238 Land #8274, Wordpress admin upload check 2017-05-22 22:08:32 -05:00
Jeffrey Martin 5395d8f17c update python stageless payload sizes 2017-05-22 18:21:13 -05:00
Jeffrey Martin d69bfd509f store the credential using the new store_valid_credential 2017-05-22 15:08:03 -05:00
William Webb 467f1ce0ca Land #8411, Buffer overflow in VXSearch Enterprise v9.5.12 2017-05-22 07:37:31 -05:00
Christian Mehlmauer b5caeb29dd only support for 32bit so far 2017-05-22 12:30:52 +02:00
HD Moore 036f063988 Fix a stack trace when no SMB response is received 2017-05-19 16:24:41 -05:00
Pearce Barry a6f416e8df Land #8290, Hwbridge Automotive Fix and Extension Enhancements 2017-05-19 13:46:54 -05:00
lincoln b76229b5f7 removed unessessary line 2017-05-18 19:15:49 -07:00
lincoln 7ca0fe5a68 Added make_junk function 2017-05-18 19:06:09 -07:00
James Lee 4def7ce6cc Land #8327, Simplify storing credentials 2017-05-18 16:49:01 -05:00
Daniel Teixeira c1624d0967 VX Search Enterprise GET Buffer Overflow 2017-05-18 17:12:47 +01:00
zerosum0x0 bdf121e1c0 x86 kernels will safely ret instead of BSOD 2017-05-17 23:48:14 -06:00
zerosum0x0 d944bdfab0 expect 0xC00000D 2017-05-17 23:05:20 -06:00
zerosum0x0 646ca14375 basic OS verification, ghetto socket read code 2017-05-17 22:48:45 -06:00
wchen-r7 c0bf2cc6e7 Land #8401, Buffer Overflow on Sync Breeze Enterprise 9.4.28 2017-05-17 23:39:50 -05:00
wchen-r7 3360171977 Land #8319, Add exploit module for Mediawiki SyntaxHighlight extension 2017-05-17 23:23:50 -05:00
James Lee b78749bc1b Land #8221, move autoroute 2017-05-17 15:17:45 -05:00
Daniel Teixeira ad8788cc74 Update syncbreeze_bof.rb 2017-05-17 11:33:24 +01:00
Daniel Teixeira 5329ce56c4 Sync Breeze Enterprise GET Buffer Overflow 2017-05-17 10:53:28 +01:00
lincoln 2f39daafc5 Updated module removing hardcoded binary payload strings 
-Used only nessessary pointers needed for exploit to work removing junk/filler chars
-Repaced ROP chain with generic from msvcrt (even though original was beautiful and smaller, uses hardcoded pointers for leave instructions)
-Cannot use ropdb since 4 byte junk char during generation may result in InvalidByteSequenceError during UTF conversion
-It's been some years since my last pull request...so I might be a bit rusty to new Metasploit standards (please forgive me!)
 2017-05-16 23:22:42 -07:00
William Webb 7e2dab4ddc Land #8303, Buffer Overflow on Dupscout Enterprise v9.5.14 2017-05-17 01:04:59 -05:00
zerosum0x0 6fb4040d11 add core buffer dump for OS version 2017-05-16 23:18:39 -06:00
William Vu 1f4ff30adb Improve 200 fail_with in wp_phpmailer_host_header 
One. last. commit. Noticed this in the response body.
 2017-05-16 22:38:36 -05:00
wchen-r7 11da7c7c81 Land #8394, Add Moxa Credential Recovery Module 2017-05-16 16:45:22 -05:00
wchen-r7 8025eb573a Enforce check 
Because we are not able to get our hands on the hardware for testing,
and that this module may trigger a backtrace if the UDP server isn't
Moxa, we force check to make sure that doesn't happen.
 2017-05-16 16:43:22 -05:00
wchen-r7 77a9676efb Land #8347, Add Serviio Media Server checkStreamUrl Command Execution 2017-05-16 16:20:39 -05:00
William Vu 6d81ca4208 Fix Array/String TypeError in ms17_010_eternalblue 2017-05-16 15:53:34 -05:00
William Vu e24de5f110 Fix Class/String TypeError in ms17_010_eternalblue 2017-05-16 15:41:16 -05:00
James Lee e3f4cc0dfd Land #8345, WordPress PHPMailer Exim injection 
CVE-2016-10033
 2017-05-16 15:07:21 -05:00
wchen-r7 2d7f7f9aec Pass msftidy 2017-05-16 15:05:12 -05:00
William Vu 29b7aa5b9b Update fail_with for 200 (bad user?) 2017-05-16 15:03:42 -05:00
wchen-r7 e62fc3e93c Land #8376, Add BuilderEngine 3.5 Arbitrary file upload & exec exploit 2017-05-16 14:53:32 -05:00