adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
28,258 Commits 27 Branches 1,043 Tags
280ee2654526f5dc35805fa5c7a623b1cfbdcd30
Commit Graph

875 Commits

Author SHA1 Message Date
Spencer McIntyre f886ab6f97 Land #4020, Jenkins-CI CSRF token support 2014-10-20 19:03:24 -04:00
Spencer McIntyre 005baa7f7e Retry the script page request to get the token 
After logging in to Jenkins the script console page
needs to be requested again to get the CSRF token.
 2014-10-19 14:04:16 -04:00
William Vu 10f3969079 Land #4043, s/http/http:/ splat 
What is a splat?
 2014-10-17 13:41:07 -05:00
William Vu a514e3ea16 Fix bad indent (should be spaces) 
msftidy is happy now.
 2014-10-17 12:39:25 -05:00
URI Assassin 35d3bbf74d Fix up comment splats with the correct URI 
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
 2014-10-17 11:47:33 -05:00
Brandon Perry 353d2f79cc tweak pw generation 2014-10-16 12:06:19 -07:00
Brandon Perry 5f8c0cb4f3 Merge branch 'drupal' of https://github.com/FireFart/metasploit-framework into drupageddon 2014-10-16 11:53:54 -07:00
Christian Mehlmauer c8dd08f605 password hashing 2014-10-17 15:52:47 +02:00
Brandon Perry 23b7b8e400 fix for version 7.0-7.31 2014-10-16 11:53:48 -07:00
Brandon Perry 9bab77ece6 add urls 2014-10-16 10:36:37 -07:00
Brandon Perry b031ce4df3 Create drupal_drupageddon.rb 2014-10-16 16:42:47 -05:00
Brandon Perry 5c4ac48db7 update the drupal module a bit with error checking 2014-10-16 10:32:39 -07:00
Fernando Munoz 4c2ae1a753 Fix jenkins when CSRF is enabled 2014-10-14 19:33:23 -05:00
HD Moore 0380c5e887 Add CVE-2014-6278 support, lands #3932 2014-10-01 18:25:41 -05:00
William Vu c1b0acf460 Add CVE-2014-6278 support to the exploit module 
Same thing.
 2014-10-01 17:58:25 -05:00
Tod Beardsley 4fbab43f27 Release fixes, all titles and descs 2014-10-01 14:26:09 -05:00
William Vu de65ab0519 Fix broken check in exploit module 
See 71d6b37088.
 2014-09-29 23:03:09 -05:00
William Vu df44dfb01a Add OSVDB and EDB references to Shellshock modules 2014-09-29 21:39:07 -05:00
sinn3r 8f3e03d4f2 Land #3903 - ManageEngine OpManager / Social IT Arbitrary File Upload 2014-09-29 17:53:43 -05:00
Pedro Ribeiro 533b807bdc Add OSVDB id 2014-09-29 21:52:44 +01:00
Spencer McIntyre fe12ed02de Support a user defined header in the exploit too 2014-09-27 18:58:53 -04:00
Pedro Ribeiro f20610a657 Added full disclosure URL 2014-09-27 21:34:57 +01:00
Pedro Ribeiro 030aaa4723 Add exploit for CVE-2014-6034 2014-09-27 19:33:49 +01:00
jvazquez-r7 0a3735fab4 Make it better 2014-09-26 16:01:10 -05:00
jvazquez-r7 3538b84693 Try to make a better check 2014-09-26 15:55:26 -05:00
jvazquez-r7 ad864cc94b Delete unnecessary code 2014-09-25 16:18:01 -05:00
jvazquez-r7 9245bedf58 Make it more generic, add X86_64 target 2014-09-25 15:54:20 -05:00
jvazquez-r7 d8c03d612e Avoid failures due to bad payload selection 2014-09-25 13:49:04 -05:00
jvazquez-r7 91e5dc38bd Use datastore timeout 2014-09-25 13:36:05 -05:00
jvazquez-r7 8a43d635c3 Add exploit module for CVE-2014-6271 2014-09-25 13:26:57 -05:00
sinn3r 3e09283ce5 Land #3777 - Fix struts_code_exec_classloader on windows 2014-09-16 13:09:58 -05:00
sinn3r 158d4972d9 More references and pass msftidy 2014-09-16 12:54:27 -05:00
Vincent Herbulot 7a7b6cb443 Some refactoring 
Use EDB instead of URL for Exploit-DB.
Remove peer variable as peer comes from HttpClient.
 2014-09-16 17:49:45 +02:00
us3r777 4c615ecf94 Module for CVE-2014-5519, phpwiki/ploticus RCE 2014-09-16 00:09:41 +02:00
jvazquez-r7 373eb3dda0 Make struts_code_exec_classloader to work on windows 2014-09-10 18:00:16 -05:00
sinn3r 0a6ce1f305 Land #3727 - SolarWinds Storage Manager exploit AND Msf::Payload::JSP 2014-09-09 17:21:03 -05:00
sinn3r 75269fd0fa Make sure we're not doing a 'negative' timeout 2014-09-09 11:26:49 -05:00
Pedro Ribeiro ded085f5cc Add CVE ID 2014-09-03 07:22:10 +01:00
Pedro Ribeiro c672fad9ef Add OSVDB ID, remove comma from Author field 2014-09-02 23:17:10 +01:00
Pedro Ribeiro d480a5e744 Credit h0ng10 properly 2014-09-01 07:58:26 +01:00
Pedro Ribeiro 59847eb15b Remove newline at the top 2014-09-01 07:56:53 +01:00
Pedro Ribeiro 6a370a5f69 Add exploit for eventlog analyzer file upload 2014-09-01 07:56:01 +01:00
jvazquez-r7 c05edd4b63 Delete debug print_status 2014-08-31 01:34:47 -05:00
jvazquez-r7 559ec4adfe Add module for ZDI-14-299 2014-08-31 01:11:46 -05:00
Pedro Ribeiro a8d03aeb59 Fix bug with PMP db paths 2014-08-26 12:54:31 +01:00
Pedro Ribeiro 473341610c Update name to mention DC; correct servlet name 2014-08-26 12:39:48 +01:00
jvazquez-r7 0031913b34 Fix nil accesses 2014-08-22 16:19:11 -05:00
jvazquez-r7 38e6576990 Update 2014-08-22 13:22:57 -05:00
jvazquez-r7 cf147254ad Use snake_case in the filename 2014-08-22 11:44:35 -05:00
jvazquez-r7 823649dfa9 Clean exploit, just a little 2014-08-22 11:43:58 -05:00