adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

2936 Commits

Author SHA1 Message Date
Brendan Coles 0ede70e7f6 Add exploit module for CUPS shellshock 2014-10-19 17:58:49 +00:00
William Vu 10f3969079 Land #4043, s/http/http:/ splat 
What is a splat?
 2014-10-17 13:41:07 -05:00
William Vu a514e3ea16 Fix bad indent (should be spaces) 
msftidy is happy now.
 2014-10-17 12:39:25 -05:00
URI Assassin 35d3bbf74d Fix up comment splats with the correct URI 
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
 2014-10-17 11:47:33 -05:00
Brandon Perry 353d2f79cc tweak pw generation 2014-10-16 12:06:19 -07:00
Brandon Perry 5f8c0cb4f3 Merge branch 'drupal' of https://github.com/FireFart/metasploit-framework into drupageddon 2014-10-16 11:53:54 -07:00
Christian Mehlmauer c8dd08f605 password hashing 2014-10-17 15:52:47 +02:00
Brandon Perry 23b7b8e400 fix for version 7.0-7.31 2014-10-16 11:53:48 -07:00
Brandon Perry 9bab77ece6 add urls 2014-10-16 10:36:37 -07:00
Brandon Perry b031ce4df3 Create drupal_drupageddon.rb 2014-10-16 16:42:47 -05:00
Brandon Perry 5c4ac48db7 update the drupal module a bit with error checking 2014-10-16 10:32:39 -07:00
Fernando Munoz 4c2ae1a753 Fix jenkins when CSRF is enabled 2014-10-14 19:33:23 -05:00
Vincent Herbulot 63426793ef Use vars_get instead of direct URI concatenation 2014-10-02 11:03:12 +02:00
HD Moore 0380c5e887 Add CVE-2014-6278 support, lands #3932 2014-10-01 18:25:41 -05:00
William Vu c1b0acf460 Add CVE-2014-6278 support to the exploit module 
Same thing.
 2014-10-01 17:58:25 -05:00
Tod Beardsley 4fbab43f27 Release fixes, all titles and descs 2014-10-01 14:26:09 -05:00
William Vu de65ab0519 Fix broken check in exploit module 
See 71d6b37088.
 2014-09-29 23:03:09 -05:00
William Vu df44dfb01a Add OSVDB and EDB references to Shellshock modules 2014-09-29 21:39:07 -05:00
sinn3r 8f3e03d4f2 Land #3903 - ManageEngine OpManager / Social IT Arbitrary File Upload 2014-09-29 17:53:43 -05:00
Pedro Ribeiro 533b807bdc Add OSVDB id 2014-09-29 21:52:44 +01:00
us3r777 7125a9f047 Added YARD doc to the mixin 
Also make a slight correction on jboss_deployementfilerepository.rb to
handle nil responses.
 2014-09-28 19:44:37 +02:00
Spencer McIntyre fe12ed02de Support a user defined header in the exploit too 2014-09-27 18:58:53 -04:00
Pedro Ribeiro f20610a657 Added full disclosure URL 2014-09-27 21:34:57 +01:00
Pedro Ribeiro 030aaa4723 Add exploit for CVE-2014-6034 2014-09-27 19:33:49 +01:00
jvazquez-r7 0a3735fab4 Make it better 2014-09-26 16:01:10 -05:00
jvazquez-r7 3538b84693 Try to make a better check 2014-09-26 15:55:26 -05:00
jvazquez-r7 ad864cc94b Delete unnecessary code 2014-09-25 16:18:01 -05:00
jvazquez-r7 9245bedf58 Make it more generic, add X86_64 target 2014-09-25 15:54:20 -05:00
jvazquez-r7 d8c03d612e Avoid failures due to bad payload selection 2014-09-25 13:49:04 -05:00
jvazquez-r7 91e5dc38bd Use datastore timeout 2014-09-25 13:36:05 -05:00
jvazquez-r7 8a43d635c3 Add exploit module for CVE-2014-6271 2014-09-25 13:26:57 -05:00
us3r777 919eec250d Refactor auto_target from Jboss mixin 
Removed fail_with and targets from the mixin.
 2014-09-24 22:15:32 +02:00
sinn3r 3e09283ce5 Land #3777 - Fix struts_code_exec_classloader on windows 2014-09-16 13:09:58 -05:00
sinn3r 158d4972d9 More references and pass msftidy 2014-09-16 12:54:27 -05:00
Vincent Herbulot 7a7b6cb443 Some refactoring 
Use EDB instead of URL for Exploit-DB.
Remove peer variable as peer comes from HttpClient.
 2014-09-16 17:49:45 +02:00
us3r777 4c615ecf94 Module for CVE-2014-5519, phpwiki/ploticus RCE 2014-09-16 00:09:41 +02:00
jvazquez-r7 373eb3dda0 Make struts_code_exec_classloader to work on windows 2014-09-10 18:00:16 -05:00
sinn3r 0a6ce1f305 Land #3727 - SolarWinds Storage Manager exploit AND Msf::Payload::JSP 2014-09-09 17:21:03 -05:00
sinn3r 75269fd0fa Make sure we're not doing a 'negative' timeout 2014-09-09 11:26:49 -05:00
us3r777 b8ba2dd703 Fix timeout with HEAD request in delete_file 2014-09-08 18:34:50 +02:00
us3r777 cc5b852517 Fixed spec for lib/msf/http/jboss 
Revert commit abdd72e8c6.
Added some spec for lib/msf/http/jboss/deployment_file_repository_scripts
 2014-09-08 17:42:04 +02:00
Vincent Herbulot 283e83028f Fix problem with HEAD requests 
Split lib/msf/http/jboss/script into
lib/msf/http/jboss/deployment_file_repository_scripts.rb and
lib/msf/http/jboss/bean_shell_scripts.rb as
 2014-09-08 14:02:15 +02:00
Pedro Ribeiro ded085f5cc Add CVE ID 2014-09-03 07:22:10 +01:00
Pedro Ribeiro c672fad9ef Add OSVDB ID, remove comma from Author field 2014-09-02 23:17:10 +01:00
Pedro Ribeiro d480a5e744 Credit h0ng10 properly 2014-09-01 07:58:26 +01:00
Pedro Ribeiro 59847eb15b Remove newline at the top 2014-09-01 07:56:53 +01:00
Pedro Ribeiro 6a370a5f69 Add exploit for eventlog analyzer file upload 2014-09-01 07:56:01 +01:00
jvazquez-r7 c05edd4b63 Delete debug print_status 2014-08-31 01:34:47 -05:00
jvazquez-r7 559ec4adfe Add module for ZDI-14-299 2014-08-31 01:11:46 -05:00
us3r777 403eae3579 Jboss file deployment repository refactorization 
Moved lib/msf/http/jboss/bean_shell_script.rb to
lib/msf/http/jboss/script.rb. Moved head_stager_jsp to script.rb.
Removed stager_jsp to use the function from the mixin.
 2014-08-30 13:15:37 +02:00