adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

2936 Commits

Author SHA1 Message Date
jvazquez-r7 50317d44d3 Do more easy clean 2014-01-30 16:23:17 -06:00
jvazquez-r7 1a9e6dfb2a Allow check to detect platform and arch 2014-01-30 15:17:20 -06:00
jvazquez-r7 b2273dce2e Delete Automatic target 
It isn't usefull at all, when auto targeting is done, the payload (java platform and arch)
has been already selected.
 2014-01-30 15:04:08 -06:00
jvazquez-r7 cebbe71dba Do easy cleanup of exploit 2014-01-30 14:42:02 -06:00
jvazquez-r7 c336133a8e Do a first clean related to auto_target 2014-01-30 14:27:20 -06:00
jvazquez-r7 57b8b49744 Clean query_manager 2014-01-30 14:20:02 -06:00
jvazquez-r7 148e51a28b Clean metadata and use TARGETURI 2014-01-30 14:03:52 -06:00
William Vu 56287e308d Clean up unused variables 2014-01-30 11:20:21 -06:00
Mekanismen e7ab77c736 added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00
RangerCha a49473181c Added new module. Abuses tomcat manager upload page. Tested on tomcat 5.5.36, 6.0.37, 7.0.50, 8.0.0rc10 2014-01-27 09:04:59 -05:00
jvazquez-r7 8fe74629fe Allow send_request_cgi to take care of the uri encoding 2014-01-26 00:06:41 -06:00
jvazquez-r7 37adf1251c Delete privileged flag because is configuration dependant 2014-01-25 18:25:31 -06:00
jvazquez-r7 038cb7a981 Add module for CVE-2012-0394 2014-01-25 18:17:01 -06:00
William Vu 7c5229e2eb Use opts hash for glassfish_deployer 
https://dev.metasploit.com/redmine/issues/8498
 2014-01-24 20:17:02 -06:00
sinn3r cdc425e4eb Update some checks 2014-01-24 12:08:23 -06:00
sinn3r 7f560a4b41 Oops, I broke this module 2014-01-22 11:23:18 -06:00
sinn3r 646f7835a3 Saving progress 2014-01-21 17:14:55 -06:00
sinn3r 85396b7af2 Saving progress 
Progress group 4: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
 2014-01-21 14:10:35 -06:00
sinn3r 689999c8b8 Saving progress 
Progress group 3: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
 2014-01-21 13:03:36 -06:00
jvazquez-r7 e2fa581b8c Delete empty line 2014-01-17 22:05:14 -06:00
sinn3r 57318ef009 Fix nil bug in jboss_invoke_deploy.rb 
If there is a connection timeout, the module shouldn't access the
"code" method because that does not exist.
 2014-01-17 11:47:18 -06:00
jvazquez-r7 95a5d12345 Merge #2835, #2836, #2837, #2838, #2839, #2840, #2841, #2842 into one branch 2014-01-13 10:57:09 -06:00
Niel Nielsen e79ccb08cb Update rails_secret_deserialization.rb 
When using aws-sdk with Ruby 2.1.0-rc1, many "Digest::Digest is deprecated; use Digest" warnings are printed.
Even in Ruby 1.8.7-p374, OpenSSL::Digest::Digest is only provided for backward compatibility.
 2014-01-07 21:41:15 +01:00
Joe Vennix 1057cbafee Remove deprecated linksys module. 2014-01-07 10:22:35 -06:00
Tod Beardsley c0a82ec091 Avoid specific versions in module names 
They tend to be a lie and give people the idea that only that version is
vulnerable.
 2014-01-06 13:47:24 -06:00
OJ 1cb671b02e Merge branch 'adjust_getenv_api' into stop_abusing_expand_path 2014-01-03 08:14:02 +10:00
jvazquez-r7 1b893a5c26 Add module for CVE-2013-3214, CVE-2013-3215 2014-01-02 11:25:52 -06:00
jvazquez-r7 7f9f4ba4db Make gsubs compliant with the new indentation standard 2013-12-31 11:06:53 -06:00
sinn3r 5b647ba6f8 Change description 
Pre-auth is implied.
 2013-12-23 02:33:17 -06:00
jvazquez-r7 4816abe63b Add module for ZDI-13-263 2013-12-19 17:48:52 -06:00
OJ 9fb081cb2d Add getenvs, update getenv, change extract_path use 
Stacks of modules were using `extract_path` where it wasn't really semantically correct
because this was the only way to expand environment variables. This commit fixes that
up a bit.

Also, I changed the existing `getenv` function in `stdapi` to `getenvs`, and had it
support the splat operator. I added a `getenv` function which is used just for a
single variable and uses `getenvs` behind the scenes.

The meterpreter console `getenv` command now uses `getenvs`
 2013-12-19 11:54:34 +10:00
Tod Beardsley 040619c373 Minor description changes 
No code changes (one comment made on play_youtube to suggest xdg-open
rather than firefox for linux targets).
 2013-12-16 14:57:33 -06:00
jvazquez-r7 3d5501326b Land #2743, @Mekanismen's exploit for CVE-2013-0632 2013-12-10 10:00:30 -06:00
jvazquez-r7 30960e973f Do minor cleanup on coldfusion_rds 2013-12-10 09:59:36 -06:00
Mekanismen 9a6e504bfe fixed path error and description 2013-12-10 09:05:34 +01:00
Mekanismen 313a98b084 moved coldfusion_rds to multi directory and fixed a bug 2013-12-10 08:45:27 +01:00
jvazquez-r7 f77784cd0d Land #2723, @denandz's module for OSVDB-100423 2013-12-06 17:32:07 -06:00
jvazquez-r7 3729c53690 Move uptime_file_upload to the correct location 2013-12-06 15:57:52 -06:00
sinn3r 230db6451b Remove @peer for modules that use HttpClient 
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
 2013-12-03 12:58:16 -06:00
rcnunez 9d50a7da85 Pandora Authentication Bypass and File Upload Exec 2013-12-03 21:23:56 +08:00
Tod Beardsley 55847ce074 Fixup for release 
Notably, adds a description for the module landed in #2709.
 2013-12-02 16:19:05 -06:00
jvazquez-r7 41f8a34683 Use attempts 2013-12-02 08:43:22 -06:00
jvazquez-r7 433d21730e Add ATTEMPTS option 2013-12-02 08:42:25 -06:00
jvazquez-r7 b9192c64aa Fix @wchen-r7's feedback 2013-12-01 19:55:53 -06:00
jvazquez-r7 3417c4442a Make check really better 2013-11-30 09:47:34 -06:00
jvazquez-r7 749e6bd65b Do better check method 2013-11-30 09:46:22 -06:00
jvazquez-r7 0a7c0eea78 Fix references 2013-11-29 23:13:07 -06:00
jvazquez-r7 691d47f3a3 Add module for ZDI-13-255 2013-11-29 23:11:44 -06:00
sinn3r 57f4f68559 Land #2652 - Apache Roller OGNL Injection 2013-11-25 15:14:35 -06:00
jvazquez-r7 cec4166766 Fix description 2013-11-20 12:49:22 -06:00