adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

4544 Commits

Author SHA1 Message Date
jvazquez-r7 ad864cc94b Delete unnecessary code 2014-09-25 16:18:01 -05:00
jvazquez-r7 9245bedf58 Make it more generic, add X86_64 target 2014-09-25 15:54:20 -05:00
jvazquez-r7 d8c03d612e Avoid failures due to bad payload selection 2014-09-25 13:49:04 -05:00
jvazquez-r7 91e5dc38bd Use datastore timeout 2014-09-25 13:36:05 -05:00
jvazquez-r7 8a43d635c3 Add exploit module for CVE-2014-6271 2014-09-25 13:26:57 -05:00
us3r777 919eec250d Refactor auto_target from Jboss mixin 
Removed fail_with and targets from the mixin.
 2014-09-24 22:15:32 +02:00
Joe Vennix d9e6f2896f Add the JSObfu mixin to a lot of places. 2014-09-21 23:45:59 -05:00
sinn3r 3e09283ce5 Land #3777 - Fix struts_code_exec_classloader on windows 2014-09-16 13:09:58 -05:00
sinn3r 158d4972d9 More references and pass msftidy 2014-09-16 12:54:27 -05:00
Vincent Herbulot 7a7b6cb443 Some refactoring 
Use EDB instead of URL for Exploit-DB.
Remove peer variable as peer comes from HttpClient.
 2014-09-16 17:49:45 +02:00
us3r777 4c615ecf94 Module for CVE-2014-5519, phpwiki/ploticus RCE 2014-09-16 00:09:41 +02:00
jvazquez-r7 373eb3dda0 Make struts_code_exec_classloader to work on windows 2014-09-10 18:00:16 -05:00
sinn3r 0a6ce1f305 Land #3727 - SolarWinds Storage Manager exploit AND Msf::Payload::JSP 2014-09-09 17:21:03 -05:00
sinn3r 027f543bdb Land #3732 - Eventlog Analzyer exploit 2014-09-09 11:33:20 -05:00
sinn3r 75269fd0fa Make sure we're not doing a 'negative' timeout 2014-09-09 11:26:49 -05:00
Tod Beardsley 4abee39ab2 Fixup for release 
Ack, a missing disclosure date on the GDB exploit. I'm deferring to the
PR itself for this as the disclosure and URL reference.
 2014-09-08 14:00:34 -05:00
William Vu ae5a8f449c Land #3691, gdbserver hax 2014-09-08 11:48:39 -05:00
us3r777 b8ba2dd703 Fix timeout with HEAD request in delete_file 2014-09-08 18:34:50 +02:00
us3r777 cc5b852517 Fixed spec for lib/msf/http/jboss 
Revert commit abdd72e8c6.
Added some spec for lib/msf/http/jboss/deployment_file_repository_scripts
 2014-09-08 17:42:04 +02:00
Vincent Herbulot 283e83028f Fix problem with HEAD requests 
Split lib/msf/http/jboss/script into
lib/msf/http/jboss/deployment_file_repository_scripts.rb and
lib/msf/http/jboss/bean_shell_scripts.rb as
 2014-09-08 14:02:15 +02:00
sinn3r 85b48fd437 Land #3736 - Revert initial ff xpi prompt bypass for Firefox 22-27 2014-09-04 16:08:15 -05:00
Joe Vennix 0e18d69aab Add extended mode to prevent service from dying. 2014-09-03 16:07:27 -05:00
Joe Vennix 4293500a5e Implement running exe in multi. 2014-09-03 15:56:21 -05:00
Joe Vennix 268d42cf07 Add PrependFork to payload options. 2014-09-03 14:56:22 -05:00
Pedro Ribeiro ded085f5cc Add CVE ID 2014-09-03 07:22:10 +01:00
Pedro Ribeiro c672fad9ef Add OSVDB ID, remove comma from Author field 2014-09-02 23:17:10 +01:00
Joe Vennix f7617183d9 Revert "Add initial firefox xpi prompt bypass." 
This reverts commit ebcf972c08.
 2014-09-02 12:27:41 -05:00
Pedro Ribeiro d480a5e744 Credit h0ng10 properly 2014-09-01 07:58:26 +01:00
Pedro Ribeiro 59847eb15b Remove newline at the top 2014-09-01 07:56:53 +01:00
Pedro Ribeiro 6a370a5f69 Add exploit for eventlog analyzer file upload 2014-09-01 07:56:01 +01:00
jvazquez-r7 c05edd4b63 Delete debug print_status 2014-08-31 01:34:47 -05:00
jvazquez-r7 559ec4adfe Add module for ZDI-14-299 2014-08-31 01:11:46 -05:00
us3r777 403eae3579 Jboss file deployment repository refactorization 
Moved lib/msf/http/jboss/bean_shell_script.rb to
lib/msf/http/jboss/script.rb. Moved head_stager_jsp to script.rb.
Removed stager_jsp to use the function from the mixin.
 2014-08-30 13:15:37 +02:00
us3r777 33f90de7f6 Refactoring jboss module to work with the Mixin 
Moved upload and delete methods of deploymentfilerepository to the
mixin. Removed call_uri_mtimes method as the module now uses deploy
from the mixin.
 2014-08-29 20:08:35 +02:00
jvazquez-r7 58091b9e2b Land #3708, @pedrib fix for manage_engine_dc_pmp_sqli 2014-08-28 10:47:03 -05:00
us3r777 af9f3b83a7 Refactoring jboss module to work with the Mixin 
Removed datastore USERNAME and PASSWORD which are provided by
Msf::Exploit::Remote::HttpClient. Removed datastore PATH and VERB which
are provided by the mixin (lib/msf/http/jboss). Moved target detection
to the mixin.
 2014-08-27 22:54:40 +02:00
sinn3r 633eaab466 Land #3714 - Firefox 22-27 WebIDL Privileged Javascript Injection 2014-08-27 01:45:18 -05:00
Joe Vennix 26cfed6c6a Rename exploit module. 2014-08-26 23:05:41 -05:00
Joe Vennix 96276aa6fa Get the disclosure date right. 2014-08-26 20:36:58 -05:00
Joe Vennix 52f33128cd Add Firefox WebIDL Javascript exploit. 
Also removes an incorrect reference from another FF exploit.
 2014-08-26 20:35:17 -05:00
Pedro Ribeiro a8d03aeb59 Fix bug with PMP db paths 2014-08-26 12:54:31 +01:00
Pedro Ribeiro 473341610c Update name to mention DC; correct servlet name 2014-08-26 12:39:48 +01:00
Joe Vennix 6d3255a3b5 Update bad config error. 2014-08-25 14:43:23 -05:00
Joe Vennix b652ebb44f Add other gdb-supported platforms that run on allowed arches. 2014-08-25 14:15:20 -05:00
Joe Vennix c4a173e943 Remove automatic target, couldn't figure out generic payloads. 2014-08-25 14:14:47 -05:00
Joe Vennix 6313b29b7a Add #arch method to Msf::EncodedPayload. 
This allows exploits with few one automatic target to support many
different architectures.
 2014-08-24 02:22:15 -05:00
Joe Vennix 88f626184c Remove linux platform limitation, target depends on arch only. 2014-08-24 01:39:04 -05:00
Joe Vennix 04d0b87067 Reorder module title. 2014-08-24 01:18:21 -05:00
Joe Vennix c65ba20017 Fix incorrect Platforms key. 2014-08-24 01:15:34 -05:00
Joe Vennix 4e63faea08 Get a shell from a loose gdbserver session. 2014-08-24 01:10:30 -05:00