adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

1489 Commits

Author SHA1 Message Date
HD Moore c8e44c341c Fix use of sock.get vs sock.get_once 2014-06-28 16:10:18 -05:00
HD Moore 6e80481384 Fix bad use of sock.get() and check() implementations 
Many of these modules uses sock.get() when they meant get_once()
and their HTTP-based checks were broken in some form. The response
to the sock.get() was not being checked against nil, which would
lead to stack traces when the service did not reply (a likely
case given how malformed the HTTP requests were).
 2014-06-28 16:05:05 -05:00
jvazquez-r7 45248dcdec Add YARD documentation for methods 2014-06-27 08:34:56 -04:00
jvazquez-r7 870fa96bd4 Allow quotes in CmdStagerFlavor metadata 2014-06-27 08:34:56 -04:00
jvazquez-r7 91e2e63f42 Add CmdStagerFlavor to metadata 2014-06-27 08:34:55 -04:00
jvazquez-r7 7ced5927d8 Use One CMDStagermixin 2014-06-27 08:34:55 -04:00
Spencer McIntyre ae25c300e5 Initial attempt to unify the command stagers. 2014-06-27 08:34:55 -04:00
sinn3r a60dfdaacb Land #3471 - HP AutoPass License Server File Upload 2014-06-26 14:34:32 -05:00
Joshua Smith 3ed7050b67 Lands 3420 after wrapping most lines at 80 2014-06-24 17:37:43 -05:00
Joshua Smith 3fe162a8b1 wraps most lines at 80 2014-06-24 17:36:10 -05:00
jvazquez-r7 267642aa4b Fix description 2014-06-23 09:20:47 -05:00
jvazquez-r7 cc3c06440f Add module for ZDI-14-195, HP AutoPass License Traversal 2014-06-23 09:19:56 -05:00
Joshua Smith 9af9d2f5c2 slight cleanup 2014-06-17 19:08:31 -05:00
jvazquez-r7 1133332702 Finish module 2014-06-17 15:01:35 -05:00
jvazquez-r7 8f8af0e93a Add draft version 2014-06-17 14:21:49 -05:00
jvazquez-r7 2fe7593559 Land #3433, @TecR0c's exploit for Easy File Management Web Server 2014-06-13 09:54:12 -05:00
jvazquez-r7 34f98ddc50 Do minor cleanup 2014-06-11 09:20:22 -05:00
TecR0c b27b00afbb Added target 4.0 and cleaned up exploit 2014-06-11 06:22:47 -07:00
TecR0c f1382af018 Added target 4.0 and cleaned up exploit 2014-06-11 06:20:49 -07:00
jvazquez-r7 a554b25855 Use EXITFUNC 2014-06-10 09:51:06 -05:00
TecR0c 3d33a82c1c Changed to unless 2014-06-09 09:31:14 -07:00
TecR0c 1252eea4b9 Changed to unless 2014-06-09 09:26:03 -07:00
TecR0c 52d26f290f Added check in exploit func 2014-06-09 03:23:14 -07:00
TecR0c 8ecafbc49e Easy File Management Web Server v5.3 Stack Buffer Overflow 2014-06-08 04:21:14 -07:00
Brendan Coles 6bef6edb81 Update efs_easychatserver_username.rb 
Add targets for versions 2.0 to 3.1.
Add install path detection for junk size calculation.
Add version detection for auto targeting.
 2014-06-08 06:36:18 +10:00
jvazquez-r7 079fe8622a Add module for ZDI-14-136 2014-06-04 10:29:33 -05:00
William Vu 352e14c21a Land #3391, all vars_get msftidy warning fixes 2014-05-26 23:41:46 -05:00
Christian Mehlmauer da0a9f66ea Resolved all msftidy vars_get warnings 2014-05-25 19:29:39 +02:00
Christian Mehlmauer 8d4d40b8ba Resolved some Set-Cookie warnings 2014-05-24 00:34:46 +02:00
Meatballs 38d8df4040 Merge remote-tracking branch 'upstream/master' into pr2075 
Conflicts:
	modules/exploits/windows/local/wmi.rb
 2014-04-15 22:06:45 +01:00
jvazquez-r7 a85d451904 Add module for CVE-2014-2314 2014-04-02 14:49:31 -05:00
Tod Beardsley d27264b402 Land #2782, fix expand_path abuse 2014-03-19 08:41:28 -05:00
William Vu 517f264000 Add last chunk of fixes 2014-03-11 12:46:44 -05:00
William Vu 25ebb05093 Add next chunk of fixes 
Going roughly a third at a time.
 2014-03-11 12:23:59 -05:00
OJ 3ea3968d88 Merge branch 'upstream/master' into stop_abusing_expand_path 
Conflicts:
	lib/msf/core/post/windows/shadowcopy.rb
	modules/exploits/windows/local/bypassuac.rb
	modules/post/windows/gather/wmic_command.rb
	modules/post/windows/manage/persistence.rb
 2014-03-11 23:13:39 +10:00
Meatballs 2885ebcb40 Merge remote-tracking branch 'upstream/master' into pr2075 2014-03-02 20:57:02 +00:00
jvazquez-r7 c9f0885c54 Apply @jlee-r7's feedback 2014-02-24 10:49:13 -06:00
OJ fdd0d91817 Updated the Ultra Minit HTTP bof exploit 
After exploiting this application manually I decided to make this
an MSF exploit, only to find that other people had beaten me to it.
However, the existing exploit was broken in a few ways, and this
commit makes those problems go away. They include:

* Correct use of alpha chars in the buffer leading up to the payload
  which results in bad chars being avoided. Bad chars muck with the
  offsets because they get expanded.
* Adjustment of the payload so that it runs in another thread instead
  of in the thread of the request handler. This prevents the session
  from being killed after the hard-coded 60-second timeout that is
  baked into the application.
* The handler thread terminates itself so that the process doesn't
  crash.
* Extra targets were added based on the machines I had access to.
 2014-02-23 21:23:41 +10:00
jvazquez-r7 79d559a0c9 Fix MIME message to_s 2014-02-10 22:23:23 -06:00
Meatballs c37cb5075c Merge remote-tracking branch 'upstream/master' into pr2075 2014-02-08 22:11:31 +00:00
sinn3r 89e1bcc0ca Deprecate modules with date 2013-something 
These modules had an expiration date of 2013.
 2014-02-04 14:49:18 -06:00
sinn3r cdc425e4eb Update some checks 2014-01-24 12:08:23 -06:00
sinn3r fe767f3f64 Saving progress 
Progress group 2: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
 2014-01-21 11:07:03 -06:00
sinn3r e5dc6a9911 Update exploit checks 
Progress group 1: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
 2014-01-20 14:26:10 -06:00
OJ 1cb671b02e Merge branch 'adjust_getenv_api' into stop_abusing_expand_path 2014-01-03 08:14:02 +10:00
jvazquez-r7 7f9f4ba4db Make gsubs compliant with the new indentation standard 2013-12-31 11:06:53 -06:00
OJ 9fb081cb2d Add getenvs, update getenv, change extract_path use 
Stacks of modules were using `extract_path` where it wasn't really semantically correct
because this was the only way to expand environment variables. This commit fixes that
up a bit.

Also, I changed the existing `getenv` function in `stdapi` to `getenvs`, and had it
support the splat operator. I added a `getenv` function which is used just for a
single variable and uses `getenvs` behind the scenes.

The meterpreter console `getenv` command now uses `getenvs`
 2013-12-19 11:54:34 +10:00
Tod Beardsley 040619c373 Minor description changes 
No code changes (one comment made on play_youtube to suggest xdg-open
rather than firefox for linux targets).
 2013-12-16 14:57:33 -06:00
Meatballs b252e7873b Merge remote-tracking branch 'upstream/master' into pr2075 2013-12-16 14:29:05 +00:00
sinn3r 3a9ac303f0 Use rexml for XML data generation 2013-12-10 15:37:44 -06:00