adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
39,468 Commits 27 Branches 1,043 Tags
4ba1ed2e0096b48517455a476bfe9be4e0a8fcc2
Commit Graph

20707 Commits

Author SHA1 Message Date
William Vu 4ba1ed2e00 Fix formatting in fortinet_backdoor 
Also add :config and :use_agent options.
 2016-09-16 12:32:30 -05:00
William Vu e3060194c6 Fix formatting in ubiquiti_airos_file_upload 
Also add :config and :use_agent options.
 2016-09-16 12:27:09 -05:00
Brent Cook 90f0eec390 Land #7325, Fix missing form inputs in skybluecanvas_exec 2016-09-15 19:55:32 -05:00
William Vu a7103f2155 Fix missing form inputs 
Also improve check string.
 2016-09-15 19:19:24 -05:00
Brent Cook 60e728ec5c Land #7065, Correct display errors for SHA-512 hashes with MS SQL Server 2012 2016-09-15 18:06:02 -05:00
Brent Cook 8b050fcc9b simplify cleanup code, remove duplicate logic 2016-09-15 18:05:34 -05:00
Brent Cook 6e221ca575 Land #7221, Updated JCL cmd payloads to use PR7007 format 2016-09-15 16:38:31 -05:00
William Webb 01327f0265 Land #7245, NetBSD mail.local privilege escalation module 2016-09-14 16:07:12 -05:00
James Lee 27be29edb4 Fix typo 2016-09-14 13:21:37 -05:00
James Barnett 6509b34da1 Land #7255, Fix issue causing Glassfish to fail uploading to Windows targets. 2016-09-14 12:57:41 -05:00
William Vu 8533e6c5fd Land #7252, ARCH_CMD to ARCH_PHP for phoenix_exec 2016-09-14 10:38:37 -05:00
William Vu cac890a797 Land #7308, disclosure date additions 2016-09-13 23:16:30 -05:00
William Vu e4e6f5daac Fix indentation 2016-09-13 23:15:37 -05:00
William Vu a5502264d4 Land #7305, missing env var fix for Steam module 2016-09-13 23:11:40 -05:00
h00die d73531c0d3 added disclosure dates 2016-09-13 20:37:04 -04:00
wchen-r7 245237d650 Land #7288, Add LoginScannerfor Octopus Deploy server 2016-09-13 17:26:56 -05:00
wchen-r7 10efafe44e Land #7306, Update links and add CVE to WebNMS modules 2016-09-13 15:52:27 -05:00
wchen-r7 ed5bbb9885 Land #7284, Add SugarCRM REST PHP Object Injection exploit 2016-09-13 15:46:46 -05:00
wchen-r7 a0095ad809 Check res properly and update Ruby syntax 
If res is nil, it should not be doing res.code
 2016-09-13 15:45:57 -05:00
Pedro Ribeiro 8d4ee3fac6 Forgot the bracket! 2016-09-13 19:01:22 +01:00
Pedro Ribeiro 4d49f7140c update links and CVE on webnms_file_download 2016-09-13 18:50:53 +01:00
Pedro Ribeiro 41bdae4b84 update links and CVE on webnms_file_upload 2016-09-13 18:50:25 +01:00
Pedro Ribeiro 8b90df8b67 update links and CVE on webnms_cred_disclosure 2016-09-13 18:49:58 +01:00
wchen-r7 89705cc803 Avoid potential undef method error '+' for nil 2016-09-13 11:13:02 -05:00
wchen-r7 50447fc4cf Fix post/windows/gather/credentials/steam for an empty env var 2016-09-13 11:04:42 -05:00
nixawk 1ce9aedb97 parenthesis for condition expression 2016-09-13 03:37:47 -05:00
nixawk fd16c1c3b7 Fix issue-7295 2016-09-13 01:32:20 -05:00
scriptjunkie a0e05d4c4c Land #7287, mdaemon cred dumper 2016-09-10 08:43:07 -05:00
Brent Cook a81f351cb3 Land #7274, Remove deprecated modules 2016-09-09 12:01:59 -05:00
Brent Cook 1d4b0de560 Land #6616, Added an Outlook EWS NTLM login module. 2016-09-09 11:43:52 -05:00
Agora Security 00f09d19b1 SMTP Typo 
Correct SMTP Type (before SMPT)
 2016-09-09 01:36:37 -05:00
William Vu 92dba8ff9d Land #7290, env var check for WinSCP module 2016-09-07 21:08:12 -05:00
Brendan a30711ddcd Land #7279, Use the rubyntlm gem (again) 2016-09-07 16:33:35 -05:00
wchen-r7 a9c3c5d391 Fix typos 2016-09-07 15:40:10 -05:00
wchen-r7 831c7a08a8 Check environment variables before using for winscp module 2016-09-07 15:24:22 -05:00
William Vu 7d44bd5ba4 Clean up module 2016-09-06 23:30:58 -05:00
aushack 015b790295 Added default rport. 2016-09-07 14:24:07 +10:00
aushack 7632c74aba Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2016-09-07 14:15:57 +10:00
aushack 6e21684ff7 Fix typo. 2016-09-07 14:08:46 +10:00
james-otten dcf0d74428 Adding module to scan for Octopus Deploy server 
This module tries to log into one or more Octopus Deploy servers.

More information about Octopus Deploy:
https://octopus.com
 2016-09-06 20:52:49 -05:00
EgiX df5fdbff41 Add module for KIS-2016-07: SugarCRM REST PHP Object Injection 
This PR contains a module to exploit KIS-2016-07, a PHP Object Injection vulnerability in SugarCRM CE before version 6.5.24 that allows unauthenticated users to execute arbitrary PHP code with the permissions of the webserver. Successful exploitation of this vulnerability should require SugarCRM to be running on PHP before version 5.6.25 or 7.0.10, which fix CVE-2016-7124.
 2016-09-07 01:58:41 +02:00
William Vu fed2ed444f Remove deprecated modules 
psexec_psh is undeprecated because users have been reporting
idiosyncrasies between it and psexec in the field.
 2016-09-03 12:43:01 -05:00
Brendan 81bc6bd672 Land #7228, Create zabbix_toggleids_sqli auxiliary module 2016-09-01 16:33:17 -05:00
Jon Hart b0e45341e5 Update redis file_upload to optionally FLUSHALL before writing 
This increases the chances that the uploaded file will be usable as-is
rather than being surround by the data in redis itself.
 2016-08-31 14:27:18 -07:00
Brandon Perry 874fec4e31 Update zabbix_toggleids_sqli.rb 2016-08-31 17:23:16 -04:00
Brandon Perry d43380330e Update zabbix_toggleids_sqli.rb 2016-08-31 17:18:28 -04:00
bigendian smalls 05278c868e Updated JCL cmd payloads to use PR7007 format 
PR7007 centralized JCL job card for any JCL cmd payload.  This PR simply
uses that new format for existing JCL cmd payloads.  No functionality
for these payloads was changed, added or deleted.
 2016-08-31 14:39:01 -05:00
AgoraSecurity d65ca818ea Add validation of session type 2016-08-31 11:29:04 -05:00
AgoraSecurity ce7d4cf7f7 Removed "shell" from SessionTypes 
Remove the need to check for the session type manually. It will be automatically validated at the time of module run.
 2016-08-31 00:12:31 -05:00
AgoraSecurity 401044ee43 Fix error when saving creds 2016-08-30 16:49:31 -05:00