adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41,247 Commits 27 Branches 1,043 Tags
5383900a54ef6e9dab353bbf4e29d024cb6cba4d
Commit Graph

10054 Commits

Author SHA1 Message Date
wchen-r7 70f7dccf62 copy and paste fail 2017-02-23 17:11:08 -06:00
wchen-r7 5d0b532b20 Fix #8002, Use post/windows/manage/priv_migrate instead of migrate -f 
Because migrate -f uses a meterpreter script, and meterpreter scripts
are deprecated, we should be replacing with a post module

Fix #8002
 2017-02-23 17:04:36 -06:00
Brendan Coles 5d3a4cce67 Use all caps for module option names 2017-02-23 16:30:01 +11:00
Brendan Coles 47fec5626e Style update 2017-02-22 07:56:17 +00:00
Brendan Coles e491f01c70 Add MVPower DVR Shell Unauthenticated Command Execution module 2017-02-22 05:15:57 +00:00
wchen-r7 48f6740fee Land #7969, Add Module Trend Micro IMSVA Remote Code Execution 2017-02-21 17:29:04 -06:00
bwatters-r7 a9b9a58d4d Land #7893, Add Module AlienVault OSSIM/USM Remote Code Execution 2017-02-21 13:35:56 -06:00
William Webb 83cc28a091 Land #7972, Microsoft Office Word Macro Generator OS X Edition 2017-02-21 13:26:42 -06:00
William Vu dad21b1c1d Land #7979, another downcase fix for a password 2017-02-19 21:26:52 -06:00
h00die 92c1fa8390 remove downcase 2017-02-18 20:13:32 -05:00
Brent Cook 2c570b6709 Land #7942, Microsoft SQL Server Clr Stored Procedure Payload Execution 2017-02-17 17:28:54 -06:00
Brent Cook 8019a9e519 Land #7947, fix crash in panda_psevents when an unexpected target OS is found 2017-02-17 14:08:27 -06:00
wchen-r7 1f23b44003 I modified windows/fileformat/office_word_macro the wrong way 2017-02-16 23:16:06 -06:00
wchen-r7 7503f643cc Deprecate windows/fileformat/office_word_macro 
Please use exploits/multi/fileformat/office_word_macro instead,
because the new one supports OS X.
 2017-02-16 12:32:14 -06:00
wchen-r7 3d269b46ad Support OS X for Microsoft Office macro exploit 2017-02-16 12:28:11 -06:00
David Manouchehri f113114643 Added assigned CVE. 2017-02-15 17:05:23 -05:00
h00die 843f559069 land #7917 piwik exploit module 2017-02-14 00:52:27 -05:00
OJ ec316bfb6c Use DATABASE when logging in with SQL mixin 2017-02-14 10:34:27 +10:00
h00die a47a479bd3 add else case 2017-02-12 19:08:31 -05:00
Christian Mehlmauer baa473a1c6 add piwik superuser plugin upload module 2017-02-11 00:20:50 +01:00
James Lee 026f6eb715 Land #7929, improve php_cgi_arg_injection 2017-02-10 10:01:38 -06:00
OJ 2d834a3f5a Finalise module, and add supporting binaries 2017-02-10 12:56:40 +10:00
OJ 1c62559e55 Add v1 of SQL Clr stored proc payload module 2017-02-10 10:28:22 +10:00
bwatters-r7 272d1845fa Land #7934, Add exploit module for OpenOffice with a malicious macro 2017-02-09 13:42:58 -06:00
wchen-r7 e1a1ea9d68 Fix grammar 2017-02-08 19:26:35 -06:00
wchen-r7 047a9b17cf Completed version of openoffice_document_macro 2017-02-08 16:29:40 -06:00
Mehmet Ince 4ee05313d8 Update tested version numbers 2017-02-08 19:31:01 +03:00
jvoisin f3bcc9f23f Take care of suhosin 2017-02-08 09:59:36 +01:00
jvoisin 028d4d6077 Make the payload a bit more random 2017-02-08 09:59:22 +01:00
jvoisin cb03ca91e1 Make php_cgi_arg_injection work in certain environnement 
This commit sets two more options to `0` in the payload:

- [cgi.force_redirect](https://secure.php.net/manual/en/ini.core.php#ini.cgi.force-redirect)
- [cgi.redirect_status_env](https://secure.php.net/manual/en/ini.core.php#ini.cgi.redirect-status-env)

The configuration directive `cgi.force_redirect` prevents anyone from calling PHP
directly with a URL like http://my.host/cgi-bin/php/secretdir/script.php.
Instead, PHP will only parse in this mode if it has gone through a web server redirect rule.

The string set in the configuration directive `cgi.redirect_status_env`
is the one that PHP will look for to know it's ok to continue its
execution. This might be use together with the previous configuration
option as a security measure.

Setting those variables to 0 is (as stated in the documentation) a
security issue, but it also make the exploit work on some Apache2 setup.
 2017-02-07 18:59:27 +01:00
wchen-r7 cefbee2df4 Add PoC for OpenOffice macro module 2017-02-07 10:12:23 -06:00
Mehmet Ince 906fcfe355 OSSIM 5.0.0 version requires a authen token on action create 2017-02-03 23:45:33 +03:00
wchen-r7 c73c189a61 Set DisablePayloadHandler default to true 2017-02-03 11:25:50 -06:00
wchen-r7 ccaa783a31 Add Microsoft Office Word Macro exploit 2017-02-02 17:44:55 -06:00
wchen-r7 3c6fa12aca Update firefox_smil_uaf to use BrowserExploitServer 2017-01-31 16:04:16 -06:00
William Webb 2ff170a1fa Land #7820, Exploit for TrueOnline Billion 5200W-T 2017-01-31 11:33:56 -06:00
William Webb f167358540 Land #7821, Command Injection Exploit for TrueOnline ZyXEL P660HN 2017-01-31 11:28:46 -06:00
William Webb b3521dfb69 Land #7822, Command Injection Exploit for TrueOnline P660HN v2 2017-01-31 11:22:49 -06:00
Mehmet Ince c666ac93f5 Adding xff header 2017-01-31 14:37:22 +03:00
Mehmet Ince 40108c2374 first commit 2017-01-31 14:15:46 +03:00
William Webb dd60fc3598 move cisco_webex_ext to exploits/windows/browser/ 2017-01-27 16:59:20 -06:00
William Webb 94f9971300 add module doc and remove the word EXPLOIT from document title 2017-01-26 13:36:18 -06:00
William Webb d87cb4b085 nfi why i didnt set ssl by default 2017-01-25 21:02:34 -06:00
William Webb ad0e2c7d95 remove extraneous warning alerts 2017-01-25 18:53:54 -06:00
William Webb d2bc8c7f7e msftidy complaints 2017-01-25 18:24:10 -06:00
William Webb 10066e0c16 get your targets straight son 2017-01-25 18:21:58 -06:00
William Webb d4b18bb3b9 initial commit of webex rce mod 2017-01-25 18:03:19 -06:00
William Vu 48ed8a72c2 Add helpful comment 2017-01-24 20:03:39 -06:00
William Vu ec8add6caa Always check and print status 2017-01-24 20:00:17 -06:00
William Vu 42a8e2a113 Remove extraneous variable 2017-01-24 19:50:31 -06:00