adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
57,241 Commits 27 Branches 1,043 Tags
5a40c6dc00a13ad4bcdd18f9828fa8e08b155699
Commit Graph

2331 Commits

Author SHA1 Message Date
William Vu 8e94fd55db Force OpenSSL::SSL::VERIFY_NONE 
Thanks, @HynekPetrak!
 2020-07-22 16:33:37 -05:00
William Vu f736b0192f Add LDAPS support and update vCenter vmdir modules 2020-07-22 14:23:00 -05:00
Jeffrey Martin f6d21abb51 require instead of autoload for exploit mixin 2020-07-10 22:15:12 -05:00
Jeffrey Martin c61f34ed16 Land #13596, [GSoC] SQLi library with support to MySQL (and MariaDB) 2020-07-10 13:45:47 -05:00
Niboucha Redouane 4c229c0a24 Add method for writing to files using SQL injection 2020-07-06 16:53:46 +02:00
Niboucha Redouane 4950c2dacf Fix minor bugs, in safe mode, and in the name of the attribute passed to attr_accessor 2020-07-01 23:00:23 +02:00
William Vu 89f7be3ef0 Improve error message 2020-07-01 14:20:04 -05:00
Niboucha Redouane f9ade608b5 minor change: add default value to some arguments 2020-07-01 02:56:01 +02:00
William Vu 4b78de5416 Refactor AutoCheck a bit more 2020-06-30 11:58:42 -05:00
Niboucha Redouane 0680113288 get rid of database parameter in MySQLi methods 2020-06-30 18:49:13 +02:00
Niboucha Redouane b230adebba Add check for positional arguments on class constructor (SQLi::Common) 2020-06-30 16:16:35 +02:00
Alan Foster b841246536 Update autocheck to use prepend instead of include, add ForceExploit functionality 2020-06-30 11:40:46 +01:00
Niboucha Redouane 440294ff07 make some attributes writable, and specify its the SQLi library in any verbose message 2020-06-27 18:28:12 +02:00
Niboucha Redouane 2c4ca04dca Rename the factory method for SQLi classes, and add a check on the class to instanciate 2020-06-27 14:51:54 +02:00
Jeffrey Martin aa6c037dbd refactor mixin as factory for sqli classes 2020-06-26 15:09:01 -05:00
Niboucha Redouane 34e8eae471 move hex_encode_strings to MySQLi::Common, as it is specific to MySQL 2020-06-26 16:04:51 +02:00
Niboucha Redouane 7291a77807 minor fix to verbose logging / some comments 2020-06-25 12:46:05 +02:00
Niboucha Redouane f89f80be47 add default value for options of SQLi constructors, and fix eyesofnetwork module 2020-06-24 00:38:13 +02:00
Niboucha Redouane c94bd3b2d8 remove verbose prints in blind injections 2020-06-23 21:33:03 +02:00
Niboucha Redouane 2bdc693930 Replace puts with print_status and similar 2020-06-23 21:25:59 +02:00
Niboucha Redouane aaa38a3188 Fix formatting 2020-06-22 17:41:20 +02:00
Niboucha Redouane fba2d2e7be inject the datastore into the SQLi library, and register advanced options 2020-06-22 17:36:38 +02:00
Adam Galway 1a2bf98222 creates standard elog & updates exisiting usages 2020-06-22 12:48:39 +01:00
Niboucha Redouane 4f756ba229 replace some classes with modules 2020-06-20 21:09:13 +02:00
Niboucha Redouane 9d36076264 Add option to specify the range of characters to retrieve 2020-06-19 16:41:57 +02:00
Niboucha Redouane 7c630f0403 Avoid repetitive code in blind injections 2020-06-18 20:52:02 +02:00
Niboucha Redouane fa43dc6dfb minor fix to the structure 2020-06-18 17:28:47 +02:00
Niboucha Redouane 305dbe9e2f refactor structure, get rid of prefix and suffix 2020-06-18 17:21:10 +02:00
Niboucha Redouane 0887f3feee Improve the blind injection queries 2020-06-13 12:24:22 +02:00
Niboucha Redouane 3639765277 Improve code quality: less repetitive code 2020-06-11 19:16:23 +02:00
Niboucha Redouane c319799c44 Add more comments 2020-06-11 00:07:53 +02:00
Niboucha Redouane ecb1a0bb16 add test_vulnerable to MySQLi class, and fix minor issues with the test modules 2020-06-10 21:59:51 +02:00
Niboucha Redouane 12681b0746 Add support for encodings to exfiltrate data containing bad characters/multibyte characters 2020-06-10 21:40:22 +02:00
Niboucha Redouane 0f936f7500 Various fixes and enhancements 2020-06-09 23:43:15 +02:00
Niboucha Redouane 92d8464ac1 Various fixes and enhancements 2020-06-05 21:59:16 +02:00
Niboucha Redouane 118ada96a2 Merge branch 'master' of https://github.com/rapid7/metasploit-framework into GSOC/SQLi_Engine 2020-06-04 17:55:38 +02:00
Adam Cammack 001910473b Land #13448, Fix relative location redirects 2020-06-04 09:17:45 -05:00
Niboucha Redouane db4880762a Add common MySQL injection payloads and options 2020-06-03 01:18:19 +02:00
cn-kali-team 1b796aa50b OptString to OptPort 2020-05-30 10:27:48 +08:00
William Vu 16886fa41e Move generate_viewstate_payload to mixin 2020-05-21 18:37:13 -05:00
William Vu c50e242151 Add ViewState mixin 2020-05-21 18:37:11 -05:00
William Vu aa6624e7f8 Land #13436, service encoder fix for psexec 2020-05-14 16:43:07 -05:00
William Vu 6034f48e8f Land #13405, once more with feeling 2020-05-13 11:54:41 -05:00
Clément Notin 91ea692cbe socket_server.rb: better describe "0.0.0.0" 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-13 16:30:00 +02:00
William Vu 44b0ddf2ed Land #13405, OptAddressLocal for SRVHOST 2020-05-13 09:15:42 -05:00
Clément Notin ec33651243 socket_server.rb: SRVHOST can be an interface 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-13 16:14:20 +02:00
Niboucha Redouane a4b316a91e Fix following redirects from send_request_cgi! 2020-05-13 09:54:14 +02:00
Clément Notin 258895f534 Use print_error for error messages 2020-05-12 00:02:52 +02:00
Clément Notin b7d16b1e72 Fix regression in psexec mixing filename and encoder 
Closes #13407
 2020-05-12 00:02:52 +02:00
William Vu 646c10ff02 Disable RuboCop Security/Eval the non-hacky way 
Hat tip @adfoster-r7!
 2020-05-11 12:05:38 -05:00