adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
48,445 Commits 27 Branches 1,043 Tags
64d53cd882ef3fce14927bb431cfd0945cd46bb6
Commit Graph

24726 Commits

Author SHA1 Message Date
bwatters-r7 64d53cd882 code cleanup 2018-10-02 14:06:25 -05:00
William Vu 1d091408f7 Make msftidy happy 2018-09-18 20:00:08 -05:00
William Vu 6a63feced4 Merge remote-tracking branch 'upstream/master' into pr/10418 2018-09-18 19:54:44 -05:00
Brent Cook 549440595f Land #10627, Add SMB2 support to smb_enumshares 2018-09-17 22:34:42 -05:00
Brent Cook 6126a627cc Land #10570, AKA Metadata Refactor 2018-09-17 22:29:20 -05:00
Brent Cook a814899dc2 Land #10660, deregister RHOSTS as well as RHOST 2018-09-17 22:26:37 -05:00
Brent Cook 1aabf8d83f deregister RHOSTS as well 2018-09-17 22:26:16 -05:00
h00die 5089c19453 Land #10620 Solaris 10 LPE for libnspr 2018-09-17 18:10:16 -04:00
Erin Bleiweiss 011c25ed59 Merge changes from master (ghostscript) 2018-09-17 13:57:28 -05:00
Brendan Coles 30d8a38897 deregister_options RHOSTS 2018-09-17 16:58:57 +00:00
Brendan Coles 83039781de Background payload execution 2018-09-17 08:42:04 +00:00
Brendan Coles c8906f8772 Add check for Solaris system patch revision 2018-09-17 08:32:52 +00:00
William Vu 4c036e70c1 Fix http://seclists.org links to https:// 
I have no idea how this happened in my own code. I was seeing https://.
 2018-09-15 18:54:45 -05:00
Brendan Coles 1f4a1a388e Update gcc path 2018-09-15 18:16:03 +00:00
Erin Bleiweiss e3178faa9a Add metadata for teradata_odbc_sql.py 2018-09-13 13:09:01 -05:00
bwatters-r7 2fbbf88ea9 Land #10560, ms17_010_eternalblue: use SMBDomain value when provided 
instead of ignoring it

Merge branch 'land-10560' into upstream-master
 2018-09-13 10:08:54 -05:00
Brendan Coles a8c459db18 Update description with correct patched release 2018-09-13 08:22:13 +00:00
Shelby Pace 5b81ebd81b Land #10589, multidrop support for word xml docs 2018-09-12 11:00:11 -05:00
Brendan Coles 0db1c34c40 Add check for Solaris system patches 2018-09-12 07:36:54 +00:00
Jacob Robles d0e67c5b60 Add SMB2 support to smb_enumshares 2018-09-11 19:05:26 -05:00
Brendan Coles e75b5592f7 Add ForceExploit option 2018-09-11 09:23:50 +00:00
Brendan Coles 1582dacb0e Check WritableDir is writable 2018-09-11 09:06:15 +00:00
Brendan Coles d658ccf653 Add Solaris libnspr NSPR_LOG_FILE Privilege Escalation module 2018-09-11 08:11:11 +00:00
Brent Cook a3d74d926c Land #9897, Fix #8404 ListenerComm Support For Exploit::Remote::TcpServer 2018-09-10 16:25:55 -05:00
Brent Cook ea2fcb6fc4 Land #10593, Refactor SSH mixins and update modules 2018-09-10 15:38:53 -05:00
William Vu 87eb600510 Land #10611, mRemote creds gather module fixes 
Also update #10612 to align with these changes.
 2018-09-10 15:25:09 -05:00
William Vu 93a73f5e71 Fix store_loot OID 
It's supposed to be a loot type, not the filename (now stored).
 2018-09-10 15:19:28 -05:00
William Vu 8b4820004d Land #10612, store_loot text/xml ctype fixes 2018-09-10 15:07:06 -05:00
William Vu 3ec4d2f22b Normalize loot type OID 
1. Include the vendor, product, and technology
2. Content type is already reported, extension changed
3. Original filename including extension is also reported

Can we get some sort of standard on the OID?
 2018-09-10 15:06:07 -05:00
Jacob Robles 3d5da50b12 Land #10598, Store Credentials Found with PhpMyAdmin Password Extractor 2018-09-10 11:49:52 -05:00
h00die 39a2d9d2a8 save xml files as xml 2018-09-09 21:24:39 -04:00
h00die 0072d9b9b1 save as xml since it is 2018-09-09 21:22:15 -04:00
h00die 70e22707c0 vi loves tabs but i dont 2018-09-09 21:19:17 -04:00
h00die f926f6e9af fix pathing in mremoteng 2018-09-09 21:07:47 -04:00
Wei Chen 718aaca0f4 Land #10546, Add Apache Struts exploit: CVE-2018-11776 2018-09-07 14:54:23 -05:00
Wei Chen bd50e00ccc Make some small changes: 
Changes made:

* DisclosureDate
* Privileged to false
* Remove gsub for ';'
* Set cmd/unix/generic as the default payload for ARCH_CMD (linux)
 2018-09-07 14:48:33 -05:00
William Vu b3cd4a89ad Move CVE ref to top as per ~standard~ 2018-09-07 14:33:25 -05:00
Adam Cammack 68ca771764 Add CVE reference to ghostscript_failed_restore.rb 2018-09-07 14:24:15 -05:00
asoto-r7 99ca6cef49 Quote-block cleanup and improved error handling 2018-09-07 11:43:04 -05:00
Shelby Pace dbace01015 modified regex lines 2018-09-07 11:13:09 -05:00
Shelby Pace 18ffd36409 storing config file, changed regex 2018-09-07 08:13:10 -05:00
asoto-r7 3671f8f6b0 Handling for Tomcat namespace issues, 'allowStaticMethodAccess' settings, and payload output 
Depending on the configuration of the Tomcat server, `allowStaticMethodAccess` may already be set.  We now try to detect this as part of `profile_target`.  But that check might fail.  If so, we'll try our best and let the user control whether we prepend OGNL to enable `allowStaticMethodAccess` via the 'ENABLE_OGNL' option.

Additionally, sometimes enabling `allowStaticMethodAccess` will cause the OGNL query to fail.

Additionally additionally, some Tomcat configurations won't provide output from the payload.  We'll detect that the payload ran successfully, but tell the user there was no output.
 2018-09-06 17:56:42 -05:00
asoto-r7 7eb06b4592 Address travis errors: Updated metadata and target OS logic 2018-09-06 12:43:56 -05:00
Shelby Pace 6c3b1081ea added function to grab and store user and passwd 2018-09-06 12:03:00 -05:00
asoto-r7 cb16f812ec struts2_namespace_ognl updates from code review 
Thanks to @wvu, @firefart, and @wchen!
 2018-09-06 11:50:57 -05:00
Brent Cook dd476066cf Land #10584, fix session upgrade HANDLE_TIMEOUT and upgrading osx shells 2018-09-06 05:52:40 -05:00
William Vu 35fb0d19ab Refactor SSH mixins and update modules 2018-09-05 23:53:11 -05:00
Wei Chen d23b252393 Land #10592, support ERB for foxit_reader_uaf.rb 2018-09-05 21:48:52 -05:00
Wei Chen 254e8b9fd0 Cleanup for foxit_reader_uaf 2018-09-05 21:47:57 -05:00
William Vu 243267b2f5 Add Linux dropper target 2018-09-05 19:57:12 -05:00