adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
28,064 Commits 27 Branches 1,043 Tags
765b5e686c19f39005c7cd76cf3eb3e8fa0374d0
Commit Graph

1516 Commits

Author SHA1 Message Date
William Vu 10f3969079 Land #4043, s/http/http:/ splat 
What is a splat?
 2014-10-17 13:41:07 -05:00
William Vu dbfe398e35 Land #4037, Drupageddon exploit 2014-10-17 12:39:59 -05:00
William Vu a514e3ea16 Fix bad indent (should be spaces) 
msftidy is happy now.
 2014-10-17 12:39:25 -05:00
URI Assassin 35d3bbf74d Fix up comment splats with the correct URI 
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
 2014-10-17 11:47:33 -05:00
Brandon Perry 353d2f79cc tweak pw generation 2014-10-16 12:06:19 -07:00
Brandon Perry 5f8c0cb4f3 Merge branch 'drupal' of https://github.com/FireFart/metasploit-framework into drupageddon 2014-10-16 11:53:54 -07:00
Christian Mehlmauer c8dd08f605 password hashing 2014-10-17 15:52:47 +02:00
Brandon Perry 23b7b8e400 fix for version 7.0-7.31 2014-10-16 11:53:48 -07:00
Brandon Perry 9bab77ece6 add urls 2014-10-16 10:36:37 -07:00
Brandon Perry b031ce4df3 Create drupal_drupageddon.rb 2014-10-16 16:42:47 -05:00
Brandon Perry 5c4ac48db7 update the drupal module a bit with error checking 2014-10-16 10:32:39 -07:00
Spencer McIntyre 09069f75c2 Fix #4019, fix NameError peer and disconnect in check 2014-10-16 08:32:20 -04:00
James Lee a65ee6cf30 Land #3373, recog 
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
 2014-10-03 18:05:58 -05:00
HD Moore 0380c5e887 Add CVE-2014-6278 support, lands #3932 2014-10-01 18:25:41 -05:00
William Vu c1b0acf460 Add CVE-2014-6278 support to the exploit module 
Same thing.
 2014-10-01 17:58:25 -05:00
William Vu 5df614d39b Land #3928, release fixes 2014-10-01 17:21:08 -05:00
Spencer McIntyre 8cf718e891 Update pureftpd bash module rank and description 2014-10-01 17:19:31 -04:00
Tod Beardsley 4fbab43f27 Release fixes, all titles and descs 2014-10-01 14:26:09 -05:00
Spencer McIntyre cf6029b2cf Remove the less stable echo stager from the exploit 2014-10-01 15:15:07 -04:00
Spencer McIntyre 632edcbf89 Add CVE-2014-6271 exploit via Pure-FTPd ext-auth 2014-10-01 14:57:40 -04:00
William Vu de65ab0519 Fix broken check in exploit module 
See 71d6b37088.
 2014-09-29 23:03:09 -05:00
William Vu df44dfb01a Add OSVDB and EDB references to Shellshock modules 2014-09-29 21:39:07 -05:00
sinn3r 8f3e03d4f2 Land #3903 - ManageEngine OpManager / Social IT Arbitrary File Upload 2014-09-29 17:53:43 -05:00
Pedro Ribeiro 533b807bdc Add OSVDB id 2014-09-29 21:52:44 +01:00
HD Moore bfadfda581 Fix typo on match string for opera_configoverwrite 2014-09-29 15:34:35 -05:00
sinn3r ffe5aafb2f Land #3905 - Update exploits/multi/http/apache_mod_cgi_bash_env_exec 2014-09-29 15:19:35 -05:00
sinn3r 9e5826c4eb Land #3844 - Add the JSObfu mixin to Firefox exploits 2014-09-29 11:15:14 -05:00
Spencer McIntyre fe12ed02de Support a user defined header in the exploit too 2014-09-27 18:58:53 -04:00
Pedro Ribeiro f20610a657 Added full disclosure URL 2014-09-27 21:34:57 +01:00
Pedro Ribeiro 030aaa4723 Add exploit for CVE-2014-6034 2014-09-27 19:33:49 +01:00
jvazquez-r7 0a3735fab4 Make it better 2014-09-26 16:01:10 -05:00
jvazquez-r7 3538b84693 Try to make a better check 2014-09-26 15:55:26 -05:00
jvazquez-r7 ad864cc94b Delete unnecessary code 2014-09-25 16:18:01 -05:00
jvazquez-r7 9245bedf58 Make it more generic, add X86_64 target 2014-09-25 15:54:20 -05:00
jvazquez-r7 d8c03d612e Avoid failures due to bad payload selection 2014-09-25 13:49:04 -05:00
jvazquez-r7 91e5dc38bd Use datastore timeout 2014-09-25 13:36:05 -05:00
jvazquez-r7 8a43d635c3 Add exploit module for CVE-2014-6271 2014-09-25 13:26:57 -05:00
Joe Vennix d9e6f2896f Add the JSObfu mixin to a lot of places. 2014-09-21 23:45:59 -05:00
sinn3r 3e09283ce5 Land #3777 - Fix struts_code_exec_classloader on windows 2014-09-16 13:09:58 -05:00
sinn3r 158d4972d9 More references and pass msftidy 2014-09-16 12:54:27 -05:00
Vincent Herbulot 7a7b6cb443 Some refactoring 
Use EDB instead of URL for Exploit-DB.
Remove peer variable as peer comes from HttpClient.
 2014-09-16 17:49:45 +02:00
us3r777 4c615ecf94 Module for CVE-2014-5519, phpwiki/ploticus RCE 2014-09-16 00:09:41 +02:00
jvazquez-r7 373eb3dda0 Make struts_code_exec_classloader to work on windows 2014-09-10 18:00:16 -05:00
sinn3r 0a6ce1f305 Land #3727 - SolarWinds Storage Manager exploit AND Msf::Payload::JSP 2014-09-09 17:21:03 -05:00
sinn3r 027f543bdb Land #3732 - Eventlog Analzyer exploit 2014-09-09 11:33:20 -05:00
sinn3r 75269fd0fa Make sure we're not doing a 'negative' timeout 2014-09-09 11:26:49 -05:00
Tod Beardsley 4abee39ab2 Fixup for release 
Ack, a missing disclosure date on the GDB exploit. I'm deferring to the
PR itself for this as the disclosure and URL reference.
 2014-09-08 14:00:34 -05:00
William Vu ae5a8f449c Land #3691, gdbserver hax 2014-09-08 11:48:39 -05:00
sinn3r 85b48fd437 Land #3736 - Revert initial ff xpi prompt bypass for Firefox 22-27 2014-09-04 16:08:15 -05:00
Joe Vennix 0e18d69aab Add extended mode to prevent service from dying. 2014-09-03 16:07:27 -05:00