adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

2417 Commits

Author SHA1 Message Date
William Vu fed2ed444f Remove deprecated modules 
psexec_psh is undeprecated because users have been reporting
idiosyncrasies between it and psexec in the field.
 2016-09-03 12:43:01 -05:00
Jan Mitchell 411689aa44 Adding changes to Samba exploit to target MIPSBE (this is for OpenWRT on a router 2016-09-01 10:05:13 +01:00
Pearce Barry 226ded8d7e Land #6921, Support basic and form auth at the same time 2016-08-25 16:31:26 -05:00
William Vu 2b6576b038 Land #7012, Linux service persistence module 2016-08-17 22:45:35 -05:00
William Vu c64d91457f Land #7003, cron/crontab persistence module 2016-08-17 22:45:16 -05:00
wchen-r7 c64e1b8fe6 Land #7181, NUUO NVRmini 2 / Crystal / NETGEAR ReadyNAS Surveillance 2016-08-08 16:04:33 -05:00
wchen-r7 cb04ff48bc Land #7180, Add exploit for CVE 2016-5674 / Nuuo / Netgear unauth RCE 2016-08-08 15:55:39 -05:00
wchen-r7 8654baf3dd Land #6880, add a module for netcore/netdis udp 53413 backdoor 2016-08-08 15:43:34 -05:00
wchen-r7 f98efb1345 Fix typos 2016-08-08 15:41:03 -05:00
Quentin Kaiser 1320647f31 Exploit for Trend Micro Smart Protection Server (CVE-2016-6267). 2016-08-08 18:47:46 +00:00
Pedro Ribeiro 3b64b891a6 Update nuuo_nvrmini_unauth_rce.rb 2016-08-05 21:53:25 +01:00
Pedro Ribeiro 746ba4d76c Add bugtraq reference 2016-08-05 21:53:08 +01:00
Pedro Ribeiro 2aca610095 Add github link 2016-08-04 17:38:31 +01:00
Pedro Ribeiro 7d8dc9bc82 Update nuuo_nvrmini_unauth_rce.rb 2016-08-04 17:38:14 +01:00
Pedro Ribeiro b48518099c add exploit for CVE 2016-5674 2016-08-04 16:55:21 +01:00
Pedro Ribeiro 0deac80d61 add exploit for CVE 2016-5675 2016-08-04 16:54:38 +01:00
wchen-r7 1e1866f583 Fix #7158, tiki_calendar_exec incorrectly reports successful login 
Fix #7158
 2016-07-28 17:03:31 -05:00
Vex Woo 864989cf6c For echo command 2016-07-26 20:27:23 -05:00
Brendan 4720d77c3a Land #6965, centreon useralias exec 2016-07-26 15:02:36 -07:00
James Lee b057a9486c Don't use ssh agent 2016-07-19 17:07:22 -05:00
James Lee ff63e6e05a Land #7018, unvendor net-ssh 2016-07-19 17:06:35 -05:00
forzoni 6f35a04e21 Incorporate review fixes, ensure PrependFork is true, fix echo compat. 2016-07-19 01:45:56 -05:00
Brent Cook b08d1ad8d8 Revert "Land #6812, remove broken OSVDB references" 
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
 2016-07-15 12:00:31 -05:00
h00die 03dca5fee2 updates round 2 2016-07-15 09:02:23 -04:00
h00die 33ce3ec3ed fixes round 2 2016-07-15 08:44:39 -04:00
David Maloney b6b52952f4 set ssh to non-interactive 
have to set the non-interactive flag so that it does not
prompt the user on an incorrect password

MS-1688
 2016-07-14 11:12:03 -05:00
David Maloney 01d0d1702b Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-07-14 09:48:28 -05:00
Brent Cook 2b016e0216 Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
Brent Cook a530aa4cf1 restrict perms a bit more 2016-07-11 22:22:34 -05:00
Brent Cook a107a0f955 remove unneeded rport/rhost defines 2016-07-11 22:22:34 -05:00
Brent Cook 6bf51fe064 streamline payload generation 2016-07-11 22:22:34 -05:00
Brent Cook 7ef6c8bf9e ruby style updates 2016-07-11 22:22:33 -05:00
Brent Cook c1f51e7ddf Update and fixup module against OpenNMS-16 2016-07-11 22:22:33 -05:00
benpturner 50746eec29 Fixes comments in regards to #{peer} 2016-07-11 22:22:33 -05:00
benpturner ce8317294f New module to exploit the OpenNMS Java Object Unserialization RCE vulnerability. This now gets flagged inside Nessus and there was no Metasploit module to exploit this. 
This module exploits the vulnerability to a full session.
 2016-07-11 22:22:32 -05:00
William Webb 52c6daa0f2 Land #7048, Riverbed SteelCentral NetProfiler and NetExpress Remote 
Command Injection
 2016-07-10 18:54:12 -05:00
Francesco b75084249a Removed duplicate 'Privileged' key 2016-07-10 01:37:03 -04:00
sho-luv 25f49c0091 Fixed Description 
Just cleaned up Description.
 2016-07-08 16:17:39 -07:00
David Maloney 5f9f3259f8 Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-07-05 10:48:38 -05:00
Francesco 4ed12d7077 Added: support for credentials saving using report_cred method as suggested 
Added: support for detection of valid user credentials to skip login SQLi if not necessary.
 2016-07-02 01:41:13 -04:00
William Vu 9663f88fdc Download profile.zip instead of including it 
profile.zip is GPL-licensed...
 2016-07-01 01:17:23 -05:00
Francesco 068a4007de Riverbed SteelCentral NetProfiler & NetExpress Exploit Module 
Changes to be committed:
    new file:   modules/exploits/linux/http/riverbed_netprofiler_netexpress_exec.rb
 2016-06-29 22:27:40 -04:00
William Vu 68bd4e2375 Fire and forget the shell 
Edge case where reverse_perl returns 302 when app is unconfigured.
 2016-06-29 14:51:05 -05:00
forzoni d414ea59c3 Remove bash dependency. Oops. 2016-06-28 22:39:45 -05:00
David Maloney 3d93c55174 move sshfactory into a mixin method 
use a convience method to DRY up creation
of the SSHFactory inside modules. This will make it easier
to apply changes as needed in future. Also changed msframework attr
to just framework as per our normal convention

MS-1688
 2016-06-28 15:23:12 -05:00
David Maloney ee2d1d4fdc Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-06-28 15:00:35 -05:00
forzoni 5f044ffda0 s/print_warning/print_error. 2016-06-28 10:26:23 -05:00
forzoni 0635fee820 Move some log lines to vprint_status. 2016-06-28 03:28:41 -05:00
forzoni 6c11692b04 Add privilege escalation for host users that can access the docker daemon. 2016-06-28 03:24:41 -05:00
William Vu 5f08591fef Add Nagios XI exploit 2016-06-27 15:17:18 -05:00