adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

3242 Commits

Author SHA1 Message Date
jvazquez-r7 e93fbbd904 Land #3685, @pedrib's exploit for CVE-2014-3996 2014-08-22 11:45:41 -05:00
jvazquez-r7 cf147254ad Use snake_case in the filename 2014-08-22 11:44:35 -05:00
jvazquez-r7 823649dfa9 Clean exploit, just a little 2014-08-22 11:43:58 -05:00
jvazquez-r7 9815b1638d Refactor pick_target 2014-08-22 11:31:06 -05:00
jvazquez-r7 ecace8beec Refactor check method 2014-08-22 11:05:36 -05:00
Brandon Turner 05f0d09828 Merge branch staging/electro-release into master 
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master.  Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63 and
82760bf5b3).

We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3).

This merge commit merges the staging/electro-release branch
(62b81d6814) into master
(48f0743d1b).  It ensures that any changes
committed to master since the original squashed merge are retained.

As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
 2014-08-22 10:50:38 -05:00
jvazquez-r7 ced65734e9 Make some datastore options advanced 2014-08-22 10:26:04 -05:00
jvazquez-r7 b4e3e84f92 Use CamelCase for target keys 2014-08-22 10:23:36 -05:00
jvazquez-r7 b58550fe00 Indent description and fix title 2014-08-22 10:21:08 -05:00
Brandon Turner 19ba7772f3 Revert "Various merge resolutions from master <- staging" 
This reverts commit 149c3ecc63.

Conflicts:
	lib/metasploit/framework/command/base.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/require.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/smb/smb_login.rb
	msfconsole
 2014-08-22 10:17:44 -05:00
Pedro Ribeiro da752b0134 Add exploit for CVE-2014-3996 2014-08-21 15:30:28 +01:00
sinn3r e2e2dfc6a3 Undo FF 2014-08-19 17:47:44 -05:00
sinn3r 777efb5e48 Land #3669 - Deprecate ff 17 svg exploit 2014-08-19 17:42:31 -05:00
joev b93fda5cef Remove browser_autopwn hook from deprecated FF module. 2014-08-18 15:33:43 -05:00
joev 87aa63de6e Deprecate FF17 SVG exploit. 
This exploit needs flash, the tostring_console injection one does not.
 2014-08-18 15:32:51 -05:00
Tod Beardsley cad281494f Minor caps, grammar, desc fixes 2014-08-18 13:35:34 -05:00
HD Moore 6d92d701d7 Merge feature/recog into post-electro master for this PR 2014-08-16 01:19:08 -05:00
sinn3r e656a81c63 Land #3656 - FF toString console.time Privileged Javascript Injection 2014-08-15 17:07:23 -05:00
joev 6d958475d6 Oops, this doesn't work on 23, only 22. 2014-08-15 17:00:58 -05:00
joev fb1fe7cb8b Add some obfuscation. 2014-08-15 16:54:30 -05:00
joev b574a4c4c5 Wow, this gets a shell all the way back to 15.0. 2014-08-15 16:39:36 -05:00
joev 5706371c77 Update browser autopwn settings. 2014-08-15 16:32:06 -05:00
joev 8c63c8f43d Add browserautopwn hook now that this is not user-assisted. 2014-08-15 16:28:21 -05:00
joev 694d917acc No need for web console YESSSS 2014-08-15 16:02:26 -05:00
joev 738a295f0a Rename module to tostring_console*. 2014-08-15 15:17:37 -05:00
joev f182613034 Invalid CVE format. 2014-08-15 15:09:45 -05:00
joev edb9d32e5c Add module for toString() injection in firefox. 2014-08-15 15:08:10 -05:00
Tod Beardsley 904c1b20b1 Land #3654, update to 4.10-dev (electro) 2014-08-15 12:51:28 -05:00
Samuel Huckins 149c3ecc63 Various merge resolutions from master <- staging 
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
 2014-08-15 11:33:31 -05:00
jvazquez-r7 4e0f6dfcc7 Do minor cleanup 2014-08-15 09:10:08 -05:00
kaospunk 5ed3e6005a Implement suggestions 
This commit addresses feedback such as adding a check
function and changing the login fail case by being
more specific on what is checked for. The failing
ARCH_CMD payloads were addressed by adding BadChars.
Last, an ARCH_PYTHON target was added based on
@zerosteiner's feedback.
 2014-08-13 20:26:48 -04:00
kaospunk 4e6a04d3ad Modifications for login and key addition 
This commit adds additional support for logging in
on multiple versions of Gitlab as well as adding a
key to exploit the vulnerability.
 2014-08-11 19:54:10 -04:00
kaospunk a995bcf2ef Fix URI building and failure cases 
This update uses the normalize_uri method for building
URIs. Additionally, failure cases have been modified
for a less generic version.
 2014-08-10 19:53:33 -04:00
Brandon Turner 91bb0b6e10 Merge tag '2014072301' into staging/electro-release 
Conflicts:
	Gemfile.lock
	modules/post/windows/gather/credentials/gpp.rb

This removes the active flag in the gpp.rb module.  According to Lance,
the active flag is no longer used.
 2014-08-06 15:58:12 -05:00
kaospunk 48359faaaf Add gitlab-shell command injection module 
This request adds a module for gitlab-shell command
injection for versions prior to 1.7.4. This has been
tested by installing version 7.1.1 on Ubuntu and then
using information at http://intelligentexploit.com/view-details.html?id=17746
to modify the version of gitlab-shell to a vulnerable one. This
was done as I could not find a better method for downloading
and deploying an older, vulnerable version of Gitlab.
 2014-08-05 23:21:57 -04:00
jvazquez-r7 73ca8c0f6d Work on jboss refactoring 2014-08-01 14:28:26 -05:00
Meatballs bff8a734ae Fix and be Architecture Agnostic 2014-07-31 22:58:43 +01:00
Spencer McIntyre 5a25120660 Apply rubocop changes to multi/script/web_delivery 2014-07-31 16:16:23 -04:00
Spencer McIntyre 8af4c496c9 Add a missing include and require statement for psh 2014-07-31 16:08:25 -04:00
us3r777 9e9244830a Added spec for lib/msf/http/jboss 
Also renamed get_undeploy_bsh and get_undeploy_stager to
gen_undeploy_bsh and gen_undeploy_stager to be consistent
with the other functions
 2014-07-29 01:57:04 +02:00
us3r777 cd2ec0a863 Refactored jboss mixin and modules 
Moved fail_with() from mixin to modules. Added PACKAGE datastore to
lib/msf/http/jboss/bsh.rb.
 2014-07-24 22:58:58 +02:00
us3r777 b526fc50f8 Refactored jboss mixin and modules 
Moved VERB option to the mixin. Replaced "if datastore['VERBOSE']"
by vprint_status().
 2014-07-22 23:08:42 +02:00
us3r777 ae2cd63391 Refactored Jboss mixin 
Moved TARGETURI option to the JBoss mixin. The mixin now includes
Msf::Exploit::Remote::HttpClient which provides USERNAME and PASSWORD
 2014-07-21 23:41:58 +02:00
Meatballs b0a596b4a1 Update newer modules 2014-07-20 21:59:10 +01:00
us3r777 088f208c7c Added auxiliary module jboss_bshdeployer 
The module allows to deploy a WAR (a webshell for instance) using the
BSHDeployer.
Also refactored modules/exploits/multi/http/jboss_bshdeployer.rb to
use the new Mixin (lib/msf/http/jboss).
 2014-07-18 11:51:46 +02:00
us3r777 58adc350b5 Refactor: Creation of a JBoss mixin 
The jboss_bsheployer as is does not allow to deploy a custom WAR file.
It is convenient when ports are blocked to be able to deploy a webshell
instead of just launching a payload. This will require a auxiliary
module which will use the JBoss mixin methods.
 2014-07-18 00:56:32 +02:00
Vincent Herbulot bea660ad4d Added possibility to upload a custom WAR file 
Added 2 options, one for uploading a custom WAR file. The other
to specify if you want or not to undeploy the war at the end of
the exploit.
The module as is does not allow to deploy a custom WAR file. It is
convenient when ports are blocked to be able to deploy a webshell
instead of just launching a payload.
 2014-07-17 17:13:19 +02:00
Trevor Rosen bebf11c969 Resolves some Login::Status migration issues 
MSP-10730
 2014-07-16 21:52:08 -05:00
William Vu ff6c8bd5de Land #3479, broken sock.get fix 2014-07-16 14:57:32 -05:00
Spencer McIntyre 82abe49754 Mark windows/misc/psh_web_delivery as deprecated 2014-07-16 14:02:05 -04:00