adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

30 Commits

Author SHA1 Message Date
Imran E. Dawoodjee b679bfa3d9 Carriage return errors fixed. 2018-11-18 03:29:17 +08:00
Imran E. Dawoodjee fd0f40a141 Add PowerShell as a separate target then set it as default. 2018-11-18 03:20:48 +08:00
Imran E. Dawoodjee 08b3efa046 Enhanced module and added documentation. 2018-11-16 21:18:45 +08:00
William Vu 4c036e70c1 Fix http://seclists.org links to https:// 
I have no idea how this happened in my own code. I was seeing https://.
 2018-09-15 18:54:45 -05:00
William Vu 60c0272270 Make style consistent 2018-08-15 21:27:40 -05:00
Kevin Kirsche cd01f11fd2 Remove verifying host keys for all exploits 2018-08-15 14:54:41 -07:00
Brent Cook 1d75a30936 update style for other ssh exploits 2017-08-01 16:05:25 -05:00
Brent Cook 8c9fb1d529 remove unneeded netssh checks in modules 2017-08-01 14:46:10 -05:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
g0tmi1k b8d80d87f1 Remove last newline after class - Make @wvu-r7 happy 2017-07-19 11:19:49 +01:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings 
Also fixed rex requires.
 2017-05-03 15:44:51 -05:00
William Vu 8638f9ec7e Update freesshd_authbypass to use CmdStager fully 2017-03-11 19:59:39 -06:00
Pearce Barry 4e32c80e8e Use the Msf::Exploit::CmdStager mixin. Fixes #8092. 2017-03-11 17:44:05 -06:00
George Papakyriakopoulos 639dee993a Fixed interactive password prompt issue 
Fixed an issue where the exploit would drop to interactive password prompt by default on newer ruby version which rendered the exploit unusable. It now properly forces pubkey authentication instead and proceeds with the bypass as expected.
 2016-09-23 17:03:40 +01:00
Brent Cook b08d1ad8d8 Revert "Land #6812, remove broken OSVDB references" 
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
 2016-07-15 12:00:31 -05:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references. 
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
 2016-04-23 12:32:34 -05:00
Christian Mehlmauer 3123175ac7 use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook f703fa21d6 Revert "change Metasploit3 class names" 
This reverts commit 666ae14259.
 2016-03-07 13:19:55 -06:00
Christian Mehlmauer 666ae14259 change Metasploit3 class names 2016-03-07 09:56:58 +01:00
URI Assassin 35d3bbf74d Fix up comment splats with the correct URI 
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
 2014-10-17 11:47:33 -05:00
sinn3r e5dc6a9911 Update exploit checks 
Progress group 1: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
 2014-01-20 14:26:10 -06:00
sinn3r 032da9be10 Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
Tod Beardsley c83262f4bd Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a Redo the boilerplate / splat 
[SeeRM #8496]
 2013-10-15 13:51:57 -05:00
Meatballs 7ba846ca24 Find and replace 2013-09-26 20:34:48 +01:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
jvazquez-r7 51ba500b9f msftidy compliant 2013-01-16 12:28:09 +01:00
sinn3r 0f24671cf7 Changes how the usernames are loaded. 
Allows usernames to be loaded as a file (wordlist), that way the
it's much easier to manage.  It defaults to unix_users.txt,
because these usernames are common in any SSH hosts out there.
If the user only wants to try a specific user (which is better,
because you reduce traffic noise that way), then he/she can set
the USERNAME option, and that should be the only one tried --
similar to how AuthBrute behaves.

I also fixed the regex in check().
 2013-01-16 02:14:52 -06:00
jvazquez-r7 c6c59ace46 final cleanup 2013-01-14 20:53:19 +01:00
Daniele Martini 04fe1dae11 Added module for Freesshd Authentication Bypass (CVE-2012-6066) 
This module works against FreeSSHD <= 1.2.6. Tested against
password and public key authentication methods. It will generate
a random key and password.

To use it you need to know a valid username. The module contains
a basic bruteforce methods, so you can specify more than one to try.
 2013-01-13 17:08:04 +01:00