adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

13654 Commits

Author SHA1 Message Date
jvazquez-r7 f1f8782a5d Merge branch 'payload_inject.rb' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-payload_inject.rb 2013-01-24 18:13:00 +01:00
sinn3r 2cedcad810 Check PID 2013-01-24 10:46:23 -06:00
jvazquez-r7 1bccc410a3 Merge branch 'module-movabletype_upgrade_exec' of https://github.com/kacpern/metasploit-framework into kacpern-module-movabletype_upgrade_exec 2013-01-24 15:02:48 +01:00
Kacper Nowak ba41ee9c83 - applied all the changes from #1363 
- some extra escaping for the sake of it
- removed the timeout in http_send_raw
 2013-01-24 13:15:42 +00:00
jvazquez-r7 96d0b13de2 Merge branch 'excellentrankings' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-excellentrankings 2013-01-24 13:00:01 +01:00
sinn3r 3146b7ce77 Change default target 
ExcellentRanking requires the module to auto-target. If the payload
is universal, that works too.
 2013-01-23 23:40:47 -06:00
sinn3r 0c0f4a3e66 Lower ranking because they cannot auto-target 
In order to be qualified as ExcellentRanking, auto-target is a must,
or the module has to default to a payload that's universal for
multiple platforms.  Otherwise you're wasting time in Pro.
 2013-01-23 23:35:31 -06:00
sinn3r 75f3a62ac4 Explain why we need this empty on_new_session 2013-01-23 16:43:36 -06:00
sinn3r 9c3e9f798f Lower the ranking, because it cannot auto-target. 
When it's excellent, Pro will fire this first, and that will only
generate more traffic than actually popping a shell.
 2013-01-23 16:39:24 -06:00
sinn3r 53599e4c45 It's better to have a version # in the title, easier to find 2013-01-23 16:32:57 -06:00
sinn3r d1736b8880 Merge branch 'sonicwall_upload' of github.com:julianvilas/metasploit-framework into julianvilas-sonicwall_upload 2013-01-23 16:32:06 -06:00
sinn3r ad108900d5 Why yes I know it's a module 2013-01-23 16:23:41 -06:00
sinn3r 22f7619892 Improve Carlos' payload injection module - See #1201 
Lots of changes, mainly:
* Description update
* Avoid accessing protected methods
* More careful exception & return value handling
 2013-01-23 16:15:14 -06:00
sinn3r e93b7ffcaf Add Carlos Perez's payload injection module 
See #1201
 2013-01-23 14:07:48 -06:00
sinn3r f50c7ea551 A version number helps deciding which exploit to use 2013-01-23 11:43:39 -06:00
sinn3r a1f8da9ff6 Merge branch 'master' of github.com:rapid7/metasploit-framework 2013-01-23 11:41:35 -06:00
sinn3r ca144b9e84 msftidy fix 2013-01-23 11:40:12 -06:00
jvazquez-r7 dd0fdac73c fix indent 2013-01-23 18:19:14 +01:00
Kacper Nowak c47392f5d1 normalize_uri and path fix 2013-01-23 16:57:30 +00:00
Kacper Nowak ff875d04e0 - RPATH changed to TARGETURI 
- both CVE numbers referenced
- sightly changed exception handling
 2013-01-23 16:50:35 +00:00
booboule 8bcf4a86ef Update modules/exploits/multi/browser/java_jre17_method_handle.rb 
Wrong reference type (URL instead of OSVDB)
 2013-01-23 17:14:53 +01:00
Kacper Nowak a3fa7cc6bc adjusted disclosure date 2013-01-23 12:49:08 +00:00
jvazquez-r7 e78174297e assuring stdapi loads on meterpreter 2013-01-23 12:44:55 +01:00
Kacper Nowak 5d6ca30422 removed spaces at EOL 2013-01-23 10:33:55 +00:00
Kacper Nowak 17d1c9f996 - expanded description 
- updated references
 2013-01-23 10:29:11 +00:00
jvazquez-r7 9c9a0d1664 Added module for cve-2012-0432 2013-01-23 10:51:29 +01:00
sinn3r 8819059499 Merge branch 'zoneminder_packagecontrol_exec' of github.com:bcoles/metasploit-framework into bcoles-zoneminder_packagecontrol_exec 2013-01-22 14:41:40 -06:00
jvazquez-r7 807bd6e88a Merge branch 'java_jre17_glassfish_averagerangestatisticimpl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_glassfish_averagerangestatisticimpl 2013-01-22 15:33:39 +01:00
jvazquez-r7 c498930644 Merge branch 'java_jre17_method_handle' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_method_handle 2013-01-22 15:33:07 +01:00
Kacper Nowak 8a59c7b8fb removed extra print_status() calls 2013-01-22 12:31:40 +00:00
bcoles 970591a85f Add ZoneMinder arbitrary command execution exploit 2013-01-22 22:56:50 +10:30
Kacper Nowak 08a5f467b1 added URL for developer site 2013-01-22 12:14:38 +00:00
Kacper Nowak cd29a88c18 added Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution 2013-01-22 11:58:24 +00:00
Julian Vilas eb92070df8 added module for CVE-2013-1359 2013-01-22 01:54:41 +01:00
RageLtMan e6ebf772de allow psh to run in background via cmd start 2013-01-21 08:12:56 -05:00
RageLtMan 43a5322bd4 psexec_psh cleanup 2013-01-20 22:15:55 -05:00
RageLtMan cae0362aa3 Add disk-less AV bypass PSExec module using PSH 
This commit rewires the existing work on PSExec performed by R3dy,
HDM, and countless others, to execute a powershell command instead
of a binary written to the disk. This particular iteration uses
PSH to call .NET, which pull in WINAPI functions to execute the
shellcode in memory. The entire PSH script is compressed with ZLIB,
given a decompressor stub, encoded in base64 and executed directly
from the command-line with powershell -EncodedCommand.

In practice, this prevents us from having to write binaries with
shellcode to the target drive, deal with removal, or AV detection
at all. Moreover, the powershell wrapper can be quickly modified
to loop execution (included), or perform other obfu/delay in order
to confuse and evade sandboxing and other HIDS mechanisms.

This module has been tested with x86/x64 reverse TCP against win6,
win7 (32 and 64), and Server 2008r2. Targets tested were using
current AV with heuristic analysis and high identification rates.
In particular, this system evaded Avast, KAV current, and MS' own
offerings without any issue. In fact, none of the tested AVs did
anything to prevent execution or warn the user.

Lastly, please note that powershell must be running in the same
architecture as the payload being executed, since it pulls system
libraries and their functions from unmanaged memory. This means
that when executing x86 payloads on x64 targets, one must set the
RUN_WOW64 flag in order to forcibly execute the 32bit PSH EXE.
 2013-01-20 21:46:26 -05:00
jvazquez-r7 967c04e727 finally it doesn't use FileDropper atm 2013-01-20 19:54:24 +01:00
jvazquez-r7 76edbb9e1c Merge branch 'module-jenkins-script-console' of https://github.com/zeroSteiner/metasploit-framework into zeroSteiner-module-jenkins-script-console 2013-01-20 19:53:44 +01:00
jvazquez-r7 9769efbf01 references and date updated 2013-01-20 17:38:37 +01:00
bcoles dc318c5aed update php_charts_exec metadata 2013-01-21 02:12:42 +10:30
bcoles f975a42571 move and update php_charts_exec metadata 2013-01-21 02:10:48 +10:30
bcoles 6ae72e4d63 Add PHP-Charts v1.0 PHP Code Execution Exploit 2013-01-20 23:51:17 +10:30
jvazquez-r7 aed71f8446 linux stager plus little cleanup 2013-01-20 13:42:02 +01:00
Meatballs1 1bc5fd3758 Changed to warnings 2013-01-20 00:29:38 +00:00
Spencer McIntyre 6b40011a6f use target_uri and normalize_uri as well as fix a cookie problem 2013-01-19 19:10:56 -05:00
Spencer McIntyre 9f7aafccdf add module to execute commands via Jenkins Script Console 2013-01-18 14:56:52 -05:00
jvazquez-r7 3465aa00bd title updated 2013-01-18 18:42:27 +01:00
jvazquez-r7 ef16a7fd24 cleanup 2013-01-17 21:45:13 +01:00
jvazquez-r7 670b4e8e06 cleanup 2013-01-17 21:39:41 +01:00