adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

13654 Commits

Author SHA1 Message Date
Patrick Thomas d71f7876b8 initial commit of nodejs debugger eval exploit 2017-09-06 22:29:24 -07:00
g0tmi1k 96f7012fe7 Code clean up (URLs, ordering and printing) 2017-09-06 13:17:28 +01:00
g0tmi1k b884705a93 regsvr32_applocker_bypass_server -> web_delivery 2017-09-06 12:35:52 +01:00
g0tmi1k e7b4cb71b1 Add PSH-Proxy to multi/script/web_delivery 2017-09-06 12:27:04 +01:00
h00die be66ed8af3 Land #8788 exploits for Gh0st and PlugX malware controllers 2017-09-05 20:42:07 -04:00
james 44fb059cea Add error checking to mssql_clr_payload 
Additional error checking had been added to exploits/windows/mssql/mssql_clr_payload
If an error is encountered when changing the trustworthy or clr setting, the exploit fails with a message.
 2017-09-05 18:48:22 -05:00
h00die d05c401866 modules cleanup and add docs 2017-09-04 20:57:23 -04:00
Kirk Swidowski 2ee94ca3d9 made changes based on PR feedback. 2017-09-01 16:49:17 -07:00
Pearce Barry 6051a1a1c1 Land #8910, Use meta redirect instead of JS redirect in 2 modules 2017-09-01 13:50:02 -05:00
Tod Beardsley 86db2a5771 Land #8888 from @h00die, with two extra fixes 
Fixes spelling and grammar in a bunch of modules. More to come!
 2017-08-31 14:37:02 -05:00
Tod Beardsley 642a13e820 Out out damn tick 2017-08-31 14:29:05 -05:00
james 49173818fd Addresses #8674 
This type of redirection will work without javascript being enabled.

Modules:
multi/browser/firefox_xpi_bootstrapped_addon
multi/browser/itms_overflow

More info on the meta element:
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta
 2017-08-30 23:16:46 -05:00
Calum Hutton 3b745bd17c Rework the bash, redirect stdout/err to /dev/null 
Dont need the -
 2017-08-30 03:49:30 +01:00
Calum Hutton 9387a765e5 Fix msftidy warns/errs 2017-08-30 03:10:46 +01:00
Calum Hutton 4934023fa5 Use alternate system() payload, dont worry about restarts 
Use nohup and & to background the meterpreter process
 2017-08-30 03:10:46 +01:00
Calum Hutton d53f10554d Configurable restart command 2017-08-30 03:10:46 +01:00
Calum Hutton d0ff2694b3 Restart after payload process ends 2017-08-30 03:10:46 +01:00
Calum Hutton aee44e3bd2 Working meterpreter exploit 
No service restart
 2017-08-30 03:10:46 +01:00
Calum Hutton 7cfb5fcc97 Rename 2017-08-30 03:10:46 +01:00
Calum Hutton 8b67b710fa Add template 2017-08-30 03:10:46 +01:00
Brent Cook 202c936868 Land #8826, git submodule remote command execution 2017-08-29 18:11:32 -05:00
Brent Cook 46eeb1bee0 update style 2017-08-29 17:44:39 -05:00
Tim 39299c0fb8 randomize submodule path 2017-08-29 16:54:08 +08:00
h00die a40429158f 40% done 2017-08-28 20:17:58 -04:00
n00py 8f17d536a7 Update phpmailer_arg_injection.rb 
Removed second parameter as it was not necessary.  Only changed needed was to change "send_request_cgi" to "send_request_cgi!"
 2017-08-24 00:29:28 -06:00
n00py c49b72a470 Follow 301 re-direct 
I found that in some cases, the trigger URL cannot be accessed directly.  For example, if the uploaded file was example.php, browsing to "example.php" would hit a 301 re-direct to "/example".  It isn't until hitting "/example" that the php is executed.  This small change will just allow the trigger to follow one 301 redirect.
 2017-08-23 18:53:54 -06:00
Brent Cook 821121d40b Land #8871, improve compatibility and speed of JDWP exploit 2017-08-23 18:53:47 -05:00
William Vu 4c285c0129 Land #8827, QNAP Transcode Server RCE 2017-08-22 23:07:01 -05:00
Brent Cook 128949217e more osx 2017-08-22 16:48:09 -05:00
Brent Cook bb120962aa more osx support 2017-08-22 14:01:48 -05:00
Brent Cook 7263c7a66e add 64-bit, osx support 2017-08-22 13:51:28 -05:00
Louis Sato e01caac9ed removing slice operators from jdwp_debugger 2017-08-21 16:36:54 -05:00
Brent Cook edbe8d73c2 Revert "Revert passive stance for multi/handler" 
This reverts commit 66a4ea4f0b.
 2017-08-21 16:14:23 -05:00
Brent Cook eabe4001c2 Land #8492, Add IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution module 2017-08-20 18:48:22 -05:00
Brent Cook 367c760927 window move is now directly in the template 2017-08-20 17:48:59 -05:00
Brent Cook e734a7923a Land #8267, Handle multiple entries in PSModulePath 2017-08-20 17:44:30 -05:00
Brent Cook 1225555125 remove unnecessary require 2017-08-20 17:37:42 -05:00
Brent Cook 840c0d5f56 Land #7808, add exploit for VMware VDP with known ssh private key (CVE-2016-7456) 2017-08-20 17:36:45 -05:00
Brent Cook 88f39d924b Land #8816, added Jenkins v2 cookie support 2017-08-20 14:58:38 -05:00
Brent Cook 2eba188166 Land #8789, Add COM class ID hijack method for bypassing UAC 2017-08-20 13:57:17 -05:00
Brent Cook e8ab518d76 Land #8853, Revert passive stance for multi/handler 2017-08-19 22:04:26 -05:00
William Vu 66a4ea4f0b Revert passive stance for multi/handler 
It's gotten to be a bit annoying. ExitOnSession=false was good, but this
was too much. Typing run -j isn't difficult.
 2017-08-18 13:16:12 -05:00
William Vu d659cdc8f6 Convert quest_pmmasterd_bof to cmd_interact/find 2017-08-18 00:19:09 -05:00
Brendan Coles ac976eee8e Add author 2017-08-15 03:27:40 +00:00
Brent Cook b8f56d14e0 Land #8698, Add HEADERS to php_eval module 2017-08-14 09:54:22 -04:00
Brent Cook 26193216d1 Land #8686, add 'download' and simplified URI request methods to http client mixin 
Updated PDF author metadata downloader to support the new methods.
 2017-08-14 01:40:17 -04:00
Brent Cook 7d4561e0fd rename to download_log to avoid conflicting with the mixin 2017-08-14 01:10:37 -04:00
Brendan Coles 0a374b1a88 Add QNAP Transcode Server Command Execution exploit module 2017-08-13 09:13:56 +00:00
Tim 7881a7ddc4 git submodule command exec 2017-08-13 11:47:44 +08:00
thesubtlety 7e860571ae fix bug where api_token auth was being used without token being set 2017-08-09 12:30:26 -04:00