adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

13654 Commits

Author SHA1 Message Date
h00die 0c353841ab forgot add fixes for travis 2017-02-25 23:25:36 -05:00
h00die a8609f5c66 ntfs-3g lpe 2017-02-25 23:09:22 -05:00
Pedro Ribeiro f18b533226 change platform time to unix (although it is linux in reality but whatevs) 2017-02-24 22:58:24 +00:00
Jeff Tang 67086966ac Avoid calling unescape on nops directly 
Using an intermediate variable will avoid triggering signatures
 2017-02-23 18:19:16 -05:00
wchen-r7 70f7dccf62 copy and paste fail 2017-02-23 17:11:08 -06:00
wchen-r7 5d0b532b20 Fix #8002, Use post/windows/manage/priv_migrate instead of migrate -f 
Because migrate -f uses a meterpreter script, and meterpreter scripts
are deprecated, we should be replacing with a post module

Fix #8002
 2017-02-23 17:04:36 -06:00
Brendan Coles 5d3a4cce67 Use all caps for module option names 2017-02-23 16:30:01 +11:00
Jeff Tang 8ce10ac591 Avoid String.fromCharCode which gets detected 2017-02-22 14:13:18 -05:00
Carter 25b3cc685a Update netgear_r7000_cgibin_exec.rb 2017-02-22 11:36:52 -05:00
Brendan Coles 47fec5626e Style update 2017-02-22 07:56:17 +00:00
Brendan Coles e491f01c70 Add MVPower DVR Shell Unauthenticated Command Execution module 2017-02-22 05:15:57 +00:00
wchen-r7 48f6740fee Land #7969, Add Module Trend Micro IMSVA Remote Code Execution 2017-02-21 17:29:04 -06:00
bwatters-r7 a9b9a58d4d Land #7893, Add Module AlienVault OSSIM/USM Remote Code Execution 2017-02-21 13:35:56 -06:00
William Webb 83cc28a091 Land #7972, Microsoft Office Word Macro Generator OS X Edition 2017-02-21 13:26:42 -06:00
William Vu dad21b1c1d Land #7979, another downcase fix for a password 2017-02-19 21:26:52 -06:00
h00die 92c1fa8390 remove downcase 2017-02-18 20:13:32 -05:00
Carter e99ba0ea86 Msftidy stuff 2017-02-18 00:34:49 -05:00
Carter 189d5dc005 Thanks netgear 2017-02-18 00:15:45 -05:00
Carter 52350292cf Fix msftidy warning 2017-02-17 18:41:11 -05:00
Carter 63d1de9acd Updates from review 
Also testing some things, line 84 and 85 mostly
 2017-02-17 18:29:46 -05:00
Brent Cook 2c570b6709 Land #7942, Microsoft SQL Server Clr Stored Procedure Payload Execution 2017-02-17 17:28:54 -06:00
Brent Cook 8019a9e519 Land #7947, fix crash in panda_psevents when an unexpected target OS is found 2017-02-17 14:08:27 -06:00
wchen-r7 1f23b44003 I modified windows/fileformat/office_word_macro the wrong way 2017-02-16 23:16:06 -06:00
wchen-r7 7503f643cc Deprecate windows/fileformat/office_word_macro 
Please use exploits/multi/fileformat/office_word_macro instead,
because the new one supports OS X.
 2017-02-16 12:32:14 -06:00
wchen-r7 3d269b46ad Support OS X for Microsoft Office macro exploit 2017-02-16 12:28:11 -06:00
Carter 811f6d4d58 Update netgear_r7000_cgibin_exec.rb 2017-02-16 08:38:06 -05:00
Carter 90224af813 Fix msftidy warning 2017-02-15 22:39:16 -05:00
Carter 81d63c8cc7 Create netgear_r7000_cgibin_exec.rb 2017-02-15 22:33:48 -05:00
David Manouchehri f113114643 Added assigned CVE. 2017-02-15 17:05:23 -05:00
notivan 6764bdb36f Fix Jenkins Ldap Deserialization Remote Use 
It appears the original exploit had been deliberately sabotaged to not work remotely. We have fixed this egregious error.
 2017-02-14 17:05:25 +00:00
Maurice Popp d5fd620fbb Add files via upload 2017-02-14 11:21:36 +01:00
h00die 843f559069 land #7917 piwik exploit module 2017-02-14 00:52:27 -05:00
OJ ec316bfb6c Use DATABASE when logging in with SQL mixin 2017-02-14 10:34:27 +10:00
h00die a47a479bd3 add else case 2017-02-12 19:08:31 -05:00
Christian Mehlmauer baa473a1c6 add piwik superuser plugin upload module 2017-02-11 00:20:50 +01:00
James Lee 026f6eb715 Land #7929, improve php_cgi_arg_injection 2017-02-10 10:01:38 -06:00
OJ 2d834a3f5a Finalise module, and add supporting binaries 2017-02-10 12:56:40 +10:00
OJ 1c62559e55 Add v1 of SQL Clr stored proc payload module 2017-02-10 10:28:22 +10:00
bwatters-r7 272d1845fa Land #7934, Add exploit module for OpenOffice with a malicious macro 2017-02-09 13:42:58 -06:00
wchen-r7 e1a1ea9d68 Fix grammar 2017-02-08 19:26:35 -06:00
wchen-r7 047a9b17cf Completed version of openoffice_document_macro 2017-02-08 16:29:40 -06:00
Mehmet Ince 4ee05313d8 Update tested version numbers 2017-02-08 19:31:01 +03:00
jvoisin f3bcc9f23f Take care of suhosin 2017-02-08 09:59:36 +01:00
jvoisin 028d4d6077 Make the payload a bit more random 2017-02-08 09:59:22 +01:00
jvoisin cb03ca91e1 Make php_cgi_arg_injection work in certain environnement 
This commit sets two more options to `0` in the payload:

- [cgi.force_redirect](https://secure.php.net/manual/en/ini.core.php#ini.cgi.force-redirect)
- [cgi.redirect_status_env](https://secure.php.net/manual/en/ini.core.php#ini.cgi.redirect-status-env)

The configuration directive `cgi.force_redirect` prevents anyone from calling PHP
directly with a URL like http://my.host/cgi-bin/php/secretdir/script.php.
Instead, PHP will only parse in this mode if it has gone through a web server redirect rule.

The string set in the configuration directive `cgi.redirect_status_env`
is the one that PHP will look for to know it's ok to continue its
execution. This might be use together with the previous configuration
option as a security measure.

Setting those variables to 0 is (as stated in the documentation) a
security issue, but it also make the exploit work on some Apache2 setup.
 2017-02-07 18:59:27 +01:00
wchen-r7 cefbee2df4 Add PoC for OpenOffice macro module 2017-02-07 10:12:23 -06:00
Mehmet Ince 906fcfe355 OSSIM 5.0.0 version requires a authen token on action create 2017-02-03 23:45:33 +03:00
wchen-r7 c73c189a61 Set DisablePayloadHandler default to true 2017-02-03 11:25:50 -06:00
wchen-r7 ccaa783a31 Add Microsoft Office Word Macro exploit 2017-02-02 17:44:55 -06:00
wchen-r7 3c6fa12aca Update firefox_smil_uaf to use BrowserExploitServer 2017-01-31 16:04:16 -06:00