adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46,254 Commits 27 Branches 1,043 Tags
94de5a4e42cfb1dc0fdfc1233707f71b6d9a628b
Commit Graph

11200 Commits

Author SHA1 Message Date
Brent Cook 5420848c49 Land #6922, add popen() additional vector to ImageMagick exploit (imagemagick_delegate) 2016-06-03 08:06:07 -05:00
wchen-r7 f333481fb8 Add vendor patch info 2016-06-02 16:41:06 -05:00
wchen-r7 7c9227f70b Cosmetic changes for magento_unserialize to pass msftidy & guidelines 2016-06-02 16:34:41 -05:00
William Vu 9128ba3e57 Add popen() vuln to ImageMagick exploit 
So... we've actually been sitting on this vuln for a while now. Now that
the cat's out of the bag [1], I'm updating the module. :)

Thanks to @hdm for his sharp eye. ;x

[1] http://permalink.gmane.org/gmane.comp.security.oss.general/19669
 2016-06-02 11:35:37 -05:00
mr_me 4f42cc8c08 Added module 2016-06-02 09:24:10 -05:00
h00die 68d647edf1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework into op5 2016-06-01 18:05:18 -04:00
h00die 52d5028548 op5 config exec 2016-06-01 15:07:31 -04:00
a-marionette 7f92088242 Revised the SQL query for the exploits/unix/webapps/joomla_content_history_sqli_rce.rb. The exploit is now working for me. 2016-06-01 09:47:32 -07:00
root d72492fe30 Add support for older Data Protector versions 
Increases support by enabling all SSL ciphers. Some older versions
of DP only support weaker export ciphers not enabled by default.
 2016-06-01 10:45:47 +01:00
Ian Lovering eb2398a446 Renamed hp_dataprotector_encrypted_comms 
Renamed to match other data protector exploits
 2016-05-31 22:58:32 +01:00
Ian Lovering 54c4771626 Exploit for HP Data Protector Encrypted Comms 
Added exploit for HP Data Protector when using encrypted communications.

This has been tested against v9.00 on Windows Server 2008 R2 but should also work against older versions of DP.
 2016-05-31 22:44:14 +01:00
wchen-r7 fb678564b1 Land #6923, Check the correct check code for ms13_081_track_popup_menu 2016-05-31 11:40:02 -05:00
h00die 8ce59ae330 travis fixes 2016-05-31 05:46:20 -04:00
h00die 057947d7e8 ipfire proxy exec 2016-05-30 10:24:17 -04:00
h00die 9b5e3010ef doc/module cleanup 2016-05-30 06:33:48 -04:00
h00die df55f9a57c first add of ipfire shellshock 2016-05-29 20:40:12 -04:00
wchen-r7 14adcce8bf Missed the HTTPUSERNAME fix 2016-05-27 18:37:04 -05:00
wchen-r7 61f9cc360b Correct casing - should be HttpUsername and HttpPassword 2016-05-27 18:31:54 -05:00
wchen-r7 4dcddb2399 Fix #4885, Support basic and form auth at the same time 
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.

Fix #4885
 2016-05-27 16:25:42 -05:00
wchen-r7 fb95abc645 Land #6909, Add WordPress Ninja Forms unauthenticated file upload 2016-05-25 15:40:10 -05:00
wchen-r7 14e1baf331 Minor style changes 2016-05-25 15:39:26 -05:00
rastating 19c4d5b02b Remove hard coded target path 2016-05-25 18:04:26 +01:00
William Webb 028b1ac251 Land #6816 Oracle Application Testing Suite File Upload 2016-05-24 18:27:10 -05:00
Brent Cook 5c6b93c1cf Land #6883, Add Ubiquiti airOS exploit 2016-05-24 07:26:40 -05:00
Brent Cook 5bf8891c54 Land #6882, fix moodle_cmd_exec HTML parsing to use REX 2016-05-23 23:25:22 -05:00
rastating adb8098b8c Fix typo 2016-05-24 00:16:04 +01:00
rastating aae7c25603 Add WordPress Ninja Forms unauthenticated file upload module 2016-05-23 23:47:41 +01:00
William Vu 6581fbd294 Add note about "mf" malware 
This is the malware I found upon shelling my friend's device.
 2016-05-20 23:09:10 -05:00
wchen-r7 506356e15d Land #6889, check #nil? and #empty? instead of #empty? 2016-05-19 19:23:04 -05:00
wchen-r7 99a573a013 Do unless instead "if !" to follow the Ruby guideline 2016-05-19 19:21:45 -05:00
William Vu a16f4b5167 Return nil properly in rescue 
Missed this because I copypasta'd myself.
 2016-05-19 15:35:38 -05:00
William Vu d018bba301 Store SSH key as a note 
I know, I know, it should use the creds model. >:[
 2016-05-19 15:12:58 -05:00
William Vu 9f738c3e41 Add note about overwritten files 2016-05-19 15:07:27 -05:00
William Vu 8fccb26446 Add Ubiquiti airOS exploit 
Thanks to my friend wolf359 for providing a test device!
 2016-05-19 14:50:20 -05:00
ssyy201506 31bbcfca49 Fix ms13_081_track_popup_menu 2016-05-19 17:22:47 +09:00
Vex Woo b5284375a7 osb_uname_jlist - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:16:53 -05:00
Vex Woo 11fedd7353 ca_totaldefense_regeneratereports - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:15:28 -05:00
Vex Woo a6405beeda ams_hndlrsvc - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:13:40 -05:00
Vex Woo 41bcdcce61 fix struts_code_exec_exception_delegator - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:11:57 -05:00
Vex Woo bc257ea628 fix struts_code_exec - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:10:32 -05:00
Vex Woo 68b83c6e3a datastore['CMD'].blank? 2016-05-17 23:56:59 -05:00
Vex Woo a4e7e373f3 fix ams_xfr.rb - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-17 17:55:18 -05:00
wchen-r7 e8ac568352 doesn't look like we're using the tcp mixin 2016-05-17 03:15:26 -05:00
wchen-r7 08394765df Fix #6879, REXML::ParseException No close tag for /div 2016-05-17 03:14:00 -05:00
Brent Cook cf0176e68b Land #6867, Add Dell SonicWALL Scrutinizer 11.0.1 MethodDetail SQL Injection 2016-05-16 19:00:10 -05:00
Vex Woo 4a4904149b ruby conditional operator -> expression 2016-05-16 10:45:04 -05:00
Vex Woo 4a3ab9d464 add a module for netcore/netdis udp 53413 backdoor 2016-05-16 02:11:53 -05:00
wchen-r7 8e85e8f9d7 Land #6859, Add TP-Link sc2020n Module 2016-05-15 12:33:54 -05:00
Brent Cook 21d74a64fe Land #6874, Improve exploit for CVE-2016-0854 2016-05-14 11:08:17 -05:00
Brent Cook 0d176f2c92 remove a couple of unnecessary ternary ops 2016-05-14 11:07:43 -05:00