adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46,254 Commits 27 Branches 1,043 Tags
94de5a4e42cfb1dc0fdfc1233707f71b6d9a628b
Commit Graph

23791 Commits

Author SHA1 Message Date
Carter 46fbc9dd3f Fix some formatting 2017-02-07 21:32:19 -05:00
William Vu 6f4ff89218 Add WPVDB reference 2017-02-07 18:33:58 -06:00
jvoisin cb03ca91e1 Make php_cgi_arg_injection work in certain environnement 
This commit sets two more options to `0` in the payload:

- [cgi.force_redirect](https://secure.php.net/manual/en/ini.core.php#ini.cgi.force-redirect)
- [cgi.redirect_status_env](https://secure.php.net/manual/en/ini.core.php#ini.cgi.redirect-status-env)

The configuration directive `cgi.force_redirect` prevents anyone from calling PHP
directly with a URL like http://my.host/cgi-bin/php/secretdir/script.php.
Instead, PHP will only parse in this mode if it has gone through a web server redirect rule.

The string set in the configuration directive `cgi.redirect_status_env`
is the one that PHP will look for to know it's ok to continue its
execution. This might be use together with the previous configuration
option as a security measure.

Setting those variables to 0 is (as stated in the documentation) a
security issue, but it also make the exploit work on some Apache2 setup.
 2017-02-07 18:59:27 +01:00
jvoisin 96f7b2e245 http_version now store the fngerprints 
Currently, the `http_version` module doesn't store the fingerprints
into the database; this commit should fix this behaviour.
 2017-02-07 18:36:36 +01:00
wchen-r7 cefbee2df4 Add PoC for OpenOffice macro module 2017-02-07 10:12:23 -06:00
Carter f4580a2616 Add token value check 
Sometimes it wouldn't return creds if the token is 0. It usually works after running it another time.
 2017-02-07 10:53:25 -05:00
Carter c1f9b724cf Maybe fix syntax error 2017-02-07 10:36:05 -05:00
Tim d0f6d4ef45 Land #7920, android/meterpreter_reverse_https 2017-02-07 20:42:47 +08:00
William Vu b4056a110b Print diagnostics if no posts found/given 2017-02-07 04:37:05 -06:00
William Vu a9ea09a179 Land #7909, Python process hiding for sessions -u 2017-02-07 02:28:24 -06:00
William Vu e1ade9caf8 Land #7910, closed ports fix for TCP portscan 2017-02-07 02:23:15 -06:00
sekritskwurl aac9381778 Update meterpreter_reverse_https.rb 2017-02-07 12:13:20 +04:00
Carter 00050abb73 Fix msftidy warnings 2017-02-06 22:06:50 -05:00
Carter 1f2a95c202 Use html parser instead of regex 2017-02-06 22:03:56 -05:00
Carter 115c60446e Fix weird if loop in check 2017-02-06 17:30:49 -05:00
Carter 6ebdbc3f81 Fix some stuff from review 
I'm going to change the HTML Regex to a parser a bit later, I don't have time right now
 2017-02-06 17:29:39 -05:00
William Webb badca287dd Land #7906, Add Microsoft Word malicious macro document generator 2017-02-06 14:44:09 -06:00
h00die f531366d89 Land #7790 an aux module to extract Meteocontrol Weblog admin password 2017-02-06 15:23:06 -05:00
Carter 9b4ca31432 Fix typo 2017-02-06 12:52:41 -05:00
Carter 52cf9c44df Update netgear_password_disclosure.rb 2017-02-06 12:43:31 -05:00
Carter 16c6480629 Add response checks 
I can't test this right now as I'm not at a computer that has metasploit installed, but I'll test it when I get a chance to.
 2017-02-06 12:10:01 -05:00
Carter f5450a718a Add TARGETURI datastore option 2017-02-06 11:54:29 -05:00
Carter 99227aca1a Fix things from review 2017-02-06 09:44:35 -05:00
sekritskwurl 0cec4be107 Android Stageless Meterpreter over HTTPS 
Change to add functionality for stateless meterpreter over HTTPS
 2017-02-06 14:59:43 +04:00
William Vu 8af966a132 Add WordPress content injection module 2017-02-06 04:40:26 -06:00
Carter fb7e5ff847 Fix more msftidy warnings 2017-02-05 14:00:05 -05:00
Carter f08590982c Fix some msftidy warnings 2017-02-05 13:58:01 -05:00
Carter 609ea3700a Create netgear_password_disclosure.rb 2017-02-05 13:39:58 -05:00
MatToufoutu db77061719 do not add closed ports to database 2017-02-04 16:24:40 +01:00
Tim 9e0cb9797b python -c payload -> echo payload | python 2017-02-04 17:57:17 +08:00
juushya d305f895ff Fixed a typo space 2017-02-04 11:59:45 +05:30
juushya 36416c20cb Updated check for extract fail case now + Minor edits 2017-02-04 03:00:31 +05:30
Mehmet Ince 906fcfe355 OSSIM 5.0.0 version requires a authen token on action create 2017-02-03 23:45:33 +03:00
juushya 34b861403e Minor updates 2017-02-04 01:44:18 +05:30
wchen-r7 c73c189a61 Set DisablePayloadHandler default to true 2017-02-03 11:25:50 -06:00
James Lee 83cb65d3a2 Don't spin CPU if an fopen fails 
Because PHP is happy to continue on just fine in that case and the loop
below will run unbounded spewing warnings about reading from `false`.
 2017-02-02 19:07:58 -06:00
James Lee 3c7f78167a Push up the preamble and modernize style 2017-02-02 17:57:03 -06:00
wchen-r7 ccaa783a31 Add Microsoft Office Word Macro exploit 2017-02-02 17:44:55 -06:00
James Lee ff20cf911c Move the preamble above all other code 2017-02-02 14:53:53 -06:00
Pearce Barry 23c2787d57 Land #7795, Hardware Bridge API. 
Initial bridge API that supports the HW rest protocol.
 2017-02-02 08:47:59 -06:00
Pearce Barry 16de745437 Minor code cleanups/corrections. 2017-02-01 16:12:45 -06:00
juushya 58a50d7dd1 Minor edits 2017-02-01 04:46:05 +05:30
juushya 6d6db2f40f Add epmp1000 dump config module 2017-02-01 04:42:47 +05:30
juushya 20a51371ce Minor Edits 2017-02-01 04:23:28 +05:30
juushya 423648e347 Minor edits 2017-02-01 03:53:14 +05:30
juushya 82d2777417 Minor update 2017-02-01 03:44:50 +05:30
juushya 59e31e26f2 Add Binom3 module 2017-02-01 03:35:35 +05:30
wchen-r7 3c6fa12aca Update firefox_smil_uaf to use BrowserExploitServer 2017-01-31 16:04:16 -06:00
William Webb 2ff170a1fa Land #7820, Exploit for TrueOnline Billion 5200W-T 2017-01-31 11:33:56 -06:00
William Webb f167358540 Land #7821, Command Injection Exploit for TrueOnline ZyXEL P660HN 2017-01-31 11:28:46 -06:00