adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46,254 Commits 27 Branches 1,043 Tags
94de5a4e42cfb1dc0fdfc1233707f71b6d9a628b
Commit Graph

23791 Commits

Author SHA1 Message Date
OJ b0970783ff Another interim commit moving towards universal handlers 2016-11-04 13:25:02 +10:00
William Vu 5ed030fcf6 Land #7529, nil.downcase fix for tomcat_mgr_deploy 
Don't think it was ever needed, since the password is case-sensitive.

Fixed a minor merge conflict where PASSWORD became HttpPassword.
 2016-11-03 15:39:46 -05:00
Jin Qian 2f8d3c3cf3 Remove the bug where downcase() is invoked on password which is optional and can be empty. 2016-11-03 15:23:19 -05:00
Brendan dae1f26313 Land #7521, Modernize TLS protocol configuration for SMTP / SQL Server 2016-11-03 12:56:50 -05:00
William Vu eca4b73aab Land #7499, check method for pkexec exploit 2016-11-03 10:59:06 -05:00
William Vu 1c746c0f93 Prefer CheckCode::Detected 2016-11-03 11:14:48 +01:00
William Vu 2cdff0f414 Fix check method 2016-11-03 11:14:48 +01:00
Brendan 5169341f62 Land #7522, Fix psh template to avoid 100% cpu spike on CTRL+C 2016-11-02 16:40:34 -05:00
OJ 7895ba810d Update payload cached size for the powershell payload 2016-11-03 02:50:13 +10:00
OJ cc8c1adc00 Add first pass of multi x86 http/s payload (not working yet) 2016-11-03 02:44:53 +10:00
William Vu a651985b4f Land #7498, Joomla account creation and privesc 2016-11-01 22:46:36 -05:00
William Vu f414db5d6d Clean up module 2016-11-01 22:46:28 -05:00
OJ 494b4e67bd Refactor http/s handler & payloads 
This commit moves much of the platform-specific logic from the
reverse_http handler down into the payloads. This makes the handler
a bit more agnostic of what the payload is (which is a good thing).
There is more to do here though, and things can be improved.

Handling of datastore settings has been changed to make room for the
ability to override the datastore completely when generating the
payloads. If a datastore is given via the `opts` then this is used
instead otherwise it falls back to the settings specified in the usual
datatstore location.

Down the track, we'll have a payload that supports multiple stages, and
the datastore will be generated on the fly, along with the stage itself.
Without this work, there's no other nice way of getting datastore
settings to be contained per-stager.
 2016-11-02 11:33:59 +10:00
h00die a924981369 Landing #7516, X11 print fixes 2016-11-01 19:50:05 -04:00
Adam Cammack a79f860cb7 Add UUIDs to mettle stages 2016-11-01 16:58:21 -05:00
Brendan 05e2aad837 Land #7497, Add Kerberos domain user enumeration module 2016-11-01 14:34:47 -05:00
OJ e4b4264d79 Fix psh template to avoid 100% cpu spike on CTRL+C 
Fixes #7293
 2016-11-02 05:19:52 +10:00
attackdebris 1b4cef10d1 Change creds_name to Kerberos 2016-11-01 17:59:51 +00:00
William Webb 31b593ac67 Land #7402, Add Linux local privilege escalation via overlayfs 2016-11-01 12:46:40 -05:00
Brent Cook f8912486df fix typos 2016-11-01 05:43:03 -05:00
OJ 47ec362148 Small fixes for dbvis enum 2016-11-01 07:35:36 +10:00
William Vu 5c065459ae print_{good,error} more specifically in open_x11 2016-10-31 11:29:00 -05:00
OJ ffb53b7ca3 Tidy arch check in meterpreter inject 2016-11-01 01:51:12 +10:00
OJ 557424d2ec Small tidy of the multiport_egress_traffic module 2016-11-01 01:46:58 +10:00
OJ ec8536f7e9 Fix firefox module to use symbols where appopriate 2016-11-01 01:43:25 +10:00
OJ b9bbb5e857 Replace regex use with direct string checks in dbvis module 2016-11-01 01:35:01 +10:00
OJ 3c57ff5c59 Avoid internal constants for bypassuac file path generation 2016-11-01 01:32:24 +10:00
OJ 6ce7352c45 Revert silly change in applocker bypass 2016-11-01 01:30:54 +10:00
OJ 3c56f1e1f7 Remove commented x64 arch from sock_sendpage 2016-11-01 01:29:11 +10:00
Pearce Barry 6b264ce6c4 Land #7508, Fix typo PAYLOAD_OVERWRITE vs PAYLOAD_OVERRIDE 
Fixes #7504.
 2016-10-30 17:58:43 -05:00
Alex Flores 45d6012f2d fix check method 2016-10-30 14:57:42 -04:00
Spencer McIntyre ccce361768 Remove accidentally included debug output 2016-10-29 18:46:51 -04:00
Spencer McIntyre fa7cbf2c5a Fix the jenkins exploit module for new versions 2016-10-29 18:19:14 -04:00
Konrads Smelkovs f754adad0c Fix typo PAYLOAD_OVERWRITE vs PAYLOAD_OVERRIDE 2016-10-29 11:20:32 +01:00
OJ 640827c24b Final pass of regex -> string checks 2016-10-29 14:59:05 +10:00
OJ 57eabda5dc Merge upstream/master 2016-10-29 13:54:31 +10:00
OJ 8b97183924 Update UUID to match detected platform, fail exploit on invalid session 2016-10-29 13:45:28 +10:00
OJ 0737d7ca12 Tidy code, remove regex and use comparison for platform checks 2016-10-29 13:41:20 +10:00
Jon Hart 8173e87756 Add references 2016-10-28 16:12:46 -07:00
Pearce Barry 5c12d55c84 Land #7484, Add Telpho10 Credentials Dump Exploit 2016-10-28 17:41:46 -05:00
Pearce Barry 991a3fe448 Markdown docs added. 2016-10-28 17:38:00 -05:00
Jon Hart 96c204d1ea Add aws_keys docs; correct description 2016-10-28 15:27:47 -07:00
OJ 751742face Fix typo in arch check for inject script 2016-10-29 08:25:23 +10:00
OJ 1ca2fe1398 More platform/arch/session fixes 2016-10-29 08:11:20 +10:00
dmohanty-r7 d918e25bde Land #7439, Add Ghostscript support to ImageMagick Exploit 2016-10-28 17:07:13 -05:00
Jon Hart 7dea613507 Initial commit of module for snagging AWS key material from shell/meterpreter sessions 2016-10-28 14:48:55 -07:00
Jan Rude 971c8207bd Update telpho10_credential_dump.rb 
Code improvements suggested by @h00die
 2016-10-28 16:45:14 -05:00
Jan Rude c9574a4707 Update telpho10_credential_dump.rb 
output correction
 2016-10-28 16:44:52 -05:00
Jan Rude 05ee51a832 Update telpho10_credential_dump.rb 
do not write to stdout
 2016-10-28 16:44:40 -05:00
Jan Rude fb534a9e85 add telpho10_exploit 
telpho10 credential dump exploit
 2016-10-28 16:44:27 -05:00