adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46,254 Commits 27 Branches 1,043 Tags
94de5a4e42cfb1dc0fdfc1233707f71b6d9a628b
Commit Graph

23791 Commits

Author SHA1 Message Date
Jon Hart 18c54ebb5e Minor rubocop gripe 2016-09-13 20:54:30 -07:00
Jon Hart 15e44e296b Fix cmd execution; use and cleanup temporary files 2016-09-13 20:51:32 -07:00
h00die d73531c0d3 added disclosure dates 2016-09-13 20:37:04 -04:00
Jon Hart 972db476ef Implement check for at_persistence 2016-09-13 16:08:49 -07:00
Brent Cook 7352029497 first round of SSL damage fixes 2016-09-13 17:42:31 -05:00
wchen-r7 245237d650 Land #7288, Add LoginScannerfor Octopus Deploy server 2016-09-13 17:26:56 -05:00
wchen-r7 10efafe44e Land #7306, Update links and add CVE to WebNMS modules 2016-09-13 15:52:27 -05:00
wchen-r7 ed5bbb9885 Land #7284, Add SugarCRM REST PHP Object Injection exploit 2016-09-13 15:46:46 -05:00
wchen-r7 a0095ad809 Check res properly and update Ruby syntax 
If res is nil, it should not be doing res.code
 2016-09-13 15:45:57 -05:00
Pedro Ribeiro 8d4ee3fac6 Forgot the bracket! 2016-09-13 19:01:22 +01:00
Pedro Ribeiro 4d49f7140c update links and CVE on webnms_file_download 2016-09-13 18:50:53 +01:00
Pedro Ribeiro 41bdae4b84 update links and CVE on webnms_file_upload 2016-09-13 18:50:25 +01:00
Pedro Ribeiro 8b90df8b67 update links and CVE on webnms_cred_disclosure 2016-09-13 18:49:58 +01:00
Jon Hart c69d65c47e Initial commit of at(1) 'persistence' 
Initial inspiration from @h00die's cron module in #7003
 2016-09-13 10:25:13 -07:00
wchen-r7 89705cc803 Avoid potential undef method error '+' for nil 2016-09-13 11:13:02 -05:00
wchen-r7 50447fc4cf Fix post/windows/gather/credentials/steam for an empty env var 2016-09-13 11:04:42 -05:00
Justin Steven 17bad7bd4f fix popchain 
ERB changed as per <https://github.com/ruby/ruby/commit/e82f4195d4>
which broke the popchain used for code execution.
 2016-09-13 21:25:14 +10:00
nixawk 1ce9aedb97 parenthesis for condition expression 2016-09-13 03:37:47 -05:00
nixawk fd16c1c3b7 Fix issue-7295 2016-09-13 01:32:20 -05:00
aushack 11342356f8 Support LHOST for metasploit behind NAT 2016-09-13 11:23:49 +10:00
Tijl Deneut 8df8f7dda0 Initial commit of profinet_siemens.rb 2016-09-11 09:15:41 +02:00
scriptjunkie a0e05d4c4c Land #7287, mdaemon cred dumper 2016-09-10 08:43:07 -05:00
Brent Cook a81f351cb3 Land #7274, Remove deprecated modules 2016-09-09 12:01:59 -05:00
Brent Cook 1d4b0de560 Land #6616, Added an Outlook EWS NTLM login module. 2016-09-09 11:43:52 -05:00
Justin Steven 6bafad44f2 drop 'require uri', tweak option text 2016-09-09 20:31:23 +10:00
Justin Steven 0b012c2496 Combine Unix and Windows modules 2016-09-09 20:28:13 +10:00
Agora Security 00f09d19b1 SMTP Typo 
Correct SMTP Type (before SMPT)
 2016-09-09 01:36:37 -05:00
William Vu 92dba8ff9d Land #7290, env var check for WinSCP module 2016-09-07 21:08:12 -05:00
Brendan a30711ddcd Land #7279, Use the rubyntlm gem (again) 2016-09-07 16:33:35 -05:00
wchen-r7 a9c3c5d391 Fix typos 2016-09-07 15:40:10 -05:00
wchen-r7 831c7a08a8 Check environment variables before using for winscp module 2016-09-07 15:24:22 -05:00
William Vu 7d44bd5ba4 Clean up module 2016-09-06 23:30:58 -05:00
aushack 015b790295 Added default rport. 2016-09-07 14:24:07 +10:00
aushack 7632c74aba Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2016-09-07 14:15:57 +10:00
aushack 6e21684ff7 Fix typo. 2016-09-07 14:08:46 +10:00
james-otten dcf0d74428 Adding module to scan for Octopus Deploy server 
This module tries to log into one or more Octopus Deploy servers.

More information about Octopus Deploy:
https://octopus.com
 2016-09-06 20:52:49 -05:00
catatonic c06ee991ed Adding WiFi pineapple command injection via authenticaiton bypass. 2016-09-06 17:22:25 -07:00
catatonic 8d40dddc17 Adding WiFi pineapple preconfig command injection module. 2016-09-06 17:18:36 -07:00
EgiX df5fdbff41 Add module for KIS-2016-07: SugarCRM REST PHP Object Injection 
This PR contains a module to exploit KIS-2016-07, a PHP Object Injection vulnerability in SugarCRM CE before version 6.5.24 that allows unauthenticated users to execute arbitrary PHP code with the permissions of the webserver. Successful exploitation of this vulnerability should require SugarCRM to be running on PHP before version 5.6.25 or 7.0.10, which fix CVE-2016-7124.
 2016-09-07 01:58:41 +02:00
Quentin Kaiser e4d118108a Trend Micro SafeSync exploit. 2016-09-06 19:33:23 +00:00
William Vu fed2ed444f Remove deprecated modules 
psexec_psh is undeprecated because users have been reporting
idiosyncrasies between it and psexec in the field.
 2016-09-03 12:43:01 -05:00
Justin Steven ea220091ea add metasploit_webui_console_command_execution 
These modules target the Metasploit Community/Express/Pro Web UI on
Unix and Windows via the diagnostic console feature
 2016-09-03 09:12:09 +10:00
Mehmet Ince ba6c2117cf Fix msftidy issues 2016-09-02 18:18:43 +03:00
Mehmet Ince 144fb22c32 Add Kaltura PHP Remote Code Execution module 2016-09-02 18:09:53 +03:00
Brendan 81bc6bd672 Land #7228, Create zabbix_toggleids_sqli auxiliary module 2016-09-01 16:33:17 -05:00
Jan Mitchell 411689aa44 Adding changes to Samba exploit to target MIPSBE (this is for OpenWRT on a router 2016-09-01 10:05:13 +01:00
Jan Mitchell 4d3611ceb9 Added MIPSBE support to Samba exploit. Added a MIPSBE nop generator 2016-09-01 09:55:08 +01:00
Jon Hart b0e45341e5 Update redis file_upload to optionally FLUSHALL before writing 
This increases the chances that the uploaded file will be usable as-is
rather than being surround by the data in redis itself.
 2016-08-31 14:27:18 -07:00
Brandon Perry 874fec4e31 Update zabbix_toggleids_sqli.rb 2016-08-31 17:23:16 -04:00
Brandon Perry d43380330e Update zabbix_toggleids_sqli.rb 2016-08-31 17:18:28 -04:00