adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46,254 Commits 27 Branches 1,043 Tags
94de5a4e42cfb1dc0fdfc1233707f71b6d9a628b
Commit Graph

23791 Commits

Author SHA1 Message Date
wchen-r7 bd8aea2618 Fix check for jenkins_java_deserialize.rb 
This fixes the following:

* nil return value checks
* handle missing X-Jenkins-CLI-Port scenario more properly
* proper HTTP path normalization
 2015-12-14 11:25:59 -06:00
wchen-r7 5ffc80dc20 Add ManageEngine ConnectionId Arbitrary File Upload Vulnerability 2015-12-14 10:51:59 -06:00
Spencer McIntyre 4e492a1b0c Add an additional grammar change to the listener option 2015-12-13 12:04:20 -05:00
radekk 90a523fb0a Typos inside parameters description. 2015-12-12 22:48:20 +01:00
Vex Woo dee23e4bda Merge pull request #3 from jhart-r7/pr/fixup-6319 
Cleanup redis unauth_file_upload, move redis stuff to mixin
 2015-12-12 03:32:05 +00:00
dmohanty-r7 eb4611642d Add Jenkins CLI Java serialization exploit module 
CVE-2015-8103
 2015-12-11 14:57:10 -06:00
Jon Hart 9ef46140c0 Improve output when success 2015-12-11 10:10:44 -08:00
Jon Hart 32a64c3d8e Make auth easier, work automatically and on older redis versions 
Also, improve check
 2015-12-11 10:04:47 -08:00
Jon Hart ac47c87af4 Move Password option to redis mixin 2015-12-11 08:53:11 -08:00
Jon Hart 38d0b0a0f2 Wire in @all3g's redis auth code 2015-12-11 08:42:59 -08:00
Tyler Bennett c000e590d4 verified table values are correctly typed as Strs, but it still fails to print the tables 2015-12-10 15:51:59 -05:00
Jon Hart 555e52e416 Document the redis upload process more 2015-12-10 09:35:46 -08:00
Jon Hart 48a27170c2 Document process better, delete correct key 2015-12-10 09:13:13 -08:00
Jon Hart d2f54af23f Reset the dir and dbfilename back to their original settings 2015-12-10 08:56:24 -08:00
Jon Hart 21ab4e96e5 First pass at redis mixin 2015-12-10 08:29:59 -08:00
karllll a5c6e260f2 Update hp_vsa_login_bof.rb 
Updated reference URL to latest location
 2015-12-10 10:56:39 -05:00
William Vu 563be5c207 Land #6322, another Perl IRC bot exploit 2015-12-10 09:43:07 -06:00
William Vu a945350821 Land #6307, Perl IRC bot exploit 2015-12-10 09:42:35 -06:00
nixawk 0d8fc78257 make code more clear 2015-12-10 15:13:50 +00:00
nixawk 42013c18ba add a password option - AUTH_KEY 2015-12-10 08:24:47 +00:00
nixawk 28bc5b4d4f move it from exploit to auxiliary 2015-12-10 08:23:38 +00:00
Jon Hart 4cc7853ad8 Don't run_host unless check returns vulnerable; report_service 2015-12-09 18:33:40 -08:00
Jon Hart 624e5aeffa First pass at converting redis module to aux; style cleanup 2015-12-09 17:59:48 -08:00
Tyler Bennett c2ef7be217 cleaned up regex isseus and added the appropriate rex tables. Having issues with printing them due to type errors, but Im working on it 2015-12-09 17:49:38 -05:00
wchen-r7 11c1eb6c78 Raise Msf::NoCompatiblePayloadError if generate_payload_exe fails 
Most exploits don't check nil for generate_payload_exe, they just
assume they will always have a payload. If the method returns nil,
it ends up making debugging more difficult. Instead of checking nil
one by one, we just raise.
 2015-12-08 21:13:23 -06:00
Jon Hart 39da306b1d Land #6057, @danilbaz's module for dumping Bitlocker master key (FVEK) 2015-12-08 18:16:39 -08:00
Tyler Bennett e574c844de added rex table for channels func, has an issues with TypeError no implicit conversion of String into Integer upon building the table 2015-12-08 18:19:30 -05:00
Tyler Bennett 48cd350711 updated authors list with contributors 2015-12-08 16:29:00 -05:00
Tyler Bennett 92d56cd050 cleaned up uncessary Rex Tables working on the rest of them for users, groups and channels 2015-12-08 16:24:47 -05:00
wchen-r7 080ec26afb Land #4489, Update SMB admin modules to use Scanner & fixes 2015-12-08 14:49:26 -06:00
Jon Hart ed8076f361 Merge branch 'master' into pr/6197 2015-12-08 12:08:15 -08:00
Jon Hart 2177b979fd Update SessionTypes command to describe why shell is not listed 2015-12-08 12:06:47 -08:00
Jon Hart 3890961155 Correct SEP client exclusion enumeration 2015-12-08 10:16:25 -08:00
wchen-r7 7378e7b128 Do elog() when print_error() 2015-12-08 11:06:59 -06:00
BAZIN-HSC be5f648969 manage-bde.exe path test if in System32 or sysnative 2015-12-08 16:14:13 +01:00
wchen-r7 53acfd7ce3 Land #6303, Add phpFileManager 0.9.8 Remote Code Execution 2015-12-07 21:13:48 -06:00
wchen-r7 ea3c7cb35b Minor edits 2015-12-07 21:13:14 -06:00
Tyler Bennett 75e31c252e added rex table for nas settings, still working on users and hashes rex table 2015-12-07 14:48:28 -05:00
William Vu db788d1b7c Land #6238, CmdStager BOURNE_{PATH,FILE} options 2015-12-07 12:34:42 -06:00
Tyler Bennett 3d892bd1d6 added rex table for grab_email func instead of printing out values 2015-12-07 10:37:36 -05:00
Tyler Bennett 069a50e1b8 Revert "fixed ddns_creds import issue, by using rhost and commenting why it needs to be used" 
Reverting to hopefully force a fix for issue #3968
 2015-12-07 09:41:46 -05:00
JT b36834f4bc Update legend_bot_exec.rb 2015-12-07 10:38:36 +08:00
JT 2244f2aa43 Add Legend Perl IRC Bot Remote Code Execution 2015-12-07 10:30:28 +08:00
JT 26c8fd8faa Update xdh_x_exec.rb 2015-12-07 08:25:19 +08:00
JT 9ee5498090 Update xdh_x_exec.rb 
satisfying msftidy's request
 2015-12-06 20:21:18 +08:00
JT 10a8e98e41 Update xdh_x_exec.rb 2015-12-06 20:11:49 +08:00
JT 14afbc6800 Update xdh_x_exec.rb 
updated description and new author.
 2015-12-06 20:10:19 +08:00
nixawk 20f6cbe5ba upload file to redis server (unauthentication) 2015-12-06 06:11:11 +00:00
Stuart Morgan ca023b6499 Simplified do_report() to comply with msftidy 2015-12-05 23:27:28 +00:00
Stuart Morgan 4f1f755c1d msftidy 2015-12-05 22:49:40 +00:00