adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
44,717 Commits 27 Branches 1,043 Tags
a87ae41d81d680b3ea202ff3c59ff3c052d273a7
Commit Graph

10967 Commits

Author SHA1 Message Date
h00die 4d1e51a0ff Land #8906 RCE for supervisor 2017-09-24 08:03:30 -04:00
h00die 9528f279a5 cleaned up version, and docs 2017-09-23 10:51:52 -04:00
Pearce Barry e8eeb784e4 Land #8960, spelling/grammar fixes part 3 2017-09-22 18:51:31 -05:00
Pearce Barry 8de6fa79c1 Tweakz, yo. 2017-09-22 18:49:09 -05:00
Pearce Barry d56fffcadf Land #8974, spelling/grammar fixes part 4. Finished. 2017-09-22 14:59:28 -05:00
Mehmet Ince 3d543b75f5 Fixing typos and replacing double quotes with single 2017-09-21 23:48:12 +03:00
Mehmet Ince 1031d7960a Moving token extraction to the seperated function 2017-09-20 10:23:32 +03:00
Mehmet Ince ee969ae8e5 Adding DenyAll RCE module 2017-09-19 14:53:37 +03:00
h00die c90f885938 Finished spelling issues 2017-09-17 16:00:04 -04:00
William Webb d5362333e2 Land #8958, Add Disk Pulse Enterprise web server buffer overflow 2017-09-15 13:34:22 -05:00
h00die 30f833f684 80 pages left 2017-09-13 22:03:34 -04:00
loftwing 52385f4d9e fix formatting to fit rubocop 2017-09-13 11:46:57 -05:00
loftwing b8c40a9d95 Clean up formatting 2017-09-13 11:13:33 -05:00
loftwing 3c204f91ef Correct module title 2017-09-13 11:02:13 -05:00
loftwing 65f2ee9109 added generate_seh_record 2017-09-13 10:56:32 -05:00
loftwing 7db506887b Add exploit code 2017-09-13 10:36:36 -05:00
loftwing eb0d174987 Add disk_pulse_enterprise_get module 2017-09-13 10:19:24 -05:00
Pearce Barry 7b87915e1f Land #8923, Add additional error checking to mssql_clr_payload module 2017-09-11 17:39:33 -05:00
Tod Beardsley 5f66b7eb1a Land #8940, @h00die's second round of desc fixes 
One ninja edit along the way as well.
 2017-09-11 13:05:13 -05:00
Tod Beardsley cfbd3c1615 Fix spelling of Honeywell 2017-09-11 13:02:18 -05:00
james ba880d1a85 Changes to mssql_clr_payload error handling based on code review 2017-09-10 14:15:39 -05:00
Patrick Thomas 2966fb7c8c Accept @shawizard suggestion for formatting msg_body 2017-09-10 11:23:52 -07:00
h00die 7339658ba9 224 pages of spelling issues left 2017-09-09 09:52:08 -04:00
h00die 6289cc0b70 Merge branch 'spellin' of https://github.com/h00die/metasploit-framework into spellin 2017-09-08 22:20:39 -04:00
h00die 0910c482a9 35 pages of spelling done 2017-09-08 22:19:55 -04:00
Brent Cook 8f864c27e3 Land #8924, Add Apache Struts 2 REST Plugin XStream RCE 2017-09-08 13:59:52 -05:00
Brent Cook 54a62976f8 update versions and add quick module docs 2017-09-08 13:59:29 -05:00
William Vu 978fdb07b0 Comment out PSH target and explain why 
I hope we can fix the PSH target in the future, but the Windows dropper
works today, and you can specify a custom EXE if you really want.
 2017-09-08 13:41:06 -05:00
dmohanty-r7 c91ef1f092 Land #8768, Add Docker Daemon TCP exploit module 2017-09-08 12:50:00 -05:00
Pearce Barry 2ebf53b647 Minor tweaks... 2017-09-08 10:04:47 -05:00
h00die 00c593e0a2 55 pages of spelling done 2017-09-07 21:18:50 -04:00
William Vu a9a307540f Assign cmd to entire case and use encode for XML 
Hat tip @acammack-r7. Forgot about that first syntax!
 2017-09-07 19:36:08 -05:00
William Vu 8f1e353b6e Add Apache Struts 2 REST Plugin XStream RCE 2017-09-07 19:30:48 -05:00
James Barnett 7e9d0b3e9b Fix permissions in docker priv_esc module 
The previous command didn't give the original user enough permissions
to execute the payload. This was resulting in permission denied
and preventing me from getting a root shell.

Fixes #8937
 2017-09-07 16:48:02 -05:00
g0tmi1k accb77d268 Add PSH (Binary) as a target to web_delivery 2017-09-07 10:55:29 +01:00
Patrick Thomas 5d009c8d0b remove dead code 2017-09-06 23:21:56 -07:00
Patrick Thomas 048316864c remove redundant return 2017-09-06 23:01:13 -07:00
Patrick Thomas 97d08e0da4 fix reviewer comments 2017-09-06 22:53:02 -07:00
Patrick Thomas d71f7876b8 initial commit of nodejs debugger eval exploit 2017-09-06 22:29:24 -07:00
g0tmi1k 96f7012fe7 Code clean up (URLs, ordering and printing) 2017-09-06 13:17:28 +01:00
g0tmi1k b884705a93 regsvr32_applocker_bypass_server -> web_delivery 2017-09-06 12:35:52 +01:00
g0tmi1k e7b4cb71b1 Add PSH-Proxy to multi/script/web_delivery 2017-09-06 12:27:04 +01:00
h00die be66ed8af3 Land #8788 exploits for Gh0st and PlugX malware controllers 2017-09-05 20:42:07 -04:00
james 44fb059cea Add error checking to mssql_clr_payload 
Additional error checking had been added to exploits/windows/mssql/mssql_clr_payload
If an error is encountered when changing the trustworthy or clr setting, the exploit fails with a message.
 2017-09-05 18:48:22 -05:00
h00die d05c401866 modules cleanup and add docs 2017-09-04 20:57:23 -04:00
Pearce Barry 6051a1a1c1 Land #8910, Use meta redirect instead of JS redirect in 2 modules 2017-09-01 13:50:02 -05:00
Tod Beardsley 86db2a5771 Land #8888 from @h00die, with two extra fixes 
Fixes spelling and grammar in a bunch of modules. More to come!
 2017-08-31 14:37:02 -05:00
Tod Beardsley 642a13e820 Out out damn tick 2017-08-31 14:29:05 -05:00
james 49173818fd Addresses #8674 
This type of redirection will work without javascript being enabled.

Modules:
multi/browser/firefox_xpi_bootstrapped_addon
multi/browser/itms_overflow

More info on the meta element:
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta
 2017-08-30 23:16:46 -05:00
Calum Hutton 3b745bd17c Rework the bash, redirect stdout/err to /dev/null 
Dont need the -
 2017-08-30 03:49:30 +01:00