adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
44,717 Commits 27 Branches 1,043 Tags
a87ae41d81d680b3ea202ff3c59ff3c052d273a7
Commit Graph

23292 Commits

Author SHA1 Message Date
Tod Beardsley 642a13e820 Out out damn tick 2017-08-31 14:29:05 -05:00
Tim 86ee77ffb0 add aarch64 nops and fix aarch64 cmdstager 2017-08-31 18:48:58 +08:00
Adam Cammack 195c1e041f Update payload specs and sizes 
Adds the new Aarch64 and R payloads

fix merge
 2017-08-31 18:48:56 +08:00
Tim 7b71f60ea1 fix the stack 2017-08-31 18:35:18 +08:00
Tim 26f4fa3b09 setup stack 2017-08-31 18:35:17 +08:00
Tim a2396991f0 stager not setting up stack 2017-08-31 18:35:17 +08:00
Tim 6dbe00158f fix stager 2017-08-31 18:35:17 +08:00
james 49173818fd Addresses #8674 
This type of redirection will work without javascript being enabled.

Modules:
multi/browser/firefox_xpi_bootstrapped_addon
multi/browser/itms_overflow

More info on the meta element:
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta
 2017-08-30 23:16:46 -05:00
Pearce Barry 2bbba9c500 Avoid some ActiveRecord validation errors. 
Per discussion with @bcoles in [PR 8759](https://github.com/rapid7/metasploit-framework/pull/8759#issuecomment-325028479), setting a login data's last_attempted_at value while also setting the status to UNTRIED will cause a validation error when there's a running+connected MSF DB.

This PR removes the handful of existing cases we're doing this (thx, @bcoles!).
 2017-08-30 15:31:36 -05:00
Jon Hart eec5d2ada9 Update description and add link to SIET 2017-08-30 11:52:11 -07:00
Calum Hutton 3b745bd17c Rework the bash, redirect stdout/err to /dev/null 
Dont need the -
 2017-08-30 03:49:30 +01:00
Calum Hutton 9387a765e5 Fix msftidy warns/errs 2017-08-30 03:10:46 +01:00
Calum Hutton 4934023fa5 Use alternate system() payload, dont worry about restarts 
Use nohup and & to background the meterpreter process
 2017-08-30 03:10:46 +01:00
Calum Hutton d53f10554d Configurable restart command 2017-08-30 03:10:46 +01:00
Calum Hutton d0ff2694b3 Restart after payload process ends 2017-08-30 03:10:46 +01:00
Calum Hutton aee44e3bd2 Working meterpreter exploit 
No service restart
 2017-08-30 03:10:46 +01:00
Calum Hutton 7cfb5fcc97 Rename 2017-08-30 03:10:46 +01:00
Calum Hutton 8b67b710fa Add template 2017-08-30 03:10:46 +01:00
Brent Cook 202c936868 Land #8826, git submodule remote command execution 2017-08-29 18:11:32 -05:00
Brent Cook 46eeb1bee0 update style 2017-08-29 17:44:39 -05:00
Pearce Barry d5124fdc94 Land #8759, Add TeamTalk Gather Credentials auxiliary module 2017-08-29 13:17:28 -05:00
Tim 39299c0fb8 randomize submodule path 2017-08-29 16:54:08 +08:00
Brendan Coles c9e32fbb18 Remove last_attempted_at 2017-08-29 05:05:04 +00:00
h00die a40429158f 40% done 2017-08-28 20:17:58 -04:00
Brent Cook 1e8edb377f Land #8873, cleanup enable_rdp, add error handling 2017-08-28 05:50:42 -05:00
Brent Cook 582b2e238e update mettle payload to 0.2.2, add background and single-thread http comms 2017-08-28 05:31:44 -05:00
Brent Cook 15ec40f5c6 update R cached sizes 2017-08-28 05:31:42 -05:00
h00die bd7ea1f90d more updates, 465 more pages to go 2017-08-26 21:01:10 -04:00
james 7dfde651ea Add login scanner module for Inedo BuildMaster 
This module attempts to log into BuildMaster. BuildMaster is an application release automation tool.

More information about BuildMaster:
http://inedo.com/
 2017-08-26 17:56:53 -05:00
Erik Lenoir a8067070f2 Fix typo 2017-08-26 17:52:11 +02:00
William Vu 924c3de9f3 Land #7382, BIND TSIG DoS 2017-08-26 10:42:35 -05:00
William Vu f9a2c3406f Clean up module 2017-08-26 10:41:10 -05:00
h00die 3420633f29 @NickTyrer corrected my correction 2017-08-26 08:43:10 -04:00
Erik Lenoir 801e3e2d68 Replace REXML with Nokogiri and try to cross id with mirror/repository tag 2017-08-25 18:28:09 +02:00
Jon P abaf80f3df jmartin improvements (iter on keys + save as credentials) 2017-08-25 18:15:24 +02:00
h00die 32a4436ecd first round of spelling/grammar fixes 2017-08-24 21:38:44 -04:00
n00py 8f17d536a7 Update phpmailer_arg_injection.rb 
Removed second parameter as it was not necessary.  Only changed needed was to change "send_request_cgi" to "send_request_cgi!"
 2017-08-24 00:29:28 -06:00
n00py c49b72a470 Follow 301 re-direct 
I found that in some cases, the trigger URL cannot be accessed directly.  For example, if the uploaded file was example.php, browsing to "example.php" would hit a 301 re-direct to "/example".  It isn't until hitting "/example" that the php is executed.  This small change will just allow the trigger to follow one 301 redirect.
 2017-08-23 18:53:54 -06:00
Brent Cook 821121d40b Land #8871, improve compatibility and speed of JDWP exploit 2017-08-23 18:53:47 -05:00
Jeffrey Martin cba4d36df2 provide missing bits for R platform 2017-08-23 16:58:48 -05:00
William Vu 4c285c0129 Land #8827, QNAP Transcode Server RCE 2017-08-22 23:07:01 -05:00
Jon Hart 7b18c17445 Appease rubocop 2017-08-22 14:53:21 -07:00
Brent Cook 128949217e more osx 2017-08-22 16:48:09 -05:00
Jon Hart 2969da3d70 Merge branch 'upstream-master' into feature/cisco-smi-scanner 2017-08-22 14:39:44 -07:00
Brent Cook bb120962aa more osx support 2017-08-22 14:01:48 -05:00
Brent Cook 7263c7a66e add 64-bit, osx support 2017-08-22 13:51:28 -05:00
Erik Lenoir be2739d335 Transform loots into creds 2017-08-22 11:57:51 +02:00
Brent Cook 33f2ebc2aa code cleanup 2017-08-21 22:46:30 -05:00
Brent Cook 58e332cc7c only fail if the group sids fail to resolve and we actually have to add a user 2017-08-21 22:36:40 -05:00
Louis Sato e01caac9ed removing slice operators from jdwp_debugger 2017-08-21 16:36:54 -05:00