adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
44,717 Commits 27 Branches 1,043 Tags
a87ae41d81d680b3ea202ff3c59ff3c052d273a7
Commit Graph

23292 Commits

Author SHA1 Message Date
Brendan Coles fa4fae3436 Cleanup auxiliary/scanner/msf/msf_rpc_login 2017-08-14 06:34:04 +00:00
Brent Cook 59086af261 Land #8771, rewrite linux x64 stagers with Metasm 2017-08-14 02:32:29 -04:00
Brent Cook 26193216d1 Land #8686, add 'download' and simplified URI request methods to http client mixin 
Updated PDF author metadata downloader to support the new methods.
 2017-08-14 01:40:17 -04:00
Brent Cook 7d4561e0fd rename to download_log to avoid conflicting with the mixin 2017-08-14 01:10:37 -04:00
Brent Cook 5d05ca154a added http client 'download' method and updates to pdf author module from @bcoles 2017-08-14 01:08:53 -04:00
Brendan Coles 0a374b1a88 Add QNAP Transcode Server Command Execution exploit module 2017-08-13 09:13:56 +00:00
Patrick Thomas 25764397ba Update CachedSizes for changed nodejs payloads 
Fixes test failures
 2017-08-12 23:21:54 -07:00
Tim 7881a7ddc4 git submodule command exec 2017-08-13 11:47:44 +08:00
zerosum0x0 ecfe3d0235 added optional DoublePulsar check 2017-08-11 11:36:59 -06:00
Pearce Barry bb5fffebc4 Land #8796, SMBLoris Denial of Service Module. 2017-08-09 16:24:55 -05:00
Pearce Barry 901a1fdd1b Minor tweaks. 2017-08-09 15:44:32 -05:00
Jon Hart 1b6acd768e Land #8817, fixing @jhart-r7's ruby 2.2 blunder 2017-08-09 13:19:20 -07:00
Christian Mehlmauer 1b6b29c22b fix error with rdp scanníng 2017-08-09 21:32:15 +02:00
thesubtlety 7e860571ae fix bug where api_token auth was being used without token being set 2017-08-09 12:30:26 -04:00
thesubtlety 9bb102d72d add jenkins v2 cookie support 2017-08-09 12:29:31 -04:00
bwatters-r7 dd79aa3afb Land #8627, Add post module multi/gather/jenkins 2017-08-09 10:43:21 -05:00
Brent Cook 0ac19087cd Land #8720, add resiliency (retries + sleep) to linux x86 stagers 2017-08-08 19:36:47 -05:00
William Vu 3396afb41a Add IP and port (peer) to print_brute messages 2017-08-08 15:46:40 -05:00
William Vu 39e59805f9 Fix annoying print_brute messages in ssh_login 2017-08-08 15:15:23 -05:00
David Maloney 67e86da50b make SMBLoris run continuously as requested 
as per ZeroSum's request the module now runs
continuously, refreshing the connections on every pass
until manually killed
 2017-08-08 10:16:16 -05:00
Agora Security 2fab8f5d2a Fix Spaces at EOL 2017-08-07 16:39:16 -04:00
Agora Security 663824de85 Fix indentation, fix how locations adds values and remove unnecesary code 2017-08-07 13:16:27 -04:00
Pearce Barry cfd377fbd4 Support padding on the CAN bus. 
Also use a hash for passing options around instead of individual params.
 2017-08-06 18:05:59 -05:00
james b8d794cc37 Identify systemd-nspawn containers in checkcontainer 
Check the value of the "container" environment variable:
 - "lxc" indicates a LXC container
 - "systemd-nspawn" indicates a systemd nspawn container
 2017-08-06 00:46:09 -05:00
james 9858147dae Add module to detect Docker and LXC containers 
Detect Docker by:
 - Presence of .dockerenv file.
 - Finding "docker" in /proc/1/cgroup
Detect LXC by:
 - Finding "lxc" in /proc/1/cgroup
 2017-08-05 18:59:36 -05:00
Martin Pizala 2383afd8dc Fix improved error handling 2017-08-04 23:42:44 +02:00
David Maloney 289f03241b add module documentation 
add module docs for the new smbloris DoS
 2017-08-04 16:10:44 -05:00
David Maloney 15cc2a9dc0 removedthreading stuff, tried keepalives 
still seem to be topping out at
about 1.3GB allocated
 2017-08-04 15:28:01 -05:00
Brent Cook 7ce813ae6e Land #8767, Add exploit module for CVE-2017-8464 
LNK Code Execution Vulnerability
 2017-08-03 17:10:16 -05:00
Brent Cook da3ca9eb90 update some documentation 2017-08-03 17:09:44 -05:00
David Maloney e73ffe648e tried adding supervisor model to smbloris 
tried to overcome issues with slowdown
around the 4500 connection mark by using the
supervisor pattern to terminate the threads on
the backend. this seems to get us further, but we still
hit a slowdown and the allocations die out before
we hit any serious usage
 2017-08-03 14:19:35 -05:00
David Maloney c9da2d56b9 first pass at SMBLoris DoS module 
the first pass on the DoS module for SMBLoris
running into issues with it topping out around 600MB
 2017-08-03 11:32:57 -05:00
Brent Cook ddd841c0a8 code style cleanup + add automatic targeting based on payload 2017-08-03 00:27:54 -05:00
Brent Cook b62429f6fa handle drive letters specified like E: nicely 2017-08-03 00:27:22 -05:00
Yorick Koster 46ec04dd15 Removed This PC ItemID & increased timeout in WaitForSingleObject 
Remove the This PC ItemID to bypass (some) AV.

Timeout for WaitForSingleObject is set to 2,5s. After this timeout a
mutex is released allowed a new payload to be executed.
 2017-08-02 15:47:22 -05:00
Yorick Koster e51e1d9638 Added new DLL templates to prevent crashing of Explorer 2017-08-02 15:47:21 -05:00
Yorick Koster 3229320ba9 Code review feedback from @nixawk 2017-08-02 15:46:51 -05:00
Yorick Koster 565a3355be CVE-2017-8464 LNK Remote Code Execution Vulnerability 
This module exploits a vulnerability in the handling of Windows
Shortcut files (.LNK) that contain a dynamic icon, loaded from a
malicious DLL.

This vulnerability is a variant of MS15-020 (CVE-2015-0096). The
created LNK file is similar except in an additional
SpecialFolderDataBlock is included. The folder ID set in this
SpecialFolderDataBlock is set to the Control Panel. This is enought to
bypass the CPL whitelist. This bypass can be used to trick Windows into
loading an arbitrary DLL file.
 2017-08-02 15:46:30 -05:00
Martin Pizala b78cb12546 Ruby 2.2 support. See #8792 2017-08-02 18:06:48 +02:00
Jon P adbeab81da Avoid exceptions 2017-08-02 15:03:36 +02:00
Brent Cook 6f97e45b35 enable Ruby 2.2 compat checks in Rubocop, correct multi/handler compat 2017-08-02 06:18:02 -05:00
OJ 54ded4300e Land #8791 - Update Accuvant refs to point to Optiv 2017-08-02 13:26:52 +10:00
TC Johnson 8989d6dff2 Modified Accuvant bog posts to the new Optive urls 2017-08-02 13:25:17 +10:00
Brent Cook bb2304a2d1 Land #8769, improve style, compatibility, for ssh modules 2017-08-01 21:43:32 -05:00
Brent Cook 1d75a30936 update style for other ssh exploits 2017-08-01 16:05:25 -05:00
Brent Cook 8c9fb1d529 remove unneeded netssh checks in modules 2017-08-01 14:46:10 -05:00
Brent Cook 4395f194b1 fixup style warnings in f5 bigip privkey exploit 2017-08-01 14:45:05 -05:00
Brent Cook e61cccda0b Land #8779, Adding error handler for ms17-010 exploit where SMBv1 is disabled 2017-08-01 14:00:12 -05:00
OJ 6ee5d83a15 Add the COM hijack method for bypassing UAC 2017-07-31 14:26:39 +10:00
Professor-plum 055d64d32b Fixed to modules as suggested from upstream 
fixed typo in xtreme.rb when communicating with C&C
removed self.class from options on all three modules
added line to log path where loot has been stored in xtreme.rb
 2017-07-30 10:14:05 -06:00