adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
30,578 Commits 27 Branches 1,043 Tags
aec0067d14313c4e96e98a31323ca5dc4633ac4f
Commit Graph

369 Commits

Author SHA1 Message Date
sinn3r f5916eba6d Move modules/exploits/windows/misc/psh_web_delivery.rb 
This module was scheduled to be removed on 10/23/2014.
Please use exploit/multi/script/web_delivery instead.
 2015-01-26 00:28:40 -06:00
sinn3r bbcc2eb07d Move modules/exploits/windows/misc/pxecploit.rb 
This module was scheduled to be removed on 10/31/2014.
Please use exploits/windows/local/pxeexploit instead.
 2015-01-26 00:25:02 -06:00
sinn3r d45cdd61aa Resolve #4507 - respond_to? + send = evil 
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.

Resolve #4507
 2015-01-02 13:29:17 -06:00
Tod Beardsley d3050de862 Remove references to Redmine in code 
See #4400. This should be all of them, except for, of course, the module
that targets Redmine itself.

Note that this also updates the README.md with more current information
as well.
 2014-12-19 17:27:08 -06:00
sinn3r f25e3ebaaf Fix #4246 - More undef 'payload_exe' in other modules 
Root cause: payload_exe is an accessor in the TFPT command stager
mixin, you need stager_instance in order to retreive that info.
 2014-12-05 11:19:58 -06:00
Jon Hart 52851d59c0 Update GATEWAY to GATEWAY_PROBE_HOST, add GATEWAY_PROBE_PORT 2014-12-04 13:26:16 -08:00
Jon Hart 6bd56ac225 Update any modules that deregistered NETMASK 2014-12-04 13:22:06 -08:00
URI Assassin 35d3bbf74d Fix up comment splats with the correct URI 
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
 2014-10-17 11:47:33 -05:00
sinn3r b17396931f Fixes #3876 - Move pxeexploit to local directory 2014-09-30 17:16:13 -05:00
Meatballs 474ee81807 Merge remote-tracking branch 'upstream/master' into pr2075 2014-07-20 21:01:54 +01:00
William Vu ff6c8bd5de Land #3479, broken sock.get fix 2014-07-16 14:57:32 -05:00
William Vu 25f74b79b8 Land #3484, bad pack/unpack specifier fix 2014-07-16 14:52:23 -05:00
Meatballs 7583ed4950 Merge remote-tracking branch 'upstream/master' into pr2075 2014-07-16 20:34:34 +01:00
Spencer McIntyre 82abe49754 Mark windows/misc/psh_web_delivery as deprecated 2014-07-16 14:02:05 -04:00
HD Moore c9b6c05eab Fix improper use of host-endian or signed pack/unpack 
Note that there are some cases of host-endian left, these
are intentional because they operate on host-local memory
or services.

When in doubt, please use:

```
ri pack
```
 2014-06-30 02:50:10 -05:00
HD Moore 6e8415143c Fix msftidy and tweak a few modules missing timeouts 2014-06-30 00:46:28 -05:00
Spencer McIntyre faa9c11450 Dont deregister an option that is in use 2014-06-28 18:22:17 -04:00
Spencer McIntyre 748589f56a Make cmdstager flavor explicit or from info 
Every module that uses cmdstager either passes the flavor
as an option to the execute_cmdstager function or relies
on the module / target info now.
 2014-06-28 17:40:49 -04:00
HD Moore 3868348045 Fix incorrect use of sock.get that leads to indefinite hang 2014-06-28 15:48:58 -05:00
Spencer McIntyre 4d4c5e5d6e Update two modules to use the new cmd stager 2014-06-27 08:34:56 -04:00
jvazquez-r7 870fa96bd4 Allow quotes in CmdStagerFlavor metadata 2014-06-27 08:34:56 -04:00
jvazquez-r7 91e2e63f42 Add CmdStagerFlavor to metadata 2014-06-27 08:34:55 -04:00
jvazquez-r7 d47994e009 Update modules to use the new generic CMDstager mixin 2014-06-27 08:34:55 -04:00
Christian Mehlmauer 8e1949f3c8 Added newline at EOF 2014-06-17 21:03:18 +02:00
jvazquez-r7 b9464e626e Delete unnecessary line 2014-05-21 10:18:03 -05:00
jvazquez-r7 af415c941b [SeeRM #8803] Avoid false positives when checking fb_cnct_group 2014-05-20 18:44:28 -05:00
Christian Mehlmauer 557cd56d92 fixed some ruby warnings 2014-05-10 23:31:02 +02:00
Meatballs 5d9bc71e97 Update hp_dataprotector 2014-04-19 19:16:17 +01:00
Meatballs 38d8df4040 Merge remote-tracking branch 'upstream/master' into pr2075 
Conflicts:
	modules/exploits/windows/local/wmi.rb
 2014-04-15 22:06:45 +01:00
Tod Beardsley 062175128b Update @Meatballs and @FireFart in authors.rb 2014-04-09 10:46:10 -05:00
sinn3r d7ca537a41 Microsoft module name changes 
So after making changes for MSIE modules (see #3161), I decided to
take a look at all MS modules, and then I ended up changing all of
them. Reason is the same: if you list modules in an ordered list
, this is a little bit easier to see for your eyes.
 2014-03-28 20:56:53 -05:00
Tod Beardsley d27264b402 Land #2782, fix expand_path abuse 2014-03-19 08:41:28 -05:00
William Vu 517f264000 Add last chunk of fixes 2014-03-11 12:46:44 -05:00
OJ 3ea3968d88 Merge branch 'upstream/master' into stop_abusing_expand_path 
Conflicts:
	lib/msf/core/post/windows/shadowcopy.rb
	modules/exploits/windows/local/bypassuac.rb
	modules/post/windows/gather/wmic_command.rb
	modules/post/windows/manage/persistence.rb
 2014-03-11 23:13:39 +10:00
Brendan Coles df2bdad4f9 Include 'msf/core/exploit/powershell' 
Prevent:

```
[-] 	/pentest/exploit/metasploit-framework/modules/exploits/windows/misc/hp_dataprotector_exec_bar.rb: NameError uninitialized constant Msf::Exploit::Powershell
```
 2014-03-06 12:57:43 +11:00
sinn3r 9d0743ae85 Land #3030 - SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write 2014-03-05 16:34:54 -06:00
bcoles 1ea35887db Add OSVDB reference 2014-03-06 01:40:15 +10:30
jvazquez-r7 4e9350a82b Add module for ZDI-14-008 2014-03-05 03:25:13 -06:00
bcoles f008c77f26 Write payload to startup for Vista+ 2014-03-02 18:10:10 +10:30
bcoles a29c6cd2b4 Add SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write 2014-02-25 02:57:25 +10:30
Meatballs a00481beb4 Auto target psexec/psh_web 2014-02-09 11:47:15 +00:00
Meatballs c37cb5075c Merge remote-tracking branch 'upstream/master' into pr2075 2014-02-08 22:11:31 +00:00
jvazquez-r7 9db295769d Land #2905, @wchen-r7's update of exploit checks 2014-01-24 16:49:33 -06:00
sinn3r cdc425e4eb Update some checks 2014-01-24 12:08:23 -06:00
Tod Beardsley b3b51eb48c Pre-release fixup 
* Updated descriptions to be a little more descriptive.

  * Updated store_loot calls to inform the user where the
loot is stored.

  * Removed newlines in print_* statments -- these will screw
up Scanner output when dealing with multiple hosts.

Of the fixed newlines, I haven't see any output, so I'm not sure what
the actual message is going to look like -- I expect it's a whole bunch
of newlines in there so it'll be kinda ugly as is (not a blocker for
this but should clean up eventually)
 2014-01-21 13:29:08 -06:00
sinn3r e5dc6a9911 Update exploit checks 
Progress group 1: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
 2014-01-20 14:26:10 -06:00
jvazquez-r7 c670259539 Fix protocol handling 2014-01-17 00:49:44 -06:00
jvazquez-r7 eaf1b0caf6 Add minor clean up 2014-01-16 17:55:45 -06:00
jvazquez-r7 f3c912bd32 Add module for ZDI-14-003 2014-01-16 17:49:49 -06:00
OJ 1cb671b02e Merge branch 'adjust_getenv_api' into stop_abusing_expand_path 2014-01-03 08:14:02 +10:00