adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
42,672 Commits 27 Branches 1,043 Tags
c1372456e20380ea9dfd8b930b697b4bfa427cff
Commit Graph

10402 Commits

Author SHA1 Message Date
James Lee 55f0edb732 Land #8491, fixes for service_persistence 2017-06-13 17:17:53 -05:00
Jeffrey Martin cbbb57d1a5 Land #8526, Refactor QNAP and airOS modules for creds 2017-06-12 14:46:11 -05:00
Stephen Shkardoon (ss23) a968a74ae0 Update ms17_010_eternalblue description and ranking. 
The module has been noted to cause crashes, reboots, BSOD, etc, on
some systems.
 2017-06-09 11:01:48 +12:00
Brent Cook aa00661fd0 Land #8518, update CVE references where modules report_vuln 2017-06-08 13:38:12 -05:00
William Vu 3e20296cf5 Add service_details for SSH 2017-06-08 13:28:29 -05:00
William Vu e22334343e Use store_valid_credential in my modules 
I used report_note because using the creds API was a pain in the ass.
 2017-06-08 00:57:51 -05:00
bwatters-r7 99fa52e660 Land #8434, Add Windows 10 Bypassuac fodhelper module 2017-06-07 11:15:01 -05:00
Brent Cook bac17a8e80 Land #8053, Add DC/OS Marathon UI Exploit 2017-06-06 09:29:26 -05:00
Jeffrey Martin 1558db375d update CVE reference in where modules report_vuln 2017-06-05 16:36:44 -05:00
bwatters-r7 f47cc1a101 Rubocop readability changes 2017-06-05 14:32:45 -05:00
Jeffrey Martin 2924318ca5 update java_rmi_server modules with CVE 2017-06-02 12:59:48 -05:00
h00die 361cc2dbeb fix newline issue and service call 2017-05-30 22:37:26 -04:00
h00die f98b40d038 adds check on service writing before running it 2017-05-30 22:14:49 -04:00
David Maloney d5e74ffdf3 Merge branch 'master' into feature/eternal_blue/rubysmb_refactor 2017-05-30 13:59:31 -05:00
David Maloney a5f910ea63 move trans2 conditional to case statement 
this is cleaner as a case statement
 2017-05-30 13:52:29 -05:00
David Maloney b65c959347 limited port of the trans2 exploit packets 
ported some of the Trans2 packets for EternalBlue
over to RubySMB, but there is so much jacked up about these
packets I'm not sure we can do much more here
 2017-05-30 13:49:27 -05:00
William Vu 72ff4fbf48 Reword warning message, since it didn't make sense 2017-05-30 13:13:08 -05:00
William Vu 890d35cc30 Fix warning placement to be more helpful 2017-05-30 13:06:23 -05:00
David Maloney e9ac3fce5a update credential mode for EB exploit 
ExternalBlue can now just flat out take
credentials to authenticate with. If credentials
are not supplied then it will still do the
anonymous login.
 2017-05-30 10:55:28 -05:00
wolfthefallen 9c93aae412 Removed self.class from register 2017-05-30 10:07:07 -04:00
wolfthefallen bac23757a4 Updated based on busterb comments 2017-05-30 09:33:03 -04:00
Brent Cook beb1cef835 rescue connection failure for netbios, suggest how to fix it 2017-05-30 08:06:39 -05:00
Brent Cook ea6063138a Land #8476, Implement VerifyArch for ETERNALBLUE 2017-05-30 00:31:32 -05:00
Brent Cook a01a2ead1a Land #8467, Samba CVE-2017-7494 Improvements 2017-05-30 00:15:03 -05:00
Brent Cook 28fb5cc7da spelling 2017-05-30 00:14:33 -05:00
Brent Cook e31e3fc545 add additional architectures and targets 2017-05-30 00:07:37 -05:00
William Vu a781480e89 Add error handling to get_once 
And check for specific ack result/reason for 32-bit.
 2017-05-29 22:28:50 -05:00
William Vu 6e253a5be7 Use Rex::Proto::DCERPC::Response 2017-05-29 21:58:03 -05:00
William Vu 42b14a93b8 Add comments 2017-05-28 23:45:09 -05:00
William Vu 7a2944d113 Implement VerifyArch for ETERNALBLUE 2017-05-28 23:26:59 -05:00
HD Moore 66f06cd4e3 Fix small typos in comments 2017-05-28 14:40:33 -05:00
HD Moore 965915eb19 Fix typo, thanks! 2017-05-27 22:22:34 -05:00
HD Moore 38491fd7ba Rename payloads with os+libc, shrink array inits 2017-05-27 19:50:31 -05:00
HD Moore f9ecdf2b4d Add some bonus archs for interact mode 2017-05-27 17:26:50 -05:00
HD Moore 41253ab32b Make msftidy happy 2017-05-27 17:17:20 -05:00
HD Moore 184c8f50f1 Rework the Samba exploit & payload model to be magic. 2017-05-27 17:03:01 -05:00
HD Moore 78d649232b Remove obsolete module options 2017-05-26 21:21:05 -05:00
HD Moore 123a03fd21 Detect server-side path, work on Samba 3.x and 4.x 2017-05-26 17:02:18 -05:00
David Maloney ee5f37d2f7 remove nt trans raw sock op 
don't send the nt transact packet as raw
socket data, instead use the client send_recv
method
 2017-05-26 15:50:18 -05:00
William Webb d4ba28a20b Land #8457, Update multi/fileformat/office_word_macro to allow custom templates 2017-05-26 15:09:23 -05:00
David Maloney f0f99ad479 nttrans packet setup correctly,everything broken 
got the nttrans packet setup correctly but somewhere
along the line i broke the whole exploit wtf?
 2017-05-26 14:54:46 -05:00
wchen-r7 162a660d45 Remove the old windows/fileformat/office_word_macro 
windows/fileformat/office_word_macro.rb has been deprecated and
it should have been removed on March 16th.

If you want to create a Microsoft Office macro exploit, please
use the multi/fileformat/office_word_macro exploit instead, which
supports multiple platforms, and will support template injection.
 2017-05-26 07:33:46 -05:00
wchen-r7 04a701dba5 Check template file extension name 2017-05-26 07:31:34 -05:00
HD Moore 072ab7291c Add /tank (from ryan-c) to search path 2017-05-26 06:56:41 -05:00
wchen-r7 2835c165d7 Land #8390, Add module to execute powershell on Octopus Deploy server 2017-05-25 17:33:07 -05:00
wchen-r7 330526af72 Update check method 2017-05-25 17:30:58 -05:00
William Vu ae22b4ccf4 Land #8450, Samba is_known_pipename() exploit 2017-05-25 16:36:28 -05:00
HD Moore 1474faf909 Remove ARMLE for now, will re-PR once functional 2017-05-25 16:14:35 -05:00
HD Moore 2ad386948f Small cosmetic typo 2017-05-25 16:10:37 -05:00
HD Moore 18a871d6a4 Delete the .so, add PID bruteforce option, cleanup 2017-05-25 16:03:14 -05:00