adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
45,195 Commits 27 Branches 1,043 Tags
db69f6fcf37f4be79f72b7bb37debf9e5f0f2fcd
Commit Graph

23495 Commits

Author SHA1 Message Date
Alex Gonzalez db69f6fcf3 fixed EOL spaces 
fixed EOL spaces
 2018-03-08 17:17:43 -05:00
Alex Gonzalez 7300634948 Fixed exception handling in jira_plugin_upload.rb 
Corrected nil response handling in get_ functions as well as removed redundant payload type check
 2018-03-08 17:06:24 -05:00
Alex Gonzalez 624f1afb31 Fixed errors in jira_plugin_upload.rb 
Added default port 2990 to arguments, removed unnecessary variables in HTTP requests, added good_cookie variable, and included null response check in check method
 2018-02-26 11:09:47 -05:00
Alex Gonzalez b43eac624e Add Jira Authenticated Plugin Upload Module 
Add Jira Authenticated Plugin Upload Module
 2018-02-22 10:43:36 -05:00
Jacob Robles 738d6ab33a Land #9604, Fix logged errors when running without Python 3.6 / gmpy2 2018-02-22 08:11:30 -06:00
Brent Cook 99e278fa29 Land #9584, Fix reverse_php_ssl infinite loop 2018-02-22 07:03:52 -06:00
Trevor Sibanda 77b3673e38 Fix reverse_php_ssl infinite loop 2018-02-22 08:42:54 +00:00
Brent Cook 7e665ab287 check for extra libraries explicitly, fail gracefully 2018-02-21 21:54:58 -06:00
William Vu 3880f6a65e Finally fix "Unknown admin user ''" after 2yrs 
The failed password auth was necessary after all. I misread the PoC. :'(

Apparently the password auth sets the username, while the backdoored
keyboard-interactive auth sets the password.
 2018-02-21 20:44:35 -06:00
William Vu cc2495dd9c Explain fortinet-backdoor -> FortinetBackdoor 2018-02-21 17:05:30 -06:00
William Vu a5d78b82d4 Add require for Net::SSH::CommandStream 2018-02-21 15:51:53 -06:00
William Vu 854ac67b8e Use start_session in fortinet_backdoor 
Still get "Unknown admin user ''" from a shell channel request,
@busterb's more complete implementation notwithstanding.

Hoping we fix this in a subsequent commit or related PR.

Please see #6612 and #9524.
 2018-02-21 15:33:34 -06:00
Brent Cook 78822fd799 Land #9524, prefer 'shell' channels over 'exec' channels for ssh CommandStream 2018-02-21 06:59:09 -06:00
William Vu 9cbc55ce40 Land #9593, finger_users regex fix 2018-02-21 01:27:40 -06:00
Aaron Soto bda7fefa7f Land #9444 - hsts_eraser module and docs 2018-02-20 21:22:55 -06:00
Jacob Robles b2cb4c425d Land #9594, CloudMe Sync v1.10.9 Buffer Overflow 2018-02-20 17:49:19 -06:00
Jacob Robles 6a62ca15e7 Remove NOPS 
[ticket: #9594]
 2018-02-20 17:40:33 -06:00
Daniel Teixeira 745ad4d727 CloudMe Sync Client BoF 2018-02-20 21:57:13 +00:00
James Lee d6206dc046 Better regex in finger_users 2018-02-20 15:48:00 -06:00
Jacob Robles 107a41a4ce Land #9561, Disk Savvy Enterprise v10.4.18 built-in server buffer overflow 2018-02-20 15:42:12 -06:00
Jacob Robles d02bf40d69 Modified Exploit 
Remove NOPS that weren't needed and freed up space for a larger payload.

[ticket: #9561]
 2018-02-20 15:35:43 -06:00
Brent Cook 05e002e3c5 Land #9366, Add x64 staged Meterpreter for macOS 2018-02-19 23:15:03 -06:00
Brent Cook 69c7e83a55 Land #9164, add OWA 2016 support 2018-02-19 23:12:27 -06:00
Chris Higgins 74c6e21f49 Lands #9504, MagniComp SysInfo privilege escalation 2018-02-19 22:47:33 -06:00
Brent Cook 56c00a8cb6 initial OWA 2016 support 2018-02-19 21:43:49 -06:00
Brent Cook ac7fe99a2b specify a python encoding for the module 2018-02-16 16:17:52 -06:00
Brent Cook 242f2d3117 Land #9512, Add Claymore Dual GPU Miner<= 10.5 DoS module 2018-02-16 10:46:48 -06:00
Brent Cook 25d2b551d8 Land #9539, add bind_named_pipe transport to Windows meterpreter 2018-02-15 17:39:32 -06:00
Brent Cook d28f6888b2 bump payloads, include bind_named_pipe support 2018-02-15 17:37:33 -06:00
Wei Chen b533ec6019 Land #9509, Ulterius Server < v1.9.5.0 Directory Traversal 
Land #9509
 2018-02-15 16:34:31 -06:00
Wei Chen 949b474a0a Avoid target_uri.path 
It doesn't look like target_uri.path is suitable for this scenario,
because it causes our input to be modified and hard to use.
 2018-02-15 16:31:09 -06:00
Brent Cook 38b03fdfff Merge branch 'upstream-master' into land-9539- 2018-02-15 16:22:13 -06:00
Wei Chen 5467f4c97e Add header 2018-02-15 16:19:54 -06:00
Brent Cook c4c864f391 Land #9558, Fix #9417, map timeout exp to a var for telnet_encrypt_overflow 2018-02-15 15:54:23 -06:00
Brent Cook 67dc579fd3 update magic numbers 2018-02-15 15:10:26 -06:00
Daniel Teixeira 651ddbb7eb Disk Savvy Server Buffer Overflow 2018-02-15 10:09:07 +00:00
Daniel Teixeira 929027ab96 Disk Savvy Server Buffer Overflow 2018-02-14 20:35:32 +00:00
Wei Chen ef948ccc38 Fix #9417, map timeout exp to a var for telnet_encrypt_overflow 
Fix #9417
 2018-02-14 09:19:28 -06:00
HD Moore 7cfc17860d udp_probe is necessary for pivot scans 2018-02-14 08:45:46 -06:00
HD Moore ef13f01820 Remove actually deprecated modules 2018-02-14 08:43:20 -06:00
HD Moore 234f5a316b Revert "Remove old deprecated modules" 
This reverts commit a2c5cc0ffb.
 2018-02-14 08:42:44 -06:00
Spencer McIntyre 5063415b79 Land #9552, add private_type for stored tomcat pw 
Fixes #9513
 2018-02-13 19:25:27 -05:00
Jeffrey Martin 3811665b69 Land #7699, Add UDP handlers and payloads (redux) 2018-02-13 14:50:09 -06:00
Jeffrey Martin d56111a33c update cache sizes from new tests 2018-02-13 14:34:21 -06:00
Wei Chen fbeba8bfd2 Fix #9513, Add private_type to be able to store password for Tomcat 
If there is no :private_type, the create_credential method in
Metasploit::Credential::Creation will quietly skip the password,
which makes it look like a bug when the user is trying to view
the password from the creds command.

Fix #9513
 2018-02-13 14:31:56 -06:00
Jeffrey Martin 2221779ddd update package namespaces 2018-02-13 13:33:36 -06:00
Agahlot de24451035 Correct Typo 2018-02-13 15:57:09 +05:30
follower ecb5fffb0b Typo fix: "withint" --> "within" 2018-02-13 06:20:57 +13:00
UserExistsError bad1429989 reverted CachedSize values 2018-02-11 19:07:41 -07:00
UserExistsError 8ae8a0d94b added bind_named_pipe payload 2018-02-11 18:56:50 -07:00