adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
30,019 Commits 27 Branches 1,043 Tags
e90e98547b84f0dbbb51140edc4d3932af04db9c
Commit Graph

15693 Commits

Author SHA1 Message Date
rastating e90e98547b Add configurable timeout to WordPress login 2015-01-07 17:06:31 +00:00
rastating 92015ac124 Replace custom login with wordpress_login mixin 2015-01-04 23:07:07 +00:00
rastating 39412c4a48 Add WordPress long password DoS module 2015-01-04 18:50:23 +00:00
sinn3r d45cdd61aa Resolve #4507 - respond_to? + send = evil 
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.

Resolve #4507
 2015-01-02 13:29:17 -06:00
Tod Beardsley c1718fa490 Land #4440, git client exploit from @jhart-r7 
Also fixes #4435 and makes progress against #4445.
 2015-01-01 13:18:43 -06:00
Tod Beardsley d7564f47cc Move Mercurial option to advanced, update ref url 
See #4440
 2015-01-01 13:08:36 -06:00
Tod Beardsley 914c724abe Rename module 
See rapid7#4440
 2015-01-01 13:03:17 -06:00
Jon Hart 65977c9762 Add some more useful URLs 2014-12-31 10:54:04 -08:00
Tod Beardsley 264d3f9faa Minor grammar fixes on modules 2014-12-31 11:45:14 -06:00
Spencer McIntyre 6d966dbbcf Land #4203, @jvazquez-r7's cleanup for java_rmi_server 2014-12-31 11:25:19 -05:00
sinn3r 48919eadb6 Land #4444 - i-FTP BoF 2014-12-30 12:38:28 -06:00
William Vu 4fd4d51d78 Land #4485, Drupageddon greedy regex fix 2014-12-30 10:16:57 -06:00
Christian Mehlmauer 96fe693c54 update drupal regex 2014-12-30 09:12:39 +01:00
sinn3r 555713b6ae Land #4456 - MS14-068, Kerberos Checksum (plus krb protocol support) 2014-12-29 16:09:28 -06:00
sinn3r f2130311fa Add the MSF blog reference 2014-12-29 16:08:35 -06:00
Tod Beardsley 1dd9d60e34 Land #4461, Android cookie database theft 
`
Thanks @jvennix-r7!
 2014-12-29 08:15:21 -06:00
Tod Beardsley d10222365b Add Rafay's blog as a reference 2014-12-29 08:12:19 -06:00
Tod Beardsley 1236684954 Use get_uri instead, note lack of Rex::Text method 
See rapid7#4461
 2014-12-28 15:06:34 -06:00
Tod Beardsley 788e315fd4 Fix msftidy warnings 2014-12-28 14:53:29 -06:00
Borja Merino 9791acd0bf Add stager ipknock shellcode (PR 2) 2014-12-27 22:03:45 +01:00
jvazquez-r7 655cfdd416 Land #4321, @wchen-r7's fixes #4246 ms01_026_dbldecode undef method 2014-12-26 12:48:29 -06:00
Jon Hart 51049152b6 Use Rex::Text.rand_mail_address for more realistic fake commit 2014-12-26 10:39:52 -08:00
jvazquez-r7 c1b0385a4b Land #4460, @Meatballs1's ssl cert validation bypass on powershell web delivery 2014-12-26 12:07:45 -06:00
jvazquez-r7 2bed52dcd5 Land #4459, @bcoles's ProjectSend Arbitrary File Upload module 2014-12-26 11:28:42 -06:00
jvazquez-r7 b5b0be9001 Do minor cleanup 2014-12-26 11:24:02 -06:00
jvazquez-r7 85ab11cf52 Use print_warning consistently 2014-12-26 09:54:38 -06:00
jvazquez-r7 f31a2e070e Use print_warning to print the Kerberos error 2014-12-26 09:22:09 -06:00
jvazquez-r7 d148848d31 Support Kerberos error codes 2014-12-24 18:05:48 -06:00
jvazquez-r7 121c0406e9 Beautify restart_command creation 2014-12-24 15:52:15 -06:00
jvazquez-r7 43ec8871bc Do minor c code cleanup 2014-12-24 15:45:38 -06:00
jvazquez-r7 92113a61ce Check payload 2014-12-24 15:43:49 -06:00
jvazquez-r7 36ac0e6279 Clean get_restart_commands 2014-12-24 14:55:18 -06:00
jvazquez-r7 92b3505119 Clean exploit method 2014-12-24 14:49:19 -06:00
jvazquez-r7 9c4d892f5e Use single quotes when possible 2014-12-24 14:37:39 -06:00
jvazquez-r7 bbbb917728 Do style cleaning on metadata 2014-12-24 14:35:35 -06:00
jvazquez-r7 af24e03879 Update from upstream 2014-12-24 14:25:25 -06:00
Gabor Seljan 0b85a81b01 Use REXML to generate exploit file 2014-12-24 19:23:28 +01:00
Mark Judice 30228bcfe7 Added underscore to user regex in smart_hashdump.rb to support usernames that contain underscores. Issue #4349. 2014-12-23 22:36:11 -06:00
Jon Hart a692656ab7 Update comments to reflect reality, minor cleanup 2014-12-23 19:09:45 -08:00
jvazquez-r7 ebb05a64ea Land #4357, @Meatballs1 Kerberos Support for current_user_psexec 2014-12-23 20:38:31 -06:00
jvazquez-r7 89d0a0de8d Delete unnecessary connect 2014-12-23 19:35:59 -06:00
jvazquez-r7 265e0a7744 Upper case domain 2014-12-23 19:16:50 -06:00
jvazquez-r7 ed2d0cd07b Use USER_SID instead of DOMAIN_SID and USER_RID 2014-12-23 19:11:05 -06:00
Joe Vennix 8d73794cc8 Add hint for exploit on old devices. 2014-12-23 12:29:08 -06:00
Jon Hart 59f75709ea Print out malicious URLs that will be used by default 2014-12-23 10:10:31 -08:00
Jon Hart 905f483915 Remove unused and commented URIPATH 2014-12-23 09:40:27 -08:00
Jon Hart 8e57688f04 Use random URIs by default, different method for enabling/disabling Git/Mercurial 2014-12-23 09:39:39 -08:00
Jon Hart bd3dc8a5e7 Use fail_with rather than fail 2014-12-23 08:20:03 -08:00
Jon Hart 015b96a24a Add back perl and bash related payloads since Windows git will have these and OS X should 2014-12-23 08:13:00 -08:00
Meatballs 16302f752e Enable generic command 2014-12-23 14:22:26 +00:00