adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
28,875 Commits 27 Branches 1,043 Tags
e9750e2df8c3b134b8167a3f0c3dabdc07d4e50e
Commit Graph

15184 Commits

Author SHA1 Message Date
Jon Hart e9750e2df8 Minor style/usability cleanups 2014-11-24 06:57:31 -08:00
tate 9828598cb7 removing timeout method and option 2014-11-22 00:28:56 -07:00
tate 57b04f96a7 working with DLSw protocol check 2014-11-21 23:54:00 -07:00
tate b9a274f869 improving DLSw detection 2014-11-21 18:58:02 -07:00
tate a4a1048f95 modified to get data collection off sock working 2014-11-19 11:17:58 -07:00
Jon Hart 7d6e7a6bfa Minor Ruby style and module usability cleanup 2014-11-18 16:33:05 -08:00
tate 6b8b49ff98 improving metasploit module based on feedback 2014-11-18 15:03:18 -07:00
tate 703e0486fb Add DLSw leak capture module for CVE-2014-7992 2014-11-17 20:35:54 -07:00
jvazquez-r7 7daedac399 Land #3972 @jhart-r7's post gather module for remmina Remmina 
* Gather credentials managed with Remmina
 2014-11-17 16:44:41 -06:00
jvazquez-r7 45d219c0d8 Land #4102, @jhart-r7's fix for nbns_response 
* Use request src_port instead of 137
 2014-11-17 15:46:38 -06:00
Tod Beardsley 286827c6e5 Land #4186, Samsung KNOX exploit. Ty @jvennix-r7! 2014-11-17 13:29:39 -06:00
Tod Beardsley 39980c7e87 Fix up KNOX caps, descriptive description 2014-11-17 13:29:00 -06:00
Tod Beardsley 0f41bdc8b8 Add an OSVDB ref 2014-11-17 13:26:21 -06:00
jvazquez-r7 54de805b7a Report credentials 
* Even when we are not associating them to hosts
* It's a post module so maybe we cannot solve some names
 2014-11-17 12:49:18 -06:00
jvazquez-r7 b3b37c7c9f Use longer description lines 2014-11-17 12:23:22 -06:00
jvazquez-r7 145e610c0f Avoid shadowing new method 2014-11-17 12:22:30 -06:00
William Vu fd53e969fd Land #4217, browser_autopwn variable fix 2014-11-17 11:46:52 -06:00
William Vu 405eae4b6e Remove EOL whitespace 2014-11-17 11:46:36 -06:00
jvazquez-r7 20195e7f37 Update from upstream/master 2014-11-17 11:43:48 -06:00
William Vu 91ba25a898 Land #4208, psexec delay fix 2014-11-17 11:35:56 -06:00
jvazquez-r7 2c36f79934 Land #4165, @jhart-r7's check for datastore options on Cisco dtp 
* Fix modules/auxiliary/spoof/cisco/dtp
* Just one of the two options is required
 2014-11-17 11:23:31 -06:00
Jon Hart d5afb2b766 %q 2014-11-17 09:01:14 -08:00
Jon Hart ce73e32673 Doc and named captures 2014-11-17 09:01:14 -08:00
Jon Hart bf05fe1389 Refactoring, simplification, better print_* 2014-11-17 09:01:14 -08:00
Jon Hart 6e1cdfde36 Rip out create_credential* stuff. Use what works 2014-11-17 09:01:14 -08:00
Jon Hart e5bb13a609 If remmina config files are missing data for creds, tell me what 2014-11-17 09:01:14 -08:00
Jon Hart 875d1f9ea0 Convert Remmina credential gatherer to use new credentials model 2014-11-17 09:01:14 -08:00
Jon Hart 086f0c02d6 Remove excessive logging 2014-11-17 09:01:14 -08:00
Jon Hart 90e58e9e71 Binary encoding 2014-11-17 09:01:14 -08:00
Jon Hart e76373340e Correct some Rubocop things that I agree with 2014-11-17 09:01:14 -08:00
Jon Hart f729a6cf02 Add Remmina RDP/SSH/VNC password gathering 2014-11-17 09:01:13 -08:00
Joe Vennix cd61975966 Change puts to vprint_debug. 2014-11-17 10:13:13 -06:00
Joe Vennix fc1635e80a Fix BAP JS ref error. 2014-11-17 10:06:15 -06:00
Joe Vennix 2a24151fa8 Remove BAP target, payload is flaky. Add warning. 2014-11-17 02:02:37 -06:00
HD Moore 9fe4994492 Chris McNab has been working with MITRE to add these CVEs 
These CVEs are not live yet, but have been confirmed by cve-assign
t
 2014-11-16 18:42:53 -06:00
Joe Vennix 5de69ab6a6 minor syntax fixes. 2014-11-15 21:39:37 -06:00
Joe Vennix 3fb6ee4f7d Remove dead constant. 2014-11-15 21:38:11 -06:00
Joe Vennix 7a62b71839 Some URL fixes from @jduck and exploit ideas from Andre Moulu. 
The exploit works with the URLs fixed, installs the APK, but hangs at the Installing...
screen and never actually launches. We tried opening the APK in a setTimeout() intent
URI, but the previously launched intent seemed unresponsive. Andre had the bright
idea of re-opening the previously launched intent with invalid args, crashing it and
allow us to launch the payload.
 2014-11-15 21:33:16 -06:00
William Vu a521d469ed Land #4194, Quake protocol support 2014-11-15 17:44:19 -06:00
Christian Mehlmauer 28135bcb09 Land #4159, MantisBT PHP code execution by @itseco 2014-11-15 07:49:54 +01:00
sinn3r e194d5490d See #4162 - Don't delay before deleting a file via SMB 
So I was looking at issue #4162, and on my box I was seeing this
problem of the exploit failing to delete the payload in C:\Windows,
and the error was "Rex::Proto::SMB::Exceptions::NoReply The SMB
server did not reply to our request". I ended up removing the sleep(),
and that got it to function properly again. The box was a Win 7 SP1.

I also tested other Winodws boxes such as Win XP SP3, Windows Server
2008 SP2 and not having the sleep() doesn't seem to break anything.
So I don't even know why someone had to add the sleep() in the first
place.
 2014-11-14 15:45:37 -06:00
Jon Hart 57aef9a6f5 Land #4177, @hmoore-r7's fix for #4169 2014-11-13 18:29:57 -08:00
Christian Mehlmauer 3faa48d810 small bugfix 2014-11-13 22:51:41 +01:00
Christian Mehlmauer 7d6b6cba43 some changes 2014-11-13 22:46:53 +01:00
Tod Beardsley e2dc862121 Fix newly introduced typo. 2014-11-13 14:53:57 -06:00
Tod Beardsley dd1920edd6 Minor typos and grammar fixes 2014-11-13 14:48:23 -06:00
Juan Escobar 17032b1eed Fix issue reported by FireFart 2014-11-13 04:48:45 -05:00
jvazquez-r7 31f3aa1f6d Refactor create packager methods 2014-11-13 01:16:15 -06:00
jvazquez-r7 38a96e3cfc Update target info 2014-11-13 00:56:42 -06:00
jvazquez-r7 e25b6145f9 Add module for MS14-064 bypassing UAC through python for windows 2014-11-13 00:56:10 -06:00