adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
38,806 Commits 27 Branches 1,043 Tags
eeba35f87ad00a3ac44d2e4be57aad937664cd36
Commit Graph

20379 Commits

Author SHA1 Message Date
Pedro Ribeiro eeba35f87a Create file for WebNMS 5.2 remote code execution 2016-07-04 21:07:03 +01:00
Pearce Barry 12812650c0 Land #7054, Fix busted alpha encoding on ms02_018_htr 2016-07-02 17:07:25 -05:00
James Lee 3850431966 Fix busted alpha encoding on this old-ass exploit 2016-07-01 17:20:00 -05:00
wchen-r7 bca0d716c0 Land #7047, Ensure http_login scanner module saves passwds 2016-07-01 12:21:28 -05:00
Brendan 70a79bb0e8 Land #7014, Nagios remote root shell exploit 2016-07-01 08:17:38 -07:00
William Vu 9663f88fdc Download profile.zip instead of including it 
profile.zip is GPL-licensed...
 2016-07-01 01:17:23 -05:00
Pearce Barry 159446ce92 Ensure http_login scanner module saves passwds. 
Fixes #6983.  When the auxiliary/scanner/http/http_login module discovers a successful basic auth user+password combination, make sure we properly store the password by specifically telling the credentials gem that the private data we're storing is a :password.
 2016-06-30 16:58:39 -05:00
William Webb 1401a61f59 Land #6998, Fix #6984 Undefined method 'winver' in ms10_092_schelevator 2016-06-30 16:14:09 -05:00
Tod Beardsley afbeb2b668 Land #7023, fixes for swagger exploit 
Thanks @sdavis-r7!

See #7015 as well.
 2016-06-30 10:54:34 -04:00
Tod Beardsley d1281b6594 Chmod to remove the exec bit. 2016-06-30 10:43:46 -04:00
William Vu 68bd4e2375 Fire and forget the shell 
Edge case where reverse_perl returns 302 when app is unconfigured.
 2016-06-29 14:51:05 -05:00
James Lee 4e63591ce8 Use the proper Author key, not Authors 2016-06-28 15:21:19 -05:00
David Maloney 97f9ca4028 Merge branch 'master' into egypt/ruby-ntlm 2016-06-28 14:14:56 -05:00
Louis Sato d5d0b9e9b8 Revert "Land #6729, Speed up the datastore" 
This reverts commit c6b1955a5a, reversing
changes made to 4fb7472391.
 2016-06-28 13:39:52 -05:00
William Vu 5f08591fef Add Nagios XI exploit 2016-06-27 15:17:18 -05:00
Scott Lee Davis 2480781409 pesky pry. 2016-06-27 01:55:49 -04:00
Scott Lee Davis c2b4e22b46 updated with discovered changes from k kali & documentation update changes requested. 2016-06-27 01:53:20 -04:00
James Lee 058115c21f Land #7015, sdavis' swagger exploit 2016-06-24 16:13:51 -05:00
James Lee 15a1a9ed71 Raise if payload.arch doesn't match expected 
This is necessary when payload is a generic/* since we can't actually
figure out what we need the prefix/suffix to be because the generics are
a pain to extract the arch/platform info out of.

Also remove some unnecessary options.
 2016-06-24 16:08:47 -05:00
wchen-r7 9f280d714e Land #6994, NetBIOS Name Brute Force Spoofing modules 2016-06-23 17:54:51 -05:00
Scott Davis 3fb9eae687 EOL space if a ruby devil. 2016-06-23 15:40:16 -07:00
Scott Davis b38b116c9a @ePaul comments added to description. 2016-06-23 15:33:11 -07:00
Tod Beardsley 08d08d2c95 Fix Java payload generator 2016-06-23 14:51:26 -05:00
Tod Beardsley 464808d825 First, put the RC data in the module proper 2016-06-23 14:43:37 -05:00
Tod Beardsley 92c70dab6f Real array, and fix PHP 2016-06-23 13:22:21 -05:00
Tod Beardsley ffabf26593 No Automatic target. 2016-06-23 12:50:23 -05:00
Tod Beardsley 7a36d03fe3 Trying multi arch 2016-06-23 12:34:51 -05:00
Scott Lee Davis 47674c77ad chmod 644 swagger_param_inject.rb 2016-06-23 11:49:16 -04:00
Scott Lee Davis fbd0bc4308 updated as per @egypt & @todb-r7 recommendations. 2016-06-23 11:41:54 -04:00
Tod Beardsley fc79f3a2a9 Modify for only NodeJS 
Not sure if we can do multiple arch's in the same module. Doesn't look
like it's possible today.

See rapid7#7015
 2016-06-23 10:14:57 -05:00
Scott Davis 579a3bcf7c default payload is NOT text based, so do nothing with it. 2016-06-23 07:00:14 -07:00
Scott Davis 47e4321424 CVE-2016-5641 2016-06-23 06:09:37 -07:00
wchen-r7 048741660c Land #6980, Add ClamAV Remote Command Transmitter 2016-06-22 15:50:45 -05:00
wchen-r7 de5152401a Land #6992, Add tiki calendar exec exploit 2016-06-22 11:18:14 -05:00
wchen-r7 8697d3d6fb Update tiki_calendar_exec module and documentation 2016-06-22 11:17:45 -05:00
James Lee 07f7e5e148 Convert non-loginscanner MSSQL to rubyntlm 2016-06-22 10:15:22 -05:00
h00die 9cb57d78d7 updated check and docs that 14.2 may not be vuln 2016-06-21 16:48:09 -04:00
Meatballs 81f30ca962 Land #6966, Microsoft Office Trusted Locations Enumeration 2016-06-21 21:45:39 +01:00
h00die 15a3d739c0 fix per wchen 2016-06-20 17:57:10 -04:00
William Webb 3f9d0630ce Merge remote-tracking branch 'upstream/pr/6955' into land-6955 2016-06-20 13:14:37 -05:00
William Webb e692e32dae Land #6955, DarkComet C2 Arbitrary File Download Exploit 2016-06-20 12:03:38 -05:00
William Webb c816af1e4d Merge remote-tracking branch 'upstream/pr/6955' into land-6955 2016-06-20 12:00:19 -05:00
wchen-r7 2b85b210e9 Fix #6984, Undefined method 'winver' in ms10_092_schelevator 
Fix #6984
 2016-06-20 10:37:41 -05:00
Pearce Barry 95517b4a45 Avoid exception on missing key in prefs. 2016-06-20 09:26:10 -05:00
William Vu 6cb2a6970e Fix unused SessionType in two modules 
Pretty sure it should be "shell."
 2016-06-19 23:41:34 -05:00
HD Moore 856a4c7684 Reference BadTunnel (appropriate for the nat module) 2016-06-19 20:50:12 -05:00
h00die 6fe7698b13 follow redirect automatically 2016-06-19 20:24:54 -04:00
HD Moore a84614f2c0 Whitespace only 2016-06-19 18:44:32 -05:00
HD Moore ce7c6496dd Rework to clarify that this a brute force spoof, unrelated to BadTunnel 2016-06-19 13:36:39 -05:00
h00die 3f25c27e34 2 void-in fixes of 3 2016-06-19 14:35:27 -04:00