adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
42,591 Commits 27 Branches 1,043 Tags
f008f2aa8fcfbf490f184c3f98fbddc19eeca0c2
Commit Graph

22191 Commits

Author SHA1 Message Date
h00die f008f2aa8f working code 2017-06-16 08:24:54 -04:00
William Vu e7fa4c2d06 Land #8504, print_good for ipmi_dumphashes 2017-06-02 18:49:41 -05:00
Dylan Davis 34e9b2c04b Change ipmi_dumphashes to have non-verbose output, ever 2017-06-02 14:27:21 -06:00
Jeffrey Martin 2924318ca5 update java_rmi_server modules with CVE 2017-06-02 12:59:48 -05:00
David Maloney d5e74ffdf3 Merge branch 'master' into feature/eternal_blue/rubysmb_refactor 2017-05-30 13:59:31 -05:00
David Maloney a5f910ea63 move trans2 conditional to case statement 
this is cleaner as a case statement
 2017-05-30 13:52:29 -05:00
David Maloney b65c959347 limited port of the trans2 exploit packets 
ported some of the Trans2 packets for EternalBlue
over to RubySMB, but there is so much jacked up about these
packets I'm not sure we can do much more here
 2017-05-30 13:49:27 -05:00
William Vu 72ff4fbf48 Reword warning message, since it didn't make sense 2017-05-30 13:13:08 -05:00
William Vu 890d35cc30 Fix warning placement to be more helpful 2017-05-30 13:06:23 -05:00
David Maloney e9ac3fce5a update credential mode for EB exploit 
ExternalBlue can now just flat out take
credentials to authenticate with. If credentials
are not supplied then it will still do the
anonymous login.
 2017-05-30 10:55:28 -05:00
Brent Cook beb1cef835 rescue connection failure for netbios, suggest how to fix it 2017-05-30 08:06:39 -05:00
Brent Cook ea6063138a Land #8476, Implement VerifyArch for ETERNALBLUE 2017-05-30 00:31:32 -05:00
Brent Cook a01a2ead1a Land #8467, Samba CVE-2017-7494 Improvements 2017-05-30 00:15:03 -05:00
Brent Cook 28fb5cc7da spelling 2017-05-30 00:14:33 -05:00
Brent Cook e31e3fc545 add additional architectures and targets 2017-05-30 00:07:37 -05:00
William Vu a781480e89 Add error handling to get_once 
And check for specific ack result/reason for 32-bit.
 2017-05-29 22:28:50 -05:00
William Vu 6e253a5be7 Use Rex::Proto::DCERPC::Response 2017-05-29 21:58:03 -05:00
h00die 5698896672 Land #8323 wordpress pre4.6 dos 2017-05-29 07:59:43 -04:00
William Vu 42b14a93b8 Add comments 2017-05-28 23:45:09 -05:00
William Vu 7a2944d113 Implement VerifyArch for ETERNALBLUE 2017-05-28 23:26:59 -05:00
h00die 8d3eebf394 Land #8473 aux admin tool to get scadabr creds from db 2017-05-28 20:09:47 -04:00
Brendan Coles c811c6a8c0 Add PASS_FILE option 2017-05-28 23:26:51 +00:00
root 72a5142e37 Update directory traversal DoS module and docs 2017-05-29 00:30:23 +02:00
HD Moore 66f06cd4e3 Fix small typos in comments 2017-05-28 14:40:33 -05:00
Spencer McIntyre 4e29b6e5fd Land #8275, add retry opts for py rev_tcp stager 2017-05-28 13:02:35 -04:00
itsmeroy2012 e02d726213 Setting default values to the added options 2017-05-28 14:30:30 +05:30
HD Moore 965915eb19 Fix typo, thanks! 2017-05-27 22:22:34 -05:00
Brendan Coles 8fce94b3cd Add ScadaBR Credentials Dumper module 2017-05-28 01:24:53 +00:00
HD Moore 38491fd7ba Rename payloads with os+libc, shrink array inits 2017-05-27 19:50:31 -05:00
HD Moore f9ecdf2b4d Add some bonus archs for interact mode 2017-05-27 17:26:50 -05:00
HD Moore 41253ab32b Make msftidy happy 2017-05-27 17:17:20 -05:00
HD Moore 184c8f50f1 Rework the Samba exploit & payload model to be magic. 2017-05-27 17:03:01 -05:00
HD Moore 78d649232b Remove obsolete module options 2017-05-26 21:21:05 -05:00
HD Moore 123a03fd21 Detect server-side path, work on Samba 3.x and 4.x 2017-05-26 17:02:18 -05:00
HD Moore eebfd9b7f2 Switch to the mixin-provided SMB share enumeration methods 2017-05-26 17:02:06 -05:00
David Maloney ee5f37d2f7 remove nt trans raw sock op 
don't send the nt transact packet as raw
socket data, instead use the client send_recv
method
 2017-05-26 15:50:18 -05:00
William Webb d4ba28a20b Land #8457, Update multi/fileformat/office_word_macro to allow custom templates 2017-05-26 15:09:23 -05:00
David Maloney f0f99ad479 nttrans packet setup correctly,everything broken 
got the nttrans packet setup correctly but somewhere
along the line i broke the whole exploit wtf?
 2017-05-26 14:54:46 -05:00
root 9b9d2f2345 Final version of configurable depth 2017-05-26 16:23:22 +02:00
root 33ddef9303 Add documentation, add configurable depth path 2017-05-26 16:14:03 +02:00
wchen-r7 162a660d45 Remove the old windows/fileformat/office_word_macro 
windows/fileformat/office_word_macro.rb has been deprecated and
it should have been removed on March 16th.

If you want to create a Microsoft Office macro exploit, please
use the multi/fileformat/office_word_macro exploit instead, which
supports multiple platforms, and will support template injection.
 2017-05-26 07:33:46 -05:00
wchen-r7 04a701dba5 Check template file extension name 2017-05-26 07:31:34 -05:00
HD Moore 072ab7291c Add /tank (from ryan-c) to search path 2017-05-26 06:56:41 -05:00
wchen-r7 2835c165d7 Land #8390, Add module to execute powershell on Octopus Deploy server 2017-05-25 17:33:07 -05:00
wchen-r7 330526af72 Update check method 2017-05-25 17:30:58 -05:00
William Vu ae22b4ccf4 Land #8450, Samba is_known_pipename() exploit 2017-05-25 16:36:28 -05:00
HD Moore 1474faf909 Remove ARMLE for now, will re-PR once functional 2017-05-25 16:14:35 -05:00
HD Moore 2ad386948f Small cosmetic typo 2017-05-25 16:10:37 -05:00
HD Moore 18a871d6a4 Delete the .so, add PID bruteforce option, cleanup 2017-05-25 16:03:14 -05:00
wchen-r7 ee13195760 Update office_word_macro exploit to support template injection 2017-05-25 15:53:45 -05:00