adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
43,599 Commits 27 Branches 1,043 Tags
f1be6b720b7aaec00d5d9e5dd19be2ebbfbaf64b
Commit Graph

2449 Commits

Author SHA1 Message Date
Tod Beardsley 5f66b7eb1a Land #8940, @h00die's second round of desc fixes 
One ninja edit along the way as well.
 2017-09-11 13:05:13 -05:00
Brent Cook 54a62976f8 update versions and add quick module docs 2017-09-08 13:59:29 -05:00
William Vu 978fdb07b0 Comment out PSH target and explain why 
I hope we can fix the PSH target in the future, but the Windows dropper
works today, and you can specify a custom EXE if you really want.
 2017-09-08 13:41:06 -05:00
Pearce Barry 2ebf53b647 Minor tweaks... 2017-09-08 10:04:47 -05:00
h00die 00c593e0a2 55 pages of spelling done 2017-09-07 21:18:50 -04:00
William Vu a9a307540f Assign cmd to entire case and use encode for XML 
Hat tip @acammack-r7. Forgot about that first syntax!
 2017-09-07 19:36:08 -05:00
William Vu 8f1e353b6e Add Apache Struts 2 REST Plugin XStream RCE 2017-09-07 19:30:48 -05:00
Pearce Barry 6051a1a1c1 Land #8910, Use meta redirect instead of JS redirect in 2 modules 2017-09-01 13:50:02 -05:00
Tod Beardsley 86db2a5771 Land #8888 from @h00die, with two extra fixes 
Fixes spelling and grammar in a bunch of modules. More to come!
 2017-08-31 14:37:02 -05:00
james 49173818fd Addresses #8674 
This type of redirection will work without javascript being enabled.

Modules:
multi/browser/firefox_xpi_bootstrapped_addon
multi/browser/itms_overflow

More info on the meta element:
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta
 2017-08-30 23:16:46 -05:00
Brent Cook 202c936868 Land #8826, git submodule remote command execution 2017-08-29 18:11:32 -05:00
Brent Cook 46eeb1bee0 update style 2017-08-29 17:44:39 -05:00
Tim 39299c0fb8 randomize submodule path 2017-08-29 16:54:08 +08:00
h00die a40429158f 40% done 2017-08-28 20:17:58 -04:00
n00py 8f17d536a7 Update phpmailer_arg_injection.rb 
Removed second parameter as it was not necessary.  Only changed needed was to change "send_request_cgi" to "send_request_cgi!"
 2017-08-24 00:29:28 -06:00
n00py c49b72a470 Follow 301 re-direct 
I found that in some cases, the trigger URL cannot be accessed directly.  For example, if the uploaded file was example.php, browsing to "example.php" would hit a 301 re-direct to "/example".  It isn't until hitting "/example" that the php is executed.  This small change will just allow the trigger to follow one 301 redirect.
 2017-08-23 18:53:54 -06:00
Brent Cook 821121d40b Land #8871, improve compatibility and speed of JDWP exploit 2017-08-23 18:53:47 -05:00
Brent Cook 128949217e more osx 2017-08-22 16:48:09 -05:00
Brent Cook bb120962aa more osx support 2017-08-22 14:01:48 -05:00
Brent Cook 7263c7a66e add 64-bit, osx support 2017-08-22 13:51:28 -05:00
Louis Sato e01caac9ed removing slice operators from jdwp_debugger 2017-08-21 16:36:54 -05:00
Brent Cook edbe8d73c2 Revert "Revert passive stance for multi/handler" 
This reverts commit 66a4ea4f0b.
 2017-08-21 16:14:23 -05:00
Brent Cook eabe4001c2 Land #8492, Add IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution module 2017-08-20 18:48:22 -05:00
Brent Cook 88f39d924b Land #8816, added Jenkins v2 cookie support 2017-08-20 14:58:38 -05:00
William Vu 66a4ea4f0b Revert passive stance for multi/handler 
It's gotten to be a bit annoying. ExitOnSession=false was good, but this
was too much. Typing run -j isn't difficult.
 2017-08-18 13:16:12 -05:00
Tim 7881a7ddc4 git submodule command exec 2017-08-13 11:47:44 +08:00
thesubtlety 7e860571ae fix bug where api_token auth was being used without token being set 2017-08-09 12:30:26 -04:00
thesubtlety 9bb102d72d add jenkins v2 cookie support 2017-08-09 12:29:31 -04:00
Brent Cook 6f97e45b35 enable Ruby 2.2 compat checks in Rubocop, correct multi/handler compat 2017-08-02 06:18:02 -05:00
TC Johnson 8989d6dff2 Modified Accuvant bog posts to the new Optive urls 2017-08-02 13:25:17 +10:00
Brent Cook 354869205a make exploit/multi/handler passive 
This gives exploit/multi/handler a makeover, updating to use more-or-less
standard Ruby, and removing any mystical hacks at the same time (like select
instead of sleep).

This also gives it a Passive stance, and sets ExitOnSession to be false by
default, which is the setting that people use 99% of the time anyway.
 2017-07-24 15:47:06 -07:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
Brent Cook 838b066abe Merge branch 'master' into land-8716 2017-07-24 05:51:44 -07:00
g0tmi1k 524373bb48 OCD - Removed un-needed full stop 2017-07-21 07:41:51 -07:00
g0tmi1k 772bec23a1 Fix various typos 2017-07-21 07:40:08 -07:00
g0tmi1k ef826b3f2c OCD - print_good & print_error 2017-07-19 12:48:52 +01:00
g0tmi1k b8d80d87f1 Remove last newline after class - Make @wvu-r7 happy 2017-07-19 11:19:49 +01:00
g0tmi1k 3d4feffc62 OCD - Spaces & headings 2017-07-19 11:04:15 +01:00
David Maloney 8f6cac9c37 Land #8652, rpc console write exploit 
lands pr for the metasploit rpc console write exploit
 2017-07-14 14:47:35 -05:00
g0tmi1k 4720d1a31e OCD fixes - Spaces 2017-07-14 08:46:59 +01:00
g0tmi1k fd843f364b Removed extra lines 2017-07-14 08:17:16 +01:00
g0tmi1k 424522147e OCD fixes - Start of *.rb files 2017-07-13 23:53:59 +01:00
Emanuel Bronshtein df024bb594 Remove duplicate setting of suhosin.simulation 2017-07-10 00:46:05 +03:00
Brent Cook 3bda361544 add old hackingteam leak name 2017-07-07 00:52:11 -05:00
Brendan Coles baff473cae Add Metasploit RPC Console Command Execution module 2017-07-05 08:48:35 +00:00
William Vu 7e1b50ab3b Land #8629, AKA (also known as) module reference 2017-06-28 19:15:45 -05:00
Brent Cook aa8c580aba updates 2017-06-28 20:14:38 -04:00
Brent Cook d20036e0fb revise spelling, add heartbleed and tidy checks 2017-06-28 18:50:20 -04:00
William Vu 43d8c4c5e7 Land #8519, Apache ActiveMQ file upload exploit 2017-06-28 17:19:39 -05:00
Brent Cook 461ab4501d add 'Also known as', AKA 'AKA', to module references 2017-06-28 15:53:00 -04:00