adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41,886 Commits 27 Branches 1,043 Tags
f8a94de6710abe3042a26a9dca38dcccff2c93be
Commit Graph

2369 Commits

Author SHA1 Message Date
Jon Hart ff440ed5a4 Describe vulns in more detail, add more URLs 2014-12-22 20:20:48 -08:00
Jon Hart b4f6d984dc Minor style cleanup 2014-12-22 17:51:35 -08:00
Jon Hart 421fc20964 Partial mercurial support. Still need to implement bundle format 2014-12-22 17:44:14 -08:00
Jon Hart fdd1d085ff Don't encode the payload because this only complicates OS X 2014-12-22 13:36:38 -08:00
Joe Vennix 0bf3a9cd55 Fix duplicate :ua_maxver key. 2014-12-22 14:57:44 -06:00
Jon Hart ea9f5ed6ca Minor cleanup 2014-12-22 12:16:53 -08:00
Jon Hart dd73424bd1 Don't link to unused repositories 2014-12-22 12:04:55 -08:00
Jon Hart 6c8cecf895 Make git/mercurial support toggle-able, default mercurial to off 2014-12-22 11:36:50 -08:00
Jon Hart 574d3624a7 Clean up setup_git verbose printing 2014-12-22 11:09:08 -08:00
Jon Hart 16543012d7 Correct planted clone commands 2014-12-22 10:56:33 -08:00
Jon Hart 01055cd41e Use a trigger to try to only start a handler after the malicious file has been requested 2014-12-22 10:43:54 -08:00
Jon Hart 3bcd67ec2e Unique URLs for public repo page and malicious git/mercurial repos 2014-12-22 10:03:30 -08:00
Jon Hart 308eea0c2c Make malicious hook file name be customizable 2014-12-22 08:28:55 -08:00
Jon Hart 7f3cfd2207 Add a ranking 2014-12-22 07:51:47 -08:00
Jon Hart 74783b1c78 Remove ruby and telnet requirement 2014-12-21 10:06:06 -08:00
Jon Hart 31f320c901 Add mercurial debugging 2014-12-20 20:00:12 -08:00
Jon Hart 3da1152743 Add better logging. Split out git support in prep for mercurial 2014-12-20 19:34:55 -08:00
Jon Hart 58d5b15141 Add another useful URL. Use a more git-like URIPATH 2014-12-20 19:11:56 -08:00
Jon Hart f41d0fe3ac Randomize most everything about the malicious commit 2014-12-19 19:31:00 -08:00
Jon Hart 805241064a Create a partially capitalized .git directory 2014-12-19 19:07:45 -08:00
Jon Hart f7630c05f8 Use payload.encoded 2014-12-19 18:52:34 -08:00
Jon Hart 7f2247f86d Add description and URL 2014-12-19 15:50:16 -08:00
Jon Hart 9b815ea0df Some style cleanup 2014-12-19 15:35:09 -08:00
Jon Hart 4d0b5d1a50 Add some vprints and use a sane URIPATH 2014-12-19 15:33:26 -08:00
Tod Beardsley d3050de862 Remove references to Redmine in code 
See #4400. This should be all of them, except for, of course, the module
that targets Redmine itself.

Note that this also updates the README.md with more current information
as well.
 2014-12-19 17:27:08 -06:00
Jon Hart 48444a27af Remove debugging pp 2014-12-19 15:27:06 -08:00
Jon Hart 1c7fb7cc7d Mostly working exploit for CVE-2014-9390 2014-12-19 15:24:27 -08:00
Jon Hart 4888ebe68d Initial commit of POC module for CVE-2013-9390 (#4435) 2014-12-19 12:58:02 -08:00
rcnunez 223d6b7923 Merged with Fr330wn4g3's changes 2014-12-14 13:08:19 +08:00
Christian Mehlmauer 0f27c63720 fix msftidy warnings 2014-12-12 13:16:21 +01:00
Christian Mehlmauer 544f75e7be fix invalid URI scheme, closes #4362 2014-12-11 23:34:10 +01:00
jvazquez-r7 21742b6469 Test #3729 2014-12-06 21:20:52 -06:00
William Vu 394d132d33 Land #2756, tincd post-auth BOF exploit 2014-12-01 12:13:37 -06:00
floyd 9243cfdbb7 Minor fixes to ruby style things 2014-11-17 17:12:17 +01:00
Christian Mehlmauer 28135bcb09 Land #4159, MantisBT PHP code execution by @itseco 2014-11-15 07:49:54 +01:00
jvazquez-r7 ee9b1aa83a Manage Rex::ConnectionRefused exceptions 2014-11-14 10:53:03 -06:00
jvazquez-r7 428fe00183 Handle Rex::ConnectionTimeout 2014-11-13 22:34:28 -06:00
Jon Hart 57aef9a6f5 Land #4177, @hmoore-r7's fix for #4169 2014-11-13 18:29:57 -08:00
jvazquez-r7 4a0e9b28a4 Use peer 2014-11-13 19:26:01 -06:00
jvazquez-r7 4a06065774 Manage Exceptions to not wait the full wfs_delay 2014-11-13 19:17:09 -06:00
jvazquez-r7 73ce4cbeaa Use primer 2014-11-13 18:21:19 -06:00
jvazquez-r7 0bcb99c47d Fix metadata 2014-11-13 18:00:11 -06:00
jvazquez-r7 a5c8152f50 Use fail_with 2014-11-13 17:57:26 -06:00
jvazquez-r7 6ddf6c3863 Fail when the loader cannot find the java payload class 2014-11-13 17:55:49 -06:00
Christian Mehlmauer 3faa48d810 small bugfix 2014-11-13 22:51:41 +01:00
Christian Mehlmauer 7d6b6cba43 some changes 2014-11-13 22:46:53 +01:00
Tod Beardsley dd1920edd6 Minor typos and grammar fixes 2014-11-13 14:48:23 -06:00
Juan Escobar 17032b1eed Fix issue reported by FireFart 2014-11-13 04:48:45 -05:00
HD Moore 6b4eb9a8e2 Differentiate failed binds from connects, closes #4169 
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:

1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.

Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
 2014-11-11 14:59:41 -06:00
Juan Escobar ac17780f6d Fix by @FireFart to recover communication with the application after a meterpreter session 2014-11-11 05:49:18 -05:00