adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41,886 Commits 27 Branches 1,043 Tags
f8a94de6710abe3042a26a9dca38dcccff2c93be
Commit Graph

10172 Commits

Author SHA1 Message Date
Tod Beardsley 8de17981c3 Get rid of the WiFi key stealer 2016-11-29 14:48:04 -06:00
Tod Beardsley 75bcf82a09 Never set DefaultPaylod, reverse target options 2016-11-29 14:43:10 -06:00
Tod Beardsley f55f578f8c Title, desc, authors, refs 2016-11-29 14:39:38 -06:00
Tod Beardsley d691b86443 First commit of Kenzo's original exploit 
This is a work in progress, and is merely the copy-paste
of the original PoC exploit from:

https://devicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/
 2016-11-29 09:13:52 -06:00
OJ e8158bd200 Add multi platform type, wire into the multi stage 2016-11-28 09:34:09 +10:00
x2020 6f70323460 Minor misspelling mistakes and corrected the check of the mysqld process 2016-11-25 19:03:23 +00:00
x2020 1119dc4abe Targets set to automatic 
removed targets and set only automatic
the targets weren't used so there's no funcionallity loss
 2016-11-25 17:35:28 +00:00
Brent Cook 59f3c9e769 Land #7579, rename netfilter_priv_esc to rename netfilter_priv_esc_ipv4 2016-11-21 17:59:29 -06:00
Prateep Bandharangshi 8869ebfe9b Fix incorrect disclosure date for OpenNMS exploit 
Disclosure date was Nov 2015, not Nov 2014
 2016-11-21 16:44:36 +00:00
William Webb 6c6221445c Land #7543, Create exploit for CVE-2016-6563 / Dlink DIR HNAP Login 2016-11-21 09:59:50 -06:00
OJ 6ae8a2dd2e Remove unused/empty function body 2016-11-21 17:59:49 +10:00
OJ 8c036885bc Fix msftidy issues 2016-11-21 17:23:03 +10:00
OJ e226047457 Merge 'upstream/master' into the bypassuac via eventvwr mod 2016-11-21 17:18:40 +10:00
Brent Cook 005d34991b update architecture 2016-11-20 19:09:33 -06:00
Brent Cook f313389be4 Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch 2016-11-20 19:08:56 -06:00
x2020 acfd214195 Mysql privilege escalation 
Documentation, compiled binary and final implementation.
Completed the documentation, added the missing compiled binary and a
final and tested implementation of the module.
 2016-11-19 11:24:29 +00:00
h00die cfd31e32c6 renaming per @bwatters-r7 comment in #7491 2016-11-18 13:52:09 -05:00
Louis Sato 920ecf6fc5 finishing metacoms work for pdf-shaper-bo 2016-11-18 11:36:02 -06:00
wchen-r7 4596785217 Land #7450, PowerShellEmpire Arbitrary File Upload 2016-11-17 17:47:15 -06:00
wchen-r7 c0af5b690d Land #6638, add local exploit module to execute payload w/ stealth 2016-11-16 16:25:15 -06:00
wchen-r7 e1ff37f3eb Title change and handling Rex::TimeoutError exception 2016-11-16 16:23:44 -06:00
Brendan 18bafaa2e7 Land #7531, Fix drb_remote_codeexec and create targets 2016-11-16 12:58:22 -06:00
wchen-r7 7b83720b90 Bring #6638 up to date 2016-11-15 12:27:05 -06:00
Brent Cook b56b6a49ac Land #7328, Extend lsa_transname_heap exploit to MIPS 2016-11-15 07:37:19 -06:00
wchen-r7 fa9f2b340e def setup isn't needed 2016-11-14 15:52:02 -06:00
wchen-r7 bab07b5691 Bring #7540 up to date 2016-11-14 14:59:21 -06:00
Jeffrey Martin c458d662ed report correct credential status as successful 2016-11-14 12:27:22 -06:00
Jeffrey Martin 4ae90cbbef Land #7191, Add exploit for CVE-2016-6267 - Trend Micro Smart Protection Server authenticated RCE. 2016-11-14 12:06:02 -06:00
William Webb 4e40546958 Land #7502, Disk Pulse Enterprise Login Buffer Overflow 2016-11-14 10:28:53 -06:00
Brent Cook 4f323527c9 Land #7549, Deprecate/move wp_ninja_forms_unauthenticated_file_upload 2016-11-14 03:00:02 -06:00
Pedro Ribeiro 908713ce68 remove whitespace at end of module name 2016-11-14 08:35:34 +00:00
Chris Higgins 4e9802786c Removed spaces causing build to fail 2016-11-13 21:46:24 -06:00
Pearce Barry 9eb9d612ca Minor typo fixups. 2016-11-11 16:54:16 -06:00
Pearce Barry 1dae206fde Land #7379, Linux Kernel BPF Priv Esc (CVE-2016-4557) 2016-11-11 16:50:20 -06:00
wchen-r7 8cd9a9b670 Deprecate wp_ninja_forms_unauthenticated_file_upload 
wp_ninja_forms_unauthenticated_file_upload actually supports
multiple platforms.

Instead of using:
exploit/unix/webapp/wp_ninja_forms_unauthenticated_file_upload

Please use:
exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload
 2016-11-10 11:17:09 -06:00
scriptjunkie 268a72f210 Land #7193 Office DLL hijack module 2016-11-08 23:15:27 -06:00
Pedro Ribeiro 50f578ba79 Add full disclosure link 2016-11-08 22:15:19 +00:00
Yorick Koster 3c1f642c7b Moved PPSX to data/exploits folder 2016-11-08 16:04:46 +01:00
Pedro Ribeiro 95bd950133 Point to proper link on github 2016-11-07 17:59:29 +00:00
Pedro Ribeiro f268c28415 Create dlink_hnap_login_bof.rb 2016-11-07 17:45:37 +00:00
Chris Higgins 099a5984f9 Updated with style suggestions from msftidy and rubocop. 
Also updated with commented from other contributors.
 2016-11-07 10:18:52 -06:00
Chris Higgins 689fc28d1b Added WinaXe 7.7 FTP client Server Ready buffer overflow 2016-11-06 23:35:16 -06:00
William Vu da356e7d62 Remove Compat hash to allow more payloads 2016-11-04 13:57:05 -05:00
William Vu f0c89ffb56 Refactor module and use FileDropper 2016-11-04 13:57:05 -05:00
William Vu 6d7cf81429 Update references 2016-11-04 13:57:05 -05:00
William Vu 009d6a45aa Update description 2016-11-04 13:57:05 -05:00
William Vu bf7936adf5 Add instance_eval and syscall targets 2016-11-04 13:57:05 -05:00
OJ 4bf966f695 Add module to bypassuac using eventvwr 
This module was inspired by the work done by Matt Nelson and Matt
Graeber who came up with the method in the first place. This works
nicely on a fully patched Windows 10 at the time of writing.
 2016-11-05 04:41:38 +10:00
wchen-r7 ca5610ccde Land #7511, Update jenkins_script_console to support newer versions 2016-11-04 11:24:25 -05:00
William Vu 5ed030fcf6 Land #7529, nil.downcase fix for tomcat_mgr_deploy 
Don't think it was ever needed, since the password is case-sensitive.

Fixed a minor merge conflict where PASSWORD became HttpPassword.
 2016-11-03 15:39:46 -05:00