adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41,886 Commits 27 Branches 1,043 Tags
f8a94de6710abe3042a26a9dca38dcccff2c93be
Commit Graph

10172 Commits

Author SHA1 Message Date
Joshua J. Drake dbf66f27d5 Add a browser-based exploit module for CVE-2015-3864 2016-09-23 11:14:31 -05:00
George Papakyriakopoulos 639dee993a Fixed interactive password prompt issue 
Fixed an issue where the exploit would drop to interactive password prompt by default on newer ruby version which rendered the exploit unusable. It now properly forces pubkey authentication instead and proceeds with the bypass as expected.
 2016-09-23 17:03:40 +01:00
Pearce Barry 5de1d34869 Land #7341, add module metasploit_static_secret_key_base 2016-09-23 09:20:48 -05:00
h00die cba297644e post to local conversion 2016-09-22 22:08:24 -04:00
h00die 7646771dec refactored for live compile or drop binary 2016-09-22 20:07:07 -04:00
wchen-r7 bc425b0378 Update samsung_security_manager_put 
This patch improves the following

* Stage 1 XSS/JS attack to use the body.onload callback
* Better timing for FF
 2016-09-22 12:02:49 -05:00
Brent Cook 9f3c8c7eee Land #7268, add metasploit_webui_console_command_execution post-auth exploit 2016-09-22 00:50:58 -05:00
Brent Cook 88cef32ea4 Land #7339, SSH module fixes from net:ssh updates 2016-09-22 00:27:32 -05:00
Brendan 04f8f7a0ea Land #7266, Add Kaltura Remote PHP Code Execution 2016-09-21 17:14:49 -05:00
Justin Steven dcfbb9ee6a Tidy info 
Replace errant \t with \x20
 2016-09-21 20:14:11 +10:00
Justin Steven 1e24568406 Tweak verbosity re: found secrets 2016-09-21 20:14:08 +10:00
Justin Steven 30d07ce0c7 Tidy metasploit_static_secret_key_base module 
* Inline magic values
* Optimise out dead Rails3-specific code
 2016-09-21 20:13:58 +10:00
Louis Sato 8b1d29feef Land #7304, fix rails_secret_deserialization popchain 2016-09-20 16:05:03 -05:00
Mehmet Ince 2d3c167b78 Grammar changes again. 2016-09-20 23:51:12 +03:00
Mehmet Ince 0f16393220 Yet another grammar changes 2016-09-20 19:48:40 +03:00
Mehmet Ince fb00d1c556 Another minor grammer changes 2016-09-20 19:23:28 +03:00
Brendan 251421e4a7 Minor grammar changes 2016-09-20 10:37:39 -05:00
Mehmet Ince 385428684f Move module and docs under the exploit/linux/http folder 2016-09-20 12:45:23 +03:00
Brent Cook a9a1146155 fix more ssh option hashes 2016-09-20 01:30:35 -05:00
Mehmet Ince c689a8fb61 Removing empty lines before module start 2016-09-20 01:42:18 +03:00
Mehmet Ince 29a14f0147 Change References to EDB number and remove 4 space 2016-09-20 01:31:56 +03:00
Justin Steven a1ca27d491 add module metasploit_static_secret_key_base 2016-09-20 07:04:00 +10:00
David Maloney e315ec4e73 Merge branch 'master' into bug/7321/fix-ssh-modules 2016-09-19 15:27:37 -05:00
h00die 3bc566a50c fix email 2016-09-18 20:09:38 -04:00
h00die edd1704080 reexploit and other docs and edits added 2016-09-18 09:01:41 -04:00
h00die 4f85a1171f reexploit and other docs and edits added 2016-09-18 08:51:27 -04:00
Mehmet Ince 53d4162e7d Send payload with POST rather than custom header. 2016-09-17 23:11:16 +03:00
Thao Doan d2100bfc4e Land #7301, Support URIHOST for exim4_dovecot_exec for NAT 2016-09-16 12:49:57 -07:00
Thao Doan 7c396dbf59 Use URIHOST 2016-09-16 12:48:54 -07:00
William Vu 4d0643f4d1 Add missing DefaultTarget to Docker exploit 2016-09-16 13:09:00 -05:00
William Vu da516cb939 Land #7027, Docker privesc exploit 2016-09-16 12:44:21 -05:00
William Vu e3060194c6 Fix formatting in ubiquiti_airos_file_upload 
Also add :config and :use_agent options.
 2016-09-16 12:27:09 -05:00
Jan Mitchell 7393d91bfa Merge branch 'master' of https://github.com/rapid7/metasploit-framework into upstream-master 2016-09-16 10:46:44 +01:00
h00die 4be4bcf7eb forgot updates 2016-09-16 02:08:09 -04:00
h00die 2e42e0f091 first commit 2016-09-16 01:54:49 -04:00
William Vu a7103f2155 Fix missing form inputs 
Also improve check string.
 2016-09-15 19:19:24 -05:00
David Maloney dfcd5742c1 some more minor fixes 
some more minor fixes around broken
ssh modules

7321
 2016-09-15 14:25:17 -05:00
David Maloney e10c133eef fix the exagrid exploit module 
split the exagrid exploit module up and
refactor to be able to easily tell if the
key or the password was used

7321
 2016-09-15 11:44:19 -05:00
Justin Steven 116c754328 tidy Platform 2016-09-15 10:35:42 +10:00
Justin Steven 8a0c8b54fc merge branch 'master' into PR branch 
make Travis happy
 2016-09-15 10:31:24 +10:00
Jon Hart a7cf0c8a32 Make at_persistence more persistent 2016-09-14 16:19:59 -07:00
Justin Steven ff1c839b7d appease msftidy 
trailing whitespace
 2016-09-15 08:18:43 +10:00
William Webb 01327f0265 Land #7245, NetBSD mail.local privilege escalation module 2016-09-14 16:07:12 -05:00
William Vu c6214d9c5e Fix and clean module 2016-09-14 14:36:29 -05:00
James Lee 27be29edb4 Fix typo 2016-09-14 13:21:37 -05:00
James Barnett 6509b34da1 Land #7255, Fix issue causing Glassfish to fail uploading to Windows targets. 2016-09-14 12:57:41 -05:00
William Vu 8533e6c5fd Land #7252, ARCH_CMD to ARCH_PHP for phoenix_exec 2016-09-14 10:38:37 -05:00
Jon Hart 79a8123d2f Trim platform, expand payload 2016-09-13 21:44:41 -07:00
Jon Hart 18d424bb83 Update waiting message to indicate that it will wait up to that long 2016-09-13 21:16:59 -07:00
Jon Hart b16e84f574 Bump default WfsDelay to account for execution at 0s and execution delays 
Also, platforms, which I think achieves nothing right now.
 2016-09-13 21:04:30 -07:00