adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
37,190 Commits 27 Branches 1,043 Tags
f8d6a59cdc72ffa3bcbe1270276f3fb0a7bdfa22
Commit Graph

9215 Commits

Author SHA1 Message Date
Brent Cook 3d1861b3f4 Land #6526, integrate {peer} string into logging by default 2016-02-15 15:19:26 -06:00
William Vu fc491ffa3e Land #6555, Content-Length fix for HP modules 2016-02-10 10:39:08 -06:00
William Vu 5b3fb99231 Land #6549, module option for X-Jenkins-CLI-Port 2016-02-10 10:34:33 -06:00
William Vu c67360f436 Remove extraneous whitespace 2016-02-10 09:44:01 -06:00
wchen-r7 8a3bc83c4d Resolve #6553, remove unnecessary content-length header 
Rex will always generate a content-length header, so the module
doesn't have to do this anymore.

Resolve #6553
 2016-02-09 21:25:56 -06:00
Brent Cook c590fdd443 Land #6501, Added Dlink DCS Authenticated RCE Module 2016-02-09 17:19:33 -06:00
wchen-r7 1d6b782cc8 Change logic 
I just can't deal with this "unless" syntax...
 2016-02-08 18:40:48 -06:00
wchen-r7 d60dcf72f9 Resolve #6546, support manual config for X-Jenkins-CLI-Port 
Resolve #6546
 2016-02-08 18:16:48 -06:00
James Lee 12256a6423 Remove now-redundant peer 
These all include either Msf::Exploit::Remote:Tcp or Msf::Exploit::Remote:HttpClient
 2016-02-01 15:12:03 -06:00
wchen-r7 110a4840e9 Land #6491, Shrink the size of ms08_067 so that it again works w/ bind_tcp 2016-01-29 11:03:03 -06:00
Nicholas Starke d51be6e3da Fixing typo 
This commit fixes a typo in the word "service"
 2016-01-28 16:44:42 -06:00
Nicholas Starke 1ef7aef996 Fixing User : Pass delimiter 
As per the PR comments, this commit replaces the user and
pass delimiter from "/" to ":"
 2016-01-27 17:20:58 -06:00
Louis Sato f6f2e1403b Land #6496, specify scripting language - elastic search 2016-01-27 15:42:47 -06:00
wchen-r7 51efb2daee Land #6422, Add support for native target in Android webview exploit 2016-01-27 14:27:41 -06:00
Nicholas Starke 4560d553b5 Fixing more issues from comments 
This commit includes more minor fixes from the github
comments for this PR.
 2016-01-24 19:43:02 -06:00
Nicholas Starke d877522ea5 Fixing various issues from comments 
This commit fixes issues with specifying "rhost:rport",
replacing them instead with "peer".  Also, a couple of
"Unknown" errors were replaced with "UnexpectedReply".
 2016-01-23 13:43:09 -06:00
Nicholas Starke a5a2e7c06b Fixing Disclosure Date 
Disclosure date was in incorrect format, this commit
fixes the issue
 2016-01-23 11:41:05 -06:00
Nicholas Starke 8c8cdd9912 Adding Dlink DCS Authenticated RCE Module 
This module takes advantage of an authenticated HTTP RCE
vulnerability to start telnet on a random port. The module
then connects to that telnet session and returns a shell.
This vulnerability is present in version 2.01 of the firmware
and resolved by version 2.12.
 2016-01-23 11:15:23 -06:00
William Vu d6facbe339 Land #6421, ADB protocol and exploit 2016-01-22 20:45:44 -06:00
William Vu 1b386fa7f1 Add targets to avoid ARCH_ALL payload confusion 2016-01-22 16:45:10 -06:00
wchen-r7 b02c762b93 Grab zeroSteiner's module/jenkins-cmd branch 2016-01-22 10:17:32 -06:00
Lutz Wolf 99de466a4d Bugfix: specify scripting language 2016-01-22 15:00:10 +01:00
Brent Cook dc6dd55fe4 Shrink the size of ms08_067 so that it again works with bind_tcp 
In #6283, we discovered that ms08_067 was busted with reverse_tcp. The
solution was to bump the amount of space needed to help with encoding.
However, we flew a little too close to the sun, and introduced a
regression with bind_tcp on Windows XP SP2 EN where the payload stages
but does not run.

This shrinks the payload just enough to make bind_tcp work again, but
reverse_tcp also continues to work as expected.
 2016-01-21 19:37:09 -06:00
rastating a7cd5991ac Add encoding of the upload path into the module 2016-01-17 22:44:41 +00:00
rastating 5660c1238b Fix problem causing upload to fail on versions 1.2 and 1.3 of theme 2016-01-17 18:44:00 +00:00
William Vu fec75c1daa Land #6457, FileDropper for axis2_deployer 2016-01-14 15:10:05 -06:00
Brent Cook 37178cda06 Land #6449, properly handle HttpServer resource collisions 2016-01-14 12:15:18 -06:00
William Vu 7e1446d8fa Land #6400, iis_webdav_upload_asp improvements 2016-01-14 12:12:33 -06:00
Rory McNamara 0216d027f9 Use OptEnum instead of OptString 2016-01-14 09:06:45 +00:00
Rory McNamara 564b4807a2 Add METHOD to simple_backdoors_exec 2016-01-13 14:42:11 +00:00
Rory McNamara 889a5d40a1 Add VAR to simple_backdoors_exec 2016-01-13 13:46:26 +00:00
wchen-r7 315d079ae8 Land #6402, Add Post Module for Windows Priv Based Meterpreter Migration 
We are also replacing smart_migrate with this.
 2016-01-13 01:21:32 -06:00
wchen-r7 6deb57dca3 Deprecate post/windows/manage/smart_migrate and other things 
This includes:

* Give credit to thelightcosine in priv_migrate
* Deprecate smart_migrate
* Update InitialAutoRunScript for winrm_script_exec
 2016-01-12 23:14:13 -06:00
wchen-r7 514199e88f Register early so the cleanup can actually rm the file 2016-01-12 15:22:03 -06:00
wchen-r7 78bc394f80 Fix #6268, Use FileDropper for axis2_deployer 
Fix #6268
 2016-01-08 17:09:09 -06:00
wchen-r7 6a2b4c2530 Fix #6445, Unexpected HttpServer terminations 
Fix #6445

Problem:
When an HttpServer instance is trying to register a resource that
is already taken, it causes all HttpServers to terminate, which
is not a desired behavior.

Root Cause:
It appears the Msf::Exploit::Remote::TcpServer#stop_service method
is causing the problem. When the service is being detected as an
HttpServer, the #stop method used actually causes all servers to
stop, not just for a specific one. This stopping route was
introduced in 04772c8946, when Juan
noticed that the java_rmi_server exploit could not be run again
after the first time.

Solution:
Special case the stopping routine on the module's level, and not
universal.
 2016-01-07 16:55:41 -06:00
joev 22a0d970da Don't delete the payload after running. 2016-01-07 02:26:01 -06:00
joev fb99c61089 Remove print_status statement. 2016-01-07 01:17:49 -06:00
joev 210f065427 Add a background option for the echo cmdstager. 2016-01-07 01:16:08 -06:00
g0tmi1k d7061e8110 OCD fixes 2016-01-05 23:28:56 +00:00
wchen-r7 7259d2a65c Use unless instead of if ! 2016-01-05 13:05:01 -06:00
Brendan Coles 7907c93047 Add D-Link DCS-931L File Upload module 2016-01-05 04:15:38 +00:00
joev 00dc6364b5 Add support for native target in addjsif exploit. 2016-01-03 01:07:36 -06:00
joev 0436375c6f Change require to module level. 2016-01-02 23:06:23 -06:00
joev 3a14620dba Update linemax to match max packet size. 2016-01-02 23:00:46 -06:00
joev d64048cd48 Rename to match gdb_server_exec module. 2016-01-02 22:45:27 -06:00
joev dcd36b74db Last mile polish and tweaks. 2016-01-02 22:41:38 -06:00
joev 22aae81006 Rename to exec_payload. 2016-01-02 14:13:54 -06:00
joev 6575f4fe4a Use the cmdstager mixin. 2016-01-02 14:09:56 -06:00
joev a88471dc8d Add ADB client and module for obtaining shell. 2016-01-02 01:13:53 -06:00