adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
56,474 Commits 27 Branches 1,043 Tags
ffb681cb79b20d6eb44e2a8f4fcd9e8dd67b2b2f
Commit Graph

56474 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Spencer McIntyre ffb681cb79 Land #13485, Update eyesofnetwork_autodiscovery_rce with SQLi auth bypass 2020-05-21 17:24:23 -04:00
Spencer McIntyre ecd3c0f820 Minor doc changes, add module notes and SQLi progress output 2020-05-21 16:31:45 -04:00
Metasploit 3b2290e497 Bump version of framework to 5.0.91 2020-05-21 12:03:52 -05:00
Brent Cook aa12b9847a Land #13496, add a test for stderr output to cmd_exec tests 5.0.90 2020-05-21 08:21:38 -05:00
Brent Cook 7c9f261347 Land #13499, fix Java cmd_exec stderr output handling 2020-05-21 08:19:33 -05:00
Brent Cook c7c94c3446 fix Java cmd_exec stderr output 2020-05-21 08:05:15 -05:00
Tim W 3fcc7e61b2 bump metasploit-payloads to 1.4.2 2020-05-21 15:23:31 +08:00
Tim W 78bd74eaec add a test for stderr output to the cmd_exec tests 2020-05-21 14:47:12 +08:00
Metasploit c3e998f8df automatic module_metadata_base.json update 2020-05-20 23:38:33 -05:00
William Vu 8473662e32 Land #13463, Oracle WebLogic CVE-2020-2555 exploit 2020-05-20 23:21:07 -05:00
William Vu 0e6682edf4 Land #13493, fixes for ThinkPHP and ManageEngine 2020-05-20 23:15:00 -05:00
William Vu 12d4ad68e3 Fix things in ThinkPHP and ManageEngine exploits 
Current pattern is print_good instead of vprint_good for this particular
message directly or indirectly called by execute_command.

CmdStagerFlavor is checked at the top level, but it is also checked per
target. Moving this to where it's more appropriate.
 2020-05-20 22:47:03 -05:00
kalba-security 7c2c227ea0 Improve version checks, remove comments from previous testing 2020-05-20 18:06:42 -04:00
bwatters-r7 e6e47ed890 Land #13262, Add Python stager 
Merge branch 'land-13262' into upstream-master
 2020-05-20 16:22:48 -05:00
Metasploit 671f589341 automatic module_metadata_base.json update 2020-05-20 13:46:08 -05:00
Spencer McIntyre ec3967cec3 Land #13492, Fix punctuation typo in exchange_ecp_viewstate documentation 2020-05-20 11:28:08 -04:00
William Vu 655088bb0d Fix punctuation typo in exchange_ecp_viewstate 2020-05-20 09:47:11 -05:00
Shelby Pace abff1cd731 change true to false 2020-05-19 14:59:47 -05:00
Shelby Pace 4a1d6f362c remove eol spaces from doc 2020-05-19 14:52:34 -05:00
Shelby Pace 378fe767b5 randomize class name 2020-05-19 14:35:36 -05:00
Shelby Pace 8f43ffa8e3 change title 2020-05-19 13:59:27 -05:00
Shelby Pace 6657d3480e remove returns, add autocheck 2020-05-19 13:47:39 -05:00
Shelby Pace 837f307740 rubocop fixes 2020-05-19 13:12:23 -05:00
Shelby Pace df3e8f2c0e fix docs 2020-05-19 12:32:52 -05:00
Shelby Pace d86e008914 Update modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-19 12:29:56 -05:00
Shelby Pace c51a32eaf2 Update modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-19 12:29:41 -05:00
Shelby Pace 5857c80f47 Update modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-19 12:29:17 -05:00
Shelby Pace 4ff4676ab9 Update modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-19 12:28:42 -05:00
Shelby Pace 32386e0947 Update modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-19 12:27:38 -05:00
Shelby Pace 67f4cc8fb6 Update documentation/modules/exploit/multi/misc/weblogic_deserialize_badattrval.md 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-19 12:19:05 -05:00
Shelby Pace ec7ff5efe0 Update documentation/modules/exploit/multi/misc/weblogic_deserialize_badattrval.md 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-19 12:18:58 -05:00
Shelby Pace aea7eb9304 Update documentation/modules/exploit/multi/misc/weblogic_deserialize_badattrval.md 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-19 12:18:46 -05:00
Shelby Pace 3073479dc8 Update documentation/modules/exploit/multi/misc/weblogic_deserialize_badattrval.md 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-19 12:18:38 -05:00
Shelby Pace ddc549e11d Update documentation/modules/exploit/multi/misc/weblogic_deserialize_badattrval.md 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-19 12:18:29 -05:00
kalba-security 6d72fe4854 Update eyesofnetwork_autodiscovery_rce module and documentation 2020-05-19 11:48:48 -04:00
Spencer McIntyre 3b30b53772 Land #13465, Prioritise incomplete packets in the dispatch loop 
Fixes #7403, a race condition where requeued packets are processed out
of order leading to corrupt protocol negotiations.
 2020-05-19 10:37:48 -04:00
Spencer McIntyre 5bb109c41a Add a dlog line when an incomplete packet is requeued 2020-05-19 10:37:26 -04:00
OJ aac9173497 Update the changes with some commentary 
I renamed the queues as well.
 2020-05-19 08:07:48 +10:00
Metasploit b30a52a229 automatic module_metadata_base.json update 2020-05-18 10:12:47 -05:00
William Vu 690172e4ac Land #13443, descriptions for auxiliary actions 2020-05-18 10:03:03 -05:00
Metasploit 662ea8b4a4 automatic module_metadata_base.json update 2020-05-18 07:53:15 -05:00
Alan Foster c019c06505 Land #13445, Pi-Hole <= 4.4 root RCE CVE-2020-11108 2020-05-18 13:41:57 +01:00
Clément Notin 33e35bae7c Add descriptions to auxiliary modules Actions 
And a little formatting
Closes #13403

Update modules/auxiliary/admin/android/google_play_store_uxss_xframe_rce.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/admin/backupexec/dump.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/admin/http/arris_motorola_surfboard_backdoor_xss.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/android/android_stock_browser_iframe.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/admin/tikiwiki/tikidblib.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/smb.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/telnet.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/vnc.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/fakedns.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/tftp.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/http/gzip_bomb_dos.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/http/ibm_lotus_notes.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/http/ibm_lotus_notes2.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/http/webkitplus.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/windows/browser/ms09_065_eot_integer.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/example.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/android_browser_file_theft.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/android_browser_new_tab_cookie_theft.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/apple_safari_webarchive_uxss.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/browser_lanipleak.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/firefox_pdfjs_file_theft.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/flash_rosetta_jsonp_url_disclosure.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/samsung_browser_sop_bypass.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/http.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/http_basic.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/http_ntlm.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/http_ntlmrelay.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/socks4a.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/socks5.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/sip.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/postgresql.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/local_hwbridge.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/webkit_xslt_dropper.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/socks_unc.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/client/iec104/iec104.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/browser_info.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/drda.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/ftp.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/mssql.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/mysql.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/pop3.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/dns/spoofhelper.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/printjob_capture.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update description following Actions removal

Update modules/auxiliary/gather/browser_info.rb

Update modules/auxiliary/gather/browser_info.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/browser_info.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-17 14:51:14 -05:00
William Vu b8ca608800 Land #13415, badchar-free encoded payload fix 2020-05-15 17:50:59 -05:00
OJ ea552c414f Remove from iqueue instead of pqueue 2020-05-16 02:22:53 +10:00
OJ ef172086e5 Prioritise incomplete packets in the dispatch loop 
In certain cases, packets would arrive before their handlers were ready
to handle them. This resulted in packets going into the incomplete list
and being re-queued into the packet input queue. This is a problem when
MORE packets arrive while processing because the older packets end up at
the end of the queue instead of the start of the queue. This means newer
packets are processed FIRST, and hence we have an out-of-order
sequencing problem.

This commit adds an "incomplete queue" which gets prioritised over new
packets. If packets are incomplete at any point, they are added to this
queue, and are dequeued prior to the new packet queue. This results in
packet sequences being maintained.

This was causing issues with things like port forwards. BUT NOT ANY
MORE!
 2020-05-16 01:58:53 +10:00
Adam Cammack ef71b38e35 Land #13464, Bump ruby-prof to fix broken compile 2020-05-15 10:51:19 -05:00
Shelby Pace 9e813b7e1e add archs 2020-05-15 10:22:08 -05:00
Shelby Pace 861ea8d696 add jdk info 2020-05-15 10:16:26 -05:00
Jeffrey Martin 80994e6bb7 update ruby-prof version due to broken compile 
Nightly releases purposely use older toolchains.
https://github.com/ruby-prof/ruby-prof/issues/272
 2020-05-15 09:56:19 -05:00