dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
13,088 Commits 10 Branches 885 Tags 1.3 GiB
Commit Graph

13088 Commits

Author SHA1 Message Date
James Lee 73331b66e6 Fix execution with spaces in args by using sh -c 
In posix, a command like "echo 'foo bar'" would previously get parsed
out into arguments for execve like [ "echo", "'foo", "bar'" ] which
obviously isn't what you want. After this commit, it sticks the whole
thing in an arg to sh so the execve call ends up looking like
  execve("/bin/sh", ["sh", "-c", "echo 'foo bar'"], [/* 26 vars */]) = 0
This is still a little less than ideal because shell escapes become a
problem; fortunately, that's easy to deal with on the client side as
long as module developers take it into account.
 2012-05-13 14:55:57 -06:00
pyoor 6b6dc60b25 Cisco Secure ACS Auth Bypass Module 2012-05-13 16:16:18 -04:00
Christian Mehlmauer dc10fac885 Ported my Hashcollision Script to Ruby 2012-05-13 20:59:42 +02:00
sinn3r 79a590ccf7 Merge pull request #380 from wchen-r7/bmerinofe-telnet_ruggedcom 
Modified version of pull request #379 - RuggedCom Telnet Password Generator by bmerinofe
 2012-05-13 11:13:27 -07:00
Brandon Perry b0b72b05d5 Adding the beginning of the wapiti report import nokogiri document 2012-05-13 13:02:48 -05:00
Raphael Mudge c7b9b711f1 Armitage 05.14.12 
This release SSL-enables the red team collaboration architecture, adds several keyboard
shortcuts and it improves the workflow for viewing downloaded files/loots.
 2012-05-13 13:56:10 -04:00
sinn3r d2c26f989c Cleanup whitespace 2012-05-13 04:42:22 -05:00
sinn3r c1fbf1f931 Merge branch 'mozilla_attribchildremoved' of https://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-mozilla_attribchildremoved 2012-05-13 04:37:49 -05:00
Peter Van Eeckhoutte (corelanc0d3r) dd42c3096e added exploit for Firefox 8&9 AttributeChildRemoved UAF 2012-05-13 11:31:46 +02:00
sinn3r 15fbb1e86c This the modified version of pull request #379. Changes include: 
* Add more references
* Update description
* MSF license disclaimer
* Remove the to() function. Instead it's in run_host()
* Put 'info' in the :proof key
* Remove ::Exception handling, so we can see the original that's also logged in framework.log
 2012-05-13 04:09:17 -05:00
James Lee e2bf3c5750 throw is not the same as raise 
Clearly this code never gets called.
 2012-05-12 16:53:54 -06:00
Tod Beardsley bc1c9a7fe4 Prepend all messages with victim host:port 
Redefining print_status locally to handle this. Seems like an easy way
to do this kind of thing for a particular module.

[Closes #272]
 2012-05-11 17:48:54 -05:00
Tod Beardsley ab655677b4 Fixed typo, converted to OptEnum for fakedns targetaction 2012-05-11 17:12:31 -05:00
Jose Selvi af71cdafe2 Update modules/auxiliary/server/fakedns.rb 2012-05-11 17:01:14 -05:00
Jose Selvi 1d6b2eb3fe Added TARGETACTION options and wildcard support 2012-05-11 17:01:13 -05:00
sinn3r 5d8fbefc3d Merge pull request #378 from wchen-r7/distinct 
Add OSVDB-80984 - Distinct TFTP Directory traversal
 2012-05-11 13:14:19 -07:00
sinn3r 653d7e5923 Add OSVDB-80984 2012-05-11 15:07:31 -05:00
Tod Beardsley aa3930fcb9 Typo on fixed tftp module 2012-05-10 21:42:33 -05:00
Tod Beardsley 36c805c5ff Move the context setting to the module 
Apparently you can't hit the framework object before running the module
any more. Bummer.

[Fixes #6843]
 2012-05-10 21:21:32 -05:00
sinn3r 7eabce8872 Add comment for PrependEncoder 2012-05-10 12:18:50 -05:00
sinn3r 2b13330483 Merge pull request #376 from wchen-r7/wikkawiki 
Add CVE-2011-4449
 2012-05-10 10:13:56 -07:00
sinn3r 6e8c3ad1e3 It's "inject", not "upload"... because technically that's what really happens. 2012-05-10 12:06:02 -05:00
sinn3r c69e34d407 Update description 2012-05-10 12:02:55 -05:00
sinn3r 86c3ad5e0c Add CVE-2011-4449 2012-05-10 11:57:40 -05:00
Tod Beardsley 65800f7c6e Whitespace on solarwinds 2012-05-09 12:47:22 -05:00
sinn3r b29f2265f5 Merge pull request #369 from jlee-r7/psnuffle-cleanup 
Psnuffle cleanup
 2012-05-08 20:24:47 -07:00
James Lee 7a05f3eab4 Mark failed logins as inactive 2012-05-08 16:51:22 -06:00
James Lee 318b14af4c Fix improper reporting and stack traces when we missed a banner 
Also makes sure we delete the session if we got a 221 response, even if
we haven't seen a login yet.
 2012-05-08 16:40:56 -06:00
James Lee 1eec1cebb5 Fix improper reporting 
:proto is always tcp, udp, etc., name is the higher layer name
 2012-05-08 16:39:32 -06:00
James Lee 536fa39ae8 Keep the client and the server on tracked tcp sessions 2012-05-08 16:38:12 -06:00
James Lee 88b35a32e5 Make permissions consistent 2012-05-08 13:50:43 -06:00
James Lee 421630ef85 Binaries with fixed timestamps 
[See #304]
 2012-05-08 13:49:35 -06:00
Michael Schierl 5bf03aff7d Squashed commit of the following: 
commit db8a4fe575ec09607036ae5550adb83b345d9f2c
Author: Michael Schierl <schierlm@gmx.de>
Date:   Wed Apr 11 00:41:51 2012 +0200

    Ensure the manifest is always at the beginning of the JAR files

    Might create strange errors when loading stdapi if not.

commit fc02de4e36b3b952e256885d277e9c8e91f8f065
Author: Michael Schierl <schierlm@gmx.de>
Date:   Wed Apr 4 23:20:20 2012 +0200

    Change the build file so that it generates fixed timestamps inside meterpreter.jar / ext_server_stdapi.jar

[Closes #304]
 2012-05-08 13:48:21 -06:00
Alexandre Maloteaux 452cead1e9 Merge psnuffle ntlmv2 support from Alex Malateaux 
Testing this with smbclient requires setting "client ntlmv2 auth = yes"
in /etc/samba/smb.conf

Squashed commit of the following:

commit 7acc32f5f00914fed355a080ca237543448f80ca
Author: Alexandre Maloteaux <a.maloteaux@gmail.com>
Date:   Thu Apr 12 01:52:49 2012 +0100

    psnuffle : move protocol filtering in load function

commit 9c9ae9711c760b4f072271b7e5993f9bf8366671
Author: Alexandre Maloteaux <a.maloteaux@gmail.com>
Date:   Thu Apr 12 01:50:48 2012 +0100

    psnuffle : add hash exctratiopn from smbv2 session

[Closes #327]
 2012-05-08 13:41:42 -06:00
Tod Beardsley 86500aad47 Author is always singular. 2012-05-08 08:47:52 -05:00
sinn3r 91a8ff2766 Use print_good when SQL injection is found 2012-05-08 01:30:13 -05:00
sinn3r fa9d23d839 When a blind SQL injection, it's a good thing (for the attacker), so we should use print_good 2012-05-08 01:26:39 -05:00
sinn3r ce16ab662c Cosmetic changes. Also lower the rank for now, because I picked up a state where it can be less stable. 2012-05-08 00:22:19 -05:00
sinn3r 22585ad935 Merge branch 'firefox_exploit' of https://github.com/lincoln-corelan/metasploit-framework into lincoln-corelan-firefox_exploit 2012-05-08 00:00:03 -05:00
lincoln-corelan b8227b8a2e Firefox Exploit 2012-05-07 19:41:03 -07:00
sinn3r 122a3b7848 Merge pull request #366 from rsmudge/armitage 
give source code a correct home.
 2012-05-07 13:53:07 -07:00
HD Moore 6bd0e6ef80 Merge pull request #365 from rsmudge/armitage 
include armitage source in MSF tree.
 2012-05-07 08:38:30 -07:00
HD Moore 8ac11e6054 Merge pull request #364 from jlee-r7/php-meterp-improvements 
Php meterp improvements
 2012-05-07 00:46:17 -07:00
HD Moore 1cf0e555c8 Merge pull request #363 from rsmudge/armitage 
Armitage 05.07.12
 2012-05-07 00:44:44 -07:00
HD Moore 1a30e221a0 See #362 by changing the exitfunc arguments to be the correct type 2012-05-07 02:42:29 -05:00
HD Moore f6c88377f4 Fixes #362 by changing the exitfunction arguments to be the correct type 2012-05-07 02:41:08 -05:00
James Lee 7ef965da45 Add md5 and sha1 support to php meterp 2012-05-07 01:01:08 -06:00
James Lee af6589b725 Add mkdir and rmdir support for PHP 
I swear I've written this code before, i wonder where git hid it.
 2012-05-07 00:41:05 -06:00
James Lee 3a25658511 Add a test for doing md5 and sha1 of remote files 2012-05-06 23:40:52 -06:00
James Lee cf664eb68f Fix the test for having an iface w/an ip matching session_host 
ifaces can have multiple addresses, loop through all of 'em.
 2012-05-06 23:33:40 -06:00