github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-11-05 14:57:30 +01:00
Code Releases Activity
38,276 Commits 20 Branches 919 Tags 1.3 GiB
b6a83f734d
Commit Graph

38276 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jenkins
b6a83f734d
Bump version of framework to 4.12.1 2016-05-13 12:39:43 -07:00
David Maloney
31050a8da7
Rails upgrade to 4.2.6 
lands all of the rails 4.2 upgrade work
Merge branch 'staging/rails-upgrade'
 2016-05-13 14:34:50 -05:00
Jenkins
6c11054d5a
Bump version of framework to 4.12.0 2016-05-13 11:46:03 -07:00
David Maloney
fd543f13af
fix deps 2016-05-13 13:34:18 -05:00
David Maloney
348a4f9fa8
Merge branch 'master' into staging/rails-upgrade 2016-05-13 13:03:22 -05:00
wchen-r7
13adc3ee0a
Land #6865, Add CVE-2015-3224 support to rails_web_console_v2_code_exec 2016-05-12 13:56:01 -05:00
David Maloney
d9abb06a5a
Merge branch 'master' into staging/rails-upgrade 2016-05-12 11:18:51 -05:00
David Maloney
11a672e31d
use raw file write for cuke 
the write_file method from aruba
was not working properly anymore, replaced it
with a raw ruby file write
 2016-05-12 11:17:53 -05:00
David Maloney
7edaa2abcc
still trying to fix these migrations 
seeing odd behaviour with mgirations in
rspec
 2016-05-11 14:54:40 -05:00
David Maloney
4c2fed37f9
tweak cucumber scenario 
tweak the database.yml scenario slightly
 2016-05-11 14:28:02 -05:00
David Maloney
2fb3123ef2
fix migration crazieness 
MS-1486
 2016-05-11 14:05:34 -05:00
David Maloney
993709e076
Land #6862, jar payloads 
lands FireFarts jar payload pr
 2016-05-11 09:56:41 -05:00
HD Moore
32e1a19875 Fix up the disclosure date 2016-05-11 00:18:22 -05:00
HD Moore
ded79ce1ff Fix CVE syntax 2016-05-10 23:18:45 -05:00
HD Moore
4a5d150716 Fixups to continue supporting Rails 4.2.x 2016-05-10 23:12:48 -05:00
HD Moore
04bb493ccb Small typo fixed 2016-05-10 23:07:51 -05:00
HD Moore
7c6958bbd8 Rework rails_web_console_v2_code_exec to support CVE-2015-3224 2016-05-10 11:08:02 -05:00
wchen-r7
3db72e9b4b
Land #6853, use send_request_cgi! for CVE-2016-0854 exploit 2016-05-09 16:10:04 -05:00
Christian Mehlmauer
e2dd844e34
reenable jar format 2016-05-09 21:25:23 +02:00
David Maloney
6142d2cef1
Merge branch 'master' into staging/rails-upgrade 2016-05-09 09:27:17 -05:00
Jenkins
805f98f599
Bump version of framework to 4.11.27 2016-05-06 11:32:46 -07:00
Kyle Gray
2a546d191f
Land #6854, smtp header fix 
Fixes an issue with duplicate headers when sending emails.

Fixes MS-1476
 2016-05-06 12:07:12 -05:00
William Vu
c15403a426
Fix #6838, web-console module cleanup 
ommit.
 2016-05-06 12:01:21 -05:00
David Maloney
b6c1aae505
supress banners in cuke tests 2016-05-06 12:00:17 -05:00
David Maloney
1ffab935cc
pull dep mgirations from credential 
credential pulls mdm, so we don't combine these
 2016-05-06 11:57:40 -05:00
William Vu
2abb062070 Clean up module 2016-05-06 11:51:29 -05:00
David Maloney
0b89277394
update deps 2016-05-06 11:49:07 -05:00
David Maloney
5a360be459
Merge branch 'master' into staging/rails-upgrade 2016-05-06 10:56:17 -05:00
David Maloney
e4e6246692 Merge branch 'master' of github.com:rapid7/metasploit-framework 2016-05-06 10:55:52 -05:00
David Maloney
3f4d0479aa
Land #6848, ImageMagick Exploit 
lands wvu's imagemaick exploit
 2016-05-06 10:54:38 -05:00
David Maloney
a763863ff3
remove #truncate_session_desc 
this method was absed around a char limit
for the desc column which no longer exists
trying to perform this operation generates an error
removing the method since it is not needed
 2016-05-06 09:36:12 -05:00
Louis Sato
8dc7de5b84
Land #6838, add Rails web-console module 2016-05-05 15:53:52 -05:00
William Vu
2bac46097f Remove url() for MVG 
Technically unnecessary here.
 2016-05-05 14:18:42 -05:00
William Vu
1bc2ec9c11 Update vulnerable versions to include 6.x (legacy) 2016-05-05 14:18:42 -05:00
William Vu
334c432901 Force https://localhost for SVG and MVG 
https: is all that's needed to trigger the bug, but we don't want wget
and curl to gripe. localhost should be a safe host to request.
 2016-05-05 14:18:42 -05:00
William Vu
26b749ff5a Add default LHOST 
This is a massive workaround and probably shouldn't be done. :-)
 2016-05-05 14:18:42 -05:00
William Vu
5c713d9f75 Set default payload 
Land #6849 for this to be effective.
 2016-05-05 14:18:42 -05:00
William Vu
decd770a0b Encode the entire SVG string 
Because why not? Not like people care about what's around the command.
 2016-05-05 14:18:42 -05:00
William Vu
232cc114de Change placeholder text to something useful 
A la Shellshock. :)
 2016-05-05 14:18:42 -05:00
William Vu
f32c7ba569 Add template generation details 2016-05-05 14:18:42 -05:00
William Vu
23a0517a01 Update description 2016-05-05 14:18:42 -05:00
William Vu
d7b76c3ab4 Add more references 2016-05-05 14:18:42 -05:00
William Vu
5c04db7a09 Add ImageMagick exploit 2016-05-05 14:18:42 -05:00
Adam Cammack
2e460a87dd
Remove extra assignment 2016-05-05 11:24:19 -05:00
Adam Cammack
f75009a9c6
Don't duplicate headers when sending emails 
If Date: and Subject: are present, we should not try to add them again.
This made Amazon SES puke, and that made us sad :(.

MS-1476
 2016-05-05 10:47:21 -05:00
David Maloney
19af279ce9
Merge branch 'master' into staging/rails-upgrade 2016-05-05 10:46:12 -05:00
David Maloney
891a788ad4
Land #6849, mknod to mkfifo 
lands wvu's pr to switch from mknod to
mkfifo for netcat payloads
 2016-05-05 10:34:41 -05:00
Vex Woo
35a780c6a8 fix send_request_cgi redirection issues #6806 2016-05-05 09:55:32 -05:00
dmohanty-r7
f096c3bb99
Land #6821 Fix send_request_cgi! redirection 2016-05-05 09:09:30 -05:00
Brian Patterson
763c234dfe
Land #6852 Remove duplicate key in tcp.rb which was causing a warning on msfconsole start. 2016-05-04 15:51:09 -05:00