infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
51,630 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

2107 Commits (master)

Author SHA1 Message Date
Brent Cook b9742802aa
Land #11137, Clean up linux/local/vmware_alsa_config exploit module 2018-12-21 17:04:11 -06:00
Mehmet İnce 9481ad04f2 Adding support for ARCH_CMD and updating docs 2018-12-20 12:12:01 +03:00
Mehmet İnce 68ceb08957 Fixing minor issues such as err codes 2018-12-19 22:17:34 +03:00
Mehmet İnce e5c8c18ded Adding Mailcleaner exec 2018-12-19 17:35:40 +03:00
Brent Cook fc2d217c0a
Land #11135, strip comments from source code before uploading it to the target 2018-12-17 21:23:29 -06:00
Shelby Pace 2fc501d260
Land #11112, Fix bpf_priv_esc exploit module 2018-12-17 10:00:50 -06:00
Brendan Coles d973a58052 Clean up linux/local/vmware_alsa_config 2018-12-17 08:01:34 +00:00
Brendan Coles fcb512878c Add strip_comments method to Linux local exploits 2018-12-16 14:11:54 +00:00
Brendan Coles b8e134b95d Update version check 2018-12-15 05:39:50 +00:00
Auxilus 6c9fafb9d5
Delete unused variable 
I suppose the variable 'f' was for Name in 06720ee18b/modules/exploits/linux/smtp/haraka.py (L70)

I'm not sure, should it be 'f' at 06720ee18b/modules/exploits/linux/smtp/haraka.py (L70) or just the way it is atm?
 2018-12-14 22:27:11 +05:30
William Vu cb5648a1c7 Add WEBUI_PORT to hp_van_sdn_cmd_inject exploit 2018-12-13 12:22:36 -06:00
William Vu e69f006992 Remove CommandShell mixin in exploits 
This was cargo culting. Exploits use handler instead of start_session.
 2018-12-12 15:43:13 -06:00
Brendan Coles 68d451711b Fix bpf_priv_esc module 2018-12-12 17:23:12 +00:00
Brent Cook bc6356a2cd
Land #11090, update code and style for exploit/linux/local/glibc_origin_expansion_priv_esc 2018-12-10 09:59:03 -06:00
Brendan Coles 237d3c86c4 Code cleanup and update style 2018-12-09 07:26:51 +00:00
Brendan Coles a9c0a5d53d Use ::File::binread for exploit_data file read 2018-12-09 04:09:56 +00:00
Brendan Coles d8ab6a552b Add lkrg_installed? checks 2018-12-08 13:37:12 +00:00
Brendan Coles 275c043cfd Add kernel_config checks 2018-12-07 03:28:17 +00:00
Tod Beardsley 140833215f
Add CVE as issued by DWF 
See discussion on #10987.

Now that I said that out loud, I realize that the original PR for this
module is a really funny PR number.
 2018-12-06 14:59:05 -06:00
Jacob Robles dec08a0b43
Land #10954, apache spark unauth rce module 2018-11-29 13:56:21 -06:00
Jacob Robles 01af176679
Change delay implementation 2018-11-29 10:05:47 -06:00
Jacob Robles ed6c2896e3
Remove duplicate check 2018-11-29 10:04:51 -06:00
Jacob Robles 8508824cc2
Modify check logic 2018-11-29 10:04:05 -06:00
Green-m 4888ec0c29 Delete unused variable. 2018-11-29 10:48:25 +08:00
Green-m ca0a2684f5
Randomize payload main class. 2018-11-28 11:26:51 +08:00
Brent Cook b3ad4a0358
Land #11033, update refs for imap_open vulnerability 2018-11-27 20:23:46 -06:00
h00die e3e7285288
Land #9946 a UEB local priv escalation 2018-11-27 21:19:34 -05:00
h00die 38a99ac90a ueb privesc updates 2018-11-27 21:18:05 -05:00
h00die 4af5ab3089 ueb privesc updates 2018-11-27 21:14:05 -05:00
h00die 63125bbc1a update imap_open refs 2018-11-27 20:31:57 -05:00
Brendan Coles 180876d8fc Add check for SMAP 2018-11-27 23:24:02 +00:00
Brent Cook b05bb616bf
Land #10987, add exploit for PHP imap_open function against various web apps 2018-11-27 16:44:51 -06:00
Brent Cook 66cae6240f
Land #10994, Added exploit for CVE-2018-18955 2018-11-27 16:12:05 -06:00
Brendan Coles 398987e94a ::File.binread 2018-11-27 18:58:05 +00:00
Brendan Coles 45ca248568 chmod 2018-11-27 18:39:03 +00:00
Brendan Coles aae86241ef Update version check 2018-11-27 18:13:29 +00:00
William Vu befca0f2fe
Land #10949, ForceExploit for Linux local exploits 2018-11-27 11:23:03 -06:00
Brent Cook 0fddb8e31c
Land #10768, Exploit for Netgear CVE-2016-1555 2018-11-26 11:45:10 -06:00
h00die e2d58afe13 cleaned up code, added custom 2018-11-25 10:59:53 -05:00
Brendan Coles debf79416b Replace WsfDelay with WfsDelay - Fixes #11018 2018-11-25 04:22:11 +00:00
Brendan Coles 01ed57cbb3 Remove check for nosuid 2018-11-25 01:53:07 +00:00
Brendan Coles ff23a006b7 cleanup 2018-11-25 00:16:39 +00:00
h00die 945755b058 add custom php_imap target 2018-11-24 14:18:13 -05:00
h00die 45f2c5beb2 update php_imap_open docs 2018-11-24 07:26:42 -05:00
h00die e36cef3b96 e107 exploitable now 2018-11-23 20:16:53 -05:00
Green-m 2197da4cd9
Fix code as jrobles suggest. 2018-11-21 11:24:50 +08:00
h00die acf421ffb0 remove eol spaces 2018-11-20 19:45:17 -05:00
h00die 31ad58fb91 edb and author 2018-11-20 19:30:43 -05:00
h00die 4111a61e1a fix module description 2018-11-20 18:35:20 -05:00
h00die 4c59a271e2 added suitecrm to imap_open exploit 2018-11-20 18:33:42 -05:00
Brendan Coles eb17c45000 Add Linux Nested User Namespace idmap Limit Local Privilege Escalation module 2018-11-20 14:10:28 +00:00
Green-m 9884bea84e
Update the reference link. 2018-11-20 17:39:01 +08:00
Green-m 9f573d6f27
Fix code as jrobles suggest. 2018-11-20 16:54:22 +08:00
h00die a28feed7d8 fix normalize and date 2018-11-19 04:00:58 -05:00
h00die 4b09584047 php_imap_open_rce 2018-11-18 21:28:19 -05:00
William Vu 90b9204703 Update DisclosureDate to ISO 8601 in my modules 
Basic msftidy fixer:

diff --git a/tools/dev/msftidy.rb b/tools/dev/msftidy.rb
index 9a21b9e398..e9ff2b21e5 100755
--- a/tools/dev/msftidy.rb
+++ b/tools/dev/msftidy.rb
@@ -442,6 +442,8 @@ class Msftidy
     # Check disclosure date format
     if @source =~ /["']DisclosureDate["'].*\=\>[\x0d\x20]*['\"](.+?)['\"]/
       d = $1  #Captured date
+      File.write(@full_filepath, @source.sub(d, Date.parse(d).to_s))
+      fixed('Probably updated traditional DisclosureDate to ISO 8601')
       # Flag if overall format is wrong
       if d =~ /^... (?:\d{1,2},? )?\d{4}$/
         # Flag if month format is wrong
 2018-11-16 12:18:28 -06:00
Green-m f43aaac290
Clean code. 2018-11-14 16:48:39 +08:00
Green-m 7cc4d09a92
Clean code. 2018-11-14 10:35:38 +08:00
Green-m 388aebc335
Add exploit module for spark unauthenticated rce. 2018-11-12 17:07:50 +08:00
Imran E. Dawoodjee 16d146fd59
Fixing indentation. 2018-11-12 13:24:00 +08:00
Imran E. Dawoodjee 3e4df06500
Some more modifications 
Placed contents of request_post into execute_command
Randomized fingerprint with rand_text_alpha(12)
Spaces at EOL fixed
Normalized target URI
 2018-11-12 13:04:42 +08:00
Imran E. Dawoodjee 818cb37aca
Implemented changes recommended by @bcoles. 2018-11-12 12:26:23 +08:00
Brendan Coles 40bc44d2b6 Add ForceExploit to Linux local modules 2018-11-11 09:37:56 +00:00
Brendan Coles 1f14a9846d
Land #10767, Add Cisco Prime Infrastructure remote root exploit 2018-11-10 17:08:16 +00:00
Green-m 981893a8bf
Merge branch 'master' into sparkrce 2018-11-09 14:12:33 +08:00
Pedro Ribeiro 7464d81c01
Add warning about JSP deletion 2018-11-05 00:52:34 +09:00
Brendan Coles c3080d69f2 Use writable? method for local modules 2018-11-04 05:28:32 +00:00
Spencer McIntyre caf76a6555 Add applicable notes to my exploit modules 2018-10-27 20:54:14 -04:00
Brendan Coles 8826932f72 Fix syntax errors 2018-10-10 14:39:07 +00:00
Brendan Coles 15cfeb37ea CamelCase 2018-10-10 14:35:34 +00:00
Brendan Coles 7a048afd14 Make WritableDir an advanced option 2018-10-10 14:12:29 +00:00
Imran E. Dawoodjee c86f68cb60
Minor changes to module, updated documentation. 2018-10-09 20:39:00 +06:30
Imran E. Dawoodjee 4332c4cffd
Increased linemax from 128 to 2048. 2018-10-09 15:35:47 +06:30
Imran E. Dawoodjee 97b398963b
Suggestions by @bcoles implemented, randomized MAC 2018-10-09 14:02:56 +06:30
Pedro Ribeiro 9bbd90f978
Style fixes and add full disc URL 2018-10-09 13:38:13 +07:00
Imran E. Dawoodjee 78624b7020
Updated documentation and fixed the code (mostly). 2018-10-09 10:52:06 +06:30
Imran E. Dawoodjee 0fe989b42f
Code streamlining. 2018-10-08 21:12:27 +06:30
Imran E. Dawoodjee 4cc2c22026
Used a command stager, improved upon vulnerability detection and 
generally attempted to streamline most of the code. Hardcoded one
vulnerable URI since it's the most likely to be present in all versions
of the vulnerable firmwares.
 2018-10-08 20:51:58 +06:30
Imran E. Dawoodjee b552b803bb
Still working on the HTTP stager. 2018-10-08 15:18:47 +06:30
Imran E. Dawoodjee fcb0b90d7a
Fixed numbering in the documentation steps, offed some whitespace, 
streamlined the send_request_cgi, removed the conn_check.
 2018-10-08 15:04:32 +06:30
Pedro Ribeiro 22d0325d33
Add placeholder for full disclosure URL 2018-10-08 12:33:36 +07:00
Pedro Ribeiro 743a72dff6
Remove header from my own repo 2018-10-08 12:17:11 +07:00
Pedro Ribeiro f0443bbb57
Create cisco prime exploit 2018-10-08 12:16:24 +07:00
Imran E. Dawoodjee 3340cf529c
Fixed duplicate output for check. 2018-10-08 11:19:24 +06:30
Imran E. Dawoodjee 272f26640b
Added module for CVE-2016-1555 (netgear_unauth_exec) 
and its corresponding wordlist file (netgear_boardData_paths.txt).
 2018-10-08 10:22:59 +06:30
Brent Cook e2f97c75a0
Land #10616, update Unitrends UEB module to support vulnerabilities in version 10 2018-10-05 16:20:38 -05:00
Brent Cook a51243ce91
Land #10745, Update lastore_daemon_dbus_priv_esc tested versions 2018-10-05 11:35:31 -04:00
William Vu 7bc98e0ea8 Fix formatting and convert a missed AKA reference 2018-10-05 03:22:08 -05:00
Brendan Coles fe7ce02dfd Update tested versions 2018-10-04 21:13:21 +00:00
William Vu ee06ec2fda Background a subshell to continue execution 
This provides a more stable injection. I should have tested this sooner.
 2018-09-27 23:51:42 -05:00
William Vu 0dab5b622f Change default target to cmd/unix 2018-09-27 23:39:32 -05:00
William Vu e999b4d81c Lower rank to AverageRanking 2018-09-27 23:28:13 -05:00
William Vu 7a2d0acee6 Add basic check method and move rand_srv 
The .srv can be random each request.
 2018-09-27 23:28:13 -05:00
William Vu d29d936d6f Bump WfsDelay to 10 for this slow-ass device 2018-09-27 23:28:13 -05:00
Brent Cook 6126a627cc
Land #10570, AKA Metadata Refactor 2018-09-17 22:29:20 -05:00
William Vu 4c036e70c1 Fix http://seclists.org links to https:// 
I have no idea how this happened in my own code. I was seeing https://.
 2018-09-15 18:54:45 -05:00
h00die 354803185c fix msftidy warning 2018-09-11 05:24:01 -04:00
h00die d8f2d08058 finish up docs and 10 exploit 2018-09-10 21:08:30 -04:00
h00die 589fb4bf3b first try at ueb mix 2018-09-09 22:41:01 -04:00
Erin Bleiweiss 69a785ff46
Update json for python modules 2018-08-31 16:56:22 -05:00
Erin Bleiweiss eb17d9b198
Refactor AKA references for modules 2018-08-31 16:56:05 -05:00
Shelby Pace 6ec8522786
Land #10482, Add Network Manager VPNC Privesc 2018-08-30 10:46:54 -05:00
Christian Mehlmauer a66556b436
fix msftidy errors 2018-08-28 13:12:43 +02:00
William Vu 6df235062b
Land #10505, post-auth and default creds info 2018-08-24 18:08:15 -05:00
Matthew Kienow ecc6c473d8
Add note about unauthenticated telnetd service 2018-08-23 15:50:41 -04:00
Matthew Kienow 56433c8ed2
Functional decomposition refactor and cleanup 2018-08-23 15:23:42 -04:00
Matthew Kienow 961769c346
Fix SNMP Null class comparison 2018-08-23 15:23:42 -04:00
Matthew Kienow 9c05f14a70
Modify SNMP null and error handling 2018-08-23 15:23:42 -04:00
Matthew Kienow 934bb38a44
Omit parentheses for no argument method calls 2018-08-23 15:23:41 -04:00
Matthew Kienow c5958c6e38
Restore original rport value 2018-08-23 15:23:41 -04:00
Matthew Kienow 70a0b9b1be
Remove payload RequiredCmd and reformat info 2018-08-23 15:23:41 -04:00
Matthew Kienow dafa62dec4
Use string interpolation over concatenation 2018-08-23 15:23:40 -04:00
Matthew Kienow 7c03454a0b
Remove unnecessary explicit msf/core require 2018-08-23 15:23:40 -04:00
Matthew Kienow b1a308f3ae
Remove final debug output 2018-08-23 15:23:40 -04:00
Matthew Kienow e21ea4180f
Clean up module and payload 
Update module info, remove intermediate ARCH_ARMLE target, simply
options and add cleanup command so that the payload kills telnetd
 2018-08-23 15:23:40 -04:00
Matthew Kienow 81f1555439
Rename module, exploits multiple printer models 2018-08-23 15:23:40 -04:00
Matthew Kienow df18e354e1
Add bind_busybox_telnetd payload, misc cleanup 2018-08-23 15:23:39 -04:00
Matthew Kienow c0c3e12c74
WIP - hp officejet pro exploit, enhance PJL lib 2018-08-23 14:53:54 -04:00
Brent Cook 11fee8fa2c
Land #10471, Import target DefaultOptions into the datastore 2018-08-20 17:30:27 -05:00
Tim W b8b48fd37a
Land #10313, add linux autostart persistence module 2018-08-20 18:17:50 +08:00
Tim W 865898cba7 minor fixes 2018-08-20 17:51:41 +08:00
Brendan Coles cd48e2fb8f Add Network Manager VPNC Username Privilege Escalation module 2018-08-19 08:15:04 +00:00
Tim W ac71bc86ee
Land #10320, add module for persistence in /etc/rc.local 2018-08-19 15:30:50 +08:00
Tim W e38775b504 minor tweaks 2018-08-19 15:27:04 +08:00
Eliott Teissonniere 63a58d3378 Code style random name 2018-08-17 14:24:28 +08:00
Eliott Teissonniere eb43e4c0bd Rework status printing 2018-08-17 14:24:28 +08:00
Eliott Teissonniere fc234b09c2 Fix HEREDOC not always supported 2018-08-17 14:24:28 +08:00
Eliott Teissonniere e82bde993f Cleanup indentation 2018-08-17 14:24:28 +08:00
Eliott Teissonniere c1d929f5fb Use an HEREDOC for multiline string 2018-08-17 14:24:28 +08:00
Eliott Teissonniere e4d6eb07ca Remove useless statement 2018-08-17 14:24:28 +08:00
Eliott Teissonniere 9962cbebfd Support perl payload 2018-08-17 14:24:28 +08:00
Eliott Teissonniere 6b4870389d Add autostart module 2018-08-17 14:24:28 +08:00
William Vu 7e496ae067 Import target DefaultOptions into the datastore 2018-08-16 12:18:02 -05:00
William Vu 60c0272270 Make style consistent 2018-08-15 21:27:40 -05:00
Kevin Kirsche cd01f11fd2 Remove verifying host keys for all exploits 2018-08-15 14:54:41 -07:00
Wei Chen d9fc99ec4a Correct false negative post_auth? status 2018-08-09 23:34:03 -05:00
Green-m 9cd3ad9895
Not finished module for spark unauth remote code execution. 2018-08-06 05:31:37 -04:00
Brent Cook ae48ba635a
Land #10417, Update check method of Hadoop exploit 2018-08-04 07:28:45 -05:00
Green-m d2c53e1c88
Update the check method. 2018-08-03 01:39:37 -04:00
Tim W 8785ec21b6
Land #9884, add linux ufo priv esc module 2018-08-02 17:53:36 +08:00
Tim W ff418afd1a add a default payload 2018-08-02 17:48:44 +08:00
Tim W cbe85acef5 fix bad link in bpf priv esc 2018-08-02 17:28:22 +08:00
Tim W 1c810249b1 ufo privesc is x64 only 2018-08-02 17:24:44 +08:00
William Vu 4eef9e64ea Implement dropper target in axis_srv_parhand_rce 2018-07-31 21:43:29 -05:00
Wei Chen bcfb3d099b
Land #10255, Adding Micro Focus Secure Messaging Gateway RCE 2018-07-30 21:07:02 -05:00
Mehmet İnce 48a903f0b3 Fixing r and sql variables use same object issue 2018-07-31 00:57:32 +03:00
Brent Cook e78337d59a
Land #10374, Net::SSH::CommandStream fixes 2018-07-25 18:21:39 -05:00
Wei Chen 6c2e8f2402
Land #10300, Add root exploit for Axis network cameras 2018-07-25 14:46:04 -05:00
Wei Chen f169afff6a Add documentation and a new reference 2018-07-25 14:44:44 -05:00
William Vu 60faddebbf Update authors with sinn3r 2018-07-25 14:35:09 -05:00