eb17d9b198
Refactor AKA references for modules
2018-08-31 16:56:05 -05:00
6ec8522786
Land #10482 , Add Network Manager VPNC Privesc
2018-08-30 10:46:54 -05:00
a66556b436
fix msftidy errors
2018-08-28 13:12:43 +02:00
6df235062b
Land #10505 , post-auth and default creds info
2018-08-24 18:08:15 -05:00
ecc6c473d8
Add note about unauthenticated telnetd service
2018-08-23 15:50:41 -04:00
56433c8ed2
Functional decomposition refactor and cleanup
2018-08-23 15:23:42 -04:00
961769c346
Fix SNMP Null class comparison
2018-08-23 15:23:42 -04:00
9c05f14a70
Modify SNMP null and error handling
2018-08-23 15:23:42 -04:00
934bb38a44
Omit parentheses for no argument method calls
2018-08-23 15:23:41 -04:00
c5958c6e38
Restore original rport value
2018-08-23 15:23:41 -04:00
70a0b9b1be
Remove payload RequiredCmd and reformat info
2018-08-23 15:23:41 -04:00
dafa62dec4
Use string interpolation over concatenation
2018-08-23 15:23:40 -04:00
7c03454a0b
Remove unnecessary explicit msf/core require
2018-08-23 15:23:40 -04:00
b1a308f3ae
Remove final debug output
2018-08-23 15:23:40 -04:00
e21ea4180f
Clean up module and payload
...
Update module info, remove intermediate ARCH_ARMLE target, simply
options and add cleanup command so that the payload kills telnetd
2018-08-23 15:23:40 -04:00
81f1555439
Rename module, exploits multiple printer models
2018-08-23 15:23:40 -04:00
df18e354e1
Add bind_busybox_telnetd payload, misc cleanup
2018-08-23 15:23:39 -04:00
c0c3e12c74
WIP - hp officejet pro exploit, enhance PJL lib
2018-08-23 14:53:54 -04:00
11fee8fa2c
Land #10471 , Import target DefaultOptions into the datastore
2018-08-20 17:30:27 -05:00
b8b48fd37a
Land #10313 , add linux autostart persistence module
2018-08-20 18:17:50 +08:00
865898cba7
minor fixes
2018-08-20 17:51:41 +08:00
cd48e2fb8f
Add Network Manager VPNC Username Privilege Escalation module
2018-08-19 08:15:04 +00:00
ac71bc86ee
Land #10320 , add module for persistence in /etc/rc.local
2018-08-19 15:30:50 +08:00
e38775b504
minor tweaks
2018-08-19 15:27:04 +08:00
63a58d3378
Code style random name
2018-08-17 14:24:28 +08:00
eb43e4c0bd
Rework status printing
2018-08-17 14:24:28 +08:00
fc234b09c2
Fix HEREDOC not always supported
2018-08-17 14:24:28 +08:00
e82bde993f
Cleanup indentation
2018-08-17 14:24:28 +08:00
c1d929f5fb
Use an HEREDOC for multiline string
2018-08-17 14:24:28 +08:00
e4d6eb07ca
Remove useless statement
2018-08-17 14:24:28 +08:00
9962cbebfd
Support perl payload
2018-08-17 14:24:28 +08:00
6b4870389d
Add autostart module
2018-08-17 14:24:28 +08:00
7e496ae067
Import target DefaultOptions into the datastore
2018-08-16 12:18:02 -05:00
60c0272270
Make style consistent
2018-08-15 21:27:40 -05:00
cd01f11fd2
Remove verifying host keys for all exploits
2018-08-15 14:54:41 -07:00
d9fc99ec4a
Correct false negative post_auth? status
2018-08-09 23:34:03 -05:00
9cd3ad9895
Not finished module for spark unauth remote code execution.
2018-08-06 05:31:37 -04:00
ae48ba635a
Land #10417 , Update check method of Hadoop exploit
2018-08-04 07:28:45 -05:00
d2c53e1c88
Update the check method.
2018-08-03 01:39:37 -04:00
8785ec21b6
Land #9884 , add linux ufo priv esc module
2018-08-02 17:53:36 +08:00
ff418afd1a
add a default payload
2018-08-02 17:48:44 +08:00
cbe85acef5
fix bad link in bpf priv esc
2018-08-02 17:28:22 +08:00
1c810249b1
ufo privesc is x64 only
2018-08-02 17:24:44 +08:00
4eef9e64ea
Implement dropper target in axis_srv_parhand_rce
2018-07-31 21:43:29 -05:00
bcfb3d099b
Land #10255 , Adding Micro Focus Secure Messaging Gateway RCE
2018-07-30 21:07:02 -05:00
48a903f0b3
Fixing r and sql variables use same object issue
2018-07-31 00:57:32 +03:00
e78337d59a
Land #10374 , Net::SSH::CommandStream fixes
2018-07-25 18:21:39 -05:00
6c2e8f2402
Land #10300 , Add root exploit for Axis network cameras
2018-07-25 14:46:04 -05:00
f169afff6a
Add documentation and a new reference
2018-07-25 14:44:44 -05:00
60faddebbf
Update authors with sinn3r
2018-07-25 14:35:09 -05:00
efacaef9df
Clamp compatible payloads until we know better
2018-07-25 14:14:15 -05:00
86d634cb64
Update module for MVP
2018-07-25 12:01:36 -05:00
f5ccdcfcd2
Net SSH CommandStream fixes implemented
...
* Net::SSH::CommandStream typos fixed
* Net::SSH::CommandStream cleanup made more robust and refactored
* require 'net/ssh/command_stream' added to various modules
2018-07-25 11:22:28 -05:00
08290b81c0
Land #10282 , Add support for running external modules outside of msfconsole
2018-07-18 17:38:40 -05:00
b90583d07c
don't throw an exception in haraka checks if we cannot connect
2018-07-18 17:17:45 -05:00
70a1df70a1
Land #9753 , Linux BPF sign extension local privesc
2018-07-18 18:44:14 +08:00
703f94d981
Check that /etc/rc.local is writeable
2018-07-17 12:52:51 +02:00
97e89cf3bb
Cleanup rc_local patching code
2018-07-17 12:49:55 +02:00
df32ab674d
Fix newline bad character
2018-07-17 12:48:26 +02:00
6bf184dbcf
Update tested versions
2018-07-17 06:24:16 +00:00
7df20539af
Fix msftidy
2018-07-16 11:55:37 +02:00
c84eb9fee9
Handle file patching on framework side
2018-07-16 11:54:37 +02:00
4f137f2f3f
rc.local persistence
2018-07-16 09:34:03 +02:00
6e450973b9
Land #10295 , Add QNAP Q'Center change_passwd Command Execution exploit
2018-07-14 10:09:46 -05:00
18e65abc54
Fix link
2018-07-14 10:03:01 -05:00
9bdec97b2e
Fix bpf_sign_extension_priv_esc
2018-07-13 23:01:17 +00:00
4e72dff791
Update module references
2018-07-14 05:03:13 +10:00
c9001699cd
Land #10027 , Hadoop unauthed command execution
2018-07-12 21:58:49 -05:00
50252c75d6
Clean up module
...
With a little rubocop -a.
2018-07-12 21:58:00 -05:00
9080b38dcc
Add Axis camera exploit (VDOO research)
2018-07-12 18:46:49 -05:00
e613b2570a
Land #10299 , Add 88 CVEs to various auxiliary and exploit modules
2018-07-12 18:26:07 -05:00
3546286049
Add missed ARCH_CMD to top-level Arch array
...
It's not necessary because of targets, but it's required for printing.
2018-07-12 17:37:06 -05:00
1a3a4ef5e4
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
4b62f41369
Add QNAP Q'Center change_passwd Command Execution exploit
2018-07-12 20:00:17 +00:00
acb20e5a29
Land #9780 , CouchDB auth bypass and RCE
2018-07-12 03:36:17 -05:00
f53080ee60
Fix exploit and do final cleanup
2018-07-12 02:13:30 -05:00
167745c124
Selectively add RuboCop fixes
2018-07-11 22:49:46 -05:00
ccc3267166
Correct rubocop -a
...
We'll update .rubocop.yml later.
2018-07-11 22:49:46 -05:00
ca5e496b8f
Run rubocop -a
2018-07-11 21:40:19 -05:00
1af360d7e0
Land #10108 , add IBM QRadar SIEM exploit
2018-07-10 11:52:32 -05:00
1fddbdb8ef
Specify the `command` option external modules
2018-07-10 10:24:07 -05:00
5fc5a47cd2
Update CVE references for exploit modules
...
These are based on cross references by EDB, OSVDB, module short
name, blog post and BID.
2018-07-08 18:46:04 -05:00
f14d06b9d1
Fix ufo_privilege_escalation
2018-07-08 11:05:30 +00:00
b5fb970aec
Land #10133 , Add HID discoveryd RCE exploit
2018-07-06 14:32:29 -05:00
05a0d79be7
Land #10219 , Add HP VAN SDN Controller exploit
2018-07-05 14:21:44 -05:00
53d5d82498
Rename module to match new vector
2018-07-05 13:31:16 -05:00
762b4b5e53
Simplify creds auth by checking X-Auth-Token alone
...
It's a lot more direct than checking for the redirect.
2018-07-05 13:20:27 -05:00
2b069f45ca
Clarify how we're using the auth token for creds
...
In the service token's case, the service token *is* the auth token.
2018-07-05 13:05:23 -05:00
a272dcabd7
Fix typos and additional updates regarding to review
2018-07-05 13:33:40 +01:00
3b8149216f
print a verbose error message
2018-07-04 23:20:58 +01:00
4c1c2e9288
Adding Micro Focus Secure Messaging Gateway RCE
2018-07-04 17:47:13 +01:00
41b0adad88
Use uninstall action command injection
2018-07-03 18:07:22 -05:00
a25a656d28
Add "E" to HP to make HPE for better searches
...
We'll stick with calling it HP everywhere else.
2018-07-03 10:29:09 -05:00
1bf94ac448
Spruce up check method and related
2018-07-02 13:59:24 -05:00
6e090acc76
Stop joking with timeouts
2018-07-02 13:18:31 -05:00
78ca4d4217
Finally use Msf::Util::EXE.to_zip 8)
2018-07-02 13:04:59 -05:00
aa3fcea377
update check method to print error message normaliy
2018-07-01 23:17:34 -04:00
c3b71d4642
Update mismatch indentation and others
2018-07-01 22:43:07 -04:00
6ace45e312
Add correct IBM CVE
...
Turns out IBM decided to revisit the advisory and attribute 3 different CVE numbers intead of 1.
2018-06-30 12:06:16 +07:00
78cefe0528
Clarify original exploit credit
...
It's definitely more than a PoC (exploit). It's weaponized.
2018-06-29 13:02:40 -05:00
34f303187f
Drop privesc retval, since it's obsoleted by print
2018-06-29 12:53:59 -05:00
fc3199259b
Land #9958 , Nagios xi 2 electric
2018-06-29 12:16:18 -05:00
dbb502ae19
Refactor code and address review comments
2018-06-29 12:13:15 -05:00
675a736ab7
Update Docs
2018-06-29 11:08:31 -05:00
574c47cba6
Change Ranking
...
Command to change the database user
account could cause a DoS condition
if the credentials are incorrect.
2018-06-29 10:56:18 -05:00
57b89444f3
Additional style fixes
2018-06-29 10:53:57 -05:00
7532490a1e
Style/Whitespace fixes
2018-06-29 07:02:45 -05:00
36a37cf6ab
Add HP VAN SDN Controller exploit
2018-06-28 02:14:04 -05:00
0820268d8a
Improve rank handling with shim logic
2018-06-19 16:46:20 -05:00
9913606ed9
Correct rank and formatting in Haraka
2018-06-19 11:44:02 -05:00
29f4870fa0
Land #10101 , Add glibc 'realpath()' Privilege Escalation exploit
2018-06-12 16:41:07 -05:00
06b3fdce49
Update reliability because of failures
2018-06-12 16:39:41 -05:00
3bcc329c07
Add HID discoveryd command_blink_on Unauthenticated RCE exploit
2018-06-03 05:41:10 +00:00
d77ee20fc7
Add fix for 7.3.0
2018-05-30 00:59:11 +03:00
f1663afd53
Change patch level of vulnerable versions
2018-05-30 00:37:29 +03:00
476030bbd6
Fix grep with proper Base64 support; IBM bug!
2018-05-29 18:49:52 +03:00
a3c7ac830f
Fix typo in rand
2018-05-29 18:40:50 +03:00
ac5718d24c
Fix whitespace
2018-05-29 15:02:36 +03:00
809982b430
Make changes requested by bcoles
2018-05-29 14:48:57 +03:00
56dd07639f
add vuln versions
2018-05-28 17:37:58 +03:00
aaaa9c7508
Fix warnings from travis
2018-05-28 17:18:52 +03:00
e126681814
Changed disclosure date
2018-05-28 17:08:48 +03:00
cfb7d4c2fe
Add github url
2018-05-28 16:53:54 +03:00
7db8183bc7
Create file for CVE-2018-1418
2018-05-28 16:39:10 +03:00
0af5d44c42
Add glibc 'realpath()' Privilege Escalation exploit
2018-05-26 21:25:59 +00:00
651fb69585
Cleanup linux/local/recvmmsg_priv_esc module
2018-05-24 17:56:07 +00:00
40d5f46277
Lad #10017 , D-Link DSL-2750B Unauthenticated OS Command Injection
...
Merge branch 'land-10017' into upstream-master
2018-05-22 10:54:33 -05:00
6cc1a8dcbd
Rubocop fixes
2018-05-22 10:34:05 -04:00
88ab836e15
Land #9987 , AF_PACKET chocobo_root exploit
2018-05-21 17:05:53 +08:00
9e9dff8b6a
fix file cleanup on failed exploitation
2018-05-21 16:47:09 +08:00
cd0161ada2
fix gcc for shell_reverse_tcp payloads on ubuntu
2018-05-21 16:46:42 +08:00
6ae55aadd4
Fixing documentation, improving exploits code
2018-05-20 12:55:46 -04:00
294b263159
Land #9966 , Add Reliable Datagram Sockets (RDS) Privilege Escalation exploit
...
Merge branch 'land-9966' into upstream-master
2018-05-18 17:06:04 -05:00
37f1e44a12
Land #10009 , Add initial check support to external modules
2018-05-18 09:31:31 -05:00
eb3733ffb4
unless
2018-05-17 17:42:55 +00:00
6594cbb5cc
Land #9947 , AF_PACKET packet_set_ring exploit
2018-05-17 18:43:52 +08:00
dc227153c4
fix gcc on shell_reverse_tcp session
2018-05-17 18:43:27 +08:00
ce5b24eda0
fork early and cleanup files in module
2018-05-17 00:32:01 +08:00
436e414b93
Land #7815 , CVE-2016-9299 exploit
2018-05-16 05:29:41 -05:00
959cbde6eb
Clean up module
2018-05-16 05:29:25 -05:00
c5f980f633
GoodRanking
2018-05-16 02:38:19 +00:00
492be19aa0
Use && instead of and
2018-05-15 05:18:38 -04:00
a61d202586
Delete blank, fix typo and use single quote instead.
2018-05-15 04:27:36 -04:00
03a7bb72af
Add exploit module for apache hadoop unauthorized command execution
2018-05-15 03:47:20 -04:00
8dd7a27f7b
Fixes according to code review
2018-05-14 05:46:23 -04:00
f65361258b
Adding vulnerable firmwares to description
2018-05-13 15:08:32 -04:00
382364a3ff
Adding documentation, improving description
2018-05-13 15:04:40 -04:00
c3ad02121c
Exploit for D-Link DSL2750B OS Command Injection vulnerability
2018-05-13 13:58:35 -04:00
ed5f2bffa9
Land #9919 , add libuser roothelper privilege escalation exploit
2018-05-12 17:11:21 +08:00
a8660e4042
make the PASSWORD option required
2018-05-12 17:10:21 +08:00
b0e712e992
Add banner check exploit/linux/smtp/haraka
2018-05-11 12:45:32 -05:00
90f2fe545c
Add PEP8 whitespace to exploit/linux/smtp/haraka
2018-05-11 12:43:30 -05:00
0ef0fae2b2
rm test code
2018-05-10 22:17:38 -04:00
5ae9b0185d
Add AF_PACKET chocobo_root Privilege Escalation exploit
2018-05-07 07:11:07 +00:00
24de2a3cd0
Merge branch 'master' into couchdb_cmd_exec
2018-05-07 02:53:13 -04:00
2a211d99af
Nuke base_directory after all, FileDropper does not like our path
2018-05-06 22:58:06 -05:00
a9f9d61f1e
Use the target_directory, not base
2018-05-06 22:56:59 -05:00
cd48507aab
Use FileDropper, switch to earlier target directory
2018-05-06 22:56:36 -05:00
1f7b13bea8
Additional module cleanup
2018-05-06 22:50:13 -05:00
3d172df0c4
MD5 of TID and cleanup if statement
2018-05-06 22:24:36 -05:00
68f2e08400
Swap to positive logic
2018-05-06 22:22:47 -05:00
9712215e66
Add Bugtraq ID
2018-05-06 22:21:13 -05:00
5d57e9db34
Remove unnecessary RHOST definition
2018-05-06 22:20:51 -05:00
96a354ffc4
Merge branch 'couchdb_cmd_exec' of https://github.com/Green-m/metasploit-framework
2018-05-06 23:07:14 -04:00
8141e949fc
Note the runtimes
2018-05-05 18:34:11 -05:00
e775a97ae2
Adds panos_readsessionvars exploit module
2018-05-05 15:41:17 -05:00
3aa7441e10
Update tested versions
2018-05-05 09:11:31 +00:00
24af15b6e7
Update kernel version and system arch detection
2018-05-05 07:16:53 +00:00
3a688451b6
Add Reliable Datagram Sockets (RDS) Privilege Escalation
2018-05-03 12:51:21 +00:00
c62fc79537
Fixed typo in description.
2018-05-01 11:37:33 -04:00
89d6ded805
Removing the Nagios enum module, adding description
2018-05-01 11:35:45 -04:00
4c8ad3ca9c
Removing old exploit/docs
2018-04-30 22:26:37 -04:00
ad8bf6d8e3
Renamed exploit to electric boogaloo
2018-04-30 22:20:35 -04:00
f7504dd9d5
Add AF_PACKET packet_set_ring Privilege Escalation exploit
2018-04-28 01:40:17 +00:00
0717500610
initial commit
2018-04-27 14:48:34 -06:00
79d8f5e86c
autofilter = false means skip, which is reverse of intuition
2018-04-26 17:20:55 -05:00
1806c247f1
Fixing tabbed spaces, version number in documentation
2018-04-26 18:15:39 -04:00
b547e6282e
Adding print statement to run the corresponding post module
2018-04-26 17:55:31 -04:00
37a32c2726
Adding module for Nagios XI remote root exploit.
...
See http://blog.redactedsec.net/exploits/2018/04/26/nagios.html for
more information.
2018-04-26 17:42:10 -04:00
54aaf1f718
Land #9937 , enable autofilter on tp-link camera exploit
2018-04-26 16:08:09 -05:00
4789cdc596
enable autofilter on tp-link camera exploit
2018-04-26 14:56:39 -05:00
0fa0358993
Land #9853 , Update Linux sock_sendpage local exploit module
2018-04-26 14:30:51 -05:00
ef5272cdc6
Update tested versions
2018-04-23 20:28:24 +00:00
00583caadf
Add Libuser roothelper Privilege Escalation exploit
2018-04-23 17:49:11 +00:00
e53de896e7
add arch check
2018-04-22 08:32:52 -04:00
e197cb5759
add arch check
2018-04-22 08:30:32 -04:00
1c92134606
Land #9756 , Add lastore-daemon D-Bus Privilege Escalation exploit
...
Merge branch 'land-9756' into upstream-master
2018-04-20 15:45:37 -05:00
37a844bef0
Land # 9247, Add ASUS infosvr Auth Bypass Command Execution exploit
...
Merge branch 'land-9247' into upstream-master
2018-04-20 11:24:47 -05:00
2914ebf631
lpe ufo
2018-04-17 20:39:59 -04:00
a60f205ee0
Fix check return CheckCode and typos
2018-04-15 18:08:49 +10:00
9a3064ad7e
Cleanup and refactor upload_and_compile
2018-04-12 16:43:43 +00:00
0286204b5d
Couchdb debug code
2018-04-12 03:54:02 -04:00
054e525a61
Couchdb debug code
2018-04-12 03:51:37 -04:00
c72ca7544b
dont let this run on meterpreter
2018-04-11 21:05:15 -04:00
fc7040099c
Update Linux sock_sendpage local exploit module
2018-04-10 11:15:42 +00:00
3c5cbd2664
Use cmdstager method, update function to clean file, delete lots of useless code and etc.
2018-04-10 06:14:47 -04:00
c0be313691
Update the get_version and check function
2018-04-09 00:07:58 -04:00
6682acc4db
Pass range as parameter to rand_text_alpha_lower
2018-04-08 23:38:44 -04:00
dabd9c8811
Improve function get_version and check
2018-04-08 07:51:37 -04:00
fd83caf51d
use Gem::Version between
2018-04-08 02:23:45 -04:00
076a73c2ee
use Gem::Version for version comparisons
2018-04-07 23:37:56 -04:00
dd523c7d20
compile path not local file
2018-04-06 18:51:04 -04:00
0d470f67ef
Run bash on the script directly.
2018-04-04 05:49:35 -04:00
c53341f6c0
Fix msftidy problem.
2018-04-04 00:38:57 -04:00
388927b933
Add advanced option Attempts to control exploit times
2018-04-04 00:08:32 -04:00
2472bfdfdc
Fix rand_text_alpha_lower problem.
2018-04-03 23:05:08 -04:00
bbf6d072ea
Fix some errors and bugs.
2018-04-03 22:47:41 -04:00
611a3dc19c
Add exploit module apache_couchdb_cmd_exec
2018-03-27 05:43:03 -04:00
8b220e3bad
minor formatting
2018-03-26 19:53:35 -04:00
1371684df7
add linux mint to docs
2018-03-25 07:58:51 -04:00
9bb6e72020
Add lastore-daemon D-Bus Privilege Escalation exploit
2018-03-24 23:16:42 +00:00
2b08c54cda
bcoles suggestions
2018-03-24 13:59:37 -04:00
e8d910ac08
spelling
2018-03-23 21:40:46 -04:00
6b0691a91a
cve-2017-16995
2018-03-23 21:09:56 -04:00
176fb13c84
Fix #9650 , missed code from TelnetEnable refactor
...
1. Functionality was added incrementally, and I missed an opportunity to
consolidate a few methods under @do_exploit.
2. The Capture mixin can raise RuntimeError for a number of different
reasons, not just a lack of root privileges.
tl;dr Fix my incompetence and laziness. :-)
I don't think EDB and friends usually get these updates. :(
2018-03-05 14:46:27 -06:00
6dbf9445c9
Add MAC address discovery
2018-03-02 19:18:30 -06:00
107512498c
Add check method
2018-03-02 19:16:37 -06:00
25f36fb926
Refactor code into new methods
2018-03-02 19:16:37 -06:00
109bc87ffb
Check for nil, EOFError, and zero-length response
2018-03-02 19:15:20 -06:00
bcdfebf93c
Add a vprint for creds we chose
2018-03-02 19:15:19 -06:00
4418a0de02
Enhance detection of telnetenabled vs. telnetd
2018-03-02 19:15:19 -06:00
fba30d47a2
Use default creds specific to protocol
2018-03-02 19:15:18 -06:00
1f40afea9c
Add automatic target for detection of TCP or UDP
2018-03-02 19:15:18 -06:00
a5e5b618fd
Add print statements I forgot
2018-03-02 19:15:17 -06:00
e87681f2c4
Add NETGEAR TelnetEnable
2018-03-02 19:15:17 -06:00
4b8a8fa2b1
Land #9441 , Create exploit for AsusWRT LAN RCE
...
Merge branch 'land-9441' into upstream-master
2018-02-22 10:40:45 -06:00
78822fd799
Land #9524 , prefer 'shell' channels over 'exec' channels for ssh CommandStream
2018-02-21 06:59:09 -06:00
285b329ee1
Land #9422 abrt race condition priv esc on linux
2018-02-11 11:58:39 -05:00
add7ae8fa1
Land #9536 , Add Ubuntu notes to documentation
2018-02-11 07:27:00 -06:00
321b78b0fe
Land #9408 , Add Juju-run Agent Privilege Escalation module (CVE-2017-9232)
2018-02-11 07:19:49 -06:00
4e5cbd68b9
Add Ubuntu notes to documentation
2018-02-11 06:52:36 +00:00
0d573e1434
Support shell sessions
2018-02-09 16:15:04 -05:00
45249d582d
Add partition check
2018-02-09 16:15:04 -05:00
0ba37f8104
Add glibc $ORIGIN Expansion Privilege Escalation exploit
2018-02-09 16:15:04 -05:00
cb1b59545b
Land #9469 linux local exploit for glibc ld audit
2018-02-09 14:00:42 -05:00
5b251ae672
Support shell sessions on Debian
2018-02-08 11:29:09 +00:00
b1d0529161
prefer 'shell' channels over 'exec' channels for ssh
...
If a command is not specified to CommandStream, request a "shell"
session rather than running exec. This allows targets that do not have a
true "shell" which supports exec to instead return a raw shell session.
2018-02-08 02:21:16 -06:00
d078ab8033
Use 'exit' CommandShellCleanupCommand
2018-02-06 13:36:36 +00:00
696817215b
Update tested versions
2018-02-05 04:48:52 +00:00
e158ccb20b
Support cleanup for meterpreter sessions
2018-02-04 04:38:53 +00:00
74ab02f27b
Support meterpreter sessions
2018-02-03 11:55:08 +00:00
686689afc0
Rename asus_infosvr_exec to asus_infosvr_auth_bypass_exec
2018-02-02 07:53:50 +00:00
7cb0a118c1
Land #9399 a linux priv esc against apport and abrt
2018-02-01 21:54:54 -05:00
3c21eb8111
Update documentation
2018-02-02 02:27:13 +00:00
0d80ca6f79
Change documentation extension from rb to md
2018-01-31 23:26:30 +00:00
092eb0cd11
Add glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation exploit
2018-01-28 05:11:38 +00:00
23f4bf1583
Add documentation
2018-01-27 03:15:06 +00:00
54c6aa7629
Add full disclosure URL
2018-01-26 15:35:18 +07:00
685a950077
Land #9114 , Add module for Kaltura <= 13.1.0 RCE (CVE-2017-14143)
...
Merge branch 'land-9114' into upstream-master
2018-01-23 12:35:59 -06:00
aae77fc1a4
Land #9349 , GoAhead LD_PRELOAD CGI Module
2018-01-22 23:10:36 -06:00
Erin Bleiweiss
Shelby Pace
Christian Mehlmauer
William Vu
Matthew Kienow
Brent Cook
Tim W
Brendan Coles
Eliott Teissonniere
Kevin Kirsche
Wei Chen
Green-m
Mehmet İnce
Sonny Gonzalez
Jacob Robles
asoto-r7
Adam Cammack
Pedro Ribeiro
bwatters-r7
lucyoa
Green-m
HD Moore
BennyHusted
menocu
root
Jeffrey Martin
h00die
Pearce Barry