8b04eaaa60
Clean up various whitespace
2016-05-03 02:06:37 -05:00
68ad9b0b53
Land #6835 , support Windows and Java platforms for struts_dmi_exec
2016-05-02 15:04:42 -05:00
df44dc9c1c
Deprecate exploits/linux/http/struts_dmi_exec
...
Please use exploits/multi/http/struts_dmi_exec, which supports
Windows and Java targets.
2016-05-02 15:03:25 -05:00
be363411de
Land #6317 , Add delay(with jitter) option to auxiliary scanner and portscan modules
2016-05-02 13:09:40 -05:00
3300bcc5cb
Make msftidy happier
2016-05-02 02:33:06 -05:00
67c9f6a1cf
Add rails_web_console_v2_code_exec, abuse of a debug feature
2016-05-02 02:31:14 -05:00
6a00f2fc5a
mv exploits/linux/http/struts_dmi_exec.rb to exploits/multi/http/struts_dmi_exec.rb
2016-05-01 00:00:29 +08:00
ec66410fab
add java_stager / windows_stager | exploit with only one http request
2016-04-30 23:56:56 +08:00
73ac6e6fef
Land #6831 , Add CVE-2016-3081 Apache struts s2_032 DMI Code Exec
2016-04-29 11:53:47 -05:00
d6a6577c5c
Default payload to linux/x86/meterpreter/reverse_tcp_uuid
...
Default to linux/x86/meterpreter/reverse_tcp_uuid for now because
of issue #6833
2016-04-29 11:52:50 -05:00
288975a9ce
rm modules/exploits/multi/http/struts_dmi_exec.rb
2016-04-30 00:44:31 +08:00
9d279d2a74
Merge pull request #15 from wchen-r7/pr6831
...
Changes for Apache struts from @wchen-r7
2016-04-30 00:37:53 +08:00
15ffae4ae8
rename module name
2016-04-30 00:17:26 +08:00
1d95a8a76d
rename struts_code_exec_dynamic_method_invocation.rb to struts_dmi_exec.rb
2016-04-30 00:13:34 +08:00
97061c1b90
Update struts_dmi_exec.rb
2016-04-29 11:13:25 -05:00
9e56bb8358
send http request (get -> post)
2016-04-30 00:08:00 +08:00
e9535dbc5b
Address all @FireFart's feedback
2016-04-29 11:03:15 -05:00
6f6558923b
Rename module as struts_dmi_exec.rb
2016-04-29 10:34:48 -05:00
2f66442f1d
Fix #5191 , bad LHOST format causes shell_to_meterpreter to backtrace
...
When using shell_to_meterpreter via a pivot, the LHOST input's format
might be invalid. This is kind of a design limitation, so first we
check the input, and there is a module doc to go with it to explain
a workaround.
Fix #5191
2016-04-28 23:03:54 -05:00
643591546e
struts s2_032 rce - linux_stager
2016-04-29 10:49:56 +08:00
2a91a876ff
Update php/meterpreter_reverse_tcp size
2016-04-27 16:14:38 -05:00
c16a02638c
Add Oracle Application Testing Suite exploit
2016-04-26 15:41:27 -05:00
0cb555f28d
Fix typo
2016-04-26 15:26:22 -05:00
f28d280199
Land #6814 , move stdapi to exist?
2016-04-24 13:41:11 -04:00
194a84c793
Modify stdapi so it also uses exist? over exists? for ruby parity
...
Also add an alias for backward compatibility.
2016-04-23 17:31:22 -04:00
9a873a7eb5
more style fixes
2016-04-23 12:18:28 -04:00
d86174c3bf
style fixes
2016-04-23 12:18:28 -04:00
4250725b13
fix incorrect hex port conversion
2016-04-23 12:18:28 -04:00
7ff5a5fd7e
switch mainframe payloads to fixed size
2016-04-23 11:40:05 -04:00
81af4d2675
Fix: merge error
2016-04-23 23:19:08 +08:00
1d99d08ac8
rebuild
2016-04-23 23:15:19 +08:00
de9ac28db1
class Metasploit4 -> class MetasploitModule
2016-04-23 23:03:48 +08:00
e2fcfc8d09
fix index / space
2016-04-23 23:02:41 +08:00
fca4d53a6f
add yahoo_search / bing_search exception handler
2016-04-23 22:58:39 +08:00
d9633078ec
merge yahoo_search_domain[ip] / bing_search_domain[ip]
2016-04-23 22:45:47 +08:00
66c0832f27
add Rex::Socket.getaddresses exception handler
2016-04-23 20:09:12 +08:00
b47b83dfaa
add results.nil? / results.empty? check
2016-04-23 19:47:33 +08:00
7579abb34e
report_note in a line
2016-04-23 19:43:44 +08:00
55e31bacee
add exception handler
2016-04-23 19:01:55 +08:00
73121f7e2f
add vprint_good
2016-04-23 18:50:48 +08:00
bc1f829fe5
class Metasploit4 -> class MetasploitModule
2016-04-23 17:36:22 +08:00
da9f156913
Print IP in print_*
2016-04-22 16:03:31 -05:00
3aa02891e9
Bring #6801 up to date with upstream-master
2016-04-22 14:04:26 -05:00
4a435e8d13
Bring hp_dataprotector_install_service up to date w/ upstream-master
2016-04-22 13:42:41 -05:00
db1d973ef0
Cosmetic changes for hp_dataprotector_install_service
2016-04-22 13:41:18 -05:00
16ff74e293
syntax check / code reduce
2016-04-22 10:53:03 +08:00
ca4bcfe62a
Update enum_emet.rb
...
Cleaned up a bit more
2016-04-22 00:41:10 +01:00
c81d0ade3f
Update, implemented
...
Took @bcook-r7's advice
2016-04-22 00:37:03 +01:00
30ac6b4a93
enum_emet
...
A module to enumerate all the EMET wildcard paths.
2016-04-22 00:20:25 +01:00
67968e912c
Land #6785 Add CVE-2016-0854 Advantech WebAccess Arbitrary File Upload
2016-04-21 12:02:04 -05:00
57ab974737
File.exists? must die
2016-04-21 00:47:07 -04:00
c08872144f
Update advantech_webaccess_dashboard_file_upload.rb
2016-04-21 09:33:03 +08:00
dcb9c83f98
Update advantech_webaccess_dashboard_file_upload.rb
2016-04-21 09:28:42 +08:00
6b3326eab2
Land #6707 , support for LURI handler
2016-04-20 16:26:07 -05:00
e1e43db551
Land #6789 , remove overwritten keys from hashes
2016-04-20 13:33:31 -05:00
57467b94d9
Fix RegExp evaluation in is_routable? function
2016-04-20 10:22:46 -05:00
57cb8e49a2
remove overwritten keys from hashes
2016-04-20 07:43:57 -04:00
b74930f5c9
Land #6771 , Deprecate dns_bruteforce / dns_cache_scraper / dns_info / dns_reverse_lookup / dns_srv_enum
2016-04-19 16:30:36 -05:00
2400345fff
Merge pull request #2 from open-security/advantech_webaccess_dashboard_file_upload
...
Advantech webaccess dashboard file upload
2016-04-19 12:59:32 +08:00
0407acc0ec
add print_status with vuln_version?
2016-04-19 11:22:00 +08:00
c88ddf1cc4
fix NilClass for res.body
2016-04-19 10:27:20 +08:00
fd603102db
Land #6765 , Fixed SQL error in lib/msf/core/exploit/postgres
2016-04-18 10:44:20 -07:00
89a3755754
Land #6786 , post/windows/manage/autoroute improvements
...
Resolve #6781
2016-04-18 12:11:42 -05:00
a895b452e6
fix
2016-04-19 00:21:26 +08:00
c596421b01
use generate_uri_uuid_mode for java reverse_http
2016-04-18 08:26:02 -05:00
edd30e433e
https tweaks
2016-04-18 08:26:02 -05:00
555352b210
Force lurl string duplication to avoid stageless issues
...
I have NO idea why this is even a problem. Mutating state is the spawn of satan.
2016-04-18 08:25:19 -05:00
a74a7dde55
More fixies for LURI in Python, and native too
2016-04-18 08:25:19 -05:00
06d53112e3
Add support for LURI to the java and android payloads
2016-04-18 08:24:41 -05:00
b95267997d
Fix LURI support for stageless, transport add/change and code tidies
2016-04-18 08:24:41 -05:00
ce9b692dd8
add print_status
2016-04-18 20:43:39 +08:00
7143668671
fix version_match
2016-04-18 20:31:32 +08:00
897238f3ec
identify fingerpriint / make the code clear
2016-04-18 19:55:42 +08:00
7d1095bc08
Update advantech_webaccess_dashboard_file_upload.rb
2016-04-18 11:24:03 +08:00
47b5398152
Update advantech_webaccess_dashboard_file_upload.rb
2016-04-18 11:05:25 +08:00
48556483b5
Fix a few comments
2016-04-17 19:16:52 -05:00
32590c89b7
Add interface name to routing status message
2016-04-17 14:15:50 -05:00
ae23da39b8
Update advantech_webaccess_dashboard_file_upload.rb
2016-04-17 21:23:45 +08:00
ab9e988dd4
Update advantech_webaccess_dashboard_file_upload.rb
2016-04-17 21:15:03 +08:00
6c969b1c3b
Update advantech_webaccess_dashboard_file_upload.rb
2016-04-17 18:49:56 +08:00
fb7194c125
Work on autoroute.md
2016-04-17 00:04:42 -05:00
32192d3034
Advantech WebAccess Dashboard Viewer Arbitrary File Upload
...
Advantech WebAccess Dashboard Viewer Arbitrary File Upload
2016-04-17 11:29:06 +08:00
a5e48b6112
Add default option and clean up comments
2016-04-16 19:50:08 -05:00
6550e0bc1b
Finish up autoadd_interface_routes
2016-04-16 18:42:41 -05:00
b3d199c055
Add get_subnet_octet and test
2016-04-16 14:57:39 -05:00
b1064af082
Initial get_subnet testing
2016-04-16 13:50:15 -05:00
018e7807fe
Identify routable networks
2016-04-15 22:21:54 -05:00
e8863ba09d
Initial autoadd_interface_routes work
2016-04-15 22:13:17 -05:00
a434622d21
Land #6769 , Add CVE-2016-1593 Novell ServiceDesk Authenticated Upload
2016-04-15 18:59:37 -05:00
5f5c330f2b
Initial Testing of Interface Info Gather
2016-04-14 21:59:48 -05:00
92ef8f4ab3
Land #6751 , Correct proftp version check at module runtime
2016-04-14 15:34:53 -05:00
f1523d0804
Land #6779 , Add CVE-2016-1531: Exim "perl_startup" Privilege Escalation
2016-04-14 15:16:50 -05:00
8dfe98d96c
Add bugtraq reference
2016-04-14 10:23:53 +01:00
c39410a070
Fix autoadd problem
2016-04-13 23:31:27 -05:00
6ce7055130
Land #6737 , Added reverse shell JCL payload for z/OS
2016-04-13 22:19:15 -05:00
09873f2f9c
Land #6717 , Add new cmd mainframe payload (generic_jcl) for z/OS
2016-04-13 22:10:23 -05:00
252632a802
Use %w{} for a couple things
...
Why not? :)
2016-04-13 19:38:57 -05:00
de004d7da3
Line up some hash rockets
2016-04-13 19:32:35 -05:00
f8e4253e2f
Add telnet to RequiredCmd
...
Baffles me that cmd/unix/reverse isn't cmd/unix/reverse_telnet.
2016-04-13 18:22:28 -05:00
07ee18a62b
Do something shady with the exploit method
...
Hat tip @acammack-r7.
2016-04-13 18:15:17 -05:00
43e74fce9e
Add Exim privesc
2016-04-13 17:51:20 -05:00
c52a6393b2
Land #6773 , Add Dell Kace K1000 unauthenticated remote root exploit
2016-04-13 10:20:53 -05:00
1d1a495a93
Style check
2016-04-13 10:19:57 -05:00
f73309ef01
Fix the ARM NOP generator after #6762 , #6768 , and #6644
2016-04-12 14:22:57 -05:00
b61175c6b4
Add Dell Kace K1000 unauthenticated remote root exploit
2016-04-12 16:15:37 +00:00
815a918a72
deprecate auxiliary/gather/dns_srv_enum
2016-04-12 08:44:47 +08:00
2bbb58d57e
deprecate auxiliary/gather/dns_reverse_lookup
2016-04-12 08:44:21 +08:00
5e1c540d31
deprecate auxiliary/gather/dns_info
2016-04-12 08:43:50 +08:00
67f8b309c6
deprecate auxiliary/gather/dns_cache_scraper
2016-04-12 08:43:23 +08:00
66ec001110
deprecate auxiliary/gather/dns_bruteforce
2016-04-12 08:42:56 +08:00
ca6beeb676
Land #6187 , @join-us' cleanup for enum_dns
2016-04-11 09:50:12 -07:00
2dc4539d0d
Change class name to MetasploitModule
2016-04-10 23:27:40 +01:00
1fa7c83ca1
Create file for CVE-2016-1593
2016-04-10 23:17:07 +01:00
99b4d0a2d5
remove more regex-style bool checks
2016-04-09 13:49:16 -05:00
a37f9c9eda
Clarify note type
2016-04-08 18:35:43 -07:00
44a98cc36f
Correct overly aggressive style cleanup
2016-04-08 18:00:03 -07:00
7ce5c07c03
Minor style cleanup
2016-04-08 17:39:32 -07:00
7c70a554ea
Merge branch 'pr/6187' into pr/fixup-6187 for pre-master merge testing
2016-04-08 16:56:38 -07:00
8219766538
Land #6760 , llmnr_response TTL fix
2016-04-08 16:45:55 -05:00
6b4dd8787b
Fix #6764 , nil SQL error in lib/msf/core/exploit/postgres
...
Fix #6764
2016-04-08 15:20:04 -05:00
28875313be
Change class name to MetasploitModule
2016-04-08 14:27:52 -05:00
ae46b5a688
Bring #6417 up to date with upstream-master
2016-04-08 13:41:40 -05:00
5839e2e3a8
Land #6762 , Fix ghetto true/false checking in NOP generator
2016-04-07 19:38:24 -05:00
068cf8eba1
Fix ghetto true/false checking in NOP generator
2016-04-07 18:23:33 -05:00
cba7353e1d
Fix another typo?
2016-04-07 17:12:11 -05:00
ff9d94218d
Fix a typo?
2016-04-07 17:11:42 -05:00
a3c390ee9d
Change class name to MetasploitModule
2016-04-07 17:11:08 -05:00
f09637a1c7
Bring #6377 up to date with upstream-master
2016-04-07 17:06:49 -05:00
0d3eb4f055
Change class name to MetasploitModule
2016-04-07 12:15:32 -05:00
0f56dbd858
Bring #6378 up to date with upstream-master
2016-04-07 12:10:55 -05:00
c4aac2a54a
Remove unwanted comments
2016-04-07 11:22:57 -05:00
fa5acba400
TTL setting honors TTL option
...
* change hard-coded ttl value to TTL option
* set TTL option default to 30
2016-04-07 10:59:05 -05:00
7658014fb7
Add CVEs
2016-04-07 08:39:29 -05:00
87d59a9bfb
Add exploit for ExaGrid known credentials
2016-04-07 04:17:43 -05:00
e78e12f295
Land #6515 , Autoadd for /post/windows/manage/autoroute
2016-04-06 15:29:58 -05:00
ac051bda7f
Add check is_routable?, and change netmask if needed
2016-04-06 15:28:54 -05:00
11bf1018aa
Fix typo
2016-04-06 14:20:41 -05:00
d240e0b3a2
Bring #6515 up to date with upstream-master
2016-04-06 11:27:32 -05:00
616bb8399f
remove db_filter / format a json data
2016-04-06 18:39:34 +08:00
a4ef9980f4
Land #6677 , atutor_sqli update
2016-04-05 19:52:44 -05:00
d9d257cb1a
Fix some things
2016-04-05 19:23:11 -05:00
08736c798d
Correct proftp version check at module runtime
2016-04-05 13:06:10 -05:00
dcb6da306c
Land #6720 , SSL scanner fixes
2016-04-04 23:37:52 -05:00
af7eef231c
Fix a few issues with the SSL scanner
...
First, we need to handle public keys with strength not measured on the same bit
scale as RSA keys. This fixes handshakes for ECDSA and others.
Second, depending on the host we are talking to, we may not have a peer cert.
Handle this properly by checking first on the socket before using it.
2016-04-04 22:08:01 -05:00
51b8b4a4d1
Bring #6404 up to date with upstream-master
2016-04-04 16:35:58 -05:00
da3388248a
Uses #blank?
2016-04-04 16:34:49 -05:00
5a6d1ee0a9
Uses MetasploitModule class name
2016-04-04 16:30:55 -05:00
2e1e1ca839
Land #6742 , psexec_psh restoration
2016-04-01 13:59:09 -05:00
d23a1c4551
Bump deprecation date
2016-04-01 13:57:58 -05:00
60bee16e8c
Restore psexec_psh
...
See @jabra-'s comments on #6222 .
2016-04-01 13:56:22 -05:00
HD Moore
wchen-r7
Brian Patterson
join-us
Security Corporation
William Vu
Adam Cammack
Brent Cook
Vincent Yiu
dmohanty-r7
504137480
Louis Sato
Josh Hale
thao doan
Tim
OJ
Pedro Ribeiro
Joshua J. Drake
Brendan Coles
Jon Hart
Sonny Gonzalez
James Lee
greg.mikeska@rapid7.com