6187354392
Land #6226 , Add Wordpress XML-RPC system.multicall Credential BF
2016-01-23 00:12:46 -06:00
064af0d670
Remove unwanted comment
2016-01-23 00:11:58 -06:00
ad3eed525b
Handing newer version of WP, fallback CHUNKSIE to 1
2016-01-23 08:06:27 +03:00
d6facbe339
Land #6421 , ADB protocol and exploit
2016-01-22 20:45:44 -06:00
53e9bd7f51
This line does nothing
2016-01-22 18:55:45 -06:00
0f9cf812b7
Bring wordpress_xmlrpc_login back, make wordpress_multicall as new
2016-01-22 18:54:20 -06:00
1b386fa7f1
Add targets to avoid ARCH_ALL payload confusion
2016-01-22 16:45:10 -06:00
a3cafc3bae
Update PHP meterpreter size
2016-01-22 15:14:18 -06:00
91db2597c7
normalize URIs
2016-01-22 11:27:26 -06:00
b02c762b93
Grab zeroSteiner's module/jenkins-cmd branch
2016-01-22 10:17:32 -06:00
216986f7af
Do API documentation, rspec, and other small changes
2016-01-21 17:22:14 -06:00
a8feb8cad5
make passwords faster for reading huge wordlest files
2016-01-21 03:32:50 +03:00
4cb19c75a6
Enhance the module and add version check
2016-01-21 03:19:31 +03:00
fcaef76215
Do a version check
...
This attack is not suitable for newer versions due to the
mitigation in place.
2016-01-20 17:14:44 -06:00
a7cd5991ac
Add encoding of the upload path into the module
2016-01-17 22:44:41 +00:00
5660c1238b
Fix problem causing upload to fail on versions 1.2 and 1.3 of theme
2016-01-17 18:44:00 +00:00
e7e63d92be
Land #6467 : fix missing requires in payloads
...
Fixes #6460
2016-01-15 07:42:14 +10:00
fec75c1daa
Land #6457 , FileDropper for axis2_deployer
2016-01-14 15:10:05 -06:00
28cf943bcb
Fix a couple of missing requires in payloads.
...
This pops up occasionally. This fixes a couple of anecdotal reports of missing
requires that cause the loader to fail, depending on the directory sort order.
It also fixes the problem as reported in #6460
2016-01-14 13:17:26 -06:00
8479d01029
Land #6450 , add TLS support to MSSQL
2016-01-14 12:17:40 -06:00
37178cda06
Land #6449 , properly handle HttpServer resource collisions
2016-01-14 12:15:18 -06:00
7e1446d8fa
Land #6400 , iis_webdav_upload_asp improvements
2016-01-14 12:12:33 -06:00
0216d027f9
Use OptEnum instead of OptString
2016-01-14 09:06:45 +00:00
564b4807a2
Add METHOD to simple_backdoors_exec
2016-01-13 14:42:11 +00:00
889a5d40a1
Add VAR to simple_backdoors_exec
2016-01-13 13:46:26 +00:00
315d079ae8
Land #6402 , Add Post Module for Windows Priv Based Meterpreter Migration
...
We are also replacing smart_migrate with this.
2016-01-13 01:21:32 -06:00
6deb57dca3
Deprecate post/windows/manage/smart_migrate and other things
...
This includes:
* Give credit to thelightcosine in priv_migrate
* Deprecate smart_migrate
* Update InitialAutoRunScript for winrm_script_exec
2016-01-12 23:14:13 -06:00
514199e88f
Register early so the cleanup can actually rm the file
2016-01-12 15:22:03 -06:00
7128c408c8
Land #6375 , Active Directory Managed Groups Enumeration
2016-01-12 11:21:31 +00:00
4ba2d56f49
Just search on DN for samaccountname
2016-01-12 11:20:20 +00:00
88ef3076e4
Land #6441 , x86/BMP polyglot encoder
2016-01-08 17:09:24 -06:00
78bc394f80
Fix #6268 , Use FileDropper for axis2_deployer
...
Fix #6268
2016-01-08 17:09:09 -06:00
5e6620f2cf
add yard doc and lexical sorting
...
lexical sort methods and add missing YARD docs
2016-01-08 14:36:21 -06:00
536378e023
move datastore kill check to kill method
...
move the datastore check for datatstore['KILL']
into the actual kill method for sake of DRYness
2016-01-08 14:31:42 -06:00
9716b97e1c
split up the migration efforts
...
move admin and suer migrations into
seperate methods for enhanced readability
and maintainability
2016-01-08 14:26:39 -06:00
ad50f9a047
move default targets to constants
...
cleanup the way the target lists get populated
to use constants and be a little cleaner and dryer
2016-01-08 14:03:30 -06:00
5266860cec
Squashed more commits back into 1
2016-01-07 17:53:49 -06:00
6a2b4c2530
Fix #6445 , Unexpected HttpServer terminations
...
Fix #6445
Problem:
When an HttpServer instance is trying to register a resource that
is already taken, it causes all HttpServers to terminate, which
is not a desired behavior.
Root Cause:
It appears the Msf::Exploit::Remote::TcpServer#stop_service method
is causing the problem. When the service is being detected as an
HttpServer, the #stop method used actually causes all servers to
stop, not just for a specific one. This stopping route was
introduced in 04772c8946
2016-01-07 16:55:41 -06:00
24290dc169
Address x86/Bmp polyglot encoder feedback
2016-01-07 10:23:32 -05:00
22a0d970da
Don't delete the payload after running.
2016-01-07 02:26:01 -06:00
fb99c61089
Remove print_status statement.
2016-01-07 01:17:49 -06:00
210f065427
Add a background option for the echo cmdstager.
2016-01-07 01:16:08 -06:00
4e99c873c8
Fix issue when target_pid == current_pid
2016-01-06 19:58:07 -06:00
60c506d7fb
Replace error handling methods
2016-01-06 18:53:54 -06:00
6e65d1d871
Land #6411 , chinese caidao asp/aspx/php backdoor bruteforce
2016-01-06 12:03:17 -06:00
bdda8650a2
Do not support username, because the backdoor doesn't use one
2016-01-06 02:02:11 -06:00
cca0ba3efe
Add an x86/Bitmap polyglot encoder
2016-01-05 23:17:34 -05:00
d626d7f0c9
Land #6416 , @all3g's rewrite/improvements to redis_server
2016-01-05 19:02:26 -08:00
90ea88e5ba
Make command used configurable
2016-01-05 16:23:10 -08:00
3ccdd12ecb
Put peer first in all prints
2016-01-05 16:09:50 -08:00
wchen-r7
KINGSABRI
William Vu
rastating
OJ
Brent Cook
Rory McNamara
Meatballs
James Lee
David Maloney
Jonathan Harms
Spencer McIntyre
joev
Josh
Jon Hart