70a2247941
Pick target is not needed...
2015-07-18 20:12:49 +01:00
7483e77bba
Fix Linux target by trying again if exploit fails
2015-07-18 20:12:13 +01:00
29defc979b
Fix #5740 , remove variable ROP for adobe_flashplayer_flash10o
2015-07-17 16:57:37 -05:00
7113c801b1
Land #5732 , reliability update for adobe_flash_hacking_team_uaf
2015-07-17 16:43:39 -05:00
837eb9ea38
Land #5742 , better quality coverage for adobe_flash_opaque_background_uaf
2015-07-17 16:25:14 -05:00
f77f7d6916
Bump rank
2015-07-17 16:23:27 -05:00
0bd1dc017e
Update coverage information
2015-07-17 16:23:00 -05:00
4e6b00fe31
Land #5473 , @pedrib's exploit for Sysaid CVE-2015-2994
...
* sysaid rdslogs arbitrary file upload
2015-07-17 12:10:40 -05:00
00adbd7f64
Fix quotes
2015-07-17 12:09:54 -05:00
57c4a3387b
Fix paths for windows and cleanup
2015-07-17 12:09:18 -05:00
46ffb97c1c
Land #5471 , @pedrib's module for SysAid CVE-2015-2994
...
* sysaid arbitrary file upload
2015-07-17 11:27:22 -05:00
309a86ec57
Do code cleanup
2015-07-17 11:26:54 -05:00
255d8ed096
Improve adobe_flash_opaque_background_uaf
2015-07-16 14:56:32 -05:00
b504f0be8e
Update adobe_flash_hacking_team_uaf
2015-07-15 18:18:04 -05:00
ea4a7d98b9
Land #5728 , Arch specification for psexec
2015-07-15 15:36:27 +00:00
886ca47dfb
Land #5650 , @wchen-r7's browser autopwn 2
2015-07-15 10:21:44 -05:00
b31c637c1b
Land #5533 , DSP-W110 cookie command injection
2015-07-15 11:22:33 +02:00
21375edcb2
final cleanup
2015-07-15 11:21:39 +02:00
a7d866bc83
specify the 'Arch' values that psexec supports
2015-07-14 15:45:52 -06:00
57f62ffa76
changed URI to TARGETURI as per comments
2015-07-13 20:18:45 -04:00
405261df4f
Land #5710 , php_wordpress_total_cache removal
...
Deprecated.
2015-07-13 18:33:12 +00:00
3feef639b9
Land #5711 , php_wordpress_optimizepress removal
...
Deprecated.
2015-07-13 18:32:37 +00:00
6e12cbf98f
Land #5712 , php_wordpress_lastpost removal
...
Deprecated.
2015-07-13 18:31:31 +00:00
dd188b1943
Land #5713 , php_wordpress_infusionsoft removal
...
Deprecated.
2015-07-13 18:31:01 +00:00
4960e64597
Remove php_wordpress_foxypress, use wp_foxypress_upload
...
Please use exploit/unix/webapp/wp_foxypress_upload instead.
2015-07-13 12:53:34 -05:00
dfbeb24a8f
Remove php_wordpress_infusionsoft, use wp_infusionsoft_upload
...
Please use exploit/unix/webapp/wp_infusionsoft_upload instead.
2015-07-13 12:51:48 -05:00
b80427aed2
Remove php_wordpress_lastpost, use wp_lastpost_exec instead.
...
Please use exploit/unix/webapp/wp_lastpost_exec instead
2015-07-13 12:49:27 -05:00
90cc3f7891
Remove php_wordpress_optimizepress, use wp_optimizepress_upload
...
Please use exploit/unix/webapp/wp_optimizepress_upload instead.
2015-07-13 12:45:39 -05:00
4177cdacd6
Remove php_wordpress_total_cache, please use wp_total_cache_exec
...
The time is up for exploit/unix/webapp/php_wordpress_total_cache,
please use exploit/unix/webapp/wp_total_cache_exec instead.
2015-07-13 12:41:29 -05:00
e638d85f30
Merge branch 'upstream-master' into bapv2
2015-07-12 02:01:09 -05:00
8819674522
updated per feedback from PR
2015-07-11 21:03:02 -04:00
f7ce6dcc9f
We agreed to Normal
2015-07-11 02:07:18 -05:00
0ff7333090
Lower the ranking for CVE-2015-5122
...
As an initial release we forgot to lower it.
2015-07-11 02:05:56 -05:00
1289ec8863
authors
2015-07-11 01:38:21 -05:00
6eabe5d48c
Update description
2015-07-11 01:36:26 -05:00
54fc712131
Update Win 8.1 checks
2015-07-11 01:33:23 -05:00
6f0b9896e1
Update description
2015-07-11 00:56:18 -05:00
115549ca75
Delete old check
2015-07-11 00:42:59 -05:00
63005a3b92
Add module for flash CVE-2015-5122
...
* Just a fast port for the exploit leaked
* Just tested on win7sp1 / IE11
2015-07-11 00:28:55 -05:00
bff92f2304
Initial add
2015-07-10 21:13:12 -04:00
5a045677bc
Add waiting message
2015-07-10 18:48:46 -05:00
8d52c265d9
Delete wfsdelay
2015-07-10 18:46:27 -05:00
63e91fa50f
Add reference
2015-07-10 18:46:06 -05:00
677cd97cc2
Update information
2015-07-10 18:39:11 -05:00
6c6a778218
Modify arkeia_agent_exec title
2015-07-10 18:38:25 -05:00
4995728459
Modify arkeia_agent_exec ranking
2015-07-10 18:37:24 -05:00
858f63cdbf
Land #5693 , @xistence VNC Keyboard EXEC module
2015-07-10 18:35:44 -05:00
1326a26be5
Do code cleanup
2015-07-10 18:35:13 -05:00
917282a1f1
Fix ranking
2015-07-10 17:49:15 -05:00
e063e26627
Land #5689 , @xistence's module for Western Digital Arkeia command injection
2015-07-10 17:11:35 -05:00
bdd8b56336
fix comment
2015-07-10 16:28:20 -05:00
95ae7d8cae
Fix length limitation
2015-07-10 16:24:49 -05:00
3347b90db7
Land #5676 , print_status with ms14_064
2015-07-10 14:40:49 -05:00
29a497a616
Read header as 6 bytes
2015-07-10 14:25:57 -05:00
bed3257a3f
Change default HTTP_DELAY
2015-07-10 12:50:26 -05:00
c9d2ab58d3
Use HttpServer::HTML
...
* And make the exploit Aggressive
2015-07-10 12:48:21 -05:00
e1192c75a9
Fix network communication on `communicate`
...
* Some protocol handling just to not read amounts of data blindly
2015-07-10 11:57:48 -05:00
9206df077f
Land #5694 , R7-2015-08
2015-07-10 11:42:57 -05:00
9ba515f185
Fix network communication on `check`
...
* Some protocol handling just to not read amounts of data blindly
2015-07-10 11:32:49 -05:00
c70be64517
Fix version check
2015-07-10 10:57:55 -05:00
34a6984c1d
Fix variable name
2015-07-10 10:44:38 -05:00
2c7cc83e38
Use single quotes
2015-07-10 10:34:47 -05:00
f66cf91676
Fix metadata
2015-07-10 10:33:02 -05:00
b916a9d267
VNC Keyboard Exec
2015-07-10 14:08:32 +07:00
52d41c8309
Western Digital Arkeia 'ARKFS_EXEC_CMD' <= v11.0.12 Remote Code Execution
2015-07-10 09:51:28 +07:00
d7beb1a685
feedback included
2015-07-09 08:31:11 +02:00
25e0f888dd
Initial commit of R7-2015-08 coverage
2015-07-08 13:42:11 -05:00
a3ec56c4cb
Do it in on_request_exploit because it's too specific
2015-07-08 12:32:38 -05:00
cefbdbb8d3
Avoid unreliable targets
...
If we can't garantee GreatRanking on specific targets, avoid them.
2015-07-08 12:12:53 -05:00
6a33807d80
No Chrome for now
2015-07-07 15:56:58 -05:00
f8b668e894
Update ranking and References
2015-07-07 15:43:02 -05:00
116c3f0be1
Add CVE as a real ref, too
2015-07-07 14:46:44 -05:00
3d630de353
Replace with a real CVE number
2015-07-07 14:44:12 -05:00
fdb715c9dd
Merge branch 'upstream-master' into bapv2
2015-07-07 13:45:39 -05:00
829b08b2bf
Complete authors list
2015-07-07 12:49:54 -05:00
49effdf3d1
Update description
2015-07-07 12:46:02 -05:00
d885420aff
This changes the version requirement for adobe_flash_hacking_team_uaf.rb
...
Because it works for Win 8.1 + IE11 too
2015-07-07 12:42:56 -05:00
d30688b116
Add more requirement info
2015-07-07 12:33:47 -05:00
d9aacf2d41
Add module for hacking team flash exploit
2015-07-07 11:19:48 -05:00
c37b60de7b
Do some print_status with ms14_064
2015-07-07 00:57:37 -05:00
5b6ceff339
mime message
2015-07-06 15:00:12 +02:00
133e221dcd
Remove unnecessary steps.
2015-07-05 19:00:58 -05:00
c993c70006
Remove sleep(), clean up WritableDir usage.
2015-07-05 18:59:00 -05:00
72a1e9ad99
Add module for rootpipe+entitlements exploit for 10.10.3.
2015-07-05 18:19:46 -05:00
43d47ad83e
Port BAPv2 to Auxiliary
2015-07-02 15:29:24 -05:00
8892cbdd10
Fix some minor things
2015-07-02 14:32:16 -05:00
95f19e6f1f
Minor description edits for clarity
...
Edited modules/exploits/multi/browser/adobe_flash_nellymoser_bof.rb
first landed in #5642 , Adobe Flash CVE-2015-3113 Nellymoser Audio
Decoding BOF
Edited modules/post/windows/gather/credentials/enum_laps.rb first landed
in #5590 , @Meatballs1 adds MS LAPS Enum post mod
Edited modules/post/windows/gather/enum_ad_bitlocker.rb first landed in
Keys from AD
2015-07-02 13:51:37 -05:00
87e6325737
Revert BAPv2 changes to framework/libraries/handlers
2015-07-02 12:10:21 -05:00
2957924c78
Merge branch 'upstream-master' into bapv2
2015-07-02 01:46:31 -05:00
3b9ba189f7
Add CVE-2015-3043 information
2015-07-01 19:56:35 -05:00
8051a99f4a
Merge branch 'upstream-master' into bapv2
2015-07-01 18:45:42 -05:00
32d5e7f3de
Land #5642 , Adobe Flash CVE-2015-3113 Nellymoser Audio Decoding BOF
2015-07-01 18:44:38 -05:00
93c74efb97
Add Ubuntu as a tested target
2015-07-01 18:43:22 -05:00
ee118aa89d
Fix description
2015-07-01 13:30:22 -05:00
1de94a6865
Add module for CVE-2015-3113
2015-07-01 13:13:57 -05:00
3632cc44c5
Fix nil error when target not found
2015-06-30 11:48:41 -05:00
7aeb9e555b
Change ranking and support CAMPAIGN_ID
2015-06-29 12:13:46 -05:00
1d50bda609
initial add of blank file
2015-06-27 21:38:25 -04:00
9bd920b169
Merge branch 'upstream-master' into bapv2
2015-06-27 12:19:55 -05:00
326bec0a1f
Land #5581 , s/shell_command_token/cmd_exec/
2015-06-26 16:59:40 -05:00
a10fa02b00
Land #5606 , @wchen-r7's glassfish fixes
2015-06-26 14:12:50 -05:00
3b5e2a0c6e
Use TARGETURI
2015-06-26 14:02:17 -05:00
b46e1be22f
Land #5371 , Add file checking to the on_new_session cleanup
2015-06-26 13:33:57 -05:00
31eedbcfa0
Minor cleanups on recent modules
...
Edited modules/auxiliary/scanner/http/ms15_034_http_sys_memory_dump.rb
first landed in #5577 , MS15-034 HTTP.SYS Information Disclosure
Edited modules/exploits/multi/browser/adobe_flash_shader_drawing_fill.rb
first landed in #5605 , CVE-2015-3105 flash exploit
Edited modules/exploits/multi/browser/adobe_flash_shader_job_overflow.rb
first landed in #5559 , Adobe Flash Player ShaderJob Buffer Overflow
Edited modules/auxiliary/test/report_auth_info.rb first landed in #5540 ,
@wchen-r7's changes for multiple auxiliary modules to use the new cred
API
2015-06-26 12:18:33 -05:00
7ccc86d338
Use cmd_exec
2015-06-26 11:54:19 -05:00
31b7ef49d6
Solve conficts
2015-06-26 11:36:17 -05:00
c70e38a14e
Do more reporting
2015-06-25 22:39:56 -05:00
5ef4cc2bb4
Save creds
2015-06-25 17:10:20 -05:00
1a371b11b0
Update description
2015-06-25 17:04:31 -05:00
ee0377ca16
Add module for CVE-2015-3105
2015-06-25 13:35:01 -05:00
c330d10403
Make SSL as a basic option
...
Also:
Fix #5558
2015-06-25 02:06:51 -05:00
5c98da05fb
This works for Glassfish 4.0 & 9.1
2015-06-25 01:58:24 -05:00
c826785ebb
Fix auth bypass
2015-06-24 19:49:04 -05:00
8e4fa80728
This looks good so far
2015-06-24 19:30:02 -05:00
2206a6af73
Support older targets x86 for MS15-051
2015-06-25 09:33:15 +10:00
a149fb5710
Land #5554 , @g0tmi1k's persistence improvements
...
age aborts
age aborts
2015-06-24 14:37:25 -05:00
e7e8135acd
Clean up module
2015-06-24 14:35:10 -05:00
c8dddbff70
server header
2015-06-24 21:32:01 +02:00
380af29482
Progress?
2015-06-24 14:17:45 -05:00
8bc012a665
echo stager via upload vulnerability
2015-06-23 23:09:08 +02:00
6046994138
version does not return nil
2015-06-23 10:31:01 -05:00
dedfca163d
Change check()
2015-06-22 15:05:12 -05:00
784be06b6f
Update nmap
...
* Use cmd_exec
2015-06-22 14:20:02 -05:00
d98d2ffd4d
Update setuid_viscosity
...
* Use cmd_exec
2015-06-22 14:04:04 -05:00
60bdc10aed
Update setuid_tunnelblick
...
* Use cmd_exec
2015-06-22 13:57:33 -05:00
6a00ce62de
Update persistence module
...
* Delete unused method
2015-06-22 12:25:00 -05:00
3686accadd
Merge branch 'upstream/master' into cve-2015-1701
2015-06-22 07:52:17 +10:00
efece12b40
Minor clean ups for ruby strings and check method
2015-06-21 16:07:44 -04:00
ea49fd2fdc
Update sysaid_rdslogs_fle_upload.rb
2015-06-20 16:59:28 +01:00
3181d76e63
Update sysaid_auth_file_upload.rb
2015-06-20 16:53:33 +01:00
d8e11789ea
cmd_interact - first try
2015-06-20 07:59:25 +02:00
74bc9f7a91
Land #5529 , @omarix's Windows 2003 SP1 & SP2 French targets for MS08-067
2015-06-19 16:57:07 -05:00
61ad4ada7d
Delete commas
2015-06-19 16:03:16 -05:00
9da99a8265
Merge branch 'upstream-master' into bapv2
2015-06-19 11:36:27 -05:00
2587595a92
Land #5556 , vprint_status fix
2015-06-19 11:24:54 -05:00
b994801172
Revert auto tab replacement
2015-06-19 11:22:40 -05:00
6ec8488929
Land #5560 , @wchen-r7 Changes ExcellentRanking to GoodRanking for MS14-064
2015-06-19 11:15:41 -05:00
15985e8b4f
Land #5559 , Adobe Flash Player ShaderJob Buffer Overflow
2015-06-19 10:38:05 -05:00
c95b3bb31d
Land #5479 , @wchen-r7 Updates kloxo_sqli to use the new cred API
2015-06-19 10:32:21 -05:00
c2f0973ed0
Report attempt_time
2015-06-19 10:31:50 -05:00
1c357e6b3c
Land #5478 , @wchen-r7 Updates ca_arcserve_rpc_authbypass to use the new cred API
2015-06-19 10:21:14 -05:00
0f17f622c3
Report last_attempted_at
2015-06-19 10:20:47 -05:00
357a3929a3
Trying to report more accurate status
2015-06-19 09:51:36 -05:00
7e91121afc
Change to Metasploit::Model::Login::Status::SUCCESSFUL
2015-06-18 23:44:45 -05:00
fb9ad663f7
Change to Metasploit::Model::Login::Status::SUCCESSFUL
2015-06-18 23:42:16 -05:00
0b55a889d3
persistence - better ruby/msf fu
2015-06-18 21:10:16 +01:00
afcb016814
Minor description fixups.
...
Edited modules/exploits/multi/browser/adobe_flash_pixel_bender_bof.rb
first landed in #5524 , adobe_flash_pixel_bender_bof in flash renderer .
Removed ASCII bullets since those rarely render correctly.
Edited modules/exploits/unix/webapp/wp_frontend_editor_file_upload.rb
first landed in #5252 , @espreto's module for WordPress Front-end Editor
File Upload Vuln . Fixed up some language usage, camel-cased "WordPress."
2015-06-18 13:25:39 -05:00
13a3f2781d
Change ExcellentRanking to GoodRanking for MS14-064
...
The ms14_064_ole_code_execution exploit's ranking is being lowered
to GoodRanking because of these two reasons:
1. The vulnerable component isn't in Internet Explorer. And BES can't
check it so the exploit still fires even if the target is patched.
2. Although rare, we've seen the exploit crashing IE, and since this
is a memory curruption type of bug, it should not be in Excellent
ranking anyway.
2015-06-18 13:07:44 -05:00
de1542e589
Add module for CVE-2015-3090
2015-06-18 12:36:14 -05:00
ce9481d2b7
Inconstancy - If datastore['VERBOSE'] vs vprint
2015-06-18 09:27:01 +01:00
Pedro Ribeiro
wchen-r7
jvazquez-r7
William Vu
Christian Mehlmauer
Brent Cook
h00die
Mo Sadek
Tod Beardsley
xistence
Michael Messner
HD Moore
joev
Spencer McIntyre
OJ
g0tmi1k