151ed16c02
Re-ranking files
...
../exec_shellcode.rb
Rank Great -> Excellent
../cfme_manageiq_evm_upload_exec.rb
Rank Great -> Excellent
../hp_smhstart.rb
Rank Average -> Normal
2017-04-02 18:33:46 -04:00
e80b8cb373
move sploit.c out to data folder
2017-03-31 20:51:33 -04:00
6910cb04dd
Add first exploit written in Python
2017-03-31 17:07:55 -05:00
1ce7bf3938
Land #8126 , Add SolarWind LEM Default SSH Pass/RCE
2017-03-31 11:21:32 -05:00
c445a1a85a
Wrap ssh.loop with begin/rescue
2017-03-31 11:16:10 -05:00
5e31a32771
Add missing ranks
...
../exec_shellcode.rb
Rank = Great
This exploit is missing autodetection and version checks,
but should be ranked Great due to high number of possible targets
../cfme_manageiq_evm_upload_exec.rb
Rank = Great
This exploit implements a check to assess target availability,
and the vulnerability does not require any user action
../dlink_dcs_930l_authenticated_remote_command_execution
Rank = Excellent
Exploit utilizes command injection
../efw_chpasswd_exec
Rank = Excellent
Exploit utilizes command injection
../foreman_openstack_satellite_code_exec
Rank = Excellent
Exploit utilizes code injection
../nginx_chunked_size
Rank = Great
Exploit has explicit targets with nginx version auto-detection
../tp_link_sc2020n_authenticated_telnet_injection
Rank = Excellent
See dlink_dcs_930l_authenticated_remote_command_execution,
exploit uses OS Command Injection
../hp_smhstart
Rank = Average
Must be specific user to exploit, no autodetection,
specific versions only
2017-03-31 02:39:44 -04:00
9db2e9fbcd
Land #8146 , Add Default Secret & Deserialization Exploit for Github Enterprise
2017-03-24 14:38:47 -05:00
e04f01ed6b
Land #7778 , RCE on Netgear WNR2000v5
2017-03-23 15:34:16 -05:00
3b062eb8d4
Update version info
2017-03-23 13:46:09 -05:00
fdb52a6823
Avoid checking res.code to determine RCE success
...
Because it's not accurate
2017-03-23 13:39:45 -05:00
39682d6385
Fix grammar
2017-03-23 13:23:30 -05:00
ee21377d23
Credit Brent & Adam
2017-03-23 11:22:49 -05:00
196a0b6ac4
Add Default Secret & Deserialization Exploit for Github Enterprise
2017-03-23 10:40:31 -05:00
d37966f1bb
Remove old file
2017-03-23 12:53:08 +03:00
8a43a05c25
Change name of the module
2017-03-23 12:49:31 +03:00
a93aef8b7a
Land #8086 , Add Module Logsign Remote Code Execution
2017-03-22 11:33:49 -05:00
7bcd53d87d
Land #8079 , exploit and aux for dnaLims
2017-03-20 11:08:05 -04:00
fd5345a869
updates per pr
2017-03-20 10:40:43 -04:00
fe5167bf26
changes to file per pr
2017-03-20 10:16:42 -04:00
84e4b8d596
land #8115 which adds a CVE reference to IMSVA
2017-03-18 09:51:52 -04:00
6aa42dcf08
Add solarwinds default ssh user rce
2017-03-17 21:54:35 +03:00
f706c4d7f6
Removing prefix
2017-03-16 00:49:55 +03:00
60186f6046
Adding CVE number
2017-03-16 00:31:21 +03:00
01ea5262b8
Land #8070 , msftidy vars_get fixes
2017-03-14 12:05:24 -05:00
5c436f2867
Appease msftidy in tr064_ntpserver_cmdinject
...
Also s/"/'/g.
2017-03-14 11:52:21 -05:00
5d6a159ba9
Use query instead of uri in mvpower_dvr_shell_exec
...
I should have caught this in #7987 , @bcoles, but I forgot. Apologies.
This commit finishes what @itsmeroy2012 attempted to do in #8070 .
2017-03-14 11:51:55 -05:00
79331191be
msftidy error updated 2.5
2017-03-14 22:02:59 +05:30
67fc43a0a1
msftidy error updated 2.4
2017-03-14 21:33:53 +05:30
fe4e2306b4
Reverting one step
2017-03-13 22:22:24 +05:30
fe4f20c0cc
Land #7968 , NETGEAR R7000 exploit
2017-03-10 16:02:30 -06:00
1c54e0ba94
msftidy error updated 2.2
2017-03-10 23:59:38 +05:30
6d8789a56e
Updated msftidy error 2.1
2017-03-10 23:03:37 +05:30
c0f17cf6b8
msftidy error updated 2.0
2017-03-10 22:16:27 +05:30
f6bac3ae31
Add iso link to md file and change CheckCode code
2017-03-10 13:00:49 +03:00
0ab3ad86ee
change dnalims_file_retrieve module type
2017-03-09 10:06:31 -05:00
95a01b9f5e
add dnaLIMS exploits
2017-03-09 09:46:18 -05:00
081ca17ebf
Specify default resource in start_service
...
This eliminates the need to override resource_uri. Depends on #8078 .
2017-03-09 03:00:51 -06:00
c52b0cba5e
msftidy error on master updated
2017-03-08 20:58:01 +05:30
0f899fdb0b
Convert ARCH_CMD to CmdStager
2017-03-08 07:35:37 -06:00
7976966ce9
Issue 7923 - msftidy errors on master
2017-03-08 03:12:41 +05:30
fb5e090f15
fixes from jvoisin
2017-02-28 20:09:26 -05:00
e5636d6ce1
Adding logsign rce module and doc
2017-02-28 21:04:37 +03:00
e3e607a552
reword description
2017-02-26 15:24:22 -05:00
0c353841ab
forgot add fixes for travis
2017-02-25 23:25:36 -05:00
a8609f5c66
ntfs-3g lpe
2017-02-25 23:09:22 -05:00
f18b533226
change platform time to unix (although it is linux in reality but whatevs)
2017-02-24 22:58:24 +00:00
5d3a4cce67
Use all caps for module option names
2017-02-23 16:30:01 +11:00
25b3cc685a
Update netgear_r7000_cgibin_exec.rb
2017-02-22 11:36:52 -05:00
47fec5626e
Style update
2017-02-22 07:56:17 +00:00
e491f01c70
Add MVPower DVR Shell Unauthenticated Command Execution module
2017-02-22 05:15:57 +00:00
48f6740fee
Land #7969 , Add Module Trend Micro IMSVA Remote Code Execution
2017-02-21 17:29:04 -06:00
a9b9a58d4d
Land #7893 , Add Module AlienVault OSSIM/USM Remote Code Execution
2017-02-21 13:35:56 -06:00
e99ba0ea86
Msftidy stuff
2017-02-18 00:34:49 -05:00
189d5dc005
Thanks netgear
2017-02-18 00:15:45 -05:00
52350292cf
Fix msftidy warning
2017-02-17 18:41:11 -05:00
63d1de9acd
Updates from review
...
Also testing some things, line 84 and 85 mostly
2017-02-17 18:29:46 -05:00
811f6d4d58
Update netgear_r7000_cgibin_exec.rb
2017-02-16 08:38:06 -05:00
90224af813
Fix msftidy warning
2017-02-15 22:39:16 -05:00
81d63c8cc7
Create netgear_r7000_cgibin_exec.rb
2017-02-15 22:33:48 -05:00
4ee05313d8
Update tested version numbers
2017-02-08 19:31:01 +03:00
906fcfe355
OSSIM 5.0.0 version requires a authen token on action create
2017-02-03 23:45:33 +03:00
2ff170a1fa
Land #7820 , Exploit for TrueOnline Billion 5200W-T
2017-01-31 11:33:56 -06:00
f167358540
Land #7821 , Command Injection Exploit for TrueOnline ZyXEL P660HN
2017-01-31 11:28:46 -06:00
b3521dfb69
Land #7822 , Command Injection Exploit for TrueOnline P660HN v2
2017-01-31 11:22:49 -06:00
c666ac93f5
Adding xff header
2017-01-31 14:37:22 +03:00
40108c2374
first commit
2017-01-31 14:15:46 +03:00
0aceb0b1cb
Fix whitespace, thanks msftidy!
2017-01-30 10:16:42 +00:00
5fd31e621e
Add CVE number
2017-01-30 10:03:46 +00:00
ff2b8dcf99
Revert "Land #7605 , Mysql privilege escalation, CVE-2016-6664" - premature merge
...
This reverts commit 92a1c1ece49b16cdf602
2017-01-22 19:16:33 -06:00
92a1c1ece4
Land #7605 , Mysql privilege escalation, CVE-2016-6664
2017-01-22 17:17:28 -06:00
836da6177f
Cipher::Cipher is deprecated
2017-01-22 10:20:03 -06:00
c2c352c2ac
Adding Trend Micro IMSVA module
2017-01-18 11:34:16 +03:00
2dca53e19a
Add full disclosure link
2017-01-17 11:09:44 +00:00
1160a47b55
Add full disclosure link
2017-01-17 11:09:29 +00:00
c2cd26a6e1
Add full disclosure link
2017-01-17 11:09:11 +00:00
7fafade128
fix msftidy stuff v2
2017-01-12 18:06:13 +00:00
ba8dfbd9f1
fix msftidy stuff
2017-01-12 18:05:54 +00:00
f88e68da25
fix msftidy stuff
2017-01-12 18:04:58 +00:00
2274e38925
fix msftidy stuff
2017-01-12 18:03:12 +00:00
b863db9d02
add billion sploit
2017-01-12 17:51:24 +00:00
2827a7ea1a
add 660v2 sploit
2017-01-12 17:50:57 +00:00
af2516d074
add 660v1 sploit
2017-01-12 17:49:28 +00:00
c0880985bc
fix duplicate entry for platform
2017-01-10 01:17:44 +00:00
74cea5dd04
Use Linux payloads instead of cmd/unix/interact
...
As of now, cmd/unix/interact causes msfconsole to freeze, so
we can't use this.
2017-01-09 11:11:17 -06:00
e331066d6d
Add CVE-2016-6433 Cisco Firepower Management Console UserAdd Exploit
2017-01-06 17:05:25 -06:00
13bca2ebc7
add httpusername and password for auto auth
2017-01-06 16:33:51 +00:00
19319f15d4
Land #7626 , Eir D1000 modem exploit
2017-01-04 17:02:39 -06:00
d95a3ff2ac
made changes suggested
2017-01-04 23:02:10 +00:00
b0e79076fe
Switch to wget CmdStager and tune timing
...
We don't want to trample the device with requests.
2017-01-04 16:42:53 -06:00
94d76cfb06
Merge remote-tracking branch 'upstream/master' into tr-069-ntpserver-command-injection
2017-01-03 17:04:04 -06:00
fe0a3c8669
Update themoon exploit to use wget command stager
2017-01-03 15:50:57 -06:00
9d3e90e8e5
cleanup
2017-01-02 17:32:38 +00:00
4c29d23c8a
further cleaning
2016-12-31 17:02:34 +00:00
956602cbfe
add final wnr2000 sploits
2016-12-31 16:49:05 +00:00
9d0ada9b83
Land #7749 , make drb_remote_codeexec great again
2016-12-28 06:11:48 -06:00
cfca4b121c
Clean up module
2016-12-28 06:10:46 -06:00
afd8315e1d
Remove apache_continuum_cmd_exec CmdStager flavor
...
It is inferred from the platform, and we don't want to override it
needlessly. :bourne is what worked during testing, but it won't always
work. Now we can override the flavor with CMDSTAGER::FLAVOR.
2016-12-27 16:24:16 -06:00
870e8046b5
add sploits
2016-12-27 21:12:35 +00:00
679ebf31bd
Minor fix to make dRuby great again
2016-12-23 15:12:22 +01:00
d69acd116d
Make dRuby great again
2016-12-22 15:37:16 +01:00
Bryan Chu
h00die
Adam Cammack
dmohanty-r7
Pearce Barry
William Webb
wchen-r7
Mehmet Ince
bwatters-r7
William Vu
itsmeroy2012
flakey-biscuits
=
Pedro Ribeiro
Brendan Coles
Carter
Brent Cook
joernchen of Phenoelit