4b177b607f
Cosmetic cleanup
2019-02-11 13:44:46 -06:00
c5bff76dc7
Cosmetic changes for office_exel_slk module and documentation
2019-02-11 12:37:17 -06:00
18afc8f546
Bring PR 11249 up to date with upstream master
2019-02-11 12:19:21 -06:00
b49b7ca9db
Remove unneeded require
2019-02-11 11:24:04 -05:00
08e1f86390
Add Webmin 1900 Remote Code Exec Module
...
Adding Webmin RCE module affecting Webmin <= 1.900. Module attempts to
use the Running Processes (proc) permission to determine upload dir,
if the permission is not set the module fails. The user can attempt the
exploit without this permission by setting the 'GUESSUPLOAD' opt to
true.
The default path is in an array of 1 to allow for other OS/Version
default paths to be added in future.
2019-02-11 10:45:03 -05:00
f1675cddad
Documentation
2019-02-10 23:16:45 -05:00
ced3ad0bfd
BMC Patrol CMD Exec Module
2019-02-10 22:26:24 -05:00
6d0797986b
PowerShell check less strict, updated docs.
2019-02-10 14:26:13 +08:00
f589db6831
Land #11152 , add macOS adobe flash player type confusion RCE
2019-02-09 18:46:48 +08:00
5c1f4a4703
fix include -> include?
2019-02-09 18:46:35 +08:00
ab5c59f3ba
Land #11219 , New PCOM client module
2019-02-08 19:26:25 -06:00
c9d18b1613
Make cosmetic changes
2019-02-08 19:22:48 -06:00
a380bb6df1
Land #11239 , Add check for writable and nosuid WritableDir
2019-02-08 19:14:54 -06:00
18a4af1d1d
Land #11279 , improve imap_open exploit to be more robust
2019-02-08 18:28:08 -06:00
bb97a5eba0
Land #11282 , Support to retrieve data from ListConfigFiles SAP webmethod
2019-02-08 18:01:29 -06:00
016ef1116e
Land #11345 , Add Solaris pfexec Upgrade Shell module
2019-02-08 14:19:15 -06:00
25af2b4a6b
\s over \r\n ipcamera
2019-02-07 15:14:13 -05:00
24b899d6d2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into ipcamera
2019-02-07 14:33:39 -05:00
eab31eba4a
update to latest mettle with dylib support
2019-02-07 09:33:36 -06:00
5fc7167beb
Merge remote-tracking branch 'upstream/master' into land-10812-
2019-02-07 09:31:02 -06:00
e0f597f25f
fix license URL
2019-02-07 08:18:04 -06:00
9676ed17ba
Land #11366 , Cisco RV320/RV325 config dumper
2019-02-07 00:01:46 -06:00
35b591a4d1
Moved files to be consistent wtih other 'auxiliary/gather' modules
2019-02-06 23:36:41 -06:00
ab3729cc7b
Improved string matching for patched firmwares
2019-02-06 23:33:52 -06:00
1250811e38
Added disclosure date, cleaned up conditionals, fixed parsing code
2019-02-06 23:27:18 -06:00
b320662751
Putting RPORT back
2019-02-06 23:14:42 -06:00
3cd4dde2f0
Added disclosure date
2019-02-06 23:13:10 -06:00
ba1a03dd30
Updated registered/default options
2019-02-06 22:59:42 -06:00
cb6d7fa210
Land #11165 , Fix intermittent problem with native osx stager
2019-02-06 22:39:07 -06:00
3bc4456a39
Land #11193 , increase capacity for meterpreter 'stat' command
2019-02-06 22:34:25 -06:00
4a344093a4
bump payloads
2019-02-06 22:32:24 -06:00
3a12592976
Land #11072 , Add nuuo_nvrmini_upgrade_rce
2019-02-06 22:30:45 -06:00
c8d79cb7c0
Make minor changes for nuuo module
2019-02-06 22:26:31 -06:00
759960cc33
Provide feedback if the device appears to be patched
2019-02-06 21:46:13 -06:00
69dcd7e53f
Updated errors and failure mechanisms
2019-02-06 21:34:54 -06:00
5631c9a213
Fixed default options
2019-02-06 21:25:53 -06:00
6b8963ee4b
Addressed code review suggestions
2019-02-06 21:14:27 -06:00
51f8259206
Land #11331 , Add C2S DVR Management Password Disclosure module
2019-02-07 01:41:10 +00:00
4db4342a5f
Added database-reporting functionality, removed some debugging
2019-02-06 18:47:12 -06:00
0dbad5d2e3
Land #11349 , Add Evince CBT File Command Injection module
2019-02-06 17:54:07 -06:00
a47115352a
Module to dump configuration of the Cisco RV320/RV325
2019-02-06 17:05:18 -06:00
5e4139dcef
Add notes on stability and side effects
2019-02-05 20:51:34 -06:00
16a58ab3c3
Merge remote-tracking branch 'upstream/master' into feature/crockpot
2019-02-05 20:48:05 -06:00
15f624b745
Land #11304 , Add CVE-2018-1000999 to MailCleaner module
2019-02-05 07:19:32 -06:00
39d0fff909
add support for read and write SDW and MDW operands
2019-02-04 15:56:16 +00:00
b13129f9fb
Land #11348 , Add nil check to enum_patches
2019-02-04 05:25:42 -06:00
ac94557a15
Land #11347 , add version check to Safari RCE exploit
2019-02-04 05:22:01 -06:00
45cb54d265
remove comment from jtr_oracle_fast
2019-02-03 14:31:58 -05:00
fbd81dd6aa
ipcamera password disclosures
2019-02-03 13:40:22 -05:00
e93f215ac1
apply_pot delete files
2019-02-03 10:24:05 -05:00
748e1468b3
creds upgrade and apply_pot
2019-02-03 10:17:25 -05:00
6f31b1a110
Change default payload to reverse_bash
2019-02-03 06:18:31 +00:00
9c3368f325
Add Evince CBT File Command Injection module
2019-02-03 05:38:56 +00:00
28283809f9
Add nil check to enum_patches
2019-02-02 15:33:48 +00:00
787c4400e4
Add Solaris pfexec Upgrade Shell module
2019-02-01 22:58:21 +00:00
239cce53ea
Land #11039 , Add linux x64 ipv6 reverse shell
...
Merge branch 'land-11039' into upstream-master
2019-02-01 16:21:24 -06:00
61b468ac7d
Add URL reference to blog post
2019-02-01 14:49:33 -06:00
7b88277c6f
Prefer case statement over long if block
2019-02-01 14:40:09 -06:00
2640ecb4c4
Land #11338 , Add module to discover Ubiquiti devices
...
Merge branch 'land-11338' into upstream-master
2019-02-01 11:40:52 -06:00
ba69a0b26a
Land #11310 , MSF API to zip instead of relying on system()
2019-02-01 11:32:20 -06:00
f0519a5af5
Minor syntax; add logging for unhandled fields
2019-01-31 18:41:27 -08:00
5a63e629e4
update payload sizes for mettle 0.5.4
2019-01-31 00:12:45 -06:00
0ac3004fe1
fix review comments
2019-01-30 20:27:19 -05:00
9f6b9d586b
updating jtr formats in hashdumpers
2019-01-30 20:16:08 -05:00
4681ed9669
Update docs, strip empty essid
2019-01-30 14:31:20 -08:00
603d2a0c04
Add docs
2019-01-30 14:26:15 -08:00
96d612fb40
WIP commit on module to disover Ubiquiti devices on 10001/UDP
2019-01-30 14:19:02 -08:00
da27c3eeae
centralize hash to jtr formatting
2019-01-30 16:24:05 -05:00
a0f63629b8
Check if we actually downloaded a file
2019-01-30 21:56:11 +07:00
9070435603
Change to support the new nuuo lib
2019-01-30 21:32:33 +07:00
e2c1d0d7fa
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into c2password
2019-01-29 16:37:39 -05:00
febb049668
more info for c2s
2019-01-29 16:36:06 -05:00
95ae4996eb
spelling and spacing
2019-01-29 16:24:35 -05:00
4c14815343
c2s dvr password disclosure
2019-01-29 16:18:30 -05:00
b7bc52d20b
Fix HTTP/SMB mixin order to restore SSL option
...
Mixin order matters. Mixins kinda suck.
2019-01-29 11:09:34 -06:00
6c9a5b3fea
Update Cache Sizes
2019-01-28 15:53:19 -06:00
9930edf704
jtr modernizations
2019-01-25 14:07:24 -05:00
c8bf8781f5
Strip e-mail
2019-01-24 13:49:22 -06:00
156851009b
Remove incorrect documentation
...
The comment is a lie.
2019-01-24 13:48:45 -06:00
0e6fbb439f
Prefer Msf::Util::EXE.to_zip over system()
2019-01-24 13:47:47 -06:00
f0aa002009
Land #10119 , Linux post-exploitation metashell
2019-01-24 11:24:12 -06:00
8cdcba81fe
Fix SessionTypes
2019-01-24 11:22:19 -06:00
006faa3d17
Fix prompt
2019-01-24 11:21:45 -06:00
bb9f50c771
Reverted FILE changes
2019-01-24 22:04:01 +07:00
f5afe98111
Add github and full disc URL
2019-01-24 22:01:02 +07:00
7e592bb8a9
Add github and full disc URL
2019-01-24 22:00:41 +07:00
e0eb802c16
Add github and full disc urls
2019-01-24 22:00:12 +07:00
2bf663cf7d
Add full disclosure URL
2019-01-24 21:59:45 +07:00
2d1cecd4d5
Fix request pattern matching
2019-01-23 13:39:52 -05:00
daa3076d42
Add CVE-2018-1000999 to MailCleaner module
...
See PR #11148
This adds the new CVE assigned by DWF for this vulnerability.
Note that [CVE-2018-10933](https://www.cvedetails.com/cve/CVE-2018-10933/ )
describes a vulnerability in libssh, but this one describes the issue as
it pertains to MailCleaner specifically.
2019-01-23 09:27:12 -06:00
47fd066a29
Msftidy
2019-01-22 21:06:11 -05:00
1f56bccf31
Small improvements from review
2019-01-22 20:46:28 -05:00
2ae6142de7
Land #11243 , Add ASan SUID Privesc
2019-01-22 15:50:53 -06:00
fae1b52115
Land #11297 , Fix a typo in auxiliary/dos/scada/allen_bradley_pccc
...
typo fixed
2019-01-22 11:41:29 -06:00
23e0389bf0
typo fixed
2019-01-22 13:33:24 +00:00
f4aaf6c816
Add https to msf link
2019-01-22 19:14:52 +07:00
e767af4533
add https to msf link
2019-01-22 19:14:24 +07:00
a099418bb8
Update nuuo_cms_file_download.rb
2019-01-22 19:00:26 +07:00
fbde697e3f
Update nuuo_cms_fu.rb
2019-01-22 18:57:02 +07:00
f6fc8a750d
Update modules/auxiliary/gather/nuuo_cms_file_download.rb
...
Co-Authored-By: pedrib <pedrib@gmail.com>
2019-01-22 18:55:09 +07:00
d45f38c88f
Update modules/auxiliary/gather/nuuo_cms_file_download.rb
...
Co-Authored-By: pedrib <pedrib@gmail.com>
2019-01-22 18:55:02 +07:00
5fc0c66109
add version to check to safari exploit
2019-01-22 16:10:51 +08:00
f336f41182
Update nuuo_cms_sqli.rb
2019-01-22 12:50:02 +07:00
fa4c6896d2
Update nuuo_cms_file_download.rb
2019-01-22 12:49:20 +07:00
49beac7010
Update nuuo_cms_bruteforce.rb
2019-01-22 12:47:09 +07:00
4e1d79ac4b
Update nuuo_cms_fu.rb
2019-01-22 12:45:47 +07:00
da4bd2e9b8
Remove peer
2019-01-22 12:10:45 +07:00
636461c363
remove peer
2019-01-22 12:10:08 +07:00
4c9d5ad9a7
Remove peer
2019-01-22 12:09:39 +07:00
0685ebed76
Remove peer as that is not needed
2019-01-22 12:08:41 +07:00
9a068e9221
Repair CMS installation and use getsystem
2019-01-22 11:57:54 +07:00
688ee3d579
Remove tested versions since that is already on the docs
2019-01-22 11:43:33 +07:00
27cac0a9fe
Update nuuo_cms_file_download.rb
2019-01-21 18:10:19 +07:00
dc0f388b26
Update nuuo_cms_bruteforce.rb
2019-01-21 18:01:25 +07:00
100fd7b80a
Make description shorter
2019-01-21 17:40:50 +07:00
15d4ca9070
Add CMS link and manual ranking
2019-01-21 17:33:58 +07:00
f8de99422d
Add correct rand call
...
Co-Authored-By: pedrib <pedrib@gmail.com>
2019-01-21 17:31:23 +07:00
5b699768fb
Add correct rand call
...
Co-Authored-By: pedrib <pedrib@gmail.com>
2019-01-21 17:31:08 +07:00
88c74fcd40
add https for link
...
Co-Authored-By: pedrib <pedrib@gmail.com>
2019-01-21 17:30:54 +07:00
01e510b48f
add failure tag
...
Co-Authored-By: pedrib <pedrib@gmail.com>
2019-01-21 17:30:35 +07:00
d0861811c2
Add files via upload
2019-01-21 17:17:36 +07:00
bd3d6ee6bf
Create nuuo_cms_sqli.rb
2019-01-21 17:14:41 +07:00
3a3d163474
Add nuuo CMS bruteforce module
2019-01-21 17:11:27 +07:00
9ffff16e95
Add Nuuo CMS file upload exploit
2019-01-21 17:06:10 +07:00
060d20694d
Attribution
2019-01-20 09:18:43 +00:00
4ec5e7d23a
msftidy cleanup
2019-01-19 18:16:26 +01:00
2bcdc550c6
Support to retrieve data from ListConfigFiles SAP webmethod
2019-01-19 17:36:47 +01:00
8dffa35f04
Support to retrieve data from ListConfigFiles webmethod
2019-01-19 14:45:34 +01:00
f47060870a
horde imp h3 imap_open
2019-01-18 19:43:45 -05:00
2585e4b708
horde imp h3 imap_open
2019-01-18 19:38:30 -05:00
f8af9a9e4d
Merge remote-tracking branch 'upstream/master' into pr/10119
2019-01-18 10:43:34 -06:00
1121ce1127
Change default filename to random
2019-01-17 20:12:53 -05:00
5d49f04948
not working horde imp imap_open
2019-01-17 19:55:42 -05:00
2577160449
update print_error, add PrependFork and adjust timeout
2019-01-16 23:20:06 -08:00
31a7b13c19
ms17_010_psexec: fix RHOST in "authenticating..." message
2019-01-16 11:23:21 +01:00
1947bae45b
Land #11230 , add JuicyPotato local privilege escalation
2019-01-15 21:20:25 -06:00
06de16a36f
Merge remote-tracking branch 'upstream/master' into pr/10119
2019-01-15 18:33:48 -06:00
ffe5db4010
new pcom client mode that allows to read and write
...
several types of operands
2019-01-16 00:16:38 +00:00
27d6fffdad
Land #11125 , Import/generate `ysoserial` Java serialization objects
2019-01-15 17:09:56 -06:00
a73fe9433b
land #11169 blueman priv esc on linux
2019-01-15 10:32:46 -05:00
923a4ba098
Land #11263 , uppercase KoreLogic in JTR modules
2019-01-15 08:50:11 -06:00
9616a9f79d
Land #11245 , doc update for chrome_cookies
2019-01-15 07:27:35 -06:00
04363b7b7e
Doc update
...
post:chrome_cookies
2019-01-15 07:19:46 -06:00
93f66a1f22
uppercase
2019-01-15 08:04:11 -05:00
8c636f27d5
Update check method to confirm vulnerability
2019-01-15 11:31:31 +11:00
47f8738f74
Add Imran Rashid to CVE-2018-11770 credit
2019-01-14 15:28:08 -06:00
52ff0a8b75
Update exploits/linux/http/spark_unauth_rce as CVE-2018-11770
2019-01-14 15:10:29 -06:00
8cd26b74d7
Please msftidy gods
2019-01-13 19:22:51 -05:00
171d46db9b
Add disclosure date, more references, and authors
2019-01-13 19:11:05 -05:00
89e8ff9c80
Update office_excel_slk.rb
2019-01-13 18:08:51 -05:00
d88d1d0f1d
Create office_excel_slk.rb
2019-01-13 17:31:34 -05:00
c6f4eda7f9
Add ASan SUID Executable Privilege Escalation module
2019-01-12 09:14:20 +00:00
e69d509bdf
chore: update description and ranking
2019-01-12 04:32:21 +01:00
3a865a0c05
feat: spawn as NT AUTHORITY\SYSTEM
2019-01-12 04:03:26 +01:00
e9a8d5708a
Land #11234 , @bcoles revisionism
2019-01-11 20:15:34 -06:00
fe6956d7f7
Use mixins
2019-01-11 22:46:58 +00:00
20fd6b6134
Add check for writable and nosuid WritableDir
2019-01-11 22:41:14 +00:00
149f895329
feat: add LOGFILE support for debug
2019-01-11 18:21:54 +01:00
dca99552e6
feat: pass payload length to the dll
2019-01-11 16:28:49 +01:00
7653d64c4a
fix: improve exploit check
2019-01-11 15:38:57 +01:00
24f807490f
revisionism
2019-01-10 19:19:14 +00:00
9f8bac59f7
Land #11215 , success
2019-01-10 12:57:46 -06:00
86850e7062
Land #11217 , fix syntax and logic errors in badpdf module
2019-01-10 12:52:08 -06:00
74330f87dc
Land #11223 - ueb priv esc suggestion
...
ueb priv esc suggestion.
2019-01-10 10:35:28 -06:00
dc2d3c5774
feat: add juicy potato post module, fixes #11229
2019-01-10 17:20:43 +01:00
2f939481e7
Land #11206 , add coldfusion ckeditor file upload
2019-01-10 07:27:38 -06:00
b81f59e7b1
Fix targets and syntax changes
2019-01-10 06:39:45 -06:00
71aa4c8d9e
Adding respond code/body check for successful command execution
2019-01-10 00:01:19 -08:00
3aabeee959
Update SSL, timeout and uid regex
2019-01-09 23:20:37 -08:00
5a956bb27b
Apply suggestions from code review
...
Co-Authored-By: rsp3ar <rsp3ar@users.noreply.github.com>
2019-01-09 21:07:01 -08:00
799a79b715
ueb priv esc suggestion
2019-01-09 20:28:53 -05:00
4bfb90ce06
new PCOM module to send admin commands
2019-01-09 20:27:15 +00:00
913c80c352
Land #11106 , Allen-Bradley legacy protocol DoS
2019-01-09 12:12:02 -06:00
0f156140fe
Clean up module
2019-01-09 12:11:50 -06:00
307cc8c107
fix comment
2019-01-09 11:12:51 -06:00
cf1b4b43cb
auxiliary/fileformat/badpdf: fix syntax and logic error in options handling
2019-01-09 14:30:24 +01:00
0c984fa232
Fix messages /successfuly/successfully
2019-01-09 06:32:22 -06:00
24de5d6ee3
Update to use CmdStager
2019-01-08 20:07:35 -08:00
16b8cf7059
Land #11148 , Adding Module MailCleaner RCE
2019-01-08 14:10:31 -06:00
a0acfa79d7
Target payloads
2019-01-08 13:27:26 -06:00
c2da3dbbd3
Land #11052 , Add gather chrome cookies post module
2019-01-08 07:32:16 -06:00
a95384e288
Additional support and code cleanup
2019-01-08 06:57:56 -06:00
bab651e94d
Add Imperva SecureSphere module
2019-01-07 22:18:04 -08:00
f96514528b
Land #10648 , auth bypass for couchdb_enum
2019-01-07 12:53:11 -06:00
3a726554e9
Fix review comments
2019-01-07 12:51:52 -06:00
a63c057c3a
Integrate bcoles' comments (filename generation, conditional block improvement, etc.)
2019-01-06 22:50:46 +01:00
c03466d2f2
Fixed date format issue and added Bugtraq ID
2019-01-06 14:34:40 +01:00
4644ad8966
Add CVE-2018-15961 Adobe ColdFusion CKEditor unrestricted file upload
2019-01-06 04:55:20 +01:00
e990bb31df
Land #11182 , bump mettle, change debug and background options
2019-01-03 02:57:19 -06:00
811605a9b8
Cleanup headless Chrome process for meterpreter sessions
2018-12-30 18:05:41 +11:00
5957315167
Land #11141 , Ensure Byte XORi Encoder uses cacheflush()
2018-12-29 10:20:07 +00:00
005b2664b8
Land #11140 , Ensure MIPS Long XOR Encoder uses cacheflush()
2018-12-29 10:14:47 +00:00
9e109c7e7c
Update cache size
2018-12-28 16:08:15 -06:00
29e7c49332
Land #10444 , add Consul rexec RCE module
2018-12-28 09:14:28 -06:00
fb8f06b2f5
Land #10443 , add Consul service RCE module
2018-12-28 08:33:56 -06:00
4e8ad22a7a
Adding CVE number
2018-12-26 13:15:36 +03:00
69e7956adf
Land #11174 , Fix platform bug when upgrade shell.
...
The platform on windows powershell should be 'win', rather than
'windows', this bug leads to failure when upgrade powershell session
to meterpreter.
2018-12-26 11:31:39 +08:00
fa542b9691
Adding platform and arch to top level
2018-12-25 15:56:25 +03:00
ee7120d63a
fixed post/multi/manage/shell_to_meterpreter
2018-12-25 15:00:39 +08:00
18c844623a
Remove extra spaces.
2018-12-24 13:48:07 +01:00
e10792f4e6
Remove extra space.
2018-12-24 13:30:03 +01:00
58aebb6dec
fix #11133 , sleep to avoid the second stage being read too early
2018-12-24 19:26:10 +08:00
98dc59728e
Add blueman set_dhcp_handler D-Bus Privilege Escalation
2018-12-24 08:03:55 +00:00
b9742802aa
Land #11137 , Clean up linux/local/vmware_alsa_config exploit module
2018-12-21 17:04:11 -06:00
81f4ed6db3
Add references and remove reserved function calls
2018-12-22 00:30:37 +05:30
983b39a5b3
Use @iZsh's exploit
2018-12-21 15:40:01 +00:00
5838ad87fb
Check if directory and file exist and report accordingly
2018-12-21 19:36:01 +05:30
4bc871c499
Add CmdStager to erlang_cookie_rce
2018-12-21 07:33:37 -06:00
ba9c7039f7
Add psreadline_history module
2018-12-21 18:18:21 +05:30
c959c98161
add original public research author
2018-12-21 02:54:35 -06:00
a7e8afe760
update references, remove unused metadata, use more straightforward string operations
2018-12-21 02:54:35 -06:00
0dab74a71f
tweak description
2018-12-21 02:54:35 -06:00
46acd7a206
simplify
2018-12-21 02:54:35 -06:00
2f35695327
update web link
2018-12-21 02:54:35 -06:00
ac51fbd122
style fixes
2018-12-21 02:54:35 -06:00
dc6ae6f058
initial import, CVE-2016-4117 OSX exploit
2018-12-21 02:54:35 -06:00
b83c6ad496
Land #11149 , fix a PTY leak in Python Meterpreter
2018-12-20 17:30:42 -06:00
bf2de42077
Now supports all version of Consul.
2018-12-20 18:56:07 +01:00
2919b970cd
Implement execution checks with a timeout limit so we don't leave zombie checks running in background.
2018-12-20 18:41:35 +01:00
ba5c40db77
No need for CVE field.
2018-12-20 18:18:53 +01:00
9481ad04f2
Adding support for ARCH_CMD and updating docs
2018-12-20 12:12:01 +03:00
5af05ad976
Land #11143 , nc -j fix for cups_root_file_read
2018-12-19 22:37:00 -06:00
bf4bb0a5b9
bump metasploit-payloads gem
...
Update metasploit-payloads gem to 1.3.57 to pick up
fix for Python Meterpreter PTY Leak from rapid7/metasploit-payloads#319
2018-12-19 18:19:24 -06:00
68ceb08957
Fixing minor issues such as err codes
2018-12-19 22:17:34 +03:00
d601837e03
Land #10401 , java_jmx_server scanner for Java JMX MBean servers
2018-12-19 13:12:03 -06:00
50b7d93a18
java_jmx_scanner: Incorporate @bcoles suggestions
2018-12-19 12:56:53 -06:00
f7eb3452be
Land #11083 , set user agent in Windows reverse_http(s) stagers
2018-12-19 11:38:12 -06:00
e5c8c18ded
Adding Mailcleaner exec
2018-12-19 17:35:40 +03:00
6921b79890
Land #11089 , Erlang cookie rce exploit module
2018-12-19 08:02:40 -06:00
3838be0a03
Windows Hide Chrome Window
2018-12-19 05:58:11 -06:00
1b8b3bbb95
Update nc -j check in cups_root_file_read
2018-12-18 17:38:33 -06:00
51ce96a2b4
Merge branch 'jmx_scanner' of https://github.com/sgorbaty/metasploit-framework into sgorbaty-jmx_scanner
2018-12-18 16:05:03 -06:00
60f3cfbb79
ysoserial: Cleaned up ysoserial payload in `hp_imc_java_deserialize`
2018-12-18 15:17:51 -06:00
bb758f9a61
I didn't forget msftidy I swear
2018-12-18 14:55:12 -06:00
8a2a605a99
added targets
2018-12-18 14:50:57 -06:00
0464f941a7
Add Windows Support
2018-12-18 14:17:10 -06:00
ef8601aa71
Bail early if we receive an unexpected response.
2018-12-18 19:42:26 +01:00
4ee7bdee6c
Merge branch 'consul_service_exec' of github.com:QKaiser/metasploit-framework into consul_service_exec
2018-12-18 19:33:51 +01:00
b3563b1bc2
Cleaner version of check function thanks to @bcoles.
2018-12-18 19:33:30 +01:00
5e134d7d8d
Update modules/exploits/multi/misc/consul_service_exec.rb
...
Co-Authored-By: QKaiser <QKaiser@users.noreply.github.com>
2018-12-18 19:27:19 +01:00
5192c081ee
Update modules/exploits/multi/misc/consul_service_exec.rb
...
Co-Authored-By: QKaiser <QKaiser@users.noreply.github.com>
2018-12-18 19:27:08 +01:00
6ad40deac3
print_status will never throw a JSON::ParseError exception.
2018-12-18 19:15:13 +01:00
b2b410cbbe
DoS Exploitation of Allen-Bradley legacy protocol (PCCC)
2018-12-18 16:49:53 +00:00
1e88ce9a3d
Edit the comments to -84
2018-12-18 16:33:44 +00:00
05218654f4
adjust the offset to -84
2018-12-18 16:30:47 +00:00
af418ec7f7
Fix mipsle byte_xori too
2018-12-18 16:05:23 +00:00
a52ffbcead
Missing disclosure date.
2018-12-18 17:03:09 +01:00
a3d020a7e2
Add support for authorization with X-Consul-Token ACL header.
2018-12-18 16:56:03 +01:00
1839144978
Cleaner to define this as a Hash, then call .to_json on it.
2018-12-18 16:53:49 +01:00
d40d6c4e3d
Update longxor.rb
...
Suffers from the same problem as the mipsbe version
2018-12-18 15:48:29 +00:00
34c9555717
Fix byte_xori encoder
...
The byte_xori encoder for mipsbe does not work correctly. At the end of the decoding, it should invoke cacheflush() with the correct parameters:
int cacheflush(char *addr, int nbytes, int cache)
I think this is because the encoder is based of the longxori encoder, which itself is pretty old (2008), and before kernel 2.6.11, cacheflush() did not need any parameters (from the cacheflush man page):
BUGS
Linux kernels older than version 2.6.11 ignore the addr and nbytes arguments, making this function fairly expensive. Therefore, the whole cache is always flushed.
This commit fixes that by setting up the parameters correctly. As an unfortunate side effect this increases the shellcode by 16 bytes, but it is absolutely necessary for it to work properly.
Note that this bug is not present when testing the encoder output on an emulator like qemu; emulators do not need to flush the caches to work properly.
2018-12-18 15:37:47 +00:00
177ae2f927
fail_with is not allowed in check method. Use vprint_error and return a CheckCode instead. Cleaner response check in check function. Usage of CheckCode instead of Exploit::CheckCode.
2018-12-18 16:33:53 +01:00
0feadf636b
Define in RPORT and SSL in register_options rather than DefaultOptions. Support for echo and printf command stager flavors + support for curl and wget command stager flavors (hence reactivation of SRVHOST, SRVPORT, URIPATH and SSLCert).
2018-12-18 16:29:36 +01:00
0acdcd98f2
Merge branch 'master' into consul_service_exec
2018-12-18 16:27:08 +01:00
f487f978c2
Merge branch 'consul_exec' of github.com:QKaiser/metasploit-framework into consul_exec
2018-12-18 16:09:18 +01:00
08541cd7b9
Merge branch 'master' into consul_exec
2018-12-18 16:07:08 +01:00
a1e1e4a4f4
Remove useless comment.
2018-12-18 16:05:50 +01:00
b80e5715d4
Add support for authorization with X-Consul-Token ACL header.
2018-12-18 16:02:39 +01:00
551f8c5e92
Support for echo and printf command stager flavors + support for curl and wget command stager flavors (hence reactivation of SRVHOST, SRVPORT, URIPATH and SSLCert).
2018-12-18 15:48:58 +01:00
f290221a66
Cleaner response check in check function. Usage of CheckCode instead of Exploit::CheckCode.
2018-12-18 15:36:52 +01:00
aeec5cf23e
Cleaner to define this as a Hash, then call .to_json on it. Better support of agent definition in check function.
2018-12-18 15:31:30 +01:00
e51530688b
fail_with is not allowed in check method. Use vprint_error and return a CheckCode instead.
2018-12-18 15:09:04 +01:00
4682cf5796
Define in register_options rather than DefaultOptions.
2018-12-18 15:04:28 +01:00
86cbddf46d
fix spacing
2018-12-18 13:35:16 +00:00
fff850a07e
Make longxor encoder great again
...
The longxor encoder for mipsbe does not work correctly. At the end of the decoding, it should invoke cacheflush() with the correct parameters:
int cacheflush(char *addr, int nbytes, int cache)
The encoder previously did not setup the arguments, as it even said so in the comments:
; addiu $4, $16, -4 ; not checked by Linux
; li $5,40 ; not checked by Linux
; li $6,3 ; $6 is set above
I think this is because the encoder is pretty old (2008), and before kernel 2.6.11, cacheflush() did not need any parameters (from the cacheflush man page):
BUGS
Linux kernels older than version 2.6.11 ignore the addr and nbytes arguments, making this function fairly expensive. Therefore, the
whole cache is always flushed.
This commit fixes that by setting up the parameters correctly. As an unfortunate side effect this increases the shellcode by 16 bytes, but it is absolutely necessary for it to work properly.
Note that this bug is not present when testing the encoder output on an emulator like qemu; emulators do not need to flush the caches to work properly.
As an added bonus I have also made it compatible with toupper() restrictions, which is common in web server exploits too. This did not add any extra bytes to the encoder.
2018-12-18 12:30:55 +00:00
fc2d217c0a
Land #11135 , strip comments from source code before uploading it to the target
2018-12-17 21:23:29 -06:00
333d44186b
Land #11138 , add reverse_tcp mixin for vax payload
2018-12-17 21:17:40 -06:00
a10a5e74c4
Use of send_request_cgi instead of raw socket(incomplete responses) and other small fixes
2018-12-17 15:10:36 -08:00
8072b038ed
Use of send_request_cgi instead of raw socket(incomplete responses) and other small fixes
2018-12-17 15:09:08 -08:00
3fb723cc1b
Use of send_request_cgi instead of raw socket(incomplete requests) and other small fixes
2018-12-17 15:04:55 -08:00
bf13693d37
Land #11101 , temp fix for x64/xor stage encoder
...
Merge branch 'land-11101' into upstream-master
2018-12-17 14:14:55 -06:00
2a69fffa6b
fix for ReverseTcp error
...
Update vax shell_reverse_tcp.rb to fix ReverseTcp NameError
Error:
/opt/metasploit-framework/embedded/framework/modules/payloads/singles/bsd/vax/shell_reverse_tcp.rb:24:in `initialize': uninitialized constant Msf::Handler::ReverseTcp (NameError)
After adding this line the error dissapeared for me and I was able to run msfconsole again.
2018-12-17 19:28:07 +01:00
2fc501d260
Land #11112 , Fix bpf_priv_esc exploit module
2018-12-17 10:00:50 -06:00
7839add2fd
Land #11123 , Add module windows persistent service
2018-12-17 09:07:21 -06:00
88b7b7df4a
Fix additional path space issues
2018-12-17 07:00:23 -06:00
b9cccc2e8f
Improvements on code quality and documentation
2018-12-17 00:15:48 -08:00
d973a58052
Clean up linux/local/vmware_alsa_config
2018-12-17 08:01:34 +00:00
f05ea634a3
Improvements on code quality and documentation
2018-12-16 23:42:59 -08:00
0aa6e5a640
Handle path with spaces correctly.
2018-12-17 10:25:06 +08:00
48df4be54e
Improvements on code quality and documentation
2018-12-16 12:47:52 -08:00
1ecc5461bf
Metasploit module for CVE 2017-3248, Weblogic serialization RCE RMI UnicastRef
2018-12-16 06:21:09 -08:00
fcb512878c
Add strip_comments method to Linux local exploits
2018-12-16 14:11:54 +00:00
8ce7643e41
Some improvements in code and documentation.
2018-12-15 21:07:53 -08:00
873d048b89
Some improvements in code and documentation.
2018-12-15 20:42:17 -08:00
4c14642b99
Update modules/exploits/multi/misc/weblogic_deserialize_rawobject.rb
...
Co-Authored-By: acamro <acamro@users.noreply.github.com>
2018-12-15 23:23:23 -05:00
8dfd8aa4cd
Update modules/exploits/multi/misc/weblogic_deserialize_rawobject.rb
...
Co-Authored-By: acamro <acamro@users.noreply.github.com>
2018-12-15 23:23:14 -05:00
29c70b8585
Some fixes of sintax errors
2018-12-15 19:44:05 -08:00
826c93ff8a
Sintax error in an elseif
2018-12-15 19:41:35 -08:00
25a447fa35
Removed line at the end of file (to pass all tests)
2018-12-15 19:21:37 -08:00
d8f19ff6c8
Removed line at the end of file (to pass all tests)
2018-12-15 19:19:47 -08:00
a936d3f78f
Metasploit module for CVE 2016-3510, Weblogic serialization RCE Marshalled Object
2018-12-15 19:12:33 -08:00
82db6025c9
Some fixes to pass msftidy.
2018-12-15 18:32:17 -08:00
446144ba8e
Metasploit module for CVE 2015-4852, Weblogic serialization RCE Raw Object
2018-12-15 18:26:34 -08:00
5bf28887d2
Land #11127 , Fix TARGETURI support in struts2_namespace_ognl
2018-12-15 09:33:48 -06:00
b8e134b95d
Update version check
2018-12-15 05:39:50 +00:00
6237740116
lint: remove spaces
2018-12-15 01:02:13 +01:00
cb3ea8dfed
Remove binding.pry from bind payload.
...
In response to
https://github.com/rapid7/metasploit-framework/pull/11039#discussion_r241890477 .
2018-12-14 16:32:19 -06:00
cd2dbf0edf
ysoserial: Modified `hp_imc_java_deserialize` to use the library
2018-12-14 16:13:17 -06:00
8adfef5730
Remove Version, Fix Whitespace
2018-12-14 13:19:49 -06:00
e67eaa94c9
Move code to ERB template
2018-12-14 13:13:32 -06:00
Wei Chen
Ziconius
rwincey
Imran E. Dawoodjee
Tim W
Brent Cook
h00die
William Vu
asoto-r7
Brendan Coles
Pearce Barry
Jacob Robles
Luis Rosa
bwatters
Jon Hart
Jeffrey Martin
Pedro Ribeiro
Carter Brainerd
Tod Beardsley
Shelby Pace
jdiog0
spinfoo
rsp3ar
Clément Notin
phra
Qazeer
Qazeer
Alex
Mehmet İnce
Green-m
L
Quentin Kaiser
Garvit Dewan
Milton-Valencia
Quentin Kaiser
Andres Rodriguez
LouDnl
Francesco Soncina
epi