sinn3r
66cb97305c
Land #2953 - KingScada kxClientDownload.ocx ActiveX Remote Code Exec
2014-02-07 17:41:35 -06:00
sinn3r
bd23fcf4b7
Land #2936 - Windows Command Shell Upgrade (Powershell)
2014-02-07 17:39:06 -06:00
James Lee
f0fd2f0598
Land #2944 , add platforms to encoders
...
This allows encoders to advertise compatibility with a particular
platform (or more accurately, non-compatibility with everything that
isn't that platform).
See also #2939
2014-02-07 13:38:05 -06:00
sinn3r
63305025aa
Land #2615 - Add Windows Gather Active Directory User Comments
2014-02-07 12:23:43 -06:00
sinn3r
9c76e7fb00
Handle multiple exceptions
2014-02-07 12:23:10 -06:00
sinn3r
40188e1eda
RuntimeError exception should be handled.
2014-02-07 12:16:15 -06:00
jvazquez-r7
c679b1001b
Make pring_warning verbose
2014-02-07 10:23:07 -06:00
grimmlin
2d93b38e2a
Fixed java_signed_applet for Java 7u51
2014-02-07 16:29:50 +01:00
Spencer McIntyre
f686385349
Remove an unnecessary VS file and modify version check.
2014-02-07 08:45:51 -05:00
jvazquez-r7
a18de35fa7
Add module for ZDI-14-011
2014-02-06 18:25:36 -06:00
Spencer McIntyre
cc32c877a9
Add CVE-2013-3881 win32k Null Page exploit
2014-02-06 17:23:38 -05:00
James Lee
4b37cc7243
Land #2927 , PandoraFMS anyterm exploit
2014-02-06 15:22:23 -06:00
James Lee
4236abe282
Better SIGHUP handling
2014-02-06 15:21:54 -06:00
William Vu
19fff3c33e
Land #2942 , @jvennix-r7's Android awesomesauce
...
Also, thanks to @jduck for testing!
2014-02-06 11:53:11 -06:00
Joe Vennix
362e937c8d
Forgot to push local changes.
2014-02-06 11:47:35 -06:00
Joe Vennix
0dc2ec5c4d
Use BrowserExploitServer mixin.
...
This prevents drive-by users on other browsers from ever receiving
the exploit contents.
2014-02-06 11:32:42 -06:00
jvazquez-r7
ac52edabd5
Land #2801 , Land @kicks4kittens IBM Sametime modules
2014-02-06 10:17:03 -06:00
jvazquez-r7
30c325c22e
Make better json check
2014-02-06 10:16:26 -06:00
kicks4kittens
564f9bccc8
Correct print output
...
Printing the room details is the purpose of the module.
Reinstated printing the table in non-verbose mode (users won't know it's there otherwise)
2014-02-05 22:00:02 +01:00
kicks4kittens
445cd7be5a
remove "on {peer}
...
line already includes {peer} info
2014-02-05 21:57:58 +01:00
kicks4kittens
4c0c9101aa
Correct check, reinstate print
...
Corrected JSON check (response is empty, but valid JSON on check success)
Reinstated print to warn user (not only in VERBOSE)
2014-02-05 21:56:56 +01:00
kicks4kittens
60cf68f899
added default SSL
2014-02-05 21:54:02 +01:00
kicks4kittens
3560b41eb2
correct variable name
...
body isn't valid, replaced with res.body and tested
2014-02-05 21:51:55 +01:00
kicks4kittens
38add0ab50
alter print_status
...
Altered print_status to print_good to differentiate when user is online easier
2014-02-05 21:49:39 +01:00
jvazquez-r7
fdb954fdfb
Report credentials
2014-02-05 14:37:33 -06:00
jvazquez-r7
631559a2e8
Add module for Kloco SQLi
2014-02-05 14:18:56 -06:00
James Lee
14aa8ffd5c
Apply blockapi changes to bind_tcp and bind_tcp_rc4
2014-02-04 17:45:18 -06:00
Joe Vennix
553616b6cc
Add URL for browser exploit.
2014-02-04 17:04:06 -06:00
Tod Beardsley
3a6626761b
Land #2945 , obsolete old modules
...
Obsoletes:
modules/auxiliary/admin/scada/igss_exec_17.rb
modules/exploits/windows/http/sap_mgmt_con_osexec_payload.rb
modules/post/windows/gather/resolve_hosts.rb
modules/post/windows/manage/persistence.rb
2014-02-04 15:11:25 -06:00
sinn3r
bda93c2bbc
Land #2811 - Add generate_war to jsp_shell payloads
2014-02-04 15:06:45 -06:00
sinn3r
89e1bcc0ca
Deprecate modules with date 2013-something
...
These modules had an expiration date of 2013.
2014-02-04 14:49:18 -06:00
jvazquez-r7
80e7ae144b
Use the platform when selecting the payload
2014-02-04 14:34:11 -06:00
Joe Vennix
23fc73924e
Msftidy it up.
2014-02-04 14:24:36 -06:00
James Lee
20b8062220
Apply blockapi changes to reverse_tcp_rc4
2014-02-04 12:30:56 -06:00
James Lee
c70680cf1c
Fix infinite-retry bug
...
Derp, block_api clobbers ecx
2014-02-04 11:59:16 -06:00
William Vu
a58698c177
Land #2922 , multithreaded check command
2014-02-04 11:21:05 -06:00
James Lee
9c3664bd45
Unify reverse_http and reverse_https
...
This will make copy-pasta less painful in the future. There's still the
problem of reverse_https_proxy being very similar, but the logic in how
it gets generated in the module is more than i want to tackle right now
2014-02-04 09:09:12 -06:00
jvazquez-r7
cccf2e4258
Land #2926 , @xistence A10 Networks Loadbalancer dir traversal module
2014-02-04 07:28:51 -06:00
jvazquez-r7
cc09367c62
Change the datastore name option
2014-02-04 07:28:14 -06:00
Joe Vennix
700e09f386
Wording tweak.
2014-02-04 02:55:10 -06:00
Joe Vennix
bbabd72b0e
Whitespace tweaks.
2014-02-04 02:52:52 -06:00
Joe Vennix
eb6a5a4c19
Tweak checks.
2014-02-04 02:49:44 -06:00
Joe Vennix
4923a93974
Tweak description.
2014-02-04 02:47:49 -06:00
Joe Vennix
37479884a5
Add browserautopwn support.
2014-02-04 02:32:12 -06:00
Joe Vennix
eba3a5aab0
More accurate description.
2014-02-04 01:44:39 -06:00
Joe Vennix
177bd35552
Add webview HTTP exploit.
2014-02-04 01:37:09 -06:00
James Lee
f163bc7f7a
Unbreak reverse_https_proxy
...
Broken by #2448 , 063da8a22e
2014-02-03 15:07:59 -06:00
Tod Beardsley
7e2a9a7072
More desc fixes, add a vprint to give a hint
2014-02-03 13:18:52 -06:00
Tod Beardsley
d34020115a
Fix up on apache descs and print_* methods
2014-02-03 13:13:57 -06:00
jvazquez-r7
ffd90a3d38
Add confirmation datastore option
2014-02-03 12:40:58 -06:00
Tod Beardsley
9953821451
Fix desc on Drupal module, some peer prints
2014-02-03 12:16:06 -06:00
Meatballs
08493f2670
Merge remote-tracking branch 'upstream/master' into upgrade_psh
...
Conflicts:
lib/msf/core/post/file.rb
2014-02-03 18:02:09 +00:00
James Lee
be0b9fc2f8
Use the new block_api in windows/reverse_tcp
2014-02-03 11:34:52 -06:00
James Lee
bfc0ac4dd4
Golf a few bytes off of reverse_http(s)
2014-02-03 11:33:55 -06:00
bcoles
9b9b2fab58
Add DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials module
2014-02-04 02:00:11 +10:30
jvazquez-r7
a92256e8d1
Clean a10networks_ax_directory_traversal
2014-02-03 08:41:23 -06:00
xistence
50f860757b
Changes made to pandora_fms_exec module as requested
2014-02-03 14:10:27 +07:00
sinn3r
e54abb4274
Add support for shell session type
2014-02-02 23:37:56 -06:00
sinn3r
ae84e354e8
Be consistent with get_smartermail_creds method's return value
2014-02-02 22:06:14 -06:00
sinn3r
662fbf53b6
Update check_smartermail method
...
Instead of using exception handling to determine the right path,
the new method simply uses the file? method. It's also renamed as
"get_mail_config_path" to properly describe its functionality.
2014-02-02 22:01:38 -06:00
sinn3r
2b2194cee8
Modify prints
2014-02-02 21:58:10 -06:00
Meatballs
95eb758642
Initial commit
2014-02-02 19:04:38 +00:00
bcoles
62dca111f8
Conform to style
2014-02-02 08:07:18 +10:30
bcoles
e30195348e
Add Windows Gather SmarterMail Password Extraction post module
2014-02-02 05:51:21 +10:30
William Vu
a5bff638c5
Remove EOL spaces
2014-01-31 15:01:03 -06:00
sinn3r
b67ac39a33
Land #2921 - Apache Struts Developer Mode OGNL Execution
2014-01-31 12:06:58 -06:00
sinn3r
60ead5de43
Explain why we flag the vuln as "Appears" instead of vulnerable
2014-01-31 12:05:58 -06:00
jvazquez-r7
2fca2da9f7
Add an vprint message on check
2014-01-31 11:57:20 -06:00
jvazquez-r7
356692f2f5
Land #2923 , @rangercha tomcat deploy module compatible with tomcat8
2014-01-31 10:53:53 -06:00
jvazquez-r7
53c2a737e9
Don't register rport again
2014-01-31 09:42:41 -06:00
jvazquez-r7
452042e757
Land #2925 , @xistence aux module for Support Center Plus traversal
2014-01-31 09:38:01 -06:00
jvazquez-r7
e9f04d9203
Do final cleanup for Support Center Plus module
2014-01-31 09:37:40 -06:00
jvazquez-r7
a010748056
Land #2924 , @xistence's exploit for CVE-2014-1683
2014-01-31 09:20:10 -06:00
jvazquez-r7
710902dc56
Move file location
2014-01-31 09:18:59 -06:00
jvazquez-r7
810605f0b7
Do final cleanup for the skybluecanvas exploit
2014-01-31 09:17:51 -06:00
jvazquez-r7
32c5d77ebd
Land #2918 , @wvu's fix for long argument lists
2014-01-31 08:49:22 -06:00
xistence
e81a0ed22b
Changes as requested for SupportCenterPlus module
2014-01-31 13:28:45 +07:00
xistence
ffd8f7eee0
Changes as requested in SkyBlue Canvas RCE module
2014-01-31 12:52:48 +07:00
jvazquez-r7
93db1c59af
Do small fixes
2014-01-30 17:16:43 -06:00
jvazquez-r7
9daacf8fb1
Clean exploit method
2014-01-30 16:58:17 -06:00
jvazquez-r7
4458dc80a5
Clean the find_csrf mehtod
2014-01-30 16:39:19 -06:00
jvazquez-r7
697a86aad7
Organize a little bit the code
2014-01-30 16:29:45 -06:00
jvazquez-r7
50317d44d3
Do more easy clean
2014-01-30 16:23:17 -06:00
jvazquez-r7
1a9e6dfb2a
Allow check to detect platform and arch
2014-01-30 15:17:20 -06:00
jvazquez-r7
b2273dce2e
Delete Automatic target
...
It isn't usefull at all, when auto targeting is done, the payload (java platform and arch)
has been already selected.
2014-01-30 15:04:08 -06:00
jvazquez-r7
cebbe71dba
Do easy cleanup of exploit
2014-01-30 14:42:02 -06:00
jvazquez-r7
c336133a8e
Do a first clean related to auto_target
2014-01-30 14:27:20 -06:00
jvazquez-r7
57b8b49744
Clean query_manager
2014-01-30 14:20:02 -06:00
jvazquez-r7
148e51a28b
Clean metadata and use TARGETURI
2014-01-30 14:03:52 -06:00
William Vu
56287e308d
Clean up unused variables
2014-01-30 11:20:21 -06:00
xistence
9a929e75e4
Added Pandora FMS RCE
2014-01-29 12:46:23 +07:00
xistence
c8296298b3
added A10Networks AX loadbalancer Dir Traversal Auxiliary Module
2014-01-28 16:37:25 +07:00
xistence
32d7f15a5c
added ManageEngine Support Center Plus directory traversal auxiliary module
2014-01-28 15:45:23 +07:00
xistence
bac6e2a3e1
added SkyBlueCanvas CMS 1.1 r248-03 RCE
2014-01-28 11:06:25 +07:00
jvazquez-r7
f766a74150
Land #2920 , @wvu-r7's author metadata update for printer aux modules
2014-01-27 13:02:31 -06:00
William Vu
d19e9307c6
Fix missing colon in :caller_host symbol
...
Good catch, @jvazquez-r7!
2014-01-27 12:43:59 -06:00
jvazquez-r7
0dbaeb6742
Add Matteo's email
2014-01-27 08:40:44 -06:00
jvazquez-r7
f086655075
Land #2913 , @bcoles Exploit for Simple E-Document
2014-01-27 08:09:45 -06:00
jvazquez-r7
861126fdbd
Clean exploit code
2014-01-27 08:09:18 -06:00
RangerCha
a49473181c
Added new module. Abuses tomcat manager upload page. Tested on tomcat 5.5.36, 6.0.37, 7.0.50, 8.0.0rc10
2014-01-27 09:04:59 -05:00