Commit Graph

12180 Commits (04bf0b4ab693ac6dd9bc75823231fa893401d337)

Author SHA1 Message Date
sinn3r 66cb97305c
Land #2953 - KingScada kxClientDownload.ocx ActiveX Remote Code Exec 2014-02-07 17:41:35 -06:00
sinn3r bd23fcf4b7
Land #2936 - Windows Command Shell Upgrade (Powershell) 2014-02-07 17:39:06 -06:00
James Lee f0fd2f0598
Land #2944, add platforms to encoders
This allows encoders to advertise compatibility with a particular
platform (or more accurately, non-compatibility with everything that
isn't that platform).

See also #2939
2014-02-07 13:38:05 -06:00
sinn3r 63305025aa
Land #2615 - Add Windows Gather Active Directory User Comments 2014-02-07 12:23:43 -06:00
sinn3r 9c76e7fb00 Handle multiple exceptions 2014-02-07 12:23:10 -06:00
sinn3r 40188e1eda
RuntimeError exception should be handled. 2014-02-07 12:16:15 -06:00
jvazquez-r7 c679b1001b Make pring_warning verbose 2014-02-07 10:23:07 -06:00
grimmlin 2d93b38e2a Fixed java_signed_applet for Java 7u51 2014-02-07 16:29:50 +01:00
Spencer McIntyre f686385349 Remove an unnecessary VS file and modify version check. 2014-02-07 08:45:51 -05:00
jvazquez-r7 a18de35fa7 Add module for ZDI-14-011 2014-02-06 18:25:36 -06:00
Spencer McIntyre cc32c877a9 Add CVE-2013-3881 win32k Null Page exploit 2014-02-06 17:23:38 -05:00
James Lee 4b37cc7243
Land #2927, PandoraFMS anyterm exploit 2014-02-06 15:22:23 -06:00
James Lee 4236abe282
Better SIGHUP handling 2014-02-06 15:21:54 -06:00
William Vu 19fff3c33e
Land #2942, @jvennix-r7's Android awesomesauce
Also, thanks to @jduck for testing!
2014-02-06 11:53:11 -06:00
Joe Vennix 362e937c8d Forgot to push local changes. 2014-02-06 11:47:35 -06:00
Joe Vennix 0dc2ec5c4d Use BrowserExploitServer mixin.
This prevents drive-by users on other browsers from ever receiving
the exploit contents.
2014-02-06 11:32:42 -06:00
jvazquez-r7 ac52edabd5
Land #2801, Land @kicks4kittens IBM Sametime modules 2014-02-06 10:17:03 -06:00
jvazquez-r7 30c325c22e Make better json check 2014-02-06 10:16:26 -06:00
kicks4kittens 564f9bccc8 Correct print output
Printing the room details is the purpose of the module.
Reinstated printing the table in non-verbose mode (users won't know it's there otherwise)
2014-02-05 22:00:02 +01:00
kicks4kittens 445cd7be5a remove "on {peer}
line already includes {peer} info
2014-02-05 21:57:58 +01:00
kicks4kittens 4c0c9101aa Correct check, reinstate print
Corrected JSON check (response is empty, but valid JSON on check success)
Reinstated print to warn user (not only in VERBOSE)
2014-02-05 21:56:56 +01:00
kicks4kittens 60cf68f899 added default SSL 2014-02-05 21:54:02 +01:00
kicks4kittens 3560b41eb2 correct variable name
body isn't valid, replaced with res.body and tested
2014-02-05 21:51:55 +01:00
kicks4kittens 38add0ab50 alter print_status
Altered print_status to print_good to differentiate when user is online easier
2014-02-05 21:49:39 +01:00
jvazquez-r7 fdb954fdfb Report credentials 2014-02-05 14:37:33 -06:00
jvazquez-r7 631559a2e8 Add module for Kloco SQLi 2014-02-05 14:18:56 -06:00
James Lee 14aa8ffd5c
Apply blockapi changes to bind_tcp and bind_tcp_rc4 2014-02-04 17:45:18 -06:00
Joe Vennix 553616b6cc Add URL for browser exploit. 2014-02-04 17:04:06 -06:00
Tod Beardsley 3a6626761b
Land #2945, obsolete old modules
Obsoletes:

modules/auxiliary/admin/scada/igss_exec_17.rb
modules/exploits/windows/http/sap_mgmt_con_osexec_payload.rb
modules/post/windows/gather/resolve_hosts.rb
modules/post/windows/manage/persistence.rb
2014-02-04 15:11:25 -06:00
sinn3r bda93c2bbc
Land #2811 - Add generate_war to jsp_shell payloads 2014-02-04 15:06:45 -06:00
sinn3r 89e1bcc0ca Deprecate modules with date 2013-something
These modules had an expiration date of 2013.
2014-02-04 14:49:18 -06:00
jvazquez-r7 80e7ae144b Use the platform when selecting the payload 2014-02-04 14:34:11 -06:00
Joe Vennix 23fc73924e Msftidy it up. 2014-02-04 14:24:36 -06:00
James Lee 20b8062220
Apply blockapi changes to reverse_tcp_rc4 2014-02-04 12:30:56 -06:00
James Lee c70680cf1c
Fix infinite-retry bug
Derp, block_api clobbers ecx
2014-02-04 11:59:16 -06:00
William Vu a58698c177
Land #2922, multithreaded check command 2014-02-04 11:21:05 -06:00
James Lee 9c3664bd45
Unify reverse_http and reverse_https
This will make copy-pasta less painful in the future.  There's still the
problem of reverse_https_proxy being very similar, but the logic in how
it gets generated in the module is more than i want to tackle right now
2014-02-04 09:09:12 -06:00
jvazquez-r7 cccf2e4258
Land #2926, @xistence A10 Networks Loadbalancer dir traversal module 2014-02-04 07:28:51 -06:00
jvazquez-r7 cc09367c62 Change the datastore name option 2014-02-04 07:28:14 -06:00
Joe Vennix 700e09f386 Wording tweak. 2014-02-04 02:55:10 -06:00
Joe Vennix bbabd72b0e Whitespace tweaks. 2014-02-04 02:52:52 -06:00
Joe Vennix eb6a5a4c19 Tweak checks. 2014-02-04 02:49:44 -06:00
Joe Vennix 4923a93974 Tweak description. 2014-02-04 02:47:49 -06:00
Joe Vennix 37479884a5 Add browserautopwn support. 2014-02-04 02:32:12 -06:00
Joe Vennix eba3a5aab0 More accurate description. 2014-02-04 01:44:39 -06:00
Joe Vennix 177bd35552 Add webview HTTP exploit. 2014-02-04 01:37:09 -06:00
James Lee f163bc7f7a
Unbreak reverse_https_proxy
Broken by #2448, 063da8a22e
2014-02-03 15:07:59 -06:00
Tod Beardsley 7e2a9a7072
More desc fixes, add a vprint to give a hint 2014-02-03 13:18:52 -06:00
Tod Beardsley d34020115a
Fix up on apache descs and print_* methods 2014-02-03 13:13:57 -06:00
jvazquez-r7 ffd90a3d38 Add confirmation datastore option 2014-02-03 12:40:58 -06:00
Tod Beardsley 9953821451
Fix desc on Drupal module, some peer prints 2014-02-03 12:16:06 -06:00
Meatballs 08493f2670
Merge remote-tracking branch 'upstream/master' into upgrade_psh
Conflicts:
	lib/msf/core/post/file.rb
2014-02-03 18:02:09 +00:00
James Lee be0b9fc2f8 Use the new block_api in windows/reverse_tcp 2014-02-03 11:34:52 -06:00
James Lee bfc0ac4dd4 Golf a few bytes off of reverse_http(s) 2014-02-03 11:33:55 -06:00
bcoles 9b9b2fab58 Add DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials module 2014-02-04 02:00:11 +10:30
jvazquez-r7 a92256e8d1 Clean a10networks_ax_directory_traversal 2014-02-03 08:41:23 -06:00
xistence 50f860757b Changes made to pandora_fms_exec module as requested 2014-02-03 14:10:27 +07:00
sinn3r e54abb4274
Add support for shell session type 2014-02-02 23:37:56 -06:00
sinn3r ae84e354e8
Be consistent with get_smartermail_creds method's return value 2014-02-02 22:06:14 -06:00
sinn3r 662fbf53b6
Update check_smartermail method
Instead of using exception handling to determine the right path,
the new method simply uses the file? method. It's also renamed as
"get_mail_config_path" to properly describe its functionality.
2014-02-02 22:01:38 -06:00
sinn3r 2b2194cee8
Modify prints 2014-02-02 21:58:10 -06:00
Meatballs 95eb758642
Initial commit 2014-02-02 19:04:38 +00:00
bcoles 62dca111f8 Conform to style 2014-02-02 08:07:18 +10:30
bcoles e30195348e Add Windows Gather SmarterMail Password Extraction post module 2014-02-02 05:51:21 +10:30
William Vu a5bff638c5 Remove EOL spaces 2014-01-31 15:01:03 -06:00
sinn3r b67ac39a33
Land #2921 - Apache Struts Developer Mode OGNL Execution 2014-01-31 12:06:58 -06:00
sinn3r 60ead5de43 Explain why we flag the vuln as "Appears" instead of vulnerable 2014-01-31 12:05:58 -06:00
jvazquez-r7 2fca2da9f7 Add an vprint message on check 2014-01-31 11:57:20 -06:00
jvazquez-r7 356692f2f5
Land #2923, @rangercha tomcat deploy module compatible with tomcat8 2014-01-31 10:53:53 -06:00
jvazquez-r7 53c2a737e9 Don't register rport again 2014-01-31 09:42:41 -06:00
jvazquez-r7 452042e757
Land #2925, @xistence aux module for Support Center Plus traversal 2014-01-31 09:38:01 -06:00
jvazquez-r7 e9f04d9203 Do final cleanup for Support Center Plus module 2014-01-31 09:37:40 -06:00
jvazquez-r7 a010748056
Land #2924, @xistence's exploit for CVE-2014-1683 2014-01-31 09:20:10 -06:00
jvazquez-r7 710902dc56 Move file location 2014-01-31 09:18:59 -06:00
jvazquez-r7 810605f0b7 Do final cleanup for the skybluecanvas exploit 2014-01-31 09:17:51 -06:00
jvazquez-r7 32c5d77ebd
Land #2918, @wvu's fix for long argument lists 2014-01-31 08:49:22 -06:00
xistence e81a0ed22b Changes as requested for SupportCenterPlus module 2014-01-31 13:28:45 +07:00
xistence ffd8f7eee0 Changes as requested in SkyBlue Canvas RCE module 2014-01-31 12:52:48 +07:00
jvazquez-r7 93db1c59af Do small fixes 2014-01-30 17:16:43 -06:00
jvazquez-r7 9daacf8fb1 Clean exploit method 2014-01-30 16:58:17 -06:00
jvazquez-r7 4458dc80a5 Clean the find_csrf mehtod 2014-01-30 16:39:19 -06:00
jvazquez-r7 697a86aad7 Organize a little bit the code 2014-01-30 16:29:45 -06:00
jvazquez-r7 50317d44d3 Do more easy clean 2014-01-30 16:23:17 -06:00
jvazquez-r7 1a9e6dfb2a Allow check to detect platform and arch 2014-01-30 15:17:20 -06:00
jvazquez-r7 b2273dce2e Delete Automatic target
It isn't usefull at all, when auto targeting is done, the payload (java platform and arch)
has been already selected.
2014-01-30 15:04:08 -06:00
jvazquez-r7 cebbe71dba Do easy cleanup of exploit 2014-01-30 14:42:02 -06:00
jvazquez-r7 c336133a8e Do a first clean related to auto_target 2014-01-30 14:27:20 -06:00
jvazquez-r7 57b8b49744 Clean query_manager 2014-01-30 14:20:02 -06:00
jvazquez-r7 148e51a28b Clean metadata and use TARGETURI 2014-01-30 14:03:52 -06:00
William Vu 56287e308d Clean up unused variables 2014-01-30 11:20:21 -06:00
xistence 9a929e75e4 Added Pandora FMS RCE 2014-01-29 12:46:23 +07:00
xistence c8296298b3 added A10Networks AX loadbalancer Dir Traversal Auxiliary Module 2014-01-28 16:37:25 +07:00
xistence 32d7f15a5c added ManageEngine Support Center Plus directory traversal auxiliary module 2014-01-28 15:45:23 +07:00
xistence bac6e2a3e1 added SkyBlueCanvas CMS 1.1 r248-03 RCE 2014-01-28 11:06:25 +07:00
jvazquez-r7 f766a74150
Land #2920, @wvu-r7's author metadata update for printer aux modules 2014-01-27 13:02:31 -06:00
William Vu d19e9307c6 Fix missing colon in :caller_host symbol
Good catch, @jvazquez-r7!
2014-01-27 12:43:59 -06:00
jvazquez-r7 0dbaeb6742 Add Matteo's email 2014-01-27 08:40:44 -06:00
jvazquez-r7 f086655075
Land #2913, @bcoles Exploit for Simple E-Document 2014-01-27 08:09:45 -06:00
jvazquez-r7 861126fdbd Clean exploit code 2014-01-27 08:09:18 -06:00
RangerCha a49473181c Added new module. Abuses tomcat manager upload page. Tested on tomcat 5.5.36, 6.0.37, 7.0.50, 8.0.0rc10 2014-01-27 09:04:59 -05:00