0746ab5847
Create credential table.
2018-09-21 12:44:10 -04:00
a603c04da5
Create credential table.
2018-09-21 12:42:32 -04:00
c9de43c8d0
Code cleanup, feedback from bcoles
2018-09-21 10:11:26 -05:00
5842f0c012
Msftidy
2018-09-21 10:15:31 -04:00
8a0f5c12f2
Move setup info, remove accessors
2018-09-21 07:47:22 -05:00
02f4fc1876
Prefer to_s.empty?
...
Oh, hell, do it here, too.
2018-09-20 21:26:41 -05:00
c875f66154
Prefer to_s over || ''
...
Oops, I wasn't thinking clearly. to_s is cleaner.
2018-09-20 21:26:41 -05:00
a7f53b9361
Land #10628 , Add Solaris srsexec Arbitrary File Reader module
2018-09-21 01:56:43 +00:00
ee0776b095
print when not verbose
2018-09-20 20:54:41 -04:00
9da87a600f
Add LEAK_COUNT option to Heartbleed
...
I should have done this in 2014, but I'm a slacker.
2018-09-20 19:49:07 -05:00
e32abe9d45
Update Payload cached sizes
2018-09-20 17:26:15 -05:00
185931ca91
Land #10625 , repeat command to repeat commands
2018-09-20 15:24:03 -05:00
981fb38d52
Remove additional unused code
2018-09-20 07:04:41 -05:00
ee604e1d23
Remove unused code
2018-09-20 07:01:58 -05:00
6e51eb6c53
Rename Pimcore and Dolibarr SQLi modules
2018-09-19 22:15:14 -05:00
f99df75719
Remove uploading payload dll to disk
2018-09-19 21:24:22 -05:00
c76f095cd0
Inject Payload to Memory First
2018-09-19 21:13:49 -05:00
c5f6d4b8a5
Land #10670 , Pimcore SQLi module
2018-09-19 20:50:21 -05:00
5477220106
Update documentation
2018-09-19 20:48:42 -05:00
53f78cb7c3
Land #10673 , dolibarr_list_creds{,_sqli} rename
2018-09-19 18:55:05 -05:00
dd942ab23c
Land #10652 , iOS Safari blur denial of service
2018-09-19 15:12:22 -05:00
7698b7d7db
changed location of dolibarr module/documentation
2018-09-19 11:17:27 -05:00
42ccc37bca
Added description to module
2018-09-19 10:22:51 -05:00
8a20e0e702
Specific target, add process option
2018-09-19 08:49:54 -05:00
b6ca8cac7f
renamed/relocated files, changed uri
2018-09-19 08:11:45 -05:00
22c57d1bf0
chmod 644
2018-09-19 18:19:12 +08:00
36fa8f2ffc
Added exploit module for Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow.
2018-09-19 15:28:46 +08:00
827219aff3
Revert "Added exploit module for Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow"
...
This reverts commit d06587caef
2018-09-19 15:22:12 +08:00
d06587caef
Added exploit module for Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow
2018-09-19 15:09:40 +08:00
5b6938e942
Revert "Added exploit module for Delta Electronics Delta Industrial Automation COMMGR 1.08 Buffer Overflow"
...
This reverts commit 1a9aa8ac3b
2018-09-19 13:20:00 +08:00
1d091408f7
Make msftidy happy
2018-09-18 20:00:08 -05:00
6a63feced4
Merge remote-tracking branch 'upstream/master' into pr/10418
2018-09-18 19:54:44 -05:00
c68f900330
Update module
2018-09-18 18:28:23 -05:00
0c842b852b
changed available? expression
2018-09-18 15:47:25 -05:00
fd8ad6f4d8
struts2_namespace_ognl: Added verbose messages for errors with Tomcat >= 7.0.88
2018-09-18 15:26:28 -05:00
e9faf305b2
randomize number, use vars_get
2018-09-18 15:03:32 -05:00
4933f47ac5
struts2_namespace_ognl: Remove debugging code
2018-09-18 14:46:41 -05:00
a9e6257891
struts2_namespace_ognl multishot OGNL payloads for Windows Meterpreter support
2018-09-18 14:27:47 -05:00
d83e108e74
added check for valid apikey, changed available?
2018-09-18 14:19:16 -05:00
2cf1fbcb2c
storing user credentials
2018-09-18 13:27:46 -05:00
4fb223b293
Add Solaris RSH Stack Clash Privilege Escalation module
2018-09-18 17:38:59 +00:00
1a9aa8ac3b
Added exploit module for Delta Electronics Delta Industrial Automation COMMGR 1.08 Buffer Overflow
2018-09-18 16:09:05 +08:00
0108e41b04
Move AKA reference to Notes hash
2018-09-18 08:00:44 +00:00
2f5bd4b714
Add Solaris 'EXTREMEPARR' dtappgather Privilege Escalation module
2018-09-18 07:23:10 +00:00
549440595f
Land #10627 , Add SMB2 support to smb_enumshares
2018-09-17 22:34:42 -05:00
6126a627cc
Land #10570 , AKA Metadata Refactor
2018-09-17 22:29:20 -05:00
a814899dc2
Land #10660 , deregister RHOSTS as well as RHOST
2018-09-17 22:26:37 -05:00
1aabf8d83f
deregister RHOSTS as well
2018-09-17 22:26:16 -05:00
83af598e6a
Updated VS solution and module
2018-09-17 17:38:19 -05:00
5089c19453
Land #10620 Solaris 10 LPE for libnspr
2018-09-17 18:10:16 -04:00
011c25ed59
Merge changes from master (ghostscript)
2018-09-17 13:57:28 -05:00
fef728dccd
getting user credentials
2018-09-17 12:39:58 -05:00
30d8a38897
deregister_options RHOSTS
2018-09-17 16:58:57 +00:00
91edebb2ef
Add references, clean up code.
2018-09-17 10:30:54 -04:00
83039781de
Background payload execution
2018-09-17 08:42:04 +00:00
c8906f8772
Add check for Solaris system patch revision
2018-09-17 08:32:52 +00:00
ff5de7b81d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into srsexec
2018-09-16 20:11:30 -04:00
a9b9e7420b
update description
2018-09-16 19:51:15 +08:00
1d2519978d
improve div tags
2018-09-16 18:57:09 +08:00
2eb97ea07b
add ios blur dos module
2018-09-16 13:44:43 +08:00
4c036e70c1
Fix http://seclists.org links to https://
...
I have no idea how this happened in my own code. I was seeing https://.
2018-09-15 18:54:45 -05:00
1f4a1a388e
Update gcc path
2018-09-15 18:16:03 +00:00
44304d33b9
fix travis issues
2018-09-15 07:59:53 -04:00
af7d76b52d
changes from first review
2018-09-14 20:10:59 -04:00
f38e6f45ce
Redo dllinjection
2018-09-14 17:47:53 -05:00
d2f587894b
Initial metadata setup
2018-09-14 09:37:23 -05:00
900ea620c7
msftidy
2018-09-13 21:28:49 -04:00
6cef61ddbc
finish srsexec add docs
2018-09-13 21:20:09 -04:00
4cf344dd83
WIP: Initial CVE-2018-8440 / ALPC-TaskSched-LPE
2018-09-13 18:00:20 -05:00
2f53e370c9
srsexec working properly
2018-09-13 16:37:25 -04:00
e3178faa9a
Add metadata for teradata_odbc_sql.py
2018-09-13 13:09:01 -05:00
4a2f2107e5
move gather to escalate
2018-09-13 14:07:50 -04:00
4bb16f96a7
debugging srsexec
2018-09-13 14:07:50 -04:00
1af1895ac8
first attempt at srsexec
2018-09-13 14:07:50 -04:00
04cc7843a4
Typo fixes
2018-09-13 11:19:13 -05:00
2fbbf88ea9
Land #10560 , ms17_010_eternalblue: use SMBDomain value when provided
...
instead of ignoring it
Merge branch 'land-10560' into upstream-master
2018-09-13 10:08:54 -05:00
a8c459db18
Update description with correct patched release
2018-09-13 08:22:13 +00:00
5b81ebd81b
Land #10589 , multidrop support for word xml docs
2018-09-12 11:00:11 -05:00
0db1c34c40
Add check for Solaris system patches
2018-09-12 07:36:54 +00:00
d0e67c5b60
Add SMB2 support to smb_enumshares
2018-09-11 19:05:26 -05:00
a8f766cfd5
Update heartbleed description to mention `repeat`
2018-09-11 17:41:06 -05:00
354803185c
fix msftidy warning
2018-09-11 05:24:01 -04:00
e75b5592f7
Add ForceExploit option
2018-09-11 09:23:50 +00:00
1582dacb0e
Check WritableDir is writable
2018-09-11 09:06:15 +00:00
d658ccf653
Add Solaris libnspr NSPR_LOG_FILE Privilege Escalation module
2018-09-11 08:11:11 +00:00
d8f2d08058
finish up docs and 10 exploit
2018-09-10 21:08:30 -04:00
a3d74d926c
Land #9897 , Fix #8404 ListenerComm Support For Exploit::Remote::TcpServer
2018-09-10 16:25:55 -05:00
ea2fcb6fc4
Land #10593 , Refactor SSH mixins and update modules
2018-09-10 15:38:53 -05:00
87eb600510
Land #10611 , mRemote creds gather module fixes
...
Also update #10612 to align with these changes.
2018-09-10 15:25:09 -05:00
93a73f5e71
Fix store_loot OID
...
It's supposed to be a loot type, not the filename (now stored).
2018-09-10 15:19:28 -05:00
8b4820004d
Land #10612 , store_loot text/xml ctype fixes
2018-09-10 15:07:06 -05:00
3ec4d2f22b
Normalize loot type OID
...
1. Include the vendor, product, and technology
2. Content type is already reported, extension changed
3. Original filename including extension is also reported
Can we get some sort of standard on the OID?
2018-09-10 15:06:07 -05:00
3d5da50b12
Land #10598 , Store Credentials Found with PhpMyAdmin Password Extractor
2018-09-10 11:49:52 -05:00
589fb4bf3b
first try at ueb mix
2018-09-09 22:41:01 -04:00
39a2d9d2a8
save xml files as xml
2018-09-09 21:24:39 -04:00
0072d9b9b1
save as xml since it is
2018-09-09 21:22:15 -04:00
70e22707c0
vi loves tabs but i dont
2018-09-09 21:19:17 -04:00
f926f6e9af
fix pathing in mremoteng
2018-09-09 21:07:47 -04:00
718aaca0f4
Land #10546 , Add Apache Struts exploit: CVE-2018-11776
2018-09-07 14:54:23 -05:00
bd50e00ccc
Make some small changes:
...
Changes made:
* DisclosureDate
* Privileged to false
* Remove gsub for ';'
* Set cmd/unix/generic as the default payload for ARCH_CMD (linux)
2018-09-07 14:48:33 -05:00
b3cd4a89ad
Move CVE ref to top as per ~standard~
2018-09-07 14:33:25 -05:00
68ca771764
Add CVE reference to ghostscript_failed_restore.rb
2018-09-07 14:24:15 -05:00
99ca6cef49
Quote-block cleanup and improved error handling
2018-09-07 11:43:04 -05:00
dbace01015
modified regex lines
2018-09-07 11:13:09 -05:00
18ffd36409
storing config file, changed regex
2018-09-07 08:13:10 -05:00
3671f8f6b0
Handling for Tomcat namespace issues, 'allowStaticMethodAccess' settings, and payload output
...
Depending on the configuration of the Tomcat server, `allowStaticMethodAccess` may already be set. We now try to detect this as part of `profile_target`. But that check might fail. If so, we'll try our best and let the user control whether we prepend OGNL to enable `allowStaticMethodAccess` via the 'ENABLE_OGNL' option.
Additionally, sometimes enabling `allowStaticMethodAccess` will cause the OGNL query to fail.
Additionally additionally, some Tomcat configurations won't provide output from the payload. We'll detect that the payload ran successfully, but tell the user there was no output.
2018-09-06 17:56:42 -05:00
7eb06b4592
Address travis errors: Updated metadata and target OS logic
2018-09-06 12:43:56 -05:00
6c3b1081ea
added function to grab and store user and passwd
2018-09-06 12:03:00 -05:00
cb16f812ec
struts2_namespace_ognl updates from code review
...
Thanks to @wvu, @firefart, and @wchen!
2018-09-06 11:50:57 -05:00
dd476066cf
Land #10584 , fix session upgrade HANDLE_TIMEOUT and upgrading osx shells
2018-09-06 05:52:40 -05:00
e1ec0ec899
hash_dump now working properly up to Mac OS X High Sierra (10.13.6 included)
2018-09-06 12:00:36 +02:00
35fb0d19ab
Refactor SSH mixins and update modules
2018-09-05 23:53:11 -05:00
d23b252393
Land #10592 , support ERB for foxit_reader_uaf.rb
2018-09-05 21:48:52 -05:00
254e8b9fd0
Cleanup for foxit_reader_uaf
2018-09-05 21:47:57 -05:00
243267b2f5
Add Linux dropper target
2018-09-05 19:57:12 -05:00
61044e8bca
Refactor targets to align with current style
2018-09-05 19:56:32 -05:00
692ddc8b8b
Eschew updating imagemagick_delegate
...
The hype is over, and the target was provided as a bonus. Now update the
module language to reflect that.
2018-09-05 19:56:32 -05:00
1491f13bd5
Add Ghostscript failed restore exploit
2018-09-05 19:56:32 -05:00
13ff71b879
Clean up previous modules
...
Missed in 35670713ff
2018-09-05 19:56:32 -05:00
55bf6e5dd4
removed require in erb file
2018-09-05 18:09:29 -05:00
1f16052988
Make key random and fix RPC
2018-09-05 15:09:47 -05:00
6a3a4de289
included path to erb, removed multiline pdf string
2018-09-05 14:09:10 -05:00
14aee3a822
Added auxiliary/fileformat/multidrop support for Word XML documents
2018-09-05 11:51:48 -05:00
b7da75d860
fix #10576 , fix session upgrade HANDLE_TIMEOUT
2018-09-04 16:46:33 +08:00
e9c4698291
Support RPC
2018-09-03 22:15:23 -05:00
180c697684
Update windows_defender_exe
2018-09-02 13:10:11 -05:00
93e9253aeb
Update countdown.rb
2018-09-01 02:40:26 +02:00
e243ce9eee
Update AKA for ghostscript_type_confusion
2018-08-31 16:56:35 -05:00
5092d561f9
Update AKA values for ms17_010_psexec
2018-08-31 16:56:28 -05:00
69a785ff46
Update json for python modules
2018-08-31 16:56:22 -05:00
eb17d9b198
Refactor AKA references for modules
2018-08-31 16:56:05 -05:00
8fe8bf62e3
Renamed to match existing `struts2_content_type_ognl` and improved comments
2018-08-31 13:48:22 -05:00
0dea5fcfd9
Land #10565 , Add Dolibarr ERP/CRM Auxiliary Module
2018-08-31 13:47:46 -05:00
35022d8332
Added payload upload+execution and OGNL-specific URI encoding
2018-08-31 13:39:42 -05:00
bcaa6e90f6
Fix targeting
2018-08-31 13:37:23 -05:00
5c6b33bcf4
Add support for evasion targets, also module doc
2018-08-31 11:45:29 -05:00
aa9d0d7c6c
using uri_encode
2018-08-31 08:41:25 -05:00
b1151b9d12
modified login_uri
2018-08-31 08:08:46 -05:00
7c7f63df45
Fix missing normalize_uri in struts2_rest_xstream
...
I missed this one previously. May not be necessary but nice to have.
2018-08-30 15:56:43 -05:00
42af28a86a
printing and storing credentials
2018-08-30 14:17:37 -05:00
85c4abac99
storing credentials
2018-08-30 13:59:00 -05:00
a9376266bc
Land #10484 , Add PhpMyAdmin password extractor
2018-08-30 12:16:17 -05:00
924e61c5c1
Added check and removed register_options
2018-08-30 12:13:39 -05:00
6ec8522786
Land #10482 , Add Network Manager VPNC Privesc
2018-08-30 10:46:54 -05:00
9d3e1c1942
Land #10540 , weblogic_deserialize, add check method and linux target
2018-08-30 06:08:03 -05:00
953bafc7e7
Land #10545 , foxit fix generated strings, update doc
2018-08-30 05:55:44 -05:00
0887236f5e
Fix spaces issue
2018-08-29 19:28:48 -04:00
a282d2a8b1
fix: rescue rex runtime errors in x86/nonalpha
2018-08-30 01:22:24 +02:00
2616472025
fix: rescue rex runtime errors in x86/countdown
2018-08-30 01:22:24 +02:00
d489cd7248
ms17_010_eternalblue: use SMBDomain value when provided instead of ignoring it
2018-08-29 23:53:58 +02:00
AverageSecurityGuy
Jacob Robles
William Vu
Brendan Coles
h00die
bwatters-r7
Adam Cammack
Shelby Pace
Hubert Lin
Wei Chen
asoto-r7
Brent Cook
Erin Bleiweiss
Tim W
pwnforfun
stefano118
Austin
phra
Clément Notin