988471b860
Land #7372 , useless use of cat fix
...
Obligatory: modules/exploits/linux/local/kloxo_lxsuexec.rb.
2016-09-28 16:37:11 -05:00
3033c16da6
Add missing rank
2016-09-28 16:37:04 -05:00
b46073b34a
Replace `cat` with Ruby's `read_file`
...
Thanks to wvu-r7 for the comment
2016-09-28 23:22:19 +02:00
45ee59581b
Fix inverted logic in Docker exploit
...
Positive condition should be tested first, imo. Confusing otherwise. My
bad, though.
Credit to @fslavin-r7.
2016-09-28 15:36:09 -05:00
ab94bb9cdd
Land #7365 , nonce fix for Ninja Forms exploit
2016-09-28 13:57:08 -05:00
dbb2abeda1
Remove the `cat $FILE | grep $PATTERN` anti-pattern
...
The `kloxo_lxsuexec.rb` and `netfilter_pvi_esc.rb` exploits
were using the infamous `cat+grep` anti-pattern, this commit
replaces it with `cat` and Ruby's `.include?` method.
2016-09-28 13:41:25 +02:00
f838c9990f
Fix nonce bug in wp_ninja_forms_unauthenticated_file_upload
...
If wordpress saves the nonce value in JavaScript, we could get an
undefined method for nil.
2016-09-27 11:30:52 -05:00
76b3c37262
Fix msftidy errors
2016-09-27 22:56:07 +10:00
0e82ced082
Add LPE exploit module for the capcom driver flaw
...
This commit includes:
* RDI binary that abuses the SMEP bypass and userland function pointer
invocation that is provided by the driver.
* Related metasploit module.
* Associated make.build to build from command line.
* Updated command line build file.
This also includes the beginnings of a new set of functions that help
with the management/automation of kernel-related work on Windows for
local priv esc exploits.
2016-09-27 22:37:45 +10:00
6382fffc75
Land #7326 , Linux Kernel Netfilter Privesc
2016-09-26 12:38:50 -05:00
a13e83af8a
Land #7357 , Stagefright CVE-2015-3864
2016-09-25 17:10:06 -05:00
23e5556a4c
binary drops work!
2016-09-24 21:31:00 -04:00
dbf66f27d5
Add a browser-based exploit module for CVE-2015-3864
2016-09-23 11:14:31 -05:00
639dee993a
Fixed interactive password prompt issue
...
Fixed an issue where the exploit would drop to interactive password prompt by default on newer ruby version which rendered the exploit unusable. It now properly forces pubkey authentication instead and proceeds with the bypass as expected.
2016-09-23 17:03:40 +01:00
5de1d34869
Land #7341 , add module metasploit_static_secret_key_base
2016-09-23 09:20:48 -05:00
7646771dec
refactored for live compile or drop binary
2016-09-22 20:07:07 -04:00
bc425b0378
Update samsung_security_manager_put
...
This patch improves the following
* Stage 1 XSS/JS attack to use the body.onload callback
* Better timing for FF
2016-09-22 12:02:49 -05:00
9f3c8c7eee
Land #7268 , add metasploit_webui_console_command_execution post-auth exploit
2016-09-22 00:50:58 -05:00
88cef32ea4
Land #7339 , SSH module fixes from net:ssh updates
2016-09-22 00:27:32 -05:00
04f8f7a0ea
Land #7266 , Add Kaltura Remote PHP Code Execution
2016-09-21 17:14:49 -05:00
dcfbb9ee6a
Tidy info
...
Replace errant \t with \x20
2016-09-21 20:14:11 +10:00
1e24568406
Tweak verbosity re: found secrets
2016-09-21 20:14:08 +10:00
30d07ce0c7
Tidy metasploit_static_secret_key_base module
...
* Inline magic values
* Optimise out dead Rails3-specific code
2016-09-21 20:13:58 +10:00
8b1d29feef
Land #7304 , fix rails_secret_deserialization popchain
2016-09-20 16:05:03 -05:00
2d3c167b78
Grammar changes again.
2016-09-20 23:51:12 +03:00
0f16393220
Yet another grammar changes
2016-09-20 19:48:40 +03:00
fb00d1c556
Another minor grammer changes
2016-09-20 19:23:28 +03:00
251421e4a7
Minor grammar changes
2016-09-20 10:37:39 -05:00
385428684f
Move module and docs under the exploit/linux/http folder
2016-09-20 12:45:23 +03:00
a9a1146155
fix more ssh option hashes
2016-09-20 01:30:35 -05:00
c689a8fb61
Removing empty lines before module start
2016-09-20 01:42:18 +03:00
29a14f0147
Change References to EDB number and remove 4 space
2016-09-20 01:31:56 +03:00
a1ca27d491
add module metasploit_static_secret_key_base
2016-09-20 07:04:00 +10:00
e315ec4e73
Merge branch 'master' into bug/7321/fix-ssh-modules
2016-09-19 15:27:37 -05:00
3bc566a50c
fix email
2016-09-18 20:09:38 -04:00
edd1704080
reexploit and other docs and edits added
2016-09-18 09:01:41 -04:00
4f85a1171f
reexploit and other docs and edits added
2016-09-18 08:51:27 -04:00
53d4162e7d
Send payload with POST rather than custom header.
2016-09-17 23:11:16 +03:00
d2100bfc4e
Land #7301 , Support URIHOST for exim4_dovecot_exec for NAT
2016-09-16 12:49:57 -07:00
7c396dbf59
Use URIHOST
2016-09-16 12:48:54 -07:00
4d0643f4d1
Add missing DefaultTarget to Docker exploit
2016-09-16 13:09:00 -05:00
da516cb939
Land #7027 , Docker privesc exploit
2016-09-16 12:44:21 -05:00
e3060194c6
Fix formatting in ubiquiti_airos_file_upload
...
Also add :config and :use_agent options.
2016-09-16 12:27:09 -05:00
4be4bcf7eb
forgot updates
2016-09-16 02:08:09 -04:00
2e42e0f091
first commit
2016-09-16 01:54:49 -04:00
a7103f2155
Fix missing form inputs
...
Also improve check string.
2016-09-15 19:19:24 -05:00
dfcd5742c1
some more minor fixes
...
some more minor fixes around broken
ssh modules
7321
2016-09-15 14:25:17 -05:00
e10c133eef
fix the exagrid exploit module
...
split the exagrid exploit module up and
refactor to be able to easily tell if the
key or the password was used
7321
2016-09-15 11:44:19 -05:00
116c754328
tidy Platform
2016-09-15 10:35:42 +10:00
8a0c8b54fc
merge branch 'master' into PR branch
...
make Travis happy
2016-09-15 10:31:24 +10:00
William Vu
jvoisin
Julien (jvoisin) Voisin
wchen-r7
OJ
Pearce Barry
Adam Cammack
h00die
Joshua J. Drake
George Papakyriakopoulos
Brent Cook
Brendan
Justin Steven
Louis Sato
Mehmet Ince
David Maloney
Thao Doan