Commit Graph

21945 Commits (082ce7acb8e47be07434a51695197ae30d70dfe0)

Author SHA1 Message Date
Mehmet Ince 6aa42dcf08
Add solarwinds default ssh user rce 2017-03-17 21:54:35 +03:00
William Webb 1180bd6ed7
Land #8037, priv_migrate improvements 2017-03-17 13:19:51 -05:00
Brent Cook 52cea93ea2 Merge remote-tracking branch 'upstream/master' into land-8118- 2017-03-17 12:39:30 -05:00
Brent Cook e67c83e92c
Land #8119, Updated rails_secret_deserialization to add '.' cookie regex 2017-03-17 12:34:25 -05:00
Brent Cook ea4ca7ecc5
Land #8116, Handle ::Errno::ECONNRESET in telnet_version 2017-03-17 12:32:02 -05:00
Pearce Barry 095a110e65
Code and doc tweaks (minor).
Only one behavior change in the scan loop of zstumbler.rb to, when doing a scan across all the channels, keep it from retrying channel 11 again one last time just before it exits.
2017-03-16 21:43:36 -05:00
William Vu db6bc6c784
Land #8100, msfcrawler improvements
Does anyone use this anymore??
2017-03-16 21:31:23 -05:00
Chris Higgins 7a12e446a0 Updated documentation and fixed module header. Whoops, copy/paste fail. 2017-03-16 21:28:24 -05:00
bwatters-r7 ab75794cd4
Land #8071, Add API to send an MMS message to mobile devices 2017-03-16 11:57:34 -05:00
Craig Smith 78586f0dc9 Fixed an extra space at the EOL 2017-03-16 09:22:01 -07:00
Dallas Kaman 80c33fc27f
adding '-' to rails deserialization regex for cookie matching 2017-03-16 10:54:32 -05:00
Thomas Reburn 59c7de671e
Updated rails_secret_deserialization to add '.' regex for cookie matching. 2017-03-16 10:45:43 -05:00
Chris Higgins f4bb1d6a37 Updated based on @wvu's comments 2017-03-15 19:15:12 -05:00
bwatters-r7 91a4657c36 Bumped the metasploit-payloads version and cache sizes with PR#8043 2017-03-15 19:02:21 -05:00
bwatters-r7 b2a7d18584 Update cached payload sizes 2017-03-15 18:43:48 -05:00
Mehmet Ince f706c4d7f6
Removing prefix 2017-03-16 00:49:55 +03:00
wchen-r7 a1d7748d82 Fix #8061, Handle ::Errno::ECONNRESET in telnet_version
Fix #8061
2017-03-15 16:33:37 -05:00
Mehmet Ince 60186f6046
Adding CVE number 2017-03-16 00:31:21 +03:00
wchen-r7 d4ee254057
Land #8076, Add Easy File Sharing FTP Server Version 3.6 traversal 2017-03-15 16:17:13 -05:00
wchen-r7 8afe6a9061 Update easy_file_sharing_ftp and add documentation 2017-03-15 16:14:41 -05:00
William Vu a0ba3f17e7
Land #8110, process migration by name fix 2017-03-15 15:52:54 -05:00
William Vu 456ddcebc0 Remove nil values that are default already
There are four lights!
2017-03-15 15:51:22 -05:00
Brent Cook 8995629037
Land #7061, allow chaining the service stub with other encoders 2017-03-15 13:56:09 -05:00
Brent Cook b65919e7b1
Land #7956, Add QNAP NAS/NVR administrator hash disclosure 2017-03-15 11:12:59 -05:00
William Vu 0a71e4a903 Update check with Exploit::CheckCode::Appears 2017-03-15 05:13:30 -05:00
William Vu 86d2217f4d Fix whitespace and clarify options 2017-03-15 04:27:30 -05:00
William Vu a0bff5c8c3 Bump RETRIES to 10
3 was a bit too low. I was using 10 and had more success with it.
2017-03-15 03:18:09 -05:00
Chris Higgins b3fbbbee34 Spelling is hard 2017-03-14 23:34:00 -05:00
Chris Higgins cc4f18e6c5 Add sysgauge_client_bof module and documentation 2017-03-14 23:29:19 -05:00
William Webb e96013cd0f
Land #7781, IBM Websphere Java Deserialization RCE 2017-03-14 17:21:18 -05:00
wchen-r7 cf8b4a78fa
Bring branch up to date with upstream-master 2017-03-14 16:48:33 -05:00
Rich Whitcroft 04f11b0bf7 fix migrate by process name 2017-03-14 17:27:46 -04:00
wchen-r7 1736332638
Land #8103, Add CVE-2017-5638, Struts2 Content-Type OGNL injection 2017-03-14 16:10:49 -05:00
wchen-r7 9201f5039d Use vprint for check because of rules 2017-03-14 15:02:54 -05:00
James Lee f429b80c4e
Forgot to rm this when i combined 2017-03-14 12:18:11 -05:00
William Vu 01ea5262b8
Land #8070, msftidy vars_get fixes 2017-03-14 12:05:24 -05:00
William Vu 5c436f2867 Appease msftidy in tr064_ntpserver_cmdinject
Also s/"/'/g.
2017-03-14 11:52:21 -05:00
William Vu 5d6a159ba9 Use query instead of uri in mvpower_dvr_shell_exec
I should have caught this in #7987, @bcoles, but I forgot. Apologies.
This commit finishes what @itsmeroy2012 attempted to do in #8070.
2017-03-14 11:51:55 -05:00
itsmeroy2012 79331191be msftidy error updated 2.5 2017-03-14 22:02:59 +05:30
itsmeroy2012 67fc43a0a1 msftidy error updated 2.4 2017-03-14 21:33:53 +05:30
James Lee 53c9caa013
Allow native payloads 2017-03-13 20:10:02 -05:00
James Lee 2053b77b01
ARCH_CMD works 2017-03-13 18:37:50 -05:00
wchen-r7 bb4d6e17c8 Resolve #8026, Add a plugin to notify new sessions via SMS
This plugin will notify you of a new session via SMS.

It also changes the SMS text format to MIME.

Resolve #8026
2017-03-13 16:13:59 -05:00
itsmeroy2012 fe4e2306b4 Reverting one step 2017-03-13 22:22:24 +05:30
Jon P 665adec298 Patching storedb function (adding host/port/ssl for correct report_web_page) 2017-03-13 17:37:47 +01:00
wizard32 78ff7a8865 Module renamed
Renamed from websphere_java_deserialize.rb to ibm_websphere_java_deserialize.rb
2017-03-13 08:22:24 +02:00
William Vu 9f76b4d99c Change default RPORT to 443 with SSL
I never really tested port 80, so I wonder why I didn't change this.
Turns out 80 isn't even the vuln service. Welp. Hat tip @bcoles.
2017-03-12 21:03:31 -05:00
William Vu e7c920db44 Remove DEBEUG/print_debeug :( 2017-03-12 21:01:48 -05:00
William Vu d57b772ac9 Bump default RETRIES to 3 2017-03-12 21:00:38 -05:00
William Vu 8638f9ec7e Update freesshd_authbypass to use CmdStager fully 2017-03-11 19:59:39 -06:00
Pearce Barry 4e32c80e8e
Use the Msf::Exploit::CmdStager mixin. Fixes #8092. 2017-03-11 17:44:05 -06:00
William Vu fe4f20c0cc
Land #7968, NETGEAR R7000 exploit 2017-03-10 16:02:30 -06:00
dmohanty-r7 25bfa88c46
Land #7877, Add mDNS query spoofing service 2017-03-10 15:44:57 -06:00
itsmeroy2012 1c54e0ba94 msftidy error updated 2.2 2017-03-10 23:59:38 +05:30
itsmeroy2012 6d8789a56e Updated msftidy error 2.1 2017-03-10 23:03:37 +05:30
itsmeroy2012 c0f17cf6b8 msftidy error updated 2.0 2017-03-10 22:16:27 +05:30
jvoisin 84b9449137 Add some binaries to enum_protections
- gradm2 for grsec
- aa-status for apparmor
- getenforce for setlinux
2017-03-10 14:16:58 +01:00
Mehmet Ince f6bac3ae31
Add iso link to md file and change CheckCode code 2017-03-10 13:00:49 +03:00
James Lee e7b65587b4
Move to a more descriptive name 2017-03-09 14:19:06 -06:00
James Lee e07d5332de Don't step on the payload accessor 2017-03-09 13:54:00 -06:00
James Lee d92ffe2d51 Grab the os.name when checking 2017-03-09 13:52:58 -06:00
James Lee 83f5f98bb0
Merge remote-tracking branch 'upstream/pr/8074' into land-8072 2017-03-09 11:08:29 -06:00
flakey-biscuits 0ab3ad86ee change dnalims_file_retrieve module type 2017-03-09 10:06:31 -05:00
flakey-biscuits 95a01b9f5e add dnaLIMS exploits 2017-03-09 09:46:18 -05:00
William Vu 081ca17ebf Specify default resource in start_service
This eliminates the need to override resource_uri. Depends on #8078.
2017-03-09 03:00:51 -06:00
wchen-r7 ed22902fd4 Support the subject field 2017-03-08 11:40:08 -06:00
Craig Smith f60dae0917 Lots of syntax fixups from rubocop 2017-03-08 09:21:33 -08:00
Ahmed Elhady Mohamed 183be81ba8 Easy File Sharing FTP Server Directory Traversal 2017-03-08 17:59:27 +02:00
= c52b0cba5e msftidy error on master updated 2017-03-08 20:58:01 +05:30
William Vu 0f899fdb0b Convert ARCH_CMD to CmdStager 2017-03-08 07:35:37 -06:00
Brent Cook e18eb98e49
Land #8019, fix issues from #7817 with post/multi/gather/firefox_creds 2017-03-08 05:46:21 -05:00
Koen Riepe c8215e609a
pushing fixes again, something failed. 2017-03-08 10:16:06 +01:00
Koen Riepe 2546263d50
Improved error handling and general fixes 2017-03-08 10:11:05 +01:00
root c5fb69bd89 Struts2 S2-045 Exploit 2017/03/08 2017-03-08 14:26:33 +08:00
root b73a884c05 struts2_s2045_rce.rb 2017-03-08 13:38:18 +08:00
nixawk 75a1d979dc Fix: Incorrect disclosure month forma 2017-03-07 20:28:29 -06:00
nixawk fc0f63e774 exploit Apache Struts2 S2-045 2017-03-07 20:10:59 -06:00
wchen-r7 e327f9b330 Update other module descriptions 2017-03-07 16:55:06 -06:00
wchen-r7 dc13b84189 Bring mms branch up to date w/ master 2017-03-07 16:13:39 -06:00
Jin Qian 7e19486a97
Merge branch 'wchen-r7-sms' into upstream-master
Merged #8047
2017-03-07 15:56:00 -06:00
= 7976966ce9 Issue 7923 - msftidy errors on master 2017-03-08 03:12:41 +05:30
wchen-r7 fbde0d18f2 Add auxiliary/client/mms/send_mms 2017-03-07 12:53:17 -06:00
Craig Smith 4e9b8946d8 Fixed some small msftidy issues 2017-03-06 22:47:37 -08:00
Craig Smith 60cd04bc7b Added module for zstumbler 2017-03-06 16:10:14 -08:00
juushya 0b5da60564 Added nil check + formatting edits 2017-03-07 02:17:21 +05:30
juushya d99d81992f Added nil check + formatting edits 2017-03-07 02:16:01 +05:30
juushya 05efb61d3b Added nil check + formatting edits 2017-03-07 02:14:18 +05:30
juushya 62b0efd99d Added nil check + formatting edits 2017-03-07 01:44:23 +05:30
juushya 9a5ab604e5 Added nil check + formatting edits 2017-03-07 01:21:07 +05:30
juushya 2d8e3c73f5 Minor edits 2017-03-07 00:20:05 +05:30
juushya 3ab214e758 Minor edits 2017-03-07 00:03:24 +05:30
wchen-r7 a466dc44c6 Do exception handling for sms client 2017-03-06 10:54:08 -06:00
Pearce Barry b5afac6627
Per PR #8054, we don't need the OUTPUTPATH option here. 2017-03-03 16:20:01 -06:00
Pearce Barry 4362c891b6
Land #8054, Fix #8052, remove forgotten OUTPUTPATH option 2017-03-03 15:36:30 -06:00
Brent Cook bb140b9581
fix deprecated target ARCH 2017-03-03 13:38:16 -06:00
William Webb d76e80bc44
Land #7424, Ektron Webservices XSLT Remote Code Execution 2017-03-03 12:12:21 -06:00
wchen-r7 48e06e27b0 Fix #8052, remove forgotten OUTPUTPATH option
Fix #8052
2017-03-03 12:00:07 -06:00
wchen-r7 6ad8afb8b3 Add API to send a text message (SMS) to mobile devices 2017-03-02 16:47:55 -06:00
juushya e8460c3b94 Minor edit 2017-03-03 02:37:20 +05:30
juushya fafd35330d Add epmp1000 dump hashes module 2017-03-03 02:22:34 +05:30
juushya c6e65b1521 Minor edits 2017-03-03 02:00:19 +05:30
juushya 6bd09c142f Minor edits 2017-03-03 00:53:17 +05:30
juushya c9a354b844 Added nil checks 2017-03-01 20:18:51 +05:30
Louis 759b67c565 Fix ru_as_psh with domain accounts
The current versions has too many escape backslashes, as a result, running run_as_psh for domain users does not work.
Also added support for DOMAIN\\User format in the USER parameter.
2017-03-01 13:38:15 +11:00
h00die fb5e090f15 fixes from jvoisin 2017-02-28 20:09:26 -05:00
Mehmet Ince e5636d6ce1
Adding logsign rce module and doc 2017-02-28 21:04:37 +03:00
Brent Cook 031285d49a update payloads 2017-02-28 03:04:53 -06:00
Brent Cook 8c876f4a57
Land #7996, Major rewrite and cleanup of reverse shell jcl payload 2017-02-28 02:12:40 -06:00
Craig Smith d4e5cb7993 Fixes #8022
Adds detection for ELM327 chips reporting CAN ERROR when vehicle is off.
Addes some enhanced UDS Error codes.
Cleaned up reporting from getvinfo if the vehicle is off or not connected.
2017-02-27 21:09:57 -08:00
Josh Hale def5088097 Change NOFAIL default to false 2017-02-27 20:37:58 -06:00
Josh Hale 2f5dd38957 Update Admin target list and module description 2017-02-27 20:19:59 -06:00
Craig Smith dcb42a3e69 Initial zigbee support using killerbee. Core session setup portion 2017-02-27 17:29:54 -08:00
Josh Hale 3333019e5f Check if current admin proc is in target list 2017-02-27 18:55:25 -06:00
Josh Hale 717879f3df Downcase targets and current proc name 2017-02-27 18:28:46 -06:00
Josh Hale 8e8e7244f4 Add exit language 2017-02-27 18:07:15 -06:00
Josh Hale e1d76b8ff6 Add more error handling 2017-02-27 17:06:16 -06:00
wchen-r7 69c7b0168c Restore USERNAME and PASSWORD options for owa_login
Requested by our own pentesters, the username & password options
should be restored so users can more easily try one password but
multiple users.
2017-02-27 15:04:06 -06:00
Josh Hale ffb54a13fe Add NOFAIL datastore option 2017-02-27 12:41:18 -06:00
Koen Riepe 264cfc9bd4
Added OPTIONS to the module 2017-02-27 13:24:31 +01:00
Josh Hale 81efe096aa Update Author Handle 2017-02-26 21:01:19 -06:00
h00die e3e607a552 reword description 2017-02-26 15:24:22 -05:00
h00die 0c353841ab forgot add fixes for travis 2017-02-25 23:25:36 -05:00
h00die a8609f5c66 ntfs-3g lpe 2017-02-25 23:09:22 -05:00
Pearce Barry 37066acc03
Try harder to get user id, correctly handle dirs with spaces.
Fixes #7817.
2017-02-25 20:32:53 -06:00
bwatters-r7 1e28e2b2c7 Cache sizes again... 2017-02-24 20:43:13 -06:00
bwatters-r7 493f17761b payload cache size change- all together, now 2017-02-24 20:23:34 -06:00
bwatters-r7 15af90c011 payload cache size change 2017-02-24 20:22:27 -06:00
William Vu 634753f985 Add QNAP admin hash "disclosure" 2017-02-24 19:18:30 -06:00
William Webb d9a7fac399
Land #8004, Use post/windows/manage/priv_migrate instead of migrate -f 2017-02-24 17:30:14 -06:00
Pedro Ribeiro f18b533226 change platform time to unix (although it is linux in reality but whatevs) 2017-02-24 22:58:24 +00:00
James Barnett 2631259919 Land #7973, Enable cert validation for Nexpose
This PR enables connection to a Nexpose console using the
nexpose client gem.

It also allows you to connect using a trusted certificate
instead of simply overriding the SSL validation.
2017-02-24 14:27:24 -06:00
Koen Riepe b2ad8938ff
Added tomcat_gather modules to Metasploit. 2017-02-24 15:15:55 +01:00
Koen Riepe 45b1f796e4
Added archmigrate module to metasploit. 2017-02-24 10:29:19 +01:00
h00die 43550b8cdf fixing line length 2017-02-23 19:55:23 -05:00
h00die 041238f77c
land #7896 Binom3 power meter scanner and brute 2017-02-23 19:49:50 -05:00
wchen-r7 70f7dccf62 copy and paste fail 2017-02-23 17:11:08 -06:00
wchen-r7 5d0b532b20 Fix #8002, Use post/windows/manage/priv_migrate instead of migrate -f
Because migrate -f uses a meterpreter script, and meterpreter scripts
are deprecated, we should be replacing with a post module

Fix #8002
2017-02-23 17:04:36 -06:00
William Vu 236606838a
Land #7987, MVPower DVR exploit 2017-02-23 01:46:04 -06:00
Brendan Coles 0b34efab43 Add documentation 2017-02-23 06:59:05 +00:00
Brendan Coles 5d3a4cce67 Use all caps for module option names 2017-02-23 16:30:01 +11:00
bigendiansmalls 27a7b279f5
Major rewrite and cleanup of reverse shell jcl
The shell does exactly the same as the previous, just made the code read much
better so as to not severely anger the gray beards and other lesser
mainframe deities.  The only architectural change is the payload uses the
spawn system call vs exec - this provides for a cleaner exit in some cases.
2017-02-22 17:17:27 -06:00
Brendan Coles dc30dd70da Add Windows Gather DynaZIP Saved Password Extraction post module 2017-02-22 22:20:19 +00:00
bwatters-r7 40e6413867
Land #7980, Add a sploit for CVE-2017-5982, kodi file traversal 2017-02-22 13:11:48 -06:00
Carter 25b3cc685a Update netgear_r7000_cgibin_exec.rb 2017-02-22 11:36:52 -05:00
Brendan Coles 47fec5626e Style update 2017-02-22 07:56:17 +00:00
Brendan Coles e491f01c70 Add MVPower DVR Shell Unauthenticated Command Execution module 2017-02-22 05:15:57 +00:00
wchen-r7 48f6740fee
Land #7969, Add Module Trend Micro IMSVA Remote Code Execution 2017-02-21 17:29:04 -06:00
bwatters-r7 a9b9a58d4d
Land #7893, Add Module AlienVault OSSIM/USM Remote Code Execution 2017-02-21 13:35:56 -06:00
William Webb 83cc28a091
Land #7972, Microsoft Office Word Macro Generator OS X Edition 2017-02-21 13:26:42 -06:00
Jan-Erik Rediger 49da6289a9 Fix typo in smtp fuzzer 2017-02-20 21:47:59 +01:00
jvoisin 73eed104a9 Take into account @h00die's comments. 2017-02-20 13:22:20 +01:00
William Vu dad21b1c1d
Land #7979, another downcase fix for a password 2017-02-19 21:26:52 -06:00
jvoisin 7bd6aff1cf Add a sploit for CVE-2017-5982 2017-02-19 21:57:27 +01:00
h00die 92c1fa8390 remove downcase 2017-02-18 20:13:32 -05:00
Carter e99ba0ea86 Msftidy stuff 2017-02-18 00:34:49 -05:00
Carter 189d5dc005 Thanks netgear 2017-02-18 00:15:45 -05:00
Brent Cook ef2fff798e update sizes 2017-02-17 18:57:02 -06:00
Brent Cook 24151a9c27
Land #7753, Add auxiliary RomPager misfortune cookie authentication bypass 2017-02-17 18:07:15 -06:00
Carter 52350292cf Fix msftidy warning 2017-02-17 18:41:11 -05:00
Carter 63d1de9acd Updates from review
Also testing some things, line 84 and 85 mostly
2017-02-17 18:29:46 -05:00
Brent Cook 2c570b6709
Land #7942, Microsoft SQL Server Clr Stored Procedure Payload Execution 2017-02-17 17:28:54 -06:00
Brent Cook e4c324c988
Land #7941, treat a user with no mailbox as a valid credential anyway 2017-02-17 17:09:57 -06:00
Brent Cook 8019a9e519
Land #7947, fix crash in panda_psevents when an unexpected target OS is found 2017-02-17 14:08:27 -06:00
wchen-r7 1f23b44003 I modified windows/fileformat/office_word_macro the wrong way 2017-02-16 23:16:06 -06:00
Jeffrey Martin cbfe18e4d7
use certificates in nexpose 2017-02-16 14:34:02 -06:00
wchen-r7 7503f643cc Deprecate windows/fileformat/office_word_macro
Please use exploits/multi/fileformat/office_word_macro instead,
because the new one supports OS X.
2017-02-16 12:32:14 -06:00
wchen-r7 3d269b46ad Support OS X for Microsoft Office macro exploit 2017-02-16 12:28:11 -06:00
Carter 811f6d4d58 Update netgear_r7000_cgibin_exec.rb 2017-02-16 08:38:06 -05:00
Carter 90224af813 Fix msftidy warning 2017-02-15 22:39:16 -05:00
Carter 81d63c8cc7 Create netgear_r7000_cgibin_exec.rb 2017-02-15 22:33:48 -05:00
Craig Smith 8f1856c5d1 Fixed a bug with DTC decoding.
DTC Codes now print the English error messages next to their code with getvinfo
Frozen DTCs can also be fetched via get_frozen_dtcs()
2017-02-15 16:26:23 -08:00
David Manouchehri f113114643 Added assigned CVE. 2017-02-15 17:05:23 -05:00
aushack 3b386f86f6 Typo fix. 2017-02-14 17:05:46 +11:00
h00die 843f559069
land #7917 piwik exploit module 2017-02-14 00:52:27 -05:00
OJ ec316bfb6c
Use DATABASE when logging in with SQL mixin 2017-02-14 10:34:27 +10:00
h00die a47a479bd3 add else case 2017-02-12 19:08:31 -05:00
juushya e6bfbb7c78 Added random cookie gen, res checks, & minor updates 2017-02-12 16:55:11 +05:30
juushya 906ca6c24e Add Carlo Gavazzi module 2017-02-11 11:18:43 +05:30
James Barnett 94a234e5bf
Specify sname as http/https to keep with standards throughout the code. 2017-02-10 17:31:08 -06:00
Christian Mehlmauer baa473a1c6
add piwik superuser plugin upload module 2017-02-11 00:20:50 +01:00
James Lee 026f6eb715
Land #7929, improve php_cgi_arg_injection 2017-02-10 10:01:38 -06:00
OJ 2d834a3f5a
Finalise module, and add supporting binaries 2017-02-10 12:56:40 +10:00
jakxx 58779f0aaf owa_login no mailbox bugfix
The owa_login module currently misses a success condition where the
creds are valid but there is no mailbox setup. This commit adds the
check for the condition for OWA 2013.
2017-02-09 21:35:58 -05:00
OJ 1c62559e55
Add v1 of SQL Clr stored proc payload module 2017-02-10 10:28:22 +10:00
wchen-r7 4a9a8adaa1
Land #7928, http_version now stores the fingerprints 2017-02-09 16:28:51 -06:00
Jeffrey Martin d7a6edb5a4 Land #7939, Override `empty?` for the weird ones 2017-02-09 15:40:24 -06:00
James Lee 4f13bde471
Override `empty?` for the weird ones
Fixes #7899
2017-02-09 14:57:20 -06:00
bwatters-r7 272d1845fa
Land #7934, Add exploit module for OpenOffice with a malicious macro 2017-02-09 13:42:58 -06:00
Christian Mehlmauer 8ade9b8aae
Land #7905, WordPress content injection module 2017-02-09 15:49:50 +01:00
wchen-r7 e1a1ea9d68 Fix grammar 2017-02-08 19:26:35 -06:00
William Vu cf395ea7b1 Make error checks more consistent 2017-02-08 18:00:44 -06:00
William Vu 0d56676690 Add error check for listing posts 2017-02-08 17:13:12 -06:00
wchen-r7 047a9b17cf Completed version of openoffice_document_macro 2017-02-08 16:29:40 -06:00
Spencer McIntyre cba5e266f8
Land #7916, module for netgear password disclosure 2017-02-08 15:48:55 -05:00
Carter e7b421e226 Update netgear_password_disclosure.rb 2017-02-08 13:40:11 -05:00
Mehmet Ince 4ee05313d8
Update tested version numbers 2017-02-08 19:31:01 +03:00
William Vu 766e7b013d Once more, with feeling 2017-02-08 09:17:37 -06:00
William Vu a71b097e6b Revert status iteration, since it doesn't work
Also.
2017-02-08 09:13:42 -06:00
Carter fd935c8e3c Update netgear_password_disclosure.rb 2017-02-08 09:14:39 -05:00
William Vu 6b2a995a7d Revert AutoPublish, since it doesn't work
Apparently.
2017-02-08 07:43:17 -06:00
William Vu df38a91fbd Be nice and parse JSON for the error 2017-02-08 07:37:09 -06:00
Carter 2dfff95669 Fix msftidy warning 2017-02-08 08:28:23 -05:00
William Vu befe224c58 Use wordpress_and_online? before actions 2017-02-08 07:24:57 -06:00
William Vu 46ab03f528 Add SearchTerm to filter listed posts 2017-02-08 06:10:46 -06:00
William Vu 064420075f Update diagnostics and print better header 2017-02-08 04:54:25 -06:00
William Vu 6df55c9733 Gotta catch 'em (post statuses) all 2017-02-08 04:31:06 -06:00
William Vu 7583d050b7 Add AutoPublish to publish updated posts 2017-02-08 04:01:42 -06:00
William Vu e480107bd5 Add PostCount (default 100) to list more posts 2017-02-08 03:52:20 -06:00
jvoisin f3bcc9f23f Take care of suhosin 2017-02-08 09:59:36 +01:00
jvoisin 028d4d6077 Make the payload a bit more random 2017-02-08 09:59:22 +01:00
William Vu 13f4b0d7ae Be more specific with invalid post ID 2017-02-08 02:18:52 -06:00
Carter c16b7e42a6 Fix review stuff 2017-02-07 21:41:38 -05:00
Carter 46fbc9dd3f Fix some formatting 2017-02-07 21:32:19 -05:00
William Vu 6f4ff89218 Add WPVDB reference 2017-02-07 18:33:58 -06:00
jvoisin cb03ca91e1 Make php_cgi_arg_injection work in certain environnement
This commit sets two more options to `0` in the payload:

- [cgi.force_redirect](https://secure.php.net/manual/en/ini.core.php#ini.cgi.force-redirect)
- [cgi.redirect_status_env](https://secure.php.net/manual/en/ini.core.php#ini.cgi.redirect-status-env)

The configuration directive `cgi.force_redirect` prevents anyone from calling PHP
directly with a URL like http://my.host/cgi-bin/php/secretdir/script.php.
Instead, PHP will only parse in this mode if it has gone through a web server redirect rule.

The string set in the configuration directive `cgi.redirect_status_env`
is the one that PHP will look for to know it's ok to continue its
execution. This might be use together with the previous configuration
option as a security measure.

Setting those variables to 0 is (as stated in the documentation) a
security issue, but it also make the exploit work on some Apache2 setup.
2017-02-07 18:59:27 +01:00
jvoisin 96f7b2e245 http_version now store the fngerprints
Currently, the `http_version` module doesn't store the fingerprints
into the database; this commit should fix this behaviour.
2017-02-07 18:36:36 +01:00
wchen-r7 cefbee2df4 Add PoC for OpenOffice macro module 2017-02-07 10:12:23 -06:00
Carter f4580a2616 Add token value check
Sometimes it wouldn't return creds if the token is 0. It usually works after running it another time.
2017-02-07 10:53:25 -05:00
Carter c1f9b724cf Maybe fix syntax error 2017-02-07 10:36:05 -05:00
Tim d0f6d4ef45
Land #7920, android/meterpreter_reverse_https 2017-02-07 20:42:47 +08:00
William Vu b4056a110b Print diagnostics if no posts found/given 2017-02-07 04:37:05 -06:00
William Vu a9ea09a179
Land #7909, Python process hiding for sessions -u 2017-02-07 02:28:24 -06:00
William Vu e1ade9caf8
Land #7910, closed ports fix for TCP portscan 2017-02-07 02:23:15 -06:00
sekritskwurl aac9381778 Update meterpreter_reverse_https.rb 2017-02-07 12:13:20 +04:00
Carter 00050abb73 Fix msftidy warnings 2017-02-06 22:06:50 -05:00
Carter 1f2a95c202 Use html parser instead of regex 2017-02-06 22:03:56 -05:00
Carter 115c60446e Fix weird if loop in check 2017-02-06 17:30:49 -05:00
Carter 6ebdbc3f81 Fix some stuff from review
I'm going to change the HTML Regex to a parser a bit later, I don't have time right now
2017-02-06 17:29:39 -05:00
William Webb badca287dd
Land #7906, Add Microsoft Word malicious macro document generator 2017-02-06 14:44:09 -06:00
h00die f531366d89
Land #7790 an aux module to extract Meteocontrol Weblog admin password 2017-02-06 15:23:06 -05:00
Carter 9b4ca31432 Fix typo 2017-02-06 12:52:41 -05:00
Carter 52cf9c44df Update netgear_password_disclosure.rb 2017-02-06 12:43:31 -05:00
Carter 16c6480629 Add response checks
I can't test this right now as I'm not at a computer that has metasploit installed, but I'll test it when I get a chance to.
2017-02-06 12:10:01 -05:00
Carter f5450a718a Add TARGETURI datastore option 2017-02-06 11:54:29 -05:00
Carter 99227aca1a Fix things from review 2017-02-06 09:44:35 -05:00
sekritskwurl 0cec4be107 Android Stageless Meterpreter over HTTPS
Change to add functionality for stateless meterpreter over HTTPS
2017-02-06 14:59:43 +04:00
William Vu 8af966a132 Add WordPress content injection module 2017-02-06 04:40:26 -06:00
Carter fb7e5ff847 Fix more msftidy warnings 2017-02-05 14:00:05 -05:00
Carter f08590982c Fix some msftidy warnings 2017-02-05 13:58:01 -05:00
Carter 609ea3700a Create netgear_password_disclosure.rb 2017-02-05 13:39:58 -05:00
MatToufoutu db77061719 do not add closed ports to database 2017-02-04 16:24:40 +01:00
Tim 9e0cb9797b
python -c payload -> echo payload | python 2017-02-04 17:57:17 +08:00
juushya d305f895ff Fixed a typo space 2017-02-04 11:59:45 +05:30
juushya 36416c20cb Updated check for extract fail case now + Minor edits 2017-02-04 03:00:31 +05:30
Mehmet Ince 906fcfe355
OSSIM 5.0.0 version requires a authen token on action create 2017-02-03 23:45:33 +03:00
juushya 34b861403e Minor updates 2017-02-04 01:44:18 +05:30
wchen-r7 c73c189a61 Set DisablePayloadHandler default to true 2017-02-03 11:25:50 -06:00
James Lee 83cb65d3a2
Don't spin CPU if an fopen fails
Because PHP is happy to continue on just fine in that case and the loop
below will run unbounded spewing warnings about reading from `false`.
2017-02-02 19:07:58 -06:00
James Lee 3c7f78167a
Push up the preamble and modernize style 2017-02-02 17:57:03 -06:00
wchen-r7 ccaa783a31 Add Microsoft Office Word Macro exploit 2017-02-02 17:44:55 -06:00