Commit Graph

9014 Commits (089a0064080d185d6b1f281ca499818f264fcc0f)

Author SHA1 Message Date
wchen-r7 f4abc16c66
Land #6102, Add rsh/libmalloc privilege escalation exploit module 2015-10-26 10:54:05 -05:00
JT 4f244c54f8 Update mma_backdoor_upload.rb 2015-10-26 23:01:38 +08:00
Sam H 5fcc70bea4 Fixed issue w/ msf payloads + added timeout rescue
Apparently when OS X payload shells get a sudo command, it requires a full path (even though it clearly has $PATH defined in its env...) to that file. The updates here take that into account. Also, the script more directly catches a timeout error when the maximum time for sudoers file to change has passed.
2015-10-25 23:38:48 -07:00
JT ad80f00159 Update mma_backdoor_upload.rb 2015-10-24 11:16:49 +08:00
JT f461c4682b Update mma_backdoor_upload.rb 2015-10-24 11:15:26 +08:00
wchen-r7 181e7c4c75 Update metadata 2015-10-23 17:22:31 -05:00
wchen-r7 01c2641c6b Change print_* 2015-10-23 16:27:52 -05:00
wchen-r7 3c961f61a7 Modify check to use Nokogiri 2015-10-23 14:29:16 -05:00
wchen-r7 6f02cedff8 Move method create_exec_service 2015-10-23 13:10:00 -05:00
Ewerson Guimaraes (Crash) 2828653f8f Update uptime_code_exec.rb 2015-10-23 11:49:21 +02:00
Ewerson Guimaraes (Crash) 5539363218 Update uptime_code_exec.rb 2015-10-23 11:33:59 +02:00
JT be89cb32c9 Th3 MMA mma.php Backdoor Arbitrary File Upload 2015-10-23 08:47:40 +08:00
wchen-r7 360f40249c
Land #6122, user-assisted Safari applescript:// module (CVE-2015-7007) 2015-10-22 15:07:42 -05:00
wchen-r7 9d2e2df1f1 Update description 2015-10-22 15:07:11 -05:00
joev 35578c7292 Add refs. 2015-10-22 09:48:11 -05:00
joev 6a87e7cd77 Add osx safari cmd-R applescript exploit. 2015-10-22 09:46:56 -05:00
Sam H 348a0f9e3d Cleaned up "cleanup" method and crontab check
The script now searches for the full line "ALL ALL=(ALL) NOPASSWD: ALL" written in the crontab file to ensure that it is successful rather than just "NOPASSWD". Additionally, the required argument used in the cleanup method was removed and simply turned into an instance method so it could be accessed without needing to call it with any arguments.
2015-10-21 22:53:32 -07:00
William Vu 997e8005ce Fix nil http_method in php_include 2015-10-21 13:22:09 -05:00
William Vu 129544c18b
Land #6112, splat for ZPanel exploit 2015-10-21 13:07:51 -05:00
Boumediene Kaddour e188bce4c9 Update minishare_get_overflow.rb 2015-10-21 16:48:31 +02:00
wchen-r7 f06d7591d6 Add header for zpanel_information_disclosure_rce.rb 2015-10-20 16:19:44 -05:00
wchen-r7 70b005de7f
Land #6041, Zpanel info disclosure exploit 2015-10-20 16:08:16 -05:00
wchen-r7 728fd17856 Make code changes for zpanel_information_disclosure_rce.rb
Use Nokogiri and URI, as well as indent fixes and other things
2015-10-20 16:07:02 -05:00
Sam H 712f9f2c83 Deleted extra reference to exploit DB 2015-10-18 19:10:47 -07:00
Sam Handelman b03c3be46d Fixed some styling errors in the initializer. Switched the calls to sleep(1) to use the Rex API (Rex.sleep(1) instead). 2015-10-18 02:13:03 -07:00
Roberto Soares ba75e85eb3 Add WP Ajax Load More Plugin File Upload Vuln. 2015-10-17 13:30:36 -03:00
Sam Handelman 3757f2e8de Changed my author name to make sure it matches my GitHub username inside the module information. 2015-10-16 14:54:34 -07:00
Sam Handelman 95d5e5831e Adding the updated version of the module to submit a pull request. Changes were made to ensure that the OS version check correctly determines which systems are vulnerable, giving only a warning message if not. 2015-10-16 14:39:07 -07:00
jvazquez-r7 28ca34c40a
Fix conflicts 2015-10-16 15:38:59 -05:00
wchen-r7 c399d7e381
Land #5959, Add Nibbleblog File Upload Vuln 2015-10-16 15:30:13 -05:00
wchen-r7 9666660c06 Enforce check and add another error message 2015-10-16 15:29:12 -05:00
William Vu f14776ab63
Land #6092, refs for arkeia_agent_exec 2015-10-15 22:50:57 -05:00
William Vu 8cb6cc57b5
Land #6094, refs for another ManageEngine module 2015-10-15 22:49:05 -05:00
William Vu 86dfbf23e8 Fix whitespace 2015-10-15 22:48:53 -05:00
xistence 018b515150 Add CVE/URL references to manageengine_eventlog_analyzer_rce 2015-10-16 10:41:39 +07:00
xistence b1f2e40b98 Add CVE/URL references to module manage_engine_opmanager_rce 2015-10-16 10:36:13 +07:00
xistence 6a1553ae63 Add EDB/CVE/URL references to arkeia_agent_exec 2015-10-16 10:23:20 +07:00
jvazquez-r7 67820f8b61
Fix Packetstorm references 2015-10-15 12:42:59 -05:00
jvazquez-r7 4517270627
Fix modules using Msf::HTTP::JBoss 2015-10-15 11:49:15 -05:00
jvazquez-r7 cf9ddbb701
Update moduels using Msf::HTTP::Wordpress 2015-10-15 11:47:13 -05:00
William Vu bf9530d5ba
Land #5941, X11 keyboard exec module 2015-10-14 11:38:47 -05:00
Brent Cook 30d2a3f2a9
Land #5999, teach PSH web delivery to use a proxy 2015-10-14 11:05:45 -05:00
HD Moore d67b55d195 Fix autofilter values for aggressive modules 2015-10-13 15:56:18 -07:00
William Vu a4f0666fea
Land #6081, DLink -> D-Link 2015-10-12 18:05:52 -05:00
Tod Beardsley 185e947ce5
Spell 'D-Link' correctly 2015-10-12 17:12:01 -05:00
Tod Beardsley 336c56bb8d
Note the CAPTCHA exploit is good on 1.12. 2015-10-12 17:09:45 -05:00
HD Moore 6f3bd81b64 Enable 64-bit payloads for MSSQL modules 2015-10-11 12:52:46 -05:00
jvazquez-r7 ed0b9b0721
Land #6072, @hmoore-r7's lands Fix #6050 and moves RMI/JMX mixin namespace 2015-10-10 00:24:12 -05:00
jvazquez-r7 b9b488c109 Deleted unused exception handling 2015-10-09 23:38:52 -05:00
jvazquez-r7 c60fa496c7
Delete extra spaces 2015-10-09 23:37:11 -05:00
jvazquez-r7 e6fbca716c
Readd comment 2015-10-09 23:29:23 -05:00
jvazquez-r7 af445ee411
Re apply a couple of fixes 2015-10-09 23:24:51 -05:00
HD Moore a590b80211 Update autoregister_ports, try both addresses for the MBean 2015-10-09 20:20:35 -07:00
HD Moore 2b94b70365 Always connect to RHOST regardless of JMXRMI address 2015-10-09 17:49:22 -07:00
HD Moore cd2e9d4232 Move Msf::Java to the normal Msf::Exploit::Remote namespace 2015-10-09 13:24:34 -07:00
Tod Beardsley 94bb94d33a
Working URL for real 2015-10-09 15:07:44 -05:00
Tod Beardsley b04f947272
Fix blog post date, derp 2015-10-09 14:59:57 -05:00
Tod Beardsley 55ef6ebe91
HP SiteScope vuln, R7-2015-17
On behalf of @l0gan, already reviewed once by @jvazquez-r7, reviewed
again by me.

For details, see:

https://community.rapid7.com/community/metasploit/blog/2017/10/09/r7-2015-17-hp-sitescope-dns-tool-command-injection
2015-10-09 14:55:48 -05:00
jvazquez-r7 5e9faad4dc Revert "Merge branch using Rex sockets as IO"
This reverts commit c48246c91c, reversing
changes made to 3cd9dc4fde.
2015-10-09 14:09:12 -05:00
jvazquez-r7 347495e2f5
Rescue Rex::StreamClosedError when there is a session 2015-10-09 13:41:41 -05:00
brent morris 28454f3b2e MSFTidyness 2015-10-08 12:59:46 -04:00
wchen-r7 871f46a14e
Land #6038, ManageEngine ServiceDesk Plus Arbitrary File Upload 2015-10-07 15:17:58 -05:00
wchen-r7 dddfaafac7 Update reference 2015-10-07 15:17:22 -05:00
Christian Mehlmauer eb597bb9f3
Land #5842, watermark fileformat exploit 2015-10-07 19:29:04 +02:00
jakxx c5237617f2 Update buffer size for reliability 2015-10-06 18:12:40 -04:00
brent morris 5eff3e5637 Removed hard tabs 2015-10-02 14:34:00 -04:00
brent morris 4ee7ba05aa Removing hard tabs test 2015-10-02 14:31:46 -04:00
brent morris 6406a66bc0 Remove Ranking 2015-10-02 14:24:46 -04:00
brent morris 9f71fd9bfd Formatting ZPanel Exploit 2015-10-02 14:23:07 -04:00
brent morris 89a50c20d0 Added Zpanel Exploit 2015-10-02 13:29:53 -04:00
William Vu a773627d26
Land #5946, simple_backdoors_exec module 2015-10-02 11:18:29 -05:00
William Vu 5b8f98ee06
Land #6022, zemra_panel_rce module 2015-10-02 11:18:09 -05:00
Pedro Ribeiro 659a09f7d2 Create manageengine_sd_uploader.rb 2015-10-02 16:04:05 +01:00
jvazquez-r7 75d2a24a0a
Land #6019, @pedrib's Kaseya VSA ZDI-15-449 exploit 2015-10-02 08:51:28 -05:00
Pedro Ribeiro cbbeef0f53 Update kaseya_uploader.rb 2015-10-02 13:20:59 +01:00
JT 33916997a4 Update zemra_panel_rce.rb
revised the name and the description
2015-10-02 09:49:59 +08:00
JT fa1391de87 Update simple_backdoors_exec.rb
Updating the code as suggested
2015-10-02 07:53:15 +08:00
JT 501325d9f4 Update zemra_panel_rce.rb 2015-10-02 06:48:34 +08:00
jvazquez-r7 a88a6c5580
Add WebPges to the paths 2015-10-01 13:22:56 -05:00
jvazquez-r7 f9a9a45cf8
Do code cleanup 2015-10-01 13:20:40 -05:00
Hans-Martin Münch (h0ng10) 30101153fa Remove spaces 2015-10-01 18:56:37 +02:00
Hans-Martin Münch (h0ng10) 41cf0ef676 Add reference for CVE-2015-2342 - VMWare VCenter JMX RMI RCE 2015-10-01 18:43:21 +02:00
JT 2802b3ca43 Update zemra_panel_rce.rb
sticking res
2015-10-02 00:00:30 +08:00
William Vu 2ab779ad3d
Land #6010, capture_sendto fixes 2015-10-01 10:54:24 -05:00
JT 5c5f3a4e7f Update zemra_panel_rce.rb
called http_send_command right away :)
2015-10-01 23:39:36 +08:00
William Vu 0bacb3db67
Land #6029, Win10 support for bypassuac_injection 2015-10-01 10:17:34 -05:00
JT 66560d5339 Update zemra_panel_rce.rb 2015-10-01 19:16:23 +08:00
William Vu 2e2d27d53a
Land #5935, final creds refactor 2015-10-01 00:25:14 -05:00
OJ 7451cf390c Add Windows 10 "support" to bypassuac_injection 2015-10-01 11:16:18 +10:00
JT a7fa939fda Zemra Botnet C2 Web Panel Remote Code Execution
This module exploits the C2 web panel of Zemra Botnet which contains a backdoor inside its leaked source code. Zemra is a crimeware bot that can be used to conduct DDoS attacks and is detected by Symantec as Backdoor.Zemra.
2015-09-30 19:24:21 +08:00
JT 2de6c77fa2 Update simple_backdoors_exec.rb 2015-09-30 18:11:05 +08:00
jakxx 47c79071eb fix indention and typo 2015-09-29 22:41:36 -04:00
jakxx f18e1d69a1 Add x64 ret address and add to buffer 2015-09-29 22:36:30 -04:00
Pedro Ribeiro 61c922c24d Create kaseya_uploader.rb 2015-09-29 11:56:34 +01:00
JT 46adceec8f Update simple_backdoors_exec.rb 2015-09-29 10:40:28 +08:00
JT dd650409e4 Update simple_backdoors_exec.rb 2015-09-29 08:05:13 +08:00
bigendian smalls a47557b9c1
Upd. multi/handler to include mainframe platform
Quick update to multi handler so it recognizes mainframe platform based
modules
2015-09-28 11:14:08 -05:00
Jon Hart 96e4e883ae
Fix #6008 for wireshark_lwres_getaddrbyname_loop 2015-09-27 14:56:11 -07:00
Jon Hart bd2f73f40a
Fix #6008 for wireshark_lwres_getaddrbyname 2015-09-27 14:55:19 -07:00
Jon Hart bbd08b84e5
Fix #6008 for snort_dce_rpc 2015-09-27 14:53:40 -07:00