zerosum0x0
9634f974dd
fix msftidy
2017-05-14 18:14:02 -06:00
zerosum0x0
fa79339432
eternalblue module
2017-05-14 18:11:41 -06:00
Spencer McIntyre
f39e378496
Land #8330 , fix ps_wmi_exec and psh staging
2017-05-13 14:26:47 -04:00
Carter
ce7b967a13
Update archmigrate.rb
2017-05-13 13:35:48 -04:00
Carter
78b0fb00da
I committed to the wrong branch
2017-05-13 13:35:13 -04:00
Carter
0bd11062e4
Ass SYSTEM check to archmigrate
2017-05-13 13:28:28 -04:00
itsmeroy2012
3a1ed19a42
Making use of StagerRetryConnect
2017-05-13 17:49:53 +05:30
William Vu
c622e3fc22
Deregister URIPATH because it's overridden by Path
2017-05-12 11:56:38 -05:00
William Vu
84af5d071d
Deregister VHOST because it's overridden by Host
2017-05-12 11:44:10 -05:00
Mzack9999
27e1de14b0
BuilderEngine 3.5 Arbitrary file upload and execution exploit
2017-05-12 18:37:08 +02:00
Brent Cook
7bcaaf33c7
Land #8294 , gnome keyring post exploit credential dumper
2017-05-12 10:08:53 -05:00
Brent Cook
e9fcc3c291
msftidy fixes
2017-05-12 10:08:26 -05:00
Brent Cook
7355817329
Land #8371 , Fix msftidy warnings for the WNR2000 module
2017-05-11 22:51:11 -05:00
Brent Cook
123462bdca
Land #8293 , add initial multi-platform railgun support
2017-05-11 22:32:23 -05:00
h00die
af4505a9de
land #8009 post module for jboss creds gather
2017-05-11 22:39:54 -04:00
h00die
285857c23f
remove req msfcore
2017-05-11 22:39:41 -04:00
h00die
6fa51aee8f
moving docs to correct folder
2017-05-11 22:33:00 -04:00
William Vu
231510051c
Fix uri_str for exploit
2017-05-11 16:30:10 -05:00
William Vu
bee36ca90f
Fix edge case
2017-05-11 16:22:21 -05:00
William Vu
68f13808e7
Fix msftidy warnings for the WNR2000 module
2017-05-11 16:16:10 -05:00
William Vu
2ae943d981
Use payload common case instead of general case
...
Both x86 and x64 work on x64, but we really expect x64, and there's no
migration to move us from x86 to x64.
2017-05-11 15:43:49 -05:00
Brent Cook
e414bdb876
don't try to guess intent for specified default targets, leave auto-auto targeting to unspecified modules
2017-05-11 15:19:11 -05:00
Brent Cook
30c48deeab
msftidy and misc. fixups for Quest BoF module
2017-05-11 08:07:39 -05:00
William Webb
e8aed42ecd
Land #8223 , Quest Privilege Manager pmmasterd Buffer Overflow
2017-05-11 00:44:19 -05:00
Josh Hale
843f148e62
One more yard doc function
2017-05-10 23:01:03 -05:00
Josh Hale
e84765c1c6
All functions have yard doc like comments
2017-05-10 23:01:03 -05:00
Josh Hale
c5391c2a64
Update cmd print to match core.rb
2017-05-10 23:01:03 -05:00
Josh Hale
10c7c3893a
Add subnet check for Android payloads
2017-05-10 23:01:03 -05:00
Josh Hale
c49bd9ee4e
Add session ready check
2017-05-10 23:01:03 -05:00
Josh Hale
97eaa83114
Update delete all routes
2017-05-10 23:01:03 -05:00
Josh Hale
f670fcddcb
Initial code cleanup and multi compatibility work
2017-05-10 23:01:02 -05:00
Brent Cook
099fc0176a
move autoroute to a more sensible location
2017-05-10 23:01:02 -05:00
Adam Cammack
18d95b6625
Land #8346 , Templatize shims for external modules
2017-05-10 18:15:54 -05:00
William Vu
09f6c21f94
Add note about Host header limitations
2017-05-10 15:17:20 -05:00
William Vu
b446cbcfce
Add reference to Exim string expansions
2017-05-10 15:17:20 -05:00
William Vu
8842764d95
Add some comments about badchars
2017-05-10 15:17:20 -05:00
William Vu
ecb79f2f85
Use reduce instead of extracting twice
2017-05-10 15:17:20 -05:00
William Vu
b5f25ab7ca
Use extract instead of doubling /bin/echo
2017-05-10 15:17:20 -05:00
William Vu
9a64ecc9b0
Create a pure-Exim, one-shot HTTP client
2017-05-10 15:17:20 -05:00
William Vu
0ce475dea3
Add WordPress 4.6 PHPMailer exploit
2017-05-10 15:17:20 -05:00
James Lee
d00685a802
Don't run a DoS during wmap scans
2017-05-10 14:41:24 -05:00
Brendan Coles
42c7d64b28
Update style
2017-05-10 06:37:09 +00:00
Brent Cook
faf01ed5ef
Land #8353 , add aux scanner for Intel AMT digest bypass
2017-05-09 18:45:21 -05:00
James Lee
72388a957f
Land #8355 , IIS ScStoragePathFromUrl
...
See #8162
2017-05-09 11:06:01 -05:00
Christian Mehlmauer
2b4ace9960
convert to "screaming snake"
2017-05-09 09:30:45 +02:00
Brent Cook
cf487cc90c
reverse_ncat_ssl is stable
2017-05-08 17:43:34 -05:00
Brendan Coles
32dafb06af
Replace NoTarget with NotVulnerable
2017-05-08 22:29:44 +00:00
Christian Mehlmauer
f70b402dd9
add comment
2017-05-09 00:17:00 +02:00
Brent Cook
86365c89d1
Land #8352 , style updates for lotus_domino_hashes
2017-05-08 17:11:44 -05:00
Christian Mehlmauer
806963359f
fix fail with condition
2017-05-08 23:47:48 +02:00
Christian Mehlmauer
f62ac6327d
add @rwhitcroft
2017-05-08 23:20:12 +02:00
Christian Mehlmauer
26373798fa
change rank
2017-05-08 23:07:12 +02:00
Christian Mehlmauer
962a31f879
change minimum length
2017-05-08 23:01:17 +02:00
Christian Mehlmauer
7dccb17834
auto extract values and implement brute forcing
2017-05-08 22:47:29 +02:00
Brent Cook
841f63ad20
make office_word_hta backward compat with older Rubies
2017-05-08 15:10:48 -05:00
Christian Mehlmauer
406a7f1ae2
Merge remote-tracking branch 'dmchell/dmchell-cve-2017-7269' into iis2
2017-05-08 21:51:51 +02:00
Brent Cook
fede672a81
further revise templates
2017-05-08 14:26:24 -05:00
HD Moore
f7ff840ef0
Add missing return, thanks bperry!
2017-05-08 14:08:59 -05:00
HD Moore
9392e48b72
Add a scanner for Intel AMT auth bypass (CVE-2017-5689)
2017-05-08 13:24:00 -05:00
Jeffrey Martin
a1efa30fa2
comments adjustments & enum better
2017-05-08 11:57:06 -05:00
William Vu
b794bfe5db
Land #8335 , rank fixes for the msftidy god
2017-05-07 21:20:33 -05:00
Bryan Chu
88bef00f61
Add more ranks, remove module warnings
...
../vmware_mount.rb
Rank = Excellent
Exploit uses check code for target availability,
the vulnerability does not require user action,
and the exploit uses privilege escalation to run
arbitrary executables
../movabletype_upgrade_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability
../uptime_file_upload_2.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability
../zpanel_information_disclosure_rce.rb
Rank = ExcellentRanking
Exploit allows remote code execution,
implements version check for pChart
../spip_connect_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability
../wp_optimizepress_upload.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability
../wing_ftp_admin_exec.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability
../novell_mdm_lfi.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability
../run_as.rb
Rank = ExcellentRanking
Exploit utilizes command injection,
checks system type, and does not require user action
2017-05-07 15:41:26 -04:00
Pearce Barry
af3f1fbc37
Land #8332 , Canprobe Module
2017-05-07 12:20:27 -05:00
Pearce Barry
c05e7b3b58
Minor corrections and a tweak to appease msftidy.
2017-05-07 11:55:20 -05:00
Pearce Barry
e3d3fa8e45
Tweak internal description formatting.
2017-05-07 11:31:36 -05:00
Pearce Barry
b965bdcdae
Appease msftidy and Travis.
2017-05-07 11:19:32 -05:00
m0t
ab245b5042
added note to description
2017-05-07 13:56:50 +01:00
m0t
4f12a1e271
added note to description
2017-05-07 13:54:28 +01:00
Brendan Coles
635a7a42e6
Update style lotus_domino_hashes
2017-05-07 16:37:48 +10:00
Jeffrey Martin
05bf16e91e
Land #8331 , Adding module CryptoLog Remote Code Execution
2017-05-05 18:24:14 -05:00
Jeffrey Martin
e2fe70d531
convert store_valid_credential to named params
2017-05-05 18:23:15 -05:00
Mehmet Ince
720a02f5e2
Addressing Spaces at EOL issue reported by Travis
2017-05-05 11:05:17 +03:00
Brendan Coles
0eacf64324
Add Serviio Media Server checkStreamUrl Command Execution
2017-05-05 07:54:00 +00:00
Mehmet Ince
58d2e818b1
Merging multiple sqli area as a func
2017-05-05 10:49:05 +03:00
Jeffrey Martin
63b6ab5355
simplify valid credential storage
2017-05-04 22:51:40 -05:00
darkbushido
81bcf2ca70
updating all LHOST to use the new opt type
2017-05-04 12:57:50 -05:00
Brent Cook
97095ab311
Land #8338 , Fix msf/core and self.class msftidy warnings
2017-05-03 21:55:52 -05:00
Brent Cook
2d93c8e2d6
merge, don't overwrite
2017-05-03 18:17:58 -05:00
Brent Cook
0798923901
set the correct schema for linux meterpreter reverse_tcp stages
2017-05-03 16:12:45 -05:00
William Vu
64452de06d
Fix msf/core and self.class msftidy warnings
...
Also fixed rex requires.
2017-05-03 15:44:51 -05:00
Mehmet Ince
d04e7cba10
Rename the module as well as title
2017-05-03 19:18:46 +03:00
Mehmet Ince
ae8035a30f
Fixing typo and using shorter sqli payload
2017-05-03 16:45:17 +03:00
Craig Smith
9877aa9ef9
Added documentation and cleand up how STOPID worked
2017-05-02 18:57:32 -07:00
Mehmet Ince
db2a2ed289
Removing space at eof and self.class from register_options
2017-05-03 01:31:13 +03:00
Mehmet Ince
77acbb8200
Adding cryptolog rce
2017-05-03 01:05:40 +03:00
Craig Smith
3519adbaef
A basic CAN fuzzer. It probes the data regions of different CAN IDs.
...
The default is to use a set value but can iterate the full range. It can
also add padding if necessary. Not checks on returns or results of fuzzing.
2017-05-02 14:19:29 -07:00
Adam Cammack
494711ee65
Land #8307 , Add lib for writing Python modules
2017-05-02 15:53:13 -05:00
Yorick Koster
6870a48c48
Code suggestion from @jvoisin
2017-05-02 16:41:06 +02:00
William Vu
03e4ee91c2
Correct Ghostscript 9.2.1 to 9.21 as per advisory
2017-05-01 16:23:14 -05:00
William Vu
41ef1a4e90
Land #8325 , cmd/unix/reverse_ncat_ssl payload
2017-05-01 14:54:52 -05:00
C_Sto
772a16f4cd
fix style
2017-05-02 00:55:57 +08:00
C_Sto
9e06c3f07e
fix argument arrangement
2017-05-02 00:39:00 +08:00
C_Sto
5a2afbc364
Tidy payload
2017-05-01 21:38:34 +08:00
Yorick Koster
006ed42248
Added fix information
...
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/0002
09.html
2017-05-01 09:01:14 +02:00
C_Sto
cfa204b8e8
add reverse ncat ssl
2017-05-01 06:57:28 +08:00
reanar
0b62a6478a
Modification for Travis (remove require msf/core, and self.class in register)
2017-04-30 17:05:11 +02:00
reanar
3f348150c6
Modification of description
2017-04-30 16:38:39 +02:00
reanar
52ec448511
Add WordPress Directory Traversal DoS Module
2017-04-30 15:03:48 +02:00
Yorick Koster
673dbdc4b9
Code review feedback from h00die
2017-04-29 20:37:39 +02:00
Yorick Koster
fcf14212b4
Fixed disclosure date
2017-04-29 16:25:25 +02:00
Yorick Koster
f9e7715adb
Fixed formatting
2017-04-29 16:07:45 +02:00
Yorick Koster
1569d2cf8e
MediaWiki SyntaxHighlight extension exploit module
...
This module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create & execute a PHP file in the document root. The USERNAME & PASSWORD options are only needed if the Wiki is configured as private.
2017-04-29 14:29:56 +02:00
Brandon Knight
c4b3ba0d14
Actually removing msf/core this time... ><
...
Helps to actually remove the bits that were failing. Now with even more
removal of msf/core!
2017-04-28 21:42:06 -04:00
Brandon Knight
ff263812fc
Fix msftidy warnings
...
Remove explicitly loading msf/core and self.class from the register_
functions.
2017-04-28 21:26:53 -04:00
HD Moore
afc804fa03
Quick Ghostscript module based on the public PoC
2017-04-28 09:56:52 -05:00
Brandon Knight
f8fb03682a
Fix issue in ps_wmi_exec and powershell staging
...
The staging function in the post/windows/powershell class was broken
in a previous commit as the definition for env_variable was removed and
env_prefix alone is now used. This caused an error to be thrown when
attempting to stage the payload. This changes the reference from
env_variable to env_prefix.
Additionally, the ps_wmi_exec module created a powershell script to be
run that was intended to be used with the EncodedCommand command line
option; however the script itself was never actually encoded. This
change passes the compressed script to the encode_script function to
resolve that issue.
2017-04-28 03:31:56 -04:00
itsmeroy2012
cd73bd137a
Making use of while loop and solving StagerRetryWait issue
2017-04-27 11:50:13 +05:30
William Vu
1a402ed1d8
Add arch to smb_ms17_010 DOUBLEPULSAR detection
2017-04-26 20:59:13 -05:00
Brent Cook
037fdf854e
move common json-rpc bits to a library
2017-04-26 18:08:08 -05:00
Brent Cook
480a0b4273
update payload sizes
2017-04-26 18:02:14 -05:00
Brent Cook
a60e5789ed
update mettle->meterpreter references in modules
2017-04-26 17:55:10 -05:00
Brent Cook
078ba66e5f
remove unneeded msf/core requires
2017-04-26 17:17:20 -05:00
Brent Cook
353191992f
move mettle payloads to meterpreter, add reverse_http/s stageless
2017-04-26 17:06:34 -05:00
Brent Cook
f8792956ee
fix one module for testing
2017-04-26 16:21:13 -05:00
Daniel Teixeira
a3a4ba7605
Buffer Overflow on Dup Scout Enterprise v9.5.14
2017-04-26 15:19:00 +01:00
Spencer McIntyre
da6c03d13f
Fix function names to always be snake_case
2017-04-26 09:30:29 -04:00
William Vu
bbee7f86b5
Land #8263 , Mercurial SSH exec module
2017-04-26 01:38:01 -05:00
William Vu
f60807113b
Clean up module
2017-04-26 01:37:49 -05:00
Spencer McIntyre
a3bcd20b26
Minor cleanups for multi-platform railgun
2017-04-25 17:45:07 -04:00
William Vu
5476f6066c
Land #8271 , DOUBLEPULSAR detection for MS17-010
2017-04-25 16:31:39 -05:00
Craig Smith
4019a14865
The local HWBridge now does not print out status for each URI request per default. This can be enabled by setting verbose to true.
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
Craig Smith
5537348e28
Addes Statistics support from the API. When typing status in a hardware bridge it will also print packet statistics.
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
wchen-r7
320898697a
Land #8266 , Add Buffer Overflow Exploit on Disk Sorter Enterprise
2017-04-24 17:17:30 -05:00
wchen-r7
1d86905fca
Land #8288 , Minor changes to WiPG-1000 module
2017-04-24 17:09:25 -05:00
wchen-r7
e333cb65e5
Restore require 'msf/core'
2017-04-24 17:09:02 -05:00
wchen-r7
c573628e10
Fix header
2017-04-24 17:01:35 -05:00
wchen-r7
e775f9ccbd
Land #8259 , Add post module to upload and execute a file
2017-04-24 17:00:55 -05:00
Matthias Brun
d3aba846b9
Make minor changes
2017-04-24 23:35:36 +02:00
wchen-r7
5bbb4d755a
Land #8254 , Add CVE-2017-0199 - Office Word HTA Module
2017-04-24 16:05:00 -05:00
wchen-r7
6029a9ee2b
Use a built-in HTA server and update doc
2017-04-24 16:04:27 -05:00
zerosum0x0
55f01d3fc7
made the plugin less spammy with more vprintf
2017-04-24 13:33:05 -06:00
zerosum0x0
453ca6e3bf
added OS printing on vulnerable systems
2017-04-24 13:20:44 -06:00
Daniel Teixeira
47898717c9
Minor documentation improvements
...
Space after ,
2017-04-24 14:47:25 +01:00
itsmeroy2012
bd2379784e
Improved error handling for the python reverse_tcp payload
...
Handling all kinds of errors
Removing 'e'
Updating payload cached sizes
Updating payload cached sizes 2.0
Adding option to set retry time
2017-04-23 20:43:57 +05:30
zerosum0x0
a69aba0eab
added XOR Key calculation
2017-04-22 23:54:30 -06:00
h00die
8e4c093a22
added version numbers
2017-04-22 09:45:55 -04:00
Spencer McIntyre
ffe6d35b4d
Add a module to dump network passwords from gnome
2017-04-21 16:17:18 -04:00
zerosum0x0
8a77bf7b60
removed wrong comments
2017-04-21 08:27:13 -06:00
Matthias Brun
714ada2b66
Inline execute_cmd function
2017-04-21 15:32:15 +02:00
zerosum0x0
9fab64c60e
added references
2017-04-20 15:22:37 -06:00
zerosum0x0
dd12afd717
added DoublePulsar detection
2017-04-20 15:03:29 -06:00
Matthias Brun
8218f024e0
Add WiPG-1000 Command Injection module
2017-04-20 16:32:23 +02:00
Koen Riepe
55ab800f13
Minor code fixes.
2017-04-19 14:41:11 +02:00
DanielRTeixeira
f1c51447c1
Add files via upload
...
Buffer Overflow on Disk Sorter Enterprise
2017-04-19 10:57:41 +01:00
Jonathan Claudius
f5430e5c47
Revert Msf::Exploit::Remote::Tcp
2017-04-18 19:27:35 -04:00
Jonathan Claudius
9a870a623d
Make use of Msf::Exploit::Remote::Tcp
2017-04-18 19:17:48 -04:00
Jonathan Claudius
03e3065706
Fix MSF tidy issues
2017-04-18 18:56:42 -04:00
Jonathan Claudius
32f0b57091
Fix new line issues
2017-04-18 18:52:53 -04:00
James Lee
bdeeb8ee1d
Add a check
2017-04-18 16:32:06 -05:00
William Vu
3b38d0d900
Land #8262 , PR ref for huawei_hg532n_cmdinject
2017-04-18 16:29:13 -05:00