Commit Graph

24543 Commits (0f068dfb626546880e0defd3774ac203bb3f020b)

Author SHA1 Message Date
William Vu a08420e0d0
Land #10286, Docker server version scanner 2018-07-12 03:08:41 -05:00
William Vu cce3b6f369 Clean up module 2018-07-12 02:57:14 -05:00
William Vu f53080ee60 Fix exploit and do final cleanup 2018-07-12 02:13:30 -05:00
William Vu 167745c124 Selectively add RuboCop fixes 2018-07-11 22:49:46 -05:00
William Vu ccc3267166 Correct rubocop -a
We'll update .rubocop.yml later.
2018-07-11 22:49:46 -05:00
William Vu ca5e496b8f Run rubocop -a 2018-07-11 21:40:19 -05:00
Agora Security 7d8b9a90d7 Add more reporting 2018-07-11 17:22:48 -04:00
Agora Security 30c43e22d9 Fix typo 2018-07-11 17:04:31 -04:00
Agora Security bb8ac4a7ab Add info & update_info 2018-07-11 16:52:16 -04:00
Shelby Pace 1ded8ffb29
Land #10260, Add phpMyAdmin v4.8.1/4.8.0 LFI RCE 2018-07-11 11:10:52 -05:00
James Barnett c26fcc0af1 Merge branch 'master' into remote_creds_data 2018-07-11 10:27:49 -05:00
Agora Security 1f0045fa03 Improve Description 2018-07-11 01:27:10 -04:00
Agora Security 00f4d3967c Add basic reporting 2018-07-11 00:47:43 -04:00
Agora Security d488b51264 Use peer instead of ip & port 2018-07-11 00:41:55 -04:00
Agora Security 5a89642ddd Simplify the module greatly 2018-07-11 00:15:56 -04:00
Agora Security ffc2f044cc Remove lines that were not required 2018-07-11 00:04:44 -04:00
Agora Security 7b1e7eb085 Minor improvement to description 2018-07-11 00:04:12 -04:00
Agora Security 2b2029b487 Align Hashrockets 2018-07-11 00:03:26 -04:00
Agora Security 9491c63778 Fix several minor details 2018-07-10 23:56:05 -04:00
Agora Security 66c207a124 Remove timeout of 25 seconds 2018-07-10 23:53:13 -04:00
Agora Security 718606c9f2 Add Auxiliary module to enumerate the Docker Server Version 2018-07-10 19:34:49 -04:00
Erin Bleiweiss ef3ea2dd44
Land #10280, Use default CheckCode in ETERNALBLUE 2018-07-10 17:39:42 -05:00
Shelby Pace 10cd6c99d9
Land #10231, Monstra Fileupload Exec 2018-07-10 14:23:15 -05:00
Shelby Pace 07dca243ff
changed grammar, removed redundant code 2018-07-10 14:13:57 -05:00
Brent Cook 1af360d7e0
Land #10108, add IBM QRadar SIEM exploit 2018-07-10 11:52:32 -05:00
Shelby Pace 171fa562a3
added parsing for repos in Gitlist source 2018-07-10 11:32:46 -05:00
William Vu f64c9588e9 Undefine check method and let the base class do it
Preserve the to-do without rewording - should be enough.
2018-07-10 11:05:00 -05:00
Adam Cammack 1fddbdb8ef
Specify the `command` option external modules 2018-07-10 10:24:07 -05:00
William Vu 533d87efa4 Return CheckCode::Unsupported in ETERNALBLUE
Defining a check method in the module overrides it.
2018-07-09 16:01:24 -05:00
Shelby Pace 5776b64a1b
modified exploit 2018-07-09 13:56:33 -05:00
Jacob Robles 64ec8e96cb
Land #10275, Update missing CVE references for exploit modules 2018-07-09 13:26:18 -05:00
Shelby Pace f5e40b14a3
removed double eval as suggested 2018-07-09 13:24:31 -05:00
Jacob Robles 4f039de2fc
Fix CVE numbers 2018-07-09 13:22:08 -05:00
Jacob Robles 4403a4ab47
Fix CVE number 2018-07-09 12:56:00 -05:00
flandini 7d8a95de9f Fixed requested changes for PR 2018-07-09 12:44:38 -05:00
Shelby Pace 44b9798afb
modified regex, id=filesmanager lines 2018-07-09 10:55:29 -05:00
James Barnett bbc16e1873 Merge branch 'master' into remote_creds_data 2018-07-09 09:49:14 -05:00
Jacob Robles bf24ce847a
Fix token issues 2018-07-09 09:29:11 -05:00
Touhid M Shaikh bc33078e01
fixed comma
fixed comma
2018-07-09 12:27:58 +05:30
Touhid M Shaikh 6f6ad86e2c
fix tab
fix tab and space.
2018-07-09 11:49:11 +05:30
Wei Chen aff39e65d5 Update missing CVE references for auxiliary modules
Based on existing references such as BID, OSVDB, blog posts, etc
2018-07-08 19:00:11 -05:00
Wei Chen 5fc5a47cd2 Update CVE references for exploit modules
These are based on cross references by EDB, OSVDB, module short
name, blog post and BID.
2018-07-08 18:46:04 -05:00
Brendan Coles f14d06b9d1 Fix ufo_privilege_escalation 2018-07-08 11:05:30 +00:00
Brendan Coles a634e6347d minor code cleanup 2018-07-08 06:09:38 +00:00
Touhid M Shaikh 4a835b2493
fix warning, and version
fix warning, and version and indentation
2018-07-07 17:27:09 +05:30
Jacob Robles 1c448de882
Land #10107, Add the scanner/smb/impacket/secretsdump module 2018-07-06 14:59:33 -05:00
Shelby Pace b5fb970aec
Land #10133, Add HID discoveryd RCE exploit 2018-07-06 14:32:29 -05:00
Wei Chen 545e91af00
Land #10262, Add GitList argument injection exploit module 2018-07-06 14:28:20 -05:00
Wei Chen 82c74eb765 Small changes 2018-07-06 14:25:58 -05:00
Shelby Pace b1456df757
made suggested changes 2018-07-06 12:48:38 -05:00
Jacob Robles fe1b17684a
Add Targets and Session file inclusion 2018-07-06 12:17:26 -05:00
Brent Cook b4b7bf03da
Land #10171, Implement desktop shell and screensaver post modules 2018-07-05 17:33:06 -05:00
thesubtlety 970c164e06 fix undefined method capitalize error for array 2018-07-05 14:33:51 -07:00
Shelby Pace 5d0652fab1
changed inconsistent capitalization 2018-07-05 15:56:41 -05:00
Shelby Pace 2b452d5681
added documentation and check 2018-07-05 15:47:21 -05:00
Jacob Robles cb078b9586
Drop database 2018-07-05 14:58:30 -05:00
Brent Cook 05a0d79be7
Land #10219, Add HP VAN SDN Controller exploit 2018-07-05 14:21:44 -05:00
Jacob Robles 43096d9d78
Add phpMyAdmin v4.8.1/4.8.0 LFI RCE
Module and Doc
2018-07-05 13:33:35 -05:00
William Vu 53d5d82498 Rename module to match new vector 2018-07-05 13:31:16 -05:00
Shelby Pace 507fd22958
added http post and generating payload 2018-07-05 13:21:22 -05:00
William Vu 762b4b5e53 Simplify creds auth by checking X-Auth-Token alone
It's a lot more direct than checking for the redirect.
2018-07-05 13:20:27 -05:00
William Vu 2b069f45ca Clarify how we're using the auth token for creds
In the service token's case, the service token *is* the auth token.
2018-07-05 13:05:23 -05:00
flandini b00f0e87e0 Add SonicWall XML-RPC Remote Code Execution exploit module 2018-07-05 12:06:13 -05:00
Mehmet İnce a272dcabd7 Fix typos and additional updates regarding to review 2018-07-05 13:33:40 +01:00
Mehmet İnce 3b8149216f print a verbose error message 2018-07-04 23:20:58 +01:00
Mehmet İnce 4c1c2e9288 Adding Micro Focus Secure Messaging Gateway RCE 2018-07-04 17:47:13 +01:00
William Vu 41b0adad88 Use uninstall action command injection 2018-07-03 18:07:22 -05:00
Shelby Pace 7d0b8dee4a
making request for Gitlist source 2018-07-03 14:27:46 -05:00
William Vu a25a656d28 Add "E" to HP to make HPE for better searches
We'll stick with calling it HP everywhere else.
2018-07-03 10:29:09 -05:00
Aloïs Thévenot e1a9aae109 Add Wordress Arbitrary File Deletion module 2018-07-03 12:21:38 +02:00
Brent Cook 5946245d87 avoid using SMBv2 on Windows XP Native Upload targets 2018-07-02 16:07:27 -05:00
Wei Chen 2ec091931a
Land #10237, Add Boxoft WAV to MP3 Converter exploit module 2018-07-02 14:01:27 -05:00
Wei Chen 3e33a6f0a4 Update moduel boxoft_wav_to_mp3 2018-07-02 14:00:33 -05:00
William Vu 1bf94ac448 Spruce up check method and related 2018-07-02 13:59:24 -05:00
Wei Chen 12141136d7
Land #9896, Java JMX Package Name Randomization
Land #9896
2018-07-02 13:41:39 -05:00
William Vu 6e090acc76 Stop joking with timeouts 2018-07-02 13:18:31 -05:00
William Vu 78ca4d4217 Finally use Msf::Util::EXE.to_zip 8) 2018-07-02 13:04:59 -05:00
Kacper Szurek 2196640de4
Add manageengine_adshacluster_rce
Manage Engine Exchange Reporter Plus <= 5310 Unauthenticated RCE
2018-07-02 19:11:08 +02:00
Shelby Pace 54fce378fa
added target versions to documentation 2018-07-02 09:20:17 -05:00
Green-m aa3fcea377 update check method to print error message normaliy 2018-07-01 23:17:34 -04:00
Green-m c3b71d4642 Update mismatch indentation and others 2018-07-01 22:43:07 -04:00
Ishaq Mohammed 70eb943b5a
Update monstra_fileupload_exec.rb 2018-06-30 13:40:12 +05:30
Ishaq Mohammed 89ba960309
username and password values removed
username and password values removed
2018-06-30 12:47:13 +05:30
Ishaq Mohammed 128438f444
Merge pull request #2 from touhidshaikh/monstra_fileupload_exec
Monstra fileupload exec
2018-06-30 12:03:14 +05:30
Pedro Ribeiro 6ace45e312
Add correct IBM CVE
Turns out IBM decided to revisit the advisory and attribute 3 different CVE numbers intead of 1.
2018-06-30 12:06:16 +07:00
Brent Cook 85dc81a58b
Land #10185, add SMBv1/2 support in psexec 2018-06-29 17:49:27 -05:00
Shelby Pace 3b5555542c
add exploit module and documentation 2018-06-29 15:17:12 -05:00
William Vu 78cefe0528 Clarify original exploit credit
It's definitely more than a PoC (exploit). It's weaponized.
2018-06-29 13:02:40 -05:00
William Vu 34f303187f Drop privesc retval, since it's obsoleted by print 2018-06-29 12:53:59 -05:00
Jacob Robles fc3199259b
Land #9958, Nagios xi 2 electric 2018-06-29 12:16:18 -05:00
William Vu dbb502ae19 Refactor code and address review comments 2018-06-29 12:13:15 -05:00
Jacob Robles 675a736ab7
Update Docs 2018-06-29 11:08:31 -05:00
Jacob Robles 574c47cba6
Change Ranking
Command to change the database user
account could cause a DoS condition
if the credentials are incorrect.
2018-06-29 10:56:18 -05:00
Jacob Robles 57b89444f3
Additional style fixes 2018-06-29 10:53:57 -05:00
Brendan Coles c508a5f7f3
Land #10213, Add FTPShell client 6.70 Stack Buffer Overflow exploit 2018-06-29 14:40:51 +00:00
Daniel Teixeira 1e148a8862
Update ftpshell_cli_bof.rb 2018-06-29 14:22:40 +01:00
Jacob Robles 7532490a1e
Style/Whitespace fixes 2018-06-29 07:02:45 -05:00
William Vu 40ac79ced0
Land #10218, MS17-010 Windows Embedded Standard 7 2018-06-28 16:11:56 -05:00
Daniel Teixeira 1854793253
Update ftpshell_cli_bof.rb 2018-06-28 13:01:13 +01:00
Daniel Teixeira bd2fb56adf
Update ftpshell_cli_bof.rb 2018-06-28 12:55:48 +01:00
William Vu 36a37cf6ab Add HP VAN SDN Controller exploit 2018-06-28 02:14:04 -05:00
Touhid M Shaikh f3e3d0c30b
monstra_fileupload_exec.rb
Monstra CMS - Authenticated  Arbitrary File Upload / Remote Code Execution CVE 2017-18048
2018-06-28 10:55:41 +05:30
zerosum0x0 a5c0881c08 add Windows Embedded Standard 7 support 2018-06-27 19:17:18 -06:00
phra 54c2bc36e9
fix: invert if else order 2018-06-28 01:33:56 +02:00
phra e614805948
chore: fix msftidy 2018-06-28 01:27:51 +02:00
Matthew Kienow 2a31958f6a
Bump metasploit_payloads-mettle to version 0.4.1 2018-06-27 17:55:08 -04:00
Brent Cook e17744df8d
Land #10215, add support for payload estimation for IPv6-specific modules 2018-06-27 16:46:54 -05:00
Adam Cammack 25b9f97a32
Update cached payload size update to support IPv6 2018-06-27 16:26:41 -05:00
William Vu dbb0748c1c
Land #9998, customizable golden ticket duration 2018-06-27 15:51:56 -05:00
William Vu d7770a98b2 s/Seperated/Separated/ 2018-06-27 15:36:41 -05:00
Adam Cammack ce7d4cd280
Land #10109, Teradata login scanner and SQL runner 2018-06-27 15:35:57 -05:00
Adam Cammack 9d8294fcc9
Mark Teradata login scanner executable 2018-06-27 15:35:13 -05:00
Adam Cammack 8b2bd35659
Fixup option references in Teradata SQL 2018-06-27 15:34:29 -05:00
Adam Cammack 1dbcf0fd09
Cleanup Teradata SQL options 2018-06-27 15:12:21 -05:00
Adam Cammack 3985191e0f
Add `userpass` option to Teradata login scanner 2018-06-27 15:10:02 -05:00
Adam Cammack ef309e0d5f
Fixup metadata whitespace 2018-06-27 15:09:23 -05:00
Daniel Teixeira 837427ccae
Update ftpshell_cli_bof.rb 2018-06-27 16:42:29 +01:00
Daniel Teixeira 4a4e38a7b0
FTPShell client 6.70 (Enterprise edition) 2018-06-27 16:37:22 +01:00
phra da22b36997
chore: fix typo 2018-06-27 17:16:38 +02:00
phra 53f158ef4f
refactor: universal check, payload platform check 2018-06-27 17:11:47 +02:00
William Vu 9c38c9f63c
Land #10207, msftidy fixes 2018-06-26 14:38:57 -05:00
Shelby Pace c5e7184fdb
Land #10199, Kace Systems Management Command Injection 2018-06-26 10:11:10 -05:00
Jacob Robles c4bf12cbe0
ntds_grabber msftidy fixes 2018-06-26 08:22:11 -05:00
Jacob Robles 00102a7413
oscommerce msftidy fix 2018-06-26 08:21:10 -05:00
Wei Chen 76535b5e51 Check hidden val && check auth requirement 2018-06-25 17:24:13 -05:00
Jacob Robles 2fd0d797ac
psexec smb2 support 2018-06-25 15:06:23 -05:00
Shelby Pace 10c36bbd7d
modified get_creds, renamed make_request 2018-06-25 12:45:06 -05:00
Shelby Pace 81bdbd712c
added disclosureDate and modified style 2018-06-22 15:58:21 -05:00
Shelby Pace 510c2d04ef
add auxiliary module and documentation - SickRage 2018-06-22 11:18:02 -05:00
Brendan Coles 6d3c141553 Update patched version check 2018-06-22 15:08:19 +00:00
Brendan Coles a71a5a10d5 Add Quest KACE Systems Management Command Injection 2018-06-22 08:07:18 +00:00
Brent Cook eaf043d30b
Land #10156, WebKit, as used in WebKitGTK+ Crash - CVE-2018-11646 2018-06-21 16:28:37 -05:00
Adam Cammack 6dafb13f28
Module metadata cleanup 2018-06-21 15:10:47 -05:00
Jeffrey Martin 2f40b2cb45
address missed impacket dependency check 2018-06-21 13:56:17 -05:00
Eliott Teissonniere c4632f44aa Fix windows 2018-06-21 16:46:15 +00:00
Eliott Teissonniere 2008de4080 Support Windows screensaver and locking 2018-06-21 16:46:00 +00:00
Brent Cook 38e1429879
Land #10189, ETERNALBLUE updates 2018-06-20 23:53:20 -05:00
William Vu 4bb6afb24e Move dependency check so we can send our metadata
I missed this detail about the module.run method when adding the check.
Defining the metadata or where you put it doesn't matter so much as if
you're sending it over JSON-RPC.
2018-06-20 15:03:26 -05:00
William Vu 8277a4da24 Add better targeting feedback 2018-06-20 12:41:22 -05:00
William Vu 13a4b2e359 Add dependency check for Impacket 2018-06-20 12:22:17 -05:00
Eliott Teissonniere a8e9c20d6c Make open works on windows 2018-06-20 09:23:57 +00:00
Eliott Teissonniere 4c0ac00f38 Make screensaver works on OSX 2018-06-20 09:13:51 +00:00
Brent Cook a1176e011a
Land #10184, Add sleepya's ETERNALBLUE exploit for Win8+ 2018-06-19 17:34:38 -05:00
William Vu 0820268d8a Improve rank handling with shim logic 2018-06-19 16:46:20 -05:00
Wei Chen 72432c200a
Land #10183, Add auxiliary mod to exploit httpdasm dir traversal vuln 2018-06-19 14:56:36 -05:00
Wei Chen b315886f9b Update option description 2018-06-19 14:55:53 -05:00
Wei Chen 9be8aa6877 Be more verbose on error handling 2018-06-19 14:54:27 -05:00
Shelby Pace a0189cc3f6
made suggested changes to module 2018-06-19 12:22:44 -05:00
William Vu 9913606ed9 Correct rank and formatting in Haraka 2018-06-19 11:44:02 -05:00
William Vu 9545bac809 Rename remote_exploit_generic template
Dropping "generic" from the name. I initially had some reservations
about leaving it in, and after discussion with @acammack-r7, we've
decided it adds nothing useful.
2018-06-19 11:43:56 -05:00
William Vu df4cee1d77 Fix PEP 8 in added code 2018-06-19 11:20:15 -05:00
William Vu 781478b283 Document some things 2018-06-19 11:20:15 -05:00
William Vu ecea36c459 Convert PoC to external module 2018-06-19 11:20:10 -05:00
William Vu 45e8adc617 Add sleepya's ETERNALBLUE exploit for Win8+ 2018-06-18 11:41:57 -05:00
Shelby Pace b78bb78f95
added auxiliary module and documentation 2018-06-18 10:25:33 -05:00
Jacob Robles cb50d0fade
Land #9825, Add 'phpMyAdmin Authenticated Remote Code Execution' 2018-06-18 08:51:53 -05:00
Jacob Robles 2e2ded22fc
Use Gem::Version
Simplify version comparisons
2018-06-18 08:35:47 -05:00
Jacob Robles 122ea2ddcb
Update module, Add docs
Changed the module to an exploit module and
added documentation.
2018-06-18 07:33:05 -05:00
Eliott Teissonniere 351a0bd37f Cleanup command execution code 2018-06-18 07:24:54 +00:00
Eliott Teissonniere a750aedb6b Move xdg_screensaver to multi module 2018-06-18 07:19:52 +00:00
Eliott Teissonniere 1f6b9a51ea Remove useless import 2018-06-18 06:56:39 +00:00
Eliott Teissonniere 8342751b05 Move xdg_open to multi module 2018-06-18 06:54:13 +00:00
Wei Chen ec88683ad2
Land #10165, Fix missing RequestError in a few post modules 2018-06-15 15:38:49 -05:00
Wei Chen 3e8bd83c29
Land #10172, Rm duplicate word in agitum_outpost_acs description 2018-06-15 15:13:23 -05:00
James Barnett 2ded48a510 Merge branch 'master' into remote_creds_data 2018-06-15 10:26:10 -05:00
William Vu b733b79533
Land #10021, post/multi/recon/sudo_commands module 2018-06-14 16:33:50 -05:00
James Barnett 9f2f61c481
Implement create_credential_and_login in the dataproxy 2018-06-14 13:28:03 -05:00
Nicholas Starke 936632f180 Minor Tweaks to Module
This commit changes some logic around
on a few different conditional portions
of code.
2018-06-14 10:06:42 -05:00
Clément Notin b64ab9b0de
Remove duplicate word in the agitum_outpost_acs module description 2018-06-14 15:15:29 +02:00
Eliott Teissonniere c4af2aca53 Check command availability 2018-06-14 10:00:26 +00:00
Eliott Teissonniere e523d5a114
Fix tabbed indents 2018-06-14 11:35:03 +02:00
Eliott Teissonniere b9d59315a8
Fix English in XDG screensaver 2018-06-14 11:30:04 +02:00
Eliott Teissonniere c5c0dffa3a
Fix English for XDG open 2018-06-14 11:28:30 +02:00
Eliott Teissonniere ee81ed6f7e Add XDG screensaver 2018-06-14 08:58:24 +00:00
Eliott Teissonniere 3c4bcf9258 Make XDG open module 2018-06-14 08:33:51 +00:00
Dhiraj Mishra c0a5a65e0c
Updated
Suggestion's by acammack-r7
2018-06-14 11:25:00 +05:30
Adam Cammack 853bd4d976
Land #10167, Add Linux x86 IPv6 reverse shell 2018-06-13 15:32:59 -05:00
Adam Cammack 0d9eb5b662
Clean up ipv6 address assembly packing 2018-06-13 15:31:49 -05:00
Adam Cammack d6f0673840
Fix indentation 2018-06-13 15:27:18 -05:00
Adam Cammack 402edba028
Remove automatic fork
The PrependFork option works just as well
2018-06-13 15:26:22 -05:00
Adam Cammack 9681c59f1d
Land #10138, Update psnuffle RHOSTS and style 2018-06-13 14:45:05 -05:00
Matteo Malvica e8a7a7e76f
first commit 2018-06-13 21:29:09 +02:00
James Barnett 71651a33f6
Update jtr modules to use remote data store 2018-06-13 12:09:58 -05:00
bwatters-r7 1cd76eb833
Land #10148, Add New Module - Badpdf
Merge branch 'land-10148' into upstream-master
2018-06-12 17:19:32 -05:00
William Vu 14da99bb3d Fix missing RequestError in a few post modules
Should be Rex::Post::Meterpreter::RequestError.
2018-06-12 17:11:29 -05:00
rmdavy 477d709ff6
Code Improvements
Ran module through rubocop
2018-06-12 22:55:38 +01:00
bwatters-r7 29f4870fa0
Land #10101, Add glibc 'realpath()' Privilege Escalation exploit 2018-06-12 16:41:07 -05:00
bwatters-r7 06b3fdce49
Update reliability because of failures 2018-06-12 16:39:41 -05:00
William Vu c3c6bc19da
Land #10059, CVE-2018-1111 exploit 2018-06-12 15:02:06 -05:00
William Vu f4bb00b9a5 Remove stray PayloadType outside Compat 2018-06-12 14:59:29 -05:00
Tim W 0c891e972f
Land #10066, implement AudioOutput api from channel 2018-06-11 16:20:11 +08:00
Tim W 57e3bbdba4 update payload cached sizes 2018-06-11 16:19:58 +08:00
Dhiraj Mishra b44265fcb2
Minor tweaks
Suggestion's made by bcoles
2018-06-11 13:25:02 +05:30
rmdavy 6b58163fde
Code Improvement
Added further code improvement suggested by bcoles
2018-06-11 08:06:02 +01:00
Brendan Coles 645c890888
Land #10157, Add IconFile path to .URL files generated with MultiDrop 2018-06-11 03:07:21 +00:00
rmdavy f10b2b12d4
Implemented changes suggested by bcoles 2018-06-10 22:18:17 +01:00
rmdavy 22538bfd63
Fixed Minor Code Error & Removed Spaces 2018-06-10 21:53:40 +01:00
rmdavy f4334828d0
Minor Improvement
URL File Creation also supports IconFile - this has now been added
2018-06-09 17:46:27 +01:00
rmdavy 5e630b34e1
Minor Update
Removed some Spaces at EOL
2018-06-09 17:03:32 +01:00
rmdavy 5ca538541a
Code Improvements
Code improvements as suggested by bcoles.
2018-06-09 16:44:37 +01:00
rmdavy f9c74419bb
Minor Code Update
Improved injection and Minor Code Improvement
2018-06-09 12:24:33 +01:00
Dhiraj Mishra 51823b1d3d
Spaces at EOL 2018-06-09 15:58:11 +05:30
Dhiraj Mishra d3a18b2ce9
Some tweak
Thanks bcloes 😎
2018-06-09 12:15:21 +05:30
Dhiraj Mishra 76588aed09
Error at disclosure date format 2018-06-09 12:03:41 +05:30
Dhiraj Mishra f1d29e730f
Spaces at EOL 2018-06-09 11:53:21 +05:30
Dhiraj Mishra 6e8412fa73
CVE-2018-11646 - Webkit+ 2018-06-09 11:43:47 +05:30
Tim W 9abf438428
Land #10118, cleanup OSX local exploit modules 2018-06-08 14:57:09 +08:00
Tim W 641ffca98c use base_dir 2018-06-08 14:53:21 +08:00
rmdavy 7e0c8d279f
Minor Code Update 2018-06-07 21:16:41 +01:00
rmdavy ab80eadc3f
Minor Code Improvement 2018-06-07 21:06:47 +01:00
rmdavy 98507b2e51
Update badpdf.rb 2018-06-07 19:08:51 +01:00
rmdavy aba05275ae
BadPDF Generator
Generated PDF files which contain a UNC link back to listener, can be used to capture NetNTLM hashes.
2018-06-07 16:40:57 +01:00
rmdavy 16fcaa3d00
Delete badpdf.rb 2018-06-07 16:38:57 +01:00
rmdavy c790537bb2
BadPDF Generator 2018-06-07 16:38:22 +01:00
Aaron Soto f53d2a14df
Land #10067, Added `auxiliary/fileformat/odt_badodt` 2018-06-06 11:27:23 -05:00
Aaron Soto 20e773498f
Moved to `auxiliary/fileformat/odt_badodt` and updated docs 2018-06-06 11:27:07 -05:00
Aaron Soto 61074d1220
Land #10115, Added module `auxiliary/fileformat/multidrop` 2018-06-05 16:30:30 -05:00
Aaron Soto c94263c915
Create 'fileformat' and move 'auxiliary/multidrop' to 'auxiliary/fileformat/multidrop' 2018-06-05 16:27:57 -05:00
Jacob Robles 3b2889cd77
Land #10106, Add the scanner/smb/impacket/wmiexec module 2018-06-05 08:33:34 -05:00
rmdavy 59873ba81a
Updated Authors 2018-06-04 23:03:00 +01:00
rmdavy 4fcbb5d03d
Minor Code Updates
Minor Code Updates as per recommendations by Aaron Soto
2018-06-04 19:20:37 +01:00
Chris Higgins 78bcd57694
Land #10092, Cleanup linux/local/recvmmsg_priv_esc 2018-06-04 10:32:35 -05:00
Brendan Coles e1d69d6307 Cleanup pSnuffle 2018-06-04 15:27:20 +00:00
Brendan Coles 3bcc329c07 Add HID discoveryd command_blink_on Unauthenticated RCE exploit 2018-06-03 05:41:10 +00:00
Brent Cook 61a98b94b6
Land #9528, WebKit apple safari trident exploit (CVE-2016-4657) 2018-06-02 21:52:52 -05:00
phra e9db949418
refactor: replace last string with hash 2018-06-01 16:59:38 +02:00
phra ae3e8dab78
chore: update references 2018-06-01 16:58:26 +02:00
phra 5649dd0598
refactor: use Hash.to_json instead of strings 2018-06-01 16:57:57 +02:00
rmdavy 061bb84a5a
Updated Code
Updated code with suggestions provided by bcoles
2018-06-01 11:13:40 +01:00
Aaron Soto 2bf5e26bfe
Removed `Deprecated` include from `udp_probe` 2018-05-31 14:32:31 -05:00
Aaron Soto 918705d510
Removed deprecated modules: `epmp1000_cmd_exec` and `cambium_snmp_loot` 2018-05-31 14:31:58 -05:00
Nicholas Starke 53d9dc75d8 Adding npm component "marked" ReDoS module
This commit adds a module for the npm component
"marked" which exploits a Regular Expression
Denial of Service (ReDoS) vulnerability in the
"heading" regular expression.  Also included
is the documentation markdown for this module.
2018-05-31 13:33:09 -05:00
Brendan Coles 9c14bddd93 Cleanup OSX local exploit modules 2018-05-31 12:26:33 +00:00
Aaron Soto 829e1c306a
Land #10102, SOCKS5 updates for BIND, parsing specs, refactoring 2018-05-30 16:15:53 -05:00
Adam Cammack 5e968529bf
Land #9976, Store non-nil linux enum_network loot 2018-05-30 15:33:39 -05:00
Adam Cammack 435f965418
Use #include? over Regexps with plain strings 2018-05-30 15:32:04 -05:00
bwatters-r7 1e57aa5a57
Land #9777, Slui File Handler Hijack LPE 2018-05-30 15:22:12 -05:00
rmdavy 51a9fc4c55
Multidrop
Multidrop is a single module which can be used to create *.scf, *.url, *.lnk and desktop.ini files which contain a SMB/UNC link to a listener ready to capture NetNTLM hashes
2018-05-30 17:36:11 +01:00
Tim W c0841ef0bf set default payload 2018-05-30 18:04:22 +08:00
Tim W 2ec7f11b90 add binary 2018-05-30 18:02:17 +08:00
Brent Cook e69c51132d
Land #10083, Add Msf::Post::OSX::Priv mixin 2018-05-29 23:01:36 -05:00
Pedro Ribeiro d77ee20fc7
Add fix for 7.3.0 2018-05-30 00:59:11 +03:00
Pedro Ribeiro f1663afd53
Change patch level of vulnerable versions 2018-05-30 00:37:29 +03:00
Aaron Soto c8b2fc8a35
Land #9701, Flexense HTTP Server DoS exploit 2018-05-29 16:19:59 -05:00
Aaron Soto 026b22d061
Refined packet sizes and counts, improved error messages 2018-05-29 16:09:27 -05:00
Pedro Ribeiro 476030bbd6
Fix grep with proper Base64 support; IBM bug! 2018-05-29 18:49:52 +03:00
Pedro Ribeiro a3c7ac830f
Fix typo in rand 2018-05-29 18:40:50 +03:00
actuated b0d8e93e79 Added Teradata ODBC Login and SQL modules and documentation 2018-05-29 10:12:43 -05:00
Pedro Ribeiro ac5718d24c
Fix whitespace 2018-05-29 15:02:36 +03:00
Pedro Ribeiro 809982b430
Make changes requested by bcoles 2018-05-29 14:48:57 +03:00