William Vu
df4cee1d77
Fix PEP 8 in added code
2018-06-19 11:20:15 -05:00
William Vu
781478b283
Document some things
2018-06-19 11:20:15 -05:00
William Vu
ecea36c459
Convert PoC to external module
2018-06-19 11:20:10 -05:00
William Vu
45e8adc617
Add sleepya's ETERNALBLUE exploit for Win8+
2018-06-18 11:41:57 -05:00
Shelby Pace
b78bb78f95
added auxiliary module and documentation
2018-06-18 10:25:33 -05:00
Jacob Robles
cb50d0fade
Land #9825 , Add 'phpMyAdmin Authenticated Remote Code Execution'
2018-06-18 08:51:53 -05:00
Jacob Robles
2e2ded22fc
Use Gem::Version
...
Simplify version comparisons
2018-06-18 08:35:47 -05:00
Jacob Robles
122ea2ddcb
Update module, Add docs
...
Changed the module to an exploit module and
added documentation.
2018-06-18 07:33:05 -05:00
Eliott Teissonniere
351a0bd37f
Cleanup command execution code
2018-06-18 07:24:54 +00:00
Eliott Teissonniere
a750aedb6b
Move xdg_screensaver to multi module
2018-06-18 07:19:52 +00:00
Eliott Teissonniere
1f6b9a51ea
Remove useless import
2018-06-18 06:56:39 +00:00
Eliott Teissonniere
8342751b05
Move xdg_open to multi module
2018-06-18 06:54:13 +00:00
Wei Chen
ec88683ad2
Land #10165 , Fix missing RequestError in a few post modules
2018-06-15 15:38:49 -05:00
Wei Chen
3e8bd83c29
Land #10172 , Rm duplicate word in agitum_outpost_acs description
2018-06-15 15:13:23 -05:00
James Barnett
2ded48a510
Merge branch 'master' into remote_creds_data
2018-06-15 10:26:10 -05:00
William Vu
b733b79533
Land #10021 , post/multi/recon/sudo_commands module
2018-06-14 16:33:50 -05:00
James Barnett
9f2f61c481
Implement create_credential_and_login in the dataproxy
2018-06-14 13:28:03 -05:00
Nicholas Starke
936632f180
Minor Tweaks to Module
...
This commit changes some logic around
on a few different conditional portions
of code.
2018-06-14 10:06:42 -05:00
Clément Notin
b64ab9b0de
Remove duplicate word in the agitum_outpost_acs module description
2018-06-14 15:15:29 +02:00
Eliott Teissonniere
c4af2aca53
Check command availability
2018-06-14 10:00:26 +00:00
Eliott Teissonniere
e523d5a114
Fix tabbed indents
2018-06-14 11:35:03 +02:00
Eliott Teissonniere
b9d59315a8
Fix English in XDG screensaver
2018-06-14 11:30:04 +02:00
Eliott Teissonniere
c5c0dffa3a
Fix English for XDG open
2018-06-14 11:28:30 +02:00
Eliott Teissonniere
ee81ed6f7e
Add XDG screensaver
2018-06-14 08:58:24 +00:00
Eliott Teissonniere
3c4bcf9258
Make XDG open module
2018-06-14 08:33:51 +00:00
Dhiraj Mishra
c0a5a65e0c
Updated
...
Suggestion's by acammack-r7
2018-06-14 11:25:00 +05:30
Adam Cammack
853bd4d976
Land #10167 , Add Linux x86 IPv6 reverse shell
2018-06-13 15:32:59 -05:00
Adam Cammack
0d9eb5b662
Clean up ipv6 address assembly packing
2018-06-13 15:31:49 -05:00
Adam Cammack
d6f0673840
Fix indentation
2018-06-13 15:27:18 -05:00
Adam Cammack
402edba028
Remove automatic fork
...
The PrependFork option works just as well
2018-06-13 15:26:22 -05:00
Adam Cammack
9681c59f1d
Land #10138 , Update psnuffle RHOSTS and style
2018-06-13 14:45:05 -05:00
Matteo Malvica
e8a7a7e76f
first commit
2018-06-13 21:29:09 +02:00
James Barnett
71651a33f6
Update jtr modules to use remote data store
2018-06-13 12:09:58 -05:00
bwatters-r7
1cd76eb833
Land #10148 , Add New Module - Badpdf
...
Merge branch 'land-10148' into upstream-master
2018-06-12 17:19:32 -05:00
William Vu
14da99bb3d
Fix missing RequestError in a few post modules
...
Should be Rex::Post::Meterpreter::RequestError.
2018-06-12 17:11:29 -05:00
rmdavy
477d709ff6
Code Improvements
...
Ran module through rubocop
2018-06-12 22:55:38 +01:00
bwatters-r7
29f4870fa0
Land #10101 , Add glibc 'realpath()' Privilege Escalation exploit
2018-06-12 16:41:07 -05:00
bwatters-r7
06b3fdce49
Update reliability because of failures
2018-06-12 16:39:41 -05:00
William Vu
c3c6bc19da
Land #10059 , CVE-2018-1111 exploit
2018-06-12 15:02:06 -05:00
William Vu
f4bb00b9a5
Remove stray PayloadType outside Compat
2018-06-12 14:59:29 -05:00
Tim W
0c891e972f
Land #10066 , implement AudioOutput api from channel
2018-06-11 16:20:11 +08:00
Tim W
57e3bbdba4
update payload cached sizes
2018-06-11 16:19:58 +08:00
Dhiraj Mishra
b44265fcb2
Minor tweaks
...
Suggestion's made by bcoles
2018-06-11 13:25:02 +05:30
rmdavy
6b58163fde
Code Improvement
...
Added further code improvement suggested by bcoles
2018-06-11 08:06:02 +01:00
Brendan Coles
645c890888
Land #10157 , Add IconFile path to .URL files generated with MultiDrop
2018-06-11 03:07:21 +00:00
rmdavy
f10b2b12d4
Implemented changes suggested by bcoles
2018-06-10 22:18:17 +01:00
rmdavy
22538bfd63
Fixed Minor Code Error & Removed Spaces
2018-06-10 21:53:40 +01:00
rmdavy
f4334828d0
Minor Improvement
...
URL File Creation also supports IconFile - this has now been added
2018-06-09 17:46:27 +01:00
rmdavy
5e630b34e1
Minor Update
...
Removed some Spaces at EOL
2018-06-09 17:03:32 +01:00
rmdavy
5ca538541a
Code Improvements
...
Code improvements as suggested by bcoles.
2018-06-09 16:44:37 +01:00
rmdavy
f9c74419bb
Minor Code Update
...
Improved injection and Minor Code Improvement
2018-06-09 12:24:33 +01:00
Dhiraj Mishra
51823b1d3d
Spaces at EOL
2018-06-09 15:58:11 +05:30
Dhiraj Mishra
d3a18b2ce9
Some tweak
...
Thanks bcloes 😎
2018-06-09 12:15:21 +05:30
Dhiraj Mishra
76588aed09
Error at disclosure date format
2018-06-09 12:03:41 +05:30
Dhiraj Mishra
f1d29e730f
Spaces at EOL
2018-06-09 11:53:21 +05:30
Dhiraj Mishra
6e8412fa73
CVE-2018-11646 - Webkit+
2018-06-09 11:43:47 +05:30
Tim W
9abf438428
Land #10118 , cleanup OSX local exploit modules
2018-06-08 14:57:09 +08:00
Tim W
641ffca98c
use base_dir
2018-06-08 14:53:21 +08:00
rmdavy
7e0c8d279f
Minor Code Update
2018-06-07 21:16:41 +01:00
rmdavy
ab80eadc3f
Minor Code Improvement
2018-06-07 21:06:47 +01:00
rmdavy
98507b2e51
Update badpdf.rb
2018-06-07 19:08:51 +01:00
rmdavy
aba05275ae
BadPDF Generator
...
Generated PDF files which contain a UNC link back to listener, can be used to capture NetNTLM hashes.
2018-06-07 16:40:57 +01:00
rmdavy
16fcaa3d00
Delete badpdf.rb
2018-06-07 16:38:57 +01:00
rmdavy
c790537bb2
BadPDF Generator
2018-06-07 16:38:22 +01:00
Aaron Soto
f53d2a14df
Land #10067 , Added `auxiliary/fileformat/odt_badodt`
2018-06-06 11:27:23 -05:00
Aaron Soto
20e773498f
Moved to `auxiliary/fileformat/odt_badodt` and updated docs
2018-06-06 11:27:07 -05:00
Aaron Soto
61074d1220
Land #10115 , Added module `auxiliary/fileformat/multidrop`
2018-06-05 16:30:30 -05:00
Aaron Soto
c94263c915
Create 'fileformat' and move 'auxiliary/multidrop' to 'auxiliary/fileformat/multidrop'
2018-06-05 16:27:57 -05:00
Jacob Robles
3b2889cd77
Land #10106 , Add the scanner/smb/impacket/wmiexec module
2018-06-05 08:33:34 -05:00
rmdavy
59873ba81a
Updated Authors
2018-06-04 23:03:00 +01:00
rmdavy
4fcbb5d03d
Minor Code Updates
...
Minor Code Updates as per recommendations by Aaron Soto
2018-06-04 19:20:37 +01:00
Chris Higgins
78bcd57694
Land #10092 , Cleanup linux/local/recvmmsg_priv_esc
2018-06-04 10:32:35 -05:00
Brendan Coles
e1d69d6307
Cleanup pSnuffle
2018-06-04 15:27:20 +00:00
Brendan Coles
3bcc329c07
Add HID discoveryd command_blink_on Unauthenticated RCE exploit
2018-06-03 05:41:10 +00:00
Brent Cook
61a98b94b6
Land #9528 , WebKit apple safari trident exploit (CVE-2016-4657)
2018-06-02 21:52:52 -05:00
phra
e9db949418
refactor: replace last string with hash
2018-06-01 16:59:38 +02:00
phra
ae3e8dab78
chore: update references
2018-06-01 16:58:26 +02:00
phra
5649dd0598
refactor: use Hash.to_json instead of strings
2018-06-01 16:57:57 +02:00
rmdavy
061bb84a5a
Updated Code
...
Updated code with suggestions provided by bcoles
2018-06-01 11:13:40 +01:00
Aaron Soto
2bf5e26bfe
Removed `Deprecated` include from `udp_probe`
2018-05-31 14:32:31 -05:00
Aaron Soto
918705d510
Removed deprecated modules: `epmp1000_cmd_exec` and `cambium_snmp_loot`
2018-05-31 14:31:58 -05:00
Nicholas Starke
53d9dc75d8
Adding npm component "marked" ReDoS module
...
This commit adds a module for the npm component
"marked" which exploits a Regular Expression
Denial of Service (ReDoS) vulnerability in the
"heading" regular expression. Also included
is the documentation markdown for this module.
2018-05-31 13:33:09 -05:00
Brendan Coles
9c14bddd93
Cleanup OSX local exploit modules
2018-05-31 12:26:33 +00:00
Aaron Soto
829e1c306a
Land #10102 , SOCKS5 updates for BIND, parsing specs, refactoring
2018-05-30 16:15:53 -05:00
Adam Cammack
5e968529bf
Land #9976 , Store non-nil linux enum_network loot
2018-05-30 15:33:39 -05:00
Adam Cammack
435f965418
Use #include? over Regexps with plain strings
2018-05-30 15:32:04 -05:00
bwatters-r7
1e57aa5a57
Land #9777 , Slui File Handler Hijack LPE
2018-05-30 15:22:12 -05:00
rmdavy
51a9fc4c55
Multidrop
...
Multidrop is a single module which can be used to create *.scf, *.url, *.lnk and desktop.ini files which contain a SMB/UNC link to a listener ready to capture NetNTLM hashes
2018-05-30 17:36:11 +01:00
Tim W
c0841ef0bf
set default payload
2018-05-30 18:04:22 +08:00
Tim W
2ec7f11b90
add binary
2018-05-30 18:02:17 +08:00
Brent Cook
e69c51132d
Land #10083 , Add Msf::Post::OSX::Priv mixin
2018-05-29 23:01:36 -05:00
Pedro Ribeiro
d77ee20fc7
Add fix for 7.3.0
2018-05-30 00:59:11 +03:00
Pedro Ribeiro
f1663afd53
Change patch level of vulnerable versions
2018-05-30 00:37:29 +03:00
Aaron Soto
c8b2fc8a35
Land #9701 , Flexense HTTP Server DoS exploit
2018-05-29 16:19:59 -05:00
Aaron Soto
026b22d061
Refined packet sizes and counts, improved error messages
2018-05-29 16:09:27 -05:00
Pedro Ribeiro
476030bbd6
Fix grep with proper Base64 support; IBM bug!
2018-05-29 18:49:52 +03:00
Pedro Ribeiro
a3c7ac830f
Fix typo in rand
2018-05-29 18:40:50 +03:00
actuated
b0d8e93e79
Added Teradata ODBC Login and SQL modules and documentation
2018-05-29 10:12:43 -05:00
Pedro Ribeiro
ac5718d24c
Fix whitespace
2018-05-29 15:02:36 +03:00
Pedro Ribeiro
809982b430
Make changes requested by bcoles
2018-05-29 14:48:57 +03:00
Pedro Ribeiro
56dd07639f
add vuln versions
2018-05-28 17:37:58 +03:00
Pedro Ribeiro
aaaa9c7508
Fix warnings from travis
2018-05-28 17:18:52 +03:00
Pedro Ribeiro
e126681814
Changed disclosure date
2018-05-28 17:08:48 +03:00
Pedro Ribeiro
cfb7d4c2fe
Add github url
2018-05-28 16:53:54 +03:00
Pedro Ribeiro
7db8183bc7
Create file for CVE-2018-1418
2018-05-28 16:39:10 +03:00
Spencer McIntyre
7ac8af03d2
Remove the LD_PRELOAD hook for proxychains
2018-05-27 17:12:06 -04:00
Spencer McIntyre
28d15a113f
Add the secretsdump impacket module and docs
2018-05-27 17:09:59 -04:00
Spencer McIntyre
9fab2316c5
Add the wmiexec impacket module and documentation
2018-05-27 16:24:56 -04:00
Brendan Coles
0af5d44c42
Add glibc 'realpath()' Privilege Escalation exploit
2018-05-26 21:25:59 +00:00
Spencer McIntyre
c85cc9ad9e
Refactor SOCKS5 TcpRelay and add packet tests
2018-05-26 13:46:00 -04:00
Spencer McIntyre
49341fc87d
Add credential authentication support to socks5
2018-05-25 20:14:03 -04:00
Spencer McIntyre
9b5ae34896
Drop udp associate support and cleanup logging
2018-05-25 20:14:03 -04:00
Spencer McIntyre
6859856101
Refactor the socks5 code into multiple files
2018-05-25 20:14:03 -04:00
Spencer McIntyre
04bec0bdf0
Progress on the socks5 proxy module
2018-05-25 20:14:02 -04:00
Ege Balcı
3ab7526786
Name & description Change
...
Exploit::CheckCode changed to Unknown as suggested.
2018-05-25 20:22:51 +03:00
Brent Cook
fad5a99c7d
fix incorrect disclosure date
2018-05-25 02:59:08 -05:00
Brendan Coles
4df01da49a
Add GTFOBins
2018-05-25 04:20:25 +00:00
Brendan Coles
651fb69585
Cleanup linux/local/recvmmsg_priv_esc module
2018-05-24 17:56:07 +00:00
Auxilus
72fb51f877
add extra check for failed command outputs
2018-05-24 20:47:06 +05:30
rmdavy
affa0bdc6f
Minor Update
...
Removed Unused Comment
2018-05-24 13:45:08 +01:00
rmdavy
7143f04ea7
Add files via upload
...
Updated to use recommended method of creating zip files
2018-05-24 09:53:53 +01:00
rmdavy
04a27e0221
Delete thumbnail.png
...
Moved folder location
2018-05-24 09:37:45 +01:00
rmdavy
81c4e9f7b9
Delete styles.xml
...
Moved folder location
2018-05-24 09:37:31 +01:00
rmdavy
73bfe1c9ab
Delete settings.xml
...
Moved folder location
2018-05-24 09:37:18 +01:00
rmdavy
247904746c
Delete meta.xml
...
Moved folder location
2018-05-24 09:37:04 +01:00
rmdavy
f9bda873d2
Delete manifest.xml
...
Moved folder location
2018-05-24 09:36:55 +01:00
rmdavy
5002eae655
Delete manifest.rdf
...
Moved folder location
2018-05-24 09:36:45 +01:00
rmdavy
02afeb3e29
Delete content.xml
...
Moved folder location
2018-05-24 09:36:35 +01:00
Brent Cook
86a5b951aa
Land #9990 , add SOCKS5 proxy support
2018-05-23 17:31:09 -05:00
Brent Cook
bc5c7a15e5
remove single-entry OptEnum from module, since there is only one possible TECHNIQUE
2018-05-23 13:44:53 -05:00
bwatters-r7
77403479f5
code cleanup
2018-05-23 12:53:48 -05:00
gushmazuko
3ef6f82894
Update bypassuac_sluihijack.rb
2018-05-23 12:25:49 +02:00
Jan Rude
567e2dbc7e
Update telpho10_credential_dump.rb
...
Current version still vulnerable, developer ignores mails. It seems like this is going to be a 'won´t fix'
2018-05-23 09:32:41 +02:00
Aaron Soto
72efe66403
Refactored for better logging, IPv6 support, and prep for auth
2018-05-22 18:57:00 -05:00
Brendan Coles
45481f26b6
Add Msf::Post::OSX::Priv mixin
2018-05-22 22:25:39 +00:00
James Barnett
0472b9df3f
Land #10024 , Fix find_or_create_* methods for remote data service
...
This PR updates the find_or_create_* methods associated with each model to
no longer just proxy to the report_* model. It now performs a lookup through
the DataProxy and returns the found object if it exists, or creates a new
record if needed.
2018-05-22 17:08:46 -05:00
Brendan Coles
15e472637a
Land #10070 , Fix cleanup in exploits/osx/local/rootpipe_entitlements
2018-05-22 21:52:24 +00:00
Brendan Coles
b14e354b25
Land #10048 , Make shell and meterpreter sessions consistent with cmd_exec
2018-05-22 21:26:47 +00:00
bwatters-r7
40d5f46277
Lad #10017 , D-Link DSL-2750B Unauthenticated OS Command Injection
...
Merge branch 'land-10017' into upstream-master
2018-05-22 10:54:33 -05:00
lucyoa
6cc1a8dcbd
Rubocop fixes
2018-05-22 10:34:05 -04:00
Matthew Kienow
4ecc1ff551
Modify loots, notes and services search methods
...
Modify loots and services method signatures. Remove workspace as a
positional argument, move into opts hash argument and update callers.
Made host search for these models more uniform. Update find_or_create
methods to handle difference in opts between find and report
operations.
2018-05-21 17:37:51 -04:00
phra
6d4ad57beb
refactor: use Rex built-in encoders
2018-05-21 22:14:39 +02:00
bwatters-r7
75562e2bbc
Land #10044 , Fix is_system? in Msf::Post::Windows::Priv for non-English
...
Merge branch 'land-10044' into upstream-master
2018-05-21 14:24:26 -05:00
Kevin Kirsche
93e9c96a1c
Adjust link / name ordering to be alphabetical by key (not sorted by value)
2018-05-21 14:42:13 -04:00
Tim W
88ab836e15
Land #9987 , AF_PACKET chocobo_root exploit
2018-05-21 17:05:53 +08:00
Tim W
9e9dff8b6a
fix file cleanup on failed exploitation
2018-05-21 16:47:09 +08:00
Tim W
cd0161ada2
fix gcc for shell_reverse_tcp payloads on ubuntu
2018-05-21 16:46:42 +08:00
lucyoa
6ae55aadd4
Fixing documentation, improving exploits code
2018-05-20 12:55:46 -04:00
Brendan Coles
aa033bf5c1
Fix cleanup
2018-05-20 16:19:25 +00:00
Kevin Kirsche
c665a32eb9
Add privileged and fix PayloadType hash style
2018-05-19 19:06:50 -04:00
rmdavy
ef229111c8
Delete readme.txt
2018-05-19 16:58:45 +01:00
rmdavy
5d3c95e51b
Create badodt
2018-05-19 16:58:14 +01:00
rmdavy
a0d8f70dee
Create readme.txt
2018-05-19 16:57:40 +01:00
rmdavy
077a7c7c9e
Delete test.txt
2018-05-19 16:57:07 +01:00
rmdavy
018a8a3060
Create test.txt
2018-05-19 16:56:49 +01:00
rmdavy
622bc272fb
Delete odt
2018-05-19 16:56:30 +01:00
rmdavy
b293ddfe5d
Create odt
2018-05-19 16:56:10 +01:00
phra
c9ab44234a
refactor: remove predefined cmd stager flavor, increase linemax
2018-05-19 15:55:11 +02:00
phra
d239fb17db
refactor: update code as requested
2018-05-19 15:50:10 +02:00
Kevin Kirsche
d9d226376c
Fix missing comma
2018-05-19 09:23:23 -04:00
Kevin Kirsche
4bf259e767
Add github and EDB ID number
2018-05-19 09:04:18 -04:00
Kevin Kirsche
b0f556639f
Change rand text length and remove disable nops
2018-05-19 09:02:00 -04:00
phra
8a1cb1e560
fix: fix indentation
2018-05-19 03:27:35 +02:00
phra
5d37451dc8
fix: use print_error instead of puts
2018-05-19 03:26:49 +02:00
phra
b010d23427
exploits: add CVE-2018-1000049 exploit module, fixes #10063
2018-05-19 03:10:06 +02:00
Clément Notin
a8fcd9d275
Fix display of uid in post/windows/gather/win_privs
...
`inspect` is not necessary and triggers display of Unicode characters as "\x.." instead of printing their value.
As discussed in PR #10044
2018-05-19 01:35:19 +02:00
bwatters-r7
294b263159
Land #9966 , Add Reliable Datagram Sockets (RDS) Privilege Escalation exploit
...
Merge branch 'land-9966' into upstream-master
2018-05-18 17:06:04 -05:00
Touhid M Shaikh
12457d14f7
vTiger CRM v6.3.0 (CVE:2015-6000,CVE:2016-1713)
...
an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file.
2018-05-19 01:13:10 +05:30
Kevin Kirsche
6d0c6a7051
Randomize the starting letter
2018-05-18 15:14:40 -04:00
Kevin Kirsche
1efa5c4061
Move to PayloadType instead of Compat
2018-05-18 14:55:33 -04:00
Kevin Kirsche
599979be37
Add AKA and remove filename
2018-05-18 14:49:12 -04:00
Kevin Kirsche
0951aca881
Fix require that’s included by mixin
2018-05-18 13:31:20 -04:00
Kevin Kirsche
35ee1b5fa1
Use https instead of http in the comments
2018-05-18 13:10:47 -04:00
Kevin Kirsche
8f0242344d
Fix style to use curly braces instead of pipes
2018-05-18 13:06:38 -04:00
Kevin Kirsche
f1b9088609
Fix msf/core include requirement
...
```
modules/exploits/unix/dhcp/rhel_dhcp_client_command_injection.rb - [WARNING] Explicitly requiring/loading msf/core is not necessary
```
removes `require msf/core`
2018-05-18 13:04:55 -04:00
Kevin Kirsche
164f3ef48d
Add CVE-2018-1111 exploit
2018-05-18 12:47:08 -04:00
Brent Cook
7af7587519
Land #9999 , Optionally test empty group in cisco_ssl_vpn
2018-05-18 10:57:15 -05:00
Brent Cook
37f1e44a12
Land #10009 , Add initial check support to external modules
2018-05-18 09:31:31 -05:00
Brendan Coles
eb3733ffb4
unless
2018-05-17 17:42:55 +00:00
Brent Cook
520b8bc3c0
remove many duplicate code paths
2018-05-17 08:14:32 -05:00
Tim W
a3879f0109
Land #9956 , add module to extract wireless credentials on Android
2018-05-17 21:04:56 +08:00
Brent Cook
5c3cb097fb
Land #10047 , remove invalid timeout argument on cmd_exec
2018-05-17 07:41:14 -05:00
Brent Cook
406f1fe165
fix #10046 , remove invalid timeout argument on cmd_exec
2018-05-17 07:38:22 -05:00
Tim W
6594cbb5cc
Land #9947 , AF_PACKET packet_set_ring exploit
2018-05-17 18:43:52 +08:00
Tim W
dc227153c4
fix gcc on shell_reverse_tcp session
2018-05-17 18:43:27 +08:00
Aaron Soto
c35c8e9c75
Update module name, per a good catch by @bcook
2018-05-16 13:55:45 -05:00
Tim W
ce5b24eda0
fork early and cleanup files in module
2018-05-17 00:32:01 +08:00
Jacob Robles
999b895735
Land #9816 , Add the scanner/smb/impacket/dcomexec module
2018-05-16 07:15:32 -05:00
William Vu
eb0ac79143
Land #9975 , local_exploit_suggester fixes
2018-05-16 06:48:02 -05:00
William Vu
739d58135f
Move EXE generation in struts_code_exec_parameters
2018-05-16 06:15:40 -05:00
William Vu
6ec0272ff5
Land #8727 , CVE-2017-9791 exploit
2018-05-16 05:41:26 -05:00
William Vu
eaec1d7486
Clean up module
2018-05-16 05:39:17 -05:00
William Vu
436e414b93
Land #7815 , CVE-2016-9299 exploit
2018-05-16 05:29:41 -05:00
William Vu
959cbde6eb
Clean up module
2018-05-16 05:29:25 -05:00
William Vu
908857b563
Land #10036 , reverse_bash_telnet_ssl fixes
2018-05-16 04:10:36 -05:00
William Vu
3810803276
Land #10035 , awk payload improvements
2018-05-16 04:10:21 -05:00
William Vu
6723de2659
Land #10031 , zsh payload improvements
2018-05-16 04:10:00 -05:00
William Vu
c2c46586cd
Land #10030 , reverse_ksh payload
2018-05-16 04:08:17 -05:00
William Vu
6abd0d068a
Nix explicit return
2018-05-16 04:06:58 -05:00
Brendan Coles
c5f980f633
GoodRanking
2018-05-16 02:38:19 +00:00
William Vu
3ea4548343
Fix PayloadType in reverse_bash_telnet_ssl
...
It should not be cmd_bash, since it doesn't rely on being in bash.
2018-05-15 20:50:30 -05:00
William Vu
49bfa3b707
Update CachedSize
2018-05-15 20:07:14 -05:00
William Vu
a19c5f723b
Improve bind_awk payload (credit @bcoles)
2018-05-15 20:01:57 -05:00
William Vu
5d229abf72
Improve reverse_awk payload (credit @bcoles)
2018-05-15 20:01:32 -05:00
William Vu
cc35975164
Update CachedSize
2018-05-15 19:56:55 -05:00
William Vu
1100899ccb
Change link to HTTPS
2018-05-15 19:56:42 -05:00
William Vu
3ccfc27096
Redirect stderr as well
2018-05-15 19:51:10 -05:00
William Vu
3f39475579
Update CachedSize
2018-05-15 19:42:39 -05:00
William Vu
b58dc3bf5e
Refactor zsh payloads
...
This also fixes an oversight where the payloads would fail outside zsh.
2018-05-15 19:26:19 -05:00
Brendan Coles
7ebe0d6dc5
Use sudo -l rather than sudo -l -l
2018-05-15 18:53:52 +00:00
WangYihang
49904e0377
Add an reverse shell payload by zsh through redirection operations
2018-05-15 22:43:37 +08:00
WangYihang
53844cb24a
Add an reverse shell payload by ksh(the korn shell)
2018-05-15 22:36:47 +08:00
Auxilus
900480dd1a
check for root
2018-05-15 17:32:10 +05:30
Auxilus
e1786d1ae0
Update sub_info.rb
2018-05-15 16:55:52 +05:30
Green-m
492be19aa0
Use && instead of and
2018-05-15 05:18:38 -04:00
Green-m
a61d202586
Delete blank, fix typo and use single quote instead.
2018-05-15 04:27:36 -04:00
Green-m
03a7bb72af
Add exploit module for apache hadoop unauthorized command execution
2018-05-15 03:47:20 -04:00
zerosum0x0
4a64401a58
fix ms17-010 similar to 4a56ecf3ae
2018-05-14 15:45:20 -06:00
Brendan Coles
17bd9aafb3
Add post/multi/recon/sudo_commands
2018-05-14 18:31:24 +00:00
Aaron Soto
f5a43f2ed0
Land #9991 , Remove need for temp file with xdebug_unauth_exec
2018-05-14 08:55:38 -05:00
lucyoa
8dd7a27f7b
Fixes according to code review
2018-05-14 05:46:23 -04:00
lucyoa
f65361258b
Adding vulnerable firmwares to description
2018-05-13 15:08:32 -04:00
lucyoa
382364a3ff
Adding documentation, improving description
2018-05-13 15:04:40 -04:00
lucyoa
c3ad02121c
Exploit for D-Link DSL2750B OS Command Injection vulnerability
2018-05-13 13:58:35 -04:00
Tim W
ed5f2bffa9
Land #9919 , add libuser roothelper privilege escalation exploit
2018-05-12 17:11:21 +08:00
Tim W
a8660e4042
make the PASSWORD option required
2018-05-12 17:10:21 +08:00
Adam Cammack
b0e712e992
Add banner check exploit/linux/smtp/haraka
2018-05-11 12:45:32 -05:00
Adam Cammack
90f2fe545c
Add PEP8 whitespace to exploit/linux/smtp/haraka
2018-05-11 12:43:30 -05:00
Green-m
0ef0fae2b2
rm test code
2018-05-10 22:17:38 -04:00
Jacob Robles
cc0fdee788
EmptyGroup advanced option, just in case...
2018-05-10 09:57:50 -05:00
Tim W
67c7a718db
Land #9868 , fix post/osx/capture/keylog_recorder
2018-05-10 16:47:57 +08:00
Jacob Robles
9811de430c
Land #9878 , Add MSF module for EDB 6768, Mantis <= v1.1.3 Post-auth RCE
2018-05-09 11:55:22 -05:00
Jacob Robles
a1fed72423
store credential, use vprints
2018-05-09 11:50:07 -05:00
Jacob Robles
79a0610436
remove empty group
2018-05-09 11:11:03 -05:00
Hypnoze57
08b81a418f
Customization of Golden Ticket Duration
...
- Post exploitation module updated
- Kiwi extention updated
Using mimikatz /startoffset and /endin params
Duration in hours, default already 10 years
2018-05-09 17:44:55 +02:00
miluxsec
5ed1bde65f
Removed unused FileDropper include
2018-05-08 18:10:29 +02:00
miluxsec
5038098efb
Remove need for writable directory when using xdebug exploit
...
By base64 encoding the exploit code and decoding it on the target the
need for writing a temporary file is removed.
See #9918
2018-05-07 22:11:21 +02:00
William Vu
0240c3f010
Land #9980 , PAN-OS readSessionVarsFromFile exploit
2018-05-07 14:55:00 -05:00
Brent Cook
02849bcfd0
Land #9986 , initial ruby_smb simple client integration
2018-05-07 14:02:22 -05:00
Jacob Robles
a18459a14c
Fix indentation, documentation update
2018-05-07 09:22:21 -05:00
Touhid M Shaikh
235cac621f
playsms_CVE-2017-9101
...
playsms_CVE-2017-9101
2018-05-07 18:55:22 +05:30
Touhid M Shaikh
74793efdef
Delete playsms_uploadcsv_exec.rb
2018-05-07 18:54:35 +05:30
Touhid M Shaikh
fefaa45a50
playsms_CVE-2017-9101
...
playsms_CVE-2017-9101
2018-05-07 18:53:07 +05:30
Jacob Robles
222b1fb27c
Land #9944 , playsms_filename_exec.rb
2018-05-07 07:43:16 -05:00
Jacob Robles
601411fe7b
store credentials
2018-05-07 07:26:28 -05:00
Jacob Robles
4b8ceab522
Fix indentation, update documentation
2018-05-07 07:22:53 -05:00
Brendan Coles
5ae9b0185d
Add AF_PACKET chocobo_root Privilege Escalation exploit
2018-05-07 07:11:07 +00:00
Green-m
24de2a3cd0
Merge branch 'master' into couchdb_cmd_exec
2018-05-07 02:53:13 -04:00
Brent Cook
a4ecd43a8f
remove unused constants
2018-05-07 00:24:38 -05:00
Jacob Robles
534d05ff44
simpleclient versions option
2018-05-07 00:24:38 -05:00
Jacob Robles
ff202a5f5b
Simpleclient/SMB2 support
2018-05-07 00:24:38 -05:00
HD Moore
2a211d99af
Nuke base_directory after all, FileDropper does not like our path
2018-05-06 22:58:06 -05:00
HD Moore
a9f9d61f1e
Use the target_directory, not base
2018-05-06 22:56:59 -05:00
HD Moore
cd48507aab
Use FileDropper, switch to earlier target directory
2018-05-06 22:56:36 -05:00
HD Moore
1f7b13bea8
Additional module cleanup
2018-05-06 22:50:13 -05:00
HD Moore
3d172df0c4
MD5 of TID and cleanup if statement
2018-05-06 22:24:36 -05:00
HD Moore
68f2e08400
Swap to positive logic
2018-05-06 22:22:47 -05:00
HD Moore
9712215e66
Add Bugtraq ID
2018-05-06 22:21:13 -05:00
HD Moore
5d57e9db34
Remove unnecessary RHOST definition
2018-05-06 22:20:51 -05:00
Green-m
96a354ffc4
Merge branch 'couchdb_cmd_exec' of https://github.com/Green-m/metasploit-framework
2018-05-06 23:07:14 -04:00
Auxilus
a612c4cc65
Update wireless_ap.rb
2018-05-06 17:37:12 +05:30
Auxilus
6bd31d7921
Update wireless_ap.rb
2018-05-06 17:33:20 +05:30
Auxilus
f32fda6757
Update wireless_ap.rb
2018-05-06 16:52:18 +05:30
Tim W
3e949733e2
fix wpa_supplicant parsing
2018-05-06 19:11:35 +08:00
HD Moore
8141e949fc
Note the runtimes
2018-05-05 18:34:11 -05:00
HD Moore
e775a97ae2
Adds panos_readsessionvars exploit module
2018-05-05 15:41:17 -05:00
Tim W
5f01b6abc9
Land #9977 , fix crash during x64 linux reverse_tcp stager retry
2018-05-05 17:13:00 +08:00
Brendan Coles
3aa7441e10
Update tested versions
2018-05-05 09:11:31 +00:00
Tim W
4216d06ffb
fix #9963 , update x64 linux reverse_tcp stager cached size
2018-05-05 16:30:45 +08:00
Brendan Coles
24af15b6e7
Update kernel version and system arch detection
2018-05-05 07:16:53 +00:00
Auxilus
40b6b97dbf
Update enum_network.rb
2018-05-05 10:56:55 +05:30
Auxilus
ec55a631ef
Check if the data is nil before pasisng to store_loot
...
when I ran this module for linux/aarch64/meterpreter_reverse_tcp for payload running in termux, it was obvious that without root the commands will return error, It still created empty files in `.msf4/loot`
```
msf5 post(linux/gather/enum_network) > run
[*] Running module against localhost.localdomain
[*] Module running as /system/bin/sh: /usr/bin/whoami: not found
[+] Info:
[+]
[+] Linux localhost 3.10.84-perf+ #1 SMP PREEMPT Tue Oct 24 01:07:25 CST 2017 aarch64 Android
[*] Collecting data...
[+] /system/bin/sh: /sbin/route: not found
[-] Failed to open file: /etc/ssh/sshd_config: core_channel_open: Operation failed: 1
[-] unable to get data for Network config
[+] Network config stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_735775.txt
[-] unable to get data for Route table
[+] Route table stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_599334.txt
[-] unable to get data for Firewall config
[+] Firewall config stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_790893.txt
[-] unable to get data for DNS config
[+] DNS config stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_867340.txt
[-] unable to get data for SSHD config
[+] SSHD config stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_900906.txt [-] unable to get data for Host file
[+] Host file stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_179877.txt
[-] unable to get data for Active connections
[+] Active connections stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_656035.txt [-] unable to get data for Wireless information
[+] Wireless information stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_168144.txt
[-] unable to get data for Listening ports
[+] Listening ports stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_999548.txt [-] unable to get data for If-Up/If-Down
[+] If-Up/If-Down stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_860869.txt
[*] Post module execution completed
msf5 post(linux/gather/enum_network) >
```
2018-05-05 10:52:08 +05:30
Brendan Coles
cb29b4cf7a
Update Local Exploit Suggester - Fix #9974
2018-05-05 04:41:58 +00:00
Aaron Soto
2cd0d3d90a
Rudamentary SOCKS5 functionality, CONNECT, IPv4, non-DNS only
2018-05-04 14:44:03 -05:00
Touhid M Shaikh
71d6841471
updated
...
indentation and fix CVE
2018-05-04 21:33:07 +05:30
Touhid M Shaikh
aa69fc9e77
updated
...
print_status to vprint_status
2018-05-04 21:13:26 +05:30
Touhid M Shaikh
e824f0f8b0
updated
...
added CVE, URL and done randomizing content
2018-05-04 21:00:04 +05:30
William Vu
88f09dc302
Update a few stragglers in Drupalgeddon 2
...
1. I added a missed header and YARD to the Drupal mixin.
2. I decided to match discovered versions more liberally.
2018-05-03 18:35:25 -05:00
William Vu
728d7bc065
Fix #9876 , second round of Drupalgeddon 2 updates
...
Thanks to a reviewer for noticing my drupal_unpatched? method was
tri-state because of an unrefactored return. Oops! :)
2018-05-03 17:38:32 -05:00
bwatters-r7
ce5be387c4
Land #8795 , Added CVE-2016-0040 Windows Privilege Escalation
...
Merge branch 'land-8795' into upstream-master
2018-05-03 16:33:53 -05:00
bwatters-r7
96b892a546
Make Rubocop happy
2018-05-03 11:30:05 -05:00
Brendan Coles
3a688451b6
Add Reliable Datagram Sockets (RDS) Privilege Escalation
2018-05-03 12:51:21 +00:00
Tim W
50300426ca
fix feedback from code review
2018-05-03 18:28:14 +08:00
Borja Merino
916dfa56fe
Add author name to the wlan_probe_request post-exploitation module
2018-05-03 11:41:09 +02:00
Auxilus
02920728a4
Update sub_info.rb
2018-05-03 02:51:39 +05:30
Auxilus
7a47e2aa25
Update sub_info.rb
2018-05-02 22:02:09 +05:30
Auxilus
bd92d189f4
Update sub_info.rb
2018-05-02 21:48:01 +05:30
Auxilus
e87116a5c1
Minor fixes
2018-05-02 20:51:30 +05:30
Auxilus
1c89bd80d9
Update sub_info.rb
2018-05-02 20:44:21 +05:30
Auxilus
c6df12dccb
Add android post module to extract subscriber info
2018-05-02 20:41:54 +05:30
Auxilus
98d81476f7
Fix get_password for pwds with `"`, `=` etc
2018-05-02 19:09:36 +05:30
Auxilus
fa727f5394
Update wireless_ap.rb
2018-05-02 18:22:00 +05:30
Jacob Robles
d6cf32fad8
Land #9821 , osCommerce 2.3.4.1 - Remote Code Execution
2018-05-02 07:29:15 -05:00
Jacob Robles
fc2c42f725
Land #9960 , fix continuation warnings in payloads
2018-05-02 06:28:17 -05:00
Auxilus
773e06b3ca
Update wireless_ap.rb
2018-05-02 01:28:15 +05:30
Auxilus
2817ff25cb
Update wireless_ap.rb
2018-05-02 00:00:34 +05:30
Auxilus
614de11a9c
Update wireless_ap.rb
2018-05-02 00:00:05 +05:30
Auxilus
9b00a5cffb
store loot
2018-05-01 23:10:29 +05:30
Auxilus
29467c2e37
Stylize the output
2018-05-01 22:58:17 +05:30
BennyHusted
c62fc79537
Fixed typo in description.
2018-05-01 11:37:33 -04:00
BennyHusted
89d6ded805
Removing the Nagios enum module, adding description
2018-05-01 11:35:45 -04:00
Jacob Robles
4a56ecf3ae
psexec native upload argument
2018-05-01 09:33:17 -05:00
Brent Cook
34f8a9a5ee
fix continuation warnings in payloads
2018-05-01 04:57:42 -05:00
BennyHusted
4c8ad3ca9c
Removing old exploit/docs
2018-04-30 22:26:37 -04:00
BennyHusted
ad8bf6d8e3
Renamed exploit to electric boogaloo
2018-04-30 22:20:35 -04:00
Jeffrey Martin
28173222a8
Land #9881 , cleanup psexec code
2018-04-30 18:39:36 -05:00
Brent Cook
e29a53b7cb
Land #9951 , Update linux/gather/enum_protections module
2018-04-30 16:52:30 -05:00
Brent Cook
f3fa9af098
fixup osx sizes
2018-04-30 15:21:23 -05:00
Brent Cook
7e31c2cf76
Land #9942 , IPv6 channel fixes for Python and Linux/macOS Meterpreters
2018-04-30 15:14:12 -05:00
Auxilus
bc0cad43bc
Update wireless_ap.rb
2018-04-30 19:19:12 +05:30
Auxilus
ca7afae730
Add wireless_ap post module for Android
...
This module displays all the saved wireless AP creds in the target device
2018-04-30 19:02:30 +05:30
Lars Sorenson
2ca05ee7c1
Remove explicit EDB url in favor of MSF autogenerated one
...
Use more appropriate Failwith errors for connection issues
Remove an unnecessary `to_s` call
Use the cookie kwarg for send_request_cgi over explicitly setting a header
2018-04-29 22:24:49 -04:00
Brendan Coles
3351a59efb
Update linux/gather/enum_protections
2018-04-29 06:52:47 +00:00
Chris Long
9ae0acd489
Removing debug statement
2018-04-28 15:56:56 -07:00
Chris Long
c7caac627b
Replacing Import with Fiddle, adding fork compatibility for High Sierra
2018-04-28 15:53:23 -07:00
Brendan Coles
f7504dd9d5
Add AF_PACKET packet_set_ring Privilege Escalation exploit
2018-04-28 01:40:17 +00:00
Aaron Soto
c4bca03fea
Land #9908 , msfd_rce_remote and msfd_rce_browser
2018-04-27 18:54:17 -05:00
Aaron Soto
82fc4aba64
Land #9918 , XDebug Unauthenticated OS command execution
2018-04-27 17:08:58 -05:00
Touhid M Shaikh
ce099aea76
playsms_filename_exec.rb
...
PlaySMS sendfromfile.php Authenticated "Filename" Field Code Execution
2018-04-28 01:15:52 +05:30
Brent Cook
8fd7448e48
bump payloads, ipv6 channel fixes
2018-04-27 14:18:54 -05:00
caleBot
b932988866
more fixes
2018-04-27 11:43:32 -06:00
caleBot
2dda26606e
updated based on feedback from r7
2018-04-27 11:23:17 -06:00
Auxilus
d29bc920c1
print o/p to new line
2018-04-27 20:58:25 +05:30
Auxilus
912970ad3b
change vprint to print for printing o/p in psexec_command
2018-04-27 20:47:21 +05:30
Auxilus
0374de5e0d
change vprint to print for printing o/p
2018-04-27 10:49:04 +05:30
Auxilus
25cf8d175a
report command execution o/p
2018-04-27 08:43:30 +05:30
Brent Cook
79d8f5e86c
autofilter = false means skip, which is reverse of intuition
2018-04-26 17:20:55 -05:00
BennyHusted
1806c247f1
Fixing tabbed spaces, version number in documentation
2018-04-26 18:15:39 -04:00
caleBot
a2ae4bcfb0
initial commit for nagios post module
2018-04-26 16:06:29 -06:00
root
b547e6282e
Adding print statement to run the corresponding post module
2018-04-26 17:55:31 -04:00
root
37a32c2726
Adding module for Nagios XI remote root exploit.
...
See http://blog.redactedsec.net/exploits/2018/04/26/nagios.html for
more information.
2018-04-26 17:42:10 -04:00
Jeffrey Martin
54aaf1f718
Land #9937 , enable autofilter on tp-link camera exploit
2018-04-26 16:08:09 -05:00
Brent Cook
4789cdc596
enable autofilter on tp-link camera exploit
2018-04-26 14:56:39 -05:00
Brent Cook
0fa0358993
Land #9853 , Update Linux sock_sendpage local exploit module
2018-04-26 14:30:51 -05:00
William Vu
873cbcee27
Fix #9876 , minor updates to Drupalgeddon 2
...
1. Tested versions are already listed in the module doc, and we've
tested more than just 7.57 and 8.4.5 now. Removing a source of potential
inconsistency in the future.
2. No problem with ivars anymore. No idea what happened, but maybe I was
just too tired to code. Removing cleanup method.
2018-04-25 18:09:54 -05:00
Brent Cook
f52e6a18a2
Land #9876 , Drupalgeddon 2
2018-04-25 15:49:53 -05:00
William Vu
b8eb7f2a86
Set target type instead of regexing names
...
We're no longer matching multiple targets like /In-Memory/ or /Dropper/,
so it makes sense to match on a specific value now.
Old matching in this commit: 1900aa2708
.
2018-04-25 11:53:26 -05:00
Brent Cook
2cd0228db2
Land #9900 , add base64 encoder for ruby
2018-04-25 04:06:50 -05:00
Brent Cook
4cba6d1df4
suggest a reason if we get no server response
2018-04-25 03:57:12 -05:00
William Vu
910e9337fb
Use print_good for patch level check, oops
2018-04-24 23:21:22 -05:00
William Vu
b7ac16038b
Correct comment about PHP CLI (it's not our last!)
2018-04-24 23:18:51 -05:00
William Vu
ec43801564
Add check for patch level in CHANGELOG.txt
...
Looks like 8.x has core/CHANGELOG.txt instead.
2018-04-24 23:12:33 -05:00
William Vu
2ff0e597a0
Add SA-CORE-2018-002 as an AKA ref
...
Makes sense to me. Even though it's technically the advisory.
2018-04-24 22:51:33 -05:00
Auxilus
382a7f8aa3
Merge https://github.com/rapid7/metasploit-framework into psexec_cleanup
2018-04-25 09:09:48 +05:30
William Vu
8bc1417c8c
Use PHP_FUNC as a fallback in case assert() fails
...
Additionally drop a file in a writable directory in case CWD fails.
2018-04-24 22:29:27 -05:00
Auxilus
cbfdaf23a0
updated for requested changes
2018-04-25 08:56:54 +05:30
William Vu
8ff4407ca6
Clarify version detection error message
...
This was supposed to imply that we couldn't configure the exploit for a
targetable version. Instead, it just read weirdly. I think it was
missing "to target" at the end. "Determine" is a much better word,
though, since we may be doing detection instead of mere configuration.
2018-04-24 20:51:51 -05:00
Auxilus
e7ac2cd155
move report_auth to psexec module
2018-04-24 23:00:55 +05:30
Robin Stenvi
c81ad8fec0
Changes after review
2018-04-24 18:33:27 +02:00
William Vu
cfaca5baa3
Restore a return lost in the refactor :(
...
Also spiff up comments.
2018-04-24 11:25:55 -05:00
Auxilus
3353102dc1
fix opt dependencies
2018-04-24 21:55:09 +05:30
William Vu
a0f16b4a66
Prefer print_warning for consistency
2018-04-24 11:17:19 -05:00
William Vu
7ef8b99480
Improve printing in ETERNALBLUE's verify_arch
...
Now shows the invalid arch instead of showing nothing.
2018-04-24 11:09:54 -05:00
William Vu
b507391f1b
Change back to vprint_status for the nth time
...
I really couldn't decide, especially once I got rid of CmdStager.
Also fully document the module options.
2018-04-24 04:23:52 -05:00
William Vu
c8b6482ab0
Rewrite PHP targets to work with 7.x and 8.x
...
Win some, lose some. php -r spawns a new (obvious) command. :/
Check method and version detection also rewritten. :)
2018-04-24 03:38:05 -05:00
Brendan Coles
ef5272cdc6
Update tested versions
2018-04-23 20:28:24 +00:00
Brendan Coles
00583caadf
Add Libuser roothelper Privilege Escalation exploit
2018-04-23 17:49:11 +00:00
Wei Chen
f9a804e7d8
Bring the PR up to date
2018-04-23 08:52:05 -05:00
h00die
e53de896e7
add arch check
2018-04-22 08:32:52 -04:00
h00die
e197cb5759
add arch check
2018-04-22 08:30:32 -04:00
Robin Stenvi
60c6f970c1
Added base64 encoder for Ruby
2018-04-21 10:54:26 +02:00
William Vu
8be58d315c
Stop being lazy about badchar analysis
...
Badchars apply to all targets.
2018-04-20 19:30:38 -05:00
William Vu
5be4526085
Merge remote-tracking branch 'upstream/master' into feature/drupal
2018-04-20 18:42:15 -05:00
bwatters-r7
1c92134606
Land #9756 , Add lastore-daemon D-Bus Privilege Escalation exploit
...
Merge branch 'land-9756' into upstream-master
2018-04-20 15:45:37 -05:00
bwatters-r7
f12f6d54a5
Land #9862 , Post-exploitation module for meterpreter (Windows) to send wireless probe requests
...
Merge branch 'land-9862' into upstream-master
2018-04-20 14:32:01 -05:00
bwatters-r7
37a844bef0
Land # 9247, Add ASUS infosvr Auth Bypass Command Execution exploit
...
Merge branch 'land-9247' into upstream-master
2018-04-20 11:24:47 -05:00
Sergey Gorbaty
fb3857222a
Java JMX Package Name Randomization
2018-04-19 10:10:56 -07:00
William Vu
fcfe927b7a
Add PHP dropper functionality and targets
2018-04-19 05:11:21 -05:00
William Vu
62aca93d8b
Cache version detection and print only once
...
Oops. This is the problem with overloading methods.
2018-04-19 04:59:07 -05:00
William Vu
2670d06f99
Add in-memory PHP execution using assert()
2018-04-19 02:18:56 -05:00
William Vu
7a2cc991ff
Refactor once more with feeling
...
Nested conditionals are the devil. Printing should be consistent now.
2018-04-18 23:59:14 -05:00
William Vu
3d116d721d
Add version detection and automatic targeting
...
I also refactored error handling. Should be cleaner now.
2018-04-18 21:40:22 -05:00
William Vu
86ffbc753e
Refactor clean URL handling and remove dead code
2018-04-18 19:56:42 -05:00
Tim W
1547a47026
Land #9784 , add osx high sierra APFS password disclosure post module
2018-04-18 14:27:22 +08:00
Tim W
72cd97d3e4
minor documentation and comment tweaks
2018-04-18 14:22:32 +08:00
h00die
2914ebf631
lpe ufo
2018-04-17 20:39:59 -04:00
William Vu
1900aa2708
Refactor module and address review comments
2018-04-17 19:05:45 -05:00
Auxilus
f0b9ea635a
cleanup psexec code
2018-04-16 09:04:36 +05:30
Lars Sorenson
143fdde1f8
Flipped Safe and Appears in check
2018-04-15 12:10:10 -04:00
Brendan Coles
a60f205ee0
Fix check return CheckCode and typos
2018-04-15 18:08:49 +10:00
Lars Sorenson
60ac89c336
Restructure some logic to make the flow more intuitive
2018-04-14 15:03:12 -04:00
Lars Sorenson
36c1bf5453
Remove a missed tab
2018-04-14 10:30:49 -04:00
Lars Sorenson
083f6936fd
Update for @bcoles review
...
Refactor version checking to use Gem::Version
Change the title of the exploit to fit convention
Change print statements used in check to vprint
Change fail_with Failure for connection issues to be Unknown instead
of NoAccess
Add CVE reference
Refactor how some nil checking is done for response for
send_request_cgi
Text-wrap description to 80 chars
Remove unnecessary string interpolation for cookie in payload
delivery
Change how the payload cradle is escaped and encoded; switch to HTTP
POST for stealth
Remove nil check that is redundant and also typo'd to
2018-04-14 10:24:05 -04:00
Lars Sorenson
486ab7c776
Update for msftidy and contribution guidelines
2018-04-14 09:20:13 -04:00
Lars Sorenson
27ded57cda
Add MSF module for EDB 6768
2018-04-14 08:51:51 -04:00
William Vu
d8508b8d7d
Add Drupal Drupalgeddon 2
2018-04-14 00:22:30 -05:00
Brendan Coles
9a3064ad7e
Cleanup and refactor upload_and_compile
2018-04-12 16:43:43 +00:00
Chris Long
b282db3c6a
Fixing broken imports for keylog_recorder.rb and improving control chars
2018-04-12 02:08:53 -07:00
Green-m
0286204b5d
Couchdb debug code
2018-04-12 03:54:02 -04:00
Green-m
054e525a61
Couchdb debug code
2018-04-12 03:51:37 -04:00
Green-m
22eb36a131
Merge branch 'master' into couchdb_cmd_exec
2018-04-12 02:23:07 -04:00
h00die
c72ca7544b
dont let this run on meterpreter
2018-04-11 21:05:15 -04:00
Adam Cammack
2a6acfd1d0
Land #9823 , Private IP leak via WebRTC
2018-04-11 17:37:56 -05:00
Borja Merino
2d33320921
Added a post-exploitation module to send wireless probe requests
2018-04-11 16:43:33 +02:00
Brendan Coles
154951cd37
minor update
2018-04-11 01:45:41 +10:00
Dhiraj Mishra
8be159bdc7
Fixing space-tab mixed
2018-04-10 20:45:38 +05:30
Dhiraj Mishra
7cbba34c83
Parsing IP address only
...
Changed title name and description, however few things still needs to fix.
2018-04-10 20:32:52 +05:30
Brendan Coles
fc7040099c
Update Linux sock_sendpage local exploit module
2018-04-10 11:15:42 +00:00
Green-m
3c5cbd2664
Use cmdstager method, update function to clean file, delete lots of useless code and etc.
2018-04-10 06:14:47 -04:00
Tim W
ee6f83c281
match newfs_apfs regex
2018-04-10 14:45:14 +08:00