a9857eb1c2
Land #8099 , Aux module to launch instances in AWS
2017-04-14 14:12:10 -05:00
42122d2835
Land #8238 , move SMB2 support back into smb_login, add simpler permissions checks
2017-04-14 14:06:46 -05:00
8ab0b448fd
CVE-2017-0199 exploit module
2017-04-14 13:22:59 -05:00
eb61241673
Land #8228 , New mainframe privesc payload for z/OS
2017-04-14 13:19:41 -05:00
d75f852d01
Land #8167 , Add MS17-010 auxiliary detection module
2017-04-14 13:00:16 -05:00
91fb3ce6b8
collapse SMB2 support into smb_login
...
converge the SMB and SMB loginscanners so that
there is only one SMB loginscanner that supports both
MS-2636
2017-04-13 15:22:03 -05:00
adeb4d10d7
smb2 login scanner admin check now working
...
we can now check for admin privs in the smb2
login scanner
MS-2636
2017-04-13 14:40:32 -05:00
48560d29f3
remove keyscan_extract and modify calling modules
2017-04-13 10:42:28 -05:00
c21d78b23b
Land #8186 , Convert DNS Fuzzer to use bindata
2017-04-11 23:27:08 -05:00
fa8011fd07
New mainframe privesc payload for z/OS
...
This module performs a privilege escaltion on mainframe systems
runing z/OS and using RACF for their security manager. A user
with any non-privileged credentials and the ability to write to
an apf authorized library can use this payload to add "root level"
privileges (e.g. SPECIAL / BPX.SUPERUSER) to their profile.
2017-04-11 15:04:44 -05:00
c867b7e228
Land #8204 , Add Cambian ePMP SNMP Configuration download
2017-04-11 10:59:13 -05:00
3c2dc68e9c
improved description, no point repeating the same thing\!
2017-04-11 09:55:11 -05:00
c359e15de6
updated the print statement
2017-04-11 09:31:17 -05:00
84ac9d905c
improved the description of the module
2017-04-11 09:24:43 -05:00
288e384164
Land #8189 , irssi password post gather module
2017-04-10 23:34:54 -05:00
96927b449c
Rework module to grab entire irssi configs
2017-04-11 00:02:40 -04:00
6a1531da34
Fix loot name attributes
2017-04-10 23:52:31 -04:00
d92f94e077
Fix grammar issue
2017-04-10 23:44:18 -04:00
d9e96a8b4f
Consolidate loot into single file
2017-04-10 23:42:50 -04:00
7f6bbb6ff2
Fix trailing space issue
2017-04-10 21:38:30 -04:00
9432a3543f
Extend irssi post mod to grab network passwords
2017-04-10 15:35:26 -04:00
b1d127e689
satisfied travis
2017-04-10 14:11:18 -05:00
47d74819a5
Update regex per reviewer request
2017-04-10 14:45:10 -04:00
d816092c56
Fix missing new line
2017-04-10 14:41:25 -04:00
0f07875a2d
added CVE-2016-7552/CVE-2016-7547 exploit
2017-04-10 13:32:58 -05:00
06ca406d18
Fix weird whitespace
2017-04-09 22:23:58 -05:00
f7c8bd2464
add rescue for ::Rex::Proto::SMB::Exceptions::LoginError
2017-04-07 15:37:56 -06:00
3c189f0cb0
Adding Cambium SNMP Loot module
2017-04-07 01:32:45 +05:30
74dc7e478f
update piwik module
2017-04-05 20:19:07 +02:00
dd5a91f153
Land #8008 , Added archmigrate module for windows sessions
2017-04-05 08:55:27 -05:00
08b2a97293
Changed styling to be more in line with rubocop.
2017-04-05 10:05:56 +02:00
b8af7c1db0
Add irssi password post gather module
2017-04-05 00:56:24 -04:00
64c06a512e
Land #8020 , ntfs-3g local privilege escalation
2017-04-04 09:48:15 -05:00
891e7e465e
convert DNS fuzzer to bindata
2017-04-04 03:03:32 -05:00
46c7e822c8
convert IPMI protocol and modules to bindata
2017-04-04 02:44:17 -05:00
98ffa4d380
Land #7652 , add varnish cache CLI authentication scanner module
2017-04-02 21:52:45 -05:00
4c0539d129
Land #8178 , Add support for non-Ruby modules
2017-04-02 21:02:37 -05:00
a34c01ebd2
Land #8137 shodan honeyscore module
2017-04-02 21:37:36 -04:00
0092818893
Land #8169 add exploit rank where missing
2017-04-02 20:59:25 -04:00
151ed16c02
Re-ranking files
...
../exec_shellcode.rb
Rank Great -> Excellent
../cfme_manageiq_evm_upload_exec.rb
Rank Great -> Excellent
../hp_smhstart.rb
Rank Average -> Normal
2017-04-02 18:33:46 -04:00
26fc6bc920
added report_vuln()
2017-04-01 21:48:19 -06:00
e80b8cb373
move sploit.c out to data folder
2017-03-31 20:51:33 -04:00
035f37cf42
Land #8144 , Add Moxa Device Discovery Scanner Module
2017-03-31 19:11:27 -05:00
f870f94fa9
Land #8163 , Add Cambium ePMP Arbitrary Command Execution
2017-03-31 19:06:19 -05:00
6910cb04dd
Add first exploit written in Python
2017-03-31 17:07:55 -05:00
823c1a6286
added more verifieds
2017-03-31 16:52:20 -04:00
23ac9214ea
land #8010 post gather module for tomcat creds
2017-03-31 16:15:55 -04:00
34a152dc76
handle no sysinfo from ssh_login
2017-03-31 16:15:16 -04:00
ab4d86fd21
Land #8168 , change description of alpha encoders
2017-03-31 11:37:12 -05:00
1ce7bf3938
Land #8126 , Add SolarWind LEM Default SSH Pass/RCE
2017-03-31 11:21:32 -05:00
c445a1a85a
Wrap ssh.loop with begin/rescue
2017-03-31 11:16:10 -05:00
628827cda9
Added some documentation and gracefull error handeling.
2017-03-31 12:45:30 +02:00
df2a9a4af3
Added documentation file and implemented fixes for output and linux parsing.
2017-03-31 11:19:12 +02:00
5e31a32771
Add missing ranks
...
../exec_shellcode.rb
Rank = Great
This exploit is missing autodetection and version checks,
but should be ranked Great due to high number of possible targets
../cfme_manageiq_evm_upload_exec.rb
Rank = Great
This exploit implements a check to assess target availability,
and the vulnerability does not require any user action
../dlink_dcs_930l_authenticated_remote_command_execution
Rank = Excellent
Exploit utilizes command injection
../efw_chpasswd_exec
Rank = Excellent
Exploit utilizes command injection
../foreman_openstack_satellite_code_exec
Rank = Excellent
Exploit utilizes code injection
../nginx_chunked_size
Rank = Great
Exploit has explicit targets with nginx version auto-detection
../tp_link_sc2020n_authenticated_telnet_injection
Rank = Excellent
See dlink_dcs_930l_authenticated_remote_command_execution,
exploit uses OS Command Injection
../hp_smhstart
Rank = Average
Must be specific user to exploit, no autodetection,
specific versions only
2017-03-31 02:39:44 -04:00
0a398a59c5
change description
2017-03-30 20:06:23 +02:00
6bcb9b523b
Land #8165 , Fix x86 mettle shellcode
2017-03-30 11:45:11 -05:00
4bd50b0ad2
Merge branch 'ms17-010' of github.com:RiskSense-Ops/metasploit-framework into ms17-010
2017-03-30 10:10:08 -06:00
a125566fc7
removed unnecessary arguments
2017-03-30 10:09:31 -06:00
a13d6a7810
Land #8166 , Add new SMB LoginScanner using RubySMB for SMB1/SMB2 Support
2017-03-30 11:08:17 -05:00
ac83ff7e48
Land #8155 , Style fixes for HWBridge RF and a couple small bug fixes
2017-03-29 20:37:13 -05:00
ef7de6d49e
added MSB to description, moved a print statement
2017-03-29 17:43:49 -06:00
4bdbdc0e00
Fix response parsing
2017-03-29 18:21:12 -05:00
68f5c0e663
removed a print statement
2017-03-29 16:24:59 -06:00
7e6b8b02b8
replaced magic constant with setup_count
2017-03-29 15:37:28 -06:00
9923c39799
removed superfluous status
2017-03-29 15:32:29 -06:00
f0a1e12a7e
small typos
2017-03-29 15:30:35 -06:00
691811af5a
Land #7994 , Add Windows Gather DynaZIP Saved Password Extraction post module
2017-03-29 16:04:09 -05:00
ffa376c514
added MS17-010 auxiliary detection module
2017-03-29 14:33:02 -06:00
a571bcdba4
update module description
2017-03-29 13:58:36 -05:00
418e371e35
add SMB2 login scanner and module
...
add smb2_login module backed by an smb2
LoginScanner class. This is a temporary alternative
to smb_login until ruby_smb catches up more on feature parity
MS-2557
2017-03-29 11:36:33 -05:00
2758010355
Fix x86 mettle shellcode
2017-03-28 17:59:13 -05:00
30896d1fab
Add Cambium ePMP Arbitrary Command Execution Module
2017-03-28 00:17:36 +05:30
66a585ab41
Land #8050 , Add Cambium ePMP System Hash Dumper
2017-03-27 12:08:53 -05:00
935c59306b
Land #7897 , Add Cambium ePMP 1000 Device Configuration file dumper
2017-03-27 12:05:11 -05:00
d705949b37
Land #7784 , Cambium ePMP 1000 Login Scanner
2017-03-27 12:01:56 -05:00
31c03840bb
Style fixes for HWBridge RF and a couple small bug fixes
...
I should have tweaked these earlier, my bad.
2017-03-26 13:45:19 -05:00
dd7cf39678
updated references
2017-03-25 12:31:08 +05:30
63d88c159a
updated references
2017-03-25 12:27:38 +05:30
fd5e25bcc2
restored version check
2017-03-25 12:08:00 +05:30
68e4b8a855
Updated user data param to load aggregator
2017-03-24 22:58:04 -07:00
82ebbfb9a7
Fix msftidy warnings
2017-03-24 23:12:48 -04:00
3e2173d4f9
Add key length check and remove mixin
...
Also add a reference to the original honeyscore website
2017-03-24 22:33:09 -04:00
581d523d5b
Fix things from review
2017-03-24 21:22:23 -04:00
9db2e9fbcd
Land #8146 , Add Default Secret & Deserialization Exploit for Github Enterprise
2017-03-24 14:38:47 -05:00
92c0748447
Land #8102 , Add a plugin to notify new sessions via SMS
2017-03-24 11:17:59 -05:00
e04f01ed6b
Land #7778 , RCE on Netgear WNR2000v5
2017-03-23 15:34:16 -05:00
3b062eb8d4
Update version info
2017-03-23 13:46:09 -05:00
fdb52a6823
Avoid checking res.code to determine RCE success
...
Because it's not accurate
2017-03-23 13:39:45 -05:00
39682d6385
Fix grammar
2017-03-23 13:23:30 -05:00
ee21377d23
Credit Brent & Adam
2017-03-23 11:22:49 -05:00
196a0b6ac4
Add Default Secret & Deserialization Exploit for Github Enterprise
2017-03-23 10:40:31 -05:00
d37966f1bb
Remove old file
2017-03-23 12:53:08 +03:00
8a43a05c25
Change name of the module
2017-03-23 12:49:31 +03:00
8dd0f953b0
remove unnecessary require
2017-03-22 19:48:24 -04:00
420df11c44
Change up the way shodan is reached
2017-03-22 19:39:45 -04:00
a93aef8b7a
Land #8086 , Add Module Logsign Remote Code Execution
2017-03-22 11:33:49 -05:00
2200c9faee
Create moxa_discover.rb
2017-03-22 10:49:26 -04:00
fa61d67761
Fix score comparison
2017-03-21 19:17:20 -04:00
3af0f814c3
Land #8138 , fix mettle UAF and add initial http/https transport support
2017-03-21 16:51:09 -05:00
1a8e8402ae
Land #8113 , SysGauge SMTP server validation sploit
2017-03-21 16:45:42 -05:00
Brent Cook
nixawk
dmohanty-r7
David Maloney
William Webb
bigendiansmalls
mr_me
William Vu
Jonathan Claudius
zerosum0x0
juushya
Christian Mehlmauer
bwatters-r7
Koen Riepe
Brent Cook
h00die
Bryan Chu
zerosum0x0
Adam Cammack
Pearce Barry
Carter
Javier Godinez
wchen-r7
Mehmet Ince
Patrick DeSantis