b2422ab661
Remove use of service_details
2019-04-09 13:45:17 +02:00
3d51fdb003
Improve send_sql_request
2019-04-09 13:42:43 +02:00
3517a4e237
Adapt ranking and mention potential stability issue.
2019-04-09 11:31:15 +02:00
b56e171172
Fix extraction of session tokens
2019-04-09 09:28:52 +01:00
56c38b8205
Merge branch 'master' of github.com:ct5595/metasploit-framework into cisco_running_config
2019-04-08 16:34:17 -04:00
2412aa7472
fixed EOL errors from msftidy
2019-04-08 16:29:36 -04:00
403cf825a8
modify cisco_upload_file to include actions
...
default action is Upload_File, which was the original function
the new action Override_Config will override the running config
2019-04-08 16:12:21 -04:00
f34314547b
update description to reflect upcoming changes and add ct5595 to list of authors
2019-04-08 13:55:13 -04:00
e32bb9e915
Land #11682 , don't check 'localhost' unconditionally, fix headers
2019-04-08 10:39:18 -05:00
9a7d5d96f5
remove previous changes
2019-04-08 09:39:35 -04:00
d848361dc6
Added ct5595 to the list of authors
2019-04-08 09:19:17 -04:00
8762bd0842
Merge branch 'master' of github.com:ct5595/metasploit-framework into cisco_running_config
2019-04-08 09:13:55 -04:00
ab1926b7ee
Create wp_google_maps_sql_injection.rb
2019-04-08 10:50:41 +02:00
7e62a69e16
Land #11660 , Update use_single_quotes to wrap_double_quotes
2019-04-06 15:44:39 -05:00
fff129ae9f
Land #11587 , add Wordpress core RCE module
2019-04-04 15:22:56 -05:00
6efd80e139
added note in info
2019-04-04 15:19:58 -05:00
2884d9afcb
modified checks, added function
2019-04-04 15:09:12 -05:00
8786150bdf
Added functionality for OVERRIDE_CONFIG option
2019-04-04 10:43:08 -04:00
b5449b7035
Added OVERRIDE_CONFIG option to cisco_upload_file.rb
2019-04-04 09:47:42 -04:00
e164c2350c
Properly encode command input with XML entities
...
REXML would make this less ghetto.
2019-04-03 19:10:27 -05:00
d5ac1e3a33
minor adjustments to indentation and requests
2019-04-03 19:03:47 -05:00
8350effaa5
Fixed wrong check (did never work)
...
* HOST was always localhost
* Now sends both Range and the legacy 'Request-Range'
TODO: Method HEAD is not always sufficient, should be editable
2019-04-03 16:23:58 +02:00
7d1f6afd4a
Remove trailing space from CVE reference
2019-04-03 09:21:55 -05:00
9e3984ea51
Remove duplicate CVE for Mailcleaner module
...
See #11304
2019-04-02 12:51:09 -05:00
18286ca2f7
Use start_with? instead of [0]
2019-04-02 13:43:30 -04:00
f353df952c
Use fail_with() instead of return
2019-04-02 13:42:07 -04:00
3081b13a1f
Adding payload in exploit code
2019-04-02 10:24:48 +02:00
1b6cd64016
Land #11136 , exploit/multi/misc/weblogic_deserialize_unicastref
2019-04-01 18:15:26 -05:00
40191e5a01
Dissected JSOs, randomized strings, copied T3 header breakdown from @acamro
2019-04-01 18:05:45 -05:00
3d662bd962
Fix words because words...
2019-04-01 17:21:23 -05:00
69062bb220
Syntax fixes
2019-04-01 17:05:42 -05:00
06397bb087
Land #11636 , postgres_createlang version check fix
2019-04-01 15:21:57 -05:00
f292befed4
Land #11134 , exploit/multi/misc/weblogic_serialize_marshalledobject
2019-04-01 14:11:30 -05:00
4d0e47044b
Fixed a hardcoded payload length resulting in 40% failures
2019-04-01 14:05:39 -05:00
ddbd7ba080
Case insensitive match
2019-04-01 18:58:14 +00:00
5867158238
Land #11595 , can_flood post module
2019-04-01 12:38:46 -05:00
f5f4c4bec2
Clean up module
2019-04-01 12:24:35 -05:00
c07b015734
File cleanup
2019-04-01 11:39:40 -05:00
51d1216953
Update module name
2019-04-01 07:48:26 -05:00
0873ba7ac1
Add Zimbra XXE to RCE module
2019-04-01 07:32:57 -05:00
0069eed4e2
Add datastore option for printing results
2019-03-31 17:58:23 -04:00
22c3fe35f7
Changed hook payload to redirect errors, to not show up on target screen
2019-03-31 12:09:40 -05:00
e733d225b6
microsoft_windows_contact_remote_code_execution
2019-03-31 11:12:09 -05:00
299334ae7f
fixed bug where alphanumeric was never hit
2019-03-30 22:51:18 -05:00
38bf99e729
Re-add of module after jacking up rebase, with new arches,conditional logic, documentation
2019-03-30 22:04:21 -05:00
2afd27a671
1)Fixed documentation format 2)Refactoring and more efficient loop
2019-03-30 17:12:15 +01:00
496f270b30
Update use_single_quotes to wrap_double_quotes
2019-03-29 18:14:56 -05:00
82b7c926fe
Land #11579 , Add support for splunk 7.2.4 to splunk_upload_app_exec
2019-03-29 16:22:26 -05:00
9c38d58e9f
Land #11625 , add es file explorer open port CVE-2019-6447 module
2019-03-29 15:46:09 -05:00
5c84e9e61a
Remove web root guessing since not reliable
2019-03-29 16:16:06 +00:00
269cb4bca6
Land #11635 , Authors check for msftidy
2019-03-29 10:45:31 -05:00
af494300ec
Add timwr as an author to his own modules
2019-03-29 10:44:58 -05:00
f8c5852902
Add Horde Form File Upload
2019-03-29 12:31:14 +00:00
9de8865930
Merge branch 'cve_2019_5418' of https://github.com/cbrnrd/metasploit-framework into cve_2019_5418
2019-03-28 22:50:53 -06:00
fd4c70d0d4
Clean up loot add and route checks
2019-03-28 22:49:07 -06:00
8e41da35b9
Update modules/auxiliary/gather/rails_doubletap_file_read.rb
...
Co-Authored-By: cbrnrd <cbawsome77@gmail.com>
2019-03-28 19:26:31 -06:00
d3fc786223
Update modules/auxiliary/gather/rails_doubletap_file_read.rb
...
Co-Authored-By: cbrnrd <cbawsome77@gmail.com>
2019-03-28 19:26:20 -06:00
2370b93bfc
Update modules/auxiliary/gather/rails_doubletap_file_read.rb
...
Co-Authored-By: cbrnrd <cbawsome77@gmail.com>
2019-03-28 19:26:13 -06:00
f6fc11a1e4
Switch AKA to 'Notes' section
2019-03-28 19:02:01 -06:00
0a24266029
Land #11482 , RV320 Unauthenticated RCE
2019-03-28 17:53:05 -05:00
25d16fa6df
Merge branch 'cve_2019_5418' of https://github.com/cbrnrd/metasploit-framework into cve_2019_5418
2019-03-28 13:56:51 -06:00
02671909e4
Fix review things
...
Add depth option, fix style things, add more references.
2019-03-28 13:56:19 -06:00
1e6850fa53
land #11623 oracle 12 support for hashdumper
2019-03-28 10:07:54 -04:00
2a311931d3
oracle hashdump cleanup
2019-03-28 10:06:56 -04:00
07075198c3
Delete old file
2019-03-27 21:32:59 -06:00
f2a19d5e32
Final revisions
2019-03-27 21:53:52 -05:00
58b286c930
Add some more logging and checks
2019-03-27 19:13:25 -06:00
927d20cb95
Land #11592 , Add CMS Made Simple (CMSMS) Showtime2 File Upload RCE
2019-03-27 15:21:07 -05:00
38bdccb91a
Use instance variables instead of datastore options
2019-03-27 15:17:32 -05:00
fdb1f4adea
Update cmsms_showtime2_rce.rb
...
Fix to CSRF Token stealing function for older versions of CMSMS
2019-03-27 20:09:14 +01:00
5fc0422897
Add Rails Doubletap module
2019-03-27 11:02:08 -06:00
3f9c9341f9
add 2016 authors
2019-03-26 19:39:17 -04:00
399532154d
Fix a git snafu when landing #11131
...
While landing PR #11131 , I tripped over my own shoelaces and overwrote `weblogic_deserialize_rawobject.rb` with `weblogic_deserialize_unicastref.rb`, destroying my changes and introducing a great deal of confusion.
This PR gets us back to where we should have been, with #11131 landed and a few changes to add randomization and expanding on the T3 protocol.
2019-03-26 17:54:37 -05:00
385cfd679a
Land #11131 , Weblogic_serialize_rawobject CVE-2015-4852
2019-03-26 17:07:04 -05:00
26b67bbf91
Fix two-byte error, add randomization, T3 notes from @acamro
2019-03-26 16:45:17 -05:00
5f5d475c2e
Add expected traceback error to documentation
2019-03-26 16:44:45 -05:00
f9361324bd
Merge branch 'weblogic_serialize_rawobject' of git://github.com/acamro/metasploit-framework into acamro-weblogic_serialize_rawobject
2019-03-26 16:38:27 -05:00
d9fc7af68e
Fix version detection
2019-03-26 20:17:34 +00:00
75ec3e7df6
add date and more docs
2019-03-26 16:13:42 -04:00
b2d047b0b1
Land #11622 , merge common hash identifier code between modules
2019-03-26 13:12:00 -05:00
d185e8a018
indentation fix
2019-03-25 14:54:46 -05:00
3a8b09f08e
added checks on scan method
2019-03-25 14:48:19 -05:00
59f5c291c9
removed spare spaces and modified some indentation
2019-03-25 14:25:09 -05:00
a8ccc7eb25
Remove tabbed indents
2019-03-25 11:13:28 -05:00
b91231021a
Hashdump adheres to better coding style. Add docs
2019-03-25 02:36:34 -05:00
9d71020d9c
Removed credit
2019-03-24 19:11:22 -04:00
8a36a0f410
Added support for later versions of Outlook, rubocop complaints
2019-03-24 18:39:55 -04:00
9baaedce4e
Indicate potential DoS in description. Define exploit stance explicitly.
2019-03-24 22:29:07 +01:00
5c048e7cd6
CISCO-SA not supported.
2019-03-24 22:20:31 +01:00
be73f56610
Only got researchers name, no email.
2019-03-24 17:50:31 +01:00
4451225da7
Add httpd service reloading.
2019-03-24 17:49:55 +01:00
656ea5240d
remove space at EOL
2019-03-24 08:11:24 -04:00
dfa1ab3a9b
es file explorer
2019-03-24 08:01:32 -04:00
170d28d46b
12c hashdump supported
2019-03-23 13:37:19 -05:00
d1cad4eb21
Add 12c support for hashdump
2019-03-23 13:15:38 -05:00
5ea406cd4c
create hash identifier library
2019-03-23 14:02:34 -04:00
5e470a538d
return unless res
2019-03-23 19:38:14 +11:00
ccc8d9cdab
return unless res
2019-03-23 08:51:25 +00:00
5562af39d3
Use CmdStager instead of hardcoded wget command.
2019-03-22 20:10:29 +01:00
8853d6d5b5
Adding documentation + cleaning files from the exploit
2019-03-22 17:37:04 +01:00
ef2c4310a4
Exploit for CVE-2019-1663 on Cisco RV130(W).
2019-03-22 17:34:12 +01:00
712cbecab3
Land #11570 , Add option to keep temp files with JTR modules
2019-03-22 05:16:56 -05:00
49b936f0d5
fix case of variable
2019-03-21 20:54:32 -04:00
16a48009ed
Add webmin CVE
2019-03-21 11:28:45 -05:00
4524707437
Fix rebase regressions in jenkins_metaprogramming
...
Ugh.
2019-03-21 11:20:21 -05:00
be5ec3379b
Update cmsms_showtime2_rce.rb
2019-03-20 15:50:30 +01:00
cb7b9080bd
1) changed print_status with vprint_status 2) Fix iterations and line splits 3) Changed name of the module 4) removed DisclosureDate
2019-03-20 15:13:41 +01:00
9bb7f11897
Unregister SSLCert option since it is never used in thisHTTPServer module.
2019-03-20 14:21:40 +01:00
c18ab91054
Update modules/exploits/multi/http/cmsms_showtime2_rce.rb
...
Co-Authored-By: fabiocogno <fabio.cogno@gmail.com>
2019-03-20 14:13:38 +01:00
e0a3e01d26
Update modules/exploits/multi/http/cmsms_showtime2_rce.rb
...
Co-Authored-By: fabiocogno <fabio.cogno@gmail.com>
2019-03-20 14:13:25 +01:00
365e032452
Update modules/exploits/multi/http/cmsms_showtime2_rce.rb
...
Co-Authored-By: fabiocogno <fabio.cogno@gmail.com>
2019-03-20 14:13:12 +01:00
49bb5a1624
Update modules/exploits/multi/http/cmsms_showtime2_rce.rb
...
Co-Authored-By: fabiocogno <fabio.cogno@gmail.com>
2019-03-20 14:13:00 +01:00
050aa7a98c
Update modules/exploits/multi/http/cmsms_showtime2_rce.rb
...
Co-Authored-By: fabiocogno <fabio.cogno@gmail.com>
2019-03-20 14:12:47 +01:00
fe0d5e0c97
Update modules/exploits/multi/http/cmsms_showtime2_rce.rb
...
Co-Authored-By: fabiocogno <fabio.cogno@gmail.com>
2019-03-20 14:12:35 +01:00
ce218fc86a
Add can_flood post exploitation for CAN and added example list of frames
2019-03-20 13:17:41 +01:00
43f74b1cf2
Add CMS Made Simple (CMSMS) Showtime2 File Upload RCE
2019-03-19 23:48:46 +01:00
794134735e
Update modules/exploits/unix/webapp/wp_crop_rce.rb
...
Co-Authored-By: tiyeuse <39072217+tiyeuse@users.noreply.github.com>
2019-03-19 20:36:13 +01:00
a8095b8784
Additional Options
2019-03-19 12:53:27 -05:00
b168312db1
Add exploit module for Wordpress core <=4.9.8 (CVE-2019-8942)
2019-03-19 17:51:59 +01:00
23a86e7ad2
Add exploit module for Wordpress core <=4.9.8 (CVE-2019-8942)
2019-03-19 16:03:29 +01:00
a2d6c77fb8
indentation fixes
2019-03-19 15:28:24 +01:00
985f3748e5
Update splunk_upload_app_exec.rb
2019-03-19 15:08:51 +01:00
c9dcdf1b66
new error logic
2019-03-19 14:58:31 +01:00
65fab88a2e
Add IBM BigFix Sites Packages Enum
2019-03-19 08:51:00 -05:00
98a7938837
Update splunk_upload_app_exec.rb
2019-03-19 14:42:56 +01:00
aff77e58bf
Update modules/exploits/multi/http/splunk_upload_app_exec.rb
...
Co-Authored-By: avanzo <matteo@malvica.com>
2019-03-19 13:57:19 +01:00
109b2bcf7e
Update modules/exploits/multi/http/splunk_upload_app_exec.rb
...
Co-Authored-By: avanzo <matteo@malvica.com>
2019-03-19 13:46:57 +01:00
f98ad82583
Update modules/exploits/multi/http/splunk_upload_app_exec.rb
...
Co-Authored-By: avanzo <matteo@malvica.com>
2019-03-19 13:46:44 +01:00
983442d690
Update splunk_upload_app_exec.rb
2019-03-18 19:04:45 +01:00
3316e8c4bf
fixed standard payload syntax
2019-03-18 19:00:33 +01:00
2f1ee95073
Update splunk_upload_app_exec.rb
2019-03-18 15:11:04 +01:00
7a31fc2d17
added splunk 7.2.4 support
2019-03-18 09:12:00 +01:00
a1e6d4d19a
Update note about staging payloads over HTTPS
2019-03-16 13:36:58 -05:00
14febf69aa
add no cleanup to jtr modules
2019-03-16 11:39:59 -04:00
621fa8e4db
Fix issues and refactor module
2019-03-16 00:38:48 -05:00
0fa2d985e7
Add Jenkins ACL bypass and metaprogramming RCE
2019-03-16 00:32:36 -05:00
f2edda207f
Land #11382 , Added BMC Patrol Agent Command Exec Module
2019-03-15 13:21:06 -05:00
82f0c9e9ee
Land #11385 , Add Webmin Upload Exec
2019-03-15 08:15:49 -05:00
5abfc2c136
Add Module Doc
2019-03-14 13:46:34 -05:00
fa3e84f764
Cleanup and Add Option
2019-03-14 13:26:41 -05:00
1d586e46c0
Use MIME for form
2019-03-14 10:13:48 -05:00
1e00c28701
Checked the functionality of module. Added ability to connect via HTTPS.
2019-03-14 15:54:02 +01:00
9a32231cb5
Change upload and add option
...
Change the contents of the uploaded file and
don't overwrite and existing file by default.
Add option to specify name of file.
2019-03-14 09:34:55 -05:00
926d5842a2
Land #11547 , Add Total.js Directory Traversal module
2019-03-12 16:31:21 -05:00
bd1cd7fae8
Bug and style fixes
...
webmin RCE
2019-03-12 10:54:43 -05:00
e906ecb163
Add a function to check extensions
2019-03-11 22:23:11 +01:00
5ee43d43d6
Land #11544 , add reregister_tcp/udp_options
2019-03-11 15:49:23 -05:00
a4c1181b9f
Land #11545 , Add elFinder Command Injection
2019-03-11 15:01:46 -05:00
8822b82a28
Refactory and fix
2019-03-10 22:39:27 +01:00
14e0643962
Refactory and fix
2019-03-10 19:33:08 +01:00
Synacktiv
Quentin Kaiser
RatioSec Research
ct5595
Brent Cook
Pearce Barry
Shelby Pace
William Vu
Javan Rasokat
Ben Schmeckpeper
todb-r7
cbrnrd
wilfried
surefire
Jacob Robles
Brendan Coles
Aaron Ringo
BrennerLittle
PietroBiondi
h00die
7043mcgeep
cbrnrd
Wei Chen
fabiocogno
asoto-r7
rwincey
blightzero
Shelby Pace
Matteo Malvica