Jeffrey Martin
21ec4915a7
Land #7292 , android stageless with new payload gem
2016-09-28 16:31:45 -05:00
Jeffrey Martin
a457f64e2a
update to latest release payload gem
2016-09-28 16:14:29 -05:00
Jeffrey Martin
1689f10890
Land #7292 , add android stageless meterpreter_reverse_tcp
2016-09-28 16:05:22 -05:00
William Vu
45ee59581b
Fix inverted logic in Docker exploit
...
Positive condition should be tested first, imo. Confusing otherwise. My
bad, though.
Credit to @fslavin-r7.
2016-09-28 15:36:09 -05:00
William Vu
ab94bb9cdd
Land #7365 , nonce fix for Ninja Forms exploit
2016-09-28 13:57:08 -05:00
Brent Cook
ea625d4ea3
Enhance #7360 , more stance fixes
2016-09-28 13:49:29 -05:00
Brent Cook
5a611b0ec4
use the correct scope for the Stance names
2016-09-28 13:48:28 -05:00
Pearce Barry
76124af8b4
Land #7363 , Add LPE exploit module for the capcom driver flaw
2016-09-28 11:02:14 -05:00
Tim
b4a1adaf0f
refactor into android.rb
2016-09-28 18:23:34 +08:00
Tim
dc43f59dcf
dalvik -> android
2016-09-28 14:50:52 +08:00
wchen-r7
f838c9990f
Fix nonce bug in wp_ninja_forms_unauthenticated_file_upload
...
If wordpress saves the nonce value in JavaScript, we could get an
undefined method for nil.
2016-09-27 11:30:52 -05:00
Jeffrey Martin
cdf544be9e
Land #7364 , update to latest metasploit-payloads
2016-09-27 11:26:16 -05:00
Brent Cook
8f9be92b1b
update to latest metasploit-payloads
2016-09-27 11:06:34 -05:00
OJ
76b3c37262
Fix msftidy errors
2016-09-27 22:56:07 +10:00
OJ
0e82ced082
Add LPE exploit module for the capcom driver flaw
...
This commit includes:
* RDI binary that abuses the SMEP bypass and userland function pointer
invocation that is provided by the driver.
* Related metasploit module.
* Associated make.build to build from command line.
* Updated command line build file.
This also includes the beginnings of a new set of functions that help
with the management/automation of kernel-related work on Windows for
local priv esc exploits.
2016-09-27 22:37:45 +10:00
Tim
de1e0aae99
add missing payload tests
2016-09-27 11:05:19 +08:00
William Vu
b87911bd0b
Land #7340 , auxiliary/server/socks4a docs
2016-09-26 17:34:45 -05:00
Pearce Barry
edbe1c3e14
Land #7361 , Make OSX screencapture silent
2016-09-26 17:24:03 -05:00
HD Moore
8bef4e4ec6
Land #7360 , restore passive?/aggressive? behavior
...
This PR restores the mod.aggressive? and mod.passive? methods to the
implementation prior to 0f7e3e9
.
2016-09-26 15:05:41 -05:00
Brendan
b9de73e803
Land #7334 , Add aux module to exploit WINDOWS based (java) Colorado
...
FTP server directory traversal
2016-09-26 14:15:23 -05:00
Metasploit
5ea1e7b379
Bump version of framework to 4.12.29
2016-09-26 12:06:21 -07:00
Pearce Barry
6382fffc75
Land #7326 , Linux Kernel Netfilter Privesc
2016-09-26 12:38:50 -05:00
Tim
53823a4807
oops msftidy
2016-09-26 23:50:38 +08:00
Brent Cook
006c749e6a
directly check to match the former definition of aggressive?
2016-09-25 23:57:13 -04:00
Henry Pitcairn
e5c05c05d2
Make OSX screencapture silent
...
By default, the `screencapture` command on OS X plays a camera sound effect. The -x option silences this.
2016-09-25 22:54:57 -04:00
Brent Cook
743bea912a
fix exploit Passive / Aggressive overrides to do the right thing
2016-09-25 19:57:41 -04:00
Adam Cammack
a13e83af8a
Land #7357 , Stagefright CVE-2015-3864
2016-09-25 17:10:06 -05:00
Pearce Barry
00258a4d31
Land #7351 , restore NTLM constant class shortcuts
2016-09-25 12:09:38 -05:00
h00die
23e5556a4c
binary drops work!
2016-09-24 21:31:00 -04:00
Brent Cook
e0ff8859e9
Land #7359 , add EXTRABACON auxiliary module auxiliary/admin/cisco/cisco_asa_extrabacon
2016-09-24 10:46:13 -04:00
zerosum0x0
90bd2a96cd
Merge pull request #1 from bcook-r7/land-7353-bacon-too
...
Add module docs, credit
2016-09-24 07:59:30 -06:00
Brent Cook
df28e2a85e
Add credit to wwebb-r7 for the initial module and ASA hacking notes
2016-09-24 05:48:31 -04:00
Brent Cook
6f4c9435be
Add module documentation
2016-09-24 05:48:18 -04:00
TheNaterz
cd4299b3a2
Added offsets for version 9.2(4)14
...
This version of the ASA is patched and our offsets do not work currently. We may do more work on this to find a solution.
2016-09-23 16:57:08 -06:00
TheNaterz
087e9461ce
Added offsets for version 9.2(4)13
2016-09-23 16:50:50 -06:00
TheNaterz
3f985d94d7
Added offsets for version 8.4(6)5
2016-09-23 16:32:42 -06:00
TheNaterz
352946d8f5
Added offsets for version 8.4(4)9
2016-09-23 16:19:36 -06:00
TheNaterz
368fd1a77f
Added offsets for version 8.4(4)5
2016-09-23 16:07:42 -06:00
TheNaterz
19fe09318a
Added offsets for version 8.4(4)3
2016-09-23 15:56:02 -06:00
TheNaterz
8840af0e90
Added offsets for version 8.4(4)1
2016-09-23 15:44:39 -06:00
TheNaterz
19caff2293
Added offsets for 8.3(2)40
2016-09-23 15:26:02 -06:00
TheNaterz
ba4505bcce
Added offsets for version 8.3(2)39
2016-09-23 15:05:39 -06:00
TheNaterz
64df7b0524
Added offsets for verion 8.3(2)-npe
...
We currently can't distinguish between 8.3(2) and 8.3(2)-npe versions from the SNMP strings. We've commented out the 8.3(2)-npe offsets, but in the future, we'd like to incorporate this version.
2016-09-23 14:49:57 -06:00
Brent Cook
9c6b67a33f
Land #7356 , remove SSH interactive prompt from freesshd_authbypass
2016-09-23 16:35:49 -04:00
TheNaterz
926e5fab9e
Added offsets for version 8.2(5)41
2016-09-23 14:00:23 -06:00
TheNaterz
b4d3e8ea3e
Added offsets for version 9.2(1)
2016-09-23 13:52:13 -06:00
TheNaterz
d36e16fc32
Added offsets for version 8.2(5)33
2016-09-23 13:15:39 -06:00
TheNaterz
9cbd84d1cd
Merge branch 'master' of github.com:RiskSense-Ops/metasploit-framework
2016-09-23 12:57:46 -06:00
TheNaterz
f19ed4376b
Adding new version offsets
2016-09-23 12:57:36 -06:00
zerosum0x0
6c5271ceb4
offset for 8.0(3)6
2016-09-23 18:48:56 +00:00