5e8c2200ac
Merge branch 'master' into land-8625-crypttlv2
2017-08-20 18:54:51 -05:00
eabe4001c2
Land #8492 , Add IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution module
2017-08-20 18:48:22 -05:00
cbd7790e95
Land #8751 , Add Asterisk Gather Credentials auxiliary module
2017-08-20 18:34:27 -05:00
07ee33578d
Land 8804, tidy up mdaemon credential extraction module
2017-08-20 18:26:56 -05:00
85df247c84
DRY up module, fix remaining style violations
2017-08-20 18:24:41 -05:00
367c760927
window move is now directly in the template
2017-08-20 17:48:59 -05:00
e734a7923a
Land #8267 , Handle multiple entries in PSModulePath
2017-08-20 17:44:30 -05:00
d5a5321a8c
Merge remote-tracking branch 'upstream/pr/8299' into land-8267-
2017-08-20 17:43:56 -05:00
1225555125
remove unnecessary require
2017-08-20 17:37:42 -05:00
840c0d5f56
Land #7808 , add exploit for VMware VDP with known ssh private key (CVE-2016-7456)
2017-08-20 17:36:45 -05:00
88f39d924b
Land #8816 , added Jenkins v2 cookie support
2017-08-20 14:58:38 -05:00
f7dc831e9a
Land #8799 , Add module to detect Docker, LXC, and systemd-nspawn containers
2017-08-20 14:45:57 -05:00
aa797588e8
Land #8847 , Look for sp_execute_external_script in mssql_enum
2017-08-20 14:32:35 -05:00
2eba188166
Land #8789 , Add COM class ID hijack method for bypassing UAC
2017-08-20 13:57:17 -05:00
9f3dbba17a
Land #8854 , fix scheduleme meterpreter script
2017-08-20 13:54:41 -05:00
05011930b1
Land #8861 , link updates
2017-08-20 13:34:41 -05:00
b9b779da9e
update references to sourceforge ML
2017-08-20 13:23:54 -05:00
6afd90b7f0
Land #8848 , fix extra sleep on linux x86 stager
2017-08-19 22:12:19 -05:00
e8ab518d76
Land #8853 , Revert passive stance for multi/handler
2017-08-19 22:04:26 -05:00
0145fc3972
payload/r.rb and UUID update
2017-08-19 06:43:28 -04:00
d76616e8e8
Reverse and bind shells in R
...
Initial implementation of bind and reverse TCP shells in R.
Supports IPv4 and 6, provides stateless sessions which wont change
the cwd when cd is invoked since each command invocation actually
spawns a pipe to execute that specific line's invocation.
R injections are common in academic software written in a hurry by
students or lab administrators. The language runtimes are also
commonly found adjacent to valuable data, and often used by teams
which are not directly responsible for information security.
Testing:
Local testing with netcat bind and rev handlers.
TODO:
Add the appropriate platform/language library definitions
2017-08-19 06:12:05 -04:00
46852e8ab0
Update scheduleme.rb
...
Fixed a bug introduced in commit #aa03db1f5c4a694d258879ccdf0dcaaf7f576355
2017-08-18 22:27:26 +02:00
6ecdb8f2cc
Land #8852 , convert quest_pmmasterd_bof to cmd_interact/find
2017-08-18 13:20:17 -05:00
66a4ea4f0b
Revert passive stance for multi/handler
...
It's gotten to be a bit annoying. ExitOnSession=false was good, but this
was too much. Typing run -j isn't difficult.
2017-08-18 13:16:12 -05:00
95824ce132
Bump version of framework to 4.15.8
2017-08-18 10:03:23 -07:00
98ba6719e9
Land #8851 s/unknow/unknown/ig
2017-08-18 10:38:50 -05:00
a40c7457f9
Land #8843 , Update documentation in connect.md
2017-08-18 10:35:37 -05:00
dc358dd087
unknow to unknown
2017-08-18 11:33:48 -04:00
74f89857d8
fix extra sleep on linux x86 stager
2017-08-18 15:20:35 +09:00
d659cdc8f6
Convert quest_pmmasterd_bof to cmd_interact/find
2017-08-18 00:19:09 -05:00
9aba360f2b
Land #8846 - Fix Youtube URLs
2017-08-18 10:47:42 +10:00
ea5370486f
minor unused variable fixes
2017-08-17 16:46:51 -04:00
9c196041ce
update youtube urls in post exploit module
2017-08-17 16:44:35 -04:00
b0a4634b24
Update connect.md
...
Adding the command in installing gem "serialport".
2017-08-17 18:55:44 +08:00
8b4ccc66c7
add linux/aarch64/shell_reverse_tcp
2017-08-17 18:55:37 +08:00
5e0223fce0
Land #8841 , tools/exploit/metasm_shell.rb fix
2017-08-17 02:48:52 -05:00
33e134418a
rename decode methods as well, keep this working for ruby X.X
2017-08-17 03:27:12 -04:00
7a1a5d2658
don't override standard string 'encode' methods
2017-08-17 03:20:45 -04:00
f6caa23e31
Land #8840 , fix silly docs error
2017-08-17 15:16:24 +08:00
2bca33cf4a
Land #8837 , typo fix for Linux hashdump
2017-08-17 02:13:20 -05:00
648dca7bdb
fix silly documentation mistake
2017-08-17 14:43:58 +08:00
e642789674
Look for sp_execute_external_script in mssql_enum
...
sp_execute_external_script can be used to execute code in MSSQL.
MSSQL 2016+ can be configured to execute R code. MSSQL 2017 can
be configured to execute Python code.
Documentation:
https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-execute-external-script-transact-sql
https://docs.microsoft.com/en-us/sql/advanced-analytics/tutorials/rtsql-using-r-code-in-transact-sql-quickstart
Interesting uses of sp_execute_external_script:
R - https://pastebin.com/zBDnzELT
Python - https://gist.github.com/james-otten/63389189ee73376268c5eb676946ada5
2017-08-16 21:40:03 -05:00
1c44092ba9
Add module documentation for post/linux/gather/checkcontainer
2017-08-16 21:15:56 -05:00
f07318c976
Fix post/linux/gather/hashdump NoMethodError
2017-08-16 00:56:32 -07:00
408a83a36b
Added comhijack module documentation
2017-08-16 13:05:27 +10:00
fa292dce96
Fix issue with truncated values when unpacking packets
2017-08-16 11:01:54 +10:00
70a82b5c67
Land #8834 , add resiliency to x64 linux reverse_tcp stagers
2017-08-15 08:04:32 -04:00
df98c2a3dd
update cached sizes again
2017-08-15 08:02:51 -04:00
debbc31142
use separate module names for x86 and x64 generators
2017-08-15 08:02:01 -04:00
4dbf94556e
update CacheSize
2017-08-15 12:54:30 +09:00
Brent Cook
RageLtMan
Franci Šacer
William Webb
William Vu
Metasploit
h00die
tkmru
OJ
Jay Turla
Tim
james
Richard Claus