William Vu
081ca17ebf
Specify default resource in start_service
...
This eliminates the need to override resource_uri. Depends on #8078 .
2017-03-09 03:00:51 -06:00
=
c52b0cba5e
msftidy error on master updated
2017-03-08 20:58:01 +05:30
William Vu
0f899fdb0b
Convert ARCH_CMD to CmdStager
2017-03-08 07:35:37 -06:00
=
7976966ce9
Issue 7923 - msftidy errors on master
2017-03-08 03:12:41 +05:30
h00die
fb5e090f15
fixes from jvoisin
2017-02-28 20:09:26 -05:00
Mehmet Ince
e5636d6ce1
Adding logsign rce module and doc
2017-02-28 21:04:37 +03:00
h00die
e3e607a552
reword description
2017-02-26 15:24:22 -05:00
h00die
0c353841ab
forgot add fixes for travis
2017-02-25 23:25:36 -05:00
h00die
a8609f5c66
ntfs-3g lpe
2017-02-25 23:09:22 -05:00
Pedro Ribeiro
f18b533226
change platform time to unix (although it is linux in reality but whatevs)
2017-02-24 22:58:24 +00:00
Brendan Coles
5d3a4cce67
Use all caps for module option names
2017-02-23 16:30:01 +11:00
Carter
25b3cc685a
Update netgear_r7000_cgibin_exec.rb
2017-02-22 11:36:52 -05:00
Brendan Coles
47fec5626e
Style update
2017-02-22 07:56:17 +00:00
Brendan Coles
e491f01c70
Add MVPower DVR Shell Unauthenticated Command Execution module
2017-02-22 05:15:57 +00:00
wchen-r7
48f6740fee
Land #7969 , Add Module Trend Micro IMSVA Remote Code Execution
2017-02-21 17:29:04 -06:00
bwatters-r7
a9b9a58d4d
Land #7893 , Add Module AlienVault OSSIM/USM Remote Code Execution
2017-02-21 13:35:56 -06:00
Carter
e99ba0ea86
Msftidy stuff
2017-02-18 00:34:49 -05:00
Carter
189d5dc005
Thanks netgear
2017-02-18 00:15:45 -05:00
Carter
52350292cf
Fix msftidy warning
2017-02-17 18:41:11 -05:00
Carter
63d1de9acd
Updates from review
...
Also testing some things, line 84 and 85 mostly
2017-02-17 18:29:46 -05:00
Carter
811f6d4d58
Update netgear_r7000_cgibin_exec.rb
2017-02-16 08:38:06 -05:00
Carter
90224af813
Fix msftidy warning
2017-02-15 22:39:16 -05:00
Carter
81d63c8cc7
Create netgear_r7000_cgibin_exec.rb
2017-02-15 22:33:48 -05:00
Mehmet Ince
4ee05313d8
Update tested version numbers
2017-02-08 19:31:01 +03:00
Mehmet Ince
906fcfe355
OSSIM 5.0.0 version requires a authen token on action create
2017-02-03 23:45:33 +03:00
William Webb
2ff170a1fa
Land #7820 , Exploit for TrueOnline Billion 5200W-T
2017-01-31 11:33:56 -06:00
William Webb
f167358540
Land #7821 , Command Injection Exploit for TrueOnline ZyXEL P660HN
2017-01-31 11:28:46 -06:00
William Webb
b3521dfb69
Land #7822 , Command Injection Exploit for TrueOnline P660HN v2
2017-01-31 11:22:49 -06:00
Mehmet Ince
c666ac93f5
Adding xff header
2017-01-31 14:37:22 +03:00
Mehmet Ince
40108c2374
first commit
2017-01-31 14:15:46 +03:00
Pedro Ribeiro
0aceb0b1cb
Fix whitespace, thanks msftidy!
2017-01-30 10:16:42 +00:00
Pedro Ribeiro
5fd31e621e
Add CVE number
2017-01-30 10:03:46 +00:00
Brent Cook
ff2b8dcf99
Revert "Land #7605 , Mysql privilege escalation, CVE-2016-6664" - premature merge
...
This reverts commit 92a1c1ece4
, reversing
changes made to 9b16cdf602
.
2017-01-22 19:16:33 -06:00
Brent Cook
92a1c1ece4
Land #7605 , Mysql privilege escalation, CVE-2016-6664
2017-01-22 17:17:28 -06:00
Brent Cook
836da6177f
Cipher::Cipher is deprecated
2017-01-22 10:20:03 -06:00
Mehmet Ince
c2c352c2ac
Adding Trend Micro IMSVA module
2017-01-18 11:34:16 +03:00
Pedro Ribeiro
2dca53e19a
Add full disclosure link
2017-01-17 11:09:44 +00:00
Pedro Ribeiro
1160a47b55
Add full disclosure link
2017-01-17 11:09:29 +00:00
Pedro Ribeiro
c2cd26a6e1
Add full disclosure link
2017-01-17 11:09:11 +00:00
Pedro Ribeiro
7fafade128
fix msftidy stuff v2
2017-01-12 18:06:13 +00:00
Pedro Ribeiro
ba8dfbd9f1
fix msftidy stuff
2017-01-12 18:05:54 +00:00
Pedro Ribeiro
f88e68da25
fix msftidy stuff
2017-01-12 18:04:58 +00:00
Pedro Ribeiro
2274e38925
fix msftidy stuff
2017-01-12 18:03:12 +00:00
Pedro Ribeiro
b863db9d02
add billion sploit
2017-01-12 17:51:24 +00:00
Pedro Ribeiro
2827a7ea1a
add 660v2 sploit
2017-01-12 17:50:57 +00:00
Pedro Ribeiro
af2516d074
add 660v1 sploit
2017-01-12 17:49:28 +00:00
Pedro Ribeiro
c0880985bc
fix duplicate entry for platform
2017-01-10 01:17:44 +00:00
wchen-r7
74cea5dd04
Use Linux payloads instead of cmd/unix/interact
...
As of now, cmd/unix/interact causes msfconsole to freeze, so
we can't use this.
2017-01-09 11:11:17 -06:00
wchen-r7
e331066d6d
Add CVE-2016-6433 Cisco Firepower Management Console UserAdd Exploit
2017-01-06 17:05:25 -06:00
Pedro Ribeiro
13bca2ebc7
add httpusername and password for auto auth
2017-01-06 16:33:51 +00:00
William Vu
19319f15d4
Land #7626 , Eir D1000 modem exploit
2017-01-04 17:02:39 -06:00
Pedro Ribeiro
d95a3ff2ac
made changes suggested
2017-01-04 23:02:10 +00:00
William Vu
b0e79076fe
Switch to wget CmdStager and tune timing
...
We don't want to trample the device with requests.
2017-01-04 16:42:53 -06:00
William Vu
94d76cfb06
Merge remote-tracking branch 'upstream/master' into tr-069-ntpserver-command-injection
2017-01-03 17:04:04 -06:00
Adam Cammack
fe0a3c8669
Update themoon exploit to use wget command stager
2017-01-03 15:50:57 -06:00
Pedro Ribeiro
9d3e90e8e5
cleanup
2017-01-02 17:32:38 +00:00
Pedro Ribeiro
4c29d23c8a
further cleaning
2016-12-31 17:02:34 +00:00
Pedro Ribeiro
956602cbfe
add final wnr2000 sploits
2016-12-31 16:49:05 +00:00
William Vu
9d0ada9b83
Land #7749 , make drb_remote_codeexec great again
2016-12-28 06:11:48 -06:00
William Vu
cfca4b121c
Clean up module
2016-12-28 06:10:46 -06:00
William Vu
afd8315e1d
Remove apache_continuum_cmd_exec CmdStager flavor
...
It is inferred from the platform, and we don't want to override it
needlessly. :bourne is what worked during testing, but it won't always
work. Now we can override the flavor with CMDSTAGER::FLAVOR.
2016-12-27 16:24:16 -06:00
Pedro Ribeiro
870e8046b5
add sploits
2016-12-27 21:12:35 +00:00
joernchen of Phenoelit
679ebf31bd
Minor fix to make dRuby great again
2016-12-23 15:12:22 +01:00
joernchen of Phenoelit
d69acd116d
Make dRuby great again
2016-12-22 15:37:16 +01:00
Tod Beardsley
a4f681ae35
Add quoted hex encoding
2016-12-06 09:05:35 -06:00
Tod Beardsley
d549c2793f
Fix module filename to be TR-064
2016-12-02 08:49:21 -06:00
Tod Beardsley
9e4e9ae614
Add a reference to the TR-064 spec
2016-12-02 08:48:09 -06:00
Tod Beardsley
ddac5600e3
Reference TR-064, not TR-069
2016-12-02 08:45:15 -06:00
William Vu
1d6ee7192a
Land #7427 , new options for nagios_xi_chained_rce
2016-11-30 17:11:02 -06:00
William Vu
3e8cdd1f36
Polish up USER_ID and API_TOKEN options
2016-11-30 17:10:52 -06:00
Tod Beardsley
43cd788350
Switch back to echo as cmdstager flavor
2016-11-30 10:18:09 -06:00
Tod Beardsley
b75fbd454a
Add missing peer in vprint_error
2016-11-30 07:59:41 -06:00
Tod Beardsley
657d52951b
Linemax 63, switch to printf
2016-11-30 07:51:36 -06:00
Tod Beardsley
08b9684c1a
Add a FORCE_EXPLOIT option for @FireFart
2016-11-29 16:37:13 -06:00
Tod Beardsley
57d156a5e2
Revert "XML encode the command passed"
...
This reverts commit 9952c0ac6f
.
2016-11-29 16:24:26 -06:00
Tod Beardsley
b7904fe0cc
Oh silly delimiters and lack thereof
2016-11-29 15:53:05 -06:00
Tod Beardsley
9952c0ac6f
XML encode the command passed
2016-11-29 15:49:55 -06:00
Tod Beardsley
851aae3f15
Oops, wrong module
...
This reverts commit d55d2099c5
.
2016-11-29 15:15:18 -06:00
Tod Beardsley
d55d2099c5
Just one platform thanks
2016-11-29 15:08:45 -06:00
Tod Beardsley
4d6b2dfb46
Use CmdStager instead
...
Oh, and this is totally untested as of this commit.
2016-11-29 15:03:38 -06:00
Tod Beardsley
8de17981c3
Get rid of the WiFi key stealer
2016-11-29 14:48:04 -06:00
Tod Beardsley
75bcf82a09
Never set DefaultPaylod, reverse target options
2016-11-29 14:43:10 -06:00
Tod Beardsley
f55f578f8c
Title, desc, authors, refs
2016-11-29 14:39:38 -06:00
Tod Beardsley
d691b86443
First commit of Kenzo's original exploit
...
This is a work in progress, and is merely the copy-paste
of the original PoC exploit from:
https://devicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/
2016-11-29 09:13:52 -06:00
x2020
6f70323460
Minor misspelling mistakes and corrected the check of the mysqld process
2016-11-25 19:03:23 +00:00
x2020
1119dc4abe
Targets set to automatic
...
removed targets and set only automatic
the targets weren't used so there's no funcionallity loss
2016-11-25 17:35:28 +00:00
Brent Cook
59f3c9e769
Land #7579 , rename netfilter_priv_esc to rename netfilter_priv_esc_ipv4
2016-11-21 17:59:29 -06:00
Prateep Bandharangshi
8869ebfe9b
Fix incorrect disclosure date for OpenNMS exploit
...
Disclosure date was Nov 2015, not Nov 2014
2016-11-21 16:44:36 +00:00
William Webb
6c6221445c
Land #7543 , Create exploit for CVE-2016-6563 / Dlink DIR HNAP Login
2016-11-21 09:59:50 -06:00
Brent Cook
005d34991b
update architecture
2016-11-20 19:09:33 -06:00
Brent Cook
f313389be4
Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch
2016-11-20 19:08:56 -06:00
x2020
acfd214195
Mysql privilege escalation
...
Documentation, compiled binary and final implementation.
Completed the documentation, added the missing compiled binary and a
final and tested implementation of the module.
2016-11-19 11:24:29 +00:00
h00die
cfd31e32c6
renaming per @bwatters-r7 comment in #7491
2016-11-18 13:52:09 -05:00
wchen-r7
4596785217
Land #7450 , PowerShellEmpire Arbitrary File Upload
2016-11-17 17:47:15 -06:00
Brendan
18bafaa2e7
Land #7531 , Fix drb_remote_codeexec and create targets
2016-11-16 12:58:22 -06:00
Brent Cook
b56b6a49ac
Land #7328 , Extend lsa_transname_heap exploit to MIPS
2016-11-15 07:37:19 -06:00
Jeffrey Martin
c458d662ed
report correct credential status as successful
2016-11-14 12:27:22 -06:00
Jeffrey Martin
4ae90cbbef
Land #7191 , Add exploit for CVE-2016-6267 - Trend Micro Smart Protection Server authenticated RCE.
2016-11-14 12:06:02 -06:00
Pedro Ribeiro
908713ce68
remove whitespace at end of module name
2016-11-14 08:35:34 +00:00
Pearce Barry
9eb9d612ca
Minor typo fixups.
2016-11-11 16:54:16 -06:00