itsmeroy2012
fef10b7be8
fixing minor issues
2017-04-03 16:54:45 +05:30
William Vu
95c4dd8108
Prefer start_with? over =~
...
Oops, old habit.
2017-04-03 02:38:50 -05:00
William Vu
7de2aa1a63
Update Nmap parser to handle masscan
...
masscan is missing <status>, meaning hosts aren't treated as alive.
Thanks to @jhart-r7 and @jlmurray for working on this previously.
2017-04-03 02:26:14 -05:00
Brent Cook
98ffa4d380
Land #7652 , add varnish cache CLI authentication scanner module
2017-04-02 21:52:45 -05:00
Brent Cook
0c3ef4bf47
add note about later versions of Varnish
2017-04-02 21:52:20 -05:00
Brent Cook
deb7701d3e
tweak misshapen output in MD->HTML
2017-04-02 21:44:50 -05:00
Brent Cook
4c0539d129
Land #8178 , Add support for non-Ruby modules
2017-04-02 21:02:37 -05:00
h00die
a34c01ebd2
Land #8137 shodan honeyscore module
2017-04-02 21:37:36 -04:00
Carter
3d860c2942
Change RHOST to TARGET
2017-04-02 21:10:42 -04:00
h00die
0092818893
Land #8169 add exploit rank where missing
2017-04-02 20:59:25 -04:00
Bryan Chu
151ed16c02
Re-ranking files
...
../exec_shellcode.rb
Rank Great -> Excellent
../cfme_manageiq_evm_upload_exec.rb
Rank Great -> Excellent
../hp_smhstart.rb
Rank Average -> Normal
2017-04-02 18:33:46 -04:00
itsmeroy2012
3ada361357
removing twice exploit
2017-04-02 14:33:23 +05:30
itsmeroy2012
2c75526a12
Fixing white spaces
2017-04-02 14:31:11 +05:30
itsmeroy2012
da14a80e8d
Fixing hashes
2017-04-02 14:28:04 +05:30
itsmeroy2012
85a95233c7
Documentation on iis_webdav_upload_asp
2017-04-02 14:26:29 +05:30
zerosum0x0
ff27edab14
added docs
2017-04-01 21:58:07 -06:00
zerosum0x0
26fc6bc920
added report_vuln()
2017-04-01 21:48:19 -06:00
Adam Cammack
2de8f1b97d
Fixups for specs
2017-03-31 22:19:53 -05:00
h00die
e80b8cb373
move sploit.c out to data folder
2017-03-31 20:51:33 -04:00
William Webb
035f37cf42
Land #8144 , Add Moxa Device Discovery Scanner Module
2017-03-31 19:11:27 -05:00
William Webb
f870f94fa9
Land #8163 , Add Cambium ePMP Arbitrary Command Execution
2017-03-31 19:06:19 -05:00
Adam Cammack
6910cb04dd
Add first exploit written in Python
2017-03-31 17:07:55 -05:00
Adam Cammack
a3e196e31e
Support arbitrary external command_stager exploits
...
So much done, so much more to do.
2017-03-31 17:06:28 -05:00
Metasploit
9edc08cd36
Bump version of framework to 4.14.8
2017-03-31 14:38:29 -07:00
h00die
05201b9578
land #8177 tomcat_gather docs fix
2017-03-31 16:56:44 -04:00
h00die
2b87923a19
fixes for markdown
2017-03-31 16:54:59 -04:00
h00die
823c1a6286
added more verifieds
2017-03-31 16:52:20 -04:00
h00die
23ac9214ea
land #8010 post gather module for tomcat creds
2017-03-31 16:15:55 -04:00
h00die
34a152dc76
handle no sysinfo from ssh_login
2017-03-31 16:15:16 -04:00
Pearce Barry
c00b9ca1e5
Land #8175 , Get into the DANGER ZOOOOOOONE
2017-03-31 14:31:22 -05:00
Pearce Barry
7b0eeea2f0
Land #8176 , deregeister smb2_login from pro bruteforce
2017-03-31 13:56:26 -05:00
David Maloney
7b9772376a
deregeister smb2_login from pro bruteforce
...
this loginscanner is temporary while we continue
to add the smb2 support and so we don't want the
Metasploit Pro bruteforcer picking it up
MS-2609
2017-03-31 13:34:10 -05:00
HD Moore
b5771b0f72
Get into the DANGER ZOOOOOOONE
2017-03-31 12:26:42 -05:00
Metasploit
b6085e188d
Bump version of framework to 4.14.7
2017-03-31 10:02:19 -07:00
Brent Cook
9f75a1d392
Land #8174 , bump rex-text to fix problems running split-line VBA code
2017-03-31 11:40:21 -05:00
Brent Cook
8eea57cda3
Land #8173 , bump rex-core, change 'sleep' to allow < 200ms durations
2017-03-31 11:40:00 -05:00
Pearce Barry
ab4d86fd21
Land #8168 , change description of alpha encoders
2017-03-31 11:37:12 -05:00
Brent Cook
ce87174373
bump rex-text to fix problems running split-line VBA code
2017-03-31 11:34:41 -05:00
Brent Cook
a937b00f85
bump rex-core, change 'sleep' to allow < 200ms durations
2017-03-31 11:33:21 -05:00
dmohanty-r7
1ce7bf3938
Land #8126 , Add SolarWind LEM Default SSH Pass/RCE
2017-03-31 11:21:32 -05:00
dmohanty-r7
c445a1a85a
Wrap ssh.loop with begin/rescue
2017-03-31 11:16:10 -05:00
Adam Cammack
1306065c91
Always run both loaders
...
How did I miss this? How did this work before??? I have a bad feeling
this may break pro.
2017-03-31 10:42:13 -05:00
Koen Riepe
628827cda9
Added some documentation and gracefull error handeling.
2017-03-31 12:45:30 +02:00
Koen Riepe
df2a9a4af3
Added documentation file and implemented fixes for output and linux parsing.
2017-03-31 11:19:12 +02:00
Bryan Chu
5e31a32771
Add missing ranks
...
../exec_shellcode.rb
Rank = Great
This exploit is missing autodetection and version checks,
but should be ranked Great due to high number of possible targets
../cfme_manageiq_evm_upload_exec.rb
Rank = Great
This exploit implements a check to assess target availability,
and the vulnerability does not require any user action
../dlink_dcs_930l_authenticated_remote_command_execution
Rank = Excellent
Exploit utilizes command injection
../efw_chpasswd_exec
Rank = Excellent
Exploit utilizes command injection
../foreman_openstack_satellite_code_exec
Rank = Excellent
Exploit utilizes code injection
../nginx_chunked_size
Rank = Great
Exploit has explicit targets with nginx version auto-detection
../tp_link_sc2020n_authenticated_telnet_injection
Rank = Excellent
See dlink_dcs_930l_authenticated_remote_command_execution,
exploit uses OS Command Injection
../hp_smhstart
Rank = Average
Must be specific user to exploit, no autodetection,
specific versions only
2017-03-31 02:39:44 -04:00
Christian Mehlmauer
0a398a59c5
change description
2017-03-30 20:06:23 +02:00
bwatters-r7
6bcb9b523b
Land #8165 , Fix x86 mettle shellcode
2017-03-30 11:45:11 -05:00
zerosum0x0
4bd50b0ad2
Merge branch 'ms17-010' of github.com:RiskSense-Ops/metasploit-framework into ms17-010
2017-03-30 10:10:08 -06:00
zerosum0x0
a125566fc7
removed unnecessary arguments
2017-03-30 10:09:31 -06:00
Pearce Barry
a13d6a7810
Land #8166 , Add new SMB LoginScanner using RubySMB for SMB1/SMB2 Support
2017-03-30 11:08:17 -05:00