6126a627cc
Land #10570 , AKA Metadata Refactor
2018-09-17 22:29:20 -05:00
a814899dc2
Land #10660 , deregister RHOSTS as well as RHOST
2018-09-17 22:26:37 -05:00
1aabf8d83f
deregister RHOSTS as well
2018-09-17 22:26:16 -05:00
83af598e6a
Updated VS solution and module
2018-09-17 17:38:19 -05:00
5089c19453
Land #10620 Solaris 10 LPE for libnspr
2018-09-17 18:10:16 -04:00
011c25ed59
Merge changes from master (ghostscript)
2018-09-17 13:57:28 -05:00
fef728dccd
getting user credentials
2018-09-17 12:39:58 -05:00
30d8a38897
deregister_options RHOSTS
2018-09-17 16:58:57 +00:00
91edebb2ef
Add references, clean up code.
2018-09-17 10:30:54 -04:00
83039781de
Background payload execution
2018-09-17 08:42:04 +00:00
c8906f8772
Add check for Solaris system patch revision
2018-09-17 08:32:52 +00:00
ff5de7b81d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into srsexec
2018-09-16 20:11:30 -04:00
a9b9e7420b
update description
2018-09-16 19:51:15 +08:00
1d2519978d
improve div tags
2018-09-16 18:57:09 +08:00
2eb97ea07b
add ios blur dos module
2018-09-16 13:44:43 +08:00
4c036e70c1
Fix http://seclists.org links to https://
...
I have no idea how this happened in my own code. I was seeing https://.
2018-09-15 18:54:45 -05:00
1f4a1a388e
Update gcc path
2018-09-15 18:16:03 +00:00
44304d33b9
fix travis issues
2018-09-15 07:59:53 -04:00
af7d76b52d
changes from first review
2018-09-14 20:10:59 -04:00
f38e6f45ce
Redo dllinjection
2018-09-14 17:47:53 -05:00
d2f587894b
Initial metadata setup
2018-09-14 09:37:23 -05:00
900ea620c7
msftidy
2018-09-13 21:28:49 -04:00
6cef61ddbc
finish srsexec add docs
2018-09-13 21:20:09 -04:00
4cf344dd83
WIP: Initial CVE-2018-8440 / ALPC-TaskSched-LPE
2018-09-13 18:00:20 -05:00
2f53e370c9
srsexec working properly
2018-09-13 16:37:25 -04:00
e3178faa9a
Add metadata for teradata_odbc_sql.py
2018-09-13 13:09:01 -05:00
4a2f2107e5
move gather to escalate
2018-09-13 14:07:50 -04:00
4bb16f96a7
debugging srsexec
2018-09-13 14:07:50 -04:00
1af1895ac8
first attempt at srsexec
2018-09-13 14:07:50 -04:00
04cc7843a4
Typo fixes
2018-09-13 11:19:13 -05:00
2fbbf88ea9
Land #10560 , ms17_010_eternalblue: use SMBDomain value when provided
...
instead of ignoring it
Merge branch 'land-10560' into upstream-master
2018-09-13 10:08:54 -05:00
a8c459db18
Update description with correct patched release
2018-09-13 08:22:13 +00:00
5b81ebd81b
Land #10589 , multidrop support for word xml docs
2018-09-12 11:00:11 -05:00
0db1c34c40
Add check for Solaris system patches
2018-09-12 07:36:54 +00:00
d0e67c5b60
Add SMB2 support to smb_enumshares
2018-09-11 19:05:26 -05:00
a8f766cfd5
Update heartbleed description to mention `repeat`
2018-09-11 17:41:06 -05:00
e75b5592f7
Add ForceExploit option
2018-09-11 09:23:50 +00:00
1582dacb0e
Check WritableDir is writable
2018-09-11 09:06:15 +00:00
d658ccf653
Add Solaris libnspr NSPR_LOG_FILE Privilege Escalation module
2018-09-11 08:11:11 +00:00
a3d74d926c
Land #9897 , Fix #8404 ListenerComm Support For Exploit::Remote::TcpServer
2018-09-10 16:25:55 -05:00
ea2fcb6fc4
Land #10593 , Refactor SSH mixins and update modules
2018-09-10 15:38:53 -05:00
87eb600510
Land #10611 , mRemote creds gather module fixes
...
Also update #10612 to align with these changes.
2018-09-10 15:25:09 -05:00
93a73f5e71
Fix store_loot OID
...
It's supposed to be a loot type, not the filename (now stored).
2018-09-10 15:19:28 -05:00
8b4820004d
Land #10612 , store_loot text/xml ctype fixes
2018-09-10 15:07:06 -05:00
3ec4d2f22b
Normalize loot type OID
...
1. Include the vendor, product, and technology
2. Content type is already reported, extension changed
3. Original filename including extension is also reported
Can we get some sort of standard on the OID?
2018-09-10 15:06:07 -05:00
3d5da50b12
Land #10598 , Store Credentials Found with PhpMyAdmin Password Extractor
2018-09-10 11:49:52 -05:00
39a2d9d2a8
save xml files as xml
2018-09-09 21:24:39 -04:00
0072d9b9b1
save as xml since it is
2018-09-09 21:22:15 -04:00
70e22707c0
vi loves tabs but i dont
2018-09-09 21:19:17 -04:00
f926f6e9af
fix pathing in mremoteng
2018-09-09 21:07:47 -04:00
718aaca0f4
Land #10546 , Add Apache Struts exploit: CVE-2018-11776
2018-09-07 14:54:23 -05:00
bd50e00ccc
Make some small changes:
...
Changes made:
* DisclosureDate
* Privileged to false
* Remove gsub for ';'
* Set cmd/unix/generic as the default payload for ARCH_CMD (linux)
2018-09-07 14:48:33 -05:00
b3cd4a89ad
Move CVE ref to top as per ~standard~
2018-09-07 14:33:25 -05:00
68ca771764
Add CVE reference to ghostscript_failed_restore.rb
2018-09-07 14:24:15 -05:00
99ca6cef49
Quote-block cleanup and improved error handling
2018-09-07 11:43:04 -05:00
dbace01015
modified regex lines
2018-09-07 11:13:09 -05:00
18ffd36409
storing config file, changed regex
2018-09-07 08:13:10 -05:00
3671f8f6b0
Handling for Tomcat namespace issues, 'allowStaticMethodAccess' settings, and payload output
...
Depending on the configuration of the Tomcat server, `allowStaticMethodAccess` may already be set. We now try to detect this as part of `profile_target`. But that check might fail. If so, we'll try our best and let the user control whether we prepend OGNL to enable `allowStaticMethodAccess` via the 'ENABLE_OGNL' option.
Additionally, sometimes enabling `allowStaticMethodAccess` will cause the OGNL query to fail.
Additionally additionally, some Tomcat configurations won't provide output from the payload. We'll detect that the payload ran successfully, but tell the user there was no output.
2018-09-06 17:56:42 -05:00
7eb06b4592
Address travis errors: Updated metadata and target OS logic
2018-09-06 12:43:56 -05:00
6c3b1081ea
added function to grab and store user and passwd
2018-09-06 12:03:00 -05:00
cb16f812ec
struts2_namespace_ognl updates from code review
...
Thanks to @wvu, @firefart, and @wchen!
2018-09-06 11:50:57 -05:00
dd476066cf
Land #10584 , fix session upgrade HANDLE_TIMEOUT and upgrading osx shells
2018-09-06 05:52:40 -05:00
e1ec0ec899
hash_dump now working properly up to Mac OS X High Sierra (10.13.6 included)
2018-09-06 12:00:36 +02:00
35fb0d19ab
Refactor SSH mixins and update modules
2018-09-05 23:53:11 -05:00
d23b252393
Land #10592 , support ERB for foxit_reader_uaf.rb
2018-09-05 21:48:52 -05:00
254e8b9fd0
Cleanup for foxit_reader_uaf
2018-09-05 21:47:57 -05:00
243267b2f5
Add Linux dropper target
2018-09-05 19:57:12 -05:00
61044e8bca
Refactor targets to align with current style
2018-09-05 19:56:32 -05:00
692ddc8b8b
Eschew updating imagemagick_delegate
...
The hype is over, and the target was provided as a bonus. Now update the
module language to reflect that.
2018-09-05 19:56:32 -05:00
1491f13bd5
Add Ghostscript failed restore exploit
2018-09-05 19:56:32 -05:00
13ff71b879
Clean up previous modules
...
Missed in 35670713ff
2018-09-05 19:56:32 -05:00
55bf6e5dd4
removed require in erb file
2018-09-05 18:09:29 -05:00
6a3a4de289
included path to erb, removed multiline pdf string
2018-09-05 14:09:10 -05:00
14aee3a822
Added auxiliary/fileformat/multidrop support for Word XML documents
2018-09-05 11:51:48 -05:00
b7da75d860
fix #10576 , fix session upgrade HANDLE_TIMEOUT
2018-09-04 16:46:33 +08:00
e243ce9eee
Update AKA for ghostscript_type_confusion
2018-08-31 16:56:35 -05:00
5092d561f9
Update AKA values for ms17_010_psexec
2018-08-31 16:56:28 -05:00
69a785ff46
Update json for python modules
2018-08-31 16:56:22 -05:00
eb17d9b198
Refactor AKA references for modules
2018-08-31 16:56:05 -05:00
8fe8bf62e3
Renamed to match existing `struts2_content_type_ognl` and improved comments
2018-08-31 13:48:22 -05:00
0dea5fcfd9
Land #10565 , Add Dolibarr ERP/CRM Auxiliary Module
2018-08-31 13:47:46 -05:00
35022d8332
Added payload upload+execution and OGNL-specific URI encoding
2018-08-31 13:39:42 -05:00
aa9d0d7c6c
using uri_encode
2018-08-31 08:41:25 -05:00
b1151b9d12
modified login_uri
2018-08-31 08:08:46 -05:00
7c7f63df45
Fix missing normalize_uri in struts2_rest_xstream
...
I missed this one previously. May not be necessary but nice to have.
2018-08-30 15:56:43 -05:00
42af28a86a
printing and storing credentials
2018-08-30 14:17:37 -05:00
85c4abac99
storing credentials
2018-08-30 13:59:00 -05:00
a9376266bc
Land #10484 , Add PhpMyAdmin password extractor
2018-08-30 12:16:17 -05:00
924e61c5c1
Added check and removed register_options
2018-08-30 12:13:39 -05:00
6ec8522786
Land #10482 , Add Network Manager VPNC Privesc
2018-08-30 10:46:54 -05:00
9d3e1c1942
Land #10540 , weblogic_deserialize, add check method and linux target
2018-08-30 06:08:03 -05:00
953bafc7e7
Land #10545 , foxit fix generated strings, update doc
2018-08-30 05:55:44 -05:00
d489cd7248
ms17_010_eternalblue: use SMBDomain value when provided instead of ignoring it
2018-08-29 23:53:58 +02:00
3161beff69
Prefer opt hash
2018-08-29 14:56:31 -05:00
a57e5ac5c0
Land #10594 , Remove trailing space from CVE number
2018-08-29 14:31:21 -05:00
bc4442694e
Fix Windows target options, remove comspec
2018-08-29 14:23:00 -05:00
c4d697a629
Remove trailing space from CVE identifier
...
ASUS Net4Switch ipswcom exploit mistakenly included a trailing space at the end of its CVE reference.
2018-08-29 14:12:49 -05:00
7915c4ac6c
getting user credentials in response
2018-08-29 13:59:06 -05:00
25145004b2
Removing arch
2018-08-29 22:05:57 +05:30
468613f688
Land #10536 , https:// reference check for msftidy
2018-08-29 11:14:42 -05:00
Brent Cook
Jacob Robles
h00die
Erin Bleiweiss
Shelby Pace
Brendan Coles
AverageSecurityGuy
Tim W
William Vu
bwatters-r7
asoto-r7
Adam Cammack
Wei Chen
pwnforfun
Clément Notin
Ben Schmeckpeper
Dhiraj Mishra