c1418955f5
Land #10319 , enable VHOST for ms15_034_http_sys_memory_dump
2018-07-25 18:51:57 -05:00
e78337d59a
Land #10374 , Net::SSH::CommandStream fixes
2018-07-25 18:21:39 -05:00
e4386d3665
Land #10375 , smb_login defaults that suck less
2018-07-25 15:21:34 -05:00
5a7c25b498
Fix description
2018-07-25 15:13:41 -05:00
6b10921232
Land #10375 , DETECT_ANY_AUTH should be false
2018-07-25 15:09:19 -05:00
1105474fb9
Modify options for smb_login
...
Change default value for DETECT_ANY_AUTH
and add option for DETECT_ANY_DOMAIN
2018-07-25 14:53:06 -05:00
6c2e8f2402
Land #10300 , Add root exploit for Axis network cameras
2018-07-25 14:46:04 -05:00
f169afff6a
Add documentation and a new reference
2018-07-25 14:44:44 -05:00
60faddebbf
Update authors with sinn3r
2018-07-25 14:35:09 -05:00
8f89275df8
authenticating to WordPress
2018-07-25 14:22:24 -05:00
efacaef9df
Clamp compatible payloads until we know better
2018-07-25 14:14:15 -05:00
86d634cb64
Update module for MVP
2018-07-25 12:01:36 -05:00
668bcb38cb
metadata setup
2018-07-25 11:29:47 -05:00
f5ccdcfcd2
Net SSH CommandStream fixes implemented
...
* Net::SSH::CommandStream typos fixed
* Net::SSH::CommandStream cleanup made more robust and refactored
* require 'net/ssh/command_stream' added to various modules
2018-07-25 11:22:28 -05:00
9fde9127ad
Land #10370 , minor CouchDB fix
2018-07-25 01:11:23 -05:00
d3b7dffcdc
Prefer res.body over res
2018-07-25 01:05:18 -05:00
bc89d7fe52
Land #10357 , CouchDB improvements and docs
2018-07-25 00:54:55 -05:00
625ea87ea9
Land #10368 , PhpMyAdmin Login Scanner Module
2018-07-24 23:25:27 -05:00
5df5ab30f6
Use store_valid_credential to save good credentials
2018-07-24 23:21:59 -05:00
efa3a77adc
modified name
2018-07-24 15:00:14 -05:00
4f81fcdc87
retn versions in chk_setup, tests to reflect, doc
2018-07-24 14:51:00 -05:00
976a3464e1
added phpmyadmin login scanner and aux module
2018-07-24 09:47:01 -05:00
dac5780feb
Land #10176 , creds data service CRUD operations
2018-07-23 23:36:32 -04:00
5d7f40d459
Land #10362 , Fix reporting in backup_file, add more docs
2018-07-23 18:22:35 -05:00
e3da0a6828
Merge branch 'master' into remote_creds_data
2018-07-23 16:39:13 -05:00
d2ed78570a
Land #10364 , Handle nil for shell_reverse_tcp_ipv6
...
This makes things like `msfvenom --list-options` or `info` when options
are not set work.
2018-07-23 14:02:14 -05:00
086af80509
Specify address family in shell_reverse_tcp_ipv6
2018-07-23 13:39:40 -05:00
cb0b90435d
Land #10349 , deconflict the method names in mix-ins
2018-07-23 13:38:46 -05:00
408dc7793f
Update aws_ec2_instance_metadata.rb
2018-07-23 10:00:12 +02:00
83ae5cb14d
fix backup_file.rb and add a few docs
2018-07-22 20:50:22 -04:00
2a969d70db
dicoogle
2018-07-21 21:31:45 -04:00
abfed97e03
remove EOL spaces
2018-07-21 11:21:11 -04:00
8b324c19d8
update couchdb scanner
2018-07-21 11:02:50 -04:00
0c906ed8d3
Update cached payload sizes
2018-07-19 17:58:45 -05:00
658267849b
deconflict the method names in mix-ins
2018-07-19 17:01:40 -05:00
65d42380d3
Merge branch 'master' into remote_creds_data
2018-07-19 16:25:06 -05:00
19239c72c0
Update cmsms_upload_rename_rce check and docs
2018-07-19 18:26:42 +00:00
28e3f3a5f0
Land #10327 , Add CMS Made Simple Upload/Rename Authenticated RCE
2018-07-19 12:18:12 -05:00
c5ac4c791f
Make changes based on community feedback
2018-07-19 12:17:02 -05:00
08290b81c0
Land #10282 , Add support for running external modules outside of msfconsole
2018-07-18 17:38:40 -05:00
b90583d07c
don't throw an exception in haraka checks if we cannot connect
2018-07-18 17:17:45 -05:00
0024cca3bf
Land #10328 , Log errors in Python ETERNALBLUE
2018-07-18 14:50:40 -05:00
70a1df70a1
Land #9753 , Linux BPF sign extension local privesc
2018-07-18 18:44:14 +08:00
4c4f0c1d3e
Update
...
Fixes for Kali linux 4.14 with ruby 2.3.
2018-07-18 10:42:51 +00:00
08e33cad0c
Spelling fix
2018-07-17 20:12:37 -05:00
20905d1ca1
Fix syntax error
2018-07-17 18:48:07 -05:00
a24666a00a
msftidy fixes
2018-07-17 18:28:33 -05:00
e5efa4faac
Make failures consistent
2018-07-17 17:35:52 -05:00
96f9e60e84
Swap return for sys.exit(1)
2018-07-17 17:25:38 -05:00
09d347ca33
Add missed sys.exit(1)
2018-07-17 16:31:57 -05:00
e1be94e568
Pass RPORT to sess_port in Impacket
2018-07-17 13:49:38 -05:00
0bdaa0e23a
Catch connection errors and module.log them
2018-07-17 13:49:34 -05:00
5650412cc2
Land #10317 , nil fix for enum_dns
2018-07-17 13:03:06 -05:00
677b22698d
Land #10273 , [clean up] iis_webdav_scstoragepathfromurl
2018-07-17 09:33:32 -05:00
1e004769ca
CMS Made Simple Upload/Rename Authenticated RCE
2018-07-17 09:00:39 -05:00
703f94d981
Check that /etc/rc.local is writeable
2018-07-17 12:52:51 +02:00
97e89cf3bb
Cleanup rc_local patching code
2018-07-17 12:49:55 +02:00
df32ab674d
Fix newline bad character
2018-07-17 12:48:26 +02:00
6bf184dbcf
Update tested versions
2018-07-17 06:24:16 +00:00
9a7c34e6e9
Land #10064 , Claymore Dual Miner API RCE
2018-07-16 18:02:20 -05:00
7df20539af
Fix msftidy
2018-07-16 11:55:37 +02:00
c84eb9fee9
Handle file patching on framework side
2018-07-16 11:54:37 +02:00
4f137f2f3f
rc.local persistence
2018-07-16 09:34:03 +02:00
8e1f68f384
Update ms15_034_http_sys_memory_dump.rb with VHOST
...
Added VHOST to cater to targets that require virtual hostname to be defined
2018-07-16 15:13:23 +08:00
7524af35ec
Check if IPRANGE was supplied - Fix #10316
2018-07-15 15:38:56 +00:00
134417b598
Account for nil
2018-07-14 10:44:09 -05:00
6e450973b9
Land #10295 , Add QNAP Q'Center change_passwd Command Execution exploit
2018-07-14 10:09:46 -05:00
18e65abc54
Fix link
2018-07-14 10:03:01 -05:00
9bdec97b2e
Fix bpf_sign_extension_priv_esc
2018-07-13 23:01:17 +00:00
72e5b94eb8
Land #10293 , fixup php/base64 and add docs for cmd/unix/reverse_bash
2018-07-13 17:15:22 -05:00
4e72dff791
Update module references
2018-07-14 05:03:13 +10:00
b40a146723
Land #10297 , Add priv escalation mod for CVE-2018-8897
2018-07-13 10:54:25 -05:00
f33d12676f
Added License, make msftidy happy, and include original cve project
...
readme document.
2018-07-13 10:19:41 -05:00
4fa2a4775d
Update the target check and added cleanup
2018-07-13 09:27:41 -05:00
9ba0a72ea1
Rename file
2018-07-13 01:11:37 -05:00
e1e8444188
Clean up ruby code for CVE-2018-8897
2018-07-13 01:06:21 -05:00
a020d48caf
Move module documentation to documentation directory
2018-07-13 04:46:25 +00:00
f02c05e530
This one is the same as cve_2018_8897_exe.rb
2018-07-12 22:09:44 -05:00
c9001699cd
Land #10027 , Hadoop unauthed command execution
2018-07-12 21:58:49 -05:00
50252c75d6
Clean up module
...
With a little rubocop -a.
2018-07-12 21:58:00 -05:00
2f37482535
Land #10278 , gitlist_arg_injection fixes
2018-07-12 19:03:52 -05:00
9080b38dcc
Add Axis camera exploit (VDOO research)
2018-07-12 18:46:49 -05:00
e613b2570a
Land #10299 , Add 88 CVEs to various auxiliary and exploit modules
2018-07-12 18:26:07 -05:00
88bbc50104
Utilize uniq to make char array more readable
...
Hat tip @bcoles.
2018-07-12 17:59:12 -05:00
cfcb77afd0
Rename to please msftidy
2018-07-12 17:41:06 -05:00
3546286049
Add missed ARCH_CMD to top-level Arch array
...
It's not necessary because of targets, but it's required for printing.
2018-07-12 17:37:06 -05:00
1a3a4ef5e4
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
156b822401
First stab at cve-2018-8897
2018-07-12 17:31:53 -05:00
4b62f41369
Add QNAP Q'Center change_passwd Command Execution exploit
2018-07-12 20:00:17 +00:00
3dda19f3c6
Update documentation in cmd/unix/reverse_bash
...
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=146464
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/215034
2018-07-12 13:29:33 -05:00
1f0535618d
Document bareword string deprecation in php/base64
2018-07-12 13:29:33 -05:00
378930e5f4
Prefer %w array over quoted array in php/base64
...
irb(main):001:0> ["(",")",".","_","c","h","r","e","v","a","l","b","s","6","4","d","o"] == %w{( ) . _ c h r e v a l b s 6 4 d o}
=> true
irb(main):002:0>
2018-07-12 13:29:33 -05:00
904de2dd09
Land #10238 , Add ManageEngine Exchange Reporter Plus RCE exploit
2018-07-12 16:07:32 +00:00
486225c2a8
Code review changes
...
Use target_uri, split url inside normalize function, replace print with vprint, return CheckCode::Appears
2018-07-12 14:27:28 +02:00
acb20e5a29
Land #9780 , CouchDB auth bypass and RCE
2018-07-12 03:36:17 -05:00
a08420e0d0
Land #10286 , Docker server version scanner
2018-07-12 03:08:41 -05:00
cce3b6f369
Clean up module
2018-07-12 02:57:14 -05:00
f53080ee60
Fix exploit and do final cleanup
2018-07-12 02:13:30 -05:00
167745c124
Selectively add RuboCop fixes
2018-07-11 22:49:46 -05:00
ccc3267166
Correct rubocop -a
...
We'll update .rubocop.yml later.
2018-07-11 22:49:46 -05:00
ca5e496b8f
Run rubocop -a
2018-07-11 21:40:19 -05:00
7d8b9a90d7
Add more reporting
2018-07-11 17:22:48 -04:00
30c43e22d9
Fix typo
2018-07-11 17:04:31 -04:00
bb8ac4a7ab
Add info & update_info
2018-07-11 16:52:16 -04:00
1ded8ffb29
Land #10260 , Add phpMyAdmin v4.8.1/4.8.0 LFI RCE
2018-07-11 11:10:52 -05:00
c26fcc0af1
Merge branch 'master' into remote_creds_data
2018-07-11 10:27:49 -05:00
1f0045fa03
Improve Description
2018-07-11 01:27:10 -04:00
00f4d3967c
Add basic reporting
2018-07-11 00:47:43 -04:00
d488b51264
Use peer instead of ip & port
2018-07-11 00:41:55 -04:00
5a89642ddd
Simplify the module greatly
2018-07-11 00:15:56 -04:00
ffc2f044cc
Remove lines that were not required
2018-07-11 00:04:44 -04:00
7b1e7eb085
Minor improvement to description
2018-07-11 00:04:12 -04:00
2b2029b487
Align Hashrockets
2018-07-11 00:03:26 -04:00
9491c63778
Fix several minor details
2018-07-10 23:56:05 -04:00
66c207a124
Remove timeout of 25 seconds
2018-07-10 23:53:13 -04:00
718606c9f2
Add Auxiliary module to enumerate the Docker Server Version
2018-07-10 19:34:49 -04:00
ef3ea2dd44
Land #10280 , Use default CheckCode in ETERNALBLUE
2018-07-10 17:39:42 -05:00
10cd6c99d9
Land #10231 , Monstra Fileupload Exec
2018-07-10 14:23:15 -05:00
07dca243ff
changed grammar, removed redundant code
2018-07-10 14:13:57 -05:00
1af360d7e0
Land #10108 , add IBM QRadar SIEM exploit
2018-07-10 11:52:32 -05:00
171fa562a3
added parsing for repos in Gitlist source
2018-07-10 11:32:46 -05:00
f64c9588e9
Undefine check method and let the base class do it
...
Preserve the to-do without rewording - should be enough.
2018-07-10 11:05:00 -05:00
1fddbdb8ef
Specify the `command` option external modules
2018-07-10 10:24:07 -05:00
533d87efa4
Return CheckCode::Unsupported in ETERNALBLUE
...
Defining a check method in the module overrides it.
2018-07-09 16:01:24 -05:00
5776b64a1b
modified exploit
2018-07-09 13:56:33 -05:00
64ec8e96cb
Land #10275 , Update missing CVE references for exploit modules
2018-07-09 13:26:18 -05:00
f5e40b14a3
removed double eval as suggested
2018-07-09 13:24:31 -05:00
4f039de2fc
Fix CVE numbers
2018-07-09 13:22:08 -05:00
4403a4ab47
Fix CVE number
2018-07-09 12:56:00 -05:00
7d8a95de9f
Fixed requested changes for PR
2018-07-09 12:44:38 -05:00
44b9798afb
modified regex, id=filesmanager lines
2018-07-09 10:55:29 -05:00
bbc16e1873
Merge branch 'master' into remote_creds_data
2018-07-09 09:49:14 -05:00
bf24ce847a
Fix token issues
2018-07-09 09:29:11 -05:00
bc33078e01
fixed comma
...
fixed comma
2018-07-09 12:27:58 +05:30
6f6ad86e2c
fix tab
...
fix tab and space.
2018-07-09 11:49:11 +05:30
aff39e65d5
Update missing CVE references for auxiliary modules
...
Based on existing references such as BID, OSVDB, blog posts, etc
2018-07-08 19:00:11 -05:00
5fc5a47cd2
Update CVE references for exploit modules
...
These are based on cross references by EDB, OSVDB, module short
name, blog post and BID.
2018-07-08 18:46:04 -05:00
f14d06b9d1
Fix ufo_privilege_escalation
2018-07-08 11:05:30 +00:00
a634e6347d
minor code cleanup
2018-07-08 06:09:38 +00:00
4a835b2493
fix warning, and version
...
fix warning, and version and indentation
2018-07-07 17:27:09 +05:30
1c448de882
Land #10107 , Add the scanner/smb/impacket/secretsdump module
2018-07-06 14:59:33 -05:00
b5fb970aec
Land #10133 , Add HID discoveryd RCE exploit
2018-07-06 14:32:29 -05:00
545e91af00
Land #10262 , Add GitList argument injection exploit module
2018-07-06 14:28:20 -05:00
82c74eb765
Small changes
2018-07-06 14:25:58 -05:00
b1456df757
made suggested changes
2018-07-06 12:48:38 -05:00
fe1b17684a
Add Targets and Session file inclusion
2018-07-06 12:17:26 -05:00
b4b7bf03da
Land #10171 , Implement desktop shell and screensaver post modules
2018-07-05 17:33:06 -05:00
970c164e06
fix undefined method capitalize error for array
2018-07-05 14:33:51 -07:00
5d0652fab1
changed inconsistent capitalization
2018-07-05 15:56:41 -05:00
2b452d5681
added documentation and check
2018-07-05 15:47:21 -05:00
cb078b9586
Drop database
2018-07-05 14:58:30 -05:00
05a0d79be7
Land #10219 , Add HP VAN SDN Controller exploit
2018-07-05 14:21:44 -05:00
43096d9d78
Add phpMyAdmin v4.8.1/4.8.0 LFI RCE
...
Module and Doc
2018-07-05 13:33:35 -05:00
53d5d82498
Rename module to match new vector
2018-07-05 13:31:16 -05:00
507fd22958
added http post and generating payload
2018-07-05 13:21:22 -05:00
762b4b5e53
Simplify creds auth by checking X-Auth-Token alone
...
It's a lot more direct than checking for the redirect.
2018-07-05 13:20:27 -05:00
2b069f45ca
Clarify how we're using the auth token for creds
...
In the service token's case, the service token *is* the auth token.
2018-07-05 13:05:23 -05:00
b00f0e87e0
Add SonicWall XML-RPC Remote Code Execution exploit module
2018-07-05 12:06:13 -05:00
a272dcabd7
Fix typos and additional updates regarding to review
2018-07-05 13:33:40 +01:00
3b8149216f
print a verbose error message
2018-07-04 23:20:58 +01:00
4c1c2e9288
Adding Micro Focus Secure Messaging Gateway RCE
2018-07-04 17:47:13 +01:00
41b0adad88
Use uninstall action command injection
2018-07-03 18:07:22 -05:00
7d0b8dee4a
making request for Gitlist source
2018-07-03 14:27:46 -05:00
a25a656d28
Add "E" to HP to make HPE for better searches
...
We'll stick with calling it HP everywhere else.
2018-07-03 10:29:09 -05:00
e1a9aae109
Add Wordress Arbitrary File Deletion module
2018-07-03 12:21:38 +02:00
5946245d87
avoid using SMBv2 on Windows XP Native Upload targets
2018-07-02 16:07:27 -05:00
2ec091931a
Land #10237 , Add Boxoft WAV to MP3 Converter exploit module
2018-07-02 14:01:27 -05:00
3e33a6f0a4
Update moduel boxoft_wav_to_mp3
2018-07-02 14:00:33 -05:00
1bf94ac448
Spruce up check method and related
2018-07-02 13:59:24 -05:00
12141136d7
Land #9896 , Java JMX Package Name Randomization
...
Land #9896
2018-07-02 13:41:39 -05:00
6e090acc76
Stop joking with timeouts
2018-07-02 13:18:31 -05:00
78ca4d4217
Finally use Msf::Util::EXE.to_zip 8)
2018-07-02 13:04:59 -05:00
2196640de4
Add manageengine_adshacluster_rce
...
Manage Engine Exchange Reporter Plus <= 5310 Unauthenticated RCE
2018-07-02 19:11:08 +02:00
54fce378fa
added target versions to documentation
2018-07-02 09:20:17 -05:00
aa3fcea377
update check method to print error message normaliy
2018-07-01 23:17:34 -04:00
c3b71d4642
Update mismatch indentation and others
2018-07-01 22:43:07 -04:00
70eb943b5a
Update monstra_fileupload_exec.rb
2018-06-30 13:40:12 +05:30
89ba960309
username and password values removed
...
username and password values removed
2018-06-30 12:47:13 +05:30
128438f444
Merge pull request #2 from touhidshaikh/monstra_fileupload_exec
...
Monstra fileupload exec
2018-06-30 12:03:14 +05:30
6ace45e312
Add correct IBM CVE
...
Turns out IBM decided to revisit the advisory and attribute 3 different CVE numbers intead of 1.
2018-06-30 12:06:16 +07:00
85dc81a58b
Land #10185 , add SMBv1/2 support in psexec
2018-06-29 17:49:27 -05:00
3b5555542c
add exploit module and documentation
2018-06-29 15:17:12 -05:00
78cefe0528
Clarify original exploit credit
...
It's definitely more than a PoC (exploit). It's weaponized.
2018-06-29 13:02:40 -05:00
34f303187f
Drop privesc retval, since it's obsoleted by print
2018-06-29 12:53:59 -05:00
fc3199259b
Land #9958 , Nagios xi 2 electric
2018-06-29 12:16:18 -05:00
dbb502ae19
Refactor code and address review comments
2018-06-29 12:13:15 -05:00
675a736ab7
Update Docs
2018-06-29 11:08:31 -05:00
574c47cba6
Change Ranking
...
Command to change the database user
account could cause a DoS condition
if the credentials are incorrect.
2018-06-29 10:56:18 -05:00
57b89444f3
Additional style fixes
2018-06-29 10:53:57 -05:00
c508a5f7f3
Land #10213 , Add FTPShell client 6.70 Stack Buffer Overflow exploit
2018-06-29 14:40:51 +00:00
1e148a8862
Update ftpshell_cli_bof.rb
2018-06-29 14:22:40 +01:00
7532490a1e
Style/Whitespace fixes
2018-06-29 07:02:45 -05:00
40ac79ced0
Land #10218 , MS17-010 Windows Embedded Standard 7
2018-06-28 16:11:56 -05:00
1854793253
Update ftpshell_cli_bof.rb
2018-06-28 13:01:13 +01:00
bd2fb56adf
Update ftpshell_cli_bof.rb
2018-06-28 12:55:48 +01:00
36a37cf6ab
Add HP VAN SDN Controller exploit
2018-06-28 02:14:04 -05:00
f3e3d0c30b
monstra_fileupload_exec.rb
...
Monstra CMS - Authenticated Arbitrary File Upload / Remote Code Execution CVE 2017-18048
2018-06-28 10:55:41 +05:30
a5c0881c08
add Windows Embedded Standard 7 support
2018-06-27 19:17:18 -06:00
54c2bc36e9
fix: invert if else order
2018-06-28 01:33:56 +02:00
e614805948
chore: fix msftidy
2018-06-28 01:27:51 +02:00
2a31958f6a
Bump metasploit_payloads-mettle to version 0.4.1
2018-06-27 17:55:08 -04:00
e17744df8d
Land #10215 , add support for payload estimation for IPv6-specific modules
2018-06-27 16:46:54 -05:00
25b9f97a32
Update cached payload size update to support IPv6
2018-06-27 16:26:41 -05:00
dbb0748c1c
Land #9998 , customizable golden ticket duration
2018-06-27 15:51:56 -05:00
d7770a98b2
s/Seperated/Separated/
2018-06-27 15:36:41 -05:00
ce7d4cd280
Land #10109 , Teradata login scanner and SQL runner
2018-06-27 15:35:57 -05:00
9d8294fcc9
Mark Teradata login scanner executable
2018-06-27 15:35:13 -05:00
8b2bd35659
Fixup option references in Teradata SQL
2018-06-27 15:34:29 -05:00
1dbcf0fd09
Cleanup Teradata SQL options
2018-06-27 15:12:21 -05:00
3985191e0f
Add `userpass` option to Teradata login scanner
2018-06-27 15:10:02 -05:00
ef309e0d5f
Fixup metadata whitespace
2018-06-27 15:09:23 -05:00
837427ccae
Update ftpshell_cli_bof.rb
2018-06-27 16:42:29 +01:00
4a4e38a7b0
FTPShell client 6.70 (Enterprise edition)
2018-06-27 16:37:22 +01:00
da22b36997
chore: fix typo
2018-06-27 17:16:38 +02:00
53f158ef4f
refactor: universal check, payload platform check
2018-06-27 17:11:47 +02:00
9c38c9f63c
Land #10207 , msftidy fixes
2018-06-26 14:38:57 -05:00
c5e7184fdb
Land #10199 , Kace Systems Management Command Injection
2018-06-26 10:11:10 -05:00
c4bf12cbe0
ntds_grabber msftidy fixes
2018-06-26 08:22:11 -05:00
00102a7413
oscommerce msftidy fix
2018-06-26 08:21:10 -05:00
76535b5e51
Check hidden val && check auth requirement
2018-06-25 17:24:13 -05:00
2fd0d797ac
psexec smb2 support
2018-06-25 15:06:23 -05:00
10c36bbd7d
modified get_creds, renamed make_request
2018-06-25 12:45:06 -05:00
81bdbd712c
added disclosureDate and modified style
2018-06-22 15:58:21 -05:00
510c2d04ef
add auxiliary module and documentation - SickRage
2018-06-22 11:18:02 -05:00
6d3c141553
Update patched version check
2018-06-22 15:08:19 +00:00
a71a5a10d5
Add Quest KACE Systems Management Command Injection
2018-06-22 08:07:18 +00:00
eaf043d30b
Land #10156 , WebKit, as used in WebKitGTK+ Crash - CVE-2018-11646
2018-06-21 16:28:37 -05:00
6dafb13f28
Module metadata cleanup
2018-06-21 15:10:47 -05:00
2f40b2cb45
address missed impacket dependency check
2018-06-21 13:56:17 -05:00
c4632f44aa
Fix windows
2018-06-21 16:46:15 +00:00
2008de4080
Support Windows screensaver and locking
2018-06-21 16:46:00 +00:00
38e1429879
Land #10189 , ETERNALBLUE updates
2018-06-20 23:53:20 -05:00
4bb6afb24e
Move dependency check so we can send our metadata
...
I missed this detail about the module.run method when adding the check.
Defining the metadata or where you put it doesn't matter so much as if
you're sending it over JSON-RPC.
2018-06-20 15:03:26 -05:00
8277a4da24
Add better targeting feedback
2018-06-20 12:41:22 -05:00
13a4b2e359
Add dependency check for Impacket
2018-06-20 12:22:17 -05:00
a8e9c20d6c
Make open works on windows
2018-06-20 09:23:57 +00:00
4c0ac00f38
Make screensaver works on OSX
2018-06-20 09:13:51 +00:00
a1176e011a
Land #10184 , Add sleepya's ETERNALBLUE exploit for Win8+
2018-06-19 17:34:38 -05:00
0820268d8a
Improve rank handling with shim logic
2018-06-19 16:46:20 -05:00
72432c200a
Land #10183 , Add auxiliary mod to exploit httpdasm dir traversal vuln
2018-06-19 14:56:36 -05:00
b315886f9b
Update option description
2018-06-19 14:55:53 -05:00
9be8aa6877
Be more verbose on error handling
2018-06-19 14:54:27 -05:00
a0189cc3f6
made suggested changes to module
2018-06-19 12:22:44 -05:00
9913606ed9
Correct rank and formatting in Haraka
2018-06-19 11:44:02 -05:00
9545bac809
Rename remote_exploit_generic template
...
Dropping "generic" from the name. I initially had some reservations
about leaving it in, and after discussion with @acammack-r7, we've
decided it adds nothing useful.
2018-06-19 11:43:56 -05:00
df4cee1d77
Fix PEP 8 in added code
2018-06-19 11:20:15 -05:00
781478b283
Document some things
2018-06-19 11:20:15 -05:00
ecea36c459
Convert PoC to external module
2018-06-19 11:20:10 -05:00
45e8adc617
Add sleepya's ETERNALBLUE exploit for Win8+
2018-06-18 11:41:57 -05:00
b78bb78f95
added auxiliary module and documentation
2018-06-18 10:25:33 -05:00
cb50d0fade
Land #9825 , Add 'phpMyAdmin Authenticated Remote Code Execution'
2018-06-18 08:51:53 -05:00
2e2ded22fc
Use Gem::Version
...
Simplify version comparisons
2018-06-18 08:35:47 -05:00
122ea2ddcb
Update module, Add docs
...
Changed the module to an exploit module and
added documentation.
2018-06-18 07:33:05 -05:00
351a0bd37f
Cleanup command execution code
2018-06-18 07:24:54 +00:00
a750aedb6b
Move xdg_screensaver to multi module
2018-06-18 07:19:52 +00:00
1f6b9a51ea
Remove useless import
2018-06-18 06:56:39 +00:00
8342751b05
Move xdg_open to multi module
2018-06-18 06:54:13 +00:00
ec88683ad2
Land #10165 , Fix missing RequestError in a few post modules
2018-06-15 15:38:49 -05:00
3e8bd83c29
Land #10172 , Rm duplicate word in agitum_outpost_acs description
2018-06-15 15:13:23 -05:00
2ded48a510
Merge branch 'master' into remote_creds_data
2018-06-15 10:26:10 -05:00
b733b79533
Land #10021 , post/multi/recon/sudo_commands module
2018-06-14 16:33:50 -05:00
9f2f61c481
Implement create_credential_and_login in the dataproxy
2018-06-14 13:28:03 -05:00
936632f180
Minor Tweaks to Module
...
This commit changes some logic around
on a few different conditional portions
of code.
2018-06-14 10:06:42 -05:00
b64ab9b0de
Remove duplicate word in the agitum_outpost_acs module description
2018-06-14 15:15:29 +02:00
c4af2aca53
Check command availability
2018-06-14 10:00:26 +00:00
e523d5a114
Fix tabbed indents
2018-06-14 11:35:03 +02:00
b9d59315a8
Fix English in XDG screensaver
2018-06-14 11:30:04 +02:00
c5c0dffa3a
Fix English for XDG open
2018-06-14 11:28:30 +02:00
ee81ed6f7e
Add XDG screensaver
2018-06-14 08:58:24 +00:00
3c4bcf9258
Make XDG open module
2018-06-14 08:33:51 +00:00
c0a5a65e0c
Updated
...
Suggestion's by acammack-r7
2018-06-14 11:25:00 +05:30
853bd4d976
Land #10167 , Add Linux x86 IPv6 reverse shell
2018-06-13 15:32:59 -05:00
0d9eb5b662
Clean up ipv6 address assembly packing
2018-06-13 15:31:49 -05:00
d6f0673840
Fix indentation
2018-06-13 15:27:18 -05:00
402edba028
Remove automatic fork
...
The PrependFork option works just as well
2018-06-13 15:26:22 -05:00
9681c59f1d
Land #10138 , Update psnuffle RHOSTS and style
2018-06-13 14:45:05 -05:00
e8a7a7e76f
first commit
2018-06-13 21:29:09 +02:00
71651a33f6
Update jtr modules to use remote data store
2018-06-13 12:09:58 -05:00
1cd76eb833
Land #10148 , Add New Module - Badpdf
...
Merge branch 'land-10148' into upstream-master
2018-06-12 17:19:32 -05:00
14da99bb3d
Fix missing RequestError in a few post modules
...
Should be Rex::Post::Meterpreter::RequestError.
2018-06-12 17:11:29 -05:00
477d709ff6
Code Improvements
...
Ran module through rubocop
2018-06-12 22:55:38 +01:00
29f4870fa0
Land #10101 , Add glibc 'realpath()' Privilege Escalation exploit
2018-06-12 16:41:07 -05:00
06b3fdce49
Update reliability because of failures
2018-06-12 16:39:41 -05:00
c3c6bc19da
Land #10059 , CVE-2018-1111 exploit
2018-06-12 15:02:06 -05:00
f4bb00b9a5
Remove stray PayloadType outside Compat
2018-06-12 14:59:29 -05:00
0c891e972f
Land #10066 , implement AudioOutput api from channel
2018-06-11 16:20:11 +08:00
57e3bbdba4
update payload cached sizes
2018-06-11 16:19:58 +08:00
b44265fcb2
Minor tweaks
...
Suggestion's made by bcoles
2018-06-11 13:25:02 +05:30
6b58163fde
Code Improvement
...
Added further code improvement suggested by bcoles
2018-06-11 08:06:02 +01:00
645c890888
Land #10157 , Add IconFile path to .URL files generated with MultiDrop
2018-06-11 03:07:21 +00:00
f10b2b12d4
Implemented changes suggested by bcoles
2018-06-10 22:18:17 +01:00
22538bfd63
Fixed Minor Code Error & Removed Spaces
2018-06-10 21:53:40 +01:00
f4334828d0
Minor Improvement
...
URL File Creation also supports IconFile - this has now been added
2018-06-09 17:46:27 +01:00
5e630b34e1
Minor Update
...
Removed some Spaces at EOL
2018-06-09 17:03:32 +01:00
5ca538541a
Code Improvements
...
Code improvements as suggested by bcoles.
2018-06-09 16:44:37 +01:00
f9c74419bb
Minor Code Update
...
Improved injection and Minor Code Improvement
2018-06-09 12:24:33 +01:00
51823b1d3d
Spaces at EOL
2018-06-09 15:58:11 +05:30
d3a18b2ce9
Some tweak
...
Thanks bcloes 😎
2018-06-09 12:15:21 +05:30
76588aed09
Error at disclosure date format
2018-06-09 12:03:41 +05:30
f1d29e730f
Spaces at EOL
2018-06-09 11:53:21 +05:30
6e8412fa73
CVE-2018-11646 - Webkit+
2018-06-09 11:43:47 +05:30
9abf438428
Land #10118 , cleanup OSX local exploit modules
2018-06-08 14:57:09 +08:00
641ffca98c
use base_dir
2018-06-08 14:53:21 +08:00
7e0c8d279f
Minor Code Update
2018-06-07 21:16:41 +01:00
ab80eadc3f
Minor Code Improvement
2018-06-07 21:06:47 +01:00
98507b2e51
Update badpdf.rb
2018-06-07 19:08:51 +01:00
aba05275ae
BadPDF Generator
...
Generated PDF files which contain a UNC link back to listener, can be used to capture NetNTLM hashes.
2018-06-07 16:40:57 +01:00
16fcaa3d00
Delete badpdf.rb
2018-06-07 16:38:57 +01:00
c790537bb2
BadPDF Generator
2018-06-07 16:38:22 +01:00
f53d2a14df
Land #10067 , Added `auxiliary/fileformat/odt_badodt`
2018-06-06 11:27:23 -05:00
20e773498f
Moved to `auxiliary/fileformat/odt_badodt` and updated docs
2018-06-06 11:27:07 -05:00
61074d1220
Land #10115 , Added module `auxiliary/fileformat/multidrop`
2018-06-05 16:30:30 -05:00
c94263c915
Create 'fileformat' and move 'auxiliary/multidrop' to 'auxiliary/fileformat/multidrop'
2018-06-05 16:27:57 -05:00
3b2889cd77
Land #10106 , Add the scanner/smb/impacket/wmiexec module
2018-06-05 08:33:34 -05:00
59873ba81a
Updated Authors
2018-06-04 23:03:00 +01:00
4fcbb5d03d
Minor Code Updates
...
Minor Code Updates as per recommendations by Aaron Soto
2018-06-04 19:20:37 +01:00
78bcd57694
Land #10092 , Cleanup linux/local/recvmmsg_priv_esc
2018-06-04 10:32:35 -05:00
e1d69d6307
Cleanup pSnuffle
2018-06-04 15:27:20 +00:00
3bcc329c07
Add HID discoveryd command_blink_on Unauthenticated RCE exploit
2018-06-03 05:41:10 +00:00
61a98b94b6
Land #9528 , WebKit apple safari trident exploit (CVE-2016-4657)
2018-06-02 21:52:52 -05:00
e9db949418
refactor: replace last string with hash
2018-06-01 16:59:38 +02:00
ae3e8dab78
chore: update references
2018-06-01 16:58:26 +02:00
5649dd0598
refactor: use Hash.to_json instead of strings
2018-06-01 16:57:57 +02:00
061bb84a5a
Updated Code
...
Updated code with suggestions provided by bcoles
2018-06-01 11:13:40 +01:00
2bf5e26bfe
Removed `Deprecated` include from `udp_probe`
2018-05-31 14:32:31 -05:00
918705d510
Removed deprecated modules: `epmp1000_cmd_exec` and `cambium_snmp_loot`
2018-05-31 14:31:58 -05:00
53d9dc75d8
Adding npm component "marked" ReDoS module
...
This commit adds a module for the npm component
"marked" which exploits a Regular Expression
Denial of Service (ReDoS) vulnerability in the
"heading" regular expression. Also included
is the documentation markdown for this module.
2018-05-31 13:33:09 -05:00
9c14bddd93
Cleanup OSX local exploit modules
2018-05-31 12:26:33 +00:00
829e1c306a
Land #10102 , SOCKS5 updates for BIND, parsing specs, refactoring
2018-05-30 16:15:53 -05:00
5e968529bf
Land #9976 , Store non-nil linux enum_network loot
2018-05-30 15:33:39 -05:00
435f965418
Use #include? over Regexps with plain strings
2018-05-30 15:32:04 -05:00
1e57aa5a57
Land #9777 , Slui File Handler Hijack LPE
2018-05-30 15:22:12 -05:00
51a9fc4c55
Multidrop
...
Multidrop is a single module which can be used to create *.scf, *.url, *.lnk and desktop.ini files which contain a SMB/UNC link to a listener ready to capture NetNTLM hashes
2018-05-30 17:36:11 +01:00
c0841ef0bf
set default payload
2018-05-30 18:04:22 +08:00
2ec7f11b90
add binary
2018-05-30 18:02:17 +08:00
e69c51132d
Land #10083 , Add Msf::Post::OSX::Priv mixin
2018-05-29 23:01:36 -05:00
d77ee20fc7
Add fix for 7.3.0
2018-05-30 00:59:11 +03:00
f1663afd53
Change patch level of vulnerable versions
2018-05-30 00:37:29 +03:00
c8b2fc8a35
Land #9701 , Flexense HTTP Server DoS exploit
2018-05-29 16:19:59 -05:00
026b22d061
Refined packet sizes and counts, improved error messages
2018-05-29 16:09:27 -05:00
476030bbd6
Fix grep with proper Base64 support; IBM bug!
2018-05-29 18:49:52 +03:00
a3c7ac830f
Fix typo in rand
2018-05-29 18:40:50 +03:00
b0d8e93e79
Added Teradata ODBC Login and SQL modules and documentation
2018-05-29 10:12:43 -05:00
ac5718d24c
Fix whitespace
2018-05-29 15:02:36 +03:00
809982b430
Make changes requested by bcoles
2018-05-29 14:48:57 +03:00
56dd07639f
add vuln versions
2018-05-28 17:37:58 +03:00
aaaa9c7508
Fix warnings from travis
2018-05-28 17:18:52 +03:00
e126681814
Changed disclosure date
2018-05-28 17:08:48 +03:00
cfb7d4c2fe
Add github url
2018-05-28 16:53:54 +03:00
7db8183bc7
Create file for CVE-2018-1418
2018-05-28 16:39:10 +03:00
7ac8af03d2
Remove the LD_PRELOAD hook for proxychains
2018-05-27 17:12:06 -04:00
28d15a113f
Add the secretsdump impacket module and docs
2018-05-27 17:09:59 -04:00
9fab2316c5
Add the wmiexec impacket module and documentation
2018-05-27 16:24:56 -04:00
0af5d44c42
Add glibc 'realpath()' Privilege Escalation exploit
2018-05-26 21:25:59 +00:00
c85cc9ad9e
Refactor SOCKS5 TcpRelay and add packet tests
2018-05-26 13:46:00 -04:00
49341fc87d
Add credential authentication support to socks5
2018-05-25 20:14:03 -04:00
9b5ae34896
Drop udp associate support and cleanup logging
2018-05-25 20:14:03 -04:00
6859856101
Refactor the socks5 code into multiple files
2018-05-25 20:14:03 -04:00
04bec0bdf0
Progress on the socks5 proxy module
2018-05-25 20:14:02 -04:00
3ab7526786
Name & description Change
...
Exploit::CheckCode changed to Unknown as suggested.
2018-05-25 20:22:51 +03:00
fad5a99c7d
fix incorrect disclosure date
2018-05-25 02:59:08 -05:00
4df01da49a
Add GTFOBins
2018-05-25 04:20:25 +00:00
651fb69585
Cleanup linux/local/recvmmsg_priv_esc module
2018-05-24 17:56:07 +00:00
72fb51f877
add extra check for failed command outputs
2018-05-24 20:47:06 +05:30
affa0bdc6f
Minor Update
...
Removed Unused Comment
2018-05-24 13:45:08 +01:00
7143f04ea7
Add files via upload
...
Updated to use recommended method of creating zip files
2018-05-24 09:53:53 +01:00
04a27e0221
Delete thumbnail.png
...
Moved folder location
2018-05-24 09:37:45 +01:00
81c4e9f7b9
Delete styles.xml
...
Moved folder location
2018-05-24 09:37:31 +01:00
73bfe1c9ab
Delete settings.xml
...
Moved folder location
2018-05-24 09:37:18 +01:00
247904746c
Delete meta.xml
...
Moved folder location
2018-05-24 09:37:04 +01:00
f9bda873d2
Delete manifest.xml
...
Moved folder location
2018-05-24 09:36:55 +01:00
5002eae655
Delete manifest.rdf
...
Moved folder location
2018-05-24 09:36:45 +01:00
02afeb3e29
Delete content.xml
...
Moved folder location
2018-05-24 09:36:35 +01:00
86a5b951aa
Land #9990 , add SOCKS5 proxy support
2018-05-23 17:31:09 -05:00
bc5c7a15e5
remove single-entry OptEnum from module, since there is only one possible TECHNIQUE
2018-05-23 13:44:53 -05:00
77403479f5
code cleanup
2018-05-23 12:53:48 -05:00
3ef6f82894
Update bypassuac_sluihijack.rb
2018-05-23 12:25:49 +02:00
567e2dbc7e
Update telpho10_credential_dump.rb
...
Current version still vulnerable, developer ignores mails. It seems like this is going to be a 'won´t fix'
2018-05-23 09:32:41 +02:00
72efe66403
Refactored for better logging, IPv6 support, and prep for auth
2018-05-22 18:57:00 -05:00
45481f26b6
Add Msf::Post::OSX::Priv mixin
2018-05-22 22:25:39 +00:00
0472b9df3f
Land #10024 , Fix find_or_create_* methods for remote data service
...
This PR updates the find_or_create_* methods associated with each model to
no longer just proxy to the report_* model. It now performs a lookup through
the DataProxy and returns the found object if it exists, or creates a new
record if needed.
2018-05-22 17:08:46 -05:00
15e472637a
Land #10070 , Fix cleanup in exploits/osx/local/rootpipe_entitlements
2018-05-22 21:52:24 +00:00
b14e354b25
Land #10048 , Make shell and meterpreter sessions consistent with cmd_exec
2018-05-22 21:26:47 +00:00
40d5f46277
Lad #10017 , D-Link DSL-2750B Unauthenticated OS Command Injection
...
Merge branch 'land-10017' into upstream-master
2018-05-22 10:54:33 -05:00
6cc1a8dcbd
Rubocop fixes
2018-05-22 10:34:05 -04:00
4ecc1ff551
Modify loots, notes and services search methods
...
Modify loots and services method signatures. Remove workspace as a
positional argument, move into opts hash argument and update callers.
Made host search for these models more uniform. Update find_or_create
methods to handle difference in opts between find and report
operations.
2018-05-21 17:37:51 -04:00
6d4ad57beb
refactor: use Rex built-in encoders
2018-05-21 22:14:39 +02:00
75562e2bbc
Land #10044 , Fix is_system? in Msf::Post::Windows::Priv for non-English
...
Merge branch 'land-10044' into upstream-master
2018-05-21 14:24:26 -05:00
93e9c96a1c
Adjust link / name ordering to be alphabetical by key (not sorted by value)
2018-05-21 14:42:13 -04:00
88ab836e15
Land #9987 , AF_PACKET chocobo_root exploit
2018-05-21 17:05:53 +08:00
9e9dff8b6a
fix file cleanup on failed exploitation
2018-05-21 16:47:09 +08:00
cd0161ada2
fix gcc for shell_reverse_tcp payloads on ubuntu
2018-05-21 16:46:42 +08:00
6ae55aadd4
Fixing documentation, improving exploits code
2018-05-20 12:55:46 -04:00
aa033bf5c1
Fix cleanup
2018-05-20 16:19:25 +00:00
c665a32eb9
Add privileged and fix PayloadType hash style
2018-05-19 19:06:50 -04:00
ef229111c8
Delete readme.txt
2018-05-19 16:58:45 +01:00
5d3c95e51b
Create badodt
2018-05-19 16:58:14 +01:00
a0d8f70dee
Create readme.txt
2018-05-19 16:57:40 +01:00
077a7c7c9e
Delete test.txt
2018-05-19 16:57:07 +01:00
018a8a3060
Create test.txt
2018-05-19 16:56:49 +01:00
Brent Cook
William Vu
Jacob Robles
Wei Chen
Shelby Pace
Sonny Gonzalez
Matthew Kienow
James Barnett
Adam Cammack
asoto-r7
reka193
h00die
bwatters-r7
Brendan Coles
Tim W
Eliott Teissonniere
Sunny Neo
Kacper Szurek
Agora Security
Erin Bleiweiss
flandini
Touhid M Shaikh
thesubtlety
Mehmet İnce
Aloïs Thévenot
Green-m
Ishaq Mohammed
Pedro Ribeiro
Daniel Teixeira
zerosum0x0
phra
Jeffrey Martin
Nicholas Starke
Clément Notin
Dhiraj Mishra
Matteo Malvica
rmdavy
Chris Higgins
actuated
Spencer McIntyre
Ege Balcı
Auxilus
gushmazuko
Jan Rude
lucyoa
Kevin Kirsche