3b5db26ff5
Fix #6872 , change upload action for CVE-2016-0854 exploit
...
This patch includes the following changes:
* Instead of the uploadFile action, this patch uses uploadImageCommon
to be able to support both Advantech WebAccess builds: 2014 and
2015.
* It uses an explicit check instead of the passive version check.
* It cleans up the malicious file after getting a session.
* Added module documentation to explain the differences between
different builds of Advantech WebAccess 8.0s, and 8.1.
Fix #6872
2016-05-13 19:47:18 -05:00
13adc3ee0a
Land #6865 , Add CVE-2015-3224 support to rails_web_console_v2_code_exec
2016-05-12 13:56:01 -05:00
993709e076
Land #6862 , jar payloads
...
lands FireFarts jar payload pr
2016-05-11 09:56:41 -05:00
32e1a19875
Fix up the disclosure date
2016-05-11 00:18:22 -05:00
ded79ce1ff
Fix CVE syntax
2016-05-10 23:18:45 -05:00
4a5d150716
Fixups to continue supporting Rails 4.2.x
2016-05-10 23:12:48 -05:00
04bb493ccb
Small typo fixed
2016-05-10 23:07:51 -05:00
7c6958bbd8
Rework rails_web_console_v2_code_exec to support CVE-2015-3224
2016-05-10 11:08:02 -05:00
3db72e9b4b
Land #6853 , use send_request_cgi! for CVE-2016-0854 exploit
2016-05-09 16:10:04 -05:00
e2dd844e34
reenable jar format
2016-05-09 21:25:23 +02:00
805f98f599
Bump version of framework to 4.11.27
2016-05-06 11:32:46 -07:00
2a546d191f
Land #6854 , smtp header fix
...
Fixes an issue with duplicate headers when sending emails.
Fixes MS-1476
2016-05-06 12:07:12 -05:00
c15403a426
Fix #6838 , web-console module cleanup
...
ommit.
2016-05-06 12:01:21 -05:00
2abb062070
Clean up module
2016-05-06 11:51:29 -05:00
e4e6246692
Merge branch 'master' of github.com:rapid7/metasploit-framework
2016-05-06 10:55:52 -05:00
3f4d0479aa
Land #6848 , ImageMagick Exploit
...
lands wvu's imagemaick exploit
2016-05-06 10:54:38 -05:00
8dc7de5b84
Land #6838 , add Rails web-console module
2016-05-05 15:53:52 -05:00
2bac46097f
Remove url() for MVG
...
Technically unnecessary here.
2016-05-05 14:18:42 -05:00
1bc2ec9c11
Update vulnerable versions to include 6.x (legacy)
2016-05-05 14:18:42 -05:00
334c432901
Force https://localhost for SVG and MVG
...
https: is all that's needed to trigger the bug, but we don't want wget
and curl to gripe. localhost should be a safe host to request.
2016-05-05 14:18:42 -05:00
26b749ff5a
Add default LHOST
...
This is a massive workaround and probably shouldn't be done. :-)
2016-05-05 14:18:42 -05:00
5c713d9f75
Set default payload
...
Land #6849 for this to be effective.
2016-05-05 14:18:42 -05:00
decd770a0b
Encode the entire SVG string
...
Because why not? Not like people care about what's around the command.
2016-05-05 14:18:42 -05:00
232cc114de
Change placeholder text to something useful
...
A la Shellshock. :)
2016-05-05 14:18:42 -05:00
f32c7ba569
Add template generation details
2016-05-05 14:18:42 -05:00
23a0517a01
Update description
2016-05-05 14:18:42 -05:00
d7b76c3ab4
Add more references
2016-05-05 14:18:42 -05:00
5c04db7a09
Add ImageMagick exploit
2016-05-05 14:18:42 -05:00
2e460a87dd
Remove extra assignment
2016-05-05 11:24:19 -05:00
f75009a9c6
Don't duplicate headers when sending emails
...
If Date: and Subject: are present, we should not try to add them again.
This made Amazon SES puke, and that made us sad :(.
MS-1476
2016-05-05 10:47:21 -05:00
891a788ad4
Land #6849 , mknod to mkfifo
...
lands wvu's pr to switch from mknod to
mkfifo for netcat payloads
2016-05-05 10:34:41 -05:00
35a780c6a8
fix send_request_cgi redirection issues #6806
2016-05-05 09:55:32 -05:00
f096c3bb99
Land #6821 Fix send_request_cgi! redirection
2016-05-05 09:09:30 -05:00
763c234dfe
Land #6852 Remove duplicate key in tcp.rb which was causing a warning on msfconsole start.
2016-05-04 15:51:09 -05:00
9357a30725
remove duplicate key
2016-05-04 22:15:33 +02:00
849495e658
Land #6851 , Doc fixes for priv_migrate
2016-05-04 13:39:36 -05:00
c7f1598981
Land #6845 , ruby version bump
...
land FireFart's ruby version bump
2016-05-04 13:37:09 -05:00
08416c600f
Grammatical and style fixes for priv_migrate
2016-05-04 11:14:29 -07:00
55b38ad089
Land #6398 , content length header
...
lands wei's content length header pr
2016-05-04 11:53:46 -05:00
e7ff4665e1
Bump version of framework to 4.11.26
2016-05-04 09:44:18 -07:00
548873f623
Land #6850 , bump metasploit payloads
...
to fix registry class readers
See
rapid7/metasploit-payloads#100
rapid7/metasploit-payloads#99
2016-05-04 11:21:53 -05:00
94c8b51a54
bump payloads gem
2016-05-04 10:56:41 -05:00
4c9eba333e
Land #6753 , MSF-side support for reverse port forwards
...
Huge thanks to @OJ for making this happen.
Tested targets Win7,10,2008,2012
Tested payloads Win32 native, Win64 native, python
2016-05-04 07:39:05 -04:00
74e5772bbf
Replace mknod with mkfifo for portability
...
Works on BSD and OS X now. This has been bugging me for a while.
2016-05-04 02:32:37 -05:00
7490ab1c78
Bump version of framework to 4.11.25
2016-05-03 17:09:07 -07:00
779a7c0f68
Switch to the default rails server port
2016-05-03 02:06:58 -05:00
8b04eaaa60
Clean up various whitespace
2016-05-03 02:06:37 -05:00
38320d4304
bump ruby version to 2.3.1
2016-05-03 06:23:15 +02:00
60f81a69ea
Remove the pfservice close call on shutdown
2016-05-03 12:03:37 +10:00
d136844d3b
Add error handling around double-bind of ports
2016-05-03 10:42:41 +10:00
wchen-r7
David Maloney
HD Moore
Christian Mehlmauer
Jenkins
Kyle Gray
William Vu
Louis Sato
Adam Cammack
Vex Woo
dmohanty-r7
Brian Patterson
thao doan
Sonny Gonzalez
Brent Cook
Rob Fuller
OJ