Commit Graph

1135 Commits (3c1abe6437228c6116f56da3d94b489ecca16749)

Author SHA1 Message Date
Brent Cook b8f56d14e0
Land #8698, Add HEADERS to php_eval module 2017-08-14 09:54:22 -04:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
Brent Cook 838b066abe Merge branch 'master' into land-8716 2017-07-24 05:51:44 -07:00
Pearce Barry 6bb745744b
Land #8471, Add VICIdial user_authorization Unauthenticated Command Execution module 2017-07-21 15:57:08 -05:00
g0tmi1k 3f6925196b OCD - store_loot & print_good 2017-07-19 13:02:49 +01:00
g0tmi1k ef826b3f2c OCD - print_good & print_error 2017-07-19 12:48:52 +01:00
g0tmi1k b8d80d87f1 Remove last newline after class - Make @wvu-r7 happy 2017-07-19 11:19:49 +01:00
g0tmi1k 3d4feffc62 OCD - Spaces & headings 2017-07-19 11:04:15 +01:00
g0tmi1k 4720d1a31e OCD fixes - Spaces 2017-07-14 08:46:59 +01:00
g0tmi1k fd843f364b Removed extra lines 2017-07-14 08:17:16 +01:00
Matt Robinson 55cbd9b6a9
Add headers to php_eval 2017-07-10 21:25:27 -04:00
Brent Cook f4820d24fb add a few more AKA references 2017-07-06 22:43:46 -05:00
Brent Cook d20036e0fb revise spelling, add heartbleed and tidy checks 2017-06-28 18:50:20 -04:00
Brent Cook 461ab4501d add 'Also known as', AKA 'AKA', to module references 2017-06-28 15:53:00 -04:00
Jin Qian b51fc0a34e
Land #8489, more httpClient modules use store_valid_credential 2017-06-21 17:18:34 -05:00
Jeffrey Martin 1558db375d
update CVE reference in where modules report_vuln 2017-06-05 16:36:44 -05:00
Jeffrey Martin 0e145573fc
more httpClient modules use store_valid_credential 2017-05-30 14:56:05 -05:00
Brendan Coles 018e544295 Add VICIdial user_authorization Unauthenticated Command Execution module 2017-05-27 05:09:38 +00:00
nks 1a8961b5e3 fied typo 2017-05-25 19:14:59 +02:00
Jeffrey Martin b7b1995238
Land #8274, Wordpress admin upload `check` 2017-05-22 22:08:32 -05:00
Jeffrey Martin d69bfd509f
store the credential using the new store_valid_credential 2017-05-22 15:08:03 -05:00
James Lee 4def7ce6cc
Land #8327, Simplify storing credentials 2017-05-18 16:49:01 -05:00
William Vu 1f4ff30adb
Improve 200 fail_with in wp_phpmailer_host_header
One. last. commit. Noticed this in the response body.
2017-05-16 22:38:36 -05:00
William Vu 29b7aa5b9b Update fail_with for 200 (bad user?) 2017-05-16 15:03:42 -05:00
William Vu 7c1dea2f02 Refactor prestager to work with newer Exim
Apparently it doesn't like reduce with extract.
2017-05-16 14:22:43 -05:00
William Vu 7c2fb9acc1 Fix nil bug in Server header check 2017-05-16 10:43:04 -05:00
William Vu 5fd6cb0890 Remove nil case, since response might be nil
It doesn't always return something. Forgot that.
2017-05-15 21:23:49 -05:00
William Vu b41427412b Improve fail_with granularity for 400 error
Also corrects BadConfig to NoTarget in another one of my modules. Oops.
2017-05-15 21:15:43 -05:00
William Vu 1a644cadc4 Add print_good to on_request_uri override
Maybe the ability to send prestagers will be a part of CmdStager in the
future, or maybe CmdStager will actually be able to encode for badchars.
2017-05-15 19:17:58 -05:00
William Vu c4c55be444 Clarify why we're getting 400 and add fail_with 2017-05-15 18:53:36 -05:00
William Vu 489d9a6032 Drop module to AverageRanking and note 400 error 2017-05-15 17:35:40 -05:00
William Vu 2055bf8f65 Add note about PHPMailer being bundled 2017-05-15 14:29:11 -05:00
William Vu 35670713ff Remove budding anti-patterns to avoid copypasta
While it offers a better OOBE, don't set a default LHOST. Force the user
to think about what they're setting it to. Also, RequiredCmd is largely
unnecessary and difficult to determine ahead of time unless the target
is a virtual appliance or something else "shipped."
2017-05-15 12:56:14 -05:00
William Vu c622e3fc22 Deregister URIPATH because it's overridden by Path 2017-05-12 11:56:38 -05:00
William Vu 84af5d071d Deregister VHOST because it's overridden by Host 2017-05-12 11:44:10 -05:00
William Vu 2ae943d981 Use payload common case instead of general case
Both x86 and x64 work on x64, but we really expect x64, and there's no
migration to move us from x86 to x64.
2017-05-11 15:43:49 -05:00
William Vu 09f6c21f94 Add note about Host header limitations 2017-05-10 15:17:20 -05:00
William Vu b446cbcfce Add reference to Exim string expansions 2017-05-10 15:17:20 -05:00
William Vu 8842764d95 Add some comments about badchars 2017-05-10 15:17:20 -05:00
William Vu ecb79f2f85 Use reduce instead of extracting twice 2017-05-10 15:17:20 -05:00
William Vu b5f25ab7ca Use extract instead of doubling /bin/echo 2017-05-10 15:17:20 -05:00
William Vu 9a64ecc9b0 Create a pure-Exim, one-shot HTTP client 2017-05-10 15:17:20 -05:00
William Vu 0ce475dea3 Add WordPress 4.6 PHPMailer exploit 2017-05-10 15:17:20 -05:00
William Vu b794bfe5db
Land #8335, rank fixes for the msftidy god 2017-05-07 21:20:33 -05:00
Bryan Chu 88bef00f61 Add more ranks, remove module warnings
../vmware_mount.rb
Rank = Excellent
Exploit uses check code for target availability,
the vulnerability does not require user action,
and the exploit uses privilege escalation to run
arbitrary executables

../movabletype_upgrade_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../uptime_file_upload_2.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../zpanel_information_disclosure_rce.rb
Rank = ExcellentRanking
Exploit allows remote code execution,
implements version check for pChart

../spip_connect_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../wp_optimizepress_upload.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../wing_ftp_admin_exec.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../novell_mdm_lfi.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../run_as.rb
Rank = ExcellentRanking
Exploit utilizes command injection,
checks system type, and does not require user action
2017-05-07 15:41:26 -04:00
Jeffrey Martin e2fe70d531
convert store_valid_credential to named params 2017-05-05 18:23:15 -05:00
Jeffrey Martin 63b6ab5355
simplify valid credential storage 2017-05-04 22:51:40 -05:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings
Also fixed rex requires.
2017-05-03 15:44:51 -05:00
William Vu 03e4ee91c2
Correct Ghostscript 9.2.1 to 9.21 as per advisory 2017-05-01 16:23:14 -05:00
HD Moore afc804fa03 Quick Ghostscript module based on the public PoC 2017-04-28 09:56:52 -05:00