Brent Cook
b8f56d14e0
Land #8698 , Add HEADERS to php_eval module
2017-08-14 09:54:22 -04:00
Brent Cook
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
Brent Cook
838b066abe
Merge branch 'master' into land-8716
2017-07-24 05:51:44 -07:00
Pearce Barry
6bb745744b
Land #8471 , Add VICIdial user_authorization Unauthenticated Command Execution module
2017-07-21 15:57:08 -05:00
g0tmi1k
3f6925196b
OCD - store_loot & print_good
2017-07-19 13:02:49 +01:00
g0tmi1k
ef826b3f2c
OCD - print_good & print_error
2017-07-19 12:48:52 +01:00
g0tmi1k
b8d80d87f1
Remove last newline after class - Make @wvu-r7 happy
2017-07-19 11:19:49 +01:00
g0tmi1k
3d4feffc62
OCD - Spaces & headings
2017-07-19 11:04:15 +01:00
g0tmi1k
4720d1a31e
OCD fixes - Spaces
2017-07-14 08:46:59 +01:00
g0tmi1k
fd843f364b
Removed extra lines
2017-07-14 08:17:16 +01:00
Matt Robinson
55cbd9b6a9
Add headers to php_eval
2017-07-10 21:25:27 -04:00
Brent Cook
f4820d24fb
add a few more AKA references
2017-07-06 22:43:46 -05:00
Brent Cook
d20036e0fb
revise spelling, add heartbleed and tidy checks
2017-06-28 18:50:20 -04:00
Brent Cook
461ab4501d
add 'Also known as', AKA 'AKA', to module references
2017-06-28 15:53:00 -04:00
Jin Qian
b51fc0a34e
Land #8489 , more httpClient modules use store_valid_credential
2017-06-21 17:18:34 -05:00
Jeffrey Martin
1558db375d
update CVE reference in where modules report_vuln
2017-06-05 16:36:44 -05:00
Jeffrey Martin
0e145573fc
more httpClient modules use store_valid_credential
2017-05-30 14:56:05 -05:00
Brendan Coles
018e544295
Add VICIdial user_authorization Unauthenticated Command Execution module
2017-05-27 05:09:38 +00:00
nks
1a8961b5e3
fied typo
2017-05-25 19:14:59 +02:00
Jeffrey Martin
b7b1995238
Land #8274 , Wordpress admin upload `check`
2017-05-22 22:08:32 -05:00
Jeffrey Martin
d69bfd509f
store the credential using the new store_valid_credential
2017-05-22 15:08:03 -05:00
James Lee
4def7ce6cc
Land #8327 , Simplify storing credentials
2017-05-18 16:49:01 -05:00
William Vu
1f4ff30adb
Improve 200 fail_with in wp_phpmailer_host_header
...
One. last. commit. Noticed this in the response body.
2017-05-16 22:38:36 -05:00
William Vu
29b7aa5b9b
Update fail_with for 200 (bad user?)
2017-05-16 15:03:42 -05:00
William Vu
7c1dea2f02
Refactor prestager to work with newer Exim
...
Apparently it doesn't like reduce with extract.
2017-05-16 14:22:43 -05:00
William Vu
7c2fb9acc1
Fix nil bug in Server header check
2017-05-16 10:43:04 -05:00
William Vu
5fd6cb0890
Remove nil case, since response might be nil
...
It doesn't always return something. Forgot that.
2017-05-15 21:23:49 -05:00
William Vu
b41427412b
Improve fail_with granularity for 400 error
...
Also corrects BadConfig to NoTarget in another one of my modules. Oops.
2017-05-15 21:15:43 -05:00
William Vu
1a644cadc4
Add print_good to on_request_uri override
...
Maybe the ability to send prestagers will be a part of CmdStager in the
future, or maybe CmdStager will actually be able to encode for badchars.
2017-05-15 19:17:58 -05:00
William Vu
c4c55be444
Clarify why we're getting 400 and add fail_with
2017-05-15 18:53:36 -05:00
William Vu
489d9a6032
Drop module to AverageRanking and note 400 error
2017-05-15 17:35:40 -05:00
William Vu
2055bf8f65
Add note about PHPMailer being bundled
2017-05-15 14:29:11 -05:00
William Vu
35670713ff
Remove budding anti-patterns to avoid copypasta
...
While it offers a better OOBE, don't set a default LHOST. Force the user
to think about what they're setting it to. Also, RequiredCmd is largely
unnecessary and difficult to determine ahead of time unless the target
is a virtual appliance or something else "shipped."
2017-05-15 12:56:14 -05:00
William Vu
c622e3fc22
Deregister URIPATH because it's overridden by Path
2017-05-12 11:56:38 -05:00
William Vu
84af5d071d
Deregister VHOST because it's overridden by Host
2017-05-12 11:44:10 -05:00
William Vu
2ae943d981
Use payload common case instead of general case
...
Both x86 and x64 work on x64, but we really expect x64, and there's no
migration to move us from x86 to x64.
2017-05-11 15:43:49 -05:00
William Vu
09f6c21f94
Add note about Host header limitations
2017-05-10 15:17:20 -05:00
William Vu
b446cbcfce
Add reference to Exim string expansions
2017-05-10 15:17:20 -05:00
William Vu
8842764d95
Add some comments about badchars
2017-05-10 15:17:20 -05:00
William Vu
ecb79f2f85
Use reduce instead of extracting twice
2017-05-10 15:17:20 -05:00
William Vu
b5f25ab7ca
Use extract instead of doubling /bin/echo
2017-05-10 15:17:20 -05:00
William Vu
9a64ecc9b0
Create a pure-Exim, one-shot HTTP client
2017-05-10 15:17:20 -05:00
William Vu
0ce475dea3
Add WordPress 4.6 PHPMailer exploit
2017-05-10 15:17:20 -05:00
William Vu
b794bfe5db
Land #8335 , rank fixes for the msftidy god
2017-05-07 21:20:33 -05:00
Bryan Chu
88bef00f61
Add more ranks, remove module warnings
...
../vmware_mount.rb
Rank = Excellent
Exploit uses check code for target availability,
the vulnerability does not require user action,
and the exploit uses privilege escalation to run
arbitrary executables
../movabletype_upgrade_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability
../uptime_file_upload_2.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability
../zpanel_information_disclosure_rce.rb
Rank = ExcellentRanking
Exploit allows remote code execution,
implements version check for pChart
../spip_connect_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability
../wp_optimizepress_upload.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability
../wing_ftp_admin_exec.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability
../novell_mdm_lfi.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability
../run_as.rb
Rank = ExcellentRanking
Exploit utilizes command injection,
checks system type, and does not require user action
2017-05-07 15:41:26 -04:00
Jeffrey Martin
e2fe70d531
convert store_valid_credential to named params
2017-05-05 18:23:15 -05:00
Jeffrey Martin
63b6ab5355
simplify valid credential storage
2017-05-04 22:51:40 -05:00
William Vu
64452de06d
Fix msf/core and self.class msftidy warnings
...
Also fixed rex requires.
2017-05-03 15:44:51 -05:00
William Vu
03e4ee91c2
Correct Ghostscript 9.2.1 to 9.21 as per advisory
2017-05-01 16:23:14 -05:00
HD Moore
afc804fa03
Quick Ghostscript module based on the public PoC
2017-04-28 09:56:52 -05:00