OJ
b608abffbc
Update payload cache sizes for x64 windows
2015-09-29 09:03:57 +10:00
jvazquez-r7
269641a0ff
Update vmauthd_login to have into account advanced TCP options
2015-09-28 14:38:35 -05:00
jvazquez-r7
2f46335c90
Update brocade_enbale_login to have into account advanced TCP options
2015-09-28 14:36:23 -05:00
jvazquez-r7
adb76a9223
Update telnet_login to have into account advanced TCP options
2015-09-28 14:35:58 -05:00
jvazquez-r7
0eed30ce05
Update pop3_login to have into account advanced TCP options
2015-09-28 14:29:50 -05:00
jvazquez-r7
d02193aaeb
Update mysql_login to have into account advanced TCP options
2015-09-28 14:28:32 -05:00
jvazquez-r7
0abb387c1a
Update mssql_login to have into account advanced TCP options
2015-09-28 14:22:19 -05:00
jvazquez-r7
df3e4e8afd
Update ftp_login to have into account advanced TCP options
2015-09-28 14:18:05 -05:00
jvazquez-r7
a99e44b43a
Update vnc_login to have into account advanced TCP options
2015-09-28 14:13:08 -05:00
jvazquez-r7
4d8f0a6ec4
Update db2_auth to have into account advanced Tcp options
2015-09-28 14:10:55 -05:00
jvazquez-r7
07b44fccb9
Update AFP login scanner to have into account advanced options
2015-09-28 14:03:55 -05:00
jvazquez-r7
1e4e5c5bae
Update ACPP login scanner to have into account advanced options
2015-09-28 13:50:20 -05:00
bigendian smalls
a47557b9c1
Upd. multi/handler to include mainframe platform
...
Quick update to multi handler so it recognizes mainframe platform based
modules
2015-09-28 11:14:08 -05:00
Jon Hart
96e4e883ae
Fix #6008 for wireshark_lwres_getaddrbyname_loop
2015-09-27 14:56:11 -07:00
Jon Hart
bd2f73f40a
Fix #6008 for wireshark_lwres_getaddrbyname
2015-09-27 14:55:19 -07:00
Jon Hart
bbd08b84e5
Fix #6008 for snort_dce_rpc
2015-09-27 14:53:40 -07:00
Jon Hart
989fe49750
Fix #6008 for synflood
2015-09-27 14:50:59 -07:00
Jon Hart
7ad7db7442
Fix #6008 for rogue_send. Correctly.
2015-09-27 14:48:58 -07:00
Jon Hart
7b026676f1
Fix #6008 for avahi_portzero
2015-09-27 14:47:05 -07:00
Jon Hart
20ddb65ff8
Fix #6008 for bnat_scan
2015-09-27 14:18:51 -07:00
Jon Hart
06a10e136a
Fix #6008 for rogue_send
2015-09-27 14:12:23 -07:00
Jon Hart
d3a41323b8
Fix #6008 for ipidseq.rb
2015-09-27 14:05:05 -07:00
Jon Hart
5b1ee8c8ca
Fix #6008 for syn.rb
2015-09-27 13:54:11 -07:00
Jon Hart
3888b793bd
Fix #6008 for ack.rb
2015-09-27 13:53:47 -07:00
Jon Hart
766829c939
Fix #6008 for xmas.rb
2015-09-27 13:46:00 -07:00
jvazquez-r7
b206de7708
Land #5981 , @xistence's ManageEngine EventLog Analyzer Remote Code Execution exploit
2015-09-27 00:42:17 -05:00
jvazquez-r7
55f573b4c9
Do code cleanup
2015-09-27 00:33:40 -05:00
jvazquez-r7
c85913fd12
Land #5983 , @jhart-r7's SOAP PortMapping UPnP auxiliary module
2015-09-26 15:47:04 -05:00
Brent Cook
f3451eef75
Land #5380 , pageantjacker, an SSH agent proxy
2015-09-26 10:52:44 -04:00
Brent Cook
46ed129966
update to metasploit-payloads 1.0.14
2015-09-26 10:50:20 -04:00
jvazquez-r7
f6f3efea75
print the body as verbose
2015-09-25 13:51:18 -05:00
jvazquez-r7
80c9cd4e6f
Restore required option
2015-09-25 13:41:27 -05:00
jvazquez-r7
e4e9609bc2
Use single quotes
2015-09-25 13:35:38 -05:00
jvazquez-r7
a5698ebce0
Fix metadata
2015-09-25 13:34:16 -05:00
jvazquez-r7
c8880e8ad6
Move local exploit to correct location
2015-09-25 11:37:38 -05:00
jvazquez-r7
6b46316a56
Do watchguard_local_privesc code cleaning
2015-09-25 11:35:21 -05:00
jvazquez-r7
c79671821d
Update with master changes
2015-09-25 10:47:37 -05:00
jvazquez-r7
e87d99a65f
Fixing blocking option
2015-09-25 10:45:19 -05:00
jvazquez-r7
890ac92957
Warn about incorrect payload
2015-09-25 10:10:08 -05:00
jvazquez-r7
19b577b30a
Do some code style fixes to watchguard_cmd_exec
2015-09-25 09:51:00 -05:00
jvazquez-r7
b35da0d91d
Avoid USERNAME and PASSWORD datastore options collisions
2015-09-25 09:36:47 -05:00
jvazquez-r7
52c4be7e8e
Fix description
2015-09-25 09:35:30 -05:00
Balazs Bucsay
a863409734
x86-64 pushq signedness error fixed. Signed port numbers (2bytes) were not working properly. Fix means +6bytes in shellcode length
2015-09-24 13:07:02 +02:00
JT
e185277ac5
Update simple_backdoors_exec.rb
2015-09-24 14:14:23 +08:00
JT
56a551313c
Update simple_backdoors_exec.rb
2015-09-24 13:54:40 +08:00
JT
192369607d
Update simple_backdoors_exec.rb
...
updated the string 'echo me' to a random text
2015-09-24 13:49:33 +08:00
Brent Cook
9519eef55d
Land #5993 , handle ADSI exceptions nicely
2015-09-23 22:56:44 -05:00
Meatballs
66c9222968
Make web_delivery proxy aware
2015-09-23 20:45:51 +01:00
Daniel Jensen
3dd917fd56
Altered the module to use the primer callback, and refactored some code to remove useless functions etc
2015-09-24 00:20:13 +12:00
Stuart
853d822992
Merge pull request #1 from bcook-r7/land-5380-pageantjacker
...
update pageantjacker to run as part of extapi
2015-09-23 09:45:53 +01:00
William Vu
44fa188e71
Land #5984 , android_mercury_parseuri module
2015-09-23 02:44:53 -05:00
William Vu
d798ef0885
Land #5893 , w3tw0rk/Pitbul RCE module
2015-09-23 02:41:01 -05:00
jvazquez-r7
2b7ffdc312
Use datastore advanced options used by smb_login
2015-09-21 17:48:05 -05:00
William Vu
8106bcc320
Clean up module
2015-09-21 14:37:54 -05:00
jvazquez-r7
415fa3a244
Fix #5968 , some modules not handling Rex::Post::Meterpreter::RequestError exceptions
...
* Related to the usage of ADSI on unsupported OSes
2015-09-21 14:33:00 -05:00
Stuart Morgan
cdd39f52b1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into pageant_extension
2015-09-21 14:34:56 +02:00
Stuart Morgan
e8e4f66aaa
Merge branch 'master' of ssh://github.com/stufus/metasploit-framework into pageant_extension
2015-09-21 14:34:38 +02:00
Brent Cook
61e7e1d094
update pageantjacker to run as part of extapi
2015-09-20 20:25:00 -05:00
wchen-r7
fd190eb56b
Land #5882 , Add Konica Minolta FTP Utility 1.00 CWD command module
2015-09-18 11:10:20 -05:00
wchen-r7
0aea4a8b00
An SEH? A SEH?
2015-09-18 11:09:52 -05:00
wchen-r7
060acbc496
newline
2015-09-17 11:39:39 -05:00
wchen-r7
08b5b8ebb2
Add ADDITIONAL_FILES option
2015-09-17 11:30:58 -05:00
joevennix
0d94b8a48f
Make andorid_mercury_parseuri better
2015-09-17 09:59:31 -05:00
Jon Hart
0113cbd353
Nokogiri::XML::Builder instead
2015-09-16 19:53:33 -07:00
jvazquez-r7
927785cfe4
Lan #5783 , @jabra-'s module to disclose passwords from grup policy preferences
2015-09-16 21:00:03 -05:00
jvazquez-r7
adab9f9548
Do final cleanup
2015-09-16 20:59:32 -05:00
jvazquez-r7
4d0d806e1d
Do minor cleanup
2015-09-16 19:30:40 -05:00
Brent Cook
d2a17074b1
update payload sizes
2015-09-16 17:24:41 -05:00
jvazquez-r7
46168e816b
Merge for retab
2015-09-16 17:13:08 -05:00
jvazquez-r7
ab8d12e1ac
Land #5943 , @samvartaka's awesome improvement of poisonivy_bof
2015-09-16 16:35:04 -05:00
jvazquez-r7
af1cdd6dea
Return Appears
2015-09-16 16:34:43 -05:00
jvazquez-r7
402044a770
Delete comma
2015-09-16 16:23:43 -05:00
jvazquez-r7
75c6ace1d0
Use single quotes
2015-09-16 16:23:10 -05:00
jvazquez-r7
88fdc9f123
Clean exploit method
2015-09-16 16:14:21 -05:00
jvazquez-r7
d6a637bd15
Do code cleaning on the check method
2015-09-16 16:12:28 -05:00
wchen-r7
c7afe4f663
Land #5930 , MS15-078 (atmfd.dll buffer overflow)
2015-09-16 15:33:38 -05:00
jvazquez-r7
688a5c9123
Land #5972 , @xistence's portmapper amplification scanner
2015-09-16 14:58:19 -05:00
jvazquez-r7
8ae884c1fc
Do code cleanup
2015-09-16 14:46:27 -05:00
jvazquez-r7
37d42428bc
Land #5980 , @xistence exploit for ManageEngine OpManager
2015-09-16 13:19:49 -05:00
jvazquez-r7
8f755db850
Update version
2015-09-16 13:19:16 -05:00
jvazquez-r7
1b50dfc367
Change module location
2015-09-16 11:43:09 -05:00
jvazquez-r7
122103b197
Do minor metadata cleanup
2015-09-16 11:41:23 -05:00
jvazquez-r7
aead0618c7
Avoid the WAIT option
2015-09-16 11:37:49 -05:00
wchen-r7
b4aab70d18
Fix another typo
2015-09-16 11:34:22 -05:00
wchen-r7
bef658f699
typo
2015-09-16 11:32:09 -05:00
jvazquez-r7
0010b418d0
Do minor code cleanup
2015-09-16 11:31:15 -05:00
jvazquez-r7
f3b6606709
Fix check method
2015-09-16 11:26:15 -05:00
Daniel Jensen
7985d0d7cb
Removed privesc functionality, this has been moved to another module. Renamed module
2015-09-16 23:29:26 +12:00
Daniel Jensen
bdd90655e4
Split off privesc into a seperate module
2015-09-16 23:11:32 +12:00
wchen-r7
63bb0cd0ec
Add Android Mercury Browser Intent URI Scheme & Traversal
2015-09-16 00:48:57 -05:00
jvazquez-r7
24af3fa12e
Add rop chains
2015-09-15 14:46:45 -05:00
Mo Sadek
e911d60195
Land #5967 , nil bug fix in SSO gather module
2015-09-15 10:25:50 -05:00
William Vu
abe65cd400
Land #5974 , java_jmx_server start order fix
2015-09-15 01:33:44 -05:00
xistence
c99444a52e
ManageEngine EventLog Analyzer Remote Code Execution
2015-09-15 07:29:16 +07:00
xistence
7bf2f158c4
ManageEngine OpManager Remote Code Execution
2015-09-15 07:24:32 +07:00
JT
9e6d3940b3
Update simple_backdoors_exec.rb
2015-09-13 23:30:14 +08:00
wchen-r7
ae5aa8f542
No FILE_CONTENTS option
2015-09-12 23:32:02 -05:00
Daniel Jensen
4e22fce7ef
Switched to using Rex MD5 function
2015-09-13 16:23:23 +12:00
xistence
0657fdbaa7
Replaced RPORT
2015-09-13 09:19:05 +07:00
xistence
521636a016
Small changes
2015-09-13 08:31:19 +07:00
jvazquez-r7
0d52a0617c
Verify win32k 6.3.9600.17837 is working
2015-09-12 15:27:50 -05:00
jvazquez-r7
9626596f85
Clean template code
2015-09-12 13:43:05 -05:00
Hans-Martin Münch (h0ng10)
0c4604734e
Webserver starts at the beginning, stops at the end
2015-09-12 19:42:31 +02:00
xistence
79e3a7f84b
Portmap amplification scanner
2015-09-12 16:25:06 +07:00
xistence
dc8d1f6e6a
Small changes
2015-09-12 13:08:58 +07:00
wchen-r7
01053095f9
Add MS15-100 Microsoft Windows Media Center MCL Vulnerability
2015-09-11 15:05:06 -05:00
William Vu
5f9f66cc1f
Fix nil bug in SSO gather module
2015-09-11 02:21:01 -05:00
William Vu
a1a7471154
Land #5949 , is_root? for remove_lock_root
2015-09-11 02:09:14 -05:00
wchen-r7
e9e4b60102
move require 'msf/core/post/android' to post.rb
2015-09-11 01:58:12 -05:00
wchen-r7
f2ccca97e0
Move require 'msf/core/post/android' to post.rb
2015-09-11 01:56:21 -05:00
jvazquez-r7
53f995b9c3
Do first prototype
2015-09-10 19:35:26 -05:00
wchen-r7
017832be88
Land #5953 , Add Bolt CMS File Upload Vulnerability
2015-09-10 18:29:13 -05:00
wchen-r7
602a12a1af
typo
2015-09-10 18:28:42 -05:00
wchen-r7
94aea34d5b
Land #5965 , Show the Shodan error message if no result are found
2015-09-10 17:39:25 -05:00
HD Moore
cddf72cd57
Show errors when no results are found
2015-09-10 14:05:40 -07:00
wchen-r7
90ef9c11c9
Support meterpreter for OS X post modules
2015-09-10 15:57:43 -05:00
Roberto Soares
68521da2ce
Fix check method.
2015-09-10 04:40:12 -03:00
Roberto Soares
4566f47ac5
Fix check method.
2015-09-10 03:56:46 -03:00
Roberto Soares
0ba03f7a06
Fix words.
2015-09-09 21:27:57 -03:00
Roberto Soares
bc3f5b43ab
Removerd WordPress mixin.
2015-09-09 21:26:15 -03:00
Roberto Soares
4e31dd4e9f
Add curesec team as vuln discovery.
2015-09-09 21:13:51 -03:00
Roberto Soares
6336301df3
Add Nibbleblog File Upload Vulnerability
2015-09-09 21:05:36 -03:00
Roberto Soares
d3aa61d6a0
Move bolt_file_upload.rb to exploits/multi/http
2015-09-09 13:41:44 -03:00
Roberto Soares
2800ecae07
Fix alignment.
2015-09-09 01:21:08 -03:00
Roberto Soares
48bd2c72a0
Add fail_with method and other improvements
2015-09-09 01:11:35 -03:00
Roberto Soares
f08cf97224
Check method implemented
2015-09-08 23:54:20 -03:00
Roberto Soares
6de0c9584d
Fix some improvements
2015-09-08 23:15:42 -03:00
JT
31a8907385
Update simple_backdoors_exec.rb
2015-09-09 08:30:21 +08:00
jvazquez-r7
329e6f4633
Fix title
2015-09-08 15:31:14 -05:00
jvazquez-r7
30cb93b4df
Land #5940 , @hmoore-r7's fixes for busybox post modules
2015-09-08 15:12:23 -05:00
wchen-r7
122d57fc20
Land #5945 , Add auto-accept to osx/enum_keychain
2015-09-08 10:56:08 -05:00
wchen-r7
13afbc4eae
Properly check root for remove_lock_root (android post module)
...
This uses the Msf::Post::Android::Priv mixin.
2015-09-08 10:40:08 -05:00
JT
4e23bba14c
Update simple_backdoors_exec.rb
...
removing the parenthesis for the if statements
2015-09-08 15:47:38 +08:00
JT
002aada59d
Update simple_backdoors_exec.rb
...
changed shell to res
2015-09-08 14:54:26 +08:00
JT
467f9a8353
Update simple_backdoors_exec.rb
2015-09-08 14:45:54 +08:00
JT
37c28ddefb
Update simple_backdoors_exec.rb
...
Updated the description
2015-09-08 13:42:12 +08:00
JT
0f8123ee23
Simple Backdoor Shell Remote Code Execution
2015-09-08 13:08:47 +08:00
joev
1b320bae6a
Add auto-accept to osx/enum_keychain.
2015-09-07 21:17:49 -05:00
samvartaka
0a0e7ab4ba
This is a modification to the original poisonivy_bof.rb exploit
...
module removing the need for bruteforce in the case of an unknown
server password by (ab)using the challenge-response as an encryption
oracle, making it more reliable. The vulnerability has also been confirmed
in versions 2.2.0 up to 2.3.1 and additional targets for these versions
have been added as well.
See http://samvartaka.github.io/malware/2015/09/07/poison-ivy-reliable-exploitation/
for details.
## Console output
Below is an example of the new functionality (PIVY C2 server password is
set to 'prettysecure' and unknown to attacker). Exploitation of versions 2.3.0 and 2.3.1
is similar.
### Version 2.3.2 (unknown password)
```
msf > use windows/misc/poisonivy_bof
msf exploit(poisonivy_bof) > set RHOST 192.168.0.103
RHOST => 192.168.0.103
msf exploit(poisonivy_bof) > check
[*] Vulnerable Poison Ivy C&C version 2.3.1/2.3.2 detected.
[*] 192.168.0.103:3460 - The target appears to be vulnerable.
msf exploit(poisonivy_bof) > set PAYLOAD windows/shell_bind_tcp
PAYLOAD => windows/shell_bind_tcp
msf exploit(poisonivy_bof) > exploit
[*] Started bind handler
[*] Performing handshake...
[*] Sending exploit...
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\winxp\Desktop\Poison Ivy\Poison Ivy 2.3.2>
```
### Version 2.2.0 (unknown password)
```
msf exploit(poisonivy_bof) > check
[*] Vulnerable Poison Ivy C&C version 2.2.0 detected.
[*] 192.168.0.103:3460 - The target appears to be vulnerable.
msf exploit(poisonivy_bof) > show targets
Exploit targets:
Id Name
-- ----
0 Poison Ivy 2.2.0 on Windows XP SP3 / Windows 7 SP1
1 Poison Ivy 2.3.0 on Windows XP SP3 / Windows 7 SP1
2 Poison Ivy 2.3.1, 2.3.2 on Windows XP SP3 / Windows 7 SP1
msf exploit(poisonivy_bof) > set TARGET 0
TARGET => 0
msf exploit(poisonivy_bof) > exploit
[*] Started bind handler
[*] Performing handshake...
[*] Sending exploit...
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\winxp\Desktop\Poison Ivy\Poison Ivy 2.2.0>
```
2015-09-07 17:48:28 +02:00
xistence
1d492e4b25
Lots of X11 protocol changes
2015-09-06 15:55:16 +07:00
HD Moore
ec5cbc842e
Cosmetic cleanups
2015-09-05 22:56:11 -05:00
HD Moore
8c0b0ad377
Fix up jailbreak commands & regex for success detection
2015-09-05 22:54:07 -05:00
JT
2f8dc7fdab
Update w3tw0rk_exec.rb
...
changed response to res
2015-09-05 14:21:07 +08:00
jvazquez-r7
23ab702ec4
Land #5631 , @blincoln682F048A's module for Endian Firewall Proxy
...
* Exploit CVE-2015-5082
2015-09-04 16:28:32 -05:00
jvazquez-r7
2abfcd00b1
Use snake_case
2015-09-04 16:27:09 -05:00
jvazquez-r7
15aa5de991
Use Rex::MIME::Message
2015-09-04 16:26:53 -05:00
jvazquez-r7
adcd3c1e29
Use static max length
2015-09-04 16:18:55 -05:00
jvazquez-r7
1ebc25092f
Delete some comments
2015-09-04 16:18:15 -05:00
wchen-r7
da0752e8c2
use fail_with
2015-09-04 15:12:05 -05:00
wchen-r7
7ab506dc06
Use Msf::Post::Android::System#get_build_prop to get the android ver
...
Instead of grabbing the android version from the module, this
is done by the mixin.
2015-09-04 15:05:45 -05:00
Roberto Soares
cc405957db
Add some improvements
2015-09-04 16:02:30 -03:00
wchen-r7
5646f2e0c4
successful status should include last_attempted_at
2015-09-04 13:45:44 -05:00
wchen-r7
cf6d5fac2a
Use the latest cred API, no more report_auth_info
2015-09-04 13:43:15 -05:00
Roberto Soares
4531d17cab
Added the rest of the code
2015-09-04 15:37:42 -03:00
jvazquez-r7
eaf51a2113
Land #5722 , @vallejocc's busybox work
2015-09-04 13:36:44 -05:00
jvazquez-r7
5dd0cee36a
Add comment
2015-09-04 13:30:00 -05:00
Roberto Soares
b9ba12e42a
Added get_token method.
2015-09-04 15:27:28 -03:00
jvazquez-r7
8bfa5bcd09
Do some more minor code cleaning
2015-09-04 13:08:27 -05:00
jvazquez-r7
ac49c80367
Do minor code cleanup
2015-09-04 12:46:21 -05:00
jvazquez-r7
60d2856444
Use id instead of whoami
2015-09-04 12:02:21 -05:00
jvazquez-r7
4fa58efaa0
Allow to configure the DOWNLOAD_TIMEOUT
2015-09-04 11:54:22 -05:00
jvicente
2b2dec3531
Fixed typo direcotry.
2015-09-04 18:52:55 +02:00
jvazquez-r7
319bc2d750
Use downcase
2015-09-04 11:18:09 -05:00
Roberto Soares
6f4f8e34b4
Added method bolt_login.
2015-09-04 10:45:15 -03:00
wchen-r7
d55757350d
Use the latest credential API, no more report_auth_info
2015-09-04 03:04:14 -05:00
Roberto Soares
a195f5bb9e
Initial commit - Skeleton
2015-09-04 04:09:16 -03:00
jvazquez-r7
ef6df5bc26
Use get_target_arch
2015-09-03 16:30:46 -05:00
jvazquez-r7
2588439246
Add references for the win32k info leak
2015-09-03 15:35:41 -05:00
Brent Cook
e48bcb4e08
Land #5931 , tweak titles
2015-09-03 14:52:52 -05:00
James Lee
b2c401696b
Add certutil support.
...
Tested while landing #5736
2015-09-03 14:24:37 -05:00
James Lee
1e6a1f6d05
Revert "Fix spec like I shoulda done before landing #5736"
...
This reverts commit 956c8e550d
.
Conflicts:
spec/lib/rex/exploitation/cmdstager/certutil_spec.rb
2015-09-03 14:18:55 -05:00
James Lee
b4547711f3
Add certutil support.
...
Tested while landing #5736
2015-09-03 13:27:10 -05:00
jvazquez-r7
697a6cd335
Rescue the process execute
2015-09-03 13:03:36 -05:00
HD Moore
f0ef035a0b
Update the module titles to clarify what these do
2015-09-03 12:53:25 -05:00
HD Moore
630057e23f
Implement suggestions from the PR discussion
2015-09-03 12:42:51 -05:00
HD Moore
57c8038f07
Merge branch 'master' into land-5413
2015-09-03 12:38:19 -05:00
jvazquez-r7
80a1e32339
Set Manual Ranking
2015-09-03 12:24:45 -05:00
HD Moore
0f1530adc1
Merge branch 'master' into land-5412
2015-09-03 12:22:00 -05:00
HD Moore
6e4ae1238b
Land #5791 , show the VHOST in module output
2015-09-03 11:36:19 -05:00
HD Moore
b8eee4a9e4
Show the IP address if it doesn't match the VHOST
2015-09-03 11:35:38 -05:00
HD Moore
9b51352c62
Land #5639 , adds registry persistence
2015-09-03 11:26:38 -05:00
HD Moore
1b021464fe
Land #5919 , remove deprecated VMware modules & update resource script.
2015-09-03 10:23:48 -05:00
jvazquez-r7
dbe901915e
Improve version detection
2015-09-03 09:54:38 -05:00
jvazquez-r7
394b1155b2
Apply stager patch in master
2015-09-03 08:30:09 -05:00
Brent Cook
1440f31756
Land #5637 , resiliency improvements to TCP stagers
2015-09-02 22:50:12 -05:00
OJ
3fd9e0311c
Update payload sizes
2015-09-03 12:01:11 +10:00
jvazquez-r7
de25a6c23c
Add metadata
2015-09-02 18:32:45 -05:00
HD Moore
9f9bbce034
Land #5840 , add LLMNR & mDNS modules
2015-09-02 18:30:29 -05:00
HD Moore
0120e5c443
Cosmetic tweaks, don't report duplicate responses
2015-09-02 18:30:03 -05:00
jvazquez-r7
8f70ec8256
Fix Disclosure date
2015-09-02 18:21:36 -05:00
jvazquez-r7
b912e3ce65
Add exploit template
2015-09-02 17:28:35 -05:00
Jon Hart
42a2a86f32
Back out all changes to ms11_030_dnsapi
2015-09-02 13:53:10 -07:00
Jon Hart
6d1ab101ed
Back out all changes to llmnr_response
2015-09-02 13:52:38 -07:00
HD Moore
4090c2c8ea
Land #5880 , adds ScriptHost UAC bypass for Win7/2008
2015-09-02 14:14:18 -05:00
Meatballs
582cc795ac
Remove newlines
2015-09-02 19:42:04 +01:00
HD Moore
43d3e69fb2
Land #5917 , update local exploit checks
2015-09-02 12:55:45 -05:00
HD Moore
126fc9881e
Cleanup and tweaks
2015-09-02 12:48:53 -05:00
Jon Hart
3d04d53e3a
first pass at better output and report_service
2015-09-02 10:31:46 -07:00
JT
b89b6b653a
Update trace.rb
2015-09-03 01:26:45 +08:00
JT
73bf812dfd
Update trace.rb
...
removed the cookie
2015-09-03 00:35:23 +08:00
JT
5ecee6aaba
Update trace.rb
...
removed some spaces so that msftidy will be happy
2015-09-03 00:27:22 +08:00
JT
34e0819a6e
Modified the HTTP Trace Detection to XST Checker
...
This was suggested by HD Moore in https://github.com/rapid7/metasploit-framework/pull/5612
2015-09-03 00:19:08 +08:00
HD Moore
95b9208a63
Change recv to get_once to avoid indefinite hangs, cosmetic tweaks.
2015-09-02 10:30:19 -05:00
xistence
a81a9e0ef8
Added TIME_WAIT for GUI windows
2015-09-02 16:55:20 +07:00
Meatballs
8f25a006a8
Change to automatic target
2015-09-02 09:13:25 +01:00
Waqas Ali
8e993d7793
Remove deprecated vmware modules
2015-09-02 13:00:15 +05:00
wchen-r7
0c4b020089
Land #5913 , Add WP NextGEN Gallery Directory Traversal Vuln
2015-09-02 00:01:35 -05:00
wchen-r7
4275a65407
Update local exploit checks to follow the guidelines.
...
Please see wiki "How to write a check() method" to learn how
these checkcodes are determined.
2015-09-01 23:26:45 -05:00
HD Moore
347698e93f
Land #5915 , fix a warning with the regex
2015-09-01 23:08:01 -05:00
HD Moore
381297ba93
Fix the regex flags
2015-09-01 23:07:48 -05:00
Roberto Soares
626704079d
Changed output store_loot
2015-09-02 00:18:10 -03:00
Roberto Soares
96600a96ab
Changed html parse by @wchen-r7
2015-09-01 22:03:21 -03:00
Alexander Salmin
3c72467b7d
Fixes bug where "cert.rb:47: warning: flags ignored" happens due to some issuer patterns.
2015-09-02 01:02:46 +02:00
Brent Cook
56a1cfd9c8
updated cached payload sizes
2015-09-01 18:02:16 -05:00
Brent Cook
9dd14eb747
Merge branch 'upstream-master' into land-5899-android
2015-09-01 17:11:58 -05:00
Meatballs
27775fbe58
Restrict to 7 and 2k8
2015-09-01 22:23:37 +01:00
HD Moore
cd65478d29
Land #5826 , swap ExitFunction -> EXITFUNC
2015-09-01 13:58:12 -05:00
Roberto Soares
35661d0182
Add WP NextGEN Gallery Directory Traversal Vuln
2015-09-01 13:28:04 -03:00
Christian Mehlmauer
bfc24aea16
change exitfunc to thread
2015-09-01 10:52:25 +02:00
Christian Mehlmauer
115f409fef
change exitfunc to thread
2015-09-01 10:48:07 +02:00
Christian Mehlmauer
5398bf78eb
change exitfunc to thread
2015-09-01 10:46:54 +02:00
Christian Mehlmauer
3e613dc333
change exitfunc to thread
2015-09-01 10:43:45 +02:00
Christian Mehlmauer
648c034d17
change exitfunc to thread
2015-09-01 10:42:15 +02:00
James Lee
1b778d0650
Land #5898 , use gem version of php & python meterp
2015-08-31 16:16:36 -05:00
HD Moore
ff6fbfa738
Land #5895 , rework of ADSI modules
2015-08-31 14:10:41 -07:00
Brent Cook
d670a62000
Land #5822 , migrate obsolete payload compatibility options
2015-08-31 15:20:20 -05:00
Jon Hart
9a2696aed4
Add Reference
2015-08-31 12:03:17 -07:00
Jon Hart
c14cae1425
Make INTERNAL_PORT optional, allowing DELETE to work
2015-08-31 11:30:18 -07:00
Jon Hart
44813370d5
Better name, description and author
2015-08-31 10:42:50 -07:00
Jon Hart
8665134691
Add add/delete action. update logging. rename module again
2015-08-31 10:22:36 -07:00
Jon Hart
436910b25f
Clean up map description
2015-08-28 15:49:29 -07:00
Jon Hart
e6e05814d0
Use an OptAddress instead, revert back to client name
2015-08-28 15:43:04 -07:00
Jon Hart
66616eeb95
Remove unused
2015-08-28 15:38:23 -07:00
Jon Hart
35555f5f24
Make most everything configurable and provide useful output
2015-08-28 15:36:49 -07:00
Jon Hart
13dd8222ec
Expose lease duration as an option
2015-08-28 15:22:19 -07:00
Jon Hart
d57041136f
Use random port mapping description
2015-08-28 15:09:58 -07:00
Jon Hart
840be71683
Add support for specifying protocol
...
UDP is fun too. Are there others?
2015-08-28 14:53:41 -07:00
Jon Hart
45fde928fc
More minor style cleanup
2015-08-28 14:49:57 -07:00
Jon Hart
ba95a7d2ac
Convert to using HttpClient
2015-08-28 14:47:13 -07:00
Jon Hart
a0aaf93f27
Relocate module to more correct location
2015-08-28 14:20:33 -07:00
Jon Hart
45c2422981
First pass at style cleanup
2015-08-28 14:19:28 -07:00
Jon Hart
cba3650488
report_service for mdns/llmnr query
2015-08-28 14:04:52 -07:00
wchen-r7
0c7d2af6bc
Land #5750 , Add WP All In One Migration Export Module
2015-08-28 14:12:14 -05:00
wchen-r7
837b6a4f71
Update description
2015-08-28 14:11:51 -05:00
wchen-r7
d2e758ac8b
Better failure handling
2015-08-28 14:08:29 -05:00
wchen-r7
3d4cb06c67
Land #5807 , Added Module WP Mobile Pack Vuln
2015-08-28 13:43:00 -05:00
wchen-r7
9e7f6d6500
Typos
2015-08-28 13:42:37 -05:00
wchen-r7
9364982467
Land #5665 , Add osx rootpipe entitlements exploit for 10.10.3
2015-08-28 13:33:16 -05:00
jvazquez-r7
9c7f97d124
Fix methods name schema
2015-08-28 13:26:52 -05:00
wchen-r7
e45347e745
Explain why vulnerable
2015-08-28 13:26:01 -05:00