6cc5324e5b
oe is all umlaut
2017-09-28 19:52:02 -04:00
3a1a437ac7
Rubocop Stlye
2017-09-28 23:53:45 +02:00
40c58e3017
Function for selecting the target host
2017-09-28 23:43:59 +02:00
cc98e80002
Change arch to ARCH_X64
2017-09-28 20:50:18 +02:00
2295146dcd
working optionsbleed module
2017-09-27 22:07:57 -04:00
997b831b52
implement regexes
2017-09-27 19:33:50 -04:00
41e3895424
remove checks for hardcoded name
2017-09-27 07:41:06 +02:00
0649d0d356
wip optionsbleed
2017-09-26 22:09:07 -04:00
579342c4f6
Land #8955 , Fix error messages on telnet_encrypt_overflow.rb
2017-09-26 16:08:58 -05:00
66d6ac418a
Land #8978 , Add smb1 scanner
2017-09-26 16:06:41 -05:00
cad36ee14e
Land #8952 , suhosin compatibility added to staged payload
2017-09-26 15:22:36 -05:00
b10d6b8b63
Land #9001 , SSLVersion consolidation for modules
2017-09-25 15:53:18 -05:00
98ae054b06
Land #8931 , Node.js debugger exploit
2017-09-25 14:00:13 -05:00
7924667e51
appease alignists
2017-09-25 09:10:10 -05:00
62ee4ed708
update modules to use inherited SSLVersion option
2017-09-25 09:03:22 -05:00
273d49bffd
Land #8891 login scanner for Inedo BuildMaster
2017-09-24 13:30:17 -04:00
4d1e51a0ff
Land #8906 RCE for supervisor
2017-09-24 08:03:30 -04:00
48188e999e
post/windows/manage/persistence_exe: fix service creation
...
Fixes service creation when in post/windows/manage/persistence_exe
2017-09-23 23:48:50 +02:00
9528f279a5
cleaned up version, and docs
2017-09-23 10:51:52 -04:00
e4f79879ba
Update and rename modules/auxiliary/dos/ibm_lotus_notes.rb to modules/auxiliary/dos/http/ibm_lotus_notes.rb
2017-09-23 18:27:50 +05:30
e8eeb784e4
Land #8960 , spelling/grammar fixes part 3
2017-09-22 18:51:31 -05:00
8de6fa79c1
Tweakz, yo.
2017-09-22 18:49:09 -05:00
d56fffcadf
Land #8974 , spelling/grammar fixes part 4. Finished.
2017-09-22 14:59:28 -05:00
f1be6b720b
Tweaky bits.
2017-09-22 13:38:06 -05:00
669b6771e3
Update ibm_lotus_notes.rb
2017-09-22 17:16:42 +05:30
a71edb33be
Create ibm_lotus_notes.rb
2017-09-22 17:08:05 +05:30
ddbff6ba3c
Land #8980 unauth RCE for denyAll WAF
2017-09-21 21:41:33 -04:00
3d543b75f5
Fixing typos and replacing double quotes with single
2017-09-21 23:48:12 +03:00
1031d7960a
Moving token extraction to the seperated function
2017-09-20 10:23:32 +03:00
5a62e779aa
Land #8954 , fix internal usage of bindata objects when generating NTP messages
2017-09-19 09:01:49 -05:00
ee969ae8e5
Adding DenyAll RCE module
2017-09-19 14:53:37 +03:00
c953842c96
Added docs and additional dialects
2017-09-18 15:02:38 -05:00
7d07f7054d
Merge remote-tracking branch 'origin/master' into add_smb1_scanner
2017-09-18 13:16:06 -05:00
d07fe2f1e7
Added reporting back, removed wfw dialect
2017-09-18 13:15:19 -05:00
08dea910e1
pbarry-r7 comments
2017-09-17 19:38:43 -04:00
c90f885938
Finished spelling issues
2017-09-17 16:00:04 -04:00
d5362333e2
Land #8958 , Add Disk Pulse Enterprise web server buffer overflow
2017-09-15 13:34:22 -05:00
6f5eb5a18f
update
2017-09-15 12:07:28 -05:00
e651bc1205
Land #8951 , Hwbridge auto padding fix and flowcontrol
2017-09-15 08:33:17 -05:00
4e81a68108
Simplify saving valid credentials by calling store_valid_credential
2017-09-15 00:18:33 -05:00
e88b766276
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into add_smb1_scanner
2017-09-14 17:00:45 -05:00
646dda7958
Add initial smbv1 scanner code
2017-09-14 16:59:39 -05:00
c77cb51d64
add newline
2017-09-14 18:26:11 +02:00
a992a3c427
Land #8774 , Post module for gather Docker credentials
2017-09-14 10:15:03 -05:00
200a1b400a
Remove spaces to appease msftidy.
2017-09-14 09:28:38 -05:00
30f833f684
80 pages left
2017-09-13 22:03:34 -04:00
52385f4d9e
fix formatting to fit rubocop
2017-09-13 11:46:57 -05:00
b8c40a9d95
Clean up formatting
2017-09-13 11:13:33 -05:00
3c204f91ef
Correct module title
2017-09-13 11:02:13 -05:00
65f2ee9109
added generate_seh_record
2017-09-13 10:56:32 -05:00
7db506887b
Add exploit code
2017-09-13 10:36:36 -05:00
eb0d174987
Add disk_pulse_enterprise_get module
2017-09-13 10:19:24 -05:00
a07f7c9f42
Land #8520 , Linux post module to find and collect TOR hidden service configurations
2017-09-12 13:39:18 -05:00
27a517e0f6
Fix #8060 , cf #8061
2017-09-12 18:41:51 +02:00
a7a17c677c
fix internal usage of bindata objects when generating NTP messages
2017-09-12 09:54:09 -04:00
86726978ed
payload size updated
2017-09-12 19:23:31 +05:30
e4465c9350
Fixed a bug where flowcontrol caused the first packet to get lost
2017-09-11 19:00:53 -07:00
b218cc3c7f
Merge branch 'master' into hw_auto_padding_fix
2017-09-11 18:30:34 -07:00
ad9329993d
Added better padding and flowcontrol support.
2017-09-11 18:20:57 -07:00
7b87915e1f
Land #8923 , Add additional error checking to mssql_clr_payload module
2017-09-11 17:39:33 -05:00
a58552daad
Land #8825 , Handle missing util.pump in nodejs shell payloads
2017-09-11 15:32:21 -05:00
5f66b7eb1a
Land #8940 , @h00die's second round of desc fixes
...
One ninja edit along the way as well.
2017-09-11 13:05:13 -05:00
cfbd3c1615
Fix spelling of Honeywell
2017-09-11 13:02:18 -05:00
ba880d1a85
Changes to mssql_clr_payload error handling based on code review
2017-09-10 14:15:39 -05:00
2966fb7c8c
Accept @shawizard suggestion for formatting msg_body
2017-09-10 11:23:52 -07:00
861f4a6201
Changes to buildmaster_login from code review
...
Use peer property in messages instead of rhost rport combination for consistency.
Documentation updated accordingly.
2017-09-09 18:00:04 -05:00
47adfb9956
Fixes from code review to buildmaster_login
...
Per bcoles, the most important fixes are:
- Removing `self.class` from call to `register_options`
- Adding rescue to login_succeeded to handle bad json
2017-09-09 16:26:01 -05:00
7339658ba9
224 pages of spelling issues left
2017-09-09 09:52:08 -04:00
6289cc0b70
Merge branch 'spellin' of https://github.com/h00die/metasploit-framework into spellin
2017-09-08 22:20:39 -04:00
0910c482a9
35 pages of spelling done
2017-09-08 22:19:55 -04:00
8f864c27e3
Land #8924 , Add Apache Struts 2 REST Plugin XStream RCE
2017-09-08 13:59:52 -05:00
54a62976f8
update versions and add quick module docs
2017-09-08 13:59:29 -05:00
978fdb07b0
Comment out PSH target and explain why
...
I hope we can fix the PSH target in the future, but the Windows dropper
works today, and you can specify a custom EXE if you really want.
2017-09-08 13:41:06 -05:00
c91ef1f092
Land #8768 , Add Docker Daemon TCP exploit module
2017-09-08 12:50:00 -05:00
2ebf53b647
Minor tweaks...
2017-09-08 10:04:47 -05:00
00c593e0a2
55 pages of spelling done
2017-09-07 21:18:50 -04:00
a9a307540f
Assign cmd to entire case and use encode for XML
...
Hat tip @acammack-r7. Forgot about that first syntax!
2017-09-07 19:36:08 -05:00
8f1e353b6e
Add Apache Struts 2 REST Plugin XStream RCE
2017-09-07 19:30:48 -05:00
a0181a4d54
Land #8831 , Add Maven post-exploitation credential extraction module
...
Merge remote-tracking branch 'upstream/pr/8831' into upstream-master
2017-09-08 00:37:03 +02:00
7e9d0b3e9b
Fix permissions in docker priv_esc module
...
The previous command didn't give the original user enough permissions
to execute the payload. This was resulting in permission denied
and preventing me from getting a root shell.
Fixes #8937
2017-09-07 16:48:02 -05:00
c67e407c9c
Land #8880 , added Cisco Smart Install (SMI) scanner
2017-09-07 08:06:03 -05:00
9877a61eff
bump payloads
2017-09-07 01:36:25 -05:00
816e78b6f6
First pass of named pipe code for pivots
2017-09-07 01:33:53 -05:00
5d009c8d0b
remove dead code
2017-09-06 23:21:56 -07:00
048316864c
remove redundant return
2017-09-06 23:01:13 -07:00
97d08e0da4
fix reviewer comments
2017-09-06 22:53:02 -07:00
d71f7876b8
initial commit of nodejs debugger eval exploit
2017-09-06 22:29:24 -07:00
be66ed8af3
Land #8788 exploits for Gh0st and PlugX malware controllers
2017-09-05 20:42:07 -04:00
44fb059cea
Add error checking to mssql_clr_payload
...
Additional error checking had been added to exploits/windows/mssql/mssql_clr_payload
If an error is encountered when changing the trustworthy or clr setting, the exploit fails with a message.
2017-09-05 18:48:22 -05:00
b0dc44fb86
Land #8909 , Avoid saving some invalid creds
2017-09-05 12:43:03 -05:00
d05c401866
modules cleanup and add docs
2017-09-04 20:57:23 -04:00
6051a1a1c1
Land #8910 , Use meta redirect instead of JS redirect in 2 modules
2017-09-01 13:50:02 -05:00
86db2a5771
Land #8888 from @h00die, with two extra fixes
...
Fixes spelling and grammar in a bunch of modules. More to come!
2017-08-31 14:37:02 -05:00
8a045e65aa
Spaces between commas
2017-08-31 14:29:23 -05:00
642a13e820
Out out damn tick
2017-08-31 14:29:05 -05:00
86ee77ffb0
add aarch64 nops and fix aarch64 cmdstager
2017-08-31 18:48:58 +08:00
195c1e041f
Update payload specs and sizes
...
Adds the new Aarch64 and R payloads
fix merge
2017-08-31 18:48:56 +08:00
7b71f60ea1
fix the stack
2017-08-31 18:35:18 +08:00
26f4fa3b09
setup stack
2017-08-31 18:35:17 +08:00
a2396991f0
stager not setting up stack
2017-08-31 18:35:17 +08:00
6dbe00158f
fix stager
2017-08-31 18:35:17 +08:00
49173818fd
Addresses #8674
...
This type of redirection will work without javascript being enabled.
Modules:
multi/browser/firefox_xpi_bootstrapped_addon
multi/browser/itms_overflow
More info on the meta element:
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta
2017-08-30 23:16:46 -05:00
2bbba9c500
Avoid some ActiveRecord validation errors.
...
Per discussion with @bcoles in [PR 8759](https://github.com/rapid7/metasploit-framework/pull/8759#issuecomment-325028479 ), setting a login data's last_attempted_at value while also setting the status to UNTRIED will cause a validation error when there's a running+connected MSF DB.
This PR removes the handful of existing cases we're doing this (thx, @bcoles!).
2017-08-30 15:31:36 -05:00
eec5d2ada9
Update description and add link to SIET
2017-08-30 11:52:11 -07:00
3b745bd17c
Rework the bash, redirect stdout/err to /dev/null
...
Dont need the -
2017-08-30 03:49:30 +01:00
9387a765e5
Fix msftidy warns/errs
2017-08-30 03:10:46 +01:00
4934023fa5
Use alternate system() payload, dont worry about restarts
...
Use nohup and & to background the meterpreter process
2017-08-30 03:10:46 +01:00
d53f10554d
Configurable restart command
2017-08-30 03:10:46 +01:00
d0ff2694b3
Restart after payload process ends
2017-08-30 03:10:46 +01:00
aee44e3bd2
Working meterpreter exploit
...
No service restart
2017-08-30 03:10:46 +01:00
7cfb5fcc97
Rename
2017-08-30 03:10:46 +01:00
8b67b710fa
Add template
2017-08-30 03:10:46 +01:00
202c936868
Land #8826 , git submodule remote command execution
2017-08-29 18:11:32 -05:00
46eeb1bee0
update style
2017-08-29 17:44:39 -05:00
d5124fdc94
Land #8759 , Add TeamTalk Gather Credentials auxiliary module
2017-08-29 13:17:28 -05:00
39299c0fb8
randomize submodule path
2017-08-29 16:54:08 +08:00
c9e32fbb18
Remove last_attempted_at
2017-08-29 05:05:04 +00:00
a40429158f
40% done
2017-08-28 20:17:58 -04:00
1e8edb377f
Land #8873 , cleanup enable_rdp, add error handling
2017-08-28 05:50:42 -05:00
582b2e238e
update mettle payload to 0.2.2, add background and single-thread http comms
2017-08-28 05:31:44 -05:00
15ec40f5c6
update R cached sizes
2017-08-28 05:31:42 -05:00
bd7ea1f90d
more updates, 465 more pages to go
2017-08-26 21:01:10 -04:00
7dfde651ea
Add login scanner module for Inedo BuildMaster
...
This module attempts to log into BuildMaster. BuildMaster is an application release automation tool.
More information about BuildMaster:
http://inedo.com/
2017-08-26 17:56:53 -05:00
a8067070f2
Fix typo
2017-08-26 17:52:11 +02:00
924c3de9f3
Land #7382 , BIND TSIG DoS
2017-08-26 10:42:35 -05:00
f9a2c3406f
Clean up module
2017-08-26 10:41:10 -05:00
3420633f29
@NickTyrer corrected my correction
2017-08-26 08:43:10 -04:00
801e3e2d68
Replace REXML with Nokogiri and try to cross id with mirror/repository tag
2017-08-25 18:28:09 +02:00
abaf80f3df
jmartin improvements (iter on keys + save as credentials)
2017-08-25 18:15:24 +02:00
32a4436ecd
first round of spelling/grammar fixes
2017-08-24 21:38:44 -04:00
8f17d536a7
Update phpmailer_arg_injection.rb
...
Removed second parameter as it was not necessary. Only changed needed was to change "send_request_cgi" to "send_request_cgi!"
2017-08-24 00:29:28 -06:00
c49b72a470
Follow 301 re-direct
...
I found that in some cases, the trigger URL cannot be accessed directly. For example, if the uploaded file was example.php, browsing to "example.php" would hit a 301 re-direct to "/example". It isn't until hitting "/example" that the php is executed. This small change will just allow the trigger to follow one 301 redirect.
2017-08-23 18:53:54 -06:00
821121d40b
Land #8871 , improve compatibility and speed of JDWP exploit
2017-08-23 18:53:47 -05:00
cba4d36df2
provide missing bits for R platform
2017-08-23 16:58:48 -05:00
4c285c0129
Land #8827 , QNAP Transcode Server RCE
2017-08-22 23:07:01 -05:00
7b18c17445
Appease rubocop
2017-08-22 14:53:21 -07:00
128949217e
more osx
2017-08-22 16:48:09 -05:00
2969da3d70
Merge branch 'upstream-master' into feature/cisco-smi-scanner
2017-08-22 14:39:44 -07:00
bb120962aa
more osx support
2017-08-22 14:01:48 -05:00
7263c7a66e
add 64-bit, osx support
2017-08-22 13:51:28 -05:00
be2739d335
Transform loots into creds
2017-08-22 11:57:51 +02:00
33f2ebc2aa
code cleanup
2017-08-21 22:46:30 -05:00
58e332cc7c
only fail if the group sids fail to resolve and we actually have to add a user
2017-08-21 22:36:40 -05:00
e01caac9ed
removing slice operators from jdwp_debugger
2017-08-21 16:36:54 -05:00
031f48725f
add missing quotes
2017-08-21 16:16:03 -05:00
edbe8d73c2
Revert "Revert passive stance for multi/handler"
...
This reverts commit 66a4ea4f0b
2017-08-21 16:14:23 -05:00
c14daf3fcc
Land #8857 , Reverse and bind shells in R
2017-08-21 15:49:24 -05:00
605330faf6
Land #8842 , add linux/aarch64/shell_reverse_tcp
2017-08-21 15:44:28 -05:00
430251b8f6
fix compatibility with php meterpreter
2017-08-21 15:37:31 -05:00
2873a899db
Address msftidy complaint
2017-08-21 03:39:03 -04:00
h00die
Martin Pizala
Christian Mehlmauer
bwatters-r7
Brent Cook
William Vu
Brent Cook
Jannis Pohl
RootUp
Pearce Barry
Mehmet Ince
loftwing
William Webb
james
Jeffrey Martin
Erik Lenoir
Anant Shrivastava
Craig Smith
Tod Beardsley
james
Patrick Thomas
dmohanty-r7
James Barnett
OJ
Adam Cammack
Tim
Jon Hart
Calum Hutton
Brendan Coles
Jon P
n00py
Louis Sato
RageLtMan