bc425b0378
Update samsung_security_manager_put
...
This patch improves the following
* Stage 1 XSS/JS attack to use the body.onload callback
* Better timing for FF
2016-09-22 12:02:49 -05:00
fed2ed444f
Remove deprecated modules
...
psexec_psh is undeprecated because users have been reporting
idiosyncrasies between it and psexec in the field.
2016-09-03 12:43:01 -05:00
226ded8d7e
Land #6921 , Support basic and form auth at the same time
2016-08-25 16:31:26 -05:00
eb73a6914d
replace old rex::ui::text::table refs
...
everywhere we called the class we have now rewritten it
to use the new namespace
MS-1875
2016-08-10 13:30:09 -05:00
3d1289dac3
Land #7185 , Add VMware Host Guest Client Redirector DLL Hijack Exploit
2016-08-08 11:41:40 -05:00
51c457dfb3
Update vmhgfs_webdav_dll_sideload
2016-08-08 11:40:03 -05:00
230903562f
Add Samsung Security Manager 1.5 ActiveMQ Broker exploit
2016-08-05 15:19:22 -05:00
dae1679245
Fixed build warnings
2016-08-05 20:40:41 +02:00
02e065dae6
Fixed disclosure date format
2016-08-05 20:32:58 +02:00
97d11a7041
Exploit module for CVE-2016-5330 VMware Host Guest Client Redirector DLL hijack
2016-08-05 20:19:40 +02:00
14a387e4eb
Land #7163 , Add exploit payload delivery via SMB
2016-08-03 14:44:59 -05:00
e16c57ed07
Lower rank
2016-08-03 14:02:47 -05:00
96dbf627ae
Remove unwanted metadata for HttpServer
2016-08-03 13:55:58 -05:00
be4f55aa2f
forgot to update ranking
2016-08-02 13:30:12 -05:00
ba0da52274
msftidy cleanup
2016-08-01 13:36:05 -05:00
21e6211e8d
add exploit for cve-2016-0189
2016-08-01 13:26:35 -05:00
d46c3a1d8c
Collector looks like hex, store it as a string
2016-07-29 21:57:51 -05:00
1d6fa11c4f
Addition of SMB delivery module
2016-07-29 14:58:30 -04:00
ff63e6e05a
Land #7018 , unvendor net-ssh
2016-07-19 17:06:35 -05:00
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e02167b1d9596c7
2016-07-15 12:00:31 -05:00
b6b52952f4
set ssh to non-interactive
...
have to set the non-interactive flag so that it does not
prompt the user on an incorrect password
MS-1688
2016-07-14 11:12:03 -05:00
01d0d1702b
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-07-14 09:48:28 -05:00
8f928c6ca1
Land #7006 , Add MS16-032 Local Priv Esc Exploit
2016-07-12 15:22:35 -05:00
815c426b4d
Match naming style
2016-07-12 15:18:39 -05:00
f11b84f106
Update wfsdelay and check for ms16-032
2016-07-12 15:17:21 -05:00
277950cc79
Land #6733 , psexec StackAdjustment fix
2016-07-12 11:14:16 -05:00
2b016e0216
Land #6812 , remove broken OSVDB references
2016-07-11 22:59:11 -05:00
7211936f96
Fix Payload exit issue
...
Fixed payload exiting issue by adding while ($true){Start-Sleep 1000};
statement.
2016-07-11 16:21:08 -04:00
fee361dae0
Land #7075 , Add ms16-016 local privilege escalation
2016-07-06 12:01:01 -05:00
532ea5d4c4
Make sure there's a ref and checkcode
2016-07-06 12:00:20 -05:00
45401bfe45
Land #7069 , modify check codes in multiple local exploits
2016-07-06 00:04:24 -05:00
b4b3a84fa5
refactor ms16-016 code
2016-07-05 20:50:43 -05:00
5f9f3259f8
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-07-05 10:48:38 -05:00
e29d5b9efe
Land #6954 , Fix the available size of payload for exploit/.../payload_inject
2016-07-05 07:38:27 -07:00
0f8efec001
Fix modules broken by @wchen-r7 's 4275a65407 commit.
...
These modules call check() in the exploit() function and expected to get a CheckCode::Vulnerable, now that check() returns Appears instead of Vulnerable they always refuse to run.
I've flipped the logic, based on examples in other modules, now they refuse to run only if check() positively returns Safe.
2016-07-05 13:49:14 +02:00
12812650c0
Land #7054 , Fix busted alpha encoding on ms02_018_htr
2016-07-02 17:07:25 -05:00
3850431966
Fix busted alpha encoding on this old-ass exploit
2016-07-01 17:20:00 -05:00
a1bd640eff
Fix hashrocket alignment
2016-07-01 09:05:03 -05:00
1401a61f59
Land #6998 , Fix #6984 Undefined method 'winver' in ms10_092_schelevator
2016-06-30 16:14:09 -05:00
3d93c55174
move sshfactory into a mixin method
...
use a convience method to DRY up creation
of the SSHFactory inside modules. This will make it easier
to apply changes as needed in future. Also changed msframework attr
to just framework as per our normal convention
MS-1688
2016-06-28 15:23:12 -05:00
6c3871bd0c
update ssh modules to use new SSHFactory
...
updated all of our SSh based module to use the
new SSHFactory class to plug Rex::Sockets into
Net::SSH
MS-1688
2016-06-24 13:55:28 -05:00
40d7de05ef
Fix Payload Generation
...
Payload generation now only occurs once and function 'setup_pay'
removed. Payload is generated with cmd_psh_payload and is mutated to
fit dropped text file.
2016-06-23 11:20:22 -04:00
df1a9bee13
Move ps1, Use Env var, Fix license, New Cleanup
...
MS16-032 ps1 moved to external file. This ps1 will now detect windir
to find cmd.exe. The module now also detects windir to find
powershell.exe. The license is now BSD_LICENSE, and the required
copyright has been moved to the ps1. The previous optional cleanup stage
is now standard. The optional 'W_PATH' assignment is corrected to
select the user's variable unless 'W_PATH' is nil.
2016-06-22 09:25:48 -04:00
b9d0bcc193
Add MS16-032 Local Priv Esc Exploit to tree
...
This module will use the powershell port of ms16-032 created by
@FuzzySec. All payloads are pushed to a compress powershell script in a
plain text file on the disk to execute.
2016-06-21 14:56:12 -04:00
2b85b210e9
Fix #6984 , Undefined method 'winver' in ms10_092_schelevator
...
Fix #6984
2016-06-20 10:37:41 -05:00
6cb2a6970e
Fix unused SessionType in two modules
...
Pretty sure it should be "shell."
2016-06-19 23:41:34 -05:00
3a39d8020d
Moving back to PSH option only
2016-06-13 12:44:21 -05:00
52bbd22a81
Moving back to PSH option only
2016-06-13 12:10:48 -05:00
8c7796c6d3
Module Cleanup
2016-06-11 18:12:42 -05:00
46eff4c96d
Added command option
2016-06-11 18:07:24 -05:00
wchen-r7
William Vu
Pearce Barry
David Maloney
Steven Seeley
Yorick Koster
Yorick Koster
William Webb
James Lee
Andrew Smith
Brent Cook
khr0x40sh
Brendan
Clément Notin
Trenton Ivey