7cc00c0e10
fixed padding/offsets for win 10
2018-01-28 21:10:51 -07:00
237c3f7b2c
crash 10.14393... should fail to leak transaction
2018-01-28 18:52:43 -07:00
2723b328aa
misc tidying, added more randomness
2018-01-28 18:20:18 -07:00
6c2d5b1fc2
semi-completed exploit files
2018-01-28 18:13:25 -07:00
c390696ddf
Land #9379 , Oracle Weblogic RCE exploit and documentation
2018-01-25 21:47:18 -06:00
309deb9ee7
Land #9446 , Post API fix for setuid_nmap
2018-01-25 16:00:40 -06:00
6caba521d3
Land #9424 , Add SharknAT&To external scanner
2018-01-24 12:40:29 -05:00
eb572a3ef5
Land #8632 , colorado ftp fixes
2018-01-23 17:45:07 -06:00
a27cfeaea9
Land #9416 , Sync Breeze Enterprise 9.5.16 Import Command buffer overflow
...
Merge branch 'land-9416' into upstream-master
2018-01-23 16:35:51 -06:00
3922844650
ninja style changes
2018-01-23 16:34:49 -06:00
d81d50b491
Land #9430 , Improve Hyper-V checkvm checks
2018-01-23 15:22:12 -06:00
685a950077
Land #9114 , Add module for Kaltura <= 13.1.0 RCE (CVE-2017-14143)
...
Merge branch 'land-9114' into upstream-master
2018-01-23 12:35:59 -06:00
5684b9ed7c
Readd dropped return during refactoring
2018-01-23 10:12:15 -06:00
be08af5404
More Python style fixes
2018-01-23 09:17:22 -06:00
d3b3946669
Use Msf::Post::File#setuid? in setuid_nmap
2018-01-23 02:05:26 -06:00
03d1523d43
Land #6611 , add native DNS to Rex, MSF mixin, sample modules
2018-01-22 23:54:32 -06:00
a6e5944ec5
fix msftidy, add nicer errors on bind failure
2018-01-22 23:37:39 -06:00
aae77fc1a4
Land #9349 , GoAhead LD_PRELOAD CGI Module
2018-01-22 23:10:36 -06:00
d1569f8280
Land #9413 , Expand the number of class names searched when checking for an exploitable JMX server
2018-01-22 16:49:01 -06:00
10fde42adc
Land #9431 , Fix owa_login to handle inserting credentials for a hostname
2018-01-22 16:46:39 -06:00
b12953fa85
Land #9404 , update module author
2018-01-22 16:41:50 -06:00
394c31c1e3
Remove NoMethod Rescue for cerberus_sftp_enumusers
...
Please see reasons in #9436
2018-01-22 11:10:23 -06:00
38d056b930
Land #9436 - Fix cerberus_sftp_enumusers undefined method start for nil
...
Land #9436
Thanks Steve!
2018-01-22 11:07:23 -06:00
85d018096b
Pass password_prompt and non_interactive to fix #8970
...
Fix #8970
2018-01-22 11:06:12 -06:00
682c915a09
Land #9267 , Add targets to sshexec
2018-01-22 09:59:48 -06:00
69818aea22
update payload sizes
2018-01-21 08:03:07 -06:00
2a6b3671bf
Add connection addr+port info to http response object.
...
Update owa_login to use this instead of doing lookups on its own.
2018-01-19 13:37:33 -06:00
8f75d3a46b
Possible fix to changes in net::ssh usage
2018-01-19 15:10:14 +00:00
c7d3b5dfbb
Update payload and disable check functionality
...
The check functionality is broken as MSF cannot handle HttpServer and HttpClient at this time.
The payloads were updated to ensure CVE-2017-10271 is being exploited instead of CVE-2017-3506 as explained on https://blog.nsfocusglobal.com/threats/vulnerability-analysis/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability/
2018-01-18 13:26:44 -05:00
7849743789
update stageless python sizes
2018-01-18 00:41:58 -06:00
e9ce2374e5
Auto-resolve target if it's a hostname (owa_login).
...
Ensures the module does save the creds which it claims to be saving. See MS-2968.
2018-01-17 16:47:21 -06:00
9328374155
Update 'author' field of metadata
2018-01-17 16:43:37 -06:00
0f0b116751
Rename scanner bits to avoid confusion
2018-01-17 14:46:31 -06:00
10cf327c26
Improve Hyper-V tests in checkvm
...
All Win10 machines, physical and virtual, were being reported as 'Hyper-V' (false positives)
Added functionality to extract hostname of physical hypervisor from VM registry
2018-01-17 14:29:03 -06:00
4c11eae774
Maybe that timeout is needed.....
2018-01-17 13:21:36 -06:00
c7894f1d74
Split long lines and add comments
2018-01-17 12:04:12 -06:00
35bec8d3cd
Fixed classes names and added RMI interfaces
2018-01-17 17:10:36 +01:00
d345008b20
Added all the classes that implement RMI server
2018-01-17 17:03:32 +01:00
f439edfa1a
Fixes by the fabled wvu
2018-01-17 08:20:52 -06:00
d6e966b079
Land #9414 , wp_admin_shell_upload - remove plugin dir after exploitation
2018-01-16 21:08:22 -06:00
37bf68869f
Add scanner for the open proxy from 'SharknAT&To'
2018-01-16 21:05:19 -06:00
e5bd36da1c
Land #9402 , NIS bootparamd domain name disclosure
2018-01-15 15:36:00 -06:00
aa9b5e4419
Sync Breeze Enterprise Import Command
2018-01-15 20:46:40 +00:00
2f9eebe28b
remove plugin dir
2018-01-15 14:48:59 +01:00
dfb9941e95
Fix java_jmx_server exploit
...
Add test case when discovering RMI endpoint as the previous one was not complete
2018-01-15 12:13:09 +01:00
736d438813
Address second round of feedback
...
Brain fart on guard clauses when I've been using them all this time...
Updating the conditions made the ternary fall out of favor.
Changed some wording in the doc to suggest the domain name for a
particular NIS server may be different from the bootparamd client's
configuration.
2018-01-13 22:55:01 -06:00
1a8eb7bf2a
Update nis_ypserv_map after bootparam feedback
...
Yes, yes, I see the off-by-one "error." It's more accurate this way.
Basically, we want to ensure there's actually data to dump.
2018-01-13 15:40:17 -06:00
c080329ee6
Update module after feedback
...
Looks like I can't decide on certain style preferences.
Not keen on using blank?, but I've used it before. Time to commit?
Also, fail_with has been fixed for aux and post since #8643 . Use it!
2018-01-13 15:40:11 -06:00
d172259f5d
umlaut
2018-01-13 16:06:11 +11:00
eb8429cbd3
Revert "umlaut"
...
This reverts commit ffd7073420
2018-01-12 22:57:22 -06:00
zerosum0x0
Aaron Soto
William Vu
Matthew Kienow
Pearce Barry
bwatters-r7
Adam Cammack
Brent Cook
Wei Chen
Steve Embling
Kevin Kirsche
Philippe Tranca
Daniel Teixeira
Christian Mehlmauer
Brendan Coles