Commit Graph

295 Commits (460778738d73b33670adbdb25e59a73ab191fea4)

Author SHA1 Message Date
HD Moore 16d0d53150 Update Shellshock modules, add Advantech coverage 2015-12-01 10:40:46 -06:00
wchen-r7 154fb585f4 Remove bad references (dead links)
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
wchen-r7 f4abc16c66
Land #6102, Add rsh/libmalloc privilege escalation exploit module 2015-10-26 10:54:05 -05:00
Sam H 5fcc70bea4 Fixed issue w/ msf payloads + added timeout rescue
Apparently when OS X payload shells get a sudo command, it requires a full path (even though it clearly has $PATH defined in its env...) to that file. The updates here take that into account. Also, the script more directly catches a timeout error when the maximum time for sudoers file to change has passed.
2015-10-25 23:38:48 -07:00
wchen-r7 360f40249c
Land #6122, user-assisted Safari applescript:// module (CVE-2015-7007) 2015-10-22 15:07:42 -05:00
wchen-r7 9d2e2df1f1 Update description 2015-10-22 15:07:11 -05:00
joev 35578c7292 Add refs. 2015-10-22 09:48:11 -05:00
joev 6a87e7cd77 Add osx safari cmd-R applescript exploit. 2015-10-22 09:46:56 -05:00
Sam H 348a0f9e3d Cleaned up "cleanup" method and crontab check
The script now searches for the full line "ALL ALL=(ALL) NOPASSWD: ALL" written in the crontab file to ensure that it is successful rather than just "NOPASSWD". Additionally, the required argument used in the cleanup method was removed and simply turned into an instance method so it could be accessed without needing to call it with any arguments.
2015-10-21 22:53:32 -07:00
Sam H 712f9f2c83 Deleted extra reference to exploit DB 2015-10-18 19:10:47 -07:00
Sam Handelman b03c3be46d Fixed some styling errors in the initializer. Switched the calls to sleep(1) to use the Rex API (Rex.sleep(1) instead). 2015-10-18 02:13:03 -07:00
Sam Handelman 3757f2e8de Changed my author name to make sure it matches my GitHub username inside the module information. 2015-10-16 14:54:34 -07:00
Sam Handelman 95d5e5831e Adding the updated version of the module to submit a pull request. Changes were made to ensure that the OS version check correctly determines which systems are vulnerable, giving only a warning message if not. 2015-10-16 14:39:07 -07:00
wchen-r7 4275a65407 Update local exploit checks to follow the guidelines.
Please see wiki "How to write a check() method" to learn how
these checkcodes are determined.
2015-09-01 23:26:45 -05:00
Brent Cook d670a62000
Land #5822, migrate obsolete payload compatibility options 2015-08-31 15:20:20 -05:00
wchen-r7 9364982467
Land #5665, Add osx rootpipe entitlements exploit for 10.10.3 2015-08-28 13:33:16 -05:00
wchen-r7 e45347e745 Explain why vulnerable 2015-08-28 13:26:01 -05:00
wchen-r7 423d52476d Normal options should be all caps 2015-08-28 13:24:23 -05:00
William Vu 26165ea93f Add tpwn module 2015-08-17 17:11:11 -05:00
jvazquez-r7 203c231b74
Fix #5659: Update CMD exploits payload compatibility options 2015-08-10 17:12:59 -05:00
William Vu 50c9293aab
Land #5758, OS X DYLD_PRINT_TO_FILE privesc 2015-07-23 13:21:23 -05:00
William Vu c1a9628332 Fix some fixes
So you can fix while you fix.
2015-07-23 12:59:20 -05:00
Tod Beardsley 6ededbd7a7
Un-ticking the output 2015-07-23 12:23:56 -05:00
Tod Beardsley 9d8dd2f8bd
FIxup pr #5758 2015-07-23 12:21:36 -05:00
joev 165cb195bf Remove python dependency, add credit URL. 2015-07-21 22:48:23 -05:00
joev 3013ab4724 Add osx root privilege escalation. 2015-07-21 21:50:55 -05:00
joev 133e221dcd Remove unnecessary steps. 2015-07-05 19:00:58 -05:00
joev c993c70006 Remove sleep(), clean up WritableDir usage. 2015-07-05 18:59:00 -05:00
joev 72a1e9ad99 Add module for rootpipe+entitlements exploit for 10.10.3. 2015-07-05 18:19:46 -05:00
jvazquez-r7 d98d2ffd4d
Update setuid_viscosity
* Use cmd_exec
2015-06-22 14:04:04 -05:00
jvazquez-r7 60bdc10aed
Update setuid_tunnelblick
* Use cmd_exec
2015-06-22 13:57:33 -05:00
Christian Mehlmauer 352e170624
more failure reasons 2015-04-16 22:04:11 +02:00
Christian Mehlmauer 8c5890d506
more fixes 2015-04-16 21:56:42 +02:00
Christian Mehlmauer b4b8ac0849
moar fail_with's 2015-04-16 21:26:37 +02:00
William Vu 13da15e434 Add default PAYLOAD again
PrependSetreuid doesn't work with generic/shell_reverse_tcp.
2015-04-16 02:07:02 -05:00
William Vu e114c85044
Land #5127, x64 OS X prepend stubs 'n' stuff 2015-04-14 01:25:39 -05:00
William Vu e324819feb Add Privileged to info hash
Also remove default payload. Was set for CMD.
2015-04-13 15:23:30 -05:00
Tod Beardsley bd3b6514fa
Dubbed. Whump whump. 2015-04-13 10:52:32 -05:00
Tod Beardsley d87483b28d
Squashed commit of the following:
commit 49f480af8b9d27e676c02006ae8873a119e1aae6
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Mon Apr 13 10:42:13 2015 -0500

    Fix funny punctuation on rootpipe exploit title

    See #5119

commit 0b439671efd6dabcf1a69fd0b089c28badf5ccff
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Mon Apr 13 10:37:39 2015 -0500

    Fix vendor caps

    Trusting the github repo README at

    https://github.com/embedthis/goahead

    See #5101
2015-04-13 10:46:47 -05:00
joev c132a3fb0a Fix OSX prepends and implement x64 setreuid. 2015-04-11 20:04:21 -05:00
William Vu fc814a17ae Add admin check
Also break out version check.
2015-04-10 11:24:49 -05:00
William Vu 41885133d8 Refactor and clean
Finally breaking free of some stubborn old habits. :)
2015-04-10 11:22:27 -05:00
William Vu a7601c1b9a Use zsh to avoid dropping privs
Also add some configurable options.
2015-04-10 11:22:00 -05:00
William Vu 4cc6ac6eaa Clarify vulnerable versions 2015-04-10 11:22:00 -05:00
William Vu c4b7b32745 Add Rootpipe exploit 2015-04-10 11:22:00 -05:00
jvazquez-r7 0372b08d83 Fix mixin usage on modules 2015-02-13 17:17:59 -06:00
Christian Mehlmauer de88908493
code style 2014-12-11 23:30:20 +01:00
Tod Beardsley 79f2708a6e
Slight fixes to grammar/desc/whitespace
Note that the format_all_drives module had a pile of CRLFs that should
have been caught by msftidy. Not sure why it didn't.
2014-12-04 13:11:33 -06:00
jvazquez-r7 b357fd88a7 Add comment 2014-11-30 21:08:38 -06:00
jvazquez-r7 0ab99549bd Change ranking 2014-11-30 21:08:12 -06:00