ab77ab509a
Update phpfilemanager_rce.rb
2015-12-03 12:35:49 +08:00
869caf789f
Update phpfilemanager_rce.rb
2015-12-03 12:34:17 +08:00
a2d51d48cd
Add phpFileManager 0.9.8 Remote Code Execution
2015-12-03 12:11:31 +08:00
09cd63a70c
Land #6302 , Limesurvey File Download aux mod
2015-12-02 15:43:56 -06:00
93a4fd0ee4
Minor edits
2015-12-02 15:43:11 -06:00
581ea89f7f
fix nil error
2015-12-02 11:19:08 +01:00
f06e4f3dbd
make this module work with other languages too
2015-12-02 11:14:10 +01:00
1a4b91e33e
unzip backup file
2015-12-02 11:01:56 +01:00
15dd18dc4b
use single quotes, remove explicit nil
2015-12-02 09:36:07 +00:00
0f24ca7d13
Land #6280 , @wchen-r7's module for Oracle Beehive processEvaluation Vulnerability
2015-12-01 21:38:09 -06:00
d269be22e7
Land #6223 , @wchen-r7's module for Oracle Beehive prepareAudioToPlay exploit
2015-12-01 21:36:18 -06:00
9697ce5033
Specify arch & platform for generate_payload_exe
...
If not specified, generic payloads will fail.
2015-12-01 18:46:52 -06:00
0e21265ecc
Fix cookie parsing, typo, and unused var
2015-12-01 17:39:40 -06:00
366b92a79e
Store rsync creds as creds, not loot
2015-12-01 15:30:39 -08:00
217374d1c0
add limesurvey file download
2015-12-02 00:06:13 +01:00
bb3a3ae8eb
Land #6176 , @ganzm's fix for 64 bits windows loadlibrary payload
2015-12-01 13:18:41 -06:00
3b3b569d8e
Fix payload CacheSize for current pymet
2015-12-01 13:00:15 -05:00
bfe81db9a5
Update cached size
2015-12-01 11:45:45 -06:00
2348cb7374
Update loadlibrary for 64 bits
2015-12-01 11:41:37 -06:00
385378f338
Add reference to Rapid7 advisory
2015-12-01 11:37:27 -06:00
98a0ddebda
Land #6298 , Advantech shellshock module
2015-12-01 11:37:09 -06:00
9dbf7cb86c
Remove the SSL option (not needed)
2015-12-01 11:34:03 -06:00
758e7c7b58
Rename
2015-12-01 11:33:45 -06:00
ea2174fc95
Typo and switch from raw -> encoded
2015-12-01 10:59:12 -06:00
16d0d53150
Update Shellshock modules, add Advantech coverage
2015-12-01 10:40:46 -06:00
ea363dd495
priv to true
2015-12-01 10:23:36 -06:00
2621753417
priv to true
2015-12-01 10:21:56 -06:00
d5d4a4acdc
Register the correct jsp to cleanup
2015-12-01 10:21:15 -06:00
bd8177bf6c
Merge remote-tracking branch 'origin/pr/6284'
...
Land #6284 , fix for false negatives found in #6281
@wvu found some false negatives while testing a server for #6281
2015-11-30 16:09:42 -06:00
fba9715a56
Add stageless python meterpreter http & https payloads
2015-11-28 17:41:55 -05:00
59bd88ff70
msftidy
2015-11-27 16:45:52 -05:00
9c016343c7
Update to logic and reliability
...
Included support for Windows Defender
Rewrote logic to support hosts with multiple AV products installed
2015-11-27 16:41:40 -05:00
1b495e73ac
Further reduce python reverse_http duplicate code
2015-11-26 14:31:00 -05:00
bd25ffa48c
Consolidate py reverse http uri code into a mixin
2015-11-26 13:32:50 -05:00
920d8c6ad7
Land #6278 , wrong default option for RHOST
2015-11-26 06:49:25 +01:00
90fb3e0118
Land #6277 , jenkins domain cred recovery aux module
2015-11-25 22:58:43 -06:00
a7a89adfac
Land #6264 , meterpreter per-extension init string support, update payloads to 1.0.17
...
This brings in the following changes:
Changes to support maven 3.3+
Don't fall back to 0.0.0.0
Remove all debug builds from the Windows projects
Add show_mount, ps_list, and some core tweaks
Refactor TLV layout, add more debug output, token stealing
Add incognito binding, code tidies
Update packaged libs
Add transport list binding
Add transport add command to python binding
Update python core lib archive
change source perms back to non-executable
First pass of stageless initialisation script
Finalise stageless initialisation scripts
add BOOT_COMPLETED receiver that starts the Payload
Improve the implementation of the getuid command
Switch to Utils.runCommand per timwr's suggestion
Updated init script method
also bumps msgpack 0.7.1, which fixes a failure packing messages > 256k
2015-11-25 22:27:27 -06:00
78e306e281
s/Initialision/Initialization/
2015-11-25 22:07:25 -06:00
d984e5c781
update payload sizes
2015-11-25 22:04:52 -06:00
7dc268d601
Land #6283 , increase the amount of space needed for ms08_067
2015-11-25 19:37:25 -06:00
8fd2522a59
Land #6257 , @all3g's aux module for locating git repos over HTTP
2015-11-25 12:25:45 -08:00
a56571479f
Remove WmapScanServer mixin; not needed
2015-11-25 11:38:32 -08:00
2da9bb8578
Follow redirects in apache_userdir_enum
...
Found false negatives while testing a server for #6281 .
2015-11-25 13:27:06 -06:00
a692a5d36c
Remove Platform, this should work everywhere; correct grammar
2015-11-25 11:23:18 -08:00
e56aa96a66
Land #6281 , TARGETURI/full_uri fixes
2015-11-25 13:15:50 -06:00
8f459de064
Fix tomcat_enum for full_uri
2015-11-25 11:28:56 -06:00
38a9efe4d6
Fix squiz_matrix_user_enum for full_uri
2015-11-25 11:28:53 -06:00
35ea8c3f74
relax space needed a bit less, work with Windows XP and 2k3
2015-11-25 11:25:57 -06:00
7d17c5741b
Fix nginx_source_disclosure for full_uri
2015-11-25 11:19:27 -06:00
035882702a
Fix barracuda_directory_traversal for full_uri
2015-11-25 11:18:17 -06:00
7a5f6495d0
Fix axis_local_file_include for full_uri
2015-11-25 11:16:59 -06:00
42d12a4d40
Fix apache_userdir_enum for full_uri
2015-11-25 11:16:22 -06:00
2a89a2bc9a
increase the amount of space needed for ms08_067
2015-11-25 07:13:16 -06:00
c09d8031c6
Remove default empty string
2015-11-25 12:19:16 +05:00
f9d3652e1a
Land #6282 , deprecated module cleanup
...
rm modules/exploits/windows/browser/adobe_flash_pixel_bender_bof.rb
2015-11-24 23:48:09 -06:00
6fbcb3d127
Land #6263 , add BisonWare BisonFTP Server Buffer Overflow
2015-11-24 22:55:15 -06:00
f57ebad0e6
Change hard tabs to spaces
2015-11-24 22:54:52 -06:00
9a7e51daec
Update bison_ftp_bof.rb
2015-11-25 11:47:21 +08:00
3d6e4068cb
Update bison_ftp_bof.rb
2015-11-25 11:17:07 +08:00
591da3c97e
Please use exploit/multi/browser/adobe_flash_pixel_bender_bof
...
Time to say goodbye to:
exploits/windows/browser/adobe_flash_pixel_bender_bof.rb
Please use:
exploit/multi/browser/adobe_flash_pixel_bender_bof
Reason: The replacement supports multiple platforms, so better.
2015-11-24 20:37:57 -06:00
eac4f02b66
Spelling and correct description
2015-11-24 17:57:56 -08:00
3ad7ef9814
Modify the printed URL to add https:// when SSL is used.
2015-11-25 12:46:56 +11:00
4e2eb7ca65
Add Oracle Beehive processEvaluation Vulnerability
2015-11-24 19:17:57 -06:00
ccdf814688
Use correct URIs in report_note
2015-11-24 09:52:07 -08:00
c66d56263a
Cleaner and more consistent print_ *
2015-11-24 09:43:05 -08:00
55b3e10390
Land #6258 , smart_migrate enhancement
2015-11-24 11:30:29 -06:00
1e90a8004d
Correct printing of URIs when provided TARGETURI doesn't end with /
2015-11-24 09:11:04 -08:00
afa4d9e74d
Add legit git UserAgent
2015-11-24 08:57:19 -08:00
d59c563ee3
Don't store index file
2015-11-24 08:51:43 -08:00
e29a229336
Minor style cleanup
2015-11-24 08:50:21 -08:00
2152c310fe
Remove the default true option of RHOST
2015-11-24 14:54:54 +05:00
74e1b8d5ac
Fix res nil
2015-11-24 00:15:05 -06:00
95ca288f9d
Modify check
2015-11-23 20:33:14 -06:00
09e6a54886
In case anonymous is not allowed for decryption
2015-11-23 20:26:41 -06:00
20ba10d46c
Spaces, how dare you
2015-11-23 16:45:02 -06:00
faab28f1d6
Add Jenkins Domain Credential Discovery Auxiliary Module
2015-11-23 16:23:59 -06:00
16e6ced867
Land #6108 , OpenVPN creds scraper
2015-11-23 14:25:19 -06:00
601d4fda9f
Add note about --auth-nocache
2015-11-23 14:24:26 -06:00
718e928fe3
Control per-user config file
2015-11-23 11:11:03 -08:00
493e476a43
Land #6243 , check nil for sock.read
2015-11-23 11:15:51 -06:00
5654b6b2e2
Land #6227 , reverse_hop_http updates and HTTPS unification
2015-11-23 06:29:15 -06:00
441fff4b7c
Update bison_ftp_bof.rb
...
Adding constant NOP
2015-11-23 06:53:12 +08:00
2dd8567741
remove GIT_HEAD / add description / git_config regex match / save index|config file(s)
2015-11-22 09:18:19 +00:00
93bb31dfa0
Make path to rsyncd configuration file configurable
2015-11-21 19:50:33 -08:00
1410d03386
Fixed msftidy capitalisation.
2015-11-22 14:32:51 +11:00
fc46ce0ced
Bring module title in line with other WP modules.
2015-11-22 13:39:45 +11:00
e0386d6830
add scan switches GIT_INDEX / GIT_HEAD / GIT_CONFIG
2015-11-21 03:06:37 +00:00
aa962f30a9
Minor style/usability cleanup
2015-11-20 13:51:31 -08:00
a96102c20a
Minor cleanup
2015-11-20 13:19:38 -08:00
c75e3c8e84
Initial commit of a post module for looting rsync credentials
2015-11-20 12:57:33 -08:00
b2d6458f50
Land #6129 , Joomla SQLi RCE
2015-11-20 14:30:23 -06:00
5592e4e4ea
seek_relative suppression (use seek instead)
2015-11-20 18:30:51 +01:00
dd027982ae
if recovery_key specified, only method that is tried
2015-11-20 18:30:50 +01:00
f49d6905a6
Fix comments by @jhart-r7
2015-11-20 18:30:50 +01:00
8f135c07aa
Remove hard coded C:\Windows and use %SYSTEMROOT%
2015-11-20 18:30:49 +01:00
7d9d74f609
msftidy...
2015-11-20 18:30:49 +01:00
c8847182d7
Add module to dump Bitlocker master key (FVEK)
2015-11-20 18:30:48 +01:00
e3bca890c1
Update bison_ftp_bof.rb
2015-11-20 23:45:15 +08:00
1dee6dca1b
Update bison_ftp_bof.rb
2015-11-20 13:37:46 +08:00
bd856322e0
Update bison_ftp_bof.rb
2015-11-20 09:58:44 +08:00
335944aa9a
Update bison_ftp_bof.rb
2015-11-20 09:38:55 +08:00
fcc7520230
Create bison_ftp_bof.rb
2015-11-20 09:07:40 +08:00
7c5d292e42
Land #6201 , chkrootkit privesc
2015-11-19 10:37:30 -06:00
f1675f9ae4
Minor enhancement to smart_migrate
...
Adding a check to see if the user is currently already migrated to the "explorer.exe" and "winlogon.exe" processes prior to attempting migration.
2015-11-19 13:30:12 +00:00
1795e09a27
scan git disclosure (.git/index)
2015-11-19 09:16:32 +00:00
8d1f5849e0
Land #6228 , @m0t's module for F5 CVE-2015-3628
2015-11-18 15:39:40 -08:00
ae3d65f649
Better handling of handler creation output
2015-11-18 15:31:32 -08:00
bcdf2ce1e3
Better handling of invulnerable case; fix 401 case
2015-11-18 15:24:41 -08:00
3c72135a2f
No to_i
...
What happens here is it converts to a Fixnum, and then it converts
back to a String anway because it's in a String.
2015-11-18 15:25:18 -06:00
deec836828
scripts/handlers cannot start with numbers
2015-11-18 12:31:46 -08:00
7399b57e66
Elminate multiple sessions, better sleep handling for session waiting
2015-11-18 12:23:28 -08:00
e4bf5c66fc
Use slightly larger random script/handler names to avoid conflicts
2015-11-18 11:51:44 -08:00
e7307d1592
Make cleanup failure messages more clear
2015-11-18 11:44:34 -08:00
0e3508df30
Squash minor rubocop gripes
2015-11-18 11:05:10 -08:00
f8218f0536
Minor updates to print_ output; wire in handler_exists;
2015-11-18 11:05:10 -08:00
392803daed
Tighten up cleanup code
2015-11-18 11:05:10 -08:00
657e50bb86
Clean up module
2015-11-18 12:50:57 -06:00
c0d9c65ce7
always overwrite the payload file
2015-11-18 18:48:34 +00:00
0cda20c9e2
Fix everything pointed out by @jlee-r7
2015-11-18 12:02:28 -06:00
682a41af2e
Update description
2015-11-18 11:52:50 -06:00
d6921fa133
Add Atlassian HipChat for Jira Plugin Velocity Template Injection
...
CVE-2015-5603
Also fixes a bug in response.rb (Fix #6254 )
2015-11-18 11:34:25 -06:00
a484b318eb
Update registry_persistence.rb
2015-11-18 16:13:18 +00:00
1fe8bc9cea
Added a SLEEP_TIME option
...
Added a SLEEP_TIME options which is the number of seconds to sleep prior to executing the initial IEX request. This is useful in cases where a machine would have to establish a VPN connection, initiated by the user, after a reboot.
Alternatively, as opposed to a sleep time, it could have a loop that attempts to retry for a certain period of item.
2015-11-18 11:17:57 +00:00
e21bf80ae4
Squash a rogue space
2015-11-17 14:17:59 -08:00
3396fb144f
A little more simplification/cleanup
2015-11-17 14:16:29 -08:00
dcfb3b5fbc
Let Filedropper handle removal
2015-11-17 13:01:06 -08:00
a9e8ab785e
Land #6220 , adds ATG client module
2015-11-17 13:31:17 -06:00
e107ec2d17
Change fail to fail_with, fix typo
2015-11-17 13:30:46 -06:00
74f6ff7752
Rename to atg_client to match conventions
2015-11-17 12:59:37 -06:00
811167442c
Re-disable debugging nodelete
2015-11-17 13:10:03 +00:00
44d477a13c
Fix some rubocop warnings
2015-11-17 13:26:50 +01:00
ac99f9c229
Fix condition
2015-11-17 00:52:42 -02:00
f69e7c0fb3
Fix condition
2015-11-17 00:49:04 -02:00
a48d0b275b
Added check if the commands executed successfully.
2015-11-17 00:07:31 -02:00
f6fdabfd77
Land #6239 , added Session info display to module output
...
MS-706
2015-11-16 18:10:58 -06:00
715f20c92c
Add missing super in setup
2015-11-16 14:45:13 -08:00
70407a4f21
3600 * 60 * 24 isn't one day
2015-11-16 23:18:02 +01:00
17a1f2ee8a
Fix #6242 , Check nil for sock.read
...
Fix #6242
2015-11-16 14:24:46 -06:00
f0da09090d
Land #6233 , Konica Minolta FTP Utility 1.00 Directory Traversal
2015-11-16 13:55:29 -06:00
740cacb4c0
Check nil
2015-11-16 13:54:36 -06:00
902951c0ca
Clean up description; Simplify SOAP code more
2015-11-16 11:06:45 -08:00
1aa1d7b5e4
Use random path for payload
2015-11-16 10:57:48 -08:00
24c41c9261
Land #6225 , wall(1)/write(1) post module
2015-11-16 12:47:35 -06:00
ee5d91faab
Better logging when exploit gets 401
2015-11-16 10:41:48 -08:00
c4ffd7ae36
When sending SOAP requests, print out proto/status/message when fail
2015-11-16 10:38:40 -08:00
a1ab8f1dc7
added Session info display to module output
...
output from the mssql_local_auth_bypass module
is now prefixed with the Session id and address
of the target host so it is explicitly clear
where it is performing each action
MS-706
2015-11-16 12:13:26 -06:00
2b99969f9a
quote paths to allow spaces
2015-11-15 00:14:30 +00:00
e3f25fd6e2
Add support for specifying path, file in bourne dropper
2015-11-14 18:31:11 +00:00
c914c7b22c
Completely remove SET_TIME
2015-11-13 12:28:23 -08:00
ab3ae675ff
Hide TIME option since SET_TIME is not implemented
2015-11-13 12:26:42 -08:00
JT
wchen-r7
Christian Mehlmauer
Rory McNamara
jvazquez-r7
Jon Hart
Spencer McIntyre
James Lee
HD Moore
Kyle Gray
Andrew Smith
Louis Sato
Brent Cook
William Vu
Waqas Ali
aushack
nixawk
BAZIN-HSC
sammbertram
m0t
jvoisin
Roberto Soares
David Maloney
PsychoMario