infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
42,112 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

10214 Commits (494711ee6517b2125c889b354d851f067822b2c1)

Author SHA1 Message Date
h00die 843f559069
land #7917 piwik exploit module 2017-02-14 00:52:27 -05:00
OJ ec316bfb6c
Use DATABASE when logging in with SQL mixin 2017-02-14 10:34:27 +10:00
h00die a47a479bd3 add else case 2017-02-12 19:08:31 -05:00
Christian Mehlmauer baa473a1c6
add piwik superuser plugin upload module 2017-02-11 00:20:50 +01:00
James Lee 026f6eb715
Land #7929, improve php_cgi_arg_injection 2017-02-10 10:01:38 -06:00
OJ 2d834a3f5a
Finalise module, and add supporting binaries 2017-02-10 12:56:40 +10:00
OJ 1c62559e55
Add v1 of SQL Clr stored proc payload module 2017-02-10 10:28:22 +10:00
bwatters-r7 272d1845fa
Land #7934, Add exploit module for OpenOffice with a malicious macro 2017-02-09 13:42:58 -06:00
wchen-r7 e1a1ea9d68 Fix grammar 2017-02-08 19:26:35 -06:00
wchen-r7 047a9b17cf Completed version of openoffice_document_macro 2017-02-08 16:29:40 -06:00
Mehmet Ince 4ee05313d8
Update tested version numbers 2017-02-08 19:31:01 +03:00
jvoisin f3bcc9f23f Take care of suhosin 2017-02-08 09:59:36 +01:00
jvoisin 028d4d6077 Make the payload a bit more random 2017-02-08 09:59:22 +01:00
jvoisin cb03ca91e1 Make php_cgi_arg_injection work in certain environnement 
This commit sets two more options to `0` in the payload:

- [cgi.force_redirect](https://secure.php.net/manual/en/ini.core.php#ini.cgi.force-redirect)
- [cgi.redirect_status_env](https://secure.php.net/manual/en/ini.core.php#ini.cgi.redirect-status-env)

The configuration directive `cgi.force_redirect` prevents anyone from calling PHP
directly with a URL like http://my.host/cgi-bin/php/secretdir/script.php.
Instead, PHP will only parse in this mode if it has gone through a web server redirect rule.

The string set in the configuration directive `cgi.redirect_status_env`
is the one that PHP will look for to know it's ok to continue its
execution. This might be use together with the previous configuration
option as a security measure.

Setting those variables to 0 is (as stated in the documentation) a
security issue, but it also make the exploit work on some Apache2 setup.
 2017-02-07 18:59:27 +01:00
wchen-r7 cefbee2df4 Add PoC for OpenOffice macro module 2017-02-07 10:12:23 -06:00
Mehmet Ince 906fcfe355
OSSIM 5.0.0 version requires a authen token on action create 2017-02-03 23:45:33 +03:00
wchen-r7 c73c189a61 Set DisablePayloadHandler default to true 2017-02-03 11:25:50 -06:00
wchen-r7 ccaa783a31 Add Microsoft Office Word Macro exploit 2017-02-02 17:44:55 -06:00
wchen-r7 3c6fa12aca Update firefox_smil_uaf to use BrowserExploitServer 2017-01-31 16:04:16 -06:00
William Webb 2ff170a1fa
Land #7820, Exploit for TrueOnline Billion 5200W-T 2017-01-31 11:33:56 -06:00
William Webb f167358540
Land #7821, Command Injection Exploit for TrueOnline ZyXEL P660HN 2017-01-31 11:28:46 -06:00
William Webb b3521dfb69
Land #7822, Command Injection Exploit for TrueOnline P660HN v2 2017-01-31 11:22:49 -06:00
Mehmet Ince c666ac93f5
Adding xff header 2017-01-31 14:37:22 +03:00
Mehmet Ince 40108c2374
first commit 2017-01-31 14:15:46 +03:00
Pedro Ribeiro 0aceb0b1cb Fix whitespace, thanks msftidy! 2017-01-30 10:16:42 +00:00
Pedro Ribeiro 5fd31e621e Add CVE number 2017-01-30 10:03:46 +00:00
William Webb dd60fc3598
move cisco_webex_ext to exploits/windows/browser/ 2017-01-27 16:59:20 -06:00
William Webb 94f9971300
add module doc and remove the word EXPLOIT from document title 2017-01-26 13:36:18 -06:00
William Webb d87cb4b085
nfi why i didnt set ssl by default 2017-01-25 21:02:34 -06:00
William Webb ad0e2c7d95
remove extraneous warning alerts 2017-01-25 18:53:54 -06:00
William Webb d2bc8c7f7e
msftidy complaints 2017-01-25 18:24:10 -06:00
William Webb 10066e0c16
get your targets straight son 2017-01-25 18:21:58 -06:00
William Webb d4b18bb3b9
initial commit of webex rce mod 2017-01-25 18:03:19 -06:00
William Vu 48ed8a72c2 Add helpful comment 2017-01-24 20:03:39 -06:00
William Vu ec8add6caa Always check and print status 2017-01-24 20:00:17 -06:00
William Vu 42a8e2a113 Remove extraneous variable 2017-01-24 19:50:31 -06:00
William Vu 97050a6c47 Fix nil bug in scan 2017-01-24 19:49:23 -06:00
wchen-r7 f4db90edeb
Land #7852, Firefox nsSMILTimeContainer::NotifyTimeChange() rce 2017-01-23 11:56:01 -06:00
wchen-r7 04648888b3 Be conservative and do NormalRanking 2017-01-23 11:55:30 -06:00
Brent Cook ff2b8dcf99
Revert "Land #7605, Mysql privilege escalation, CVE-2016-6664" - premature merge 
This reverts commit 92a1c1ece4, reversing
changes made to 9b16cdf602.
 2017-01-22 19:16:33 -06:00
Brent Cook 92a1c1ece4
Land #7605, Mysql privilege escalation, CVE-2016-6664 2017-01-22 17:17:28 -06:00
Brent Cook 836da6177f Cipher::Cipher is deprecated 2017-01-22 10:20:03 -06:00
Brent Cook f69b4a330e handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations 2017-01-22 10:20:03 -06:00
Mehmet Ince 58c1f6f67d Merge branch 'master' of https://github.com/rapid7/metasploit-framework into trend_micro_imsva_exec 2017-01-22 11:18:34 +03:00
Gabor Seljan bda464fd6b Increase output 2017-01-21 10:51:58 +01:00
Gabor Seljan e3043b0889 Use random string as egg 2017-01-21 10:28:47 +01:00
Gabor Seljan c47f087c83 Fix check code 2017-01-21 09:39:09 +01:00
William Webb 0eb5342d83
disclosure date 2017-01-20 11:57:50 -06:00
William Webb d8f04ccc18
address msftidy complaints 2017-01-20 11:56:11 -06:00
William Webb fb74b2d8f3
initial commit of finished product 2017-01-20 11:01:36 -06:00
Gabor Seljan 905213cc41 Add module for DiskSavvy Enterprise (EDB-40854) 2017-01-19 20:34:00 +01:00
Mehmet Ince c2c352c2ac
Adding Trend Micro IMSVA module 2017-01-18 11:34:16 +03:00
Pedro Ribeiro 2dca53e19a Add full disclosure link 2017-01-17 11:09:44 +00:00
Pedro Ribeiro 1160a47b55 Add full disclosure link 2017-01-17 11:09:29 +00:00
Pedro Ribeiro c2cd26a6e1 Add full disclosure link 2017-01-17 11:09:11 +00:00
bwatters_r7 64550a188a
Land #7797, Add module for DiskBoss Enterprise (EDB-40869) 2017-01-13 08:55:24 -06:00
Pedro Ribeiro 7fafade128 fix msftidy stuff v2 2017-01-12 18:06:13 +00:00
Pedro Ribeiro ba8dfbd9f1 fix msftidy stuff 2017-01-12 18:05:54 +00:00
Pedro Ribeiro f88e68da25 fix msftidy stuff 2017-01-12 18:04:58 +00:00
Pedro Ribeiro 2274e38925 fix msftidy stuff 2017-01-12 18:03:12 +00:00
Pedro Ribeiro b863db9d02 add billion sploit 2017-01-12 17:51:24 +00:00
Pedro Ribeiro 2827a7ea1a add 660v2 sploit 2017-01-12 17:50:57 +00:00
Pedro Ribeiro af2516d074 add 660v1 sploit 2017-01-12 17:49:28 +00:00
Gabor Seljan 483865b815 Fix reference 2017-01-11 23:28:23 +01:00
wchen-r7 abab1f17c9
Merge master to cisco_cve_2016_6433 and make sure I have the latest 2017-01-11 14:39:52 -06:00
Brent Cook 2585c8c8b5
Land #7461, convert futex_requeue (towelroot) module to use targetting and core_loadlib 2017-01-11 13:24:25 -06:00
Gabor Seljan 24014d8465 Minor code formatting 2017-01-10 22:59:42 +01:00
Pedro Ribeiro c0880985bc fix duplicate entry for platform 2017-01-10 01:17:44 +00:00
wchen-r7 74cea5dd04 Use Linux payloads instead of cmd/unix/interact 
As of now, cmd/unix/interact causes msfconsole to freeze, so
we can't use this.
 2017-01-09 11:11:17 -06:00
wizard32 467a476598 Update websphere_java_deserialize.rb 2017-01-08 13:33:01 +02:00
Gabor Seljan 9162374ae3 Add automatic targeting 2017-01-08 11:23:18 +01:00
Gabor Seljan d2472712f3 Add module for DiskBoss Enterprise (EDB-40869) 2017-01-07 19:44:38 +01:00
wchen-r7 e331066d6d Add CVE-2016-6433 Cisco Firepower Management Console UserAdd Exploit 2017-01-06 17:05:25 -06:00
wizard32 829f7da7e0 Update websphere_java_deserialize.rb 2017-01-06 18:39:04 +02:00
Pedro Ribeiro 13bca2ebc7 add httpusername and password for auto auth 2017-01-06 16:33:51 +00:00
wizard32 538a1bf21d 'WfsDelay' Option added 
20sec added on 'WfsDelay' Option for first time exploit run due to the delay of powershell to load all the available modules.
 2017-01-06 18:11:48 +02:00
wizard32 c55e2e58f0 'raw_headers' Updated 2017-01-05 15:19:17 +02:00
wizard32 1d82ee0470 'raw_headers' field Updated 2017-01-05 15:17:17 +02:00
wizard32 c29a9ac00f Show Info updated 2017-01-05 14:18:38 +02:00
wizard32 1a38caa230 Encode - Decode code Updated 2017-01-05 13:07:34 +02:00
wizard32 9f4be89391 Update websphere_java_deserialize.rb 
Update information "Options" field
 2017-01-05 12:38:54 +02:00
William Vu 19319f15d4
Land #7626, Eir D1000 modem exploit 2017-01-04 17:02:39 -06:00
Pedro Ribeiro d95a3ff2ac made changes suggested 2017-01-04 23:02:10 +00:00
William Vu b0e79076fe Switch to wget CmdStager and tune timing 
We don't want to trample the device with requests.
 2017-01-04 16:42:53 -06:00
wizard32 82e49fb27e Update websphere_java_deserialize.rb 2017-01-04 10:23:48 +02:00
William Vu 94d76cfb06 Merge remote-tracking branch 'upstream/master' into tr-069-ntpserver-command-injection 2017-01-03 17:04:04 -06:00
Brent Cook 7585999e18
Land #7782, Update themoon exploit to use wget command stager 2017-01-03 16:30:12 -06:00
wchen-r7 ed74b239e3
Land #7768, PHPMailer Sendmail Argument Injection exploit 2017-01-03 16:04:05 -06:00
wchen-r7 3155af679a Fix a typo 2017-01-03 16:03:45 -06:00
Adam Cammack fe0a3c8669
Update themoon exploit to use wget command stager 2017-01-03 15:50:57 -06:00
wizard32 b06c5bac2f Invalid CVE format and Spaces at EOL fixed 2017-01-03 21:45:22 +02:00
wizard32 0722944b47 Invalid CVE format fixed 2017-01-03 21:38:32 +02:00
wizard32 8534fde50f Websphere Java Deserialization (RCE) 
This module exploits a vulnerability in IBM's WebSphere Application Server. An unsafe deserialization call of unauthenticated Java objects exists to the Apache Commons Collections (ACC) library, which allows remote arbitrary code execution. Authentication is not required in order to exploit this vulnerability.
 2017-01-03 16:04:51 +02:00
Pedro Ribeiro 9d3e90e8e5 cleanup 2017-01-02 17:32:38 +00:00
Pedro Ribeiro 4c29d23c8a further cleaning 2016-12-31 17:02:34 +00:00
Pedro Ribeiro 956602cbfe add final wnr2000 sploits 2016-12-31 16:49:05 +00:00
Spencer McIntyre cd90fd3b1c Fix PHPMailer targets since 5.2.20 is not affected 2016-12-30 15:31:15 -05:00
Spencer McIntyre 1eab4b3a7d Add an optional explicit triggeruri for phpmailer 2016-12-30 14:24:07 -05:00
Spencer McIntyre 64037b0d6e Use a proper target instead of VERSION 2016-12-29 17:37:16 -05:00
Spencer McIntyre c9dd7a50b6 Add the PHPMailer Argument Injection exploit 2016-12-29 17:17:06 -05:00
William Vu 9d0ada9b83
Land #7749, make drb_remote_codeexec great again 2016-12-28 06:11:48 -06:00
William Vu cfca4b121c Clean up module 2016-12-28 06:10:46 -06:00
William Vu afd8315e1d
Remove apache_continuum_cmd_exec CmdStager flavor 
It is inferred from the platform, and we don't want to override it
needlessly. :bourne is what worked during testing, but it won't always
work. Now we can override the flavor with CMDSTAGER::FLAVOR.
 2016-12-27 16:24:16 -06:00
Pedro Ribeiro 870e8046b5 add sploits 2016-12-27 21:12:35 +00:00
Brent Cook 57e4bcbf71
Land #7454, add CVE-2013-6282, put_user/get_user exploit for Android 2016-12-24 14:44:34 -06:00
joernchen of Phenoelit 679ebf31bd Minor fix to make dRuby great again 2016-12-23 15:12:22 +01:00
joernchen of Phenoelit d69acd116d Make dRuby great again 2016-12-22 15:37:16 +01:00
William Vu 934b05e736
Land #7310, at(1) persistence module 2016-12-22 03:33:58 -06:00
William Vu b65a62ba93 Clean up module 2016-12-22 03:33:08 -06:00
Tim 25a8283af3
fork early and use WfsDelay 2016-12-20 00:59:27 +08:00
Tim f1efa760df
more fixes 2016-12-20 00:52:11 +08:00
Tim 7ac3859393
convert futex_requeue module to use targetting and core_loadlib 2016-12-20 00:52:11 +08:00
Tim c2dc350378
better fix for session compatibility 2016-12-15 17:41:44 +08:00
Brent Cook fa016de78a
Land #7634, Implement universal HTTP/S handlers for Meterpreter payloads 2016-12-13 18:13:22 -06:00
Tim fe9972cc25
fork early and use WfsDelay 2016-12-13 17:02:23 +08:00
Tim 7b7deb0588
better library cleanup 2016-12-13 17:02:23 +08:00
Tim 96b01effa7
cleanup library after use 2016-12-13 17:02:23 +08:00
Tim 909773120c
typos 2016-12-13 17:02:23 +08:00
Tim ebf7ae0739
add CVE-2013-6282, put_user/get_user exploit for Android 2016-12-13 17:02:23 +08:00
Tod Beardsley a4f681ae35
Add quoted hex encoding 2016-12-06 09:05:35 -06:00
Tod Beardsley d549c2793f
Fix module filename to be TR-064 2016-12-02 08:49:21 -06:00
Tod Beardsley 9e4e9ae614
Add a reference to the TR-064 spec 2016-12-02 08:48:09 -06:00
Tod Beardsley ddac5600e3
Reference TR-064, not TR-069 2016-12-02 08:45:15 -06:00
wchen-r7 41355898fa Remove extra def report_cred in vbulletin_vote_sqli_exec 2016-12-01 15:31:24 -06:00
wchen-r7 174cd74900
Land #7532, Add bypass UAC local exploit via Event Viewer module 2016-12-01 11:16:49 -06:00
wchen-r7 1e9d80c998 Fix another typo 2016-12-01 11:16:06 -06:00
wchen-r7 b8243b5d10 Fix a typo 2016-12-01 11:15:26 -06:00
William Vu 1d6ee7192a
Land #7427, new options for nagios_xi_chained_rce 2016-11-30 17:11:02 -06:00
William Vu 3e8cdd1f36 Polish up USER_ID and API_TOKEN options 2016-11-30 17:10:52 -06:00
OJ ebf5121359
Merge branch 'upstream/master' into add-bypassuac-eventvwr 2016-12-01 07:58:16 +10:00
OJ 6890e56b30
Remove call to missing function 2016-12-01 07:57:54 +10:00
David Maloney d1be2d735f
Land #7578, pdf-shaper exploit 
Land lsato's work on the pdf-shaper buffer overflow
exploit
 2016-11-30 11:13:12 -06:00
Tod Beardsley 43cd788350
Switch back to echo as cmdstager flavor 2016-11-30 10:18:09 -06:00
Tod Beardsley b75fbd454a
Add missing peer in vprint_error 2016-11-30 07:59:41 -06:00
Tod Beardsley 657d52951b
Linemax 63, switch to printf 2016-11-30 07:51:36 -06:00
Tod Beardsley 08b9684c1a
Add a FORCE_EXPLOIT option for @FireFart 2016-11-29 16:37:13 -06:00
Tod Beardsley 57d156a5e2
Revert "XML encode the command passed" 
This reverts commit 9952c0ac6f.
 2016-11-29 16:24:26 -06:00
Tod Beardsley b7904fe0cc
Oh silly delimiters and lack thereof 2016-11-29 15:53:05 -06:00
Tod Beardsley 9952c0ac6f
XML encode the command passed 2016-11-29 15:49:55 -06:00
Tod Beardsley 851aae3f15 Oops, wrong module 
This reverts commit d55d2099c5.
 2016-11-29 15:15:18 -06:00
Tod Beardsley d55d2099c5
Just one platform thanks 2016-11-29 15:08:45 -06:00
Tod Beardsley 4d6b2dfb46
Use CmdStager instead 
Oh, and this is totally untested as of this commit.
 2016-11-29 15:03:38 -06:00
Tod Beardsley 8de17981c3
Get rid of the WiFi key stealer 2016-11-29 14:48:04 -06:00
Tod Beardsley 75bcf82a09
Never set DefaultPaylod, reverse target options 2016-11-29 14:43:10 -06:00
Tod Beardsley f55f578f8c
Title, desc, authors, refs 2016-11-29 14:39:38 -06:00
Tod Beardsley d691b86443
First commit of Kenzo's original exploit 
This is a work in progress, and is merely the copy-paste
of the original PoC exploit from:

https://devicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/
 2016-11-29 09:13:52 -06:00
OJ e8158bd200
Add multi platform type, wire into the multi stage 2016-11-28 09:34:09 +10:00
x2020 6f70323460 Minor misspelling mistakes and corrected the check of the mysqld process 2016-11-25 19:03:23 +00:00
x2020 1119dc4abe Targets set to automatic 
removed targets and set only automatic
the targets weren't used so there's no funcionallity loss
 2016-11-25 17:35:28 +00:00
Brent Cook 59f3c9e769
Land #7579, rename netfilter_priv_esc to rename netfilter_priv_esc_ipv4 2016-11-21 17:59:29 -06:00
Prateep Bandharangshi 8869ebfe9b Fix incorrect disclosure date for OpenNMS exploit 
Disclosure date was Nov 2015, not Nov 2014
 2016-11-21 16:44:36 +00:00
William Webb 6c6221445c
Land #7543, Create exploit for CVE-2016-6563 / Dlink DIR HNAP Login 2016-11-21 09:59:50 -06:00
OJ 6ae8a2dd2e
Remove unused/empty function body 2016-11-21 17:59:49 +10:00
OJ 8c036885bc
Fix msftidy issues 2016-11-21 17:23:03 +10:00
OJ e226047457
Merge 'upstream/master' into the bypassuac via eventvwr mod 2016-11-21 17:18:40 +10:00
Brent Cook 005d34991b update architecture 2016-11-20 19:09:33 -06:00
Brent Cook f313389be4 Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch 2016-11-20 19:08:56 -06:00
x2020 acfd214195 Mysql privilege escalation 
Documentation, compiled binary and final implementation.
Completed the documentation, added the missing compiled binary and a
final and tested implementation of the module.
 2016-11-19 11:24:29 +00:00
h00die cfd31e32c6 renaming per @bwatters-r7 comment in #7491 2016-11-18 13:52:09 -05:00
Louis Sato 920ecf6fc5
finishing metacoms work for pdf-shaper-bo 2016-11-18 11:36:02 -06:00
wchen-r7 4596785217
Land #7450, PowerShellEmpire Arbitrary File Upload 2016-11-17 17:47:15 -06:00
wchen-r7 c0af5b690d
Land #6638, add local exploit module to execute payload w/ stealth 2016-11-16 16:25:15 -06:00
wchen-r7 e1ff37f3eb Title change and handling Rex::TimeoutError exception 2016-11-16 16:23:44 -06:00
Brendan 18bafaa2e7
Land #7531, Fix drb_remote_codeexec and create targets 2016-11-16 12:58:22 -06:00
wchen-r7 7b83720b90
Bring #6638 up to date 2016-11-15 12:27:05 -06:00
Brent Cook b56b6a49ac
Land #7328, Extend lsa_transname_heap exploit to MIPS 2016-11-15 07:37:19 -06:00
wchen-r7 fa9f2b340e def setup isn't needed 2016-11-14 15:52:02 -06:00
wchen-r7 bab07b5691
Bring #7540 up to date 2016-11-14 14:59:21 -06:00
Jeffrey Martin c458d662ed
report correct credential status as successful 2016-11-14 12:27:22 -06:00
Jeffrey Martin 4ae90cbbef
Land #7191, Add exploit for CVE-2016-6267 - Trend Micro Smart Protection Server authenticated RCE. 2016-11-14 12:06:02 -06:00
William Webb 4e40546958
Land #7502, Disk Pulse Enterprise Login Buffer Overflow 2016-11-14 10:28:53 -06:00
Brent Cook 4f323527c9
Land #7549, Deprecate/move wp_ninja_forms_unauthenticated_file_upload 2016-11-14 03:00:02 -06:00
Pedro Ribeiro 908713ce68 remove whitespace at end of module name 2016-11-14 08:35:34 +00:00
Chris Higgins 4e9802786c Removed spaces causing build to fail 2016-11-13 21:46:24 -06:00
Pearce Barry 9eb9d612ca
Minor typo fixups. 2016-11-11 16:54:16 -06:00
Pearce Barry 1dae206fde
Land #7379, Linux Kernel BPF Priv Esc (CVE-2016-4557) 2016-11-11 16:50:20 -06:00
wchen-r7 8cd9a9b670 Deprecate wp_ninja_forms_unauthenticated_file_upload 
wp_ninja_forms_unauthenticated_file_upload actually supports
multiple platforms.

Instead of using:
exploit/unix/webapp/wp_ninja_forms_unauthenticated_file_upload

Please use:
exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload
 2016-11-10 11:17:09 -06:00
scriptjunkie 268a72f210
Land #7193 Office DLL hijack module 2016-11-08 23:15:27 -06:00
Pedro Ribeiro 50f578ba79 Add full disclosure link 2016-11-08 22:15:19 +00:00
Yorick Koster 3c1f642c7b Moved PPSX to data/exploits folder 2016-11-08 16:04:46 +01:00
Pedro Ribeiro 95bd950133 Point to proper link on github 2016-11-07 17:59:29 +00:00
Pedro Ribeiro f268c28415 Create dlink_hnap_login_bof.rb 2016-11-07 17:45:37 +00:00
Chris Higgins 099a5984f9 Updated with style suggestions from msftidy and rubocop. 
Also updated with commented from other contributors.
 2016-11-07 10:18:52 -06:00
Chris Higgins 689fc28d1b Added WinaXe 7.7 FTP client Server Ready buffer overflow 2016-11-06 23:35:16 -06:00
William Vu da356e7d62 Remove Compat hash to allow more payloads 2016-11-04 13:57:05 -05:00
William Vu f0c89ffb56 Refactor module and use FileDropper 2016-11-04 13:57:05 -05:00
William Vu 6d7cf81429 Update references 2016-11-04 13:57:05 -05:00
William Vu 009d6a45aa Update description 2016-11-04 13:57:05 -05:00
William Vu bf7936adf5 Add instance_eval and syscall targets 2016-11-04 13:57:05 -05:00
OJ 4bf966f695
Add module to bypassuac using eventvwr 
This module was inspired by the work done by Matt Nelson and Matt
Graeber who came up with the method in the first place. This works
nicely on a fully patched Windows 10 at the time of writing.
 2016-11-05 04:41:38 +10:00
wchen-r7 ca5610ccde
Land #7511, Update jenkins_script_console to support newer versions 2016-11-04 11:24:25 -05:00
William Vu 5ed030fcf6
Land #7529, nil.downcase fix for tomcat_mgr_deploy 
Don't think it was ever needed, since the password is case-sensitive.

Fixed a minor merge conflict where PASSWORD became HttpPassword.
 2016-11-03 15:39:46 -05:00
Jin Qian 2f8d3c3cf3 Remove the bug where downcase() is invoked on password which is optional and can be empty. 2016-11-03 15:23:19 -05:00
Brendan dae1f26313
Land #7521, Modernize TLS protocol configuration for SMTP / SQL Server 2016-11-03 12:56:50 -05:00
William Vu eca4b73aab
Land #7499, check method for pkexec exploit 2016-11-03 10:59:06 -05:00
William Vu 1c746c0f93 Prefer CheckCode::Detected 2016-11-03 11:14:48 +01:00
William Vu 2cdff0f414 Fix check method 2016-11-03 11:14:48 +01:00
William Webb 31b593ac67
Land #7402, Add Linux local privilege escalation via overlayfs 2016-11-01 12:46:40 -05:00
Brent Cook f8912486df fix typos 2016-11-01 05:43:03 -05:00
OJ 3c57ff5c59
Avoid internal constants for bypassuac file path generation 2016-11-01 01:32:24 +10:00