Commit Graph

45306 Commits (4b29df7ab374846081f80b5fd022343e83260015)

Author SHA1 Message Date
HD Moore 7cfc17860d udp_probe is necessary for pivot scans 2018-02-14 08:45:46 -06:00
HD Moore ef13f01820 Remove actually deprecated modules 2018-02-14 08:43:20 -06:00
HD Moore 234f5a316b Revert "Remove old deprecated modules"
This reverts commit a2c5cc0ffb.
2018-02-14 08:42:44 -06:00
Jacob Robles 9611bfdd01
Land #9547, Delete meterpreter scripts, imporve spelling 2018-02-14 02:24:07 -06:00
Spencer McIntyre 5063415b79
Land #9552, add private_type for stored tomcat pw
Fixes #9513
2018-02-13 19:25:27 -05:00
Jeffrey Martin 3811665b69
Land #7699, Add UDP handlers and payloads (redux) 2018-02-13 14:50:09 -06:00
Jeffrey Martin f5768e7ced
gate session reported when using bind udp
While this method here is somewhat noisy on the network it eliminates
a poor user experience when the handler is started but the payload is
not yet running on the target.

When a target is sent a udp packet and it is not rejected push down
an initial "echo syn" command that will respond with output.  This
allows framework to be aware that the payload is what is running on
the server port instead of assuming a non-existent target is a valid
session.
2018-02-13 14:44:57 -06:00
Jeffrey Martin d56111a33c
update cache sizes from new tests 2018-02-13 14:34:21 -06:00
Wei Chen fbeba8bfd2 Fix #9513, Add private_type to be able to store password for Tomcat
If there is no :private_type, the create_credential method in
Metasploit::Credential::Creation will quietly skip the password,
which makes it look like a bug when the user is trying to view
the password from the creds command.

Fix #9513
2018-02-13 14:31:56 -06:00
Jeffrey Martin b80445e448
add missing payload tests 2018-02-13 14:20:43 -06:00
Jeffrey Martin 2221779ddd
update package namespaces 2018-02-13 13:33:36 -06:00
Jacob Robles b21f5d7036
Land #9546, Correct Typo 2018-02-13 09:59:34 -06:00
Brent Cook 18983d1fae s/imporve/improve/g 2018-02-13 05:30:05 -06:00
Brent Cook 252e80b9bf remove a couple of broken meterpreter scripts (upstream is dead) 2018-02-13 05:28:09 -06:00
Agahlot de24451035 Correct Typo 2018-02-13 15:57:09 +05:30
Jacob Robles aefd0d3875
Land #9542, Correct Typo 2018-02-13 02:41:12 -06:00
Jeffrey Martin 9800d450f5
Land #9543, bump gems, remove rbnacl/ffi since unneeded 2018-02-12 11:47:15 -06:00
Brent Cook 316e657d10
bump gems, remove rbnacl/ffi since unneeded 2018-02-12 11:21:04 -06:00
follower ecb5fffb0b
Typo fix: "withint" --> "within" 2018-02-13 06:20:57 +13:00
UserExistsError bad1429989 reverted CachedSize values 2018-02-11 19:07:41 -07:00
UserExistsError 8ae8a0d94b added bind_named_pipe payload 2018-02-11 18:56:50 -07:00
h00die 285b329ee1
Land #9422 abrt race condition priv esc on linux 2018-02-11 11:58:39 -05:00
Pearce Barry add7ae8fa1
Land #9536, Add Ubuntu notes to documentation 2018-02-11 07:27:00 -06:00
Pearce Barry 321b78b0fe
Land #9408, Add Juju-run Agent Privilege Escalation module (CVE-2017-9232) 2018-02-11 07:19:49 -06:00
Brendan Coles 4e5cbd68b9 Add Ubuntu notes to documentation 2018-02-11 06:52:36 +00:00
Pearce Barry 4b6362a37d
Minor doc tweaks. 2018-02-10 16:14:14 -06:00
Brendan Coles 1177efef89 Update tested versions 2018-02-10 16:32:20 +00:00
h00die fcaee81fba
Land #9467 linux priv esc against glibc origin 2018-02-10 07:20:35 -05:00
h00die 38252e4384 success against x64 2018-02-10 07:17:15 -05:00
Wei Chen b9faa9e92b Fix a typo 2018-02-09 20:28:55 -06:00
Wei Chen 81e0d56261 Always write the file as long as the option is set 2018-02-09 20:28:12 -06:00
Wei Chen 8aa8b6df3d
Land #9532, Fix a bug in the MD docs references
Land #9532
2018-02-09 20:22:35 -06:00
Wei Chen 46a0ea6582 Fix db_spec 2018-02-09 20:06:43 -06:00
Wei Chen 958513bd86 Fix #9522, Add output file support to the vulns command
This adds a new feature for the vulns command for msfconsole. It
allows the user to be able to save the vulnerability as a CSV
file.

Fix #9522
2018-02-09 19:45:46 -06:00
Brendan Coles 0d573e1434 Support shell sessions 2018-02-09 16:15:04 -05:00
Brendan Coles 45249d582d Add partition check 2018-02-09 16:15:04 -05:00
Brendan Coles 9e11632608 Add documentation 2018-02-09 16:15:04 -05:00
Brendan Coles 0ba37f8104 Add glibc $ORIGIN Expansion Privilege Escalation exploit 2018-02-09 16:15:04 -05:00
Spencer McIntyre c612dbfdbf Also fix GitHub related pull request links 2018-02-09 15:16:10 -05:00
Spencer McIntyre 7a18aaa74a Fix the normalizer_spec to expect the md syntax 2018-02-09 14:56:42 -05:00
h00die cb1b59545b
Land #9469 linux local exploit for glibc ld audit 2018-02-09 14:00:42 -05:00
Spencer McIntyre b2d617bde7 Fix a bug in the markdown docs references 2018-02-09 13:41:39 -05:00
Brent Cook 44b08feeb0
Land #9525, Update mysql_hashdump for MySQL 5.7 and above 2018-02-08 13:56:26 -06:00
Brent Cook 1bb5499fce fix whitespace 2018-02-08 13:55:40 -06:00
Jacob Robles c642d420c2
Land #9489, Add scanner for the Bleichenbacker oracle (AKA: ROBOT) 2018-02-08 12:55:02 -06:00
Jacob Robles c9a3894bdb
Removed require statements 2018-02-08 12:00:47 -06:00
Osanda Malith Jayathissa 00ead05237
Update for MySQL 5.7 and above
Starting from MySQL 5.7 the password column was changed to authentication_string. I've added a check to determine the version. Tested on both MySQL 5.6 and 5.7.
2018-02-08 13:40:35 +00:00
Brendan Coles 5b251ae672 Support shell sessions on Debian 2018-02-08 11:29:09 +00:00
Brent Cook b1d0529161 prefer 'shell' channels over 'exec' channels for ssh
If a command is not specified to CommandStream, request a "shell"
session rather than running exec. This allows targets that do not have a
true "shell" which supports exec to instead return a raw shell session.
2018-02-08 02:21:16 -06:00
Brent Cook ca4ad1d0c4
Land #9478, Improve Dup Scout BOF exploit 2018-02-07 23:51:14 -06:00