Commit Graph

169 Commits (52f56527d80b1435c85d832f559d967417c6d007)

Author SHA1 Message Date
James Barnett 7e9d0b3e9b
Fix permissions in docker priv_esc module
The previous command didn't give the original user enough permissions
to execute the payload. This was resulting in permission denied
and preventing me from getting a root shell.

Fixes #8937
2017-09-07 16:48:02 -05:00
h00die a40429158f 40% done 2017-08-28 20:17:58 -04:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
g0tmi1k b8d80d87f1 Remove last newline after class - Make @wvu-r7 happy 2017-07-19 11:19:49 +01:00
g0tmi1k 4720d1a31e OCD fixes - Spaces 2017-07-14 08:46:59 +01:00
h00die 361cc2dbeb fix newline issue and service call 2017-05-30 22:37:26 -04:00
h00die f98b40d038 adds check on service writing before running it 2017-05-30 22:14:49 -04:00
William Vu b794bfe5db
Land #8335, rank fixes for the msftidy god 2017-05-07 21:20:33 -05:00
Bryan Chu 88bef00f61 Add more ranks, remove module warnings
../vmware_mount.rb
Rank = Excellent
Exploit uses check code for target availability,
the vulnerability does not require user action,
and the exploit uses privilege escalation to run
arbitrary executables

../movabletype_upgrade_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../uptime_file_upload_2.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../zpanel_information_disclosure_rce.rb
Rank = ExcellentRanking
Exploit allows remote code execution,
implements version check for pChart

../spip_connect_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../wp_optimizepress_upload.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../wing_ftp_admin_exec.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../novell_mdm_lfi.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../run_as.rb
Rank = ExcellentRanking
Exploit utilizes command injection,
checks system type, and does not require user action
2017-05-07 15:41:26 -04:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings
Also fixed rex requires.
2017-05-03 15:44:51 -05:00
Brent Cook a60e5789ed update mettle->meterpreter references in modules 2017-04-26 17:55:10 -05:00
bwatters-r7 64c06a512e
Land #8020, ntfs-3g local privilege escalation 2017-04-04 09:48:15 -05:00
Bryan Chu 151ed16c02 Re-ranking files
../exec_shellcode.rb
Rank Great -> Excellent

../cfme_manageiq_evm_upload_exec.rb
Rank Great -> Excellent

../hp_smhstart.rb
Rank Average -> Normal
2017-04-02 18:33:46 -04:00
h00die e80b8cb373 move sploit.c out to data folder 2017-03-31 20:51:33 -04:00
Bryan Chu 5e31a32771 Add missing ranks
../exec_shellcode.rb
Rank = Great
This exploit is missing autodetection and version checks,
but should be ranked Great due to high number of possible targets

../cfme_manageiq_evm_upload_exec.rb
Rank = Great
This exploit implements a check to assess target availability,
and the vulnerability does not require any user action

../dlink_dcs_930l_authenticated_remote_command_execution
Rank = Excellent
Exploit utilizes command injection

../efw_chpasswd_exec
Rank = Excellent
Exploit utilizes command injection

../foreman_openstack_satellite_code_exec
Rank = Excellent
Exploit utilizes code injection

../nginx_chunked_size
Rank = Great
Exploit has explicit targets with nginx version auto-detection

../tp_link_sc2020n_authenticated_telnet_injection
Rank = Excellent
See dlink_dcs_930l_authenticated_remote_command_execution,
exploit uses OS Command Injection

../hp_smhstart
Rank = Average
Must be specific user to exploit, no autodetection,
specific versions only
2017-03-31 02:39:44 -04:00
h00die fb5e090f15 fixes from jvoisin 2017-02-28 20:09:26 -05:00
h00die e3e607a552 reword description 2017-02-26 15:24:22 -05:00
h00die 0c353841ab forgot add fixes for travis 2017-02-25 23:25:36 -05:00
h00die a8609f5c66 ntfs-3g lpe 2017-02-25 23:09:22 -05:00
Brent Cook ff2b8dcf99
Revert "Land #7605, Mysql privilege escalation, CVE-2016-6664" - premature merge
This reverts commit 92a1c1ece4, reversing
changes made to 9b16cdf602.
2017-01-22 19:16:33 -06:00
x2020 6f70323460 Minor misspelling mistakes and corrected the check of the mysqld process 2016-11-25 19:03:23 +00:00
x2020 1119dc4abe Targets set to automatic
removed targets and set only automatic
the targets weren't used so there's no funcionallity loss
2016-11-25 17:35:28 +00:00
x2020 acfd214195 Mysql privilege escalation
Documentation, compiled binary and final implementation.
Completed the documentation, added the missing compiled binary and a
final and tested implementation of the module.
2016-11-19 11:24:29 +00:00
Brent Cook 59f3c9e769
Land #7579, rename netfilter_priv_esc to rename netfilter_priv_esc_ipv4 2016-11-21 17:59:29 -06:00
Brent Cook 005d34991b update architecture 2016-11-20 19:09:33 -06:00
Brent Cook f313389be4 Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch 2016-11-20 19:08:56 -06:00
h00die cfd31e32c6 renaming per @bwatters-r7 comment in #7491 2016-11-18 13:52:09 -05:00
Pearce Barry 9eb9d612ca
Minor typo fixups. 2016-11-11 16:54:16 -06:00
Pearce Barry 1dae206fde
Land #7379, Linux Kernel BPF Priv Esc (CVE-2016-4557) 2016-11-11 16:50:20 -06:00
William Vu eca4b73aab
Land #7499, check method for pkexec exploit 2016-11-03 10:59:06 -05:00
William Vu 1c746c0f93 Prefer CheckCode::Detected 2016-11-03 11:14:48 +01:00
William Vu 2cdff0f414 Fix check method 2016-11-03 11:14:48 +01:00
William Webb 31b593ac67
Land #7402, Add Linux local privilege escalation via overlayfs 2016-11-01 12:46:40 -05:00
OJ 3c56f1e1f7
Remove commented x64 arch from sock_sendpage 2016-11-01 01:29:11 +10:00
OJ 1d617ae389
Implement first pass of architecture/platform refactor 2016-10-28 07:16:05 +10:00
Julien (jvoisin) Voisin 23ab4f1fc1 Remove one last tab 2016-10-27 12:32:40 +02:00
Julien (jvoisin) Voisin d9f07183bd Please h00die ;) 2016-10-27 12:18:33 +02:00
Julien (jvoisin) Voisin 2ac54f5028 Add a check for the linux pkexec module 2016-10-27 10:28:13 +02:00
h00die 0d1fe20ae5 revamped 2016-10-15 20:57:31 -04:00
h00die 12493d5c06 moved c code to external sources 2016-10-13 20:37:03 -04:00
Pearce Barry 7b84e961ed
Minor output correction. 2016-10-09 19:01:06 -05:00
h00die 7e6facd87f added wrong file 2016-10-09 09:49:58 -04:00
h00die 2c4a069e32 prepend fork fix 2016-10-09 09:40:44 -04:00
h00die 2dfebe586e working cve-2014-0038 2016-10-08 23:58:09 -04:00
h00die 27cf5c65c4 working module 2016-10-04 23:21:53 -04:00
h00die 75bea08e0e changing branches 2016-10-04 21:08:12 -04:00
h00die e6daef62b4 egypt 2016-10-03 20:24:59 -04:00
h00die 7b0a8784aa additional doc updates 2016-09-29 19:02:16 -04:00
h00die bac4a25b2c compile or nill 2016-09-29 06:15:17 -04:00
h00die 4fac5271ae slight cleanup 2016-09-29 05:51:13 -04:00