d715f53604
add MinRID to complement MaxRID, allowing continuing or starting from a higher value
...
from @lvarela-r7
2017-10-20 15:32:25 -05:00
85152b5f1e
added check function
2017-10-20 14:28:52 -06:00
e9ad5a7dca
Update ueb9_api_storage.rb
2017-10-20 14:05:15 -06:00
16b6248943
Update ueb9_bpserverd.rb
2017-10-20 13:58:12 -06:00
5c0bcd8f0a
Update ueb9_bpserverd.rb
2017-10-20 13:56:25 -06:00
abc749e1e8
Update ueb9_api_storage.rb
2017-10-20 13:48:29 -06:00
8febde8291
Update ueb9_api_storage.rb
2017-10-20 12:23:53 -06:00
664e774a33
style/rubocop cleanup
2017-10-20 09:44:07 -07:00
7cd532c384
Change targetr to target to fix small typo bug on one failure
...
The target object seems to have a typo where it is referred to as
“targetr” which I’d guess isn’t exactly what we’d like to do in this
case. So, I’ve changed that to “target” in order to work.
So, I’ve simply fixed that small typo.
2017-10-19 19:55:58 -04:00
04a24e531b
New module
2017-10-18 21:37:26 -04:00
7098372f58
Update shell_bind_tcp.rb
2017-10-17 19:33:10 -04:00
858bb26b56
Adding python/shell_bind_tcp, for an avaialable option
2017-10-17 07:36:45 -04:00
7e338fdd8c
Land #9086 , proxying fix for nessus_rest_login
2017-10-16 11:52:04 -05:00
df8261990d
Land #9085 , proxying fix for pop3_login
2017-10-16 11:38:24 -05:00
b04f5bdf90
Land #9077 , Enhancing the functionality on the nodejs shell_reverse_tcp payload.
2017-10-16 10:49:17 -05:00
9597157e26
Make nessus_rest_login scanner proxy-aware again
2017-10-14 11:16:41 +02:00
f4ae2e6cdc
Make pop3_login scanner proxy-aware again
2017-10-14 11:05:54 +02:00
9afc8b589c
Updating the payload sizes
2017-10-14 11:05:44 +05:30
c67a5872cd
Land #9055 , Add exploit for Sync Breeze HTTP Server
...
Land #9055
2017-10-13 17:34:03 -05:00
3a2c6128be
Support automatic targeting
2017-10-13 16:53:22 -05:00
a63c947768
gopher proto
2017-10-12 21:32:01 -04:00
9b219f42c5
Land #9029 , Fix Linux post module file assumptions
2017-10-12 17:56:40 -05:00
deb2d76678
Land #9058 , Add proxies back to smb_login
2017-10-12 17:31:45 -05:00
a0abffb6c4
Adding functionality of StagerRetryWait and StagerRetryCount
2017-10-12 22:25:00 +05:30
374c139d33
Increasing the functionality of the nodejs shell_reverse_tcp payload
2017-10-12 19:05:59 +05:30
294230c455
Land #8509 , add Winsxs bypass for UAC
2017-10-11 16:24:52 -05:00
cfaa34d2a4
more style cleanup for tomcat_jsp_upload_bypass
2017-10-11 15:53:35 -05:00
9885dc07f7
updates for style
2017-10-11 15:29:47 -05:00
1786634906
Land #9059 , Tomcat JSP Upload via PUT Bypass
2017-10-11 15:05:00 -05:00
b76c1f3647
remove invalid 'client' object reference in nodejs
...
fix #9063 by removing invalid object reference introduced in PR #8825
2017-10-11 11:09:28 -05:00
03e7797d6c
fixed msftidy errors and added documentation
2017-10-11 07:57:01 -04:00
e976a91b15
land #9053 RCE for rend micro imsva
2017-10-10 19:27:06 -04:00
a4bc3ea3c2
Merge branch 'pr9032' into upstream-master
...
Land #9032 , Improve CVE-2017-8464 LNK exploit
Land #9032
2017-10-10 17:11:51 -05:00
ab63caef7b
Land #9009 , Apache Optionsbleed module
2017-10-10 12:13:40 -05:00
57afc3b939
Land #9044 , Address generation issues with pure PSH payloads
2017-10-10 10:40:33 -05:00
2b85eb17dd
Create ibm_lotus_notes2.rb
2017-10-10 12:22:06 +05:30
fb16f1fbda
Disabling bind type payloads
2017-10-10 09:37:24 +03:00
facc38cde1
set timeout for DELETE request
2017-10-09 21:53:31 -04:00
850aeda097
land #9052 RCE of Trend Micro OfficeScan
2017-10-09 20:46:30 -04:00
a3d47ea838
Land #8989 , IBM Lotus Notes DoS (CVE-2017-1129)
2017-10-09 19:37:59 -05:00
fd8b72ca66
Minor tweaks.
2017-10-09 17:02:24 -05:00
15adb82b96
Make smb_login scanner proxy-aware again
2017-10-09 23:01:25 +02:00
a2d32b460c
Fixing grammer issue
2017-10-09 22:31:13 +03:00
c14c93d450
Integrate OfficeScan 11 exploitation and fix grammer issues
2017-10-09 22:11:42 +03:00
ef282ea154
Sync Breeze HTTP Server v10.0.28 BOF
...
Added support for v10.0.28 to Sync Breeze BOF module
2017-10-09 13:50:24 -04:00
fc5ab96ad6
Merging to prep for testing
...
Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master
2017-10-09 10:31:30 -05:00
7df18e378d
Fix conflicts in PR 8509 by mergeing to master
2017-10-09 10:30:21 -05:00
be8680ba3d
Create tomcat_jsp_upload_bypass.rb
...
Created a module for CVE-2017-12617 which uploads a jsp payload and executes it.
2017-10-08 21:48:47 -04:00
395c82050b
Adding Trend Micro IMSVA Widget RCE
2017-10-08 18:15:32 +03:00
79c9123261
Adding Trend Micro OfficeScan widget rce module
2017-10-08 17:54:18 +03:00
7a87e11767
land #8781 Utilize Rancher Server to exploit hosts
2017-10-07 13:04:34 -04:00
b7184e87c0
fixing a type
2017-10-07 14:16:01 +02:00
8d50c34e4b
codefixing
2017-10-07 14:06:58 +02:00
34d119be04
Payload space, error handling and style"
2017-10-07 01:12:24 +02:00
d9e0d891a1
Land #9010 , Remove checks for hardcoded SYSTEM account name
2017-10-06 13:42:18 -05:00
7535fe255f
land #8736 RCE for orientdb
2017-10-06 14:35:42 -04:00
f996597bcf
update cached payload sizes
2017-10-06 13:19:00 -05:00
752d21e11c
forgot a comma
2017-10-06 10:47:42 -06:00
63e3892392
fixed issues identified by msftidy
2017-10-06 10:16:01 -06:00
78e262eabd
fixed issues identified by msftidy
2017-10-06 10:15:30 -06:00
36610b185b
initial commit for UEB9 exploits - CVE-2017-12477, CVE-2017-12478
2017-10-06 09:38:33 -06:00
770547269b
added documentation, and fixed 4 to 2 indentation
2017-10-06 15:39:25 +02:00
c701a53def
Land #9018 , Add Bind Shell JCL Payload for z/OS
2017-10-05 17:24:50 -05:00
7292ee24a2
Land #9027 , Cleanup revshell for zos
2017-10-05 17:20:01 -05:00
4a745bd2cc
Land #8991 , post/windows/manage/persistence_exe: fix service creation
2017-10-05 17:04:58 -05:00
9d2e8b1e4d
Land #8003 , Evasions for delivering nops/shellcode into memory
2017-10-05 16:44:36 -05:00
b7e209a5f3
Land #9033 , Geolocate API update
2017-10-05 16:39:09 -05:00
e4d99a14b6
Fix EXITFUNC back to process for the RCE too
2017-10-05 11:38:08 -04:00
4729c885f1
Cleanup the CVE-2017-8464 LPE module
2017-10-05 11:10:37 -04:00
d0ebfa1950
Change the template technicque to work as an LPE
2017-10-05 10:30:28 -04:00
825ad940e6
Update the advanced option names and a typo
2017-10-05 10:16:31 -04:00
482ce005fd
Update the advanced option names and a typo
2017-10-05 10:11:00 -04:00
7400082fdb
Land #9040 , Add CVE and Vendor article URL to the denyall_waf_exec module
2017-10-04 09:12:48 -05:00
110f3c9b4a
Add cve and vendor article to the denyall_waf_exec module
2017-10-04 12:11:58 +03:00
10dafdcb12
Fix #9036 , broken refs in bypassuac_comhijack
...
Each ref needs to be an individual array.
2017-10-03 13:36:29 -05:00
9ff6efd3a3
Remove broken link
2017-10-02 20:43:55 +05:30
fc66683502
fixes #8928
2017-10-01 19:49:32 -04:00
e3326e1649
Use send_request_cgi instead of raw
2017-10-01 02:15:43 +02:00
701d628a1b
Features for selecting the target
2017-10-01 02:04:10 +02:00
f2f48cbc8f
Update the CVE-2017-8464 module
2017-09-30 18:25:16 -04:00
a676f600d6
fixes to more modules
2017-09-30 15:45:52 -04:00
8a49a639a0
check file exists before reading
2017-09-29 22:34:38 -04:00
7fc9be846a
bcoles suggestions
2017-09-29 20:29:30 -04:00
8af2e5a7ee
Cleanup revshell for zos
...
remove unused code, extra comments
align code, etc. no functionality changes
2017-09-29 18:27:29 -05:00
9ae8bdda1c
Added Bind Shell JCL Payload for mainframe
...
The bind shell is the companion payload to the reverse_shell_jcl
payload for the mainframe platform.
2017-09-29 16:52:36 -05:00
9b75ef7c36
Land #8343 , qmail Shellshock module
2017-09-29 00:28:30 -05:00
daedf0d904
Clean up module
2017-09-29 00:27:22 -05:00
6cc5324e5b
oe is all umlaut
2017-09-28 19:52:02 -04:00
3a1a437ac7
Rubocop Stlye
2017-09-28 23:53:45 +02:00
40c58e3017
Function for selecting the target host
2017-09-28 23:43:59 +02:00
cc98e80002
Change arch to ARCH_X64
2017-09-28 20:50:18 +02:00
2295146dcd
working optionsbleed module
2017-09-27 22:07:57 -04:00
997b831b52
implement regexes
2017-09-27 19:33:50 -04:00
41e3895424
remove checks for hardcoded name
2017-09-27 07:41:06 +02:00
0649d0d356
wip optionsbleed
2017-09-26 22:09:07 -04:00
579342c4f6
Land #8955 , Fix error messages on telnet_encrypt_overflow.rb
2017-09-26 16:08:58 -05:00
66d6ac418a
Land #8978 , Add smb1 scanner
2017-09-26 16:06:41 -05:00
cad36ee14e
Land #8952 , suhosin compatibility added to staged payload
2017-09-26 15:22:36 -05:00
b10d6b8b63
Land #9001 , SSLVersion consolidation for modules
2017-09-25 15:53:18 -05:00
98ae054b06
Land #8931 , Node.js debugger exploit
2017-09-25 14:00:13 -05:00
7924667e51
appease alignists
2017-09-25 09:10:10 -05:00
62ee4ed708
update modules to use inherited SSLVersion option
2017-09-25 09:03:22 -05:00
1ee590ac07
Move over to rex-powershell and version bump
...
Version bump for:
- https://github.com/rapid7/rex-powershell/pull/10
- https://github.com/rapid7/rex-powershell/pull/11
2017-09-25 13:45:06 +01:00
273d49bffd
Land #8891 login scanner for Inedo BuildMaster
2017-09-24 13:30:17 -04:00
4d1e51a0ff
Land #8906 RCE for supervisor
2017-09-24 08:03:30 -04:00
48188e999e
post/windows/manage/persistence_exe: fix service creation
...
Fixes service creation when in post/windows/manage/persistence_exe
2017-09-23 23:48:50 +02:00
9528f279a5
cleaned up version, and docs
2017-09-23 10:51:52 -04:00
e4f79879ba
Update and rename modules/auxiliary/dos/ibm_lotus_notes.rb to modules/auxiliary/dos/http/ibm_lotus_notes.rb
2017-09-23 18:27:50 +05:30
e8eeb784e4
Land #8960 , spelling/grammar fixes part 3
2017-09-22 18:51:31 -05:00
8de6fa79c1
Tweakz, yo.
2017-09-22 18:49:09 -05:00
d56fffcadf
Land #8974 , spelling/grammar fixes part 4. Finished.
2017-09-22 14:59:28 -05:00
f1be6b720b
Tweaky bits.
2017-09-22 13:38:06 -05:00
669b6771e3
Update ibm_lotus_notes.rb
2017-09-22 17:16:42 +05:30
a71edb33be
Create ibm_lotus_notes.rb
2017-09-22 17:08:05 +05:30
ddbff6ba3c
Land #8980 unauth RCE for denyAll WAF
2017-09-21 21:41:33 -04:00
3d543b75f5
Fixing typos and replacing double quotes with single
2017-09-21 23:48:12 +03:00
1031d7960a
Moving token extraction to the seperated function
2017-09-20 10:23:32 +03:00
5a62e779aa
Land #8954 , fix internal usage of bindata objects when generating NTP messages
2017-09-19 09:01:49 -05:00
ee969ae8e5
Adding DenyAll RCE module
2017-09-19 14:53:37 +03:00
c953842c96
Added docs and additional dialects
2017-09-18 15:02:38 -05:00
7d07f7054d
Merge remote-tracking branch 'origin/master' into add_smb1_scanner
2017-09-18 13:16:06 -05:00
d07fe2f1e7
Added reporting back, removed wfw dialect
2017-09-18 13:15:19 -05:00
08dea910e1
pbarry-r7 comments
2017-09-17 19:38:43 -04:00
c90f885938
Finished spelling issues
2017-09-17 16:00:04 -04:00
d5362333e2
Land #8958 , Add Disk Pulse Enterprise web server buffer overflow
2017-09-15 13:34:22 -05:00
6f5eb5a18f
update
2017-09-15 12:07:28 -05:00
e651bc1205
Land #8951 , Hwbridge auto padding fix and flowcontrol
2017-09-15 08:33:17 -05:00
4e81a68108
Simplify saving valid credentials by calling store_valid_credential
2017-09-15 00:18:33 -05:00
e88b766276
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into add_smb1_scanner
2017-09-14 17:00:45 -05:00
646dda7958
Add initial smbv1 scanner code
2017-09-14 16:59:39 -05:00
c77cb51d64
add newline
2017-09-14 18:26:11 +02:00
a992a3c427
Land #8774 , Post module for gather Docker credentials
2017-09-14 10:15:03 -05:00
200a1b400a
Remove spaces to appease msftidy.
2017-09-14 09:28:38 -05:00
30f833f684
80 pages left
2017-09-13 22:03:34 -04:00
52385f4d9e
fix formatting to fit rubocop
2017-09-13 11:46:57 -05:00
b8c40a9d95
Clean up formatting
2017-09-13 11:13:33 -05:00
3c204f91ef
Correct module title
2017-09-13 11:02:13 -05:00
65f2ee9109
added generate_seh_record
2017-09-13 10:56:32 -05:00
7db506887b
Add exploit code
2017-09-13 10:36:36 -05:00
eb0d174987
Add disk_pulse_enterprise_get module
2017-09-13 10:19:24 -05:00
a07f7c9f42
Land #8520 , Linux post module to find and collect TOR hidden service configurations
2017-09-12 13:39:18 -05:00
27a517e0f6
Fix #8060 , cf #8061
2017-09-12 18:41:51 +02:00
a7a17c677c
fix internal usage of bindata objects when generating NTP messages
2017-09-12 09:54:09 -04:00
86726978ed
payload size updated
2017-09-12 19:23:31 +05:30
e4465c9350
Fixed a bug where flowcontrol caused the first packet to get lost
2017-09-11 19:00:53 -07:00
b218cc3c7f
Merge branch 'master' into hw_auto_padding_fix
2017-09-11 18:30:34 -07:00
ad9329993d
Added better padding and flowcontrol support.
2017-09-11 18:20:57 -07:00
7b87915e1f
Land #8923 , Add additional error checking to mssql_clr_payload module
2017-09-11 17:39:33 -05:00
a58552daad
Land #8825 , Handle missing util.pump in nodejs shell payloads
2017-09-11 15:32:21 -05:00
5f66b7eb1a
Land #8940 , @h00die's second round of desc fixes
...
One ninja edit along the way as well.
2017-09-11 13:05:13 -05:00
Brent Cook
caleBot
Jon Hart
Kent Gruber
mumbai
Austin
William Vu
Jeffrey Martin
Hanno Heinrichs
itsmeroy2012
Wei Chen
h00die
Adam Cammack
bwatters-r7
root
Wei Chen
RootUp
Mehmet Ince
peewpw
Pearce Barry
jakxx
Maurice Popp
Martin Pizala
William Webb
Spencer McIntyre
ashish gahlot
bigendiansmalls
Christian Mehlmauer
Brent Cook
g0tmi1k
Jannis Pohl
loftwing
james
Erik Lenoir
Anant Shrivastava
Craig Smith
Tod Beardsley