dfa84aa1af
Use exploit default exception handling
2018-12-14 09:12:32 -06:00
5fd7b82f7a
Remove unused parameter
2018-12-14 09:10:29 -06:00
673cfe6889
Land #11119 , Add WEBUI_PORT to hp_van_sdn_cmd_inject exploit
2018-12-13 16:15:53 -06:00
58aa16d06b
Work around snprintf
2018-12-13 14:29:54 -06:00
f00118851a
Revert "Land #10886 , Bypassuac computerdefault"
...
This reverts commit 14b2cdc120a79b936e09
2018-12-13 13:56:16 -06:00
cc7cb7302e
Land #10944 , Add macOS Safari exploit from pwn2own2018
2018-12-13 13:50:19 -06:00
92feeea0ca
Minor syntax change
2018-12-13 13:46:40 -06:00
cb5648a1c7
Add WEBUI_PORT to hp_van_sdn_cmd_inject exploit
2018-12-13 12:22:36 -06:00
3f1aa425b4
msftidy....lol
2018-12-13 11:03:41 -06:00
2e26ceac8f
added comments
2018-12-13 10:55:09 -06:00
89e4e8bdea
Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master
2018-12-13 09:30:10 -06:00
8b79634338
Update a few stragglers
...
And since eaton_xpert_backdoor was copied from my fortinet_backdoor
module, update the error handling there, too.
2018-12-12 15:47:18 -06:00
e69f006992
Remove CommandShell mixin in exploits
...
This was cargo culting. Exploits use handler instead of start_session.
2018-12-12 15:43:13 -06:00
6e77ae7e3e
Update my SSH scanner modules
...
Especially with proper error handling for Net::SSH::CommandStream.
2018-12-12 15:36:54 -06:00
7cffbac65b
Update additional scanner modules.
2018-12-12 15:32:31 -06:00
fa2164ebb9
Update to match coding style.
2018-12-12 15:32:31 -06:00
eceb47a9da
Move CREATE_SESSION option to advanced option CreateSession
2018-12-12 15:32:31 -06:00
8a7187ad79
Add CREATE_SESSION option to CommanShell
...
Register the CREATE_SESSION option in command_shell_options so it
can be used with all modules that use start_session.
Modify ssh_login.rb, ssh_login_pubkey.rb, and telnet_login.rb to
use the new CREATE_SESSION option.
When CREATE_SESSION is set to true (default) a new session is
created with each successful login. When set to false a new session
is not created but the successful login is still registered in the
credentials database.
2018-12-12 15:32:31 -06:00
904f342848
Option to not create shell on login.
2018-12-12 15:32:30 -06:00
8ffd9e47b0
Up to date PR10429
2018-12-12 13:30:58 -06:00
96c281daef
Add send_not_found and module documentation for webdav_delivery
2018-12-12 13:26:46 -06:00
68d451711b
Fix bpf_priv_esc module
2018-12-12 17:23:12 +00:00
ea724dec46
Merge in upstream/master
2018-12-12 11:00:31 -06:00
aa0c206b4b
Land #11107 , double negative logic cleanup
2018-12-11 20:29:53 -06:00
ae089ce573
Land #10960 , add wp duplicator code inject module
2018-12-11 12:02:07 -06:00
b82e3469a2
renamed module and doc
2018-12-11 11:59:19 -06:00
7e953e34b9
Added the clean_up function
2018-12-11 18:13:46 +01:00
b109321b44
Kill `unless not`
2018-12-11 10:16:16 -06:00
ac88c604fd
Remove copy/pasta'd funtion that was never called
2018-12-11 10:02:36 -06:00
1ab69c221c
Land #11040 , Add CyberLink LabelPrint Local BOF
2018-12-11 08:19:51 -06:00
165f082160
Fix syntax, minor edits
2018-12-11 07:55:20 -06:00
ff2d048530
fixes: update x86/xor_dynamic for #11100
2018-12-10 22:45:45 +01:00
a94e52ca31
fixes: updates x64/xor_dynamic for #11100
2018-12-10 22:42:31 +01:00
3f18ffa224
Land #10318 , Oracle function-based index privesc
2018-12-10 11:32:39 -06:00
d0f1f72426
Clean up module
2018-12-10 11:21:16 -06:00
bc6356a2cd
Land #11090 , update code and style for exploit/linux/local/glibc_origin_expansion_priv_esc
2018-12-10 09:59:03 -06:00
565f2e3e38
wait wrong
2018-12-09 19:23:54 -06:00
ee2ed46143
added date based on man page
2018-12-09 19:17:22 -06:00
f6bfbddb8d
twks
2018-12-09 15:59:58 -06:00
2beddf1012
req changes
2018-12-09 15:01:09 -06:00
237d3c86c4
Code cleanup and update style
2018-12-09 07:26:51 +00:00
39229125b7
tweak
2018-12-09 00:22:49 -06:00
02f3d4688f
changes
2018-12-09 00:10:54 -06:00
69ed80f685
varys -> varies
2018-12-08 22:51:52 -06:00
fcad3f0c8f
erlang cookie rce exploit module
2018-12-08 22:36:56 -06:00
a9c0a5d53d
Use ::File::binread for exploit_data file read
2018-12-09 04:09:56 +00:00
c5015c62b8
Simplify Chrome Gather Cookies
...
Module now uses Chrome itself as a websocket client, reading websockets
via js. It no longer downloads and executes `websocat`.
2018-12-09 09:52:45 +11:00
d3fc707c98
Land #11080 , update mettle payloads
2018-12-08 09:51:37 -06:00
3768f79568
Land #11085 , add lkrg_installed? checks to various modules
2018-12-08 09:19:33 -06:00
733c2f637d
Land #11081 , Add Msf::Post::Linux::Kernel.lkrg_installed? method
2018-12-08 09:14:57 -06:00
d8ab6a552b
Add lkrg_installed? checks
2018-12-08 13:37:12 +00:00
2e5e392085
Land #11079 , add kernel configuration checks to local exploits
2018-12-08 06:58:48 -06:00
0ce05f0c07
update payload sizes
2018-12-08 06:24:02 -06:00
df76521100
Land #11066 , add rpc output locking, fix logging
2018-12-07 13:49:10 -06:00
7f4d97ef46
don't embed status characters in messages, use correct logging instead
2018-12-07 13:29:56 -06:00
80d83720df
Add Msf::Post::Linux::Kernel.lkrg_installed? method
2018-12-07 14:42:16 +00:00
275c043cfd
Add kernel_config checks
2018-12-07 03:28:17 +00:00
0345c8f66c
update mettle payloads
...
This is a large update to mettle payloads including:
* Adds globbing support to the `ls` command (https://github.com/rapid7/mettle/pull/139 )
* Fixes crashes on iOS platforms when cryptTLV is enabled (https://github.com/rapid7/mettle/pull/142 )
* Fixes display of the OS version on macOS and iOS (https://github.com/rapid7/mettle/pull/143 )
* Fixes the local port handling for pivoted client network connections (https://github.com/rapid7/mettle/pull/144 )
* Fixes an unaligned memory access in TLV packet handling, needed for some CPUs (https://github.com/rapid7/mettle/pull/145 )
* Fixes some compatibility issues building on Solaris (https://github.com/rapid7/mettle/pull/147 )
* Updated libpcap, mbedtls, and libcurl to the latest versions (https://github.com/rapid7/mettle/pull/146 )
2018-12-06 21:16:41 -06:00
7d8458d8d4
Land #11076 , Prevent storing empty config files as loot
2018-12-06 20:30:08 -06:00
c3a40d3752
Remove trailing whitespace at EOL.
2018-12-06 20:18:21 -06:00
71f84fe6a7
Land #11060 , Add checks to post/linux/gather/enum_protections
2018-12-06 20:17:50 -06:00
392ad18dba
Implement reverse_ipv6 shellcode via metasm in lib.
...
Per the linked request
https://github.com/rapid7/metasploit-framework/pull/11039#issuecomment-443915955
Rewrote previous version of payload module to make use of metasm for
more reusable shellcode.
2018-12-06 20:10:07 -06:00
f728b46a80
WIP on add-linux-x64-ipv6-bind-shell: 87fa3af6b9 Implement shellcode via metasm in lib.
2018-12-06 16:23:20 -06:00
140833215f
Add CVE as issued by DWF
...
See discussion on #10987 .
Now that I said that out loud, I realize that the original PR for this
module is a really funny PR number.
2018-12-06 14:59:05 -06:00
eecc5d60e0
Prevent storing empty config files as loot
2018-12-06 13:06:50 +00:00
f94559a36a
Update nuuo_nvrmini_upgrade_rce.rb
2018-12-06 07:09:44 +03:00
9d7389b448
Update nuuo_nvrmini_upgrade_rce.rb
2018-12-06 07:04:24 +03:00
cbe3f0eec9
Update nuuo_nvrmini_upgrade_rce.rb
2018-12-06 06:36:29 +03:00
4880dcbda8
Update nuuo_nvrmini_upgrade_rce.rb
2018-12-06 06:34:13 +03:00
ca558d4b14
Update nuuo_nvrmini_upgrade_rce.rb
2018-12-06 06:26:34 +03:00
c72065987b
Update nuuo_nvrmini_upgrade_rce.rb
2018-12-06 06:19:16 +03:00
3ac5096e1a
Create nuuo_nvrmini_upgrade_rce.rb
2018-12-06 05:51:10 +03:00
b0560c1ec8
Centralize logging sync, fix minor logging issues
2018-12-05 12:42:44 -06:00
87fa3af6b9
Implement shellcode via metasm in lib.
...
Per the linked request
https://github.com/rapid7/metasploit-framework/pull/11039#issuecomment-443915955
Rewrote previous payload module to make use of metasm for more reusable
shellcode.
2018-12-05 06:14:31 -06:00
224e782772
Cleaned the create_wp_config_file function
2018-12-05 10:56:22 +01:00
2774c17ca1
Replaced print_error and return with a fail_with
2018-12-05 10:11:09 +01:00
1bc024eaa7
Update cyberlink_lpp_bof.rb
...
Update includes all suggestions and new targets (Win8.1 x64 and Win10 x64)
2018-12-05 14:53:10 +07:00
2735c71bda
Fixed typos, removed not working cleaning
2018-12-04 18:42:54 +01:00
55a9a12670
Land #10964 , add initial golang modules for enumerating owa/o365
2018-12-04 10:33:37 -06:00
40906e0b36
Add checks to post/linux/gather/enum_protections
2018-12-04 11:57:24 +00:00
b58342843b
Refactored check
2018-12-04 12:03:49 +01:00
c27c149a4d
Land #10947 , HPE Intelligent Management Center Java Deserialization RCE
2018-12-03 17:07:31 -06:00
0f82b207c4
hp_imc_java_deserialize: Repro steps for JSONSS ysoserial payload sections
2018-12-03 17:03:04 -06:00
3f930ff141
hp_imc_java_deserialize: Default WfsDelay to 10 seconds to increase reliability
2018-12-03 16:36:37 -06:00
ffb57387b4
Land #11049 , Add Emacs movemail local exploit
2018-12-03 12:43:56 -06:00
4242de3468
Refactor check method
2018-12-03 12:22:40 -06:00
df9c3da47e
Land #10842 , Add Windows Post Module to roll back Windows Defender signatures
...
Merge branch 'land-10842' into upstream-master
2018-12-03 10:57:38 -06:00
b11bcd92a4
Broken into 3 modules, addressed review comments
2018-12-03 10:25:21 -06:00
ab1bea1b22
Land #10798 , Cisco device manager update
2018-12-03 01:39:19 -06:00
58dde9ff33
Apply suggestions from code review
...
Co-Authored-By: defaultnamehere <defaultnamehere@users.noreply.github.com>
2018-12-03 18:39:07 +11:00
d0aca05c69
Add post/chrome/gather/cookies module
2018-12-03 16:07:50 +11:00
d1220bc170
Add Emacs movemail local exploit
2018-12-01 12:05:08 -06:00
8cece2cf54
Add Linux x86_64 IPv6 Inline Bind Shell
...
Implements inline x86_64 Linux bourne bind shell over IPv6.
2018-12-01 07:39:38 -06:00
a801d741c9
Remove old module
2018-11-30 17:28:54 -06:00
70031b6721
Shut up msftidy and document updates
2018-11-30 16:41:40 -06:00
3c992b7af1
Updated documentation and added options in the module to update or roll back
...
definitions
2018-11-30 16:25:33 -06:00
a41b9a77d8
Change the module name, fix cleanup, add documentation
2018-11-30 15:20:34 -06:00
5b926bcbcf
Addressed feedback
2018-11-30 13:18:02 -06:00
6225c04b99
Address review feedback, fix bugs
2018-11-30 11:36:39 -06:00
bd41895fc4
Removed "randomizer"
2018-11-30 09:44:14 -05:00
1eeb1005db
Update modules/auxiliary/admin/oracle/oracle_index_privesc.rb
...
Use print_error for errors and print the error details,
Co-Authored-By: moshekaplan <me@moshekaplan.com>
2018-11-30 09:39:57 -05:00
6874dddc55
Fix space at EOL and sed replace
2018-11-30 15:26:14 +01:00
a4ee221333
Fixed the timeout for web requests
2018-11-30 14:47:41 +01:00
8047bf2b09
Add authenticating... message
2018-11-30 07:24:35 -06:00
b31afb4e3d
Spaces at EOL fixes
2018-11-29 17:29:05 -06:00
fcbc0cddba
Land #11035 , improve fingerprinting for Cisco ASA VPN scanner
2018-11-29 16:41:22 -06:00
dec08a0b43
Land #10954 , apache spark unauth rce module
2018-11-29 13:56:21 -06:00
88ca775fd3
Land #10952 , WP GDPR Compliance plugin exploit
2018-11-29 13:31:31 -06:00
160015d3a7
Check the HTTP response first
2018-11-29 18:54:07 +01:00
984354194f
Check the HTTP response first
2018-11-29 18:49:41 +01:00
1304f93f1f
Add more checks and a cleanup function
2018-11-29 10:39:46 -06:00
01af176679
Change delay implementation
2018-11-29 10:05:47 -06:00
ed6c2896e3
Remove duplicate check
2018-11-29 10:04:51 -06:00
8508824cc2
Modify check logic
2018-11-29 10:04:05 -06:00
2b61c4e118
Fixes for PR
2018-11-29 15:02:03 +01:00
a4c3b8edc7
Add CyberLink LabelPrint < 2.5 - Local Buffer Overflow (SEH Unicode)
...
Add CyberLink LabelPrint < 2.5 - Local Buffer Overflow (SEH Unicode)
2018-11-29 20:20:05 +07:00
3de07f1bff
Add Notes metadata and warning
2018-11-29 06:35:37 -06:00
bfaa6cb416
Add module suggestion
2018-11-29 06:23:45 -06:00
5058afb615
Fixed lport and scopeid offsets.
...
Offsets for scopeid and lport were incorrect in the previous commit.
Updated offsets to the correct values. Confirmed by viewing the connect
syscall values with strace.
2018-11-29 05:42:54 -06:00
947f5ffbf3
Add Linux x86_64 IPv6 Inline Reverse Shell
...
Implements inline x86_64 Linux reverse bourne shell over IPv6.
2018-11-28 21:58:12 -06:00
4888ec0c29
Delete unused variable.
2018-11-29 10:48:25 +08:00
6845f44a2e
Logic...
2018-11-28 20:26:27 -06:00
2864c30965
Fix fail_with issue
2018-11-28 20:18:03 -06:00
e142f5716e
Update documentation
2018-11-28 19:08:01 -06:00
1af7cf2b3b
Update print statements
2018-11-28 18:03:55 -06:00
c4959da77f
Email validation and user registration
2018-11-28 17:56:55 -06:00
9c0c9b3ba9
Use warnings when changing config options
2018-11-28 17:44:02 -06:00
43cef24f6b
Fix version check
2018-11-28 17:43:33 -06:00
bff261616c
improve fingerprinting for Cisco ASA VPN scanner
2018-11-28 14:30:17 -06:00
504237c77a
Land #10877 , ibm-mq-login username/password checker
2018-11-28 11:36:53 -06:00
84f0a59fe6
ibm_mq_login: Added support for WebSphere 9 via the PASSWORD option
2018-11-28 11:08:37 -06:00
ca0a2684f5
Randomize payload main class.
2018-11-28 11:26:51 +08:00
b3ad4a0358
Land #11033 , update refs for imap_open vulnerability
2018-11-27 20:23:46 -06:00
e3e7285288
Land #9946 a UEB local priv escalation
2018-11-27 21:19:34 -05:00
38a99ac90a
ueb privesc updates
2018-11-27 21:18:05 -05:00
4af5ab3089
ueb privesc updates
2018-11-27 21:14:05 -05:00
63125bbc1a
update imap_open refs
2018-11-27 20:31:57 -05:00
d6db5ebdfe
Land #10716 , Create PureVPN Credential Collector Post Explotation Module
2018-11-27 17:42:23 -06:00
180876d8fc
Add check for SMAP
2018-11-27 23:24:02 +00:00
503a544c17
Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master
2018-11-27 16:57:39 -06:00
b05bb616bf
Land #10987 , add exploit for PHP imap_open function against various web apps
2018-11-27 16:44:51 -06:00
830a80e598
Check -1 user/pass condition and improved exception handling
2018-11-27 16:23:09 -06:00
66cae6240f
Land #10994 , Added exploit for CVE-2018-18955
2018-11-27 16:12:05 -06:00
6712363bb5
Land #10737 , add TeamCity XML-RPC exploit module
2018-11-27 14:59:37 -06:00
56f14733a9
changed cmd_stager flavor to printf
2018-11-27 14:23:56 -06:00
d523124faf
Land #10965 , Add the macOS LPE from pwn2own2018 (CVE-2018-4237)
2018-11-27 14:00:35 -06:00
398987e94a
::File.binread
2018-11-27 18:58:05 +00:00
45ca248568
chmod
2018-11-27 18:39:03 +00:00
aae86241ef
Update version check
2018-11-27 18:13:29 +00:00
befca0f2fe
Land #10949 , ForceExploit for Linux local exploits
2018-11-27 11:23:03 -06:00
1f2827c3d0
Land #10975 , More Capture Docs
2018-11-26 13:51:57 -06:00
0fddb8e31c
Land #10768 , Exploit for Netgear CVE-2016-1555
2018-11-26 11:45:10 -06:00
14b2cdc120
Land #10886 , Bypassuac computerdefault
...
Merge branch 'land-10886' into upstream-master
2018-11-26 11:19:46 -06:00
0b6c73a7d4
Land #11019 , Replace WsfDelay with WfsDelay
2018-11-26 10:59:04 -06:00
7b4b573942
Land #9915 , Cleanup and improvements to influxdb_enum
2018-11-26 10:25:07 -06:00
e2d58afe13
cleaned up code, added custom
2018-11-25 10:59:53 -05:00
5c06cdca73
Replace WsfDelay with WfsDelay - Fixes #11018
2018-11-25 05:09:16 +00:00
be6cfde921
Land #11015 , Fix payload and console check for Xorg_privesc Linux targets
2018-11-25 04:51:27 +00:00
93db7b399f
Using Wfsdelay instead of sleep loop, users get shells ASAP
2018-11-24 22:26:04 -06:00
debf79416b
Replace WsfDelay with WfsDelay - Fixes #11018
2018-11-25 04:22:11 +00:00
01ed57cbb3
Remove check for nosuid
2018-11-25 01:53:07 +00:00
ff23a006b7
cleanup
2018-11-25 00:16:39 +00:00
1783617770
consolelock check updated to use id, payload upload changed, documentation updated, misc formatting
2018-11-24 15:10:21 -06:00
945755b058
add custom php_imap target
2018-11-24 14:18:13 -05:00
45f2c5beb2
update php_imap_open docs
2018-11-24 07:26:42 -05:00
e36cef3b96
e107 exploitable now
2018-11-23 20:16:53 -05:00
f4cbdc8e3e
No Threads in datastore
2018-11-23 17:15:33 +08:00
8a402da056
Explain "junk" in buffer for morris_fingerd_bof
...
And unrelated whitespace changes because I suck.
2018-11-22 23:15:12 -06:00
0a2c0751fa
Randomize more
2018-11-22 15:25:51 -05:00
a59913434d
Land #10916 , Xorg SUID privesc
2018-11-21 19:46:11 -06:00
5d9195fe72
Land #10981 , start printjob docs and bug fixes
2018-11-21 16:35:02 -06:00
5fed559264
Land #10997 , Remove harmful default command to execute
2018-11-21 16:19:40 -06:00
96ede80dc4
Land #10876 , ibm_mq_enum: IBM WebSphere MQ Name and Version Enumeration
2018-11-21 16:10:59 -06:00
a3131f15de
ibm_mq_enum: Code cleanup, server channel and general exception handling improvements
2018-11-21 16:09:18 -06:00
188d94027c
Land #10996 , Check `check` code for ms15-034
2018-11-21 14:45:56 -06:00
e706e2b58d
Remove harmful default command to execute
2018-11-21 11:09:13 +02:00
ae3538952a
Fix ms15-034 module
2018-11-21 12:31:56 +08:00
2197da4cd9
Fix code as jrobles suggest.
2018-11-21 11:24:50 +08:00
acf421ffb0
remove eol spaces
2018-11-20 19:45:17 -05:00
31ad58fb91
edb and author
2018-11-20 19:30:43 -05:00
4111a61e1a
fix module description
2018-11-20 18:35:20 -05:00
4c59a271e2
added suitecrm to imap_open exploit
2018-11-20 18:33:42 -05:00
7084538b8c
ibm_mq_channel_brute: Exception handling when channel.length > 20 chars
2018-11-20 16:24:17 -06:00
d2a5b966f3
Land #10875 , IBM WebSphere MQ Channel Name Bruteforce auxiliary module
2018-11-20 16:23:23 -06:00
288d78d372
Land #10352 , Add check/response for CVE-2017-12149
2018-11-20 13:11:05 -06:00
d5d8216377
Land #10977 , Add documentation and some enhancement to freesshd_authbypass module
2018-11-20 11:44:49 -06:00
bccb0972cf
Land #10984 , don't examine a nil object in ms15_034_ulonglongadd
2018-11-20 08:37:48 -06:00
63a2396626
updated testing branch to branch off master
2018-11-20 08:14:19 -06:00
eb17c45000
Add Linux Nested User Namespace idmap Limit Local Privilege Escalation module
2018-11-20 14:10:28 +00:00
901b51f247
Update modules/auxiliary/scanner/http/iis_shortname_scanner.rb
...
Co-Authored-By: egre55 <34132245+egre55@users.noreply.github.com>
2018-11-20 11:13:17 +00:00
6c382ba711
Update modules/auxiliary/scanner/http/iis_shortname_scanner.rb
...
Co-Authored-By: egre55 <34132245+egre55@users.noreply.github.com>
2018-11-20 11:13:05 +00:00
5e513b209d
Update modules/auxiliary/scanner/http/iis_shortname_scanner.rb
...
Co-Authored-By: egre55 <34132245+egre55@users.noreply.github.com>
2018-11-20 11:12:51 +00:00
3829cc11bb
add DEBUG_EXPLOIT option
2018-11-20 17:58:36 +08:00
57bad6b213
move offsets to hash
...
fix
2018-11-20 17:58:34 +08:00
9884bea84e
Update the reference link.
2018-11-20 17:39:01 +08:00
9f573d6f27
Fix code as jrobles suggest.
2018-11-20 16:54:22 +08:00
bee3c3d4d3
add documentation
2018-11-20 16:53:34 +08:00
44b1b6fe31
fix forking
2018-11-20 15:58:55 +08:00
52df29ebcc
test on branch off master
2018-11-19 15:08:38 -06:00
509e1c2587
Land #10973 , Rework DisclosureDate check in msftidy, including ISO 8601 support
2018-11-19 10:46:18 -06:00
a28feed7d8
fix normalize and date
2018-11-19 04:00:58 -05:00
d904b93ec9
fixed is_vul
2018-11-19 13:39:08 +05:30
4b09584047
php_imap_open_rce
2018-11-18 21:28:19 -05:00
4a22656005
fixes
2018-11-18 21:56:51 +00:00
8b63c85bd2
fixes
2018-11-18 21:21:28 +00:00
467e0877f5
res.code
2018-11-18 12:40:09 +00:00
7ecdaa09c5
start printjob docs and bug fixes
2018-11-17 21:17:12 -05:00
b679bfa3d9
Carriage return errors fixed.
2018-11-18 03:29:17 +08:00
fd0f40a141
Add PowerShell as a separate target then set it as default.
2018-11-18 03:20:48 +08:00
cbdcd367ee
Minor print out mod
2018-11-16 20:31:34 +01:00
2deaf198b3
Added module docs
2018-11-16 13:29:22 -06:00
6f094799b6
Update modules/exploits/windows/http/hp_imc_java_deserialize.rb
...
Print payload length
Co-Authored-By: carmaa <carsten@carmaa.com>
2018-11-16 20:20:52 +01:00
709befea5c
Update modules/exploits/windows/http/hp_imc_java_deserialize.rb
...
Fixed if/else block return
Co-Authored-By: carmaa <carsten@carmaa.com>
2018-11-16 20:19:23 +01:00
90b9204703
Update DisclosureDate to ISO 8601 in my modules
...
Basic msftidy fixer:
diff --git a/tools/dev/msftidy.rb b/tools/dev/msftidy.rb
index 9a21b9e398..e9ff2b21e5 100755
--- a/tools/dev/msftidy.rb
+++ b/tools/dev/msftidy.rb
@@ -442,6 +442,8 @@ class Msftidy
# Check disclosure date format
if @source =~ /["']DisclosureDate["'].*\=\>[\x0d\x20]*['\"](.+?)['\"]/
d = $1 #Captured date
+ File.write(@full_filepath, @source.sub(d, Date.parse(d).to_s))
+ fixed('Probably updated traditional DisclosureDate to ISO 8601')
# Flag if overall format is wrong
if d =~ /^... (?:\d{1,2},? )?\d{4}$/
# Flag if month format is wrong
2018-11-16 12:18:28 -06:00
08b3efa046
Enhanced module and added documentation.
2018-11-16 21:18:45 +08:00
a174c606aa
Changed SELINUX check to use built in methods
2018-11-16 04:22:18 -06:00
189f29e534
Land #10572 eaton ssh private key scanner
2018-11-15 17:16:36 -05:00
de014f0599
remove variable only used once
2018-11-15 17:14:13 -05:00
8b4cf2c3e2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into capture_docs2
2018-11-15 17:02:50 -05:00
3d53170694
fail_with instead of error and return
2018-11-15 17:01:52 -05:00
680393d4d6
Refined check method to actually verify vulnerability
2018-11-15 22:31:31 +01:00
420be60900
add CVE-2018-4237
2018-11-15 08:48:10 +08:00
2c30459a1b
add CVE-2018-4233 and CVE-2018-4404
2018-11-15 08:44:18 +08:00
38bea6c29c
Added msmailprobe to msf
2018-11-14 16:15:11 -06:00
4987f67b9b
Land #10925 , smb_login error/status message
2018-11-14 13:19:04 -06:00
795aa3c99c
Land #10828 , git submodule url exec CVE-2018-17456
2018-11-14 12:39:13 -06:00
02f2a2828e
Fix references CVE and WPVDB
2018-11-14 18:19:12 +01:00
3daec992c8
Fix indentation
2018-11-14 18:08:31 +01:00
798d3156bc
Print git command for module
2018-11-14 10:57:36 -06:00
b9348bd579
Added the CVE number in the references
2018-11-14 16:52:57 +01:00
5f9570cbcf
Added WordPress Duplicator <= 1.2.40 and documentation
2018-11-14 16:39:42 +01:00
f43aaac290
Clean code.
2018-11-14 16:48:39 +08:00
4fc047db87
Added advanced option to check console lock on linux systems, default true & updated docs
2018-11-13 22:33:12 -06:00
7cc4d09a92
Clean code.
2018-11-14 10:35:38 +08:00
5e85683228
removed to_s from string
2018-11-13 15:28:55 -06:00
3849d5de18
resolve description update request
2018-11-13 16:21:43 -05:00
ac8932c144
update 9631 to a current branch
2018-11-13 15:15:25 -06:00
da134f06e3
Updated check method
...
Fixed check method and redundant variable declarations
2018-11-13 16:01:40 -05:00
f2712ecdf6
Land #10607 , Add External Module: office365userenum.py
2018-11-13 10:57:05 -06:00
7a4770790c
Land #10938 , add docs for modules and fix bug.
...
Add docs for auxiliary module http_basic/imap/mysql, and fix a bug
in modules/auxiliary/server/capture/mysql.rb
2018-11-13 16:22:03 +08:00
11a2fa7f0d
Space at EOL removed from description
2018-11-13 00:23:21 +01:00
9d1554498d
WP GDPR Compliance plugin exploit - privsec to admin registering
2018-11-12 23:33:47 +01:00
538055c406
Initial documentation for Xorg Privesc Module
...
killed white spaces
2018-11-12 15:44:13 -06:00
541283a4dd
Tidied up set_payload
2018-11-12 20:45:49 +01:00
0bdab320f7
Remove useless variable declaration
...
Co-Authored-By: carmaa <carsten@carmaa.com>
2018-11-12 12:04:22 +01:00
388aebc335
Add exploit module for spark unauthenticated rce.
2018-11-12 17:07:50 +08:00
16d146fd59
Fixing indentation.
2018-11-12 13:24:00 +08:00
3e4df06500
Some more modifications
...
Placed contents of request_post into execute_command
Randomized fingerprint with rand_text_alpha(12)
Spaces at EOL fixed
Normalized target URI
2018-11-12 13:04:42 +08:00
818cb37aca
Implemented changes recommended by @bcoles.
2018-11-12 12:26:23 +08:00
e06af184c8
Tidy check method
2018-11-11 22:53:13 +01:00
8894af58de
serialized, not deserialized...
2018-11-11 22:47:57 +01:00
1e8fbc3a1b
Fixed indentation and added a status message printout when exploiting
2018-11-11 22:37:42 +01:00
cf5ca78350
Added YSOSerial payload generating string
2018-11-11 22:15:30 +01:00
ef7fc783be
Added Selinux check, changed version check, retested on all platforms
2018-11-11 12:34:30 -06:00
a5429d21a6
Update modules/exploits/multi/local/xorg_x11_suid_server.rb
...
Co-Authored-By: aringo <ringo.aaron@gmail.com>
2018-11-11 07:39:32 -06:00
2a7b18bcbf
Update modules/exploits/multi/local/xorg_x11_suid_server.rb
...
Co-Authored-By: aringo <ringo.aaron@gmail.com>
2018-11-11 07:38:42 -06:00
40bc44d2b6
Add ForceExploit to Linux local modules
2018-11-11 09:37:56 +00:00
e6f548c5f4
added meterpreter, took out in session, moved to exploits/multi/local
2018-11-11 01:43:36 -06:00
3770f121fe
Changing result parsing style
...
Co-Authored-By: carmaa <carsten@carmaa.com>
2018-11-11 08:07:37 +01:00
951d3e1117
Changing result parsing style
...
Co-Authored-By: carmaa <carsten@carmaa.com>
2018-11-11 08:07:32 +01:00
446eec00b3
Remove disconnect
...
Co-Authored-By: carmaa <carsten@carmaa.com>
2018-11-11 08:04:43 +01:00
189c203e3d
Remove handler
...
Co-Authored-By: carmaa <carsten@carmaa.com>
2018-11-11 08:04:34 +01:00
e5df5494d9
Remove connect
...
Co-Authored-By: carmaa <carsten@carmaa.com>
2018-11-11 08:04:22 +01:00
5a978dca2e
Removed architecture to make payload selection work
2018-11-10 23:00:54 +01:00
cbaacf696a
Add exploit module for CVE-2017-12557
...
HP Intelligent Management Java Deserialization RCE (Windows)
2018-11-10 22:36:43 +01:00
1c2da8a5c8
correct trailing space issue
2018-11-10 15:40:03 -05:00
33f624bbb2
Module updated to reflect requested changes
2018-11-10 14:36:06 -05:00
1f14a9846d
Land #10767 , Add Cisco Prime Infrastructure remote root exploit
2018-11-10 17:08:16 +00:00
bf15fa0770
hash not password for mysql
2018-11-09 18:32:21 -05:00
c31c75c790
fix mysql capture store creds
2018-11-09 18:18:50 -05:00
981893a8bf
Merge branch 'master' into sparkrce
2018-11-09 14:12:33 +08:00
b93f14a5c2
Fixed some PR feedback, still working on adding meterpreter and cleanup
2018-11-08 22:10:46 -06:00
3f3bee6a79
added version check
2018-11-08 22:08:11 -06:00
012c8a450f
Feedback from PR work cont. changed loop, formatting errors, options
2018-11-08 22:08:11 -06:00
adb8be7f9f
includes partially implemented feedback from PR
2018-11-08 22:08:11 -06:00
18bf58e547
Update modules/exploits/openbsd/local/xorg_x11_suid_server.rb
...
Co-Authored-By: aringo <ringo.aaron@gmail.com>
2018-11-08 22:08:11 -06:00
8c4eb5f741
Update modules/exploits/openbsd/local/xorg_x11_suid_server.rb
...
Co-Authored-By: aringo <ringo.aaron@gmail.com>
2018-11-08 22:08:11 -06:00
84b79e6787
Update modules/exploits/openbsd/local/xorg_x11_suid_server.rb
...
Co-Authored-By: aringo <ringo.aaron@gmail.com>
2018-11-08 22:08:11 -06:00
7feb960d9b
Initial add of Xorg SUID privesc
2018-11-08 22:08:11 -06:00
792b451f40
capture server docs and updates
2018-11-08 21:23:27 -05:00
f192b50a8e
Catch exceptions
2018-11-08 18:47:56 +00:00
1fbf779f9c
Added more verbose output
2018-11-08 18:35:15 +00:00
88e4d384d2
increased default timeout value
2018-11-08 16:13:55 +00:00
3c6f2157ae
land #10895 fix vmware_http_login undefined variables
2018-11-07 08:45:51 -05:00
9dd0f2a5ea
modified to allow unix cmd for testing and other targets not supported, took out interpolation,notes section re-added
...
added notes section back in
2018-11-06 20:45:20 -06:00
682433f62e
smb_login error/status message
2018-11-05 17:49:58 -06:00
dd57b27652
Rename `hash` to `generate_process_hash`
...
In the interest of compatibility this uses a more descriptive name for
the process hash creation method instead of overriding ruby's hash method.
See https://docs.ruby-lang.org/en/2.0.0/Hash.html
2018-11-05 17:16:16 -06:00
aff4ef0752
land #10912 moving polycom exploit to misc folder
2018-11-05 16:54:24 -05:00
0c38babb9e
Land #10874 , rm size restriction from pyld_inject
2018-11-05 15:16:40 -06:00
f185c06204
Land 10794, Add support for ms17_010_eternalblue_win8 ProcessName option
...
Merge branch 'land-10794' into upstream-master
2018-11-05 15:08:59 -06:00
7ca2311325
Land #10792 , Add support for ms17_010_eternalblue ProcessName option
...
Merge branch 'land-10792' into upstream-master
2018-11-05 14:19:10 -06:00
1f0941101f
shut up, msftidy
2018-11-05 14:13:33 -06:00
4f2ba46125
Stop some of the rubocop carnage
2018-11-05 14:11:24 -06:00
a32d8083f0
Land #10847 - Add blueimp's jQuery (Arbitrary) File Upload
...
CVE-2018-9206
2018-11-05 11:37:20 -06:00
cb229411bc
Land #10888 , Fix Net::SSH::CommandStream session open failure
2018-11-05 11:15:09 -06:00
5ec155fd44
Changed some options to advanced
2018-11-05 09:59:17 -06:00
708d067e65
Land #10919 , Add doc for ftp capture module.
...
And add a custom option banner for it.
2018-11-05 14:15:52 +08:00
ff07289132
better style according to the review
2018-11-05 13:46:36 +08:00
04218cff39
ftp capture
2018-11-04 21:46:01 -05:00
7464d81c01
Add warning about JSP deletion
2018-11-05 00:52:34 +09:00
Jacob Robles
Brent Cook
bwatters-r7
Wei Chen
William Vu
Milton-Valencia
Stephen Haywood
Brendan Coles
Shelby Pace
Julien Legras
Francesco Soncina
Alex
epi
Tod Beardsley
Berk Dusunur
Christopher Lee
Thomas Gregory
asoto-r7
Jeffrey Martin
Moshe Kaplan
Green-m
h00die
Aaron Ringo
L
Adam Cammack
David Yates
Tim W
Shaksham Jaiswal
egre55
Imran E. Dawoodjee
Carsten Maartmann-Moe
Chris Higgins
BrianWGray
Alex Gonzalez
thomas.labadie
root
l9c
Pedro Ribeiro