Commit Graph

18779 Commits (557dffd8d272b1315e266536a727b1f675f13240)

Author SHA1 Message Date
wchen-r7 f06d7591d6 Add header for zpanel_information_disclosure_rce.rb 2015-10-20 16:19:44 -05:00
wchen-r7 70b005de7f
Land #6041, Zpanel info disclosure exploit 2015-10-20 16:08:16 -05:00
wchen-r7 728fd17856 Make code changes for zpanel_information_disclosure_rce.rb
Use Nokogiri and URI, as well as indent fixes and other things
2015-10-20 16:07:02 -05:00
Brent Cook 0784370b98 more typo and whitespace fixes 2015-10-20 13:09:17 -05:00
Rob Fuller 2f1406e1c8 fix typo
not sure how this got in there
2015-10-20 13:48:00 -04:00
William Vu 88159edf9f Fix double raise in vnc_none_auth
Not necessary for what it's trying to accomplish, being a scanner.
2015-10-19 18:22:06 -05:00
Sam H 712f9f2c83 Deleted extra reference to exploit DB 2015-10-18 19:10:47 -07:00
Sam Handelman b03c3be46d Fixed some styling errors in the initializer. Switched the calls to sleep(1) to use the Rex API (Rex.sleep(1) instead). 2015-10-18 02:13:03 -07:00
Sam Handelman 3757f2e8de Changed my author name to make sure it matches my GitHub username inside the module information. 2015-10-16 14:54:34 -07:00
Sam Handelman 95d5e5831e Adding the updated version of the module to submit a pull request. Changes were made to ensure that the OS version check correctly determines which systems are vulnerable, giving only a warning message if not. 2015-10-16 14:39:07 -07:00
wchen-r7 c399d7e381
Land #5959, Add Nibbleblog File Upload Vuln 2015-10-16 15:30:13 -05:00
wchen-r7 9666660c06 Enforce check and add another error message 2015-10-16 15:29:12 -05:00
Brent Cook 20366993e3
Land #5937, use the Android mixin to get the Android version 2015-10-16 14:23:27 -05:00
wchen-r7 896099b297
Land #6082, Directory Traversal for Elasticsearch 2015-10-16 11:00:27 -05:00
wchen-r7 e59a4e36b7 Fix check 2015-10-16 10:59:04 -05:00
Roberto Soares 41e9f8a91b Some code changes from Roberto 2015-10-16 10:47:19 -05:00
William Vu f14776ab63
Land #6092, refs for arkeia_agent_exec 2015-10-15 22:50:57 -05:00
William Vu 8cb6cc57b5
Land #6094, refs for another ManageEngine module 2015-10-15 22:49:05 -05:00
William Vu 86dfbf23e8 Fix whitespace 2015-10-15 22:48:53 -05:00
xistence 018b515150 Add CVE/URL references to manageengine_eventlog_analyzer_rce 2015-10-16 10:41:39 +07:00
xistence b1f2e40b98 Add CVE/URL references to module manage_engine_opmanager_rce 2015-10-16 10:36:13 +07:00
xistence 6a1553ae63 Add EDB/CVE/URL references to arkeia_agent_exec 2015-10-16 10:23:20 +07:00
jvazquez-r7 db5d83a40a
Move namespaces 2015-10-15 09:17:06 -05:00
William Vu bf9530d5ba
Land #5941, X11 keyboard exec module 2015-10-14 11:38:47 -05:00
Brent Cook 30d2a3f2a9
Land #5999, teach PSH web delivery to use a proxy 2015-10-14 11:05:45 -05:00
William Vu c1b6de90a0
Land #6083, autofilter fixes for aggro modules 2015-10-14 00:14:20 -05:00
William Vu 2a2d8d941d
Land #6054, HTTP Host header injection module 2015-10-13 23:37:31 -05:00
HD Moore d67b55d195 Fix autofilter values for aggressive modules 2015-10-13 15:56:18 -07:00
jaguasch d933962ff9 Last fix, including espreto minor changes 2015-10-13 18:41:51 +01:00
William Vu c642057fa0 Clean up module 2015-10-13 12:03:41 -05:00
jaguasch 772f9d8742 Changes based on espreto recommendations 2015-10-13 16:06:26 +01:00
jaguasch 7790f14af2 Auxiliary module to exploit CVE-2015-5531 (Directory traversal) in Elasticsearch before 1.6.1 2015-10-13 13:05:58 +01:00
William Vu a4f0666fea
Land #6081, DLink -> D-Link 2015-10-12 18:05:52 -05:00
Tod Beardsley 185e947ce5
Spell 'D-Link' correctly 2015-10-12 17:12:01 -05:00
Tod Beardsley 336c56bb8d
Note the CAPTCHA exploit is good on 1.12. 2015-10-12 17:09:45 -05:00
HD Moore 6f3bd81b64 Enable 64-bit payloads for MSSQL modules 2015-10-11 12:52:46 -05:00
jvazquez-r7 ed0b9b0721
Land #6072, @hmoore-r7's lands Fix #6050 and moves RMI/JMX mixin namespace 2015-10-10 00:24:12 -05:00
jvazquez-r7 b9b488c109 Deleted unused exception handling 2015-10-09 23:38:52 -05:00
jvazquez-r7 c60fa496c7
Delete extra spaces 2015-10-09 23:37:11 -05:00
jvazquez-r7 e6fbca716c
Readd comment 2015-10-09 23:29:23 -05:00
jvazquez-r7 af445ee411
Re apply a couple of fixes 2015-10-09 23:24:51 -05:00
HD Moore a590b80211 Update autoregister_ports, try both addresses for the MBean 2015-10-09 20:20:35 -07:00
HD Moore 2b94b70365 Always connect to RHOST regardless of JMXRMI address 2015-10-09 17:49:22 -07:00
HD Moore cd2e9d4232 Move Msf::Java to the normal Msf::Exploit::Remote namespace 2015-10-09 13:24:34 -07:00
Tod Beardsley 94bb94d33a
Working URL for real 2015-10-09 15:07:44 -05:00
Tod Beardsley b04f947272
Fix blog post date, derp 2015-10-09 14:59:57 -05:00
Tod Beardsley 55ef6ebe91
HP SiteScope vuln, R7-2015-17
On behalf of @l0gan, already reviewed once by @jvazquez-r7, reviewed
again by me.

For details, see:

https://community.rapid7.com/community/metasploit/blog/2017/10/09/r7-2015-17-hp-sitescope-dns-tool-command-injection
2015-10-09 14:55:48 -05:00
jvazquez-r7 5e9faad4dc Revert "Merge branch using Rex sockets as IO"
This reverts commit c48246c91c, reversing
changes made to 3cd9dc4fde.
2015-10-09 14:09:12 -05:00
jvazquez-r7 347495e2f5
Rescue Rex::StreamClosedError when there is a session 2015-10-09 13:41:41 -05:00
William Vu b95d5790f6 Improve output 2015-10-09 11:13:50 -05:00
William Vu 6d2a89e9a6 Be more descriptive about EOFError
There are other modules that could be updated, surely.
2015-10-09 11:05:17 -05:00
jvazquez-r7 5fab1cc71a
Add loop timeout 2015-10-09 11:05:05 -05:00
brent morris 28454f3b2e MSFTidyness 2015-10-08 12:59:46 -04:00
wchen-r7 3a0f7ce699
Land #6044, ManageEngine ServiceDesk Plus Arbitrary File Download 2015-10-07 15:24:14 -05:00
wchen-r7 f0b6d3c68e Change error message to avoid an undef method bug 2015-10-07 15:23:29 -05:00
wchen-r7 871f46a14e
Land #6038, ManageEngine ServiceDesk Plus Arbitrary File Upload 2015-10-07 15:17:58 -05:00
wchen-r7 dddfaafac7 Update reference 2015-10-07 15:17:22 -05:00
wchen-r7 a2c9e2549d
Land #6014, support TCP advanced options for loginscanner mods 2015-10-07 14:26:25 -05:00
Christian Mehlmauer eb597bb9f3
Land #5842, watermark fileformat exploit 2015-10-07 19:29:04 +02:00
William Vu ddea0ea708
Fix #5797, extraneous nil fix 2015-10-07 01:11:51 -05:00
William Vu 0182f394b4 Remove extraneous nil
Didn't need it, forgot to remove it.
2015-10-07 01:10:33 -05:00
JT 205b175a95 Update host_header_injection.rb 2015-10-07 13:20:06 +08:00
JT 6b3da7f7d8 Update host_header_injection.rb
made some changes as suggested by @espreto
2015-10-07 13:01:49 +08:00
JT a1e0e0cdd9 Add HTTP Host-Header Injection Detection 2015-10-07 11:19:00 +08:00
jakxx c5237617f2 Update buffer size for reliability 2015-10-06 18:12:40 -04:00
wchen-r7 5fac0a6ae5
Land #5995, advanced options on Metasploit::Framework::LoginScanner::SMB 2015-10-06 16:36:18 -05:00
William Vu 3f2d5d7f06 Add newline back in 2015-10-05 11:42:58 -05:00
xistence 41b07eeef6 Small changes to servicedesk_plus_traversal 2015-10-05 08:56:00 +07:00
Roberto Soares ed8f5456a4 Fix bugs in drupal_views_user_enum. 2015-10-04 05:53:54 -03:00
xistence e6a57d5317 Add ManageEngine ServiceDesk Plus Path Traversal module 2015-10-03 15:54:44 +07:00
Brent Cook dea0142da1 catch network exceptions 2015-10-02 18:26:37 -05:00
William Vu 55895c6305 Fix nil bug in mssql_idf 2015-10-02 18:20:06 -05:00
jvazquez-r7 c967b60bf8
Land #5948, @bcook-r7's fix shell_to_meterpreter from powershell 2015-10-02 15:59:43 -05:00
jvazquez-r7 6468eb51b2
Do changes to have into account powershell sesions are not cmd sessions 2015-10-02 15:26:42 -05:00
brent morris 5eff3e5637 Removed hard tabs 2015-10-02 14:34:00 -04:00
brent morris 4ee7ba05aa Removing hard tabs test 2015-10-02 14:31:46 -04:00
brent morris 6406a66bc0 Remove Ranking 2015-10-02 14:24:46 -04:00
brent morris 9f71fd9bfd Formatting ZPanel Exploit 2015-10-02 14:23:07 -04:00
brent morris 89a50c20d0 Added Zpanel Exploit 2015-10-02 13:29:53 -04:00
William Vu a773627d26
Land #5946, simple_backdoors_exec module 2015-10-02 11:18:29 -05:00
William Vu 5b8f98ee06
Land #6022, zemra_panel_rce module 2015-10-02 11:18:09 -05:00
Pedro Ribeiro 659a09f7d2 Create manageengine_sd_uploader.rb 2015-10-02 16:04:05 +01:00
jvazquez-r7 1f26ec1252
Land #6018, @pedrib's module for Kaseya VSA ZDI-15-448 2015-10-02 08:58:43 -05:00
jvazquez-r7 75d2a24a0a
Land #6019, @pedrib's Kaseya VSA ZDI-15-449 exploit 2015-10-02 08:51:28 -05:00
Pedro Ribeiro d334dc237f Update kaseya_master_admin.rb 2015-10-02 13:21:28 +01:00
Pedro Ribeiro cbbeef0f53 Update kaseya_uploader.rb 2015-10-02 13:20:59 +01:00
JT 33916997a4 Update zemra_panel_rce.rb
revised the name and the description
2015-10-02 09:49:59 +08:00
JT fa1391de87 Update simple_backdoors_exec.rb
Updating the code as suggested
2015-10-02 07:53:15 +08:00
JT 501325d9f4 Update zemra_panel_rce.rb 2015-10-02 06:48:34 +08:00
Brent Cook 55f6fe7037
Land #5510, update x86/alpha* encoders to be SaveRegister aware 2015-10-01 15:07:10 -05:00
Brent Cook d551f421f8
Land #5799, refactor WinSCP module and library code to be more useful and flexible 2015-10-01 14:35:10 -05:00
jvazquez-r7 1b21cd9481
Do code cleanup 2015-10-01 13:37:18 -05:00
jvazquez-r7 a88a6c5580
Add WebPges to the paths 2015-10-01 13:22:56 -05:00
jvazquez-r7 f9a9a45cf8
Do code cleanup 2015-10-01 13:20:40 -05:00
jvazquez-r7 5f590b8c2e
Land #6032, @h0ng10 adds reference to java_jmx_server 2015-10-01 13:07:08 -05:00
Hans-Martin Münch (h0ng10) 30101153fa Remove spaces 2015-10-01 18:56:37 +02:00
jvazquez-r7 c35e99664e
Land #6003, @earthquake's x86-64 pushq signedness error fixed 2015-10-01 11:52:28 -05:00
jvazquez-r7 aa01383361
Fix comment 2015-10-01 11:51:45 -05:00
Hans-Martin Münch (h0ng10) 41cf0ef676 Add reference for CVE-2015-2342 - VMWare VCenter JMX RMI RCE 2015-10-01 18:43:21 +02:00
jvazquez-r7 195418b262
Update the sin_family on bind_tcp_small 2015-10-01 11:22:59 -05:00