ad3eed525b
Handing newer version of WP, fallback CHUNKSIE to 1
2016-01-23 08:06:27 +03:00
d6facbe339
Land #6421 , ADB protocol and exploit
2016-01-22 20:45:44 -06:00
53e9bd7f51
This line does nothing
2016-01-22 18:55:45 -06:00
0f9cf812b7
Bring wordpress_xmlrpc_login back, make wordpress_multicall as new
2016-01-22 18:54:20 -06:00
1b386fa7f1
Add targets to avoid ARCH_ALL payload confusion
2016-01-22 16:45:10 -06:00
51eb79adc7
first try in changing class names
2016-01-22 23:36:37 +01:00
a3cafc3bae
Update PHP meterpreter size
2016-01-22 15:14:18 -06:00
91db2597c7
normalize URIs
2016-01-22 11:27:26 -06:00
b02c762b93
Grab zeroSteiner's module/jenkins-cmd branch
2016-01-22 10:17:32 -06:00
99de466a4d
Bugfix: specify scripting language
2016-01-22 15:00:10 +01:00
484d57614a
remove re-registered ssl options
2016-01-22 09:54:52 +01:00
dc6dd55fe4
Shrink the size of ms08_067 so that it again works with bind_tcp
...
In #6283 , we discovered that ms08_067 was busted with reverse_tcp. The
solution was to bump the amount of space needed to help with encoding.
However, we flew a little too close to the sun, and introduced a
regression with bind_tcp on Windows XP SP2 EN where the payload stages
but does not run.
This shrinks the payload just enough to make bind_tcp work again, but
reverse_tcp also continues to work as expected.
2016-01-21 19:37:09 -06:00
216986f7af
Do API documentation, rspec, and other small changes
2016-01-21 17:22:14 -06:00
d515e4db64
Unwanted comment
2016-01-21 00:55:08 -06:00
bda76c7340
Update lastpass_creds module
2016-01-21 00:53:16 -06:00
a8feb8cad5
make passwords faster for reading huge wordlest files
2016-01-21 03:32:50 +03:00
4cb19c75a6
Enhance the module and add version check
2016-01-21 03:19:31 +03:00
fcaef76215
Do a version check
...
This attack is not suitable for newer versions due to the
mitigation in place.
2016-01-20 17:14:44 -06:00
a7cd5991ac
Add encoding of the upload path into the module
2016-01-17 22:44:41 +00:00
5660c1238b
Fix problem causing upload to fail on versions 1.2 and 1.3 of theme
2016-01-17 18:44:00 +00:00
348ae586a7
Handle vault parsing exceptions
2016-01-15 14:54:59 -08:00
3d04f405b4
Update telisca_ips_lock_control.rb
...
commit the changes mad by sinn3r and replace headers on lock and unlock
2016-01-15 15:05:24 +00:00
477dc64e1e
Rename module
2016-01-14 19:45:00 -06:00
eb6cff77bc
Update the code to today's standards
...
Mainly making sure it is following the Ruby style guide, and
avoid unrecommended coding practices.
2016-01-14 19:38:59 -06:00
e7e63d92be
Land #6467 : fix missing requires in payloads
...
Fixes #6460
2016-01-15 07:42:14 +10:00
fec75c1daa
Land #6457 , FileDropper for axis2_deployer
2016-01-14 15:10:05 -06:00
28cf943bcb
Fix a couple of missing requires in payloads.
...
This pops up occasionally. This fixes a couple of anecdotal reports of missing
requires that cause the loader to fail, depending on the directory sort order.
It also fixes the problem as reported in #6460
2016-01-14 13:17:26 -06:00
8479d01029
Land #6450 , add TLS support to MSSQL
2016-01-14 12:17:40 -06:00
37178cda06
Land #6449 , properly handle HttpServer resource collisions
2016-01-14 12:15:18 -06:00
7e1446d8fa
Land #6400 , iis_webdav_upload_asp improvements
2016-01-14 12:12:33 -06:00
46f06516ad
Update /telisca_ips_lock_abuse
...
cleaning the code
2016-01-14 11:13:10 +00:00
0216d027f9
Use OptEnum instead of OptString
2016-01-14 09:06:45 +00:00
c18253d313
deleted: modules/auxiliary/scanner/http/symantec_brightmail_ldapcreds.rb
2016-01-14 00:03:25 +00:00
60ef1eae90
adding modules/auxiliary/voip/telisca_ips_lock_abuse.rb
2016-01-14 00:00:04 +00:00
1e37ff9701
Merge branch 'master' of github:kfr-ma/metasploit-framework into test_telisca_ipslock
...
merge
2016-01-13 23:20:50 +00:00
01b8302db1
delte modules/auxiliary/scanner/voice/telisca_ips_lock_abuse.rb
2016-01-13 23:19:35 +00:00
1b9563b82a
rm modules/auxiliary/voip/telisca_ips_lock_abuse
2016-01-13 23:09:35 +00:00
c68d2a8e0a
replace telisca_ips_lock_abuse.rb
2016-01-13 22:59:18 +00:00
457e569f3b
replacing telisca-ips-lock
2016-01-13 22:50:58 +00:00
8b03b719e8
Adding auxialiary modules :
...
+ symantec_brightmail_ldapcreds.rb
+ telisca_ips_lock_abuse.rb
2016-01-13 15:19:07 +00:00
564b4807a2
Add METHOD to simple_backdoors_exec
2016-01-13 14:42:11 +00:00
889a5d40a1
Add VAR to simple_backdoors_exec
2016-01-13 13:46:26 +00:00
315d079ae8
Land #6402 , Add Post Module for Windows Priv Based Meterpreter Migration
...
We are also replacing smart_migrate with this.
2016-01-13 01:21:32 -06:00
6deb57dca3
Deprecate post/windows/manage/smart_migrate and other things
...
This includes:
* Give credit to thelightcosine in priv_migrate
* Deprecate smart_migrate
* Update InitialAutoRunScript for winrm_script_exec
2016-01-12 23:14:13 -06:00
514199e88f
Register early so the cleanup can actually rm the file
2016-01-12 15:22:03 -06:00
7128c408c8
Land #6375 , Active Directory Managed Groups Enumeration
2016-01-12 11:21:31 +00:00
4ba2d56f49
Just search on DN for samaccountname
2016-01-12 11:20:20 +00:00
3bee2fff70
Use native method dir
2016-01-08 16:06:24 -08:00
88ef3076e4
Land #6441 , x86/BMP polyglot encoder
2016-01-08 17:09:24 -06:00
78bc394f80
Fix #6268 , Use FileDropper for axis2_deployer
...
Fix #6268
2016-01-08 17:09:09 -06:00
5e6620f2cf
add yard doc and lexical sorting
...
lexical sort methods and add missing YARD docs
2016-01-08 14:36:21 -06:00
536378e023
move datastore kill check to kill method
...
move the datastore check for datatstore['KILL']
into the actual kill method for sake of DRYness
2016-01-08 14:31:42 -06:00
9716b97e1c
split up the migration efforts
...
move admin and suer migrations into
seperate methods for enhanced readability
and maintainability
2016-01-08 14:26:39 -06:00
ad50f9a047
move default targets to constants
...
cleanup the way the target lists get populated
to use constants and be a little cleaner and dryer
2016-01-08 14:03:30 -06:00
8c6bdd532b
Use ? for SQL queries
2016-01-07 22:50:23 -08:00
b46095f3d6
Remove custom method checking file exists
2016-01-07 22:21:10 -08:00
e7701b6d5f
Fix incoherent method to always return a list
2016-01-07 22:17:04 -08:00
5266860cec
Squashed more commits back into 1
2016-01-07 17:53:49 -06:00
6a2b4c2530
Fix #6445 , Unexpected HttpServer terminations
...
Fix #6445
Problem:
When an HttpServer instance is trying to register a resource that
is already taken, it causes all HttpServers to terminate, which
is not a desired behavior.
Root Cause:
It appears the Msf::Exploit::Remote::TcpServer#stop_service method
is causing the problem. When the service is being detected as an
HttpServer, the #stop method used actually causes all servers to
stop, not just for a specific one. This stopping route was
introduced in 04772c8946
2016-01-07 16:55:41 -06:00
24290dc169
Address x86/Bmp polyglot encoder feedback
2016-01-07 10:23:32 -05:00
22a0d970da
Don't delete the payload after running.
2016-01-07 02:26:01 -06:00
fb99c61089
Remove print_status statement.
2016-01-07 01:17:49 -06:00
210f065427
Add a background option for the echo cmdstager.
2016-01-07 01:16:08 -06:00
4e99c873c8
Fix issue when target_pid == current_pid
2016-01-06 19:58:07 -06:00
60c506d7fb
Replace error handling methods
2016-01-06 18:53:54 -06:00
c245e64239
added peer to each print statement and rex table
2016-01-06 13:22:30 -05:00
6e65d1d871
Land #6411 , chinese caidao asp/aspx/php backdoor bruteforce
2016-01-06 12:03:17 -06:00
bdda8650a2
Do not support username, because the backdoor doesn't use one
2016-01-06 02:02:11 -06:00
cca0ba3efe
Add an x86/Bitmap polyglot encoder
2016-01-05 23:17:34 -05:00
d626d7f0c9
Land #6416 , @all3g's rewrite/improvements to redis_server
2016-01-05 19:02:26 -08:00
90ea88e5ba
Make command used configurable
2016-01-05 16:23:10 -08:00
3ccdd12ecb
Put peer first in all prints
2016-01-05 16:09:50 -08:00
1d997234cb
Remove unnecessary degistering of RHOST
2016-01-05 16:08:18 -08:00
d7061e8110
OCD fixes
2016-01-05 23:28:56 +00:00
aa2922e6c3
added in verbose mode for ddns and fixed report_email_creds issue
2016-01-05 14:54:48 -05:00
6cfaf93337
Land #6433 , Add D-Link DCS-931L File Upload
2016-01-05 13:16:11 -06:00
7259d2a65c
Use unless instead of if !
2016-01-05 13:05:01 -06:00
8a76bbafff
Add peer to vprint_error
2016-01-06 01:51:23 +08:00
eef154420b
This is a scanner, so vprint things that occur frequently
2016-01-05 09:06:36 -08:00
63324bd77d
Rescue correct exceptions
2016-01-05 09:05:32 -08:00
1b48556456
Use cleaner hash syntax
2016-01-05 09:05:32 -08:00
9714923824
ensure disconnect / remove self.class from register_options
2016-01-06 00:54:54 +08:00
9f1ceb4b3b
Land #6426 , enable_rdp typo fix
2016-01-05 10:17:25 -06:00
6cb9ad0d72
Land #6435 , unaligned def/end fix
2016-01-05 09:59:25 -06:00
c3158497c0
rebuild / add check_setup / send_request
2016-01-05 15:10:26 +08:00
cbbbd9a7e7
end is not aligned with def
2016-01-05 14:07:43 +08:00
20cd156047
replace auxiliary/scanner/misc/redis_server with auxiliary/scanner/redis/redis_server
2016-01-05 13:14:40 +08:00
7907c93047
Add D-Link DCS-931L File Upload module
2016-01-05 04:15:38 +00:00
3990c021c2
Land #6318 , updates for ssh_identify_pubkeys
2016-01-04 13:27:38 -06:00
6f01df3f79
Clean up module
2016-01-04 13:26:03 -06:00
58c047200d
Land #6305 , creds update for owa_login
2016-01-04 10:52:39 -06:00
30a866a85b
Update enable_rdp.rb
...
Fixed some typos.
2016-01-04 09:52:57 +00:00
00dc6364b5
Add support for native target in addjsif exploit.
2016-01-03 01:07:36 -06:00
0436375c6f
Change require to module level.
2016-01-02 23:06:23 -06:00
3a14620dba
Update linemax to match max packet size.
2016-01-02 23:00:46 -06:00
d64048cd48
Rename to match gdb_server_exec module.
2016-01-02 22:45:27 -06:00
dcd36b74db
Last mile polish and tweaks.
2016-01-02 22:41:38 -06:00
22aae81006
Rename to exec_payload.
2016-01-02 14:13:54 -06:00
6575f4fe4a
Use the cmdstager mixin.
2016-01-02 14:09:56 -06:00
a88471dc8d
Add ADB client and module for obtaining shell.
2016-01-02 01:13:53 -06:00
a6914df3e3
rename LOGIN_URL to TARGETURI
2015-12-31 22:21:34 +08:00
370351ca88
chinese caidao asp/aspx/php backdoor bruteforce
2015-12-31 15:17:01 +08:00
47f9880690
Land #6395 , grammar fixes for recovery_files.rb
...
Improves grammar and details within the description of /post/windows/gather/forensics/recovery_files.rb
2015-12-28 15:57:41 -06:00
cf0e982e83
Land #6386 , VNC creds module fix
2015-12-28 02:32:26 -06:00
6b9c74eec7
Prefer gsub and nix the return
2015-12-28 02:31:47 -06:00
0de69a9d40
Add post Windows privilege based migrate
2015-12-27 19:26:21 -06:00
9120a6aa76
iis_webdav_upload_asp: Add COPY and a few other tricks
2015-12-26 16:01:46 +00:00
e23b5c5435
Land #6179 , add NTP initial crypto nak spoofing module
2015-12-24 15:46:18 -06:00
04f755dd51
Land #6367 , MS15-134 Microsoft Windows Media Center MCL Information Disclosure
2015-12-24 15:24:42 -06:00
283cf5b869
Update msftidy to catch more potential URL vs PACKETSTORM warnings
...
Fix the affected modules
2015-12-24 09:12:24 -08:00
27a6aa0be1
Fix current msftidy warnings about PACKETSTORM vs URL
2015-12-24 09:05:02 -08:00
efdb6a8885
Land #6392 , @wchen-r7's 'def peer' cleanup, fixing #6362
2015-12-24 08:53:32 -08:00
e191bf8ac3
Update description, and fix a typo
2015-12-24 10:35:05 -06:00
f8943f4821
Remove peer; defined in lib/msf/core/post/common.rb
2015-12-24 07:57:16 -08:00
3535cf3d18
Remove peer; included via HttpClient in lib/msf/core/exploit/mssql_sqli.rb
2015-12-24 07:51:12 -08:00
0f2f2a3d08
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/mysql.rb
2015-12-24 07:46:55 -08:00
cb752a4bcf
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/mysql.rb
2015-12-24 07:46:23 -08:00
c55f61d2d7
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/smtp.rb
2015-12-24 07:44:36 -08:00
431c6001a8
Fix recovery_files.rb Description grammar errors
2015-12-24 10:10:39 -05:00
e4f9594646
Land #6331 , ensure generic payloads raise correct exceptions on failure
2015-12-23 15:43:12 -06:00
7444f24721
update whitespace / syntax for java_calendar_deserialize
2015-12-23 15:42:27 -06:00
e3eafff7c9
Land #6237 , @jww519's aux module for Android CVE-2012-6301
2015-12-23 13:27:09 -08:00
6eda702b25
Land #6292 , add reverse_tcp command shell for Z/OS (MVS)
2015-12-23 14:11:37 -06:00
cea3bc27b9
Fix #6362 , avoid overriding def peer repeatedly
...
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
493700be3a
remove duplicate key warning from Ruby 2.2.x
...
This gets rid of the warning:
modules/exploits/multi/http/uptime_file_upload_2.rb:283: warning: duplicated key at line 284 ignored: "newuser"
2015-12-23 10:39:35 -06:00
424e7b6bfe
Land #6384 , more joomla rce references
2015-12-22 22:54:58 +01:00
18398afb56
Update joomla_http_header_rce.rb
2015-12-23 05:48:26 +08:00
cc40c61848
Update joomla_http_header_rce.rb
2015-12-23 05:38:57 +08:00
21b628aa02
Land #6387 , update exploits/multi/http/joomla_http_header_rce
...
Use the new Joomla mixin
2015-12-22 15:01:55 -06:00
9063ee44f4
Land #6381 , Fix post/multi/manage/shell_to_meterprete uname
2015-12-22 14:44:28 -06:00
f6eaff5d96
use the new and shiny joomla mixin
2015-12-22 21:36:42 +01:00
57b850c7af
Land #6373 , joomla mixin
2015-12-22 21:10:46 +01:00
2f71730484
Gather VNC null byte fix + formatting
2015-12-22 17:30:37 +00:00
314e902098
Add original exploit discoverer and exploit-db ref
...
Adding Gary @ Sec-1 ltd for the original exploit and two exploit-db references. Marc-Alexandre Montpas modified Gary's exploit that uses "User-Agent" header. Marc-Alexandre Montpas used "X-FORWARDED-FOR" header to avoid default logged to access.log
2015-12-22 22:44:59 +08:00
45b9230efb
Redirect python stderr to stdout, darwin python platform
2015-12-22 11:32:31 +00:00
be9197fc97
quick fix for issues #6359
2015-12-22 03:26:31 +00:00
f9d74143c3
fix typo
2015-12-22 03:25:34 +00:00
3034cd22df
Land #6372 , fix psexec nil bug + missing return
2015-12-21 10:59:10 -06:00
f129c0363e
Fix broken logic
...
Forgot to set retval when I removed the ensure.
2015-12-21 10:52:03 -06:00
e8c8c54cb0
Use a regex with a negative lookbehind to cope with CNs that contain commas
2015-12-21 11:44:37 +00:00
b0fca769d7
capitalisation
2015-12-21 10:39:30 +00:00
9493b333df
rubocop
2015-12-20 21:22:03 +00:00
c394caad27
actually made the securitygroups only option do something
2015-12-20 21:19:24 +00:00
07caaf352b
made comment match purpose
2015-12-20 21:18:21 +00:00
c0a93433af
msftidy
2015-12-20 21:16:42 +00:00
89728fd8fe
Working version
2015-12-20 21:16:17 +00:00
ae09549057
New module, strating with managedby_groups
2015-12-20 20:17:06 +00:00
2ddac42be7
Perform Rubocop cleanup
2015-12-19 23:33:32 -08:00
2fc940cc3e
Decrypt Chrome and Opera cookies and msdftify code
2015-12-19 22:19:20 -08:00
ab630166bb
Decrypt Chrome and Opera cookies and msdftify code
2015-12-19 21:40:30 -08:00
08bddab568
File name should be the same as the datastore option
2015-12-18 21:22:55 -06:00
7d8ecf2341
Add Joomla mixin
2015-12-18 21:14:04 -06:00
726578b189
Land #6370 , add joomla reference
2015-12-18 17:05:07 -06:00
56636f3337
Land #6368 , remove uptime_file_upload.rb
2015-12-18 17:02:04 -06:00
afe4861195
Fix nil bug and missing return
2015-12-18 15:54:51 -06:00
ef90ffa7b5
Fix #6356 , requote NTDS.DIT path
2015-12-18 15:41:48 -06:00
6afcc13774
Requote file path
2015-12-18 15:41:38 -06:00
309deb52f5
Land #6356 , NTDS.DIT location finder
2015-12-18 15:33:00 -06:00
06a2bb53bd
Clean up module
2015-12-18 15:29:15 -06:00
fb6ede80c9
add joomla reference
2015-12-18 18:27:48 +01:00
485196af4e
Remove modules/exploits/multi/http/uptime_file_upload.rb
...
Please use exploit/multi/http/uptime_file_upload_1 for exploiting
post2file.php on an older version of uptime.
If you are exploiting uptime that is patched against
exploit/multi/http/uptime_file_upload_1, then you may want to try
exploit/multi/http/uptime_file_upload_2.
2015-12-17 23:01:57 -06:00
5f5b3ec6a1
Add MS15-134 Microsoft Windows Media Center MCL Information Disclosure
...
CVE-2015-6127
2015-12-17 22:41:58 -06:00
ccb13a2ca6
Add full IE support and bug fixes
2015-12-17 20:29:50 -08:00
a8bb750db7
Address style/usability concerns in Android CVE-2012-6301 module
2015-12-17 13:45:32 -08:00
0c0219d7b7
Land #6357 , cleanup redis rdbcompression options
2015-12-17 10:45:11 -06:00
f3ac8a2cc0
Land #6360 , @pyllyukko's reference cleanup for ipmi_dumphashes
2015-12-16 22:03:40 -08:00
06f1949e2c
Land #6355 , Joomla HTTP Header Unauthenticated Remote Code Execution
...
CVE-2015-8562
2015-12-16 17:55:51 -06:00
8c43ecbfaf
add random terminator and clarify target
2015-12-17 00:08:52 +01:00
2106a47441
Merge branch 'pr/6357' into upstream-master
2015-12-16 16:02:48 -06:00
08d0ffd709
implement @wvu-r7 's feedback
2015-12-16 22:44:01 +01:00
76438dfb2f
implement @wchen-r7 's suggestions
2015-12-16 20:31:43 +01:00
865e2a7c18
Only test/reset rdbcompression if told to and redis is configured that way
2015-12-16 11:20:13 -08:00
f616ee14a8
Dont abort if compression can't be disabled
2015-12-16 11:11:00 -08:00
12764660b2
Remove compression bits from description; remove unnecessary module options; require DISABLE_RDBCOMPRESSION
2015-12-16 11:07:27 -08:00
b43d580276
try to detect joomla version
2015-12-16 16:16:59 +01:00
30f90f35e9
also check for debian version number
2015-12-16 15:19:33 +01:00
67eba0d708
update description
2015-12-16 14:46:00 +01:00
fa3fb1affc
better ubuntu version check
2015-12-16 14:18:44 +01:00
60181feb51
more ubuntu checks
2015-12-16 14:02:26 +01:00
934c6282a5
check for nil
2015-12-16 13:52:06 +01:00
2661cc5899
check ubuntu specific version
2015-12-16 13:49:07 +01:00
675dff3b6f
use Gem::Version for version compare
2015-12-16 13:04:15 +01:00
d110c6cc73
Added few references to ipmi_dumphashes
2015-12-16 13:36:37 +02:00
01b943ec93
fix check method
2015-12-16 07:26:25 +01:00
595645bcd7
update description
2015-12-16 07:03:01 +01:00
d80a7e662f
some formatting
2015-12-16 06:57:06 +01:00
c2795d58cb
use target_uri.path
2015-12-16 06:55:23 +01:00
2e54cd2ca7
update description
2015-12-16 06:42:41 +01:00
342ce05ff7
add a DISABLE_RDBCOMPRESSION option for redis file_upload
2015-12-16 04:28:52 +00:00
d4ade7a1fd
update check method
2015-12-16 00:18:39 +01:00
2c29298485
undoing this, put in a separate module
2015-12-15 23:16:21 +00:00
5dd8cb7648
proper type conversions
2015-12-15 23:13:02 +00:00
fef9a84548
rubocop
2015-12-15 23:12:14 +00:00
a2b30ff16e
msftidy
2015-12-15 23:11:40 +00:00
281966023c
Final version
2015-12-15 23:10:06 +00:00
7fa453b7ff
Added module
2015-12-15 22:31:00 +00:00
5bb8dbcafc
added peer to users table
2015-12-15 16:45:45 -05:00
059de62400
Editing an existing module rather than adding a new one
2015-12-15 21:36:39 +00:00
797bd9e04d
added peer to each table and added each users groups to the users table
2015-12-15 16:31:25 -05:00
4a66b487de
Based on putty enum module
2015-12-15 21:28:13 +00:00
KINGSABRI
William Vu
wchen-r7
Christian Mehlmauer
Lutz Wolf
Brent Cook
rastating
Martin Vigo
kfr-ma
OJ
Rory McNamara
Fakhir Karim Reda
Meatballs
James Lee
David Maloney
Jonathan Harms
Spencer McIntyre
joev
Josh
Tyler Bennett
Jon Hart
g0tmi1k
nixawk
Brendan Coles
Vincent Yiu
Kyle Gray
karllll
JT
Tim
Louis Sato
Stuart Morgan
Gregory Mikeska
pyllyukko