Commit Graph

9346 Commits (56fd5a745efe88e4449f79fc8fc3878822ed7cb4)

Author SHA1 Message Date
Brent Cook 37178cda06
Land #6449, properly handle HttpServer resource collisions 2016-01-14 12:15:18 -06:00
William Vu 7e1446d8fa
Land #6400, iis_webdav_upload_asp improvements 2016-01-14 12:12:33 -06:00
Rory McNamara 0216d027f9 Use OptEnum instead of OptString 2016-01-14 09:06:45 +00:00
Rory McNamara 564b4807a2 Add METHOD to simple_backdoors_exec 2016-01-13 14:42:11 +00:00
Rory McNamara 889a5d40a1 Add VAR to simple_backdoors_exec 2016-01-13 13:46:26 +00:00
wchen-r7 315d079ae8
Land #6402, Add Post Module for Windows Priv Based Meterpreter Migration
We are also replacing smart_migrate with this.
2016-01-13 01:21:32 -06:00
wchen-r7 6deb57dca3 Deprecate post/windows/manage/smart_migrate and other things
This includes:

* Give credit to thelightcosine in priv_migrate
* Deprecate smart_migrate
* Update InitialAutoRunScript for winrm_script_exec
2016-01-12 23:14:13 -06:00
wchen-r7 514199e88f Register early so the cleanup can actually rm the file 2016-01-12 15:22:03 -06:00
benpturner c5773b1a02 Removal of spaces found with msftidy 2016-01-12 17:04:50 +00:00
benpturner 9d64edc16f New module to exploit the Install Service vulnerability inside data protector. I released this vulnearbility on exploit DB some years back but Metasploit didnt support setting up a SMB server at the time. I have re-submitted this module to exploit the vulnerability. I have tested this on Windows Server 2003 and it works without fail. 2016-01-12 16:53:26 +00:00
wchen-r7 78bc394f80 Fix #6268, Use FileDropper for axis2_deployer
Fix #6268
2016-01-08 17:09:09 -06:00
wchen-r7 6a2b4c2530 Fix #6445, Unexpected HttpServer terminations
Fix #6445

Problem:
When an HttpServer instance is trying to register a resource that
is already taken, it causes all HttpServers to terminate, which
is not a desired behavior.

Root Cause:
It appears the Msf::Exploit::Remote::TcpServer#stop_service method
is causing the problem. When the service is being detected as an
HttpServer, the #stop method used actually causes all servers to
stop, not just for a specific one. This stopping route was
introduced in 04772c8946, when Juan
noticed that the java_rmi_server exploit could not be run again
after the first time.

Solution:
Special case the stopping routine on the module's level, and not
universal.
2016-01-07 16:55:41 -06:00
joev 22a0d970da Don't delete the payload after running. 2016-01-07 02:26:01 -06:00
joev fb99c61089 Remove print_status statement. 2016-01-07 01:17:49 -06:00
joev 210f065427 Add a background option for the echo cmdstager. 2016-01-07 01:16:08 -06:00
Micheal 436ea85b18 Further cleanup and fixes 2016-01-05 21:11:08 -08:00
g0tmi1k d7061e8110 OCD fixes 2016-01-05 23:28:56 +00:00
wchen-r7 7259d2a65c Use unless instead of if ! 2016-01-05 13:05:01 -06:00
Brendan Coles 7907c93047 Add D-Link DCS-931L File Upload module 2016-01-05 04:15:38 +00:00
joev 00dc6364b5 Add support for native target in addjsif exploit. 2016-01-03 01:07:36 -06:00
joev 0436375c6f Change require to module level. 2016-01-02 23:06:23 -06:00
joev 3a14620dba Update linemax to match max packet size. 2016-01-02 23:00:46 -06:00
joev d64048cd48 Rename to match gdb_server_exec module. 2016-01-02 22:45:27 -06:00
joev dcd36b74db Last mile polish and tweaks. 2016-01-02 22:41:38 -06:00
joev 22aae81006 Rename to exec_payload. 2016-01-02 14:13:54 -06:00
joev 6575f4fe4a Use the cmdstager mixin. 2016-01-02 14:09:56 -06:00
joev a88471dc8d Add ADB client and module for obtaining shell. 2016-01-02 01:13:53 -06:00
Micheal 5c9c27691e Execute commands on postgres through built-in functionality 2016-01-01 04:26:20 -08:00
Micheal 2fd796a699 Execute commands on postgres through built-in functionality 2016-01-01 03:51:00 -08:00
Micheal 814bf2a102 Execute commands on postgres through built-in functionality 2016-01-01 02:43:56 -08:00
Micheal fa3431c732 Pushing now. Still working on it. 2015-12-26 17:53:52 -05:00
g0tmi1k 9120a6aa76 iis_webdav_upload_asp: Add COPY and a few other tricks 2015-12-26 16:01:46 +00:00
Jon Hart 283cf5b869
Update msftidy to catch more potential URL vs PACKETSTORM warnings
Fix the affected modules
2015-12-24 09:12:24 -08:00
Jon Hart 27a6aa0be1
Fix current msftidy warnings about PACKETSTORM vs URL 2015-12-24 09:05:02 -08:00
Jon Hart efdb6a8885
Land #6392, @wchen-r7's 'def peer' cleanup, fixing #6362 2015-12-24 08:53:32 -08:00
Jon Hart 0f2f2a3d08
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/mysql.rb 2015-12-24 07:46:55 -08:00
Brent Cook e4f9594646
Land #6331, ensure generic payloads raise correct exceptions on failure 2015-12-23 15:43:12 -06:00
Brent Cook 7444f24721 update whitespace / syntax for java_calendar_deserialize 2015-12-23 15:42:27 -06:00
wchen-r7 cea3bc27b9 Fix #6362, avoid overriding def peer repeatedly
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
Brent Cook 493700be3a remove duplicate key warning from Ruby 2.2.x
This gets rid of the warning:

modules/exploits/multi/http/uptime_file_upload_2.rb:283: warning: duplicated key at line 284 ignored: "newuser"
2015-12-23 10:39:35 -06:00
Christian Mehlmauer 424e7b6bfe
Land #6384, more joomla rce references 2015-12-22 22:54:58 +01:00
JT 18398afb56 Update joomla_http_header_rce.rb 2015-12-23 05:48:26 +08:00
JT cc40c61848 Update joomla_http_header_rce.rb 2015-12-23 05:38:57 +08:00
Christian Mehlmauer f6eaff5d96
use the new and shiny joomla mixin 2015-12-22 21:36:42 +01:00
JT 314e902098 Add original exploit discoverer and exploit-db ref
Adding Gary @ Sec-1 ltd for the original exploit and two exploit-db references. Marc-Alexandre Montpas modified Gary's exploit that uses "User-Agent" header. Marc-Alexandre Montpas used "X-FORWARDED-FOR" header to avoid default logged to access.log
2015-12-22 22:44:59 +08:00
Louis Sato 3034cd22df
Land #6372, fix psexec nil bug + missing return 2015-12-21 10:59:10 -06:00
William Vu f129c0363e Fix broken logic
Forgot to set retval when I removed the ensure.
2015-12-21 10:52:03 -06:00
Louis Sato 726578b189
Land #6370, add joomla reference 2015-12-18 17:05:07 -06:00
William Vu afe4861195 Fix nil bug and missing return 2015-12-18 15:54:51 -06:00
Christian Mehlmauer fb6ede80c9
add joomla reference 2015-12-18 18:27:48 +01:00
wchen-r7 485196af4e Remove modules/exploits/multi/http/uptime_file_upload.rb
Please use exploit/multi/http/uptime_file_upload_1 for exploiting
post2file.php on an older version of uptime.

If you are exploiting uptime that is patched against
exploit/multi/http/uptime_file_upload_1, then you may want to try
exploit/multi/http/uptime_file_upload_2.
2015-12-17 23:01:57 -06:00
wchen-r7 06f1949e2c
Land #6355, Joomla HTTP Header Unauthenticated Remote Code Execution
CVE-2015-8562
2015-12-16 17:55:51 -06:00
Christian Mehlmauer 8c43ecbfaf
add random terminator and clarify target 2015-12-17 00:08:52 +01:00
Christian Mehlmauer 08d0ffd709
implement @wvu-r7 's feedback 2015-12-16 22:44:01 +01:00
Christian Mehlmauer 76438dfb2f
implement @wchen-r7 's suggestions 2015-12-16 20:31:43 +01:00
Christian Mehlmauer b43d580276
try to detect joomla version 2015-12-16 16:16:59 +01:00
Christian Mehlmauer 30f90f35e9
also check for debian version number 2015-12-16 15:19:33 +01:00
Christian Mehlmauer 67eba0d708
update description 2015-12-16 14:46:00 +01:00
Christian Mehlmauer fa3fb1affc
better ubuntu version check 2015-12-16 14:18:44 +01:00
Christian Mehlmauer 60181feb51
more ubuntu checks 2015-12-16 14:02:26 +01:00
Christian Mehlmauer 934c6282a5
check for nil 2015-12-16 13:52:06 +01:00
Christian Mehlmauer 2661cc5899
check ubuntu specific version 2015-12-16 13:49:07 +01:00
Christian Mehlmauer 675dff3b6f
use Gem::Version for version compare 2015-12-16 13:04:15 +01:00
Christian Mehlmauer 01b943ec93
fix check method 2015-12-16 07:26:25 +01:00
Christian Mehlmauer 595645bcd7
update description 2015-12-16 07:03:01 +01:00
Christian Mehlmauer d80a7e662f
some formatting 2015-12-16 06:57:06 +01:00
Christian Mehlmauer c2795d58cb
use target_uri.path 2015-12-16 06:55:23 +01:00
Christian Mehlmauer 2e54cd2ca7
update description 2015-12-16 06:42:41 +01:00
Christian Mehlmauer d4ade7a1fd
update check method 2015-12-16 00:18:39 +01:00
Christian Mehlmauer c603430228
fix version check 2015-12-15 18:26:21 +01:00
wchen-r7 b9b280954b Add a check for joomla 2015-12-15 11:03:36 -06:00
Christian Mehlmauer e4309790f5
renamed module because X-FORWARDED-FOR header is also working 2015-12-15 17:37:45 +01:00
Christian Mehlmauer 84d5067abe
add joomla RCE module 2015-12-15 17:20:49 +01:00
wchen-r7 ab3fe64b6e Add method peer for jenkins_java_deserialize.rb 2015-12-15 01:18:27 -06:00
Tod Beardsley 30c805d9c7
Land #6344, R7-2015-22 / CVE-2015-8249 2015-12-14 12:30:51 -06:00
Tod Beardsley b25aae3602
Add refs to module
See rapid7#6344.
2015-12-14 12:05:46 -06:00
wchen-r7 bd8aea2618 Fix check for jenkins_java_deserialize.rb
This fixes the following:

* nil return value checks
* handle missing X-Jenkins-CLI-Port scenario more properly
* proper HTTP path normalization
2015-12-14 11:25:59 -06:00
wchen-r7 5ffc80dc20 Add ManageEngine ConnectionId Arbitrary File Upload Vulnerability 2015-12-14 10:51:59 -06:00
dmohanty-r7 eb4611642d Add Jenkins CLI Java serialization exploit module
CVE-2015-8103
2015-12-11 14:57:10 -06:00
karllll a5c6e260f2 Update hp_vsa_login_bof.rb
Updated reference URL to latest location
2015-12-10 10:56:39 -05:00
William Vu 563be5c207
Land #6322, another Perl IRC bot exploit 2015-12-10 09:43:07 -06:00
William Vu a945350821
Land #6307, Perl IRC bot exploit 2015-12-10 09:42:35 -06:00
wchen-r7 11c1eb6c78 Raise Msf::NoCompatiblePayloadError if generate_payload_exe fails
Most exploits don't check nil for generate_payload_exe, they just
assume they will always have a payload. If the method returns nil,
it ends up making debugging more difficult. Instead of checking nil
one by one, we just raise.
2015-12-08 21:13:23 -06:00
wchen-r7 53acfd7ce3
Land #6303, Add phpFileManager 0.9.8 Remote Code Execution 2015-12-07 21:13:48 -06:00
wchen-r7 ea3c7cb35b Minor edits 2015-12-07 21:13:14 -06:00
JT b36834f4bc Update legend_bot_exec.rb 2015-12-07 10:38:36 +08:00
JT 2244f2aa43 Add Legend Perl IRC Bot Remote Code Execution 2015-12-07 10:30:28 +08:00
JT 26c8fd8faa Update xdh_x_exec.rb 2015-12-07 08:25:19 +08:00
JT 9ee5498090 Update xdh_x_exec.rb
satisfying msftidy's request
2015-12-06 20:21:18 +08:00
JT 10a8e98e41 Update xdh_x_exec.rb 2015-12-06 20:11:49 +08:00
JT 14afbc6800 Update xdh_x_exec.rb
updated description and new author.
2015-12-06 20:10:19 +08:00
JT faac44f257 Update xdh_x_exec.rb 2015-12-04 12:39:19 +08:00
JT f52e6ce65c Update xdh_x_exec.rb 2015-12-04 11:17:16 +08:00
JT 4955357015 Update xdh_x_exec.rb 2015-12-04 11:06:06 +08:00
JT 4e43a90187 Add Xdh / fBot IRC Bot Remote Code Execution 2015-12-04 10:40:37 +08:00
jvazquez-r7 340fe5640f
Land #6255, @wchen-r7's module for Atlassian HipChat JIRA plugin 2015-12-03 20:01:06 -06:00
jvazquez-r7 a972b33825
Fix typo 2015-12-03 20:00:37 -06:00
wchen-r7 f8c11b9cd1 Move to multi 2015-12-03 17:49:21 -06:00
JT 3bbc413935 Update phpfilemanager_rce.rb 2015-12-04 06:20:43 +08:00
wchen-r7 67edf88c39 Doc 2015-12-03 14:25:01 -06:00
wchen-r7 f33e63c16f Support Win/Linx/Java payloads for Win/Linux platforms 2015-12-03 14:02:32 -06:00
JT 28ca899914 Update phpfilemanager_rce.rb 2015-12-03 18:07:25 +08:00
wchen-r7 83824b2902 First commit to support Windows for jira_hipchat_template
In Java
2015-12-03 02:39:55 -06:00
JT d63bb4768f Update phpfilemanager_rce.rb 2015-12-03 14:09:02 +08:00
JT 374b630601 Update phpfilemanager_rce.rb 2015-12-03 13:57:19 +08:00
JT 56b810cb18 Update phpfilemanager_rce.rb 2015-12-03 12:44:41 +08:00
JT 5414f33804 Update phpfilemanager_rce.rb 2015-12-03 12:43:47 +08:00
JT ab77ab509a Update phpfilemanager_rce.rb 2015-12-03 12:35:49 +08:00
JT 869caf789f Update phpfilemanager_rce.rb 2015-12-03 12:34:17 +08:00
JT a2d51d48cd Add phpFileManager 0.9.8 Remote Code Execution 2015-12-03 12:11:31 +08:00
jvazquez-r7 0f24ca7d13
Land #6280, @wchen-r7's module for Oracle Beehive processEvaluation Vulnerability 2015-12-01 21:38:09 -06:00
jvazquez-r7 d269be22e7
Land #6223, @wchen-r7's module for Oracle Beehive prepareAudioToPlay exploit 2015-12-01 21:36:18 -06:00
wchen-r7 9697ce5033 Specify arch & platform for generate_payload_exe
If not specified, generic payloads will fail.
2015-12-01 18:46:52 -06:00
wchen-r7 0e21265ecc Fix cookie parsing, typo, and unused var 2015-12-01 17:39:40 -06:00
James Lee 385378f338 Add reference to Rapid7 advisory 2015-12-01 11:37:27 -06:00
HD Moore 9dbf7cb86c Remove the SSL option (not needed) 2015-12-01 11:34:03 -06:00
HD Moore 758e7c7b58 Rename 2015-12-01 11:33:45 -06:00
HD Moore ea2174fc95 Typo and switch from raw -> encoded 2015-12-01 10:59:12 -06:00
HD Moore 16d0d53150 Update Shellshock modules, add Advantech coverage 2015-12-01 10:40:46 -06:00
wchen-r7 ea363dd495 priv to true 2015-12-01 10:23:36 -06:00
wchen-r7 2621753417 priv to true 2015-12-01 10:21:56 -06:00
wchen-r7 d5d4a4acdc Register the correct jsp to cleanup 2015-12-01 10:21:15 -06:00
wchen-r7 7dc268d601
Land #6283, increase the amount of space needed for ms08_067 2015-11-25 19:37:25 -06:00
Brent Cook 35ea8c3f74 relax space needed a bit less, work with Windows XP and 2k3 2015-11-25 11:25:57 -06:00
Brent Cook 2a89a2bc9a increase the amount of space needed for ms08_067 2015-11-25 07:13:16 -06:00
William Vu f9d3652e1a
Land #6282, deprecated module cleanup
rm modules/exploits/windows/browser/adobe_flash_pixel_bender_bof.rb
2015-11-24 23:48:09 -06:00
wchen-r7 6fbcb3d127
Land #6263, add BisonWare BisonFTP Server Buffer Overflow 2015-11-24 22:55:15 -06:00
wchen-r7 f57ebad0e6 Change hard tabs to spaces 2015-11-24 22:54:52 -06:00
JT 9a7e51daec Update bison_ftp_bof.rb 2015-11-25 11:47:21 +08:00
JT 3d6e4068cb Update bison_ftp_bof.rb 2015-11-25 11:17:07 +08:00
wchen-r7 591da3c97e Please use exploit/multi/browser/adobe_flash_pixel_bender_bof
Time to say goodbye to:
exploits/windows/browser/adobe_flash_pixel_bender_bof.rb

Please use:
exploit/multi/browser/adobe_flash_pixel_bender_bof

Reason: The replacement supports multiple platforms, so better.
2015-11-24 20:37:57 -06:00
wchen-r7 4e2eb7ca65 Add Oracle Beehive processEvaluation Vulnerability 2015-11-24 19:17:57 -06:00
JT 441fff4b7c Update bison_ftp_bof.rb
Adding constant NOP
2015-11-23 06:53:12 +08:00
Spencer McIntyre dc5e9a1d0a Support CSRF token in the Jenkins aux cmd module 2015-11-22 17:51:27 -05:00
William Vu b2d6458f50
Land #6129, Joomla SQLi RCE 2015-11-20 14:30:23 -06:00
JT e3bca890c1 Update bison_ftp_bof.rb 2015-11-20 23:45:15 +08:00
JT 1dee6dca1b Update bison_ftp_bof.rb 2015-11-20 13:37:46 +08:00
JT bd856322e0 Update bison_ftp_bof.rb 2015-11-20 09:58:44 +08:00
JT 335944aa9a Update bison_ftp_bof.rb 2015-11-20 09:38:55 +08:00
JT fcc7520230 Create bison_ftp_bof.rb 2015-11-20 09:07:40 +08:00
William Vu 7c5d292e42
Land #6201, chkrootkit privesc 2015-11-19 10:37:30 -06:00
Jon Hart 8d1f5849e0
Land #6228, @m0t's module for F5 CVE-2015-3628 2015-11-18 15:39:40 -08:00
Jon Hart ae3d65f649
Better handling of handler creation output 2015-11-18 15:31:32 -08:00
Jon Hart bcdf2ce1e3
Better handling of invulnerable case; fix 401 case 2015-11-18 15:24:41 -08:00
wchen-r7 3c72135a2f No to_i
What happens here is it converts to a Fixnum, and then it converts
back to a String anway because it's in a String.
2015-11-18 15:25:18 -06:00
Jon Hart deec836828
scripts/handlers cannot start with numbers 2015-11-18 12:31:46 -08:00
Jon Hart 7399b57e66
Elminate multiple sessions, better sleep handling for session waiting 2015-11-18 12:23:28 -08:00
Jon Hart e4bf5c66fc
Use slightly larger random script/handler names to avoid conflicts 2015-11-18 11:51:44 -08:00
Jon Hart e7307d1592
Make cleanup failure messages more clear 2015-11-18 11:44:34 -08:00
Jon Hart 0e3508df30 Squash minor rubocop gripes 2015-11-18 11:05:10 -08:00
Jon Hart f8218f0536 Minor updates to print_ output; wire in handler_exists; 2015-11-18 11:05:10 -08:00
Jon Hart 392803daed Tighten up cleanup code 2015-11-18 11:05:10 -08:00
William Vu 657e50bb86 Clean up module 2015-11-18 12:50:57 -06:00
m0t c0d9c65ce7 always overwrite the payload file 2015-11-18 18:48:34 +00:00
wchen-r7 682a41af2e Update description 2015-11-18 11:52:50 -06:00
wchen-r7 d6921fa133 Add Atlassian HipChat for Jira Plugin Velocity Template Injection
CVE-2015-5603

Also fixes a bug in response.rb (Fix #6254)
2015-11-18 11:34:25 -06:00
sammbertram a484b318eb Update registry_persistence.rb 2015-11-18 16:13:18 +00:00
sammbertram 1fe8bc9cea Added a SLEEP_TIME option
Added a SLEEP_TIME options which is the number of seconds to sleep prior to executing the initial IEX request. This is useful in cases where a machine would have to establish a VPN connection, initiated by the user, after a reboot. 

Alternatively, as opposed to a sleep time, it could have a loop that attempts to retry for a certain period of item.
2015-11-18 11:17:57 +00:00
Jon Hart e21bf80ae4
Squash a rogue space 2015-11-17 14:17:59 -08:00
Jon Hart 3396fb144f
A little more simplification/cleanup 2015-11-17 14:16:29 -08:00
Jon Hart dcfb3b5fbc
Let Filedropper handle removal 2015-11-17 13:01:06 -08:00
jvoisin 44d477a13c Fix some rubocop warnings 2015-11-17 13:26:50 +01:00
Jon Hart 715f20c92c
Add missing super in setup 2015-11-16 14:45:13 -08:00
jvoisin 70407a4f21 3600 * 60 * 24 isn't one day 2015-11-16 23:18:02 +01:00
Jon Hart 902951c0ca
Clean up description; Simplify SOAP code more 2015-11-16 11:06:45 -08:00
Jon Hart 1aa1d7b5e4
Use random path for payload 2015-11-16 10:57:48 -08:00
Jon Hart ee5d91faab
Better logging when exploit gets 401 2015-11-16 10:41:48 -08:00
Jon Hart c4ffd7ae36
When sending SOAP requests, print out proto/status/message when fail 2015-11-16 10:38:40 -08:00
Jon Hart e58e17450a
Simplify XML building 2015-11-13 11:36:56 -08:00
Jon Hart ecbd453301
Second pass at style cleanup. Conforms now 2015-11-13 11:24:11 -08:00
Jon Hart 85e5b0abe9
Initial style cleanup 2015-11-13 10:42:26 -08:00
jvoisin 873994a154 Skip the explicit return
Thanks to kernelsmith for the feedback
2015-11-13 12:40:34 +01:00
Louis Sato 9a0f0a7843
Land #6142, uptime refactor 2015-11-12 16:58:55 -06:00
wchen-r7 ee25cb88b5
Land #6196, vBulletin 5.1.2 Unserialize Code Execution 2015-11-12 14:38:39 -06:00
wchen-r7 6077617bfd rm res var name
the res variable isn't used
2015-11-12 14:37:47 -06:00
wchen-r7 199ed9ed25 Move vbulletin_unserialize.rb to exploits/multi/http/
According to @all3g, this works on Windows too, so we will move
this to multi/http.
2015-11-12 14:36:01 -06:00
jvoisin 3566b978c3 Add a module for a chkrootkit-powered privsec
This modules implements an exploit for CVE-2014-0476,
to gain root thanks to chkrootkit.

Its main issues is that you need to wait until chkrootkit
is executed in a crontab (or manually),
which can take 24h top with its default setup.

How to reproduce:

1. Install a version < 0.50 of chkrootkit
2. Launch the local module
3. Wait until chkrootkit's crontab kicks in
4. You've got a root shell

```
msf > use exploit/linux/local/chkrootkit
msf exploit(chkrootkit) > check
[*] 192.168.1.25 - The target appears to be vulnerable.
msf exploit(chkrootkit) > run
[*] Exploit completed, but no session was created.

[*] Started reverse handler on 192.168.1.11:9999
msf exploit(chkrootkit) > [+] Target is vulnerable.
[!] Rooting depends of the crontab, this could take a while.
[*] Payload written to /tmp/update
[*] Waiting to chkrookit to be run be a cron tab...
[*] Command shell session 6 opened (192.168.1.11:9999 -> 192.168.1.25:40006) at 2015-11-06 20:53:00 +0100
[+] Deleted /tmp/update

msf exploit(chkrootkit) > sessions -i 6
[*] Starting interaction with 6...
id
uid=0(root) gid=0(root) groups=0(root)
```
2015-11-12 19:30:05 +01:00
m0t eae2d6c89d F5 module 2015-11-12 09:51:09 +00:00
wchen-r7 8ea0a864db Add a reference for patching 2015-11-10 23:32:22 -06:00
wchen-r7 66f3582991 Add Oracle Beehive prepareAudioToPlay Exploit Module 2015-11-10 23:05:11 -06:00
JT a0351133a6 Add more references to this exploit
Adding exploit-db doc about China Chopper webshell and details about this webshell in US-CERT.
2015-11-11 09:51:05 +08:00
HD Moore f86f427d54 Move Compat into Payload so that is actually used 2015-11-09 16:06:05 -06:00
m0t 66ed66cc81 Merge pull request #1 from m0t/changes
F5 BIG-IP iCall privilege escalation vulnerability (CVE-2015-3628)
2015-11-09 16:11:29 +00:00
m0t daa999fb1c f5 module 2015-11-09 16:02:32 +00:00
m0t d4d4e3ddb0 f5 module 2015-11-09 13:41:59 +00:00
m0t 893c4cd52d f5 module 2015-11-09 13:10:54 +00:00
jvoisin e2678af0fe The modules now works on 5.1.X and 5.0.X
- Added automatic targeting
- Added support for 5.0.X
2015-11-07 14:28:25 +01:00
wchen-r7 0cc8165b52 And I forgot to rm the test line 2015-11-06 18:11:27 -06:00
wchen-r7 8f2a716306 I don't really need to override fail_with 2015-11-06 18:11:08 -06:00
wchen-r7 0213da3810 Handle more NilClass bugs 2015-11-06 18:08:51 -06:00
Jon Hart 43229c16e7
Correct some authors with unbalanced angle brackets 2015-11-06 13:24:58 -08:00
William Vu 2df149b0a5
Land #6189, extraneous Content-Length fix 2015-11-06 14:36:40 -06:00
William Vu 3cae7999aa Prefer ctype over headers['Content-Type'] 2015-11-06 14:36:21 -06:00
wchen-r7 f957acf9ba Fix Framework Rspec Failure
Needs to do:
include Msf::Exploit::Remote::HTTP::Wordpress
2015-11-06 13:56:05 -06:00
wchen-r7 fb9a40f15c
Land #6103, Add WordPress Plugin Ajax Load More Auth File Upload Vuln 2015-11-06 13:18:48 -06:00
wchen-r7 73f630b25a Note default.php 2015-11-06 13:18:24 -06:00
jvoisin f93f3397ec Fix some mistakes pointed by @wchen-r7 2015-11-06 19:35:22 +01:00
jvoisin c540ca763c Add the EDB id 2015-11-06 17:21:28 +01:00
jvoisin 7998955b46 The double-quote character is a badchar 2015-11-06 16:43:53 +01:00
jvoisin 30e7a35452 Add the possibility to target non-default path 2015-11-06 15:33:30 +01:00