Brent Cook
37178cda06
Land #6449 , properly handle HttpServer resource collisions
2016-01-14 12:15:18 -06:00
William Vu
7e1446d8fa
Land #6400 , iis_webdav_upload_asp improvements
2016-01-14 12:12:33 -06:00
Rory McNamara
0216d027f9
Use OptEnum instead of OptString
2016-01-14 09:06:45 +00:00
Rory McNamara
564b4807a2
Add METHOD to simple_backdoors_exec
2016-01-13 14:42:11 +00:00
Rory McNamara
889a5d40a1
Add VAR to simple_backdoors_exec
2016-01-13 13:46:26 +00:00
wchen-r7
315d079ae8
Land #6402 , Add Post Module for Windows Priv Based Meterpreter Migration
...
We are also replacing smart_migrate with this.
2016-01-13 01:21:32 -06:00
wchen-r7
6deb57dca3
Deprecate post/windows/manage/smart_migrate and other things
...
This includes:
* Give credit to thelightcosine in priv_migrate
* Deprecate smart_migrate
* Update InitialAutoRunScript for winrm_script_exec
2016-01-12 23:14:13 -06:00
wchen-r7
514199e88f
Register early so the cleanup can actually rm the file
2016-01-12 15:22:03 -06:00
benpturner
c5773b1a02
Removal of spaces found with msftidy
2016-01-12 17:04:50 +00:00
benpturner
9d64edc16f
New module to exploit the Install Service vulnerability inside data protector. I released this vulnearbility on exploit DB some years back but Metasploit didnt support setting up a SMB server at the time. I have re-submitted this module to exploit the vulnerability. I have tested this on Windows Server 2003 and it works without fail.
2016-01-12 16:53:26 +00:00
wchen-r7
78bc394f80
Fix #6268 , Use FileDropper for axis2_deployer
...
Fix #6268
2016-01-08 17:09:09 -06:00
wchen-r7
6a2b4c2530
Fix #6445 , Unexpected HttpServer terminations
...
Fix #6445
Problem:
When an HttpServer instance is trying to register a resource that
is already taken, it causes all HttpServers to terminate, which
is not a desired behavior.
Root Cause:
It appears the Msf::Exploit::Remote::TcpServer#stop_service method
is causing the problem. When the service is being detected as an
HttpServer, the #stop method used actually causes all servers to
stop, not just for a specific one. This stopping route was
introduced in 04772c8946
, when Juan
noticed that the java_rmi_server exploit could not be run again
after the first time.
Solution:
Special case the stopping routine on the module's level, and not
universal.
2016-01-07 16:55:41 -06:00
joev
22a0d970da
Don't delete the payload after running.
2016-01-07 02:26:01 -06:00
joev
fb99c61089
Remove print_status statement.
2016-01-07 01:17:49 -06:00
joev
210f065427
Add a background option for the echo cmdstager.
2016-01-07 01:16:08 -06:00
Micheal
436ea85b18
Further cleanup and fixes
2016-01-05 21:11:08 -08:00
g0tmi1k
d7061e8110
OCD fixes
2016-01-05 23:28:56 +00:00
wchen-r7
7259d2a65c
Use unless instead of if !
2016-01-05 13:05:01 -06:00
Brendan Coles
7907c93047
Add D-Link DCS-931L File Upload module
2016-01-05 04:15:38 +00:00
joev
00dc6364b5
Add support for native target in addjsif exploit.
2016-01-03 01:07:36 -06:00
joev
0436375c6f
Change require to module level.
2016-01-02 23:06:23 -06:00
joev
3a14620dba
Update linemax to match max packet size.
2016-01-02 23:00:46 -06:00
joev
d64048cd48
Rename to match gdb_server_exec module.
2016-01-02 22:45:27 -06:00
joev
dcd36b74db
Last mile polish and tweaks.
2016-01-02 22:41:38 -06:00
joev
22aae81006
Rename to exec_payload.
2016-01-02 14:13:54 -06:00
joev
6575f4fe4a
Use the cmdstager mixin.
2016-01-02 14:09:56 -06:00
joev
a88471dc8d
Add ADB client and module for obtaining shell.
2016-01-02 01:13:53 -06:00
Micheal
5c9c27691e
Execute commands on postgres through built-in functionality
2016-01-01 04:26:20 -08:00
Micheal
2fd796a699
Execute commands on postgres through built-in functionality
2016-01-01 03:51:00 -08:00
Micheal
814bf2a102
Execute commands on postgres through built-in functionality
2016-01-01 02:43:56 -08:00
Micheal
fa3431c732
Pushing now. Still working on it.
2015-12-26 17:53:52 -05:00
g0tmi1k
9120a6aa76
iis_webdav_upload_asp: Add COPY and a few other tricks
2015-12-26 16:01:46 +00:00
Jon Hart
283cf5b869
Update msftidy to catch more potential URL vs PACKETSTORM warnings
...
Fix the affected modules
2015-12-24 09:12:24 -08:00
Jon Hart
27a6aa0be1
Fix current msftidy warnings about PACKETSTORM vs URL
2015-12-24 09:05:02 -08:00
Jon Hart
efdb6a8885
Land #6392 , @wchen-r7's 'def peer' cleanup, fixing #6362
2015-12-24 08:53:32 -08:00
Jon Hart
0f2f2a3d08
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/mysql.rb
2015-12-24 07:46:55 -08:00
Brent Cook
e4f9594646
Land #6331 , ensure generic payloads raise correct exceptions on failure
2015-12-23 15:43:12 -06:00
Brent Cook
7444f24721
update whitespace / syntax for java_calendar_deserialize
2015-12-23 15:42:27 -06:00
wchen-r7
cea3bc27b9
Fix #6362 , avoid overriding def peer repeatedly
...
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
Brent Cook
493700be3a
remove duplicate key warning from Ruby 2.2.x
...
This gets rid of the warning:
modules/exploits/multi/http/uptime_file_upload_2.rb:283: warning: duplicated key at line 284 ignored: "newuser"
2015-12-23 10:39:35 -06:00
Christian Mehlmauer
424e7b6bfe
Land #6384 , more joomla rce references
2015-12-22 22:54:58 +01:00
JT
18398afb56
Update joomla_http_header_rce.rb
2015-12-23 05:48:26 +08:00
JT
cc40c61848
Update joomla_http_header_rce.rb
2015-12-23 05:38:57 +08:00
Christian Mehlmauer
f6eaff5d96
use the new and shiny joomla mixin
2015-12-22 21:36:42 +01:00
JT
314e902098
Add original exploit discoverer and exploit-db ref
...
Adding Gary @ Sec-1 ltd for the original exploit and two exploit-db references. Marc-Alexandre Montpas modified Gary's exploit that uses "User-Agent" header. Marc-Alexandre Montpas used "X-FORWARDED-FOR" header to avoid default logged to access.log
2015-12-22 22:44:59 +08:00
Louis Sato
3034cd22df
Land #6372 , fix psexec nil bug + missing return
2015-12-21 10:59:10 -06:00
William Vu
f129c0363e
Fix broken logic
...
Forgot to set retval when I removed the ensure.
2015-12-21 10:52:03 -06:00
Louis Sato
726578b189
Land #6370 , add joomla reference
2015-12-18 17:05:07 -06:00
William Vu
afe4861195
Fix nil bug and missing return
2015-12-18 15:54:51 -06:00
Christian Mehlmauer
fb6ede80c9
add joomla reference
2015-12-18 18:27:48 +01:00
wchen-r7
485196af4e
Remove modules/exploits/multi/http/uptime_file_upload.rb
...
Please use exploit/multi/http/uptime_file_upload_1 for exploiting
post2file.php on an older version of uptime.
If you are exploiting uptime that is patched against
exploit/multi/http/uptime_file_upload_1, then you may want to try
exploit/multi/http/uptime_file_upload_2.
2015-12-17 23:01:57 -06:00
wchen-r7
06f1949e2c
Land #6355 , Joomla HTTP Header Unauthenticated Remote Code Execution
...
CVE-2015-8562
2015-12-16 17:55:51 -06:00
Christian Mehlmauer
8c43ecbfaf
add random terminator and clarify target
2015-12-17 00:08:52 +01:00
Christian Mehlmauer
08d0ffd709
implement @wvu-r7 's feedback
2015-12-16 22:44:01 +01:00
Christian Mehlmauer
76438dfb2f
implement @wchen-r7 's suggestions
2015-12-16 20:31:43 +01:00
Christian Mehlmauer
b43d580276
try to detect joomla version
2015-12-16 16:16:59 +01:00
Christian Mehlmauer
30f90f35e9
also check for debian version number
2015-12-16 15:19:33 +01:00
Christian Mehlmauer
67eba0d708
update description
2015-12-16 14:46:00 +01:00
Christian Mehlmauer
fa3fb1affc
better ubuntu version check
2015-12-16 14:18:44 +01:00
Christian Mehlmauer
60181feb51
more ubuntu checks
2015-12-16 14:02:26 +01:00
Christian Mehlmauer
934c6282a5
check for nil
2015-12-16 13:52:06 +01:00
Christian Mehlmauer
2661cc5899
check ubuntu specific version
2015-12-16 13:49:07 +01:00
Christian Mehlmauer
675dff3b6f
use Gem::Version for version compare
2015-12-16 13:04:15 +01:00
Christian Mehlmauer
01b943ec93
fix check method
2015-12-16 07:26:25 +01:00
Christian Mehlmauer
595645bcd7
update description
2015-12-16 07:03:01 +01:00
Christian Mehlmauer
d80a7e662f
some formatting
2015-12-16 06:57:06 +01:00
Christian Mehlmauer
c2795d58cb
use target_uri.path
2015-12-16 06:55:23 +01:00
Christian Mehlmauer
2e54cd2ca7
update description
2015-12-16 06:42:41 +01:00
Christian Mehlmauer
d4ade7a1fd
update check method
2015-12-16 00:18:39 +01:00
Christian Mehlmauer
c603430228
fix version check
2015-12-15 18:26:21 +01:00
wchen-r7
b9b280954b
Add a check for joomla
2015-12-15 11:03:36 -06:00
Christian Mehlmauer
e4309790f5
renamed module because X-FORWARDED-FOR header is also working
2015-12-15 17:37:45 +01:00
Christian Mehlmauer
84d5067abe
add joomla RCE module
2015-12-15 17:20:49 +01:00
wchen-r7
ab3fe64b6e
Add method peer for jenkins_java_deserialize.rb
2015-12-15 01:18:27 -06:00
Tod Beardsley
30c805d9c7
Land #6344 , R7-2015-22 / CVE-2015-8249
2015-12-14 12:30:51 -06:00
Tod Beardsley
b25aae3602
Add refs to module
...
See rapid7#6344.
2015-12-14 12:05:46 -06:00
wchen-r7
bd8aea2618
Fix check for jenkins_java_deserialize.rb
...
This fixes the following:
* nil return value checks
* handle missing X-Jenkins-CLI-Port scenario more properly
* proper HTTP path normalization
2015-12-14 11:25:59 -06:00
wchen-r7
5ffc80dc20
Add ManageEngine ConnectionId Arbitrary File Upload Vulnerability
2015-12-14 10:51:59 -06:00
dmohanty-r7
eb4611642d
Add Jenkins CLI Java serialization exploit module
...
CVE-2015-8103
2015-12-11 14:57:10 -06:00
karllll
a5c6e260f2
Update hp_vsa_login_bof.rb
...
Updated reference URL to latest location
2015-12-10 10:56:39 -05:00
William Vu
563be5c207
Land #6322 , another Perl IRC bot exploit
2015-12-10 09:43:07 -06:00
William Vu
a945350821
Land #6307 , Perl IRC bot exploit
2015-12-10 09:42:35 -06:00
wchen-r7
11c1eb6c78
Raise Msf::NoCompatiblePayloadError if generate_payload_exe fails
...
Most exploits don't check nil for generate_payload_exe, they just
assume they will always have a payload. If the method returns nil,
it ends up making debugging more difficult. Instead of checking nil
one by one, we just raise.
2015-12-08 21:13:23 -06:00
wchen-r7
53acfd7ce3
Land #6303 , Add phpFileManager 0.9.8 Remote Code Execution
2015-12-07 21:13:48 -06:00
wchen-r7
ea3c7cb35b
Minor edits
2015-12-07 21:13:14 -06:00
JT
b36834f4bc
Update legend_bot_exec.rb
2015-12-07 10:38:36 +08:00
JT
2244f2aa43
Add Legend Perl IRC Bot Remote Code Execution
2015-12-07 10:30:28 +08:00
JT
26c8fd8faa
Update xdh_x_exec.rb
2015-12-07 08:25:19 +08:00
JT
9ee5498090
Update xdh_x_exec.rb
...
satisfying msftidy's request
2015-12-06 20:21:18 +08:00
JT
10a8e98e41
Update xdh_x_exec.rb
2015-12-06 20:11:49 +08:00
JT
14afbc6800
Update xdh_x_exec.rb
...
updated description and new author.
2015-12-06 20:10:19 +08:00
JT
faac44f257
Update xdh_x_exec.rb
2015-12-04 12:39:19 +08:00
JT
f52e6ce65c
Update xdh_x_exec.rb
2015-12-04 11:17:16 +08:00
JT
4955357015
Update xdh_x_exec.rb
2015-12-04 11:06:06 +08:00
JT
4e43a90187
Add Xdh / fBot IRC Bot Remote Code Execution
2015-12-04 10:40:37 +08:00
jvazquez-r7
340fe5640f
Land #6255 , @wchen-r7's module for Atlassian HipChat JIRA plugin
2015-12-03 20:01:06 -06:00
jvazquez-r7
a972b33825
Fix typo
2015-12-03 20:00:37 -06:00
wchen-r7
f8c11b9cd1
Move to multi
2015-12-03 17:49:21 -06:00
JT
3bbc413935
Update phpfilemanager_rce.rb
2015-12-04 06:20:43 +08:00
wchen-r7
67edf88c39
Doc
2015-12-03 14:25:01 -06:00
wchen-r7
f33e63c16f
Support Win/Linx/Java payloads for Win/Linux platforms
2015-12-03 14:02:32 -06:00
JT
28ca899914
Update phpfilemanager_rce.rb
2015-12-03 18:07:25 +08:00
wchen-r7
83824b2902
First commit to support Windows for jira_hipchat_template
...
In Java
2015-12-03 02:39:55 -06:00
JT
d63bb4768f
Update phpfilemanager_rce.rb
2015-12-03 14:09:02 +08:00
JT
374b630601
Update phpfilemanager_rce.rb
2015-12-03 13:57:19 +08:00
JT
56b810cb18
Update phpfilemanager_rce.rb
2015-12-03 12:44:41 +08:00
JT
5414f33804
Update phpfilemanager_rce.rb
2015-12-03 12:43:47 +08:00
JT
ab77ab509a
Update phpfilemanager_rce.rb
2015-12-03 12:35:49 +08:00
JT
869caf789f
Update phpfilemanager_rce.rb
2015-12-03 12:34:17 +08:00
JT
a2d51d48cd
Add phpFileManager 0.9.8 Remote Code Execution
2015-12-03 12:11:31 +08:00
jvazquez-r7
0f24ca7d13
Land #6280 , @wchen-r7's module for Oracle Beehive processEvaluation Vulnerability
2015-12-01 21:38:09 -06:00
jvazquez-r7
d269be22e7
Land #6223 , @wchen-r7's module for Oracle Beehive prepareAudioToPlay exploit
2015-12-01 21:36:18 -06:00
wchen-r7
9697ce5033
Specify arch & platform for generate_payload_exe
...
If not specified, generic payloads will fail.
2015-12-01 18:46:52 -06:00
wchen-r7
0e21265ecc
Fix cookie parsing, typo, and unused var
2015-12-01 17:39:40 -06:00
James Lee
385378f338
Add reference to Rapid7 advisory
2015-12-01 11:37:27 -06:00
HD Moore
9dbf7cb86c
Remove the SSL option (not needed)
2015-12-01 11:34:03 -06:00
HD Moore
758e7c7b58
Rename
2015-12-01 11:33:45 -06:00
HD Moore
ea2174fc95
Typo and switch from raw -> encoded
2015-12-01 10:59:12 -06:00
HD Moore
16d0d53150
Update Shellshock modules, add Advantech coverage
2015-12-01 10:40:46 -06:00
wchen-r7
ea363dd495
priv to true
2015-12-01 10:23:36 -06:00
wchen-r7
2621753417
priv to true
2015-12-01 10:21:56 -06:00
wchen-r7
d5d4a4acdc
Register the correct jsp to cleanup
2015-12-01 10:21:15 -06:00
wchen-r7
7dc268d601
Land #6283 , increase the amount of space needed for ms08_067
2015-11-25 19:37:25 -06:00
Brent Cook
35ea8c3f74
relax space needed a bit less, work with Windows XP and 2k3
2015-11-25 11:25:57 -06:00
Brent Cook
2a89a2bc9a
increase the amount of space needed for ms08_067
2015-11-25 07:13:16 -06:00
William Vu
f9d3652e1a
Land #6282 , deprecated module cleanup
...
rm modules/exploits/windows/browser/adobe_flash_pixel_bender_bof.rb
2015-11-24 23:48:09 -06:00
wchen-r7
6fbcb3d127
Land #6263 , add BisonWare BisonFTP Server Buffer Overflow
2015-11-24 22:55:15 -06:00
wchen-r7
f57ebad0e6
Change hard tabs to spaces
2015-11-24 22:54:52 -06:00
JT
9a7e51daec
Update bison_ftp_bof.rb
2015-11-25 11:47:21 +08:00
JT
3d6e4068cb
Update bison_ftp_bof.rb
2015-11-25 11:17:07 +08:00
wchen-r7
591da3c97e
Please use exploit/multi/browser/adobe_flash_pixel_bender_bof
...
Time to say goodbye to:
exploits/windows/browser/adobe_flash_pixel_bender_bof.rb
Please use:
exploit/multi/browser/adobe_flash_pixel_bender_bof
Reason: The replacement supports multiple platforms, so better.
2015-11-24 20:37:57 -06:00
wchen-r7
4e2eb7ca65
Add Oracle Beehive processEvaluation Vulnerability
2015-11-24 19:17:57 -06:00
JT
441fff4b7c
Update bison_ftp_bof.rb
...
Adding constant NOP
2015-11-23 06:53:12 +08:00
Spencer McIntyre
dc5e9a1d0a
Support CSRF token in the Jenkins aux cmd module
2015-11-22 17:51:27 -05:00
William Vu
b2d6458f50
Land #6129 , Joomla SQLi RCE
2015-11-20 14:30:23 -06:00
JT
e3bca890c1
Update bison_ftp_bof.rb
2015-11-20 23:45:15 +08:00
JT
1dee6dca1b
Update bison_ftp_bof.rb
2015-11-20 13:37:46 +08:00
JT
bd856322e0
Update bison_ftp_bof.rb
2015-11-20 09:58:44 +08:00
JT
335944aa9a
Update bison_ftp_bof.rb
2015-11-20 09:38:55 +08:00
JT
fcc7520230
Create bison_ftp_bof.rb
2015-11-20 09:07:40 +08:00
William Vu
7c5d292e42
Land #6201 , chkrootkit privesc
2015-11-19 10:37:30 -06:00
Jon Hart
8d1f5849e0
Land #6228 , @m0t's module for F5 CVE-2015-3628
2015-11-18 15:39:40 -08:00
Jon Hart
ae3d65f649
Better handling of handler creation output
2015-11-18 15:31:32 -08:00
Jon Hart
bcdf2ce1e3
Better handling of invulnerable case; fix 401 case
2015-11-18 15:24:41 -08:00
wchen-r7
3c72135a2f
No to_i
...
What happens here is it converts to a Fixnum, and then it converts
back to a String anway because it's in a String.
2015-11-18 15:25:18 -06:00
Jon Hart
deec836828
scripts/handlers cannot start with numbers
2015-11-18 12:31:46 -08:00
Jon Hart
7399b57e66
Elminate multiple sessions, better sleep handling for session waiting
2015-11-18 12:23:28 -08:00
Jon Hart
e4bf5c66fc
Use slightly larger random script/handler names to avoid conflicts
2015-11-18 11:51:44 -08:00
Jon Hart
e7307d1592
Make cleanup failure messages more clear
2015-11-18 11:44:34 -08:00
Jon Hart
0e3508df30
Squash minor rubocop gripes
2015-11-18 11:05:10 -08:00
Jon Hart
f8218f0536
Minor updates to print_ output; wire in handler_exists;
2015-11-18 11:05:10 -08:00
Jon Hart
392803daed
Tighten up cleanup code
2015-11-18 11:05:10 -08:00
William Vu
657e50bb86
Clean up module
2015-11-18 12:50:57 -06:00
m0t
c0d9c65ce7
always overwrite the payload file
2015-11-18 18:48:34 +00:00
wchen-r7
682a41af2e
Update description
2015-11-18 11:52:50 -06:00
wchen-r7
d6921fa133
Add Atlassian HipChat for Jira Plugin Velocity Template Injection
...
CVE-2015-5603
Also fixes a bug in response.rb (Fix #6254 )
2015-11-18 11:34:25 -06:00
sammbertram
a484b318eb
Update registry_persistence.rb
2015-11-18 16:13:18 +00:00
sammbertram
1fe8bc9cea
Added a SLEEP_TIME option
...
Added a SLEEP_TIME options which is the number of seconds to sleep prior to executing the initial IEX request. This is useful in cases where a machine would have to establish a VPN connection, initiated by the user, after a reboot.
Alternatively, as opposed to a sleep time, it could have a loop that attempts to retry for a certain period of item.
2015-11-18 11:17:57 +00:00
Jon Hart
e21bf80ae4
Squash a rogue space
2015-11-17 14:17:59 -08:00
Jon Hart
3396fb144f
A little more simplification/cleanup
2015-11-17 14:16:29 -08:00
Jon Hart
dcfb3b5fbc
Let Filedropper handle removal
2015-11-17 13:01:06 -08:00
jvoisin
44d477a13c
Fix some rubocop warnings
2015-11-17 13:26:50 +01:00
Jon Hart
715f20c92c
Add missing super in setup
2015-11-16 14:45:13 -08:00
jvoisin
70407a4f21
3600 * 60 * 24 isn't one day
2015-11-16 23:18:02 +01:00
Jon Hart
902951c0ca
Clean up description; Simplify SOAP code more
2015-11-16 11:06:45 -08:00
Jon Hart
1aa1d7b5e4
Use random path for payload
2015-11-16 10:57:48 -08:00
Jon Hart
ee5d91faab
Better logging when exploit gets 401
2015-11-16 10:41:48 -08:00
Jon Hart
c4ffd7ae36
When sending SOAP requests, print out proto/status/message when fail
2015-11-16 10:38:40 -08:00
Jon Hart
e58e17450a
Simplify XML building
2015-11-13 11:36:56 -08:00
Jon Hart
ecbd453301
Second pass at style cleanup. Conforms now
2015-11-13 11:24:11 -08:00
Jon Hart
85e5b0abe9
Initial style cleanup
2015-11-13 10:42:26 -08:00
jvoisin
873994a154
Skip the explicit return
...
Thanks to kernelsmith for the feedback
2015-11-13 12:40:34 +01:00
Louis Sato
9a0f0a7843
Land #6142 , uptime refactor
2015-11-12 16:58:55 -06:00
wchen-r7
ee25cb88b5
Land #6196 , vBulletin 5.1.2 Unserialize Code Execution
2015-11-12 14:38:39 -06:00
wchen-r7
6077617bfd
rm res var name
...
the res variable isn't used
2015-11-12 14:37:47 -06:00
wchen-r7
199ed9ed25
Move vbulletin_unserialize.rb to exploits/multi/http/
...
According to @all3g, this works on Windows too, so we will move
this to multi/http.
2015-11-12 14:36:01 -06:00
jvoisin
3566b978c3
Add a module for a chkrootkit-powered privsec
...
This modules implements an exploit for CVE-2014-0476,
to gain root thanks to chkrootkit.
Its main issues is that you need to wait until chkrootkit
is executed in a crontab (or manually),
which can take 24h top with its default setup.
How to reproduce:
1. Install a version < 0.50 of chkrootkit
2. Launch the local module
3. Wait until chkrootkit's crontab kicks in
4. You've got a root shell
```
msf > use exploit/linux/local/chkrootkit
msf exploit(chkrootkit) > check
[*] 192.168.1.25 - The target appears to be vulnerable.
msf exploit(chkrootkit) > run
[*] Exploit completed, but no session was created.
[*] Started reverse handler on 192.168.1.11:9999
msf exploit(chkrootkit) > [+] Target is vulnerable.
[!] Rooting depends of the crontab, this could take a while.
[*] Payload written to /tmp/update
[*] Waiting to chkrookit to be run be a cron tab...
[*] Command shell session 6 opened (192.168.1.11:9999 -> 192.168.1.25:40006) at 2015-11-06 20:53:00 +0100
[+] Deleted /tmp/update
msf exploit(chkrootkit) > sessions -i 6
[*] Starting interaction with 6...
id
uid=0(root) gid=0(root) groups=0(root)
```
2015-11-12 19:30:05 +01:00
m0t
eae2d6c89d
F5 module
2015-11-12 09:51:09 +00:00
wchen-r7
8ea0a864db
Add a reference for patching
2015-11-10 23:32:22 -06:00
wchen-r7
66f3582991
Add Oracle Beehive prepareAudioToPlay Exploit Module
2015-11-10 23:05:11 -06:00
JT
a0351133a6
Add more references to this exploit
...
Adding exploit-db doc about China Chopper webshell and details about this webshell in US-CERT.
2015-11-11 09:51:05 +08:00
HD Moore
f86f427d54
Move Compat into Payload so that is actually used
2015-11-09 16:06:05 -06:00
m0t
66ed66cc81
Merge pull request #1 from m0t/changes
...
F5 BIG-IP iCall privilege escalation vulnerability (CVE-2015-3628)
2015-11-09 16:11:29 +00:00
m0t
daa999fb1c
f5 module
2015-11-09 16:02:32 +00:00
m0t
d4d4e3ddb0
f5 module
2015-11-09 13:41:59 +00:00
m0t
893c4cd52d
f5 module
2015-11-09 13:10:54 +00:00
jvoisin
e2678af0fe
The modules now works on 5.1.X and 5.0.X
...
- Added automatic targeting
- Added support for 5.0.X
2015-11-07 14:28:25 +01:00
wchen-r7
0cc8165b52
And I forgot to rm the test line
2015-11-06 18:11:27 -06:00
wchen-r7
8f2a716306
I don't really need to override fail_with
2015-11-06 18:11:08 -06:00
wchen-r7
0213da3810
Handle more NilClass bugs
2015-11-06 18:08:51 -06:00
Jon Hart
43229c16e7
Correct some authors with unbalanced angle brackets
2015-11-06 13:24:58 -08:00
William Vu
2df149b0a5
Land #6189 , extraneous Content-Length fix
2015-11-06 14:36:40 -06:00
William Vu
3cae7999aa
Prefer ctype over headers['Content-Type']
2015-11-06 14:36:21 -06:00
wchen-r7
f957acf9ba
Fix Framework Rspec Failure
...
Needs to do:
include Msf::Exploit::Remote::HTTP::Wordpress
2015-11-06 13:56:05 -06:00
wchen-r7
fb9a40f15c
Land #6103 , Add WordPress Plugin Ajax Load More Auth File Upload Vuln
2015-11-06 13:18:48 -06:00
wchen-r7
73f630b25a
Note default.php
2015-11-06 13:18:24 -06:00
jvoisin
f93f3397ec
Fix some mistakes pointed by @wchen-r7
2015-11-06 19:35:22 +01:00
jvoisin
c540ca763c
Add the EDB id
2015-11-06 17:21:28 +01:00
jvoisin
7998955b46
The double-quote character is a badchar
2015-11-06 16:43:53 +01:00
jvoisin
30e7a35452
Add the possibility to target non-default path
2015-11-06 15:33:30 +01:00