wchen-r7
485196af4e
Remove modules/exploits/multi/http/uptime_file_upload.rb
...
Please use exploit/multi/http/uptime_file_upload_1 for exploiting
post2file.php on an older version of uptime.
If you are exploiting uptime that is patched against
exploit/multi/http/uptime_file_upload_1, then you may want to try
exploit/multi/http/uptime_file_upload_2.
2015-12-17 23:01:57 -06:00
wchen-r7
06f1949e2c
Land #6355 , Joomla HTTP Header Unauthenticated Remote Code Execution
...
CVE-2015-8562
2015-12-16 17:55:51 -06:00
Christian Mehlmauer
8c43ecbfaf
add random terminator and clarify target
2015-12-17 00:08:52 +01:00
Christian Mehlmauer
08d0ffd709
implement @wvu-r7 's feedback
2015-12-16 22:44:01 +01:00
Christian Mehlmauer
76438dfb2f
implement @wchen-r7 's suggestions
2015-12-16 20:31:43 +01:00
Christian Mehlmauer
b43d580276
try to detect joomla version
2015-12-16 16:16:59 +01:00
Christian Mehlmauer
30f90f35e9
also check for debian version number
2015-12-16 15:19:33 +01:00
Christian Mehlmauer
67eba0d708
update description
2015-12-16 14:46:00 +01:00
Christian Mehlmauer
fa3fb1affc
better ubuntu version check
2015-12-16 14:18:44 +01:00
Christian Mehlmauer
60181feb51
more ubuntu checks
2015-12-16 14:02:26 +01:00
Christian Mehlmauer
934c6282a5
check for nil
2015-12-16 13:52:06 +01:00
Christian Mehlmauer
2661cc5899
check ubuntu specific version
2015-12-16 13:49:07 +01:00
Christian Mehlmauer
675dff3b6f
use Gem::Version for version compare
2015-12-16 13:04:15 +01:00
Christian Mehlmauer
01b943ec93
fix check method
2015-12-16 07:26:25 +01:00
Christian Mehlmauer
595645bcd7
update description
2015-12-16 07:03:01 +01:00
Christian Mehlmauer
d80a7e662f
some formatting
2015-12-16 06:57:06 +01:00
Christian Mehlmauer
c2795d58cb
use target_uri.path
2015-12-16 06:55:23 +01:00
Christian Mehlmauer
2e54cd2ca7
update description
2015-12-16 06:42:41 +01:00
Christian Mehlmauer
d4ade7a1fd
update check method
2015-12-16 00:18:39 +01:00
Christian Mehlmauer
c603430228
fix version check
2015-12-15 18:26:21 +01:00
wchen-r7
b9b280954b
Add a check for joomla
2015-12-15 11:03:36 -06:00
Christian Mehlmauer
e4309790f5
renamed module because X-FORWARDED-FOR header is also working
2015-12-15 17:37:45 +01:00
Christian Mehlmauer
84d5067abe
add joomla RCE module
2015-12-15 17:20:49 +01:00
wchen-r7
ab3fe64b6e
Add method peer for jenkins_java_deserialize.rb
2015-12-15 01:18:27 -06:00
Tod Beardsley
30c805d9c7
Land #6344 , R7-2015-22 / CVE-2015-8249
2015-12-14 12:30:51 -06:00
Tod Beardsley
b25aae3602
Add refs to module
...
See rapid7#6344.
2015-12-14 12:05:46 -06:00
wchen-r7
bd8aea2618
Fix check for jenkins_java_deserialize.rb
...
This fixes the following:
* nil return value checks
* handle missing X-Jenkins-CLI-Port scenario more properly
* proper HTTP path normalization
2015-12-14 11:25:59 -06:00
wchen-r7
5ffc80dc20
Add ManageEngine ConnectionId Arbitrary File Upload Vulnerability
2015-12-14 10:51:59 -06:00
dmohanty-r7
eb4611642d
Add Jenkins CLI Java serialization exploit module
...
CVE-2015-8103
2015-12-11 14:57:10 -06:00
karllll
a5c6e260f2
Update hp_vsa_login_bof.rb
...
Updated reference URL to latest location
2015-12-10 10:56:39 -05:00
William Vu
563be5c207
Land #6322 , another Perl IRC bot exploit
2015-12-10 09:43:07 -06:00
William Vu
a945350821
Land #6307 , Perl IRC bot exploit
2015-12-10 09:42:35 -06:00
wchen-r7
11c1eb6c78
Raise Msf::NoCompatiblePayloadError if generate_payload_exe fails
...
Most exploits don't check nil for generate_payload_exe, they just
assume they will always have a payload. If the method returns nil,
it ends up making debugging more difficult. Instead of checking nil
one by one, we just raise.
2015-12-08 21:13:23 -06:00
wchen-r7
53acfd7ce3
Land #6303 , Add phpFileManager 0.9.8 Remote Code Execution
2015-12-07 21:13:48 -06:00
wchen-r7
ea3c7cb35b
Minor edits
2015-12-07 21:13:14 -06:00
JT
b36834f4bc
Update legend_bot_exec.rb
2015-12-07 10:38:36 +08:00
JT
2244f2aa43
Add Legend Perl IRC Bot Remote Code Execution
2015-12-07 10:30:28 +08:00
JT
26c8fd8faa
Update xdh_x_exec.rb
2015-12-07 08:25:19 +08:00
JT
9ee5498090
Update xdh_x_exec.rb
...
satisfying msftidy's request
2015-12-06 20:21:18 +08:00
JT
10a8e98e41
Update xdh_x_exec.rb
2015-12-06 20:11:49 +08:00
JT
14afbc6800
Update xdh_x_exec.rb
...
updated description and new author.
2015-12-06 20:10:19 +08:00
JT
faac44f257
Update xdh_x_exec.rb
2015-12-04 12:39:19 +08:00
JT
f52e6ce65c
Update xdh_x_exec.rb
2015-12-04 11:17:16 +08:00
JT
4955357015
Update xdh_x_exec.rb
2015-12-04 11:06:06 +08:00
JT
4e43a90187
Add Xdh / fBot IRC Bot Remote Code Execution
2015-12-04 10:40:37 +08:00
jvazquez-r7
340fe5640f
Land #6255 , @wchen-r7's module for Atlassian HipChat JIRA plugin
2015-12-03 20:01:06 -06:00
jvazquez-r7
a972b33825
Fix typo
2015-12-03 20:00:37 -06:00
wchen-r7
f8c11b9cd1
Move to multi
2015-12-03 17:49:21 -06:00
JT
3bbc413935
Update phpfilemanager_rce.rb
2015-12-04 06:20:43 +08:00
wchen-r7
67edf88c39
Doc
2015-12-03 14:25:01 -06:00
wchen-r7
f33e63c16f
Support Win/Linx/Java payloads for Win/Linux platforms
2015-12-03 14:02:32 -06:00
JT
28ca899914
Update phpfilemanager_rce.rb
2015-12-03 18:07:25 +08:00
wchen-r7
83824b2902
First commit to support Windows for jira_hipchat_template
...
In Java
2015-12-03 02:39:55 -06:00
JT
d63bb4768f
Update phpfilemanager_rce.rb
2015-12-03 14:09:02 +08:00
JT
374b630601
Update phpfilemanager_rce.rb
2015-12-03 13:57:19 +08:00
JT
56b810cb18
Update phpfilemanager_rce.rb
2015-12-03 12:44:41 +08:00
JT
5414f33804
Update phpfilemanager_rce.rb
2015-12-03 12:43:47 +08:00
JT
ab77ab509a
Update phpfilemanager_rce.rb
2015-12-03 12:35:49 +08:00
JT
869caf789f
Update phpfilemanager_rce.rb
2015-12-03 12:34:17 +08:00
JT
a2d51d48cd
Add phpFileManager 0.9.8 Remote Code Execution
2015-12-03 12:11:31 +08:00
jvazquez-r7
0f24ca7d13
Land #6280 , @wchen-r7's module for Oracle Beehive processEvaluation Vulnerability
2015-12-01 21:38:09 -06:00
jvazquez-r7
d269be22e7
Land #6223 , @wchen-r7's module for Oracle Beehive prepareAudioToPlay exploit
2015-12-01 21:36:18 -06:00
wchen-r7
9697ce5033
Specify arch & platform for generate_payload_exe
...
If not specified, generic payloads will fail.
2015-12-01 18:46:52 -06:00
wchen-r7
0e21265ecc
Fix cookie parsing, typo, and unused var
2015-12-01 17:39:40 -06:00
James Lee
385378f338
Add reference to Rapid7 advisory
2015-12-01 11:37:27 -06:00
HD Moore
9dbf7cb86c
Remove the SSL option (not needed)
2015-12-01 11:34:03 -06:00
HD Moore
758e7c7b58
Rename
2015-12-01 11:33:45 -06:00
HD Moore
ea2174fc95
Typo and switch from raw -> encoded
2015-12-01 10:59:12 -06:00
HD Moore
16d0d53150
Update Shellshock modules, add Advantech coverage
2015-12-01 10:40:46 -06:00
wchen-r7
ea363dd495
priv to true
2015-12-01 10:23:36 -06:00
wchen-r7
2621753417
priv to true
2015-12-01 10:21:56 -06:00
wchen-r7
d5d4a4acdc
Register the correct jsp to cleanup
2015-12-01 10:21:15 -06:00
wchen-r7
7dc268d601
Land #6283 , increase the amount of space needed for ms08_067
2015-11-25 19:37:25 -06:00
Brent Cook
35ea8c3f74
relax space needed a bit less, work with Windows XP and 2k3
2015-11-25 11:25:57 -06:00
Brent Cook
2a89a2bc9a
increase the amount of space needed for ms08_067
2015-11-25 07:13:16 -06:00
William Vu
f9d3652e1a
Land #6282 , deprecated module cleanup
...
rm modules/exploits/windows/browser/adobe_flash_pixel_bender_bof.rb
2015-11-24 23:48:09 -06:00
wchen-r7
6fbcb3d127
Land #6263 , add BisonWare BisonFTP Server Buffer Overflow
2015-11-24 22:55:15 -06:00
wchen-r7
f57ebad0e6
Change hard tabs to spaces
2015-11-24 22:54:52 -06:00
JT
9a7e51daec
Update bison_ftp_bof.rb
2015-11-25 11:47:21 +08:00
JT
3d6e4068cb
Update bison_ftp_bof.rb
2015-11-25 11:17:07 +08:00
wchen-r7
591da3c97e
Please use exploit/multi/browser/adobe_flash_pixel_bender_bof
...
Time to say goodbye to:
exploits/windows/browser/adobe_flash_pixel_bender_bof.rb
Please use:
exploit/multi/browser/adobe_flash_pixel_bender_bof
Reason: The replacement supports multiple platforms, so better.
2015-11-24 20:37:57 -06:00
wchen-r7
4e2eb7ca65
Add Oracle Beehive processEvaluation Vulnerability
2015-11-24 19:17:57 -06:00
JT
441fff4b7c
Update bison_ftp_bof.rb
...
Adding constant NOP
2015-11-23 06:53:12 +08:00
Spencer McIntyre
dc5e9a1d0a
Support CSRF token in the Jenkins aux cmd module
2015-11-22 17:51:27 -05:00
William Vu
b2d6458f50
Land #6129 , Joomla SQLi RCE
2015-11-20 14:30:23 -06:00
JT
e3bca890c1
Update bison_ftp_bof.rb
2015-11-20 23:45:15 +08:00
JT
1dee6dca1b
Update bison_ftp_bof.rb
2015-11-20 13:37:46 +08:00
JT
bd856322e0
Update bison_ftp_bof.rb
2015-11-20 09:58:44 +08:00
JT
335944aa9a
Update bison_ftp_bof.rb
2015-11-20 09:38:55 +08:00
JT
fcc7520230
Create bison_ftp_bof.rb
2015-11-20 09:07:40 +08:00
William Vu
7c5d292e42
Land #6201 , chkrootkit privesc
2015-11-19 10:37:30 -06:00
Jon Hart
8d1f5849e0
Land #6228 , @m0t's module for F5 CVE-2015-3628
2015-11-18 15:39:40 -08:00
Jon Hart
ae3d65f649
Better handling of handler creation output
2015-11-18 15:31:32 -08:00
Jon Hart
bcdf2ce1e3
Better handling of invulnerable case; fix 401 case
2015-11-18 15:24:41 -08:00
wchen-r7
3c72135a2f
No to_i
...
What happens here is it converts to a Fixnum, and then it converts
back to a String anway because it's in a String.
2015-11-18 15:25:18 -06:00
Jon Hart
deec836828
scripts/handlers cannot start with numbers
2015-11-18 12:31:46 -08:00
Jon Hart
7399b57e66
Elminate multiple sessions, better sleep handling for session waiting
2015-11-18 12:23:28 -08:00
Jon Hart
e4bf5c66fc
Use slightly larger random script/handler names to avoid conflicts
2015-11-18 11:51:44 -08:00
Jon Hart
e7307d1592
Make cleanup failure messages more clear
2015-11-18 11:44:34 -08:00
Jon Hart
0e3508df30
Squash minor rubocop gripes
2015-11-18 11:05:10 -08:00
Jon Hart
f8218f0536
Minor updates to print_ output; wire in handler_exists;
2015-11-18 11:05:10 -08:00
Jon Hart
392803daed
Tighten up cleanup code
2015-11-18 11:05:10 -08:00
William Vu
657e50bb86
Clean up module
2015-11-18 12:50:57 -06:00
m0t
c0d9c65ce7
always overwrite the payload file
2015-11-18 18:48:34 +00:00
wchen-r7
682a41af2e
Update description
2015-11-18 11:52:50 -06:00
wchen-r7
d6921fa133
Add Atlassian HipChat for Jira Plugin Velocity Template Injection
...
CVE-2015-5603
Also fixes a bug in response.rb (Fix #6254 )
2015-11-18 11:34:25 -06:00
sammbertram
a484b318eb
Update registry_persistence.rb
2015-11-18 16:13:18 +00:00
sammbertram
1fe8bc9cea
Added a SLEEP_TIME option
...
Added a SLEEP_TIME options which is the number of seconds to sleep prior to executing the initial IEX request. This is useful in cases where a machine would have to establish a VPN connection, initiated by the user, after a reboot.
Alternatively, as opposed to a sleep time, it could have a loop that attempts to retry for a certain period of item.
2015-11-18 11:17:57 +00:00
Jon Hart
e21bf80ae4
Squash a rogue space
2015-11-17 14:17:59 -08:00
Jon Hart
3396fb144f
A little more simplification/cleanup
2015-11-17 14:16:29 -08:00
Jon Hart
dcfb3b5fbc
Let Filedropper handle removal
2015-11-17 13:01:06 -08:00
jvoisin
44d477a13c
Fix some rubocop warnings
2015-11-17 13:26:50 +01:00
Jon Hart
715f20c92c
Add missing super in setup
2015-11-16 14:45:13 -08:00
jvoisin
70407a4f21
3600 * 60 * 24 isn't one day
2015-11-16 23:18:02 +01:00
Jon Hart
902951c0ca
Clean up description; Simplify SOAP code more
2015-11-16 11:06:45 -08:00
Jon Hart
1aa1d7b5e4
Use random path for payload
2015-11-16 10:57:48 -08:00
Jon Hart
ee5d91faab
Better logging when exploit gets 401
2015-11-16 10:41:48 -08:00
Jon Hart
c4ffd7ae36
When sending SOAP requests, print out proto/status/message when fail
2015-11-16 10:38:40 -08:00
Jon Hart
e58e17450a
Simplify XML building
2015-11-13 11:36:56 -08:00
Jon Hart
ecbd453301
Second pass at style cleanup. Conforms now
2015-11-13 11:24:11 -08:00
Jon Hart
85e5b0abe9
Initial style cleanup
2015-11-13 10:42:26 -08:00
jvoisin
873994a154
Skip the explicit return
...
Thanks to kernelsmith for the feedback
2015-11-13 12:40:34 +01:00
Louis Sato
9a0f0a7843
Land #6142 , uptime refactor
2015-11-12 16:58:55 -06:00
wchen-r7
ee25cb88b5
Land #6196 , vBulletin 5.1.2 Unserialize Code Execution
2015-11-12 14:38:39 -06:00
wchen-r7
6077617bfd
rm res var name
...
the res variable isn't used
2015-11-12 14:37:47 -06:00
wchen-r7
199ed9ed25
Move vbulletin_unserialize.rb to exploits/multi/http/
...
According to @all3g, this works on Windows too, so we will move
this to multi/http.
2015-11-12 14:36:01 -06:00
jvoisin
3566b978c3
Add a module for a chkrootkit-powered privsec
...
This modules implements an exploit for CVE-2014-0476,
to gain root thanks to chkrootkit.
Its main issues is that you need to wait until chkrootkit
is executed in a crontab (or manually),
which can take 24h top with its default setup.
How to reproduce:
1. Install a version < 0.50 of chkrootkit
2. Launch the local module
3. Wait until chkrootkit's crontab kicks in
4. You've got a root shell
```
msf > use exploit/linux/local/chkrootkit
msf exploit(chkrootkit) > check
[*] 192.168.1.25 - The target appears to be vulnerable.
msf exploit(chkrootkit) > run
[*] Exploit completed, but no session was created.
[*] Started reverse handler on 192.168.1.11:9999
msf exploit(chkrootkit) > [+] Target is vulnerable.
[!] Rooting depends of the crontab, this could take a while.
[*] Payload written to /tmp/update
[*] Waiting to chkrookit to be run be a cron tab...
[*] Command shell session 6 opened (192.168.1.11:9999 -> 192.168.1.25:40006) at 2015-11-06 20:53:00 +0100
[+] Deleted /tmp/update
msf exploit(chkrootkit) > sessions -i 6
[*] Starting interaction with 6...
id
uid=0(root) gid=0(root) groups=0(root)
```
2015-11-12 19:30:05 +01:00
m0t
eae2d6c89d
F5 module
2015-11-12 09:51:09 +00:00
wchen-r7
8ea0a864db
Add a reference for patching
2015-11-10 23:32:22 -06:00
wchen-r7
66f3582991
Add Oracle Beehive prepareAudioToPlay Exploit Module
2015-11-10 23:05:11 -06:00
JT
a0351133a6
Add more references to this exploit
...
Adding exploit-db doc about China Chopper webshell and details about this webshell in US-CERT.
2015-11-11 09:51:05 +08:00
HD Moore
f86f427d54
Move Compat into Payload so that is actually used
2015-11-09 16:06:05 -06:00
m0t
66ed66cc81
Merge pull request #1 from m0t/changes
...
F5 BIG-IP iCall privilege escalation vulnerability (CVE-2015-3628)
2015-11-09 16:11:29 +00:00
m0t
daa999fb1c
f5 module
2015-11-09 16:02:32 +00:00
m0t
d4d4e3ddb0
f5 module
2015-11-09 13:41:59 +00:00
m0t
893c4cd52d
f5 module
2015-11-09 13:10:54 +00:00
jvoisin
e2678af0fe
The modules now works on 5.1.X and 5.0.X
...
- Added automatic targeting
- Added support for 5.0.X
2015-11-07 14:28:25 +01:00
wchen-r7
0cc8165b52
And I forgot to rm the test line
2015-11-06 18:11:27 -06:00
wchen-r7
8f2a716306
I don't really need to override fail_with
2015-11-06 18:11:08 -06:00
wchen-r7
0213da3810
Handle more NilClass bugs
2015-11-06 18:08:51 -06:00
Jon Hart
43229c16e7
Correct some authors with unbalanced angle brackets
2015-11-06 13:24:58 -08:00
William Vu
2df149b0a5
Land #6189 , extraneous Content-Length fix
2015-11-06 14:36:40 -06:00
William Vu
3cae7999aa
Prefer ctype over headers['Content-Type']
2015-11-06 14:36:21 -06:00
wchen-r7
f957acf9ba
Fix Framework Rspec Failure
...
Needs to do:
include Msf::Exploit::Remote::HTTP::Wordpress
2015-11-06 13:56:05 -06:00
wchen-r7
fb9a40f15c
Land #6103 , Add WordPress Plugin Ajax Load More Auth File Upload Vuln
2015-11-06 13:18:48 -06:00
wchen-r7
73f630b25a
Note default.php
2015-11-06 13:18:24 -06:00
jvoisin
f93f3397ec
Fix some mistakes pointed by @wchen-r7
2015-11-06 19:35:22 +01:00
jvoisin
c540ca763c
Add the EDB id
2015-11-06 17:21:28 +01:00
jvoisin
7998955b46
The double-quote character is a badchar
2015-11-06 16:43:53 +01:00
jvoisin
30e7a35452
Add the possibility to target non-default path
2015-11-06 15:33:30 +01:00
jvoisin
bb0e64e541
Implement a module for the recent vBulletin RCE
...
This module implements the recent unserialize-powered RCE against
vBulletin 5.1.X
Step to reproduce:
1. Install vBulletin 5.1.X
2. Launch the exploit against it
```
msf exploit(vbulletin_unserialize) > check
[*] 192.168.1.25:80 - The target appears to be vulnerable.
msf exploit(vbulletin_unserialize) >
```
```
msf exploit(vbulletin) > run
[*] Started reverse handler on 192.168.1.11:4444
[*] Sending stage (33068 bytes) to 192.168.1.25
[*] Meterpreter session 1 opened (192.168.1.11:4444 -> 192.168.1.25:49642) at 2015-11-06 14:04:46 +0100
meterpreter > getuid
Server username: www-data (33)
```
2015-11-06 14:59:25 +01:00
wchen-r7
46fac897bd
Land #6144 , China Chopper Web Shell (Backdoor) module
2015-11-05 18:29:36 -06:00
wchen-r7
ea22583ed1
Update title and description
2015-11-05 18:29:03 -06:00
wchen-r7
27be832c4c
remove the fail_with because it's always triggering anyway
2015-11-05 18:19:46 -06:00
dmohanty-r7
a71d7ae2ae
Land #6089 , @jvazquez-r7 Fix HTTP mixins namespaces
2015-11-05 16:56:41 -06:00
wchen-r7
038cb66937
Use the right module path
2015-11-05 16:16:46 -06:00
Brent Cook
ee6d6258a5
Land #6180 , add PSH as a target for psexec directly, implement autodetect
2015-11-05 10:38:50 -06:00
pyllyukko
4390fda513
Remove extra Content-Length HTTP header
...
The send_request_raw already sets the header and if it's set also in the
module, Metasploit sends the header twice.
2015-11-05 14:38:06 +02:00
William Vu
862dff964a
Integrate psexec_psh into psexec
2015-11-04 17:31:33 -06:00
nixawk
109e9b6b6e
remove debug info - require 'pry'
2015-11-03 06:52:11 +00:00
nixawk
46fe0c0899
base64 for evasion purposes
2015-11-03 06:42:52 +00:00
nixawk
6c16d2a1ca
caidao's exploit module
2015-11-02 08:54:18 +00:00
William Vu
6a01efa394
Deprecate psexec_psh
2015-10-30 17:41:58 -05:00
Louis Sato
2bd792f693
remove .rb file extension
2015-10-30 15:26:45 -05:00
wchen-r7
82e600a53a
Suggest the correct replacement for the deprecated module
...
The deprecated module has been suggesting the wrong replacement,
it should be exploits/multi/browser/adobe_flash_pixel_bender_bof.rb
2015-10-29 16:24:29 -05:00
Louis Sato
57304a30a8
Land #6139 , remove bad ref links
2015-10-29 16:00:43 -05:00
wchen-r7
95920b7ff6
Bring back more working links
2015-10-29 15:57:16 -05:00
wchen-r7
da52c36687
Put back some links
2015-10-29 15:48:47 -05:00
nixawk
faf9be811a
delete caidao_php_backdoor_exec from exploits
2015-10-29 02:18:30 +00:00
nixawk
bc02993567
chinese caidao php backdoor command execution
2015-10-28 16:43:58 +00:00
wchen-r7
8757743821
Update description
2015-10-27 17:39:11 -05:00
wchen-r7
cfe9748962
Deprecate exploits/multi/http/uptime_file_upload
...
Please use uptime_file_upload_1.rb
2015-10-27 17:36:54 -05:00
wchen-r7
0c648eb210
Move to modules/exploits/multi/http/uptime_file_upload_2
...
This exploit is rather similiar to uptime_file_upload.rb, because
they both abuse post2file to upload. The difference is that this
module requires a priv escalation to be able to upload, and the
other one doesn't.
2015-10-27 17:31:31 -05:00
wchen-r7
592fdef93d
Update uptime_code_exec
2015-10-27 17:29:55 -05:00
wchen-r7
5b86d2ef95
Fix #6133 , update description, authors and references
...
Fix #6133
Thank you @japp-0xlabs
2015-10-27 14:38:18 -05:00
wchen-r7
154fb585f4
Remove bad references (dead links)
...
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
William Vu
74353686a3
Land #6136 , rescue SMB error for psexec
2015-10-27 09:31:37 -05:00
jvazquez-r7
b2e3ce1f8a
Allow to finish when deletion fails
2015-10-26 16:40:36 -05:00
wchen-r7
9adfd296a0
Land #6128 , Th3 MMA mma.php Backdoor Arbitrary File Upload
2015-10-26 15:26:06 -05:00
wchen-r7
0d9ebe13a1
Modify check
2015-10-26 15:25:38 -05:00
wchen-r7
f4abc16c66
Land #6102 , Add rsh/libmalloc privilege escalation exploit module
2015-10-26 10:54:05 -05:00
JT
4f244c54f8
Update mma_backdoor_upload.rb
2015-10-26 23:01:38 +08:00
Sam H
5fcc70bea4
Fixed issue w/ msf payloads + added timeout rescue
...
Apparently when OS X payload shells get a sudo command, it requires a full path (even though it clearly has $PATH defined in its env...) to that file. The updates here take that into account. Also, the script more directly catches a timeout error when the maximum time for sudoers file to change has passed.
2015-10-25 23:38:48 -07:00
JT
ad80f00159
Update mma_backdoor_upload.rb
2015-10-24 11:16:49 +08:00
JT
f461c4682b
Update mma_backdoor_upload.rb
2015-10-24 11:15:26 +08:00
wchen-r7
181e7c4c75
Update metadata
2015-10-23 17:22:31 -05:00
wchen-r7
01c2641c6b
Change print_*
2015-10-23 16:27:52 -05:00
wchen-r7
3c961f61a7
Modify check to use Nokogiri
2015-10-23 14:29:16 -05:00
wchen-r7
6f02cedff8
Move method create_exec_service
2015-10-23 13:10:00 -05:00
xistence
f632dd8f67
Add Joomla Content History SQLi RCE exploit module
2015-10-23 17:25:44 +07:00
Ewerson Guimaraes (Crash)
2828653f8f
Update uptime_code_exec.rb
2015-10-23 11:49:21 +02:00
Ewerson Guimaraes (Crash)
5539363218
Update uptime_code_exec.rb
2015-10-23 11:33:59 +02:00
JT
be89cb32c9
Th3 MMA mma.php Backdoor Arbitrary File Upload
2015-10-23 08:47:40 +08:00
wchen-r7
360f40249c
Land #6122 , user-assisted Safari applescript:// module (CVE-2015-7007)
2015-10-22 15:07:42 -05:00
wchen-r7
9d2e2df1f1
Update description
2015-10-22 15:07:11 -05:00
joev
35578c7292
Add refs.
2015-10-22 09:48:11 -05:00
joev
6a87e7cd77
Add osx safari cmd-R applescript exploit.
2015-10-22 09:46:56 -05:00
Sam H
348a0f9e3d
Cleaned up "cleanup" method and crontab check
...
The script now searches for the full line "ALL ALL=(ALL) NOPASSWD: ALL" written in the crontab file to ensure that it is successful rather than just "NOPASSWD". Additionally, the required argument used in the cleanup method was removed and simply turned into an instance method so it could be accessed without needing to call it with any arguments.
2015-10-21 22:53:32 -07:00
William Vu
997e8005ce
Fix nil http_method in php_include
2015-10-21 13:22:09 -05:00
William Vu
129544c18b
Land #6112 , splat for ZPanel exploit
2015-10-21 13:07:51 -05:00
Boumediene Kaddour
e188bce4c9
Update minishare_get_overflow.rb
2015-10-21 16:48:31 +02:00
wchen-r7
f06d7591d6
Add header for zpanel_information_disclosure_rce.rb
2015-10-20 16:19:44 -05:00
wchen-r7
70b005de7f
Land #6041 , Zpanel info disclosure exploit
2015-10-20 16:08:16 -05:00
wchen-r7
728fd17856
Make code changes for zpanel_information_disclosure_rce.rb
...
Use Nokogiri and URI, as well as indent fixes and other things
2015-10-20 16:07:02 -05:00
Sam H
712f9f2c83
Deleted extra reference to exploit DB
2015-10-18 19:10:47 -07:00
Sam Handelman
b03c3be46d
Fixed some styling errors in the initializer. Switched the calls to sleep(1) to use the Rex API (Rex.sleep(1) instead).
2015-10-18 02:13:03 -07:00
Roberto Soares
ba75e85eb3
Add WP Ajax Load More Plugin File Upload Vuln.
2015-10-17 13:30:36 -03:00
Sam Handelman
3757f2e8de
Changed my author name to make sure it matches my GitHub username inside the module information.
2015-10-16 14:54:34 -07:00
Sam Handelman
95d5e5831e
Adding the updated version of the module to submit a pull request. Changes were made to ensure that the OS version check correctly determines which systems are vulnerable, giving only a warning message if not.
2015-10-16 14:39:07 -07:00
jvazquez-r7
28ca34c40a
Fix conflicts
2015-10-16 15:38:59 -05:00
wchen-r7
c399d7e381
Land #5959 , Add Nibbleblog File Upload Vuln
2015-10-16 15:30:13 -05:00
wchen-r7
9666660c06
Enforce check and add another error message
2015-10-16 15:29:12 -05:00
William Vu
f14776ab63
Land #6092 , refs for arkeia_agent_exec
2015-10-15 22:50:57 -05:00
William Vu
8cb6cc57b5
Land #6094 , refs for another ManageEngine module
2015-10-15 22:49:05 -05:00
William Vu
86dfbf23e8
Fix whitespace
2015-10-15 22:48:53 -05:00
xistence
018b515150
Add CVE/URL references to manageengine_eventlog_analyzer_rce
2015-10-16 10:41:39 +07:00
xistence
b1f2e40b98
Add CVE/URL references to module manage_engine_opmanager_rce
2015-10-16 10:36:13 +07:00
xistence
6a1553ae63
Add EDB/CVE/URL references to arkeia_agent_exec
2015-10-16 10:23:20 +07:00
jvazquez-r7
67820f8b61
Fix Packetstorm references
2015-10-15 12:42:59 -05:00
jvazquez-r7
4517270627
Fix modules using Msf::HTTP::JBoss
2015-10-15 11:49:15 -05:00
jvazquez-r7
cf9ddbb701
Update moduels using Msf::HTTP::Wordpress
2015-10-15 11:47:13 -05:00
William Vu
bf9530d5ba
Land #5941 , X11 keyboard exec module
2015-10-14 11:38:47 -05:00
Brent Cook
30d2a3f2a9
Land #5999 , teach PSH web delivery to use a proxy
2015-10-14 11:05:45 -05:00
HD Moore
d67b55d195
Fix autofilter values for aggressive modules
2015-10-13 15:56:18 -07:00
William Vu
a4f0666fea
Land #6081 , DLink -> D-Link
2015-10-12 18:05:52 -05:00
Tod Beardsley
185e947ce5
Spell 'D-Link' correctly
2015-10-12 17:12:01 -05:00
Tod Beardsley
336c56bb8d
Note the CAPTCHA exploit is good on 1.12.
2015-10-12 17:09:45 -05:00
HD Moore
6f3bd81b64
Enable 64-bit payloads for MSSQL modules
2015-10-11 12:52:46 -05:00
jvazquez-r7
ed0b9b0721
Land #6072 , @hmoore-r7's lands Fix #6050 and moves RMI/JMX mixin namespace
2015-10-10 00:24:12 -05:00
jvazquez-r7
b9b488c109
Deleted unused exception handling
2015-10-09 23:38:52 -05:00
jvazquez-r7
c60fa496c7
Delete extra spaces
2015-10-09 23:37:11 -05:00
jvazquez-r7
e6fbca716c
Readd comment
2015-10-09 23:29:23 -05:00
jvazquez-r7
af445ee411
Re apply a couple of fixes
2015-10-09 23:24:51 -05:00
HD Moore
a590b80211
Update autoregister_ports, try both addresses for the MBean
2015-10-09 20:20:35 -07:00
HD Moore
2b94b70365
Always connect to RHOST regardless of JMXRMI address
2015-10-09 17:49:22 -07:00
HD Moore
cd2e9d4232
Move Msf::Java to the normal Msf::Exploit::Remote namespace
2015-10-09 13:24:34 -07:00
Tod Beardsley
94bb94d33a
Working URL for real
2015-10-09 15:07:44 -05:00
Tod Beardsley
b04f947272
Fix blog post date, derp
2015-10-09 14:59:57 -05:00
Tod Beardsley
55ef6ebe91
HP SiteScope vuln, R7-2015-17
...
On behalf of @l0gan, already reviewed once by @jvazquez-r7, reviewed
again by me.
For details, see:
https://community.rapid7.com/community/metasploit/blog/2017/10/09/r7-2015-17-hp-sitescope-dns-tool-command-injection
2015-10-09 14:55:48 -05:00
jvazquez-r7
5e9faad4dc
Revert "Merge branch using Rex sockets as IO"
...
This reverts commit c48246c91c
, reversing
changes made to 3cd9dc4fde
.
2015-10-09 14:09:12 -05:00
jvazquez-r7
347495e2f5
Rescue Rex::StreamClosedError when there is a session
2015-10-09 13:41:41 -05:00
brent morris
28454f3b2e
MSFTidyness
2015-10-08 12:59:46 -04:00
wchen-r7
871f46a14e
Land #6038 , ManageEngine ServiceDesk Plus Arbitrary File Upload
2015-10-07 15:17:58 -05:00
wchen-r7
dddfaafac7
Update reference
2015-10-07 15:17:22 -05:00
Christian Mehlmauer
eb597bb9f3
Land #5842 , watermark fileformat exploit
2015-10-07 19:29:04 +02:00
jakxx
c5237617f2
Update buffer size for reliability
2015-10-06 18:12:40 -04:00
brent morris
5eff3e5637
Removed hard tabs
2015-10-02 14:34:00 -04:00
brent morris
4ee7ba05aa
Removing hard tabs test
2015-10-02 14:31:46 -04:00
brent morris
6406a66bc0
Remove Ranking
2015-10-02 14:24:46 -04:00
brent morris
9f71fd9bfd
Formatting ZPanel Exploit
2015-10-02 14:23:07 -04:00