5b6938e942
Revert "Added exploit module for Delta Electronics Delta Industrial Automation COMMGR 1.08 Buffer Overflow"
...
This reverts commit 1a9aa8ac3b
2018-09-19 13:20:00 +08:00
1a9aa8ac3b
Added exploit module for Delta Electronics Delta Industrial Automation COMMGR 1.08 Buffer Overflow
2018-09-18 16:09:05 +08:00
2fbbf88ea9
Land #10560 , ms17_010_eternalblue: use SMBDomain value when provided
...
instead of ignoring it
Merge branch 'land-10560' into upstream-master
2018-09-13 10:08:54 -05:00
5b81ebd81b
Land #10589 , multidrop support for word xml docs
2018-09-12 11:00:11 -05:00
a3d74d926c
Land #9897 , Fix #8404 ListenerComm Support For Exploit::Remote::TcpServer
2018-09-10 16:25:55 -05:00
ea2fcb6fc4
Land #10593 , Refactor SSH mixins and update modules
2018-09-10 15:38:53 -05:00
87eb600510
Land #10611 , mRemote creds gather module fixes
...
Also update #10612 to align with these changes.
2018-09-10 15:25:09 -05:00
93a73f5e71
Fix store_loot OID
...
It's supposed to be a loot type, not the filename (now stored).
2018-09-10 15:19:28 -05:00
8b4820004d
Land #10612 , store_loot text/xml ctype fixes
2018-09-10 15:07:06 -05:00
3ec4d2f22b
Normalize loot type OID
...
1. Include the vendor, product, and technology
2. Content type is already reported, extension changed
3. Original filename including extension is also reported
Can we get some sort of standard on the OID?
2018-09-10 15:06:07 -05:00
3d5da50b12
Land #10598 , Store Credentials Found with PhpMyAdmin Password Extractor
2018-09-10 11:49:52 -05:00
39a2d9d2a8
save xml files as xml
2018-09-09 21:24:39 -04:00
0072d9b9b1
save as xml since it is
2018-09-09 21:22:15 -04:00
70e22707c0
vi loves tabs but i dont
2018-09-09 21:19:17 -04:00
f926f6e9af
fix pathing in mremoteng
2018-09-09 21:07:47 -04:00
718aaca0f4
Land #10546 , Add Apache Struts exploit: CVE-2018-11776
2018-09-07 14:54:23 -05:00
bd50e00ccc
Make some small changes:
...
Changes made:
* DisclosureDate
* Privileged to false
* Remove gsub for ';'
* Set cmd/unix/generic as the default payload for ARCH_CMD (linux)
2018-09-07 14:48:33 -05:00
b3cd4a89ad
Move CVE ref to top as per ~standard~
2018-09-07 14:33:25 -05:00
68ca771764
Add CVE reference to ghostscript_failed_restore.rb
2018-09-07 14:24:15 -05:00
99ca6cef49
Quote-block cleanup and improved error handling
2018-09-07 11:43:04 -05:00
dbace01015
modified regex lines
2018-09-07 11:13:09 -05:00
18ffd36409
storing config file, changed regex
2018-09-07 08:13:10 -05:00
3671f8f6b0
Handling for Tomcat namespace issues, 'allowStaticMethodAccess' settings, and payload output
...
Depending on the configuration of the Tomcat server, `allowStaticMethodAccess` may already be set. We now try to detect this as part of `profile_target`. But that check might fail. If so, we'll try our best and let the user control whether we prepend OGNL to enable `allowStaticMethodAccess` via the 'ENABLE_OGNL' option.
Additionally, sometimes enabling `allowStaticMethodAccess` will cause the OGNL query to fail.
Additionally additionally, some Tomcat configurations won't provide output from the payload. We'll detect that the payload ran successfully, but tell the user there was no output.
2018-09-06 17:56:42 -05:00
7eb06b4592
Address travis errors: Updated metadata and target OS logic
2018-09-06 12:43:56 -05:00
6c3b1081ea
added function to grab and store user and passwd
2018-09-06 12:03:00 -05:00
cb16f812ec
struts2_namespace_ognl updates from code review
...
Thanks to @wvu, @firefart, and @wchen!
2018-09-06 11:50:57 -05:00
dd476066cf
Land #10584 , fix session upgrade HANDLE_TIMEOUT and upgrading osx shells
2018-09-06 05:52:40 -05:00
35fb0d19ab
Refactor SSH mixins and update modules
2018-09-05 23:53:11 -05:00
d23b252393
Land #10592 , support ERB for foxit_reader_uaf.rb
2018-09-05 21:48:52 -05:00
254e8b9fd0
Cleanup for foxit_reader_uaf
2018-09-05 21:47:57 -05:00
243267b2f5
Add Linux dropper target
2018-09-05 19:57:12 -05:00
61044e8bca
Refactor targets to align with current style
2018-09-05 19:56:32 -05:00
692ddc8b8b
Eschew updating imagemagick_delegate
...
The hype is over, and the target was provided as a bonus. Now update the
module language to reflect that.
2018-09-05 19:56:32 -05:00
1491f13bd5
Add Ghostscript failed restore exploit
2018-09-05 19:56:32 -05:00
13ff71b879
Clean up previous modules
...
Missed in 35670713ff
2018-09-05 19:56:32 -05:00
55bf6e5dd4
removed require in erb file
2018-09-05 18:09:29 -05:00
6a3a4de289
included path to erb, removed multiline pdf string
2018-09-05 14:09:10 -05:00
14aee3a822
Added auxiliary/fileformat/multidrop support for Word XML documents
2018-09-05 11:51:48 -05:00
b7da75d860
fix #10576 , fix session upgrade HANDLE_TIMEOUT
2018-09-04 16:46:33 +08:00
8fe8bf62e3
Renamed to match existing `struts2_content_type_ognl` and improved comments
2018-08-31 13:48:22 -05:00
0dea5fcfd9
Land #10565 , Add Dolibarr ERP/CRM Auxiliary Module
2018-08-31 13:47:46 -05:00
35022d8332
Added payload upload+execution and OGNL-specific URI encoding
2018-08-31 13:39:42 -05:00
aa9d0d7c6c
using uri_encode
2018-08-31 08:41:25 -05:00
b1151b9d12
modified login_uri
2018-08-31 08:08:46 -05:00
7c7f63df45
Fix missing normalize_uri in struts2_rest_xstream
...
I missed this one previously. May not be necessary but nice to have.
2018-08-30 15:56:43 -05:00
42af28a86a
printing and storing credentials
2018-08-30 14:17:37 -05:00
85c4abac99
storing credentials
2018-08-30 13:59:00 -05:00
a9376266bc
Land #10484 , Add PhpMyAdmin password extractor
2018-08-30 12:16:17 -05:00
924e61c5c1
Added check and removed register_options
2018-08-30 12:13:39 -05:00
6ec8522786
Land #10482 , Add Network Manager VPNC Privesc
2018-08-30 10:46:54 -05:00
Hubert Lin
bwatters-r7
Shelby Pace
Brent Cook
William Vu
Jacob Robles
h00die
Wei Chen
Adam Cammack
asoto-r7
Tim W