f1d29e730f
Spaces at EOL
2018-06-09 11:53:21 +05:30
6e8412fa73
CVE-2018-11646 - Webkit+
2018-06-09 11:43:47 +05:30
7e0c8d279f
Minor Code Update
2018-06-07 21:16:41 +01:00
ab80eadc3f
Minor Code Improvement
2018-06-07 21:06:47 +01:00
98507b2e51
Update badpdf.rb
2018-06-07 19:08:51 +01:00
aba05275ae
BadPDF Generator
...
Generated PDF files which contain a UNC link back to listener, can be used to capture NetNTLM hashes.
2018-06-07 16:40:57 +01:00
16fcaa3d00
Delete badpdf.rb
2018-06-07 16:38:57 +01:00
c790537bb2
BadPDF Generator
2018-06-07 16:38:22 +01:00
f53d2a14df
Land #10067 , Added `auxiliary/fileformat/odt_badodt`
2018-06-06 11:27:23 -05:00
20e773498f
Moved to `auxiliary/fileformat/odt_badodt` and updated docs
2018-06-06 11:27:07 -05:00
61074d1220
Land #10115 , Added module `auxiliary/fileformat/multidrop`
2018-06-05 16:30:30 -05:00
c94263c915
Create 'fileformat' and move 'auxiliary/multidrop' to 'auxiliary/fileformat/multidrop'
2018-06-05 16:27:57 -05:00
3b2889cd77
Land #10106 , Add the scanner/smb/impacket/wmiexec module
2018-06-05 08:33:34 -05:00
59873ba81a
Updated Authors
2018-06-04 23:03:00 +01:00
4fcbb5d03d
Minor Code Updates
...
Minor Code Updates as per recommendations by Aaron Soto
2018-06-04 19:20:37 +01:00
e1d69d6307
Cleanup pSnuffle
2018-06-04 15:27:20 +00:00
061bb84a5a
Updated Code
...
Updated code with suggestions provided by bcoles
2018-06-01 11:13:40 +01:00
2bf5e26bfe
Removed `Deprecated` include from `udp_probe`
2018-05-31 14:32:31 -05:00
918705d510
Removed deprecated modules: `epmp1000_cmd_exec` and `cambium_snmp_loot`
2018-05-31 14:31:58 -05:00
53d9dc75d8
Adding npm component "marked" ReDoS module
...
This commit adds a module for the npm component
"marked" which exploits a Regular Expression
Denial of Service (ReDoS) vulnerability in the
"heading" regular expression. Also included
is the documentation markdown for this module.
2018-05-31 13:33:09 -05:00
829e1c306a
Land #10102 , SOCKS5 updates for BIND, parsing specs, refactoring
2018-05-30 16:15:53 -05:00
51a9fc4c55
Multidrop
...
Multidrop is a single module which can be used to create *.scf, *.url, *.lnk and desktop.ini files which contain a SMB/UNC link to a listener ready to capture NetNTLM hashes
2018-05-30 17:36:11 +01:00
c8b2fc8a35
Land #9701 , Flexense HTTP Server DoS exploit
2018-05-29 16:19:59 -05:00
026b22d061
Refined packet sizes and counts, improved error messages
2018-05-29 16:09:27 -05:00
b0d8e93e79
Added Teradata ODBC Login and SQL modules and documentation
2018-05-29 10:12:43 -05:00
7ac8af03d2
Remove the LD_PRELOAD hook for proxychains
2018-05-27 17:12:06 -04:00
28d15a113f
Add the secretsdump impacket module and docs
2018-05-27 17:09:59 -04:00
9fab2316c5
Add the wmiexec impacket module and documentation
2018-05-27 16:24:56 -04:00
c85cc9ad9e
Refactor SOCKS5 TcpRelay and add packet tests
2018-05-26 13:46:00 -04:00
49341fc87d
Add credential authentication support to socks5
2018-05-25 20:14:03 -04:00
9b5ae34896
Drop udp associate support and cleanup logging
2018-05-25 20:14:03 -04:00
6859856101
Refactor the socks5 code into multiple files
2018-05-25 20:14:03 -04:00
04bec0bdf0
Progress on the socks5 proxy module
2018-05-25 20:14:02 -04:00
3ab7526786
Name & description Change
...
Exploit::CheckCode changed to Unknown as suggested.
2018-05-25 20:22:51 +03:00
affa0bdc6f
Minor Update
...
Removed Unused Comment
2018-05-24 13:45:08 +01:00
7143f04ea7
Add files via upload
...
Updated to use recommended method of creating zip files
2018-05-24 09:53:53 +01:00
04a27e0221
Delete thumbnail.png
...
Moved folder location
2018-05-24 09:37:45 +01:00
81c4e9f7b9
Delete styles.xml
...
Moved folder location
2018-05-24 09:37:31 +01:00
73bfe1c9ab
Delete settings.xml
...
Moved folder location
2018-05-24 09:37:18 +01:00
247904746c
Delete meta.xml
...
Moved folder location
2018-05-24 09:37:04 +01:00
f9bda873d2
Delete manifest.xml
...
Moved folder location
2018-05-24 09:36:55 +01:00
5002eae655
Delete manifest.rdf
...
Moved folder location
2018-05-24 09:36:45 +01:00
02afeb3e29
Delete content.xml
...
Moved folder location
2018-05-24 09:36:35 +01:00
86a5b951aa
Land #9990 , add SOCKS5 proxy support
2018-05-23 17:31:09 -05:00
567e2dbc7e
Update telpho10_credential_dump.rb
...
Current version still vulnerable, developer ignores mails. It seems like this is going to be a 'won´t fix'
2018-05-23 09:32:41 +02:00
72efe66403
Refactored for better logging, IPv6 support, and prep for auth
2018-05-22 18:57:00 -05:00
0472b9df3f
Land #10024 , Fix find_or_create_* methods for remote data service
...
This PR updates the find_or_create_* methods associated with each model to
no longer just proxy to the report_* model. It now performs a lookup through
the DataProxy and returns the found object if it exists, or creates a new
record if needed.
2018-05-22 17:08:46 -05:00
4ecc1ff551
Modify loots, notes and services search methods
...
Modify loots and services method signatures. Remove workspace as a
positional argument, move into opts hash argument and update callers.
Made host search for these models more uniform. Update find_or_create
methods to handle difference in opts between find and report
operations.
2018-05-21 17:37:51 -04:00
ef229111c8
Delete readme.txt
2018-05-19 16:58:45 +01:00
5d3c95e51b
Create badodt
2018-05-19 16:58:14 +01:00
a0d8f70dee
Create readme.txt
2018-05-19 16:57:40 +01:00
077a7c7c9e
Delete test.txt
2018-05-19 16:57:07 +01:00
018a8a3060
Create test.txt
2018-05-19 16:56:49 +01:00
622bc272fb
Delete odt
2018-05-19 16:56:30 +01:00
b293ddfe5d
Create odt
2018-05-19 16:56:10 +01:00
7af7587519
Land #9999 , Optionally test empty group in cisco_ssl_vpn
2018-05-18 10:57:15 -05:00
c35c8e9c75
Update module name, per a good catch by @bcook
2018-05-16 13:55:45 -05:00
999b895735
Land #9816 , Add the scanner/smb/impacket/dcomexec module
2018-05-16 07:15:32 -05:00
cc0fdee788
EmptyGroup advanced option, just in case...
2018-05-10 09:57:50 -05:00
79a0610436
remove empty group
2018-05-09 11:11:03 -05:00
a4ecd43a8f
remove unused constants
2018-05-07 00:24:38 -05:00
534d05ff44
simpleclient versions option
2018-05-07 00:24:38 -05:00
ff202a5f5b
Simpleclient/SMB2 support
2018-05-07 00:24:38 -05:00
2cd0d3d90a
Rudamentary SOCKS5 functionality, CONNECT, IPv4, non-DNS only
2018-05-04 14:44:03 -05:00
d29bc920c1
print o/p to new line
2018-04-27 20:58:25 +05:30
912970ad3b
change vprint to print for printing o/p in psexec_command
2018-04-27 20:47:21 +05:30
0374de5e0d
change vprint to print for printing o/p
2018-04-27 10:49:04 +05:30
25cf8d175a
report command execution o/p
2018-04-27 08:43:30 +05:30
382a7f8aa3
Merge https://github.com/rapid7/metasploit-framework into psexec_cleanup
2018-04-25 09:09:48 +05:30
cbfdaf23a0
updated for requested changes
2018-04-25 08:56:54 +05:30
3353102dc1
fix opt dependencies
2018-04-24 21:55:09 +05:30
f9a804e7d8
Bring the PR up to date
2018-04-23 08:52:05 -05:00
ebd1e01578
Remove "Listening on" messages in capture modules
2018-04-20 16:34:51 -04:00
1f3cfc9498
Print the listening host information
2018-04-20 16:02:33 -04:00
f0b9ea635a
cleanup psexec code
2018-04-16 09:04:36 +05:30
2a6acfd1d0
Land #9823 , Private IP leak via WebRTC
2018-04-11 17:37:56 -05:00
154951cd37
minor update
2018-04-11 01:45:41 +10:00
8be159bdc7
Fixing space-tab mixed
2018-04-10 20:45:38 +05:30
7cbba34c83
Parsing IP address only
...
Changed title name and description, however few things still needs to fix.
2018-04-10 20:32:52 +05:30
201cdfb189
Handling execption by MSFTIDY
2018-04-06 22:54:21 +05:30
4e6afd49ed
Update browser_getprivateip.rb
2018-04-06 21:10:29 +05:30
f6cfcefbae
Some tweaks suggested by bcoles.
2018-04-06 17:44:43 +05:30
582eb2e61c
Create browser_getprivateip.rb
2018-04-06 14:42:57 +05:30
0a3bcf570c
Add the scanner/smb/impacket/dcomexec module
2018-04-04 17:34:41 -04:00
63aabc00f1
etcd rubocop style
2018-04-04 11:01:38 -07:00
a8c76638d3
Rename
2018-04-04 10:54:20 -07:00
518e17118a
Add DisclosureDate
2018-04-04 10:52:47 -07:00
a6c31aceb2
Refactor common etc capabilities; add separate version scanner
2018-04-04 10:48:27 -07:00
bd3c00dfd0
Land #9726 , add simple Rex::Tar wrapper for consistency with other archive types
2018-04-02 23:35:22 -05:00
226ef160ff
Land #9748 , Convert the smbloris DoS into an external module
...
Help reliability and performance. This some Ruby-specific external module
tooling as a result as well.
2018-04-02 23:25:10 -05:00
fa34f3e0a4
Land #9718 , Add get_user_spns 'kerberoasting' module
2018-04-02 10:04:44 -05:00
3a54f0d5f8
Land #9776 , if data is nil, stop reading the heartbleed socket
2018-03-29 11:23:08 -05:00
a1e83ce835
Land #9760 , @h00die's etcd scanner
2018-03-28 10:41:22 -07:00
5cdfadd0df
Fix more style issues
2018-03-28 09:43:30 -07:00
7767505678
Fix some style issues
2018-03-28 09:43:22 -07:00
c97743925f
jhart suggestions
2018-03-27 18:46:31 -04:00
288bd28d3a
if data is nil stop reading the heartbleed socket
2018-03-27 15:51:14 -05:00
1f31bcd26f
Update telpho10_credential_dump
2018-03-27 14:57:57 -05:00
862a3ff74d
Land #9618 , pipe auditing improvements
2018-03-26 17:01:48 -05:00
327b2176c0
change and
2018-03-26 17:35:58 -04:00
217dea60fc
Update blog link to up-to-date blog post
2018-03-26 15:43:10 -04:00
e462cb49a2
updated docs
2018-03-25 14:53:30 -04:00
d739a9a057
working etcd scanner
2018-03-25 13:54:55 -04:00
5ece14b064
Convert SMBLoris to an external module
2018-03-23 14:55:18 -05:00
09cb4a52df
Update smb_ms17_010 scanner with PipeAuditor mixin
2018-03-22 15:37:45 -05:00
e4c026fffd
Update pipe_auditor module with PipeAuditor mixin
2018-03-22 15:37:45 -05:00
8d0e3ada74
Change option names and module type
2018-03-21 06:49:50 -05:00
fc9005df8a
Add External License Support
2018-03-21 06:26:25 -05:00
8d12118d1f
Add get_user_spns external module and documentation
2018-03-21 06:26:15 -05:00
ca7caae622
Change External Module Type Names
...
Change the a couple of external module type names
to be consistent with the template files.
2018-03-20 10:19:57 -05:00
44d5022380
Land #9529 , Add module for HP iLO CVE-2017-12542 authentication bypass
2018-03-16 16:50:54 -05:00
d1722d507b
handle reset from the target on exploit
2018-03-16 16:46:50 -05:00
65ae1e33e1
Land #9694 , move ssh platforms to lib
2018-03-16 12:49:57 -05:00
1b2f1ced02
Land #8422 , Typo3 News Module Sql Injection exploit
2018-03-15 10:55:04 -05:00
ba0d990273
Documentation added and Error Checks
2018-03-15 10:46:08 -05:00
9e23997c3d
Added Error Handling
2018-03-14 08:16:17 -05:00
1d51cf6d24
Implement Suggested Changes
2018-03-14 06:15:49 -05:00
64a51c1bd7
Save Credentials and IP
2018-03-13 08:47:08 -05:00
28d890147b
msftidy update and style changes
2018-03-13 09:30:48 +01:00
1c7f1c79af
Updated style
2018-03-13 09:26:34 +01:00
97dbc1273a
copy pasta
2018-03-12 20:14:08 -04:00
1587b5b682
Land #9686 , add ipv6 to slowloris, rhost to non-scanner modules
2018-03-12 16:13:21 -05:00
ef515d256d
msftidy fixes
2018-03-13 00:34:25 +05:30
2c52498d4a
Update smb_ms17_010.rb
2018-03-13 00:28:37 +05:30
6e9a4916f5
scanner update
2018-03-13 00:23:18 +05:30
2950c84660
Better code.
...
Added check function.
Smaller & cleaner code.
2018-03-12 20:33:46 +03:00
d86dcbc237
Land #9632 , owa_login and auth_brute enhancements
2018-03-12 10:31:20 -05:00
5ee50c5fab
Username and password reported as credentials
2018-03-12 07:01:03 -05:00
3d6af4c7ee
Removed mail from author section
2018-03-12 07:01:03 -05:00
b0ed8c4702
code cleanup
2018-03-12 07:01:03 -05:00
7b781d53c9
Small code refactoring, added verbose output
2018-03-12 07:01:03 -05:00
fe89e2d391
Corrected check method, warning in case of absence of news and TARGETURI parameter
2018-03-12 07:01:03 -05:00
f09d9a8994
Solved msftidy.rb issues
2018-03-12 07:01:02 -05:00
dbba27cc97
Fixed minor issues and added automatic detection of Patten1/Pattern2
2018-03-12 07:01:02 -05:00
63444a2c43
Corrected wrong label in password hash message
2018-03-12 07:01:02 -05:00
4a40f40c14
Typo3 News Module Sql Injection exploit
2018-03-12 07:00:45 -05:00
420905137b
CVA added.
2018-03-12 08:42:28 +03:00
d71b6bdf0d
Update syncbreeze_enterprise_dos.rb
...
msftidy.rb adjustment.
2018-03-11 23:27:46 +03:00
0e4e260a02
Adding Sync Breeze Enterprise 10.6.24 DOS
...
This module triggers a Denial of Service vulnerability in the Sync Breeze Enterprise HTTP server. Vulnerable version of the product can be downloaded here (http://www.syncbreeze.com/setups/syncbreezeent_setup_v10.6.24.exe ). After installing the software web server should be enabled via Options->Server->Enable web server on port. Module triggers a user space write access violation on syncbrs.exe memory region. Number of requests that will crash the server changes between 200-1000 depending on the OS version and system memory.
2018-03-11 23:07:50 +03:00
615f6b02af
varnish no auth file read
2018-03-09 11:25:13 -06:00
1fd0087a97
Land #7654 , varnish file read
2018-03-09 10:59:04 -06:00
a458cb9ebc
varnish file read msftidy fixes
2018-03-09 10:56:52 -06:00
037559023a
Update connect/disconnect varnish
...
[ticket: #7654 ]
2018-03-09 10:37:14 -06:00
ea78e21961
Documentation accuracy
2018-03-09 07:43:12 -06:00
9df99e8ce3
Update smb_ms17_010.rb
2018-03-09 16:10:20 +05:30
56fe70d84b
Update smb_ms17_010.rb
2018-03-09 16:07:09 +05:30
ec7a62bc4c
move ssh platforms to lib
2018-03-08 21:23:11 -05:00
478f01d0d9
fix format
2018-03-09 02:25:58 +05:30
72160598a7
msftidy fix
...
msftidy fix
2018-03-08 20:46:30 +01:00
26f023e071
updates for passing msftidy
...
updates for passing msftidy
2018-03-08 20:34:49 +01:00
c1dc603f0d
fixed EOLs, updated license comment
...
fixed EOLs, updated license comment
2018-03-08 19:53:18 +01:00
9c4ff479cf
module title changed
2018-03-08 15:23:02 +01:00
0503a8d3e1
init siemens_siprotec4
...
init siemens_siprotec4
2018-03-08 14:09:53 +01:00
9a8f1ace2d
Add slowloris support for IPv6 and hostnames
...
Replace manual socket creation with `socket.create_connection` to get
auto-detection goodness.
2018-03-07 17:06:04 -06:00
5a2f197c47
Remove redundant RPORT
2018-03-07 14:41:51 -06:00
e8a227b1a6
Changes as requested by jhart-r7:
...
- Default Username / Password are now random
- Doc fixed
- REST typo fixed
2018-03-07 10:48:05 +01:00
a69c2e29d2
Correct comment
2018-03-06 18:16:22 -08:00
1e04fa009f
Fix style
2018-03-06 18:13:50 -08:00
74ec9f00e7
Add WIP memcached UDP version scanner
2018-03-06 17:54:00 -08:00
e72372d6d8
Add disclosure date and correct CVE for memcached amp
2018-03-06 16:04:00 -08:00
d6871f5733
Land #9614 , Juniper post enum module
2018-03-06 10:29:56 -06:00
f6ebce2440
Update User List
2018-03-06 06:38:06 -06:00
5fde6bf5d3
Update Code
2018-03-05 22:39:16 -06:00
f2de2a7f21
Appease most of rubocop's concerns
2018-03-04 07:17:25 -08:00
2edb2dd8d0
Add CVE; clarify vuln name
2018-03-04 07:13:28 -08:00
e7a7b557bc
Randomize and doc memcached stats probe; catch multi-packet responses
2018-03-01 16:56:34 -08:00
155f45fc28
Simplify memcached amplification scanner to use UDPScanner for most of the work
2018-03-01 15:37:23 -08:00
9e1a7c869c
Use drdos mixin for memcached amp module
2018-02-27 22:51:27 -08:00
05c99ffb5c
Add Memcached amplification scanner
2018-02-28 11:24:17 +07:00
a344ffadd8
Modified Code, Added additional check
2018-02-26 07:29:08 -06:00
4e4aeb7b4d
Add GitStack v2.3.10 Unauth REST API Aux Module
2018-02-26 06:04:38 -06:00
a1587bcd68
Update smb_ms17_010.rb
2018-02-24 09:05:35 +05:30
46af6239df
Update smb_ms17_010.rb
2018-02-24 08:50:39 +05:30
9bae6246b2
Check for accessible named pipe on vuln targets
...
```
msf5 auxiliary(scanner/smb/smb_ms17_010) > run
[+] 192.168.0.2:445 - Host is likely VULNERABLE to MS17-010! - Windows 7 Ultimate 7601 Service Pack 1 x64 (64-bit)
[*] 192.168.0.2:445 - Checking for accessible named pipes
[+] 192.168.0.2:445 - Found accessible named pipe: netlogon
[+] 192.168.0.2:445 - Found accessible named pipe: lsarpc
[+] 192.168.0.2:445 - Found accessible named pipe: samr
[+] 192.168.0.2:445 - Found accessible named pipe: browser
[+] 192.168.0.2:445 - Found accessible named pipe: atsvc
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
2018-02-24 03:20:34 +05:30
133b34827f
Fix false+ login in a few more places
2018-02-23 13:16:41 -06:00
c7bbc6eca4
juniper post enum module
2018-02-22 21:08:21 -05:00
5815b626d9
Dont save email addresses as valid
...
Also add module doc for owa_login module
2018-02-22 14:58:11 -06:00
e531dbc976
Fix bug causing all logins to appear valid
...
The headers we were looking for were a little too loose
and were incorrectly identifying all responses as successful
login attempts
2018-02-22 11:25:35 -06:00
738d6ab33a
Land #9604 , Fix logged errors when running without Python 3.6 / gmpy2
2018-02-22 08:11:30 -06:00
7e665ab287
check for extra libraries explicitly, fail gracefully
2018-02-21 21:54:58 -06:00
3880f6a65e
Finally fix "Unknown admin user ''" after 2yrs
...
The failed password auth was necessary after all. I misread the PoC. :'(
Apparently the password auth sets the username, while the backdoored
keyboard-interactive auth sets the password.
2018-02-21 20:44:35 -06:00
cc2495dd9c
Explain fortinet-backdoor -> FortinetBackdoor
2018-02-21 17:05:30 -06:00
a5d78b82d4
Add require for Net::SSH::CommandStream
2018-02-21 15:51:53 -06:00
854ac67b8e
Use start_session in fortinet_backdoor
...
Still get "Unknown admin user ''" from a shell channel request,
@busterb's more complete implementation notwithstanding.
Hoping we fix this in a subsequent commit or related PR.
Please see #6612 and #9524 .
2018-02-21 15:33:34 -06:00
78822fd799
Land #9524 , prefer 'shell' channels over 'exec' channels for ssh CommandStream
2018-02-21 06:59:09 -06:00
9cbc55ce40
Land #9593 , finger_users regex fix
2018-02-21 01:27:40 -06:00
d6206dc046
Better regex in finger_users
2018-02-20 15:48:00 -06:00
56c00a8cb6
initial OWA 2016 support
2018-02-19 21:43:49 -06:00
ac7fe99a2b
specify a python encoding for the module
2018-02-16 16:17:52 -06:00
242f2d3117
Land #9512 , Add Claymore Dual GPU Miner<= 10.5 DoS module
2018-02-16 10:46:48 -06:00
b533ec6019
Land #9509 , Ulterius Server < v1.9.5.0 Directory Traversal
...
Land #9509
2018-02-15 16:34:31 -06:00
949b474a0a
Avoid target_uri.path
...
It doesn't look like target_uri.path is suitable for this scenario,
because it causes our input to be modified and hard to use.
2018-02-15 16:31:09 -06:00
5467f4c97e
Add header
2018-02-15 16:19:54 -06:00
c4c864f391
Land #9558 , Fix #9417 , map timeout exp to a var for telnet_encrypt_overflow
2018-02-15 15:54:23 -06:00
ef948ccc38
Fix #9417 , map timeout exp to a var for telnet_encrypt_overflow
...
Fix #9417
2018-02-14 09:19:28 -06:00
7cfc17860d
udp_probe is necessary for pivot scans
2018-02-14 08:45:46 -06:00
234f5a316b
Revert "Remove old deprecated modules"
...
This reverts commit a2c5cc0ffb
2018-02-14 08:42:44 -06:00
fbeba8bfd2
Fix #9513 , Add private_type to be able to store password for Tomcat
...
If there is no :private_type, the create_credential method in
Metasploit::Credential::Creation will quietly skip the password,
which makes it look like a bug when the user is trying to view
the password from the creds command.
Fix #9513
2018-02-13 14:31:56 -06:00
fe46f635db
Changes as requested by bcoles
2018-02-13 10:54:42 +01:00
ecb5fffb0b
Typo fix: "withint" --> "within"
2018-02-13 06:20:57 +13:00
Dhiraj Mishra
rmdavy
Aaron Soto
Jacob Robles
Brendan Coles
Nicholas Starke
actuated
Spencer McIntyre
Ege Balcı
Brent Cook
Jan Rude
James Barnett
Matthew Kienow
Auxilus
Wei Chen
Adam Cammack
Jon Hart
h00die
Jeffrey Martin
William Vu
Andrew Morris
Can
Mzack9999
Fab
xistence
James Lee
HD Moore
follower