Commit Graph

23802 Commits (5f01b6abc97f9ac144a904eed81a7f4fe721f5a4)

Author SHA1 Message Date
Tim W 5f01b6abc9
Land #9977, fix crash during x64 linux reverse_tcp stager retry 2018-05-05 17:13:00 +08:00
Tim W 4216d06ffb fix #9963, update x64 linux reverse_tcp stager cached size 2018-05-05 16:30:45 +08:00
William Vu 88f09dc302 Update a few stragglers in Drupalgeddon 2
1. I added a missed header and YARD to the Drupal mixin.
2. I decided to match discovered versions more liberally.
2018-05-03 18:35:25 -05:00
William Vu 728d7bc065 Fix #9876, second round of Drupalgeddon 2 updates
Thanks to a reviewer for noticing my drupal_unpatched? method was
tri-state because of an unrefactored return. Oops! :)
2018-05-03 17:38:32 -05:00
bwatters-r7 ce5be387c4
Land #8795, Added CVE-2016-0040 Windows Privilege Escalation
Merge branch 'land-8795' into upstream-master
2018-05-03 16:33:53 -05:00
bwatters-r7 96b892a546
Make Rubocop happy 2018-05-03 11:30:05 -05:00
Borja Merino 916dfa56fe Add author name to the wlan_probe_request post-exploitation module 2018-05-03 11:41:09 +02:00
Jacob Robles d6cf32fad8
Land #9821, osCommerce 2.3.4.1 - Remote Code Execution 2018-05-02 07:29:15 -05:00
Jacob Robles fc2c42f725
Land #9960, fix continuation warnings in payloads 2018-05-02 06:28:17 -05:00
Jacob Robles 4a56ecf3ae
psexec native upload argument 2018-05-01 09:33:17 -05:00
Brent Cook 34f8a9a5ee fix continuation warnings in payloads 2018-05-01 04:57:42 -05:00
Jeffrey Martin 28173222a8
Land #9881, cleanup psexec code 2018-04-30 18:39:36 -05:00
Brent Cook e29a53b7cb
Land #9951, Update linux/gather/enum_protections module 2018-04-30 16:52:30 -05:00
Brent Cook f3fa9af098 fixup osx sizes 2018-04-30 15:21:23 -05:00
Brent Cook 7e31c2cf76
Land #9942, IPv6 channel fixes for Python and Linux/macOS Meterpreters 2018-04-30 15:14:12 -05:00
Brendan Coles 3351a59efb Update linux/gather/enum_protections 2018-04-29 06:52:47 +00:00
Aaron Soto c4bca03fea
Land #9908, msfd_rce_remote and msfd_rce_browser 2018-04-27 18:54:17 -05:00
Aaron Soto 82fc4aba64
Land #9918, XDebug Unauthenticated OS command execution 2018-04-27 17:08:58 -05:00
Brent Cook 8fd7448e48
bump payloads, ipv6 channel fixes 2018-04-27 14:18:54 -05:00
Auxilus d29bc920c1 print o/p to new line 2018-04-27 20:58:25 +05:30
Auxilus 912970ad3b change vprint to print for printing o/p in psexec_command 2018-04-27 20:47:21 +05:30
Auxilus 0374de5e0d change vprint to print for printing o/p 2018-04-27 10:49:04 +05:30
Auxilus 25cf8d175a report command execution o/p 2018-04-27 08:43:30 +05:30
Brent Cook 79d8f5e86c
autofilter = false means skip, which is reverse of intuition 2018-04-26 17:20:55 -05:00
Jeffrey Martin 54aaf1f718
Land #9937, enable autofilter on tp-link camera exploit 2018-04-26 16:08:09 -05:00
Brent Cook 4789cdc596 enable autofilter on tp-link camera exploit 2018-04-26 14:56:39 -05:00
Brent Cook 0fa0358993
Land #9853, Update Linux sock_sendpage local exploit module 2018-04-26 14:30:51 -05:00
William Vu 873cbcee27 Fix #9876, minor updates to Drupalgeddon 2
1. Tested versions are already listed in the module doc, and we've
tested more than just 7.57 and 8.4.5 now. Removing a source of potential
inconsistency in the future.
2. No problem with ivars anymore. No idea what happened, but maybe I was
just too tired to code. Removing cleanup method.
2018-04-25 18:09:54 -05:00
Brent Cook f52e6a18a2
Land #9876, Drupalgeddon 2 2018-04-25 15:49:53 -05:00
William Vu b8eb7f2a86 Set target type instead of regexing names
We're no longer matching multiple targets like /In-Memory/ or /Dropper/,
so it makes sense to match on a specific value now.

Old matching in this commit: 1900aa2708.
2018-04-25 11:53:26 -05:00
Brent Cook 2cd0228db2
Land #9900, add base64 encoder for ruby 2018-04-25 04:06:50 -05:00
Brent Cook 4cba6d1df4 suggest a reason if we get no server response 2018-04-25 03:57:12 -05:00
William Vu 910e9337fb Use print_good for patch level check, oops 2018-04-24 23:21:22 -05:00
William Vu b7ac16038b Correct comment about PHP CLI (it's not our last!) 2018-04-24 23:18:51 -05:00
William Vu ec43801564 Add check for patch level in CHANGELOG.txt
Looks like 8.x has core/CHANGELOG.txt instead.
2018-04-24 23:12:33 -05:00
William Vu 2ff0e597a0 Add SA-CORE-2018-002 as an AKA ref
Makes sense to me. Even though it's technically the advisory.
2018-04-24 22:51:33 -05:00
Auxilus 382a7f8aa3 Merge https://github.com/rapid7/metasploit-framework into psexec_cleanup 2018-04-25 09:09:48 +05:30
William Vu 8bc1417c8c Use PHP_FUNC as a fallback in case assert() fails
Additionally drop a file in a writable directory in case CWD fails.
2018-04-24 22:29:27 -05:00
Auxilus cbfdaf23a0 updated for requested changes 2018-04-25 08:56:54 +05:30
William Vu 8ff4407ca6 Clarify version detection error message
This was supposed to imply that we couldn't configure the exploit for a
targetable version. Instead, it just read weirdly. I think it was
missing "to target" at the end. "Determine" is a much better word,
though, since we may be doing detection instead of mere configuration.
2018-04-24 20:51:51 -05:00
Auxilus e7ac2cd155 move report_auth to psexec module 2018-04-24 23:00:55 +05:30
Robin Stenvi c81ad8fec0 Changes after review 2018-04-24 18:33:27 +02:00
William Vu cfaca5baa3 Restore a return lost in the refactor :(
Also spiff up comments.
2018-04-24 11:25:55 -05:00
Auxilus 3353102dc1 fix opt dependencies 2018-04-24 21:55:09 +05:30
William Vu a0f16b4a66 Prefer print_warning for consistency 2018-04-24 11:17:19 -05:00
William Vu 7ef8b99480 Improve printing in ETERNALBLUE's verify_arch
Now shows the invalid arch instead of showing nothing.
2018-04-24 11:09:54 -05:00
William Vu b507391f1b Change back to vprint_status for the nth time
I really couldn't decide, especially once I got rid of CmdStager.

Also fully document the module options.
2018-04-24 04:23:52 -05:00
William Vu c8b6482ab0 Rewrite PHP targets to work with 7.x and 8.x
Win some, lose some. php -r spawns a new (obvious) command. :/

Check method and version detection also rewritten. :)
2018-04-24 03:38:05 -05:00
Wei Chen f9a804e7d8
Bring the PR up to date 2018-04-23 08:52:05 -05:00
Robin Stenvi 60c6f970c1 Added base64 encoder for Ruby 2018-04-21 10:54:26 +02:00