9f738c3e41
Add note about overwritten files
2016-05-19 15:07:27 -05:00
8fccb26446
Add Ubiquiti airOS exploit
...
Thanks to my friend wolf359 for providing a test device!
2016-05-19 14:50:20 -05:00
31bbcfca49
Fix ms13_081_track_popup_menu
2016-05-19 17:22:47 +09:00
c621f689b2
more descriptive note per @sempervictus
2016-05-18 19:08:01 -04:00
b5284375a7
osb_uname_jlist - NoMethodError undefined method 'empty?' for nil:NilClass
2016-05-18 00:16:53 -05:00
11fedd7353
ca_totaldefense_regeneratereports - NoMethodError undefined method 'empty?' for nil:NilClass
2016-05-18 00:15:28 -05:00
a6405beeda
ams_hndlrsvc - NoMethodError undefined method 'empty?' for nil:NilClass
2016-05-18 00:13:40 -05:00
41bcdcce61
fix struts_code_exec_exception_delegator - NoMethodError undefined method 'empty?' for nil:NilClass
2016-05-18 00:11:57 -05:00
bc257ea628
fix struts_code_exec - NoMethodError undefined method 'empty?' for nil:NilClass
2016-05-18 00:10:32 -05:00
68b83c6e3a
datastore['CMD'].blank?
2016-05-17 23:56:59 -05:00
815a2600a8
additional description
2016-05-17 22:07:33 -04:00
640e0b9ff7
working ready for pr
2016-05-17 21:58:32 -04:00
a4e7e373f3
fix ams_xfr.rb - NoMethodError undefined method 'empty?' for nil:NilClass
2016-05-17 17:55:18 -05:00
36a9ef83ab
Added phoenix_command.rb
2016-05-17 15:45:45 +02:00
e8ac568352
doesn't look like we're using the tcp mixin
2016-05-17 03:15:26 -05:00
08394765df
Fix #6879 , REXML::ParseException No close tag for /div
2016-05-17 03:14:00 -05:00
9c61490676
Fix some inconsistencies
...
Failed to catch these while editing. :(
2016-05-17 02:50:12 -05:00
92d07f74ff
Remove unnecessary double expand_path
2016-05-16 17:34:12 -07:00
8bccfef571
Fix merge conflict
2016-05-16 17:29:45 -07:00
cf0176e68b
Land #6867 , Add Dell SonicWALL Scrutinizer 11.0.1 MethodDetail SQL Injection
2016-05-16 19:00:10 -05:00
3ea2f62376
Land #6875 , update description for auxiliary/spoof/nbns/nbns_response
2016-05-15 12:34:53 -05:00
8e85e8f9d7
Land #6859 , Add TP-Link sc2020n Module
2016-05-15 12:33:54 -05:00
5361aaadbd
Update nbns_response.rb
...
Just correcting the description section of this module
2016-05-14 15:24:38 -07:00
21d74a64fe
Land #6874 , Improve exploit for CVE-2016-0854
2016-05-14 11:08:17 -05:00
0d176f2c92
remove a couple of unnecessary ternary ops
2016-05-14 11:07:43 -05:00
c7cbaa08c8
Land #6576 , add Search Engine Subdomains Collector (Bing / Yahoo / ..)
2016-05-14 10:50:53 -05:00
2e3e4f0069
Land #6296 , Added a multi-platform post module to generate TCP & UDP egress traffic
2016-05-14 00:03:00 -05:00
3542d907f7
simplify description, move the bulk of documentation to documentation/
2016-05-14 00:01:51 -05:00
8ce0365c7f
See rapid7/metasploit-payloads#98 , update cached payload sizes
2016-05-13 23:05:34 -05:00
d398419971
Land #6832 , Check LHOST value before running shell_to_meterpreter, add docs
2016-05-13 22:50:22 -05:00
314d73546c
additional details, not working on tablet via malicious apk meterpreter
2016-05-13 23:12:44 -04:00
a940481f62
Land #6834 , Authorized FTP JCL exploit for z/OS
2016-05-13 21:29:45 -05:00
5c494480e6
handle failure more gracefully
2016-05-13 21:29:25 -05:00
3b5db26ff5
Fix #6872 , change upload action for CVE-2016-0854 exploit
...
This patch includes the following changes:
* Instead of the uploadFile action, this patch uses uploadImageCommon
to be able to support both Advantech WebAccess builds: 2014 and
2015.
* It uses an explicit check instead of the passive version check.
* It cleans up the malicious file after getting a session.
* Added module documentation to explain the differences between
different builds of Advantech WebAccess 8.0s, and 8.1.
Fix #6872
2016-05-13 19:47:18 -05:00
5099124f3d
module compiles, fails correctly but cant yet verify it works
2016-05-12 22:18:43 -04:00
2d5cf6cfe4
Authorized FTP JCL exploit for z/OS
...
This exploit module allows a user with credentials to execute JCL on a
vulnerable mainframe system running z/OS and an appropriately configured
FTP server.
2016-05-12 14:46:31 -05:00
a69432abe5
update module class and move to recon from manage
2016-05-12 12:42:04 -05:00
9f923cdb00
Merge branch 'master' into land-6296-egress
2016-05-12 12:36:47 -05:00
8f9762a3e5
Fix some comments
2016-05-12 00:19:18 -05:00
da293081a9
Fix a typo
2016-05-11 22:48:23 -05:00
9d128cfd9f
Add Dell SonicWALL Scrutinizer 11.0.1 MethodDetail SQL Injection
2016-05-11 22:27:18 -05:00
4b23d2dc58
Adjusting exception handling
...
This commit adjusts the error handling to close the socket before
calling fail_with and adds specific exceptions to catch
2016-05-11 17:18:51 -05:00
32e1a19875
Fix up the disclosure date
2016-05-11 00:18:22 -05:00
ded79ce1ff
Fix CVE syntax
2016-05-10 23:18:45 -05:00
4a5d150716
Fixups to continue supporting Rails 4.2.x
2016-05-10 23:12:48 -05:00
04bb493ccb
Small typo fixed
2016-05-10 23:07:51 -05:00
32ae3e881e
Adding save_cred and exception handling to module
...
This commit adds a save_cred method for saving off the credentials
upon a successful login attempt. Also, exception handling surrounding
the opening of the telnet socket has been added to avoid any accidental
resource leaking.
2016-05-10 20:54:44 -05:00
7c6958bbd8
Rework rails_web_console_v2_code_exec to support CVE-2015-3224
2016-05-10 11:08:02 -05:00
3db72e9b4b
Land #6853 , use send_request_cgi! for CVE-2016-0854 exploit
2016-05-09 16:10:04 -05:00
8eb3193941
Adding TP-Link sc2020n Module
...
This module exploits a command injection vulnerability in
TP-Link sc2020n network video cameras in order to start the
telnet daemon on a random port. The module then connects to
the telnet daemon, which returns a root shell on the device.
2016-05-08 14:02:50 -05:00
2a546d191f
Land #6854 , smtp header fix
...
Fixes an issue with duplicate headers when sending emails.
Fixes MS-1476
2016-05-06 12:07:12 -05:00
2abb062070
Clean up module
2016-05-06 11:51:29 -05:00
e4e6246692
Merge branch 'master' of github.com:rapid7/metasploit-framework
2016-05-06 10:55:52 -05:00
8dc7de5b84
Land #6838 , add Rails web-console module
2016-05-05 15:53:52 -05:00
1bc2ec9c11
Update vulnerable versions to include 6.x (legacy)
2016-05-05 14:18:42 -05:00
26b749ff5a
Add default LHOST
...
This is a massive workaround and probably shouldn't be done. :-)
2016-05-05 14:18:42 -05:00
5c713d9f75
Set default payload
...
Land #6849 for this to be effective.
2016-05-05 14:18:42 -05:00
232cc114de
Change placeholder text to something useful
...
A la Shellshock. :)
2016-05-05 14:18:42 -05:00
f32c7ba569
Add template generation details
2016-05-05 14:18:42 -05:00
23a0517a01
Update description
2016-05-05 14:18:42 -05:00
d7b76c3ab4
Add more references
2016-05-05 14:18:42 -05:00
5c04db7a09
Add ImageMagick exploit
2016-05-05 14:18:42 -05:00
2e460a87dd
Remove extra assignment
2016-05-05 11:24:19 -05:00
891a788ad4
Land #6849 , mknod to mkfifo
...
lands wvu's pr to switch from mknod to
mkfifo for netcat payloads
2016-05-05 10:34:41 -05:00
35a780c6a8
fix send_request_cgi redirection issues #6806
2016-05-05 09:55:32 -05:00
9357a30725
remove duplicate key
2016-05-04 22:15:33 +02:00
74e5772bbf
Replace mknod with mkfifo for portability
...
Works on BSD and OS X now. This has been bugging me for a while.
2016-05-04 02:32:37 -05:00
779a7c0f68
Switch to the default rails server port
2016-05-03 02:06:58 -05:00
8b04eaaa60
Clean up various whitespace
2016-05-03 02:06:37 -05:00
68ad9b0b53
Land #6835 , support Windows and Java platforms for struts_dmi_exec
2016-05-02 15:04:42 -05:00
df44dc9c1c
Deprecate exploits/linux/http/struts_dmi_exec
...
Please use exploits/multi/http/struts_dmi_exec, which supports
Windows and Java targets.
2016-05-02 15:03:25 -05:00
be363411de
Land #6317 , Add delay(with jitter) option to auxiliary scanner and portscan modules
2016-05-02 13:09:40 -05:00
3300bcc5cb
Make msftidy happier
2016-05-02 02:33:06 -05:00
67c9f6a1cf
Add rails_web_console_v2_code_exec, abuse of a debug feature
2016-05-02 02:31:14 -05:00
6a00f2fc5a
mv exploits/linux/http/struts_dmi_exec.rb to exploits/multi/http/struts_dmi_exec.rb
2016-05-01 00:00:29 +08:00
ec66410fab
add java_stager / windows_stager | exploit with only one http request
2016-04-30 23:56:56 +08:00
73ac6e6fef
Land #6831 , Add CVE-2016-3081 Apache struts s2_032 DMI Code Exec
2016-04-29 11:53:47 -05:00
d6a6577c5c
Default payload to linux/x86/meterpreter/reverse_tcp_uuid
...
Default to linux/x86/meterpreter/reverse_tcp_uuid for now because
of issue #6833
2016-04-29 11:52:50 -05:00
288975a9ce
rm modules/exploits/multi/http/struts_dmi_exec.rb
2016-04-30 00:44:31 +08:00
9d279d2a74
Merge pull request #15 from wchen-r7/pr6831
...
Changes for Apache struts from @wchen-r7
2016-04-30 00:37:53 +08:00
15ffae4ae8
rename module name
2016-04-30 00:17:26 +08:00
1d95a8a76d
rename struts_code_exec_dynamic_method_invocation.rb to struts_dmi_exec.rb
2016-04-30 00:13:34 +08:00
97061c1b90
Update struts_dmi_exec.rb
2016-04-29 11:13:25 -05:00
9e56bb8358
send http request (get -> post)
2016-04-30 00:08:00 +08:00
e9535dbc5b
Address all @FireFart's feedback
2016-04-29 11:03:15 -05:00
6f6558923b
Rename module as struts_dmi_exec.rb
2016-04-29 10:34:48 -05:00
2f66442f1d
Fix #5191 , bad LHOST format causes shell_to_meterpreter to backtrace
...
When using shell_to_meterpreter via a pivot, the LHOST input's format
might be invalid. This is kind of a design limitation, so first we
check the input, and there is a module doc to go with it to explain
a workaround.
Fix #5191
2016-04-28 23:03:54 -05:00
643591546e
struts s2_032 rce - linux_stager
2016-04-29 10:49:56 +08:00
2a91a876ff
Update php/meterpreter_reverse_tcp size
2016-04-27 16:14:38 -05:00
c16a02638c
Add Oracle Application Testing Suite exploit
2016-04-26 15:41:27 -05:00
0cb555f28d
Fix typo
2016-04-26 15:26:22 -05:00
f28d280199
Land #6814 , move stdapi to exist?
2016-04-24 13:41:11 -04:00
4a95e675ae
Rm empty references
2016-04-24 11:46:08 -05:00
2edd6869fc
rm references key
2016-04-24 03:09:59 -05:00
194a84c793
Modify stdapi so it also uses exist? over exists? for ruby parity
...
Also add an alias for backward compatibility.
2016-04-23 17:31:22 -04:00
816bc91e45
Resolve #6807 , remove all OSVDB references.
...
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.
Resolve #6807
2016-04-23 12:32:34 -05:00
9a873a7eb5
more style fixes
2016-04-23 12:18:28 -04:00
d86174c3bf
style fixes
2016-04-23 12:18:28 -04:00
4250725b13
fix incorrect hex port conversion
2016-04-23 12:18:28 -04:00
7ff5a5fd7e
switch mainframe payloads to fixed size
2016-04-23 11:40:05 -04:00
81af4d2675
Fix: merge error
2016-04-23 23:19:08 +08:00
1d99d08ac8
rebuild
2016-04-23 23:15:19 +08:00
de9ac28db1
class Metasploit4 -> class MetasploitModule
2016-04-23 23:03:48 +08:00
e2fcfc8d09
fix index / space
2016-04-23 23:02:41 +08:00
fca4d53a6f
add yahoo_search / bing_search exception handler
2016-04-23 22:58:39 +08:00
d9633078ec
merge yahoo_search_domain[ip] / bing_search_domain[ip]
2016-04-23 22:45:47 +08:00
66c0832f27
add Rex::Socket.getaddresses exception handler
2016-04-23 20:09:12 +08:00
b47b83dfaa
add results.nil? / results.empty? check
2016-04-23 19:47:33 +08:00
7579abb34e
report_note in a line
2016-04-23 19:43:44 +08:00
55e31bacee
add exception handler
2016-04-23 19:01:55 +08:00
73121f7e2f
add vprint_good
2016-04-23 18:50:48 +08:00
bc1f829fe5
class Metasploit4 -> class MetasploitModule
2016-04-23 17:36:22 +08:00
da9f156913
Print IP in print_*
2016-04-22 16:03:31 -05:00
3aa02891e9
Bring #6801 up to date with upstream-master
2016-04-22 14:04:26 -05:00
4a435e8d13
Bring hp_dataprotector_install_service up to date w/ upstream-master
2016-04-22 13:42:41 -05:00
db1d973ef0
Cosmetic changes for hp_dataprotector_install_service
2016-04-22 13:41:18 -05:00
16ff74e293
syntax check / code reduce
2016-04-22 10:53:03 +08:00
ca4bcfe62a
Update enum_emet.rb
...
Cleaned up a bit more
2016-04-22 00:41:10 +01:00
c81d0ade3f
Update, implemented
...
Took @bcook-r7's advice
2016-04-22 00:37:03 +01:00
30ac6b4a93
enum_emet
...
A module to enumerate all the EMET wildcard paths.
2016-04-22 00:20:25 +01:00
67968e912c
Land #6785 Add CVE-2016-0854 Advantech WebAccess Arbitrary File Upload
2016-04-21 12:02:04 -05:00
57ab974737
File.exists? must die
2016-04-21 00:47:07 -04:00
c08872144f
Update advantech_webaccess_dashboard_file_upload.rb
2016-04-21 09:33:03 +08:00
dcb9c83f98
Update advantech_webaccess_dashboard_file_upload.rb
2016-04-21 09:28:42 +08:00
6b3326eab2
Land #6707 , support for LURI handler
2016-04-20 16:26:07 -05:00
e1e43db551
Land #6789 , remove overwritten keys from hashes
2016-04-20 13:33:31 -05:00
f0d403124c
Update symantec_brightmail_ldapcreds.rb
2016-04-20 18:58:12 +02:00
cda104920e
delete telisca abuse
2016-04-20 17:09:13 +01:00
c322a4b314
added modules/auxiliary/scanner/http/symantec_brightmail_ldapcreds.rb
2016-04-20 17:01:18 +01:00
dc3a185519
delete modules/auxiliary/voip/telisca_ips_lock_abuse.rb
2016-04-20 16:48:37 +01:00
57467b94d9
Fix RegExp evaluation in is_routable? function
2016-04-20 10:22:46 -05:00
5adf5be983
add symantec bright mail ldap creds
2016-04-20 16:05:24 +01:00
57cb8e49a2
remove overwritten keys from hashes
2016-04-20 07:43:57 -04:00
dfb2b95e46
Merge remote-tracking branch 'upstream/master'
...
Merge
2016-04-20 12:21:16 +01:00
b74930f5c9
Land #6771 , Deprecate dns_bruteforce / dns_cache_scraper / dns_info / dns_reverse_lookup / dns_srv_enum
2016-04-19 16:30:36 -05:00
2400345fff
Merge pull request #2 from open-security/advantech_webaccess_dashboard_file_upload
...
Advantech webaccess dashboard file upload
2016-04-19 12:59:32 +08:00
0407acc0ec
add print_status with vuln_version?
2016-04-19 11:22:00 +08:00
c88ddf1cc4
fix NilClass for res.body
2016-04-19 10:27:20 +08:00
3da451795c
Fix potential case issue
...
Even though the options were getting put back in a datastore, the
original case could still be lost and that would be bad.
2016-04-18 17:52:27 -04:00
fd603102db
Land #6765 , Fixed SQL error in lib/msf/core/exploit/postgres
2016-04-18 10:44:20 -07:00
89a3755754
Land #6786 , post/windows/manage/autoroute improvements
...
Resolve #6781
2016-04-18 12:11:42 -05:00
a895b452e6
fix
2016-04-19 00:21:26 +08:00
c596421b01
use generate_uri_uuid_mode for java reverse_http
2016-04-18 08:26:02 -05:00
edd30e433e
https tweaks
2016-04-18 08:26:02 -05:00
555352b210
Force lurl string duplication to avoid stageless issues
...
I have NO idea why this is even a problem. Mutating state is the spawn of satan.
2016-04-18 08:25:19 -05:00
a74a7dde55
More fixies for LURI in Python, and native too
2016-04-18 08:25:19 -05:00
06d53112e3
Add support for LURI to the java and android payloads
2016-04-18 08:24:41 -05:00
b95267997d
Fix LURI support for stageless, transport add/change and code tidies
2016-04-18 08:24:41 -05:00
ce9b692dd8
add print_status
2016-04-18 20:43:39 +08:00
7143668671
fix version_match
2016-04-18 20:31:32 +08:00
897238f3ec
identify fingerpriint / make the code clear
2016-04-18 19:55:42 +08:00
7d1095bc08
Update advantech_webaccess_dashboard_file_upload.rb
2016-04-18 11:24:03 +08:00
47b5398152
Update advantech_webaccess_dashboard_file_upload.rb
2016-04-18 11:05:25 +08:00
48556483b5
Fix a few comments
2016-04-17 19:16:52 -05:00
32590c89b7
Add interface name to routing status message
2016-04-17 14:15:50 -05:00
ae23da39b8
Update advantech_webaccess_dashboard_file_upload.rb
2016-04-17 21:23:45 +08:00
ab9e988dd4
Update advantech_webaccess_dashboard_file_upload.rb
2016-04-17 21:15:03 +08:00
6c969b1c3b
Update advantech_webaccess_dashboard_file_upload.rb
2016-04-17 18:49:56 +08:00
fb7194c125
Work on autoroute.md
2016-04-17 00:04:42 -05:00
32192d3034
Advantech WebAccess Dashboard Viewer Arbitrary File Upload
...
Advantech WebAccess Dashboard Viewer Arbitrary File Upload
2016-04-17 11:29:06 +08:00
a5e48b6112
Add default option and clean up comments
2016-04-16 19:50:08 -05:00
6550e0bc1b
Finish up autoadd_interface_routes
2016-04-16 18:42:41 -05:00
b3d199c055
Add get_subnet_octet and test
2016-04-16 14:57:39 -05:00
b1064af082
Initial get_subnet testing
2016-04-16 13:50:15 -05:00
018e7807fe
Identify routable networks
2016-04-15 22:21:54 -05:00
e8863ba09d
Initial autoadd_interface_routes work
2016-04-15 22:13:17 -05:00
a434622d21
Land #6769 , Add CVE-2016-1593 Novell ServiceDesk Authenticated Upload
2016-04-15 18:59:37 -05:00
5f5c330f2b
Initial Testing of Interface Info Gather
2016-04-14 21:59:48 -05:00
92ef8f4ab3
Land #6751 , Correct proftp version check at module runtime
2016-04-14 15:34:53 -05:00
f1523d0804
Land #6779 , Add CVE-2016-1531: Exim "perl_startup" Privilege Escalation
2016-04-14 15:16:50 -05:00
8dfe98d96c
Add bugtraq reference
2016-04-14 10:23:53 +01:00
c39410a070
Fix autoadd problem
2016-04-13 23:31:27 -05:00
6ce7055130
Land #6737 , Added reverse shell JCL payload for z/OS
2016-04-13 22:19:15 -05:00
09873f2f9c
Land #6717 , Add new cmd mainframe payload (generic_jcl) for z/OS
2016-04-13 22:10:23 -05:00
252632a802
Use %w{} for a couple things
...
Why not? :)
2016-04-13 19:38:57 -05:00
de004d7da3
Line up some hash rockets
2016-04-13 19:32:35 -05:00
f8e4253e2f
Add telnet to RequiredCmd
...
Baffles me that cmd/unix/reverse isn't cmd/unix/reverse_telnet.
2016-04-13 18:22:28 -05:00
07ee18a62b
Do something shady with the exploit method
...
Hat tip @acammack-r7.
2016-04-13 18:15:17 -05:00
43e74fce9e
Add Exim privesc
2016-04-13 17:51:20 -05:00
c52a6393b2
Land #6773 , Add Dell Kace K1000 unauthenticated remote root exploit
2016-04-13 10:20:53 -05:00
1d1a495a93
Style check
2016-04-13 10:19:57 -05:00
2319629dd8
Update comments
2016-04-13 05:03:11 +02:00
4970047198
./modules/post/linux/dos/xen_420_dos.rb
2016-04-13 03:31:02 +02:00
f73309ef01
Fix the ARM NOP generator after #6762 , #6768 , and #6644
2016-04-12 14:22:57 -05:00
b61175c6b4
Add Dell Kace K1000 unauthenticated remote root exploit
2016-04-12 16:15:37 +00:00
815a918a72
deprecate auxiliary/gather/dns_srv_enum
2016-04-12 08:44:47 +08:00
2bbb58d57e
deprecate auxiliary/gather/dns_reverse_lookup
2016-04-12 08:44:21 +08:00
5e1c540d31
deprecate auxiliary/gather/dns_info
2016-04-12 08:43:50 +08:00
67f8b309c6
deprecate auxiliary/gather/dns_cache_scraper
2016-04-12 08:43:23 +08:00
66ec001110
deprecate auxiliary/gather/dns_bruteforce
2016-04-12 08:42:56 +08:00
ca6beeb676
Land #6187 , @join-us' cleanup for enum_dns
2016-04-11 09:50:12 -07:00
2dc4539d0d
Change class name to MetasploitModule
2016-04-10 23:27:40 +01:00
1fa7c83ca1
Create file for CVE-2016-1593
2016-04-10 23:17:07 +01:00
99b4d0a2d5
remove more regex-style bool checks
2016-04-09 13:49:16 -05:00
a37f9c9eda
Clarify note type
2016-04-08 18:35:43 -07:00
44a98cc36f
Correct overly aggressive style cleanup
2016-04-08 18:00:03 -07:00
7ce5c07c03
Minor style cleanup
2016-04-08 17:39:32 -07:00
7c70a554ea
Merge branch 'pr/6187' into pr/fixup-6187 for pre-master merge testing
2016-04-08 16:56:38 -07:00
8219766538
Land #6760 , llmnr_response TTL fix
2016-04-08 16:45:55 -05:00
6b4dd8787b
Fix #6764 , nil SQL error in lib/msf/core/exploit/postgres
...
Fix #6764
2016-04-08 15:20:04 -05:00
28875313be
Change class name to MetasploitModule
2016-04-08 14:27:52 -05:00
ae46b5a688
Bring #6417 up to date with upstream-master
2016-04-08 13:41:40 -05:00
5839e2e3a8
Land #6762 , Fix ghetto true/false checking in NOP generator
2016-04-07 19:38:24 -05:00
068cf8eba1
Fix ghetto true/false checking in NOP generator
2016-04-07 18:23:33 -05:00
cba7353e1d
Fix another typo?
2016-04-07 17:12:11 -05:00
ff9d94218d
Fix a typo?
2016-04-07 17:11:42 -05:00
a3c390ee9d
Change class name to MetasploitModule
2016-04-07 17:11:08 -05:00
f09637a1c7
Bring #6377 up to date with upstream-master
2016-04-07 17:06:49 -05:00
0d3eb4f055
Change class name to MetasploitModule
2016-04-07 12:15:32 -05:00
0f56dbd858
Bring #6378 up to date with upstream-master
2016-04-07 12:10:55 -05:00
c4aac2a54a
Remove unwanted comments
2016-04-07 11:22:57 -05:00
fa5acba400
TTL setting honors TTL option
...
* change hard-coded ttl value to TTL option
* set TTL option default to 30
2016-04-07 10:59:05 -05:00
7658014fb7
Add CVEs
2016-04-07 08:39:29 -05:00
87d59a9bfb
Add exploit for ExaGrid known credentials
2016-04-07 04:17:43 -05:00
e78e12f295
Land #6515 , Autoadd for /post/windows/manage/autoroute
2016-04-06 15:29:58 -05:00
ac051bda7f
Add check is_routable?, and change netmask if needed
2016-04-06 15:28:54 -05:00
11bf1018aa
Fix typo
2016-04-06 14:20:41 -05:00
d240e0b3a2
Bring #6515 up to date with upstream-master
2016-04-06 11:27:32 -05:00
616bb8399f
remove db_filter / format a json data
2016-04-06 18:39:34 +08:00
a4ef9980f4
Land #6677 , atutor_sqli update
2016-04-05 19:52:44 -05:00
d9d257cb1a
Fix some things
2016-04-05 19:23:11 -05:00
08736c798d
Correct proftp version check at module runtime
2016-04-05 13:06:10 -05:00
dcb6da306c
Land #6720 , SSL scanner fixes
2016-04-04 23:37:52 -05:00
af7eef231c
Fix a few issues with the SSL scanner
...
First, we need to handle public keys with strength not measured on the same bit
scale as RSA keys. This fixes handshakes for ECDSA and others.
Second, depending on the host we are talking to, we may not have a peer cert.
Handle this properly by checking first on the socket before using it.
2016-04-04 22:08:01 -05:00
51b8b4a4d1
Bring #6404 up to date with upstream-master
2016-04-04 16:35:58 -05:00
da3388248a
Uses #blank?
2016-04-04 16:34:49 -05:00
5a6d1ee0a9
Uses MetasploitModule class name
2016-04-04 16:30:55 -05:00
2e1e1ca839
Land #6742 , psexec_psh restoration
2016-04-01 13:59:09 -05:00
d23a1c4551
Bump deprecation date
2016-04-01 13:57:58 -05:00
60bee16e8c
Restore psexec_psh
...
See @jabra-'s comments on #6222 .
2016-04-01 13:56:22 -05:00
41b802a8a2
Clean up module
2016-04-01 13:54:27 -05:00
6a4d7e3b58
Revshell cmd JCL payload for z/OS
...
Added a JCL-based reverse shell. Uses the same source code as the
shellcode version does. Source code is in
external/source/shellcode/mainframe/shell_reverse_tcp.s
2016-03-31 20:42:42 -05:00
ae0aecdd03
Change class name for exploits/windows/ftp/pcman_put.rb
2016-03-31 19:36:02 -05:00
de0e02549c
Bring #6507 up to date with upstream-master
2016-03-31 19:30:45 -05:00
f3336c7003
Update windows/http/easyfilesharing_seh
2016-03-31 19:24:06 -05:00
dd83757966
Bring #6488 up to date with upstream-master
2016-03-31 19:11:11 -05:00
75ebd08153
Land #6731 , Add CVE-2015-7755 juniper backdoor
2016-03-31 17:30:38 -05:00
618f379488
Update auxiliary/scanner/redis/redis_server and mixin
2016-03-31 17:14:49 -05:00
4d76b0e6a5
Rm auxiliary/scanner/misc/redis_server
...
Please use auxiliary/scanner/redis/redis_server or
auxiliary/scanner/redis/redis_login instead
2016-03-31 17:13:08 -05:00
2e7d07ff53
Fix PASSWORD datastore option
2016-03-31 17:12:00 -05:00
545cb11736
Bring #6409 up to date with upstream-master
2016-03-31 17:00:56 -05:00
5fdea91e93
Change naming
2016-03-31 17:00:29 -05:00
f33e994050
Delete anything related to configuring/saving username
2016-03-31 16:56:54 -05:00
1ea7cf27a3
remove StackAdjustment from psexec
2016-03-30 23:38:46 -05:00
101775a5ba
Bring #6545 up to date with upstream-master
2016-03-30 16:07:24 -05:00
82cec68606
Land #6427 , removes the deprecated psexec_psh module; please use exploit/windows/smb/psexec instead
2016-03-30 12:58:43 -07:00
dee9adbc50
Remove deprecated psexec_psh module
2016-03-30 14:35:47 -05:00
4074634a13
Land #6713 , Add post exploit module for HeidiSQL's stored passwords
2016-03-30 12:10:30 -05:00
0c6b4d81c8
More proper exception handling
2016-03-30 12:09:40 -05:00
aaa1515ba0
Print rhost:rport
2016-03-30 11:56:09 -05:00
c7e63c3452
Land #6694 , Add Apache Jetspeed exploit
...
CVE-2016-0710
CVE-2016-0709
2016-03-30 11:17:21 -05:00
74f25f04bd
Make sure to always print the target IP:Port
2016-03-30 11:16:41 -05:00
397d5580be
Use MetasploitModule convention
2016-03-30 15:44:37 +01:00
f8628e3438
Merge remote-tracking branch 'upstream/master' into wdigest_enable
2016-03-30 15:44:21 +01:00
9e45f0c104
Minor tidies
2016-03-30 15:29:03 +01:00
7fc2c860e9
remove comment
2016-03-29 21:26:36 -04:00
d35b5e9c2a
First add of CVE-2015-7755
2016-03-29 21:20:12 -04:00
85ab9d38f7
Land #6698 , Add ATutor 2.2.1 Directory Traversal Exploit
2016-03-29 15:42:58 -05:00
b84bf2290f
Land #6707 Print Response fix for HTTP NTLM
2016-03-29 13:35:49 -05:00
824a7837a2
LAND #6707 , Print Response Fix for HTTP NTLM
2016-03-29 13:08:43 -05:00
a6518b5273
Add generic JCL cmd payload for z/OS (mainframe)
...
This payload does nothing but return successfully. It can be used to
test exploits and as a basis for other JCL cmd payloads.
2016-03-28 21:01:39 -05:00
976932ed43
Initial commit
2016-03-26 12:00:25 +01:00
57984706b8
Resolve merge conflict with Gemfile
2016-03-24 18:13:31 -05:00
2b90846268
Add Apache Jetspeed exploit
2016-03-23 19:22:32 -05:00
6a462d5f60
Land #6703 , Make ms09_065_eot_integer passive
2016-03-23 13:39:41 -05:00
8fb55eeb6b
Land #6700 , add aux module to gather browser info
2016-03-23 13:19:27 -05:00
8c5c0086e6
Change cve_2012_6301 module path & make passive
...
This addresses two things:
1. The module is in the wrong directory. dos/http is for http
servers, not browsers.
2. PassiveActions should not be a 2D array.
2016-03-23 11:10:23 -05:00
53860bef1f
Make ms09_065_eot_integer passive
...
MS-932
2016-03-23 10:50:24 -05:00
8bf039a69e
ignore_items! should not be used in a loop
...
because it's not necessary.
2016-03-22 15:56:38 -05:00
102d28bda4
Update atutor_filemanager_traversal
2016-03-22 14:44:07 -05:00
9cb43f2153
Update atutor_filemanager_traversal
2016-03-22 14:42:36 -05:00
8836393cb1
Add aux module to gather browser information.
2016-03-22 13:56:12 -05:00
8028a9b5ce
Print response fix
2016-03-22 18:50:25 +01:00
3842009ffe
Add ATutor 2.2.1 Directory Traversal Exploit Module
2016-03-22 12:17:32 -05:00
ebc7316442
Spelling Fix
...
Fixed Thorugh to Through
2016-03-19 13:58:13 -04:00
570221379e
Land #6533 , move ie_unsafe_scripting to BES
2016-03-18 11:22:44 -05:00
d54bbdf9a3
Land #6566 , filezilla xml file locations
2016-03-17 16:27:24 -05:00
115a033036
Fix parsing the Last Server xml
2016-03-17 16:27:02 -05:00
31279291c2
Resolve merge conflict for ie_unsafe_scripting.rb
2016-03-17 14:42:36 -05:00
b1b68294bb
Update class name
2016-03-17 14:41:23 -05:00
7b2d717280
Change ranking to manual and restore BAP2 count to 21
...
Since the exploit requires the target to be configured manually,
it feel more appropriate to be ManualRanking.
2016-03-17 14:39:28 -05:00
1375600780
Land #6644 , datastore validation on assignment
2016-03-17 11:16:12 -05:00
e9f87d2883
Land #6685 , ensure platform variable is set for non-osx
2016-03-17 08:25:42 -05:00
9e7a330ac8
OptInt -> OptPort
2016-03-16 15:47:29 -05:00
af642379e6
Fix some OptInts
2016-03-16 14:13:18 -05:00
c21bad78e8
Fix some more String defaults
2016-03-16 14:13:18 -05:00
4e3a188f75
Land #6401 , EasyCafe server file retrieval module
2016-03-16 13:24:54 -04:00
9ac4ec4bfc
Update the class name to MetasploitModule
2016-03-16 13:22:06 -04:00
53f1338ad0
Update module to remove references to print peer
2016-03-16 13:10:39 -04:00
1769bad762
fix FORCE logic
2016-03-16 09:53:09 -05:00
d70308f76e
undo logic changes in adobe_flas_otf_font
2016-03-16 09:52:21 -05:00
f83cb4ee32
fix set_wallpaper
2016-03-16 13:07:41 +00:00
5ef8854186
Update ATutor - Remove Login Code
2016-03-15 17:37:37 -05:00
05f585157d
Land #6646 , add SSL SNI and unify SSLVersion opts
2016-03-15 16:35:22 -05:00
e29fc5987f
Add missing stream.raw for hp_sitescope_dns_tool
...
This adds the missing stream.raw.
2016-03-15 11:06:06 -05:00
38153d227c
Move apache_karaf_command_execution to the SSH directory
...
apache_karaf_command_execution does not gather data, therefore
it is not suitable to be in the gather directory.
2016-03-14 00:32:59 -05:00
6323f7f872
Fix a couple overlooked issues
2016-03-13 23:35:05 -05:00
df0ff30468
Land #6642 , make ipv6_neighbor_router_advertisement discovery smarter
2016-03-13 16:53:11 -05:00
635e31961a
generate valid prefixes
2016-03-13 16:44:57 -05:00
cd84ac37d6
Land #6569 , check if USERNAME env var exists before using in enum_chrome post module
2016-03-13 15:12:51 -05:00
a50b21238e
Land #6669 , remove debug code from apache_roller_ognl_injection that breaks Windows
2016-03-13 14:14:10 -05:00
23eeb76294
update php_utility_belt_rce to use MetasploitModule
2016-03-13 13:59:47 -05:00
a6316d326e
Land #6662 , update disclosure date for php_utility_belt_rce
2016-03-13 13:58:04 -05:00
c89e53d0a3
Land #6666 , fix filezilla_server display bug showing the session ID
2016-03-13 13:56:44 -05:00
dabe5c8465
Land #6655 , use MetasploitModule as module class name
2016-03-13 13:48:31 -05:00
b22a057165
Fix #6554 , hardcoded File.open path in apache_roller_ognl_injection
...
The hardcoded File.open path was meant for debugging purposes during
development, but apparently we forgot to remove it. This line causes
the exploit to be unusable on Windows platform.
Fix #6554
2016-03-11 18:48:17 -06:00
51cdb57d42
Fix #6569 , Add a check for USERNAME env var in enum_chrome post mod
...
Fix #6569
Depending on the context, the USERNAME environment variable might
not always be there.
2016-03-11 15:36:44 -06:00
8217d55e25
Fix display issue when SESSION is -1
2016-03-11 11:37:22 -06:00
8953952a8f
correction for the DisclosureDate based on Exploit-DB
2016-03-11 14:05:26 +08:00
7009682100
Landing #6659 , Fix bug in MS08-067 related to incorrect service pack identification when fingerprinting
2016-03-10 14:29:29 -06:00
8d22358892
Land #6624 , PHP Utility Belt exploit
2016-03-09 14:12:45 -06:00
52d12b68ae
Clean up module
2016-03-09 14:08:26 -06:00
179d38b914
Fix #6658 , MS08-067 unable to find the right target for W2k3SP0
...
Fix #6658 .
When there is no service pack, the
Msf::Exploit::Remote::SMB#smb_fingerprint_windows_sp method returns
an empty string. But in the MS08-067 exploit, instead of check an
empty string, it checks for "No Service Pack", which causes it to
never detect the right target for Windows Server 2003 SP0.
2016-03-09 11:05:34 -06:00
45c7e4b6ae
Update ipv6_neighbor_router_advertisement.rb
2016-03-09 11:21:24 +08:00
e417909111
Update ipv6_neighbor_router_advertisement.rb
2016-03-09 11:21:07 +08:00
3123175ac7
use MetasploitModule as a class name
2016-03-08 14:02:44 +01:00
c2f99b559c
Add documentation for auxiliary/scanner/http/tomcat_enum
...
Also fix a typo in normalizer
2016-03-07 15:39:15 -06:00
f703fa21d6
Revert "change Metasploit3 class names"
...
This reverts commit 666ae14259
2016-03-07 13:19:55 -06:00
44990e9721
Revert "change Metasploit4 class names"
...
This reverts commit 3da9535e22
2016-03-07 13:19:48 -06:00
0e46cc0259
Revert "change remaining class names"
...
This reverts commit 62217fff2b
2016-03-07 13:19:42 -06:00
aa5b201427
Revert "revert ssl_login_pubkey for now"
...
This reverts commit 7d773b65b6
2016-03-07 13:19:33 -06:00
7d773b65b6
revert ssl_login_pubkey for now
2016-03-07 14:44:23 +01:00
62217fff2b
change remaining class names
2016-03-07 09:58:21 +01:00
3da9535e22
change Metasploit4 class names
2016-03-07 09:57:22 +01:00
666ae14259
change Metasploit3 class names
2016-03-07 09:56:58 +01:00
bb36cd016e
Fix #6643 , Pcap.lookupaddrs does not exist
2016-03-06 22:15:39 -06:00
eea8fa86dc
unify the SSLVersion fields between modules and mixins
...
Also actually handle the 'Auto' option that we had in the crawler and remove
hardcoded defaults in modules that do not need them.
2016-03-06 22:06:27 -06:00
a2c3b05416
Land #6405 , prefer default module base class of simply 'Metasploit'
2016-03-06 17:10:55 -06:00
8faae94338
Land #6592 , make linux/x86/shell_reverse_tcp's shell path configurable and remove shell_reverse_tcp2
2016-03-06 15:33:53 -06:00
66c697d2e4
Land #6602 , update author info for dahua_dvr_auth_bypass
2016-03-06 15:13:01 -06:00
4711191def
remove non-specific URL
2016-03-06 15:12:25 -06:00
a1190f4344
Land #6598 , add post module for setting wallpaper
2016-03-06 15:00:10 -06:00
86845222ef
add meterpreter platform workaround
2016-03-06 14:51:34 -06:00
c7c0e12bb3
remove various module hacks for the datastore defaults not preserving types
2016-03-05 23:11:39 -06:00
c7f9fbcdfa
Change to enable/disable
2016-03-06 04:31:24 +00:00
6b510005da
Reverse os checks
2016-03-06 04:31:23 +00:00
0e52fda708
Initial tidy
2016-03-06 04:31:23 +00:00
b1e9f44ca2
IPv6 Neighbor Advertisement Enhancement
...
http://seclists.org/nmap-dev/2011/q2/79
1. Shorten router advertisement payload lifetime.
2. Randomize address prefix.
3. Prevent from getting into default router list.
2016-03-06 03:23:37 +08:00
71b034a566
Land #6627 , atutor_sqli regex fix
2016-03-03 16:54:38 -06:00
ba4e0d304b
Do regex \d+ instead
2016-03-03 11:05:16 -06:00
d355b0e8b7
update payload sizes
2016-03-02 13:55:32 -06:00
22b69c8dee
Land #6588 , Add AppLocker Execution Prevention Bypass module
2016-03-01 22:30:23 -06:00
a798581fa3
Update #get_dotnet_path
2016-03-01 22:25:40 -06:00
cda4c6b3b3
Update the regex for the number of students in ATutor
2016-03-01 09:41:17 -06:00
5d64346a63
Land #6623 , Add CVE-2016-2555: ATutor 2.2.1 SQL Injection Exploit Module
2016-02-29 19:33:25 -06:00
62a611a472
Adding PHP Utility Belt Remote Code Execution
2016-03-01 09:22:25 +08:00
274b9acb75
rm #push
2016-02-29 18:58:05 -06:00
f55835cceb
Merge new code changes from mr_me
2016-02-29 18:39:52 -06:00
638d91197e
Override print_* to always print the IP and port
2016-02-29 16:18:03 -06:00
54ede19150
Use FileDropper to cleanup
2016-02-29 16:15:50 -06:00
William Vu
ssyy201506
h00die
Vex Woo
Tijl Deneut
wchen-r7
Jon Hart
Brent Cook
sho-luv
Bigendian Smalls
Nicholas Starke
HD Moore
Kyle Gray
David Maloney
Louis Sato
Adam Cammack
Christian Mehlmauer
Brian Patterson
Security Corporation
Vincent Yiu
dmohanty-r7
504137480
Fakhir Karim Reda zirsalem
Josh Hale
thao doan
Tim
OJ
Pedro Ribeiro
CSendner
Joshua J. Drake
Brendan Coles
Sonny Gonzalez
James Lee
greg.mikeska@rapid7.com
Meatballs
Brendan Watters
Hans-Martin Münch (h0ng10)
Lexus89
Steven Seeley
h00die
Spencer McIntyre
l0gan
Jay Turla
James Barnett
Fakhri Zulkifli