b2f69e9018
spelling
2017-05-15 21:11:19 -04:00
1a644cadc4
Add print_good to on_request_uri override
...
Maybe the ability to send prestagers will be a part of CmdStager in the
future, or maybe CmdStager will actually be able to encode for badchars.
2017-05-15 19:17:58 -05:00
c4c55be444
Clarify why we're getting 400 and add fail_with
2017-05-15 18:53:36 -05:00
489d9a6032
Drop module to AverageRanking and note 400 error
2017-05-15 17:35:40 -05:00
2055bf8f65
Add note about PHPMailer being bundled
2017-05-15 14:29:11 -05:00
35670713ff
Remove budding anti-patterns to avoid copypasta
...
While it offers a better OOBE, don't set a default LHOST. Force the user
to think about what they're setting it to. Also, RequiredCmd is largely
unnecessary and difficult to determine ahead of time unless the target
is a virtual appliance or something else "shipped."
2017-05-15 12:56:14 -05:00
5ee570bb9c
Fix non-uniform spelling and capitalization
2017-05-15 08:31:01 -04:00
cb4c700e62
fix typo
2017-05-14 21:52:36 -06:00
865a36068e
sleep fix and new shellcode
2017-05-14 21:45:19 -06:00
e3dcf0ab2d
added docs
2017-05-14 19:22:26 -06:00
9634f974dd
fix msftidy
2017-05-14 18:14:02 -06:00
fa79339432
eternalblue module
2017-05-14 18:11:41 -06:00
f39e378496
Land #8330 , fix ps_wmi_exec and psh staging
2017-05-13 14:26:47 -04:00
ce7b967a13
Update archmigrate.rb
2017-05-13 13:35:48 -04:00
78b0fb00da
I committed to the wrong branch
2017-05-13 13:35:13 -04:00
0bd11062e4
Ass SYSTEM check to archmigrate
2017-05-13 13:28:28 -04:00
c622e3fc22
Deregister URIPATH because it's overridden by Path
2017-05-12 11:56:38 -05:00
84af5d071d
Deregister VHOST because it's overridden by Host
2017-05-12 11:44:10 -05:00
27e1de14b0
BuilderEngine 3.5 Arbitrary file upload and execution exploit
2017-05-12 18:37:08 +02:00
7bcaaf33c7
Land #8294 , gnome keyring post exploit credential dumper
2017-05-12 10:08:53 -05:00
e9fcc3c291
msftidy fixes
2017-05-12 10:08:26 -05:00
7355817329
Land #8371 , Fix msftidy warnings for the WNR2000 module
2017-05-11 22:51:11 -05:00
123462bdca
Land #8293 , add initial multi-platform railgun support
2017-05-11 22:32:23 -05:00
af4505a9de
land #8009 post module for jboss creds gather
2017-05-11 22:39:54 -04:00
285857c23f
remove req msfcore
2017-05-11 22:39:41 -04:00
6fa51aee8f
moving docs to correct folder
2017-05-11 22:33:00 -04:00
231510051c
Fix uri_str for exploit
2017-05-11 16:30:10 -05:00
bee36ca90f
Fix edge case
2017-05-11 16:22:21 -05:00
68f13808e7
Fix msftidy warnings for the WNR2000 module
2017-05-11 16:16:10 -05:00
2ae943d981
Use payload common case instead of general case
...
Both x86 and x64 work on x64, but we really expect x64, and there's no
migration to move us from x86 to x64.
2017-05-11 15:43:49 -05:00
e414bdb876
don't try to guess intent for specified default targets, leave auto-auto targeting to unspecified modules
2017-05-11 15:19:11 -05:00
30c48deeab
msftidy and misc. fixups for Quest BoF module
2017-05-11 08:07:39 -05:00
e8aed42ecd
Land #8223 , Quest Privilege Manager pmmasterd Buffer Overflow
2017-05-11 00:44:19 -05:00
843f148e62
One more yard doc function
2017-05-10 23:01:03 -05:00
e84765c1c6
All functions have yard doc like comments
2017-05-10 23:01:03 -05:00
c5391c2a64
Update cmd print to match core.rb
2017-05-10 23:01:03 -05:00
10c7c3893a
Add subnet check for Android payloads
2017-05-10 23:01:03 -05:00
c49bd9ee4e
Add session ready check
2017-05-10 23:01:03 -05:00
97eaa83114
Update delete all routes
2017-05-10 23:01:03 -05:00
f670fcddcb
Initial code cleanup and multi compatibility work
2017-05-10 23:01:02 -05:00
099fc0176a
move autoroute to a more sensible location
2017-05-10 23:01:02 -05:00
18d95b6625
Land #8346 , Templatize shims for external modules
2017-05-10 18:15:54 -05:00
09f6c21f94
Add note about Host header limitations
2017-05-10 15:17:20 -05:00
b446cbcfce
Add reference to Exim string expansions
2017-05-10 15:17:20 -05:00
8842764d95
Add some comments about badchars
2017-05-10 15:17:20 -05:00
ecb79f2f85
Use reduce instead of extracting twice
2017-05-10 15:17:20 -05:00
b5f25ab7ca
Use extract instead of doubling /bin/echo
2017-05-10 15:17:20 -05:00
9a64ecc9b0
Create a pure-Exim, one-shot HTTP client
2017-05-10 15:17:20 -05:00
0ce475dea3
Add WordPress 4.6 PHPMailer exploit
2017-05-10 15:17:20 -05:00
d00685a802
Don't run a DoS during wmap scans
2017-05-10 14:41:24 -05:00
42c7d64b28
Update style
2017-05-10 06:37:09 +00:00
faf01ed5ef
Land #8353 , add aux scanner for Intel AMT digest bypass
2017-05-09 18:45:21 -05:00
72388a957f
Land #8355 , IIS ScStoragePathFromUrl
...
See #8162
2017-05-09 11:06:01 -05:00
2b4ace9960
convert to "screaming snake"
2017-05-09 09:30:45 +02:00
cf487cc90c
reverse_ncat_ssl is stable
2017-05-08 17:43:34 -05:00
32dafb06af
Replace NoTarget with NotVulnerable
2017-05-08 22:29:44 +00:00
f70b402dd9
add comment
2017-05-09 00:17:00 +02:00
86365c89d1
Land #8352 , style updates for lotus_domino_hashes
2017-05-08 17:11:44 -05:00
806963359f
fix fail with condition
2017-05-08 23:47:48 +02:00
f62ac6327d
add @rwhitcroft
2017-05-08 23:20:12 +02:00
26373798fa
change rank
2017-05-08 23:07:12 +02:00
962a31f879
change minimum length
2017-05-08 23:01:17 +02:00
7dccb17834
auto extract values and implement brute forcing
2017-05-08 22:47:29 +02:00
841f63ad20
make office_word_hta backward compat with older Rubies
2017-05-08 15:10:48 -05:00
406a7f1ae2
Merge remote-tracking branch 'dmchell/dmchell-cve-2017-7269' into iis2
2017-05-08 21:51:51 +02:00
fede672a81
further revise templates
2017-05-08 14:26:24 -05:00
f7ff840ef0
Add missing return, thanks bperry!
2017-05-08 14:08:59 -05:00
9392e48b72
Add a scanner for Intel AMT auth bypass (CVE-2017-5689)
2017-05-08 13:24:00 -05:00
a1efa30fa2
comments adjustments & enum better
2017-05-08 11:57:06 -05:00
b794bfe5db
Land #8335 , rank fixes for the msftidy god
2017-05-07 21:20:33 -05:00
88bef00f61
Add more ranks, remove module warnings
...
../vmware_mount.rb
Rank = Excellent
Exploit uses check code for target availability,
the vulnerability does not require user action,
and the exploit uses privilege escalation to run
arbitrary executables
../movabletype_upgrade_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability
../uptime_file_upload_2.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability
../zpanel_information_disclosure_rce.rb
Rank = ExcellentRanking
Exploit allows remote code execution,
implements version check for pChart
../spip_connect_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability
../wp_optimizepress_upload.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability
../wing_ftp_admin_exec.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability
../novell_mdm_lfi.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability
../run_as.rb
Rank = ExcellentRanking
Exploit utilizes command injection,
checks system type, and does not require user action
2017-05-07 15:41:26 -04:00
af3f1fbc37
Land #8332 , Canprobe Module
2017-05-07 12:20:27 -05:00
c05e7b3b58
Minor corrections and a tweak to appease msftidy.
2017-05-07 11:55:20 -05:00
e3d3fa8e45
Tweak internal description formatting.
2017-05-07 11:31:36 -05:00
b965bdcdae
Appease msftidy and Travis.
2017-05-07 11:19:32 -05:00
ab245b5042
added note to description
2017-05-07 13:56:50 +01:00
4f12a1e271
added note to description
2017-05-07 13:54:28 +01:00
635a7a42e6
Update style lotus_domino_hashes
2017-05-07 16:37:48 +10:00
05bf16e91e
Land #8331 , Adding module CryptoLog Remote Code Execution
2017-05-05 18:24:14 -05:00
e2fe70d531
convert store_valid_credential to named params
2017-05-05 18:23:15 -05:00
720a02f5e2
Addressing Spaces at EOL issue reported by Travis
2017-05-05 11:05:17 +03:00
0eacf64324
Add Serviio Media Server checkStreamUrl Command Execution
2017-05-05 07:54:00 +00:00
58d2e818b1
Merging multiple sqli area as a func
2017-05-05 10:49:05 +03:00
63b6ab5355
simplify valid credential storage
2017-05-04 22:51:40 -05:00
81bcf2ca70
updating all LHOST to use the new opt type
2017-05-04 12:57:50 -05:00
97095ab311
Land #8338 , Fix msf/core and self.class msftidy warnings
2017-05-03 21:55:52 -05:00
2d93c8e2d6
merge, don't overwrite
2017-05-03 18:17:58 -05:00
0798923901
set the correct schema for linux meterpreter reverse_tcp stages
2017-05-03 16:12:45 -05:00
64452de06d
Fix msf/core and self.class msftidy warnings
...
Also fixed rex requires.
2017-05-03 15:44:51 -05:00
d04e7cba10
Rename the module as well as title
2017-05-03 19:18:46 +03:00
ae8035a30f
Fixing typo and using shorter sqli payload
2017-05-03 16:45:17 +03:00
9877aa9ef9
Added documentation and cleand up how STOPID worked
2017-05-02 18:57:32 -07:00
db2a2ed289
Removing space at eof and self.class from register_options
2017-05-03 01:31:13 +03:00
77acbb8200
Adding cryptolog rce
2017-05-03 01:05:40 +03:00
3519adbaef
A basic CAN fuzzer. It probes the data regions of different CAN IDs.
...
The default is to use a set value but can iterate the full range. It can
also add padding if necessary. Not checks on returns or results of fuzzing.
2017-05-02 14:19:29 -07:00
494711ee65
Land #8307 , Add lib for writing Python modules
2017-05-02 15:53:13 -05:00
6870a48c48
Code suggestion from @jvoisin
2017-05-02 16:41:06 +02:00
03e4ee91c2
Correct Ghostscript 9.2.1 to 9.21 as per advisory
2017-05-01 16:23:14 -05:00
41ef1a4e90
Land #8325 , cmd/unix/reverse_ncat_ssl payload
2017-05-01 14:54:52 -05:00
772a16f4cd
fix style
2017-05-02 00:55:57 +08:00
h00die
William Vu
Carter
zerosum0x0
Spencer McIntyre
Mzack9999
Brent Cook
William Webb
Josh Hale
Adam Cammack
James Lee
Brendan Coles
Christian Mehlmauer
HD Moore
Jeffrey Martin
Bryan Chu
Pearce Barry
m0t
Mehmet Ince
darkbushido
Craig Smith
Yorick Koster
C_Sto