63c0b6f569
Login failure message.
2016-09-30 17:09:41 -04:00
7996c4b048
Warning about leaving files on disk.
2016-09-30 14:53:15 -04:00
3e4a23cdf6
Removed unnecessary require statement.
2016-09-30 14:51:43 -04:00
f7e588cdeb
Initial commit of module.
2016-09-28 14:55:32 -04:00
76124af8b4
Land #7363 , Add LPE exploit module for the capcom driver flaw
2016-09-28 11:02:14 -05:00
cdf544be9e
Land #7364 , update to latest metasploit-payloads
2016-09-27 11:26:16 -05:00
8f9be92b1b
update to latest metasploit-payloads
2016-09-27 11:06:34 -05:00
76b3c37262
Fix msftidy errors
2016-09-27 22:56:07 +10:00
0e82ced082
Add LPE exploit module for the capcom driver flaw
...
This commit includes:
* RDI binary that abuses the SMEP bypass and userland function pointer
invocation that is provided by the driver.
* Related metasploit module.
* Associated make.build to build from command line.
* Updated command line build file.
This also includes the beginnings of a new set of functions that help
with the management/automation of kernel-related work on Windows for
local priv esc exploits.
2016-09-27 22:37:45 +10:00
b87911bd0b
Land #7340 , auxiliary/server/socks4a docs
2016-09-26 17:34:45 -05:00
edbe1c3e14
Land #7361 , Make OSX screencapture silent
2016-09-26 17:24:03 -05:00
8bef4e4ec6
Land #7360 , restore passive?/aggressive? behavior
...
This PR restores the mod.aggressive? and mod.passive? methods to the
implementation prior to 0f7e3e9
2016-09-26 15:05:41 -05:00
b9de73e803
Land #7334 , Add aux module to exploit WINDOWS based (java) Colorado
...
FTP server directory traversal
2016-09-26 14:15:23 -05:00
5ea1e7b379
Bump version of framework to 4.12.29
2016-09-26 12:06:21 -07:00
6382fffc75
Land #7326 , Linux Kernel Netfilter Privesc
2016-09-26 12:38:50 -05:00
006c749e6a
directly check to match the former definition of aggressive?
2016-09-25 23:57:13 -04:00
e5c05c05d2
Make OSX screencapture silent
...
By default, the `screencapture` command on OS X plays a camera sound effect. The -x option silences this.
2016-09-25 22:54:57 -04:00
743bea912a
fix exploit Passive / Aggressive overrides to do the right thing
2016-09-25 19:57:41 -04:00
a13e83af8a
Land #7357 , Stagefright CVE-2015-3864
2016-09-25 17:10:06 -05:00
00258a4d31
Land #7351 , restore NTLM constant class shortcuts
2016-09-25 12:09:38 -05:00
23e5556a4c
binary drops work!
2016-09-24 21:31:00 -04:00
e0ff8859e9
Land #7359 , add EXTRABACON auxiliary module auxiliary/admin/cisco/cisco_asa_extrabacon
2016-09-24 10:46:13 -04:00
90bd2a96cd
Merge pull request #1 from bcook-r7/land-7353-bacon-too
...
Add module docs, credit
2016-09-24 07:59:30 -06:00
df28e2a85e
Add credit to wwebb-r7 for the initial module and ASA hacking notes
2016-09-24 05:48:31 -04:00
6f4c9435be
Add module documentation
2016-09-24 05:48:18 -04:00
cd4299b3a2
Added offsets for version 9.2(4)14
...
This version of the ASA is patched and our offsets do not work currently. We may do more work on this to find a solution.
2016-09-23 16:57:08 -06:00
087e9461ce
Added offsets for version 9.2(4)13
2016-09-23 16:50:50 -06:00
3f985d94d7
Added offsets for version 8.4(6)5
2016-09-23 16:32:42 -06:00
352946d8f5
Added offsets for version 8.4(4)9
2016-09-23 16:19:36 -06:00
368fd1a77f
Added offsets for version 8.4(4)5
2016-09-23 16:07:42 -06:00
19fe09318a
Added offsets for version 8.4(4)3
2016-09-23 15:56:02 -06:00
8840af0e90
Added offsets for version 8.4(4)1
2016-09-23 15:44:39 -06:00
19caff2293
Added offsets for 8.3(2)40
2016-09-23 15:26:02 -06:00
ba4505bcce
Added offsets for version 8.3(2)39
2016-09-23 15:05:39 -06:00
64df7b0524
Added offsets for verion 8.3(2)-npe
...
We currently can't distinguish between 8.3(2) and 8.3(2)-npe versions from the SNMP strings. We've commented out the 8.3(2)-npe offsets, but in the future, we'd like to incorporate this version.
2016-09-23 14:49:57 -06:00
9c6b67a33f
Land #7356 , remove SSH interactive prompt from freesshd_authbypass
2016-09-23 16:35:49 -04:00
926e5fab9e
Added offsets for version 8.2(5)41
2016-09-23 14:00:23 -06:00
b4d3e8ea3e
Added offsets for version 9.2(1)
2016-09-23 13:52:13 -06:00
d36e16fc32
Added offsets for version 8.2(5)33
2016-09-23 13:15:39 -06:00
9cbd84d1cd
Merge branch 'master' of github.com:RiskSense-Ops/metasploit-framework
2016-09-23 12:57:46 -06:00
f19ed4376b
Adding new version offsets
2016-09-23 12:57:36 -06:00
6c5271ceb4
offset for 8.0(3)6
2016-09-23 18:48:56 +00:00
455936ef70
Merge branch 'master' of github.com:RiskSense-Ops/metasploit-framework
2016-09-23 18:22:27 +00:00
480e97399f
added all leaked versions
2016-09-23 18:22:21 +00:00
00c02bb132
Land #7349 , Add initialization of RHOST value prior to calling child check()
2016-09-23 12:28:08 -05:00
3ddf80dd7a
Bump version of framework to 4.12.28
2016-09-23 10:02:37 -07:00
dbf66f27d5
Add a browser-based exploit module for CVE-2015-3864
2016-09-23 11:14:31 -05:00
f1f6184a99
Merge pull request #1 from gpapakyriakopoulos/gpapakyriakopoulos-prompt-fix
...
Fixed interactive password prompt issue
2016-09-23 17:04:14 +01:00
639dee993a
Fixed interactive password prompt issue
...
Fixed an issue where the exploit would drop to interactive password prompt by default on newer ruby version which rendered the exploit unusable. It now properly forces pubkey authentication instead and proceeds with the bypass as expected.
2016-09-23 17:03:40 +01:00
98cf5d8eb5
Changed 'build_offsets' to 'build_payload'
2016-09-23 09:32:17 -06:00
Stephen Haywood
Pearce Barry
Jeffrey Martin
Brent Cook
OJ
William Vu
HD Moore
Brendan
Metasploit
Henry Pitcairn
Adam Cammack
h00die
zerosum0x0
TheNaterz
dmohanty-r7
Joshua J. Drake
George Papakyriakopoulos