a457f64e2a
update to latest release payload gem
2016-09-28 16:14:29 -05:00
1689f10890
Land #7292 , add android stageless meterpreter_reverse_tcp
2016-09-28 16:05:22 -05:00
45ee59581b
Fix inverted logic in Docker exploit
...
Positive condition should be tested first, imo. Confusing otherwise. My
bad, though.
Credit to @fslavin-r7.
2016-09-28 15:36:09 -05:00
ab94bb9cdd
Land #7365 , nonce fix for Ninja Forms exploit
2016-09-28 13:57:08 -05:00
f7e588cdeb
Initial commit of module.
2016-09-28 14:55:32 -04:00
ea625d4ea3
Enhance #7360 , more stance fixes
2016-09-28 13:49:29 -05:00
5a611b0ec4
use the correct scope for the Stance names
2016-09-28 13:48:28 -05:00
ca683576d0
Mock rex-socket getaddress call for loginscanner
...
Since we're using the rex-socket gem, we don't need to
test the getaddress call for each one of the login scanner specs
2016-09-28 11:32:06 -05:00
76124af8b4
Land #7363 , Add LPE exploit module for the capcom driver flaw
2016-09-28 11:02:14 -05:00
dbb2abeda1
Remove the `cat $FILE | grep $PATTERN` anti-pattern
...
The `kloxo_lxsuexec.rb` and `netfilter_pvi_esc.rb` exploits
were using the infamous `cat+grep` anti-pattern, this commit
replaces it with `cat` and Ruby's `.include?` method.
2016-09-28 13:41:25 +02:00
b4a1adaf0f
refactor into android.rb
2016-09-28 18:23:34 +08:00
dc43f59dcf
dalvik -> android
2016-09-28 14:50:52 +08:00
7a108e2102
updated docs w/ error codes on failed attempts
2016-09-27 20:26:04 -04:00
35a2b3e59d
working panda
2016-09-27 20:15:17 -04:00
f838c9990f
Fix nonce bug in wp_ninja_forms_unauthenticated_file_upload
...
If wordpress saves the nonce value in JavaScript, we could get an
undefined method for nil.
2016-09-27 11:30:52 -05:00
cdf544be9e
Land #7364 , update to latest metasploit-payloads
2016-09-27 11:26:16 -05:00
8f9be92b1b
update to latest metasploit-payloads
2016-09-27 11:06:34 -05:00
76b3c37262
Fix msftidy errors
2016-09-27 22:56:07 +10:00
0e82ced082
Add LPE exploit module for the capcom driver flaw
...
This commit includes:
* RDI binary that abuses the SMEP bypass and userland function pointer
invocation that is provided by the driver.
* Related metasploit module.
* Associated make.build to build from command line.
* Updated command line build file.
This also includes the beginnings of a new set of functions that help
with the management/automation of kernel-related work on Windows for
local priv esc exploits.
2016-09-27 22:37:45 +10:00
de1e0aae99
add missing payload tests
2016-09-27 11:05:19 +08:00
b87911bd0b
Land #7340 , auxiliary/server/socks4a docs
2016-09-26 17:34:45 -05:00
edbe1c3e14
Land #7361 , Make OSX screencapture silent
2016-09-26 17:24:03 -05:00
8bef4e4ec6
Land #7360 , restore passive?/aggressive? behavior
...
This PR restores the mod.aggressive? and mod.passive? methods to the
implementation prior to 0f7e3e9
2016-09-26 15:05:41 -05:00
b9de73e803
Land #7334 , Add aux module to exploit WINDOWS based (java) Colorado
...
FTP server directory traversal
2016-09-26 14:15:23 -05:00
5ea1e7b379
Bump version of framework to 4.12.29
2016-09-26 12:06:21 -07:00
6382fffc75
Land #7326 , Linux Kernel Netfilter Privesc
2016-09-26 12:38:50 -05:00
53823a4807
oops msftidy
2016-09-26 23:50:38 +08:00
a39c4965e4
fix apk injection script to include payload service and receivers
2016-09-26 19:50:10 +08:00
7144d2c96a
Put missing nessus_scanner_list command back where it's supposed to be.
...
Must have deleted the line by accident somehow.
2016-09-26 05:26:43 -04:00
006c749e6a
directly check to match the former definition of aggressive?
2016-09-25 23:57:13 -04:00
e5c05c05d2
Make OSX screencapture silent
...
By default, the `screencapture` command on OS X plays a camera sound effect. The -x option silences this.
2016-09-25 22:54:57 -04:00
743bea912a
fix exploit Passive / Aggressive overrides to do the right thing
2016-09-25 19:57:41 -04:00
a13e83af8a
Land #7357 , Stagefright CVE-2015-3864
2016-09-25 17:10:06 -05:00
00258a4d31
Land #7351 , restore NTLM constant class shortcuts
2016-09-25 12:09:38 -05:00
23e5556a4c
binary drops work!
2016-09-24 21:31:00 -04:00
e0ff8859e9
Land #7359 , add EXTRABACON auxiliary module auxiliary/admin/cisco/cisco_asa_extrabacon
2016-09-24 10:46:13 -04:00
90bd2a96cd
Merge pull request #1 from bcook-r7/land-7353-bacon-too
...
Add module docs, credit
2016-09-24 07:59:30 -06:00
df28e2a85e
Add credit to wwebb-r7 for the initial module and ASA hacking notes
2016-09-24 05:48:31 -04:00
6f4c9435be
Add module documentation
2016-09-24 05:48:18 -04:00
cd4299b3a2
Added offsets for version 9.2(4)14
...
This version of the ASA is patched and our offsets do not work currently. We may do more work on this to find a solution.
2016-09-23 16:57:08 -06:00
087e9461ce
Added offsets for version 9.2(4)13
2016-09-23 16:50:50 -06:00
3f985d94d7
Added offsets for version 8.4(6)5
2016-09-23 16:32:42 -06:00
352946d8f5
Added offsets for version 8.4(4)9
2016-09-23 16:19:36 -06:00
368fd1a77f
Added offsets for version 8.4(4)5
2016-09-23 16:07:42 -06:00
19fe09318a
Added offsets for version 8.4(4)3
2016-09-23 15:56:02 -06:00
8840af0e90
Added offsets for version 8.4(4)1
2016-09-23 15:44:39 -06:00
19caff2293
Added offsets for 8.3(2)40
2016-09-23 15:26:02 -06:00
ba4505bcce
Added offsets for version 8.3(2)39
2016-09-23 15:05:39 -06:00
64df7b0524
Added offsets for verion 8.3(2)-npe
...
We currently can't distinguish between 8.3(2) and 8.3(2)-npe versions from the SNMP strings. We've commented out the 8.3(2)-npe offsets, but in the future, we'd like to incorporate this version.
2016-09-23 14:49:57 -06:00
9c6b67a33f
Land #7356 , remove SSH interactive prompt from freesshd_authbypass
2016-09-23 16:35:49 -04:00
Jeffrey Martin
William Vu
averagesecurityguy
Brent Cook
Louis Sato
Pearce Barry
Julien (jvoisin) Voisin
Tim
h00die
wchen-r7
OJ
HD Moore
Brendan
Metasploit
SJCaldwell
Henry Pitcairn
Adam Cammack
zerosum0x0
TheNaterz