jvazquez-r7
2134cc3d22
Modify description
2015-03-05 16:55:24 -06:00
jvazquez-r7
7b4776ee79
Deregister FOLDER_NAME
2015-03-05 16:42:07 -06:00
jvazquez-r7
1bc81ea723
Merge #4884 into updated master
2015-03-05 16:41:15 -06:00
Meatballs
33f089b1a5
Tidyup
2015-03-05 21:50:12 +00:00
jvazquez-r7
9f3f8bb727
Merging #3323 work
2015-03-05 15:44:15 -06:00
jvazquez-r7
c388fd49c2
Fix print message
2015-03-05 15:43:54 -06:00
jvazquez-r7
dd2559b748
Favor new target over new module
2015-03-05 15:41:53 -06:00
jvazquez-r7
e1a4b046a0
Add support for tomcat 7 to struts_code_exec_classloader
2015-03-05 15:40:24 -06:00
Meatballs
c56679f33e
Modify for new SMB mixin
2015-03-05 21:26:13 +00:00
Tod Beardsley
e429d4c04f
Add reference and description for PTH on Postgres
...
Dave and William did most of the work already over on PR #4871 , this
just points it out in the module.
2015-03-05 14:36:56 -06:00
sinn3r
16c86227e2
Change to OptBool and default to explicit
2015-03-05 13:07:03 -06:00
jvazquez-r7
de08d8247b
Do some module cleanup
2015-03-05 13:00:01 -06:00
jvazquez-r7
82659aba93
Populate metadata from code to make test easier
2015-03-05 12:40:20 -06:00
jvazquez-r7
dc02f8332f
Pass msftidy
2015-03-05 12:29:31 -06:00
jvazquez-r7
a06eb04d59
Deregister FOLDER_NAME on exploit modules
2015-03-05 12:27:12 -06:00
sinn3r
cb9922ad39
Land #4874 , Add PHPMoAdmin command injection
2015-03-05 11:30:44 -06:00
sinn3r
8978b1d7b5
Add a version
2015-03-05 11:29:44 -06:00
Ricardo Almeida
32188f09d6
Update phpmoadmin_exec.rb
...
Changes:
Added required comment at the top of the file;
Changed Class name "Metasploit3" >> "Metasploit4";
Standard name/email format for public PoC author.
2015-03-05 12:56:08 +00:00
Ricardo Almeida
95962aab0d
Update phpmoadmin_exec.rb
...
Changes:
"Check if vulnerable" code improvement;
Payload delivery code improvement;
Minor indent issues.
Thanks for your feedback guys :)
2015-03-05 12:46:53 +00:00
aushack
2f4df39dc9
Fixed typo
2015-03-05 17:40:51 +11:00
sinn3r
d40e7485dd
Add CVE-2015-0240 auxiliary module
2015-03-04 23:50:14 -06:00
jvazquez-r7
e715eaba58
Update description
2015-03-04 16:39:27 -06:00
jvazquez-r7
e155f2998e
Change module filename
2015-03-04 16:38:08 -06:00
jvazquez-r7
77abd57397
Do code cleanup
2015-03-04 16:37:31 -06:00
jvazquez-r7
22ff4d0097
Update with master changes
2015-03-04 16:30:19 -06:00
jvazquez-r7
e7de09df29
Change module filename
2015-03-04 16:18:45 -06:00
jvazquez-r7
1337b7ace8
Clean module
2015-03-04 16:18:10 -06:00
Ricardo Almeida
9530e15c81
Update phpmoadmin_exec.rb
...
Changes:
Changed description section;
Changed 'URL' to 'EDB' in references section;
Added newline at the end.
2015-03-04 21:59:08 +00:00
jvazquez-r7
d4738d8c0a
Update #3076 branch
2015-03-04 15:51:00 -06:00
Ricardo Almeida
c19895ac85
Update phpmoadmin_exec.rb
...
Changes:
Added new URL;
Added CVE number;
Corrected the disclosure date;
Corrected the normalize_uri() function syntax.
2015-03-04 21:31:44 +00:00
jvazquez-r7
5cc9ea3618
Update with master changes
2015-03-04 15:16:12 -06:00
William Vu
a64dd4a1af
Land #4871 , Postgres PTH support
...
MSP-12244
2015-03-04 15:08:57 -06:00
David Maloney
2d46c06b97
Merge branch 'master' into feature/MSP-12244/postgres-pass-the-hash
2015-03-04 13:56:10 -06:00
jvazquez-r7
fa9d921138
Beautify description
2015-03-04 13:07:10 -06:00
jvazquez-r7
8fdb7a798e
Change module filename
2015-03-04 13:01:06 -06:00
jvazquez-r7
36375fab28
Fix downcase path handling
2015-03-04 12:58:41 -06:00
jvazquez-r7
62dde22d88
Clean packet building
2015-03-04 12:27:58 -06:00
Ricardo Almeida
4d67e0e1bb
Add PHPMoAdmin RCE
2015-03-04 18:17:31 +00:00
jvazquez-r7
e04ff3ee24
Delete CMD option
2015-03-04 11:51:58 -06:00
jvazquez-r7
d4337ce1ae
Do minor metadata cleanup
2015-03-04 11:46:01 -06:00
jvazquez-r7
1371cfe025
Test landing #4451
2015-03-04 11:20:07 -06:00
jvazquez-r7
aaab4b401a
Fix indenting and use primer
2015-03-04 10:46:34 -06:00
jvazquez-r7
0e57277dc1
Do cleanup
2015-03-04 10:33:57 -06:00
jvazquez-r7
b9ed8178a9
Solve conflicts on ms13_071_theme
2015-03-04 10:28:52 -06:00
Matthew Hall
4757698c15
Modify primer to utilise file_contents macro.
2015-03-04 09:52:00 +00:00
Matthew Hall
a90ebfe9a7
Modify primer to utilise file_contents macro.
2015-03-04 09:51:32 +00:00
Matthew Hall
dfb6711ad7
Modify primer to utilise file_contents macro.
2015-03-04 09:51:01 +00:00
Matthew Hall
a5d748d19e
Modify primer to utilise file_contents macro.
2015-03-04 09:50:28 +00:00
Matthew Hall
0d56f5b6e6
Modify primer to utilise file_contents macro.
2015-03-04 09:49:17 +00:00
jvazquez-r7
80b76436bb
Land #4831 , @wchen-r7's update for MS14-064 exploit
...
* Support Windows XP with VBScript technique
2015-03-03 19:19:49 -06:00
sinn3r
7591e9ece3
Unbreak the comment
2015-03-03 19:14:18 -06:00
sinn3r
79e7bf7f9c
Update comments and description
2015-03-03 19:13:15 -06:00
David Maloney
c8f23b2903
fix jtr_postgres_fast too
...
the JtR hash cracker for postgres hashes now uses
the new PostgresMD5 class for finding it's hashes
MSP-12244
2015-03-03 18:46:47 -06:00
David Maloney
199c3ba96c
postgres hashdump now stores PostgresMD5 objects
...
instead of nonreplayabke hashes the postgres_hashdump
aux module now saves them approriately as PostgresMD5s
with the md5 tag intact at the front
MSP-12244
2015-03-03 16:45:13 -06:00
William Vu
a648e74c4b
Remove unnecessary semicolon
2015-03-02 15:36:45 -06:00
William Vu
80169de4d0
Remove -i from shell in reverse_python
2015-03-02 15:29:50 -06:00
William Vu
ecd7ae9c3b
Land #4857 , symantec_web_gateway_restore module
2015-03-02 15:00:10 -06:00
sinn3r
ad28f9767f
Use include
2015-03-02 14:41:25 -06:00
sinn3r
cb140434f9
Update
2015-03-02 12:59:21 -06:00
sinn3r
5f3ed83922
Land #4836 , Solarwinds Core Orion Service SQL injection
2015-03-02 11:44:26 -06:00
OJ
905a539a00
Add exploit for Seagate Business NAS devices
...
This module is an exploit for a pre-authenticated remote code execution
vulnerability in Seagate Business NAS products.
2015-03-01 13:25:28 +10:00
Brandon Perry
f8e3874203
add nil check
2015-02-28 20:43:19 -06:00
sinn3r
4a1fbbdc3b
Use datastore to find payload name
2015-02-28 19:56:32 -06:00
sinn3r
ef9196ba6c
Correct comment
2015-02-27 13:27:49 -06:00
sinn3r
7b6c39058a
Correct target name
2015-02-27 13:24:57 -06:00
sinn3r
90aff51676
Add CVE-2014-7285, Symantec Web Gateway restore.php Command Injection
2015-02-27 12:31:29 -06:00
Bazin Danil
1d03b9a166
Maj debug output
2015-02-26 21:06:20 +01:00
rastating
3b21de3906
Add WPVDB reference
2015-02-26 13:37:23 +00:00
Brandon Perry
ceb92cdf5e
update login method
2015-02-26 07:33:51 -06:00
William Vu
f24da1b178
Add file checking to printer_delete_file
2015-02-25 18:14:13 -06:00
William Vu
dc3ba40e5d
Add file checking to printer_upload_file
2015-02-25 18:13:36 -06:00
William Vu
513d11ce93
Complete replacement of "pathname" with "path"
...
See e8c2c3687d
.
2015-02-25 15:52:26 -06:00
William Vu
b3d4fc798f
Add printer_delete_file module
2015-02-25 15:47:53 -06:00
William Vu
90d179e56f
Add printer_upload_file module
2015-02-25 15:01:01 -06:00
William Vu
3cf94740e6
Land #4817 , CHECK_TCP option for Lantronix module
2015-02-25 13:16:14 -06:00
William Vu
d301752a88
Fix whitespace
2015-02-25 13:16:03 -06:00
rastating
e2dfdd60c0
Update version range
2015-02-25 19:11:15 +00:00
rastating
242d3b8680
Add WP EasyCart privilege escalation module
2015-02-24 21:11:22 +00:00
Tod Beardsley
94b4bc24bd
Minor word choice changes
...
[See #4804 ]
2015-02-24 12:29:11 -06:00
Tod Beardsley
6feae9524b
Fix up funny indent on description
...
[See #4770 ]
2015-02-24 12:25:48 -06:00
Brandon Perry
1134b0a6fa
fix dataastore to datastore
2015-02-24 10:34:33 -06:00
Brent Cook
cf913e521c
Land #4832 @wvu-r7 remove and merge duplicate hash key initializers
2015-02-24 08:38:09 -06:00
BAZIN-HSC
a0ba078801
add debug output
2015-02-24 14:15:30 +01:00
William Vu
5cdb678654
Fix invalid use of RPORT (should be RHOST)
2015-02-24 05:24:09 -06:00
William Vu
f3cad229d3
Fix duplicate hash key "References"
...
In modules/auxiliary/scanner/http/http_login.rb.
2015-02-24 05:19:58 -06:00
William Vu
aa1e1a5269
Fix duplicate hash key "Platform"
...
In modules/exploits/windows/mssql/mssql_linkcrawler.rb.
2015-02-24 05:19:56 -06:00
William Vu
57642377cc
Fix duplicate hash key "MinNops"
...
In modules/exploits/windows/backupexec/name_service.rb.
2015-02-24 05:19:55 -06:00
William Vu
f2c96b4fdd
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/browser/ntr_activex_stopmodule.rb.
2015-02-24 05:19:54 -06:00
William Vu
b671c9b496
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb.
2015-02-24 05:19:53 -06:00
William Vu
2e90f266fa
Fix duplicate hash key "massage_array"
...
In modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb.
2015-02-24 05:19:52 -06:00
William Vu
e618c2f112
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb.
2015-02-24 05:19:51 -06:00
William Vu
2ffa368c18
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/browser/ntr_activex_check_bof.rb.
2015-02-24 05:19:50 -06:00
William Vu
a8f0af4409
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/browser/cisco_playerpt_setsource.rb.
2015-02-24 05:19:49 -06:00
William Vu
ff73b4d51a
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/local/pxeexploit.rb.
2015-02-24 05:19:48 -06:00
William Vu
53e45498ca
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/http/hp_pcm_snac_update_certificates.rb.
2015-02-24 05:19:47 -06:00
William Vu
943ff2da75
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/http/hp_pcm_snac_update_domain.rb.
2015-02-24 05:19:46 -06:00
William Vu
6aa3952c91
Fix duplicate hash key "Platform"
...
In modules/exploits/windows/scada/winlog_runtime_2.rb.
2015-02-24 05:19:45 -06:00
sinn3r
8d17aa04ee
Update the title too
2015-02-24 00:46:35 -06:00
sinn3r
578a545b22
Update MS14-064 for Windows XP
2015-02-23 23:08:13 -06:00
William Vu
8c5ff858d0
Land #4812 , hp_sys_mgmt_login configurable URIs
2015-02-23 19:04:14 -06:00
Brandon Perry
c9439addf8
fix url
2015-02-23 16:50:58 -06:00
HD Moore
bf103def9e
Add the /ews/ path to enable easy OWA brute force
2015-02-23 14:03:39 -06:00
William Vu
bcfbcb7eea
Clean up whitespace
2015-02-23 13:15:21 -06:00
sinn3r
c39d6e152e
Land #4819 , Normalize HTTP LoginScanner modules
2015-02-23 11:43:42 -06:00
William Vu
933c4a05b4
Land #4814 , ms04_011_pct improved error messages
2015-02-22 23:51:14 -06:00
HD Moore
1b1716bcf6
Fix a handful of bugs that broke this modules. Fixes #4799
2015-02-22 22:01:01 -06:00
HD Moore
9730a1655e
Small cleanups to the LLMR responder module
2015-02-22 22:00:42 -06:00
HD Moore
615d71de6e
Remove extraneous calls to GC.start()
2015-02-22 21:51:33 -06:00
Brandon Perry
3d82c7755b
add solarwinds module
2015-02-22 15:35:42 -06:00
rastating
61bdd58fbe
Fix required flag on options
2015-02-22 16:20:47 +00:00
rastating
37a55cce74
Abstracted version comparison code
2015-02-22 16:20:46 +00:00
rastating
31cdd757f6
Add WordPress WPLMS privilege escalation module
2015-02-22 16:20:46 +00:00
HD Moore
ea54696d99
Remove redundant params now provided by the mixin helper
2015-02-22 02:32:28 -06:00
HD Moore
8e8a366889
Pass Http::Client parameters into LoginScanner::Http (see #4803 )
2015-02-22 02:26:15 -06:00
Christian Mehlmauer
c820431879
Land #4770 , Wordpress Ultimate CSV Importer user extract module
2015-02-22 08:52:45 +01:00
RageLtMan
2e58a3d1dd
Update credential reporting mechanism
...
Replace :report_auth_info deprecated method with hooks into the
Metasploit Credential based system.
2015-02-22 02:49:54 -05:00
William Vu
2609a2acee
Land #4815 , MS15-001 reference update
2015-02-21 21:05:03 -06:00
RageLtMan
8ace041a23
TCP option for Lantronix Telnet Password Recovery
...
This commit adds a CHECK_TCP option to the Lantronix password
disclosure module. If set to true, a TCP port will be used to
check for the disclosure instead of the default UDP configuration.
2015-02-21 20:22:18 -05:00
rastating
f9dbff8a6c
Add store path output
2015-02-21 23:41:26 +00:00
Christian Mehlmauer
7d42dcee9c
Land #4769 , Wordpress holding-pattern theme file upload
2015-02-21 23:13:06 +01:00
Christian Mehlmauer
9223c23eb4
Land #4808 , Wordpress plugin upload module
2015-02-21 23:01:15 +01:00
sinn3r
aa8a82f44f
Update MS15-001 reference
2015-02-21 08:39:21 -06:00
rastating
708340ec5a
Tidy up various bits of code
2015-02-21 12:53:33 +00:00
jvazquez-r7
ef62e1fc04
Land #4798 , @wchen-r7's deletion of x64 support on ms13_022_silverlight_script_object
...
* Ungenuine support, well deleted
2015-02-21 01:11:09 -06:00
jvazquez-r7
ef990223d5
Move arch out of target
2015-02-21 01:10:35 -06:00
sinn3r
441c301fd3
Fix #4458 , more informative errors for ms04_011
...
Fix #4458
2015-02-21 00:32:20 -06:00
sinn3r
f4e512e0ff
Should be an array
2015-02-20 21:56:49 -06:00
sinn3r
40c237f507
Fix #3982 , allow URIs to be user configurable
...
Fix #3982
2015-02-20 21:54:03 -06:00
rastating
76a64b31d7
Resolve msftidy issues
2015-02-21 01:41:29 +00:00
rastating
7d30b214ee
Add WordPress admin shell upload module
2015-02-21 01:31:33 +00:00
sinn3r
40972220e3
Land #4804 , HP Client Automation Command Injection
2015-02-20 16:56:03 -06:00
Brent Cook
58436fcc98
Land #4706 jvazquez-r7 adds NTLMSSP support for smb_relay
2015-02-20 15:15:00 -06:00
William Vu
c9ddd0dac9
Land #4795 , f5_bigip_cookie_disclosure update
2015-02-20 13:11:42 -06:00
William Vu
b676f5a07e
Clean up #4795
2015-02-20 13:10:31 -06:00
Brent Cook
b624278f9d
Merge branch 'master' into land-4706-smb_reflector
2015-02-20 10:26:04 -06:00
Brent Cook
5297ebc1a1
Merge branch 'master' into land-1396-http_proxy_pstore
...
Bring things back to the future
2015-02-20 08:50:17 -06:00
Brent Cook
91b4a59fc7
msftidy fixes
2015-02-20 08:42:54 -06:00
Matthew Hall
e6ecdde451
Modify SMB generation code to use primer based on #3074 changes to
...
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
2015-02-20 11:35:22 +00:00
Matthew Hall
4963992b17
Modify SMB generation code to use primer based on #3074 changes to
...
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
2015-02-20 11:31:15 +00:00
Matthew Hall
da829d9ea9
Modify SMB generation code to use primer based on #3074 changes to
...
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
2015-02-20 11:29:09 +00:00
Matthew Hall
9aef561fd3
Modify SMB generation code to use primer based on #3074 changes to
...
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
2015-02-20 11:28:35 +00:00
Matthew Hall
34f4ae782d
Modify SMB generation code to use primer based on #3074 changes to
...
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
2015-02-20 11:26:19 +00:00
Matthew Hall
1751921ede
Modify SMB generation code to use primer based on #3074 changes to
...
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
2015-02-20 11:01:38 +00:00
jvazquez-r7
1633a6d4fd
Read response back while staging
2015-02-20 01:06:47 -06:00
jvazquez-r7
b0c6671721
Add module for ZDI-15-038, HPCA command injection
2015-02-20 00:41:17 -06:00
sinn3r
49f4b68671
Land #4790 , injecting code into eval-based Javascript unpackers
2015-02-19 12:33:52 -06:00
sinn3r
036a6089eb
Drop ungenuine x64 support in ms13_022_silverlight_script_object
...
The MS13-022 exploit does not actually run as x64. IE by default
still runs x86 so BES will always automatically select that target.
If IE forces x64 (which can be done manually), the BES detection
code will see it as ARCH_X86_64, and the payload generator will
still end up generating a x86 payload anyway.
If the user actually chooses a x64 payload, such as
windows/x64/meterpreter/reverse_tcp, the exploit is going to crash
because you can't run x64 shellcode on an x86 architecture.
2015-02-19 10:39:43 -06:00
dnkolegov
f6c871a8e5
Deleted spaces at EOL
2015-02-19 05:06:00 -05:00
dnkolegov
caabb82975
Fixed indentation errors
2015-02-19 05:02:10 -05:00
dnkolegov
2a584da6d9
Added cookie value in print function
2015-02-19 00:43:57 -05:00
Spencer McIntyre
fe840635e5
Land #4791 , fix ms14-070 CreateFile arguments
...
The arguments to CreateFileA used to require that the user had
some level of access on the \\.\tcp device.
2015-02-18 17:15:45 -05:00
David Maloney
ffa6550aec
Land #4787 , HD's new Zabbix and Chef LoginScanners
...
Lands the new LoginScanners HD wrote for Zabbix
and the Chef WebUI
2015-02-18 14:51:16 -06:00
David Maloney
804db0ff0c
add leixcal sorting to methods
...
lexical sort the new methods except for
msf module entrypoint methods which should always be at
the top
2015-02-18 14:50:33 -06:00
joev
483a145d19
Fix msftidy issues.
2015-02-18 14:08:03 -06:00
jakxx
44a7e7e4bc
publish-it fileformat exploit
2015-02-18 13:22:54 -05:00
William Vu
35511636cc
Land #4788 , splunk_web_login new version support
2015-02-18 11:54:54 -06:00
Jay Smith
e40772efe2
Fixed open device issue for non-priv users
...
Fixed the open_device call to work for users without Administrator
privileges
2015-02-18 12:44:58 -05:00
joev
f8609ab0ba
Add file format exploit for injecting code into unpackers.
2015-02-18 11:26:45 -06:00
William Vu
10960310da
Land #4786 , cosmetic fixes from @hmoore-r7
...
For {axis,glassfish}_login.
2015-02-18 03:56:13 -06:00
HD Moore
cc6899d783
Fix a stack trace on null response, thanks @jlee-r7
2015-02-18 00:38:55 -06:00
HD Moore
f4d8a25981
Add support for newer Splunk versions
2015-02-18 00:30:47 -06:00
HD Moore
2847507f03
Add a chef brute force module
2015-02-17 23:49:57 -06:00
HD Moore
27d5ab45b4
Add a zabbix brute force module
2015-02-17 22:56:08 -06:00
HD Moore
f0e69cb526
Fix two cosmetic typos in the axis/glassfish modules
2015-02-17 21:01:35 -06:00
vulp1n3
69b37976c1
Fix disclosure date.
2015-02-17 17:29:52 -08:00
vulp1n3
a19a5328f1
Add JBoss Seam 2 upload execute module
...
Versions of the JBoss Seam 2 framework < 2.2.1CR2 fails to properly
sanitize inputs to some JBoss Expression Language expressions. As a
result, attackers can gain remote code execution through the
application server. This module leverages RCE to upload and execute
a meterpreter payload. CVE-2010-1871
2015-02-17 17:25:01 -08:00
sinn3r
6acbe64dbd
The MSB reference in the title is wrong
...
It should be MS13-022.
MS12-022 is MSFT Expression Design.
2015-02-17 14:56:14 -06:00
William Vu
be5a0ee9c2
Land #4777 , @todb-r7's release fixes
2015-02-17 13:45:00 -06:00
rastating
e0d87a8886
Update to use store_loot for CSV export
2015-02-17 19:21:31 +00:00
Tod Beardsley
fb06cb13cc
Land #4774 , Chromecast HTTP scanner
2015-02-17 13:11:25 -06:00
Tod Beardsley
a8108cfc17
Be less stupid in the description
...
[See #4774 ]
2015-02-17 13:04:26 -06:00
Tod Beardsley
71c5f622ca
Land #4775 , Kindle Fire TV Stick controller
2015-02-17 12:59:54 -06:00
Tod Beardsley
053de8e62c
Fix whitespace in author name
...
[See #4777 ]
2015-02-17 12:57:36 -06:00
Tod Beardsley
14e764ff5a
Move to http subdirectory
...
After all, the wordpress scanners are all HTTP as well, and not under
some platform specific "wordpress" directory. Lots of other HTTP-ish
devices in there as well.
2015-02-17 12:53:18 -06:00
Tod Beardsley
5e07b01a1f
Fix up description a tiny bit
2015-02-17 12:51:55 -06:00
William Vu
45b16c92b7
Prefer sleep
...
It's all the same, anyway.
2015-02-17 12:43:14 -06:00
William Vu
787deb4b23
Change service name to something more appropriate
...
Technically, it's part of DIAL, but we don't want to confuse the user
even more.
2015-02-17 12:41:31 -06:00
sinn3r
b90639fd66
Land #4726 , X360 Software actvx buffer overflow
2015-02-17 11:41:23 -06:00
David Maloney
8e50baaded
Land #4771 , userPrincipalName fix
...
Lands Meatballs1's PR to add userPrincipalName as a column
enumerated by the enum_ad_user* post modules.
2015-02-17 11:31:15 -06:00
Matthew Hall
666b8e3e72
Add timeout to connection handler
2015-02-17 17:27:03 +00:00
Matthew Hall
728cfafe4d
cleanups
2015-02-17 17:27:03 +00:00
Matthew Hall
e4bab60007
Generic HTTP DLL Injection Exploit Module
...
This is an example implementation of using the
Msf::Exploit::Remote::SMBFileServer module to perform
arbitrary DLL injection over SMB.
2015-02-17 17:27:03 +00:00
Matthew Hall
c86caacf95
Merge branch 'master' into module-exploitsmbdllserver
...
Conflicts:
lib/msf/core/exploit/smb.rb
2015-02-17 17:16:09 +00:00
Matthew Hall
9f04e3bcf0
Merge branch 'master' into hp_dataprotector_dll_cmd_exec
2015-02-17 17:06:40 +00:00
Matthew Hall
afca27dae5
Merge branch 'master' into cve-2014-0094
2015-02-17 17:06:21 +00:00
Tod Beardsley
214146beaa
Correct author attribution
2015-02-17 10:52:55 -06:00
Brent Cook
e08206d192
Land #4768 , jvazquez-r7 reorganizes the SMB mixins
2015-02-17 10:36:19 -06:00
Tod Beardsley
6370c99755
Avoid version numbers in titles
2015-02-17 10:28:56 -06:00
Tod Beardsley
62a679ebb8
Avoid version numbers in titles
...
Usually, the versions are more of a range, and nearly always, the module
author never truly knows where the ranges are bounded. It's okay to
clarify in the description.
2015-02-17 10:26:40 -06:00
sinn3r
0597d2defb
Land #4560 , Massive Java RMI update
2015-02-17 10:07:07 -06:00
Meatballs
ecefad946e
Spellingz
2015-02-17 14:39:34 +00:00
William Vu
b4e2a50a6a
Really fix the bug
...
App is so slow. :(
2015-02-17 06:10:32 -06:00
William Vu
09239b37aa
Fix touchy YouTube app
...
It likes the previous video stopped before playing a new one.
2015-02-17 06:07:58 -06:00
William Vu
76e3539434
Add Amazon Fire TV YouTube remote control
2015-02-17 05:44:04 -06:00
William Vu
b3d301e960
Fix annoying double quotes
...
As much as I love them, the use here is inconsistent.
2015-02-17 05:12:28 -06:00
William Vu
e16614abb9
Program a bit more defensively
...
Even though /setup/eureka_info should always be JSON...
2015-02-17 05:04:26 -06:00
William Vu
ea4dd023ae
Add SSID to report_service info
2015-02-17 04:46:11 -06:00
William Vu
e5d6af6b23
Gather info from /setup/eureka_info
...
Looks better with SSID.
2015-02-17 04:37:16 -06:00
William Vu
b6f83937ef
Add chromecast_webserver scanner
2015-02-17 03:27:48 -06:00
Nikita Oleksov
19cd00e6d5
Fix cookit name split
2015-02-16 23:53:32 +07:00
Meatballs
6559b43f1e
EOL Spaces argh
2015-02-16 15:46:45 +00:00
Meatballs
12f2828829
Allow additional fields
2015-02-16 15:24:28 +00:00
Meatballs
b77aed1c56
UPN is optional, should use sAMAccountName
2015-02-16 15:08:09 +00:00
Meatballs
3a894a29de
Dont use magic values and use the userPrincipalName as the
...
username
2015-02-16 15:02:01 +00:00
Meatballs
e42bbcbcbb
Enum_ad modules should retrive userPrincipalName as it may differ
...
to the sAMAccountName value.
2015-02-16 14:03:15 +00:00
dnkolegov
a44e858bd7
Fixed minor errors in F5 BigIP cookie disclosure module
2015-02-16 01:31:52 -05:00
rastating
73bac94fa8
Add Ultimate CSV Importer extract module
2015-02-15 15:27:27 +00:00
rastating
40c92f5fe3
Add URL reference
2015-02-14 13:09:37 +00:00
rastating
4dce589bbe
Add WordPress Holding Pattern file upload module
2015-02-14 12:54:03 +00:00
jvazquez-r7
0158e94a18
Fix mixin usage
2015-02-13 17:18:51 -06:00
jvazquez-r7
0372b08d83
Fix mixin usage on modules
2015-02-13 17:17:59 -06:00
sinn3r
fd441d2c5e
Fix #4764 , NameError unitialized constant Net::DNS in shodan_search
2015-02-13 14:40:23 -06:00
sinn3r
b197b98ab9
Land #4759 , fix ms09_067_excel_featheader
2015-02-13 13:25:15 -06:00
dnkolegov
19144e143a
Fixed some errors in F5 BigIP cookie disclosure module
2015-02-13 03:29:23 -05:00
sinn3r
29163db7fc
Add CVE reference for ie_uxss_injection
2015-02-12 17:16:59 -06:00
jvazquez-r7
3ae3d56caa
Land #4745 , fixes #4711 , BrowserAutoPwn failing due to getpeername
2015-02-12 16:51:09 -06:00
jvazquez-r7
92422c7b9a
Save the output file on local_directory
2015-02-12 16:16:21 -06:00
Christian Mehlmauer
55f57e0b9b
Land #4746 , WordPress photo-gallery exploit
2015-02-12 22:24:12 +01:00
Christian Mehlmauer
bce7211f86
added url and randomize upload directory
2015-02-12 22:16:37 +01:00
sinn3r
05d2703a98
Explain why obfuscation is disabled
2015-02-12 14:00:01 -06:00
William Vu
9b10cd5655
Land #4755 , @todb-r7's release fixes
2015-02-12 13:16:08 -06:00
William Vu
d7fa06de06
Fix off-by-one whitespace
2015-02-12 13:12:13 -06:00
Tod Beardsley
c156ed62a9
on, not of.
2015-02-12 12:56:53 -06:00
Tod Beardsley
e35f603888
Comma fascism
2015-02-12 12:49:45 -06:00
Tod Beardsley
d89eda65fa
Moar fixes, thanks @wvu-r7
...
See #4755
2015-02-12 12:46:38 -06:00
Tod Beardsley
e78d08e20d
Fix up titles, descriptions
2015-02-12 12:11:40 -06:00
sinn3r
50c72125a4
::Errno::EINVAL, disable obfuscation, revoke ms14-064
2015-02-12 11:54:01 -06:00
jvazquez-r7
155651e187
Make filename shorter
2015-02-12 11:45:51 -06:00
jvazquez-r7
95bfe7a7de
Do minor cleanup
2015-02-12 11:45:51 -06:00
rastating
30f310321d
Added CVE reference
2015-02-12 11:45:51 -06:00
rastating
38ad960640
Add Maarch LetterBox file upload module
2015-02-12 11:45:51 -06:00
William Vu
309159d876
Land #4753 , updated ms14_070_tcpip_ioctl info
2015-02-12 09:57:29 -06:00
Spencer McIntyre
8ab469d3bd
Update ms14-070 module information and references
2015-02-12 09:51:01 -05:00
Tod Beardsley
02fe57e2a1
Bump out to April, 60ish days
2015-02-11 12:56:37 -06:00
William Vu
fd11afff1a
Deprecate manage/pxexploit
...
modules/post/windows/manage/pxeexploit.rb
2015-02-11 12:39:10 -06:00
William Vu
58b6b7519a
Deprecate server/pxexploit
...
modules/auxiliary/server/pxeexploit.rb
2015-02-11 12:38:38 -06:00
William Vu
6294cbf4de
Fix manage/pxexploit datastore
2015-02-11 12:19:59 -06:00
William Vu
b894050bba
Fix local/pxeexploit datastore
2015-02-11 12:19:56 -06:00
William Vu
9e717084af
Fix server/pxexploit datastore
2015-02-11 12:19:39 -06:00
Brent Cook
f99ef5c0f5
fix msftidy warnings about towelroot module
2015-02-11 11:17:44 -06:00
rastating
cb1efa3edd
Improved error handling, tidied up some code
2015-02-11 10:16:18 +00:00
rastating
80a086d5f6
Add WordPress Photo Gallery upload module
2015-02-11 01:03:51 +00:00
sinn3r
d23c9b552f
Trade MS12-004 for MS13-090 against Windows XP BrowserAutoPwn
2015-02-10 18:58:56 -06:00
jvazquez-r7
b07ef333e9
Fix java_rmi_server include
2015-02-10 12:52:19 -06:00
jvazquez-r7
29c68ef1ec
End fixing namespaces
2015-02-10 11:55:14 -06:00
Tod Beardsley
1e8f98c285
Updated description, credit, and URL
2015-02-10 11:25:13 -06:00
Tod Beardsley
1b89242a75
Add module for R7-2015-02
2015-02-10 11:03:46 -06:00
jvazquez-r7
1f4fdb5d18
Update from master
2015-02-10 10:47:17 -06:00
jvazquez-r7
5687028f09
Land #4671 , @earthquake's exploit for achat buffer overflow
2015-02-09 17:50:09 -06:00
jvazquez-r7
6165d623ff
Change module filename
2015-02-09 17:39:55 -06:00
jvazquez-r7
eb0741d7a7
Modify reference
2015-02-09 17:39:18 -06:00
Tod Beardsley
0a42ac947a
Land #4737 , fix Socket Context usages
2015-02-09 17:34:03 -06:00
jvazquez-r7
86f3bcad11
Do minor cleanup
2015-02-09 17:33:05 -06:00
Tod Beardsley
7ee5fd9b32
Fix lotus_domino to use get_cookies correctly.
2015-02-09 17:29:44 -06:00
Balazs Bucsay
ac6879cfe1
proper payload encoding from now on
2015-02-09 23:36:35 +01:00
Balazs Bucsay
c7880ab4e1
hex strings related explanations
2015-02-09 23:21:38 +01:00
Balazs Bucsay
9891026d30
sleep changed to Rex::sleep
2015-02-09 22:33:41 +01:00
jvazquez-r7
81cad064ea
Land #4724 , @wchen-r7's AllowWin32SEH's change on alpha encoders
2015-02-09 11:01:00 -06:00
Brent Cook
af405eeb7d
Land #4287 , @timwr's exploit form CVS-2014-3153
2015-02-09 10:33:14 -06:00
jvazquez-r7
831a1494ac
Keep default behavior for modules forcing Msf::Encoder::Type::AlphanumUpper
2015-02-08 18:29:25 -06:00
jvazquez-r7
3e7e9ae99b
Keep default behavior for modules forcing Msf::Encoder::Type::AlphanumMixed
2015-02-08 18:22:11 -06:00
Meatballs
133ae4cd04
Land #4679 , Windows Post Gather File from raw NTFS.
2015-02-08 18:50:50 +00:00
Meatballs
69e53a46cb
Final tidyups, description etc
2015-02-08 18:49:17 +00:00
Meatballs
9518090b8b
Ignore some error conditions
2015-02-08 18:46:48 +00:00
Bazin Danil
cc4fc1aefa
use GetFileAttributesW and CreateFileW
2015-02-08 17:36:49 +01:00
Tod Beardsley
1f7bee35b5
Land #4731 , fix fail_with message
2015-02-07 22:27:17 -06:00
Tod Beardsley
a5b2e99136
Correct punctuation on outlook, too.
2015-02-07 22:26:14 -06:00
Christian Mehlmauer
6d46182c2f
Land #4570 , @rastating 's module for wp-easycart
2015-02-07 23:42:23 +01:00
Christian Mehlmauer
f2b834cebe
remove check because the vuln is unpatched
2015-02-07 23:38:44 +01:00
Christian Mehlmauer
d2421a2d75
wrong version
2015-02-07 23:34:19 +01:00
Christian Mehlmauer
56d2bc5adb
correct version number
2015-02-07 23:22:43 +01:00
wez3
1390c81420
Fix fail_with text
...
Fix fail_with text, when the target system is locked.
2015-02-07 21:20:24 +01:00
rastating
345d5c5c08
Update version numbers to reflect latest release
2015-02-07 19:09:16 +00:00
HD Moore
b1726fd609
Missing comma
2015-02-07 11:56:22 -06:00
HD Moore
8d982e3286
Pass the framework/module down into LoginScanner
2015-02-07 11:50:30 -06:00
Meatballs
358ab2590e
Small tidyup
2015-02-07 11:35:47 +00:00
jvazquez-r7
87775c6ee4
Fix description
2015-02-06 23:55:27 -06:00
jvazquez-r7
76387eebe0
Use File.open
2015-02-06 21:35:07 -06:00
jvazquez-r7
1ea4a326c1
Land #4656 , @nanomebia's fixes for sugarcrm_unserialize_exec
2015-02-06 16:42:01 -06:00
jvazquez-r7
e511f72ab4
Delete final check
...
* A session is the best proof of success
2015-02-06 16:34:34 -06:00
sinn3r
a543d957d4
Fix #4717 - Change AllowWin32SEH's default to false
...
This is patch to change AllowWin32SEH to false.
Root cause:
The truely intended behavior is that if the user doesn't set a
BufferRegister and the encoder is for Windows, the AllowWin32SEH
code should kick in.
The problem here is that msfencode and msfvenom handle the platform
information differently, so we get different results.
With msfencode, the platform information isn't passed when alpha_mixed
is used, so even if you're using the encoder for Win32, the encoder
doesn't actually know about this. But everything works out just fine
anyway because people don't actually rely on AllowWin32SEH.
With msfvenom, the platform information is passed, so the encoder
actually knows it's for Windows. The two conditions are met (regster
and platform), so AllowWin32SEH kicks in. However, the AllowWin32SEH
technique enforces the BufferRegister to ECX, and that there's no
GetPC, so by default this isn't going to work.
The solution:
We are actually better off with setting AllowWin32SEH to false, mainly
because the SEH technique is pretty much dead (congrats MSFT!). And we
want the GetPC routine by default.
If people want to use AllowWin32SEH routine, they can simply set
AllowWin32SEH to true to bring it right back. For example:
e = framework.encoders.create('x86/alpha_mixed')
e.datastore.import_options_from_hash({'AllowWin32SEH'=>true})
buf = e.encode("AAAA", nil, nil, ::Msf::Module::PlatformList.win32)
Or in msfvenom:
msfvenom -p windows/meterpreter/bind_tcp -e x86/alpha_mixed
AllowWin32SEH=true -f raw
Fix #4717
2015-02-06 12:38:04 -06:00
jvazquez-r7
f6933ed02c
Add module for EDB-35948
2015-02-06 11:05:29 -06:00
Tod Beardsley
036cb77dd0
Land #4709 , fixed up some datastore mangling
2015-02-05 21:22:38 -06:00
Tod Beardsley
7e649a919c
This version will actually work.
2015-02-05 21:00:54 -06:00
Tod Beardsley
3e0ce4a955
Fix datastore mangling with instance variables
...
See rapid7/metasploit-framework #4709
2015-02-05 20:37:18 -06:00
Spencer McIntyre
4e0a62cb3a
Land #4664 , MS14-070 Server 2003 tcpip.sys priv esc
2015-02-05 18:49:15 -05:00
Spencer McIntyre
a359fe9acc
Minor fixup on the ms14-070 module description
2015-02-05 18:41:58 -05:00
Tod Beardsley
f8c81e601c
Land #4710 for real.
...
This isn't a proper merge commit. Will need to figure out what I did to
wang up the last landing -- I'm guessing I didn't fetch enough first.
This should fix #4710 .
2015-02-05 17:18:51 -06:00
Tod Beardsley
0a587c9f5a
Land #4710 , really
...
Looks like my publish script ended up rebasing wchen-r7/aux_ie_uxss and
didn't catch the file rename correctly.
Conflicts:
modules/auxiliary/gather/ie_uxss_injection.rb
2015-02-05 17:13:53 -06:00
sinn3r
79e0ddadf6
Rename file again
2015-02-05 17:09:11 -06:00
sinn3r
97aa9f9dd2
Credit @joevennix
2015-02-05 17:09:11 -06:00
sinn3r
7585c625fa
Another update
...
Thanks @joevennix
2015-02-05 17:09:11 -06:00
sinn3r
12aadb3132
Another update
2015-02-05 17:09:10 -06:00
sinn3r
17f2d8048d
Another update
2015-02-05 17:09:10 -06:00
sinn3r
01252078ea
Use store_loot to store coookie
2015-02-05 17:09:10 -06:00
sinn3r
6fd38307e7
An update
2015-02-05 17:09:10 -06:00
sinn3r
727fc51c0b
Don't need this line
2015-02-05 17:09:10 -06:00
sinn3r
4924749b96
Try to make the filename more self explanatory
2015-02-05 17:09:09 -06:00
sinn3r
26af10c3b6
Change public ip option name and store cookie to db
2015-02-05 17:09:09 -06:00
sinn3r
bfa7b61663
Final
2015-02-05 17:09:09 -06:00
sinn3r
b90515ae5d
IE UXSS
2015-02-05 17:09:09 -06:00
Bazin Danil
970c5d115a
spellcheck
2015-02-05 22:08:39 +01:00
sinn3r
d16cc843b2
Correct disclosure date
2015-02-05 15:00:13 -06:00
sinn3r
0955e14dad
Final, really, I think
2015-02-05 14:59:24 -06:00
Spencer McIntyre
dc13446536
Forgot to comment ret instruction
2015-02-05 14:09:01 -05:00
sinn3r
578423501a
Another update
2015-02-05 13:08:33 -06:00
Spencer McIntyre
5a39ba32f6
Make the ret instruction for token stealing optional
2015-02-05 14:00:38 -05:00
Spencer McIntyre
dabc163076
Modify the shellcode stub to save the process
2015-02-05 13:54:52 -05:00
Tod Beardsley
c633c710bc
Mostly caps/grammar/spelling, GoodRanking on MBAM
2015-02-05 12:36:47 -06:00
sinn3r
562063c4d5
Rename file again
2015-02-05 12:26:17 -06:00
sinn3r
80ebde4fe1
Credit @joevennix
2015-02-05 12:25:38 -06:00
sinn3r
27b8d1057f
Another update
...
Thanks @joevennix
2015-02-05 12:23:32 -06:00
sinn3r
988b54f594
Another update
2015-02-05 12:01:19 -06:00
sinn3r
53134aeb17
Another update
2015-02-05 11:46:38 -06:00
sinn3r
871c8aa8d0
Use store_loot to store coookie
2015-02-05 11:36:35 -06:00
sinn3r
dbe99014f2
An update
2015-02-05 11:29:52 -06:00
sinn3r
08d796c5e3
Don't need this line
2015-02-05 10:53:29 -06:00
sinn3r
d6fe077f79
Try to make the filename more self explanatory
2015-02-05 09:53:38 -06:00
sinn3r
ed6ee27896
Change public ip option name and store cookie to db
2015-02-05 09:48:45 -06:00
sinn3r
75c697c4dc
Final
2015-02-05 04:36:44 -06:00
sinn3r
1ccfb6cb43
IE UXSS
2015-02-05 03:03:28 -06:00
William Vu
b43522a2b8
Fix scadapro_cmdexe datastore
2015-02-05 02:54:03 -06:00
William Vu
a12d1244b9
Fix zenworks_helplauncher_exec datastore
2015-02-05 02:53:47 -06:00
William Vu
148ffaf55f
Fix real_arcade_installerdlg datastore
2015-02-05 02:53:38 -06:00
William Vu
a7156cf4a8
Fix zabbix_script_exec datastore
2015-02-05 02:53:22 -06:00
William Vu
9c1487c944
Fix dns_fuzzer datastore
2015-02-05 02:53:14 -06:00
William Vu
c22865fb71
Fix nexpose_xxe_file_read datastore
2015-02-05 02:53:00 -06:00
scriptjunkie
5b2eb986c9
Land #4678 Add post module to phish credentials
2015-02-04 23:43:02 -06:00
sinn3r
434bca0b27
Land #4613 , auxiliary/server/capture/smb credential creation
2015-02-04 22:45:36 -06:00
Spencer McIntyre
aebf5056ac
Dont compare a string to an integer
2015-02-04 16:55:43 -05:00
Tod Beardsley
47d4acd91d
Land #4605 , Malwarebytes fake update exploit
2015-02-04 10:28:17 -06:00
jvazquez-r7
fbf32669c6
Use single quote
2015-02-04 09:47:27 -06:00
julianvilas
de09559cc8
Change HTTP requests to succeed when going through HTTP proxies
2015-02-04 15:32:14 +01:00
jvazquez-r7
c366e7777d
Delete ternary operators
2015-02-03 17:43:00 -06:00
jvazquez-r7
c0e1440572
Land #4685 , @FireFart's module for Wordpress Platform Theme RCE
2015-02-03 17:35:59 -06:00
jvazquez-r7
28f303d431
Decrease timeout
2015-02-03 17:33:29 -06:00
jvazquez-r7
34717d166d
Fix typo
2015-02-03 17:12:54 -06:00
jvazquez-r7
a1c157a4db
Land #4609 , @h0ng10's module for Wordpress Pixabay Images PHP Code Upload
2015-02-03 17:01:32 -06:00
jvazquez-r7
eebee7c066
Do better session creation handling
2015-02-03 17:00:37 -06:00
jvazquez-r7
4ca4fd1be2
Allow to provide the traversal depth
2015-02-03 16:38:40 -06:00
jvazquez-r7
e62a5a4fff
Make the calling payload code easier
2015-02-03 16:23:04 -06:00
jvazquez-r7
61cdb5dfc9
Change filename
2015-02-03 16:13:10 -06:00
jvazquez-r7
82be43ea58
Do minor cleanup
2015-02-03 16:07:27 -06:00
jvazquez-r7
82eeec0946
Delete comments
2015-02-03 15:25:52 -06:00
jvazquez-r7
52616a069a
Add support for NTLMSSP
2015-02-03 15:25:02 -06:00
Tod Beardsley
b5794db973
Spelling
2015-02-03 14:10:47 -06:00
Tod Beardsley
edd5ec3b0d
Refactor and rename of @sgabe's module
...
Renamed because it's not just MBAM, and having malwarebytes in the name
is more memorable anyway.
This refactor's @sgabe's original module to prefer if/else over
unless/else, clearly labelling variables, and wrapping up discrete
functionality into specific methods, and adds an OSVDB and the original
discoverer's URL.
2015-02-03 14:08:25 -06:00
William Vu
54a5dd69a9
Land #4698 , WP GHOST scanner dead code removal
2015-02-02 16:54:09 -06:00
William Vu
9e030143e7
Fix slow search due to method name conflict
...
Changed "search_filter" in enum_ad_users module to "query_filter" to
avoid conflicting with "search_filter" in command_dispatcher/core.rb.
2015-02-02 16:36:20 -06:00
Christian Mehlmauer
c8864c93d7
remove unused code
2015-02-02 20:04:10 +01:00
William Vu
d5c61c01f5
Land #4694 , uninit Rex::OLE fix
2015-02-02 05:33:40 -06:00
sinn3r
9112e70187
Fix #4693 - Uninit Rex::OLE in MS14-064 exploits
...
Fix #4693
2015-02-02 00:20:34 -06:00
jvazquez-r7
d211488e5d
Add Initial version
2015-02-01 19:47:58 -06:00
jvazquez-r7
d0cf316758
Land #4659 , @pedrib's ManageEngine directory listing module
2015-02-01 14:19:46 -06:00
jvazquez-r7
128ca47aa7
Fix banner
2015-02-01 14:19:03 -06:00
jvazquez-r7
41232c0f91
Land #4758 , @pedrib's ManageEngine arbitrary file download module
2015-02-01 14:17:04 -06:00
jvazquez-r7
361aaa7551
Fix banner
2015-02-01 14:16:09 -06:00
wez3
904a99965d
Sleep 1 added
...
Sleep 1 added to reduce network usage
2015-02-01 11:55:01 +01:00
Pedro Ribeiro
39a25fc549
Update manageengine_file_download.rb
2015-02-01 10:49:48 +00:00
Pedro Ribeiro
e9b5aa94c3
Add OSVDB id and full disclosure URL
2015-02-01 10:49:11 +00:00
Christian Catalan
8740fd9015
Convert #find_all_by_X to #where
2015-01-31 21:07:50 -06:00
Christian Mehlmauer
2c956c0a0f
add wordpress platform theme rce
2015-01-31 22:02:44 +01:00
Bazin Danil
03fcfc496a
add a test to check if the file exist
2015-01-31 06:00:02 +01:00
Bazin Danil
2cf9a17f25
variable name clarification (file, file_path, path)
2015-01-31 05:07:07 +01:00
Bazin Danil
5d4a8e2f90
using store_loot
2015-01-31 05:01:28 +01:00
Bazin Danil
d6fb445522
add begin...ensure block so that the CloseHandle call occurs
2015-01-31 04:46:02 +01:00
Bazin Danil
1205c0045f
using r['ErrorMessage']
2015-01-31 04:37:16 +01:00
Bazin Danil
f7d2e2a27a
twitter in comment
2015-01-31 04:36:07 +01:00
jvazquez-r7
3471b43010
Land #4683 , @julianvilas's support for struts 1 on struts_code_exec_classloader
2015-01-30 18:47:56 -06:00
jvazquez-r7
c831de35a2
Land #4392 , @Meatballs1's post module to enumerate AD users
2015-01-30 17:21:10 -06:00
Brent Cook
253d8e60dd
Land #4388 , Meatballs1's golden ticket post module
2015-01-30 16:26:04 -06:00
jvazquez-r7
11502bad39
Clean code
2015-01-30 15:26:25 -06:00
jvazquez-r7
1916c92e3a
Clean metadata
2015-01-30 15:21:17 -06:00
jvazquez-r7
c9ac56442d
No modify datastore option
2015-01-30 15:05:46 -06:00
jvazquez-r7
bb640b90ef
Refactor login_it360
2015-01-30 15:02:23 -06:00
jvazquez-r7
d4359c4f1c
Rework login_it360 code
2015-01-30 15:00:34 -06:00
William Vu
efd7a8c962
Land #4670 , dns_amp RA flag fix
2015-01-30 14:46:15 -06:00
jvazquez-r7
c5db13fba9
Do minor style fixes
2015-01-30 14:13:11 -06:00
jvazquez-r7
89f760c94e
Clean metadata
2015-01-30 14:08:55 -06:00
wez3
25ac9c1ed9
Add post module to phish windows user credentials
2015-01-30 19:50:04 +01:00
Bazin Danil
68b735dbda
Add a NTFS parser and a post module to dump files
...
This commit add a draft of an NTFS Parser and a post module
to gather file using the raw NTFS device (\\.\C:)
bypassing restriction like already open file with lock
Can be used to retreive file like NTDS.DIT without volume shadow copy
2015-01-30 19:16:44 +01:00
Christian Mehlmauer
7504358db3
code style and typos
2015-01-30 15:57:32 +01:00
Christian Mehlmauer
9ce2dd9815
msftidy
2015-01-30 15:41:11 +01:00
Christian Mehlmauer
a0eaf2f626
add wordpress ghost scanner module
2015-01-30 15:29:51 +01:00
Julian Vilas
f983c8171e
Modify description to match both Struts 1.x and 2.x versions
2015-01-30 12:35:38 +01:00
Meatballs
39004d265b
Increase default buffer sizes to reduce railgun calls
2015-01-30 11:20:03 +00:00
Meatballs
d4707b8e07
Spellingz
2015-01-30 11:20:03 +00:00
Meatballs
9670608380
Reformat, remove unnecessary guard statement
2015-01-30 11:20:02 +00:00
Meatballs
0e976041b7
Small description fix
2015-01-30 11:20:02 +00:00
Meatballs
14f6ef13f4
Remove hardcoded domain
2015-01-30 11:20:02 +00:00
Meatballs
79a3a48348
Correct description
2015-01-30 11:20:02 +00:00
Meatballs
e492f56ac0
Error if no database
2015-01-30 11:20:02 +00:00
Meatballs
e6dbc15f40
Line length modification
2015-01-30 11:20:02 +00:00
Meatballs
044e3bd608
Golden Ticketz Post module
2015-01-30 11:20:02 +00:00
Guillaume Delacour
42ef5716e8
Don't test ra flag to get upward referrals/additional RRs
2015-01-30 02:20:24 +01:00
Julian Vilas
1a11ae4021
Add new references about Struts 1
2015-01-29 23:27:52 +01:00
Balazs Bucsay
64ab11c6ba
Add Achat Beta v0.150 RCE for Win7/XPSP3
2015-01-29 23:20:31 +01:00
Julian Vilas
4cc5844baf
Add Struts 1 support
2015-01-29 23:12:34 +01:00
Guillaume Delacour
2c05b1ee50
Use QUERYTYPE instead of hardcode ANY type
2015-01-29 22:54:06 +01:00
Jay Smith
6c529f8f6b
Addressed feedback from @OJ and @zeroSteiner
2015-01-29 11:57:03 -05:00