Brent Cook
ab6b5f381d
msfupdate is no longer a distributed binary, it's a dev tool
2017-05-26 22:57:59 -05:00
Brent Cook
c58d8afa2f
redirect msfupdate users on Kali
2017-05-26 22:57:59 -05:00
HD Moore
78d649232b
Remove obsolete module options
2017-05-26 21:21:05 -05:00
TheNaterz
53cbbbacd8
getsystem update session info
2017-05-26 17:28:11 -06:00
HD Moore
123a03fd21
Detect server-side path, work on Samba 3.x and 4.x
2017-05-26 17:02:18 -05:00
HD Moore
eebfd9b7f2
Switch to the mixin-provided SMB share enumeration methods
2017-05-26 17:02:06 -05:00
HD Moore
e8b5cc3397
Avoid a stacktrace by verifying that the share is known
2017-05-26 17:01:44 -05:00
HD Moore
8caaba01f1
Add share enumeration methods to the SMB mixin
2017-05-26 17:01:18 -05:00
David Maloney
ee5f37d2f7
remove nt trans raw sock op
...
don't send the nt transact packet as raw
socket data, instead use the client send_recv
method
2017-05-26 15:50:18 -05:00
William Webb
d4ba28a20b
Land #8457 , Update multi/fileformat/office_word_macro to allow custom templates
2017-05-26 15:09:23 -05:00
David Maloney
f0f99ad479
nttrans packet setup correctly,everything broken
...
got the nttrans packet setup correctly but somewhere
along the line i broke the whole exploit wtf?
2017-05-26 14:54:46 -05:00
Renato Piccoli
ab8326755d
Travis: disable the failing tests. #8444
...
They have not been executed for a while.
TODO: re-enable them when they succeed again.
2017-05-26 21:25:56 +02:00
Renato Piccoli
a91c954361
Fix .travis.yml
...
- Try to update the bundler before using it.
- Use single quotes (') around the variable definition.
- Echo the final command right before running it.
- Call bash to run the final command.
2017-05-26 21:25:55 +02:00
William Webb
f176315942
Land #8462 , Remove deprecated windows/fileformat/office_word_macro
2017-05-26 13:38:02 -05:00
h00die
06ccd17d49
land #8466 update to docs for is_known_pipename
2017-05-26 14:14:01 -04:00
h00die
b3a5a8840b
added ubuntu information
2017-05-26 14:10:26 -04:00
David Maloney
b3e99ee9d2
point to local gem copy for testing and dev
...
remove this later, use a local copy of rubysmb
2017-05-26 12:30:19 -05:00
Metasploit
15b3b7de41
Bump version of framework to 4.14.23
2017-05-26 10:02:14 -07:00
root
9b9d2f2345
Final version of configurable depth
2017-05-26 16:23:22 +02:00
root
33ddef9303
Add documentation, add configurable depth path
2017-05-26 16:14:03 +02:00
wchen-r7
162a660d45
Remove the old windows/fileformat/office_word_macro
...
windows/fileformat/office_word_macro.rb has been deprecated and
it should have been removed on March 16th.
If you want to create a Microsoft Office macro exploit, please
use the multi/fileformat/office_word_macro exploit instead, which
supports multiple platforms, and will support template injection.
2017-05-26 07:33:46 -05:00
wchen-r7
04a701dba5
Check template file extension name
2017-05-26 07:31:34 -05:00
HD Moore
072ab7291c
Add /tank (from ryan-c) to search path
2017-05-26 06:56:41 -05:00
wchen-r7
2835c165d7
Land #8390 , Add module to execute powershell on Octopus Deploy server
2017-05-25 17:33:07 -05:00
wchen-r7
330526af72
Update check method
2017-05-25 17:30:58 -05:00
William Vu
ae22b4ccf4
Land #8450 , Samba is_known_pipename() exploit
2017-05-25 16:36:28 -05:00
HD Moore
4ec5831bd4
Merge pull request #15 from h00die/sambapwn
...
docs for is_known_pipename
2017-05-25 17:32:06 -04:00
HD Moore
1474faf909
Remove ARMLE for now, will re-PR once functional
2017-05-25 16:14:35 -05:00
HD Moore
2ad386948f
Small cosmetic typo
2017-05-25 16:10:37 -05:00
HD Moore
18a871d6a4
Delete the .so, add PID bruteforce option, cleanup
2017-05-25 16:03:14 -05:00
wchen-r7
ee13195760
Update office_word_macro exploit to support template injection
2017-05-25 15:53:45 -05:00
h00die
e8a34c5797
updates to docs
2017-05-25 16:53:39 -04:00
William Webb
eb1f6fcd8d
Land #8456 , Correct typo in exploits/unix/webapp/webmin_show_cgi_exec
2017-05-25 14:17:09 -05:00
David Maloney
0b0e2f64ca
update SMB1 "Freehole" packet
...
the 'Freehole' packet is now generated with
RubySMB and sent by the client, rather than raw bytes
sent over the bare socket
2017-05-25 13:43:16 -05:00
nks
1a8961b5e3
fied typo
2017-05-25 19:14:59 +02:00
David Maloney
bc8ad811aa
remove old anonymous login packet
...
we are now using the anonymous login from the
RubySMB client we no longer need this method to
manually build the packet
2017-05-25 10:49:42 -05:00
David Maloney
238052a18b
use RubySMB client echo
...
replaced the manually created echo packet
with the RubySMB client echo command
2017-05-25 10:47:14 -05:00
HD Moore
cf7cfa9b2c
Add check() implementation based on bcoles notes
2017-05-25 09:49:45 -05:00
h00die
98ad754475
updated OJ info and wvu ubuntu box
2017-05-25 08:09:37 -04:00
itsmeroy2012
92a1a3ecf7
Adding for loop instead of while, removing 'counter'
2017-05-25 15:09:34 +05:30
h00die
b1514fcbc0
docs
2017-05-24 22:18:46 -04:00
HD Moore
0520d7cf76
First crack at Samba CVE-2017-7494
2017-05-24 19:42:04 -05:00
David Maloney
4ffe666b52
improve the cred fallback
...
we might get a successful sessionsetup
but a failure on IPC$ due to anonymous access
2017-05-24 17:36:07 -05:00
David Maloney
4c02b7b13a
added credentialed fallback
...
if anonymous login is blocked, then the user can
supply credentials for the exploit to try as a fallback
2017-05-24 16:09:51 -05:00
David Maloney
dc67fcd5a8
use RubySMB for anonymous login
...
use the new anonymous login capabilities in
RubySMB
2017-05-24 15:40:05 -05:00
William Vu
e4ea618edf
Land #8419 , ETERNALBLUE fixes (round two)
...
Hope I resolved the conflicts correctly.
2017-05-23 17:03:21 -05:00
William Vu
46eb6bdf62
Land #8399 , ETERNALBLUE fixes (round one)
2017-05-23 16:51:19 -05:00
William Vu
f80c3aa3f4
Correct absolute path
2017-05-23 16:50:25 -05:00
bwatters-r7
461649ed34
Land #8378 , Add check in archmigrate to prevent privdesc
2017-05-23 14:37:29 -05:00
Carter
c73e7673b1
Please the rubocop god
2017-05-23 15:13:55 -04:00