Commit Graph

23072 Commits (6b54fe67753404b73fbf6e4ad678e1aa78c7746a)

Author SHA1 Message Date
William Vu 3cd287ddd6 Update the MS17-010 scanner to use dcerpc_getarch 2017-12-14 02:08:30 -06:00
William Vu 8e4b007edc Move verify_arch to dcerpc_getarch
We can use this code elsewhere, such as the MS17-010 scanner.
2017-12-14 02:08:25 -06:00
Brent Cook c6a2ae2551
Land #9248, Add wd_mycloud_multiupload_upload exploit 2017-12-13 18:51:02 -06:00
Brent Cook 125a079fa9 add cve reference 2017-12-13 18:50:21 -06:00
h00die d7ad443be1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework into upstream-master 2017-12-13 19:33:05 -05:00
h00die c0a534140d
Land #9284 a regex dos for ua_parser_js npm module 2017-12-13 19:31:49 -05:00
Wei Chen deacebc46b
Land #9264, Add private type when storing SSH password
Land #9264
2017-12-13 18:24:31 -06:00
Nicholas Starke dd5532c5de Addressing Formatting Issues
There were several formatting and layout issues
that are fixed in this commit.  Also changing
`RHOSTS` to `RHOST`.
2017-12-13 14:26:27 -06:00
Wei Chen b99663fb6c
Bring #9282 up to date with upstream-master 2017-12-13 13:16:30 -06:00
Wei Chen 37514eec17
Land #9234, Add exploit for ClickJacking vuln for pfSense
Land #9234
2017-12-12 14:56:21 -06:00
Wei Chen c7019e5aee Only load files once 2017-12-12 14:54:49 -06:00
Wei Chen 6149f51273
Land #9256, Add aux module to discover WSDD enabled devices
Land #9256
2017-12-12 11:55:42 -06:00
securekomodo b335cacfc1
Update wp_slideshowgallery_upload.rb
Variable on line 67 needs to be changed to "user" from "username" which was undefined and causing error during exploit execution.

[-] Exploit failed: NameError undefined local variable or method `username' for #<Msf::Modules::Mod6578706c6f69742f756e69782f7765626170702f77705f736c69646573686f7767616c6c6572795f75706c6f6164::MetasploitModule:0x0055c61ab093f8>

After changing the incorrect variable name from "username" to "user", the exploit completes.
2017-12-12 00:33:28 -05:00
Matthew Kienow d79b0ad981
Land #9286, Advantech WebAccess webvrpcs BOF RCE 2017-12-12 00:25:56 -05:00
mr_me e7a2dd2e71 fixed email 2017-12-11 23:20:46 -06:00
mr_me 26e2eb8f1a Changed to good ranking 2017-12-11 23:14:36 -06:00
Pearce Barry 9a6c54840b
Minor tweak to use vprint... 2017-12-11 16:48:47 -06:00
Nicholas Starke 2d23054a1f Changes as per comments
A few things were changed as per the PR comments:
1) The module title was reworded
2) The module description was multi-lined
3) Negative logic was rewritten to use 'unless'
4) Strings which did not require interpolation were rewritten
5) Documentation markdown was added.
2017-12-11 14:11:40 -06:00
mr_me f8977ed72c added some fixes 2017-12-11 11:34:17 -06:00
Chris Higgins e91830efe7 Add Dup Scout Enterprise login buffer overflow 2017-12-09 02:20:05 -06:00
mr_me 34ef650b0d fixed up msftidy, opps. 2017-12-07 17:03:39 -06:00
mr_me 75a82b3fe7 Advantech WebAccess webvrpcs ViewDll1 Stack-based Buffer Overflow Remote Code Execution Vulnerability 2017-12-07 16:34:26 -06:00
Austin 5a81f8091d
change some options for somethinf for sensible 2017-12-07 14:44:36 -05:00
Austin 335cc13cab
remove option, advanced Message seems to break it. 2017-12-07 14:17:14 -05:00
Austin 7bdc99a153
Fix HANDLER + some default options! 2017-12-07 13:53:39 -05:00
Nicholas Starke 306c5d20d9 Adding ua_parser_js ReDoS Module
"ua-parser-js" is an npm module for parsing browser
user-agent strings.  Vulnerable version of this module
have a problematic regular expression that can be exploited
to cause the entire application processing thread to "pause"
as it tries to apply the regular expression to the input.
This is problematic for single-threaded application environments
such as nodejs.  The end result is a denial of service
condition for vulnerable applications, where no further
requests can be processed.
2017-12-07 10:25:29 -06:00
Austin 09aa433fdc
Add MESSAGE field for "obfuscation" 2017-12-07 08:04:31 -05:00
Austin 8bb6a8f47c
Rename office_dde_delivery to office_dde_delivery.rb 2017-12-06 22:40:37 -05:00
Austin 9d11c60d88
Office DDE Payload Delivery
Generate / Inject existing RTF files with DDE Payloads!
2017-12-06 21:41:00 -05:00
William Webb adba277be0
axe errant spaces at EOL 2017-12-04 16:57:48 -08:00
William Webb 69b01d26bb
Land #9226, Microsoft Office OLE object memory corruption 2017-12-04 16:50:27 -08:00
William Vu 19b37c7070
Land #9263, drb_remote_codeexec fixes
See pull requests #7531 and #7749 for hysterical raisins.
2017-12-04 18:45:03 -06:00
Brent Cook b13f4e25e1 thanks for making this well-known 2017-12-04 18:32:31 -06:00
Brent Cook a27bb38d51 add authors 2017-12-04 18:25:18 -06:00
Austin b96dac28d5
fix info segment 2017-12-04 16:42:41 -05:00
Brent Cook f83e9815dd
Land #9210, Add a Polycom HDX RCE 2017-12-04 12:49:35 -06:00
Brent Cook 7edab268f5 handle case-insensitive password, fix received 2017-12-04 12:47:40 -06:00
Austin 06334aa2bd
Update polycom_hdx_traceroute_exec.rb 2017-12-04 11:05:01 -05:00
Yorick Koster 942e44ceae Added local copies of the static content 2017-12-02 10:14:14 +01:00
Austin c788e4e540
Update office_ms17_11882.rb 2017-12-01 11:36:03 -05:00
Austin 7df46b33e8
disassembly ASM 2017-12-01 08:03:56 -05:00
Zenofex 1ced3994b0 Added more reference urls to wd_mycloud_multiupload_upload module. 2017-11-30 12:53:33 -06:00
nromsdahl b24f70c7c6
Update ssh_login.rb
Added credential data type so password is stored in creds.
2017-11-30 11:02:06 -06:00
Brent Cook c288dab338 fixup RHOST/RPORT expectations if only URI is set 2017-11-30 10:51:02 -06:00
Brent Cook d689b33d7e more error handling, deal with user error 2017-11-30 08:31:13 -06:00
Brent Cook 87e683c763 add back kill syscall for trap method 2017-11-30 08:12:15 -06:00
Brent Cook a0e0e1db15 allow manual targeting, handle errors better 2017-11-30 07:51:12 -06:00
Brent Cook eea72663b3 warn on method failure instead of error 2017-11-30 06:37:21 -06:00
Brent Cook 9f12b794da cleanup comments 2017-11-30 06:37:04 -06:00
Brent Cook 5da34e8f2b support RHOST/RPORT 2017-11-30 06:36:42 -06:00