115549ca75
Delete old check
2015-07-11 00:42:59 -05:00
63005a3b92
Add module for flash CVE-2015-5122
...
* Just a fast port for the exploit leaked
* Just tested on win7sp1 / IE11
2015-07-11 00:28:55 -05:00
7d55e86bdc
Land #5691 , bump to metasploit-payloads-1.0.6
2015-07-10 22:30:44 -05:00
226137896e
updated cached payload sizes
2015-07-10 22:30:20 -05:00
5a045677bc
Add waiting message
2015-07-10 18:48:46 -05:00
8d52c265d9
Delete wfsdelay
2015-07-10 18:46:27 -05:00
63e91fa50f
Add reference
2015-07-10 18:46:06 -05:00
677cd97cc2
Update information
2015-07-10 18:39:11 -05:00
6c6a778218
Modify arkeia_agent_exec title
2015-07-10 18:38:25 -05:00
4995728459
Modify arkeia_agent_exec ranking
2015-07-10 18:37:24 -05:00
858f63cdbf
Land #5693 , @xistence VNC Keyboard EXEC module
2015-07-10 18:35:44 -05:00
1326a26be5
Do code cleanup
2015-07-10 18:35:13 -05:00
917282a1f1
Fix ranking
2015-07-10 17:49:15 -05:00
e063e26627
Land #5689 , @xistence's module for Western Digital Arkeia command injection
2015-07-10 17:11:35 -05:00
bdd8b56336
fix comment
2015-07-10 16:28:20 -05:00
95ae7d8cae
Fix length limitation
2015-07-10 16:24:49 -05:00
3347b90db7
Land #5676 , print_status with ms14_064
2015-07-10 14:40:49 -05:00
29a497a616
Read header as 6 bytes
2015-07-10 14:25:57 -05:00
bed3257a3f
Change default HTTP_DELAY
2015-07-10 12:50:26 -05:00
c9d2ab58d3
Use HttpServer::HTML
...
* And make the exploit Aggressive
2015-07-10 12:48:21 -05:00
e1192c75a9
Fix network communication on `communicate`
...
* Some protocol handling just to not read amounts of data blindly
2015-07-10 11:57:48 -05:00
9206df077f
Land #5694 , R7-2015-08
2015-07-10 11:42:57 -05:00
9ba515f185
Fix network communication on `check`
...
* Some protocol handling just to not read amounts of data blindly
2015-07-10 11:32:49 -05:00
728b338593
Give msftidy a cookie
2015-07-10 11:28:10 -05:00
cf4b18700d
Fix CVE reference
2015-07-10 11:14:59 -05:00
c70be64517
Fix version check
2015-07-10 10:57:55 -05:00
34a6984c1d
Fix variable name
2015-07-10 10:44:38 -05:00
2c7cc83e38
Use single quotes
2015-07-10 10:34:47 -05:00
f66cf91676
Fix metadata
2015-07-10 10:33:02 -05:00
b916a9d267
VNC Keyboard Exec
2015-07-10 14:08:32 +07:00
52d41c8309
Western Digital Arkeia 'ARKFS_EXEC_CMD' <= v11.0.12 Remote Code Execution
2015-07-10 09:51:28 +07:00
f59c99e2ff
Remove msfcli, please use msfconsole -x instead
...
msfcli is no longer supported, please use msfconsole.
Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
d7beb1a685
feedback included
2015-07-09 08:31:11 +02:00
67666160e8
Add patched server detection
2015-07-08 13:47:59 -05:00
25e0f888dd
Initial commit of R7-2015-08 coverage
2015-07-08 13:42:11 -05:00
a3ec56c4cb
Do it in on_request_exploit because it's too specific
2015-07-08 12:32:38 -05:00
cefbdbb8d3
Avoid unreliable targets
...
If we can't garantee GreatRanking on specific targets, avoid them.
2015-07-08 12:12:53 -05:00
c86d16ffb6
update payload sizes
2015-07-07 23:15:57 -05:00
23abc288c8
Resolved conflicts with master
2015-07-07 22:34:30 -05:00
6a33807d80
No Chrome for now
2015-07-07 15:56:58 -05:00
f8b668e894
Update ranking and References
2015-07-07 15:43:02 -05:00
116c3f0be1
Add CVE as a real ref, too
2015-07-07 14:46:44 -05:00
3d630de353
Replace with a real CVE number
2015-07-07 14:44:12 -05:00
fdb715c9dd
Merge branch 'upstream-master' into bapv2
2015-07-07 13:45:39 -05:00
829b08b2bf
Complete authors list
2015-07-07 12:49:54 -05:00
49effdf3d1
Update description
2015-07-07 12:46:02 -05:00
d885420aff
This changes the version requirement for adobe_flash_hacking_team_uaf.rb
...
Because it works for Win 8.1 + IE11 too
2015-07-07 12:42:56 -05:00
d30688b116
Add more requirement info
2015-07-07 12:33:47 -05:00
d9aacf2d41
Add module for hacking team flash exploit
2015-07-07 11:19:48 -05:00
c37b60de7b
Do some print_status with ms14_064
2015-07-07 00:57:37 -05:00
9a1500ee96
Change module name a little bit, makes it easier to find in GUI
2015-07-06 22:31:07 -05:00
4a70e23f9a
Add ExploitReloadTimeout datastore option
...
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
2015-07-06 19:20:15 -05:00
e16cd08599
Update the payload CachedSize
2015-07-06 17:16:56 -04:00
2a89e248d7
Pymet fix send uuid logic for Python 3.x
2015-07-06 11:20:34 -04:00
3d30cef58e
Land #5668 , I don't know how to avoif things
2015-07-06 09:24:18 -05:00
5b6ceff339
mime message
2015-07-06 15:00:12 +02:00
a9edfa1b4b
Fix a small typo
2015-07-06 13:37:36 +02:00
d2063c92e1
Refactor datastore names to match standards
2015-07-05 18:21:45 -05:00
b577f79845
Fix some bugs in the safari file navigation module.
2015-07-05 16:46:18 -05:00
632bcda345
Land #5652 , improve LAPS filter to reduce empty results
2015-07-03 15:02:39 -04:00
29d45e3b18
Pymet patch in timeout info on generate_stage
2015-07-03 14:12:29 -04:00
43d47ad83e
Port BAPv2 to Auxiliary
2015-07-02 15:29:24 -05:00
e843db78dc
put rhost option back
...
it is needed for the wmic query that
creates the shadowcopy
MSP-12867
2015-07-02 14:46:40 -05:00
7b2b526ea1
deregister unwated options
...
deregister mixin options that we don't need
for this module
2015-07-02 14:33:21 -05:00
8892cbdd10
Fix some minor things
2015-07-02 14:32:16 -05:00
cc51d1e8fd
use registry data for VSS grab
...
use the location data we got from the registry for copying
the NTDS.dit file correctly with the VSS method
2015-07-02 14:27:51 -05:00
89d283da09
check registry for ntds location
...
check the registry for the location of the ntds.dit
file
MSP-12867
2015-07-02 14:07:47 -05:00
95f19e6f1f
Minor description edits for clarity
...
Edited modules/exploits/multi/browser/adobe_flash_nellymoser_bof.rb
first landed in #5642 , Adobe Flash CVE-2015-3113 Nellymoser Audio
Decoding BOF
Edited modules/post/windows/gather/credentials/enum_laps.rb first landed
in #5590 , @Meatballs1 adds MS LAPS Enum post mod
Edited modules/post/windows/gather/enum_ad_bitlocker.rb first landed in
Keys from AD
2015-07-02 13:51:37 -05:00
87e6325737
Revert BAPv2 changes to framework/libraries/handlers
2015-07-02 12:10:21 -05:00
42daf4d38b
fix up ordering of pre-checks
...
i hate early returns, but we need to bail out early
if some of these checks fail
MSP-12867
2015-07-02 11:52:02 -05:00
99c29052c7
Merge branch 'smb_enumuser_domain_storage' of github.com:jabra-/metasploit-framework into smb_enumuser_domain_storage
2015-07-02 08:24:04 -04:00
dfa71a2b44
update to store creds using the new method
2015-07-02 08:22:21 -04:00
8a3873d730
Tweak filter to reduce empty results
2015-07-02 09:53:08 +01:00
2957924c78
Merge branch 'upstream-master' into bapv2
2015-07-02 01:46:31 -05:00
49d3b275b2
Land #5648 , Update CVE-2015-3043 info
2015-07-02 01:36:26 -05:00
a37ac1b089
Land #5590 , @Meatballs1 adds MS LAPS Enum post mod
2015-07-01 21:19:15 -04:00
3b9ba189f7
Add CVE-2015-3043 information
2015-07-01 19:56:35 -05:00
8051a99f4a
Merge branch 'upstream-master' into bapv2
2015-07-01 18:45:42 -05:00
32d5e7f3de
Land #5642 , Adobe Flash CVE-2015-3113 Nellymoser Audio Decoding BOF
2015-07-01 18:44:38 -05:00
93c74efb97
Add Ubuntu as a tested target
2015-07-01 18:43:22 -05:00
1c5abec97a
Land #5632 , mozilla_reduceright nil fix
2015-07-01 15:56:31 -05:00
ee118aa89d
Fix description
2015-07-01 13:30:22 -05:00
1de94a6865
Add module for CVE-2015-3113
2015-07-01 13:13:57 -05:00
399b3d2810
Land #5629 , moar cmd_exec refactoring
2015-07-01 00:36:19 -05:00
d6261a54b1
Land #5608 , part 2, update payload cache sizes
2015-07-01 00:31:40 -05:00
6711091c70
update cached payload sizes
2015-07-01 00:31:09 -05:00
e99d63687f
Land #5608 , android and java meterpreter transport and sleep support
...
This also includes stageless Windows meterpreter fixes for process migration.
2015-07-01 00:23:36 -05:00
3632cc44c5
Fix nil error when target not found
2015-06-30 11:48:41 -05:00
7aeb9e555b
Change ranking and support CAMPAIGN_ID
2015-06-29 12:13:46 -05:00
656e6f5c73
Fix windows enum modules
2015-06-29 11:56:38 -05:00
834c0e594a
Update multi modules
2015-06-29 11:36:28 -05:00
ae172691f2
Update linux gather post modules
2015-06-29 10:21:13 -05:00
2cbb107bba
Update enum_configs
2015-06-29 09:55:18 -05:00
afa442ad89
Fix a stack trace with ipmi_dumphashes when no database was configured.
2015-06-29 00:46:35 -05:00
9bd920b169
Merge branch 'upstream-master' into bapv2
2015-06-27 12:19:55 -05:00
bb43f7e30f
use the correct transport for x64/meterpreter_reverse_https
2015-06-27 10:50:54 -05:00
007da4af41
Force :init_connect for stageless
2015-06-27 18:21:15 +10:00
52b49503a0
Land #5498 , @hmoore-r7's patch for a number of Net::DNS/enum_dns issues
2015-06-26 18:25:03 -05:00
093f339f6b
Land #5268 , @Meatballs1's post windows module to retrieve Bitlocker Recovery Keys from AD
2015-06-26 17:07:36 -05:00
326bec0a1f
Land #5581 , s/shell_command_token/cmd_exec/
2015-06-26 16:59:40 -05:00
600a296291
Do minor cleanup
2015-06-26 16:51:00 -05:00
a10fa02b00
Land #5606 , @wchen-r7's glassfish fixes
2015-06-26 14:12:50 -05:00
3b5e2a0c6e
Use TARGETURI
2015-06-26 14:02:17 -05:00
b46e1be22f
Land #5371 , Add file checking to the on_new_session cleanup
2015-06-26 13:33:57 -05:00
c04490e5eb
Remove comma before coordinating conjunction
...
An independent clause does not follow.
2015-06-26 12:50:37 -05:00
31eedbcfa0
Minor cleanups on recent modules
...
Edited modules/auxiliary/scanner/http/ms15_034_http_sys_memory_dump.rb
first landed in #5577 , MS15-034 HTTP.SYS Information Disclosure
Edited modules/exploits/multi/browser/adobe_flash_shader_drawing_fill.rb
first landed in #5605 , CVE-2015-3105 flash exploit
Edited modules/exploits/multi/browser/adobe_flash_shader_job_overflow.rb
first landed in #5559 , Adobe Flash Player ShaderJob Buffer Overflow
Edited modules/auxiliary/test/report_auth_info.rb first landed in #5540 ,
@wchen-r7's changes for multiple auxiliary modules to use the new cred
API
2015-06-26 12:18:33 -05:00
7ccc86d338
Use cmd_exec
2015-06-26 11:54:19 -05:00
31b7ef49d6
Solve conficts
2015-06-26 11:36:17 -05:00
eba1e24b96
Land #5605 , CVE-2015-3105 flash exploit
2015-06-26 10:30:10 -05:00
84c0e62fd3
Land #5493 , update OWA scanner creds persistence
2015-06-26 08:46:27 -05:00
a773979992
Java config wiring, tweak to include block counts
...
This commit adjusts the way that the config block is set for java and
android because behind the scenes the stageless connect-backs need to
know what to discard. as a result of connecting back to staged listeners
we need to be able to discard a number of bytes/blocks before we can
continue process (at least in the case of TCP).
2015-06-26 13:59:09 +10:00
c70e38a14e
Do more reporting
2015-06-25 22:39:56 -05:00
5ef4cc2bb4
Save creds
2015-06-25 17:10:20 -05:00
1a371b11b0
Update description
2015-06-25 17:04:31 -05:00
ee0377ca16
Add module for CVE-2015-3105
2015-06-25 13:35:01 -05:00
63f584cbfd
Add last_attempted_at
2015-06-25 12:08:38 +05:00
c330d10403
Make SSL as a basic option
...
Also:
Fix #5558
2015-06-25 02:06:51 -05:00
5c98da05fb
This works for Glassfish 4.0 & 9.1
2015-06-25 01:58:24 -05:00
c826785ebb
Fix auth bypass
2015-06-24 19:49:04 -05:00
8e4fa80728
This looks good so far
2015-06-24 19:30:02 -05:00
d9b6e46685
Merge branch 'upstream/master' into android-java-transport-refactor
2015-06-25 09:50:42 +10:00
2206a6af73
Support older targets x86 for MS15-051
2015-06-25 09:33:15 +10:00
cea8605365
Fix #5596 by catching RuntimeError from Rex::Poly
2015-06-24 15:17:33 -05:00
827d241482
Land #5539 , Quake scanner fix
2015-06-24 15:00:39 -05:00
a149fb5710
Land #5554 , @g0tmi1k's persistence improvements
...
age aborts
age aborts
2015-06-24 14:37:25 -05:00
e7e8135acd
Clean up module
2015-06-24 14:35:10 -05:00
c8dddbff70
server header
2015-06-24 21:32:01 +02:00
380af29482
Progress?
2015-06-24 14:17:45 -05:00
0493ba83a0
Add transport configuration support
2015-06-24 21:26:47 +10:00
8b6fba4988
Tweak and fix some things in Safari file URL module.
2015-06-24 02:08:06 -05:00
e796e56c6c
Modify the staging process
2015-06-24 13:22:33 +10:00
9c4a96761e
Small tidyup
2015-06-23 23:10:29 +01:00
4392b7c1de
Enum LAPS
2015-06-23 23:02:22 +01:00
221980820a
Committed wrong file
...
This reverts commit 76c2198ef0
2015-06-23 23:01:59 +01:00
76c2198ef0
LAPS enum
2015-06-23 22:56:53 +01:00
18a9585f7a
Add safari module for CVE-2015-1155
2015-06-23 16:15:50 -05:00
8bc012a665
echo stager via upload vulnerability
2015-06-23 23:09:08 +02:00
c45e42465a
Land #5492 , update PCAnywhere login scanner
2015-06-23 14:48:25 -05:00
5751e196bb
Remove extraneous newline
2015-06-23 14:43:37 -05:00
6046994138
version does not return nil
2015-06-23 10:31:01 -05:00
59af7ef1fc
Remove the extra target_uri
2015-06-23 10:27:50 -05:00
a2a231c242
Land #5577 , MS15-034 HTTP.SYS Information Disclosure
2015-06-23 10:20:54 -05:00
11366971da
Oh never mind, user-agent makes it more difficult to use (more crashes)
2015-06-23 01:24:17 -05:00
6127b8a037
Pass user-agent
2015-06-23 01:23:01 -05:00
8ce5cc23cf
More consistent filename style
2015-06-23 01:08:34 -05:00
e9b548e8a2
Changes for ms15034_http_sys_memory_dump.rb
2015-06-23 01:07:33 -05:00
302db36daa
Add last_attempted_at to creds object
2015-06-23 09:46:01 +05:00
8086a6f8cc
remove unnecessary begin/rescue, change print_* to vprint_* in check()
2015-06-22 20:25:12 -04:00
f216841d01
Update enum_vbox
2015-06-22 17:54:17 -05:00
8ade66027a
update cached payload sizes
2015-06-22 17:19:02 -05:00
jvazquez-r7
Brent Cook
Mo Sadek
Tod Beardsley
HD Moore
xistence
wchen-r7
Michael Messner
Spencer McIntyre
Donny Maasland
joev
David Maloney
William Vu
Josh Abraham
Meatballs
OJ
Trevor Rosen
root
rwhitcroft