jvazquez-r7
5d8167dca6
Beautify description
2015-01-10 00:02:42 -06:00
jvazquez-r7
9fb4cfb442
Do First callforward cleanup
2015-01-10 00:00:27 -06:00
jvazquez-r7
f7af0d9cf0
Test landing #4065 into up to date branch
2015-01-09 23:40:16 -06:00
jvazquez-r7
bedbffa377
Land #3700 , @ringt fix for oracle_login
...
* Avoid retrying logins when connection cannot be stablished
2015-01-09 22:59:32 -06:00
jvazquez-r7
38c36b49fb
Report when nothing is rescued
2015-01-09 22:58:19 -06:00
Jon Hart
5c12f9da75
More cleanup
...
Handle multiple versions
Better print_
Actually extract
2015-01-09 18:01:17 -08:00
sinn3r
3c8be9e36d
Just x86
2015-01-09 19:12:51 -06:00
sinn3r
74e8e057dd
Use RDL
2015-01-09 19:02:08 -06:00
Christian Mehlmauer
d4d1a53533
fix invalid url
2015-01-09 21:57:52 +01:00
Christian Mehlmauer
fd2307680d
Land #4550 , wp-symposium file upload
2015-01-09 21:55:02 +01:00
Jon Hart
35fd17c4f1
Cleanup style
2015-01-09 11:00:25 -08:00
jvazquez-r7
d65ed54e0c
Check STARTUP_FOLDER option
2015-01-09 12:21:01 -06:00
jvazquez-r7
2c633e403e
Do code cleanup
2015-01-09 12:07:59 -06:00
jvazquez-r7
d52e9d4e21
Fix metadata again
2015-01-09 11:20:00 -06:00
jvazquez-r7
9dbf163fe7
Do minor style fixes
2015-01-09 11:17:16 -06:00
jvazquez-r7
8f09e0c20c
Fix metadata by copying the mysql_mof data
2015-01-09 11:15:32 -06:00
jvazquez-r7
da6496fee1
Test landing #2156 into up to date branch
2015-01-09 11:04:47 -06:00
sinn3r
ee5c249c89
Add EDB reference
2015-01-09 00:19:12 -06:00
sinn3r
75de792558
Add a basic check
2015-01-09 00:03:39 -06:00
sinn3r
4911127fe2
Match the title and change the description a little bit
2015-01-08 21:48:01 -06:00
sinn3r
b7b3ae4d2a
A little randomness
2015-01-08 21:25:55 -06:00
Jon Hart
e4547eb474
Land #4537 , @wchen-r7's fix for #4098
2015-01-08 17:57:16 -08:00
Jon Hart
f13e56aef8
Handle bracketed and unbracketed results, add more useful logging
2015-01-08 17:51:31 -08:00
Jon Hart
14db112c32
Add logging to show executed Java and result
2015-01-08 16:53:12 -08:00
sinn3r
b65013c5c5
Another update
2015-01-08 18:39:04 -06:00
sinn3r
b2ff5425bc
Some changes
2015-01-08 18:33:30 -06:00
sinn3r
53e6f42d99
This works
2015-01-08 17:57:14 -06:00
Pedro Ribeiro
c76aec60b0
Add OSVDB id and full disclosure URL
2015-01-08 23:29:38 +00:00
sinn3r
7ed6b3117a
Update
2015-01-08 17:18:14 -06:00
Brent Cook
fb5170e8b3
Land #2766 , Meatballs1's refactoring of ExtAPI services
...
- Many code duplications are eliminated from modules in favor of shared
implementations in the framework.
- Paths are properly quoted in shell operations and duplicate operations are
squashed.
- Various subtle bugs in error handling are fixed.
- Error handling is simpler.
- Windows services API is revised and modules are updated to use it.
- various API docs added
- railgun API constants are organized and readable now.
2015-01-08 16:54:01 -06:00
Brent Cook
e447a17795
bump deprecated date
2015-01-08 16:20:06 -06:00
sinn3r
50ecfbf64c
Land #4553 - Update bypass UAC to work on 7, 8, 8.1, and 2012
2015-01-08 16:19:55 -06:00
jvazquez-r7
fa5cd928a1
Refactor exploit to use the mixin
2015-01-08 16:04:56 -06:00
jvazquez-r7
ca765e2cc5
Refactor client mixin
2015-01-08 15:46:24 -06:00
rastating
82e6183136
Add Msf::Exploit::FileDropper mixin
2015-01-08 21:07:00 +00:00
rastating
93dc90d9d3
Tidied up some code with existing mixins
2015-01-08 20:53:56 +00:00
jvazquez-r7
873ade3b8a
Refactor exploit module
2015-01-08 14:52:55 -06:00
jvazquez-r7
3debcef00b
Fix call from aux module
2015-01-08 14:24:27 -06:00
sinn3r
0e6c7181b1
"Stash" it
2015-01-08 14:13:14 -06:00
jvazquez-r7
c205ef28d4
Refactor build_gc_call
2015-01-08 14:01:04 -06:00
Meatballs
a9fee9c022
Fall back to runas if UAC disabled
2015-01-08 11:07:57 +00:00
William Vu
ea793802cc
Land #4528 , mantisbt_php_exec improvements
2015-01-08 04:50:00 -06:00
Meatballs
3c3d28b475
Land #4551 , correct spelling in dns_bruteforce
2015-01-08 10:03:28 +00:00
jvazquez-r7
73e3cd19c3
Convert java_rmi_server aux mod to use new mixin
2015-01-08 00:29:50 -06:00
OJ
844460dd87
Update bypass UAC to work on 8.1 and 2012
...
This commit contains a bunch of work that comes from Meatballs1 and
Lesage, and updates the bypassuac_inject module so that it works on
Windows 8.x and Windows 2012. Almost zero of the code in this module
can be attributed to me. Most of it comes from Ben's work.
I did do some code tidying, adjustment of style, etc. but other than
that it's all down to other people.
2015-01-08 15:39:19 +10:00
William Vu
0604b2ecc7
Land #4542 , invalid splat URL fix
2015-01-07 22:54:22 -06:00
EricGershman
0496bb16bc
Minor spelling fix
2015-01-07 23:43:59 -05:00
jvazquez-r7
d59805568e
Do first module refactoring try
2015-01-07 19:06:09 -06:00
rastating
7b92c6c2df
Add WP Symposium Shell Upload module
2015-01-07 22:02:39 +00:00
James Lee
da2e088118
Land #4536 , Ruby 2.2 compat fixes
...
Note that ActiveRecord 3.2.21 still has a similar warning that will
probably cause bugs, preventing full support for 2.2 until that's fixed.
2015-01-07 15:33:23 -06:00
Meatballs
0b0ac1455a
Merge remote-tracking branch 'upstream/master' into extapi_service_post
...
Conflicts:
test/modules/post/test/services.rb
2015-01-07 20:53:34 +00:00
David Maloney
82d129bfc4
Merge branch 'master' into feature/jtr-korelogic-rules-update
2015-01-07 12:42:23 -06:00
David Maloney
df70678762
tell suer KoreLogic rules have been applied
...
make sure to rpovide console feedback that we are
actually applying the KoreLogic rules to wordlist mode
2015-01-07 12:36:07 -06:00
David Maloney
4ad7021336
give user option to turn on KoreLogic rules
...
the cracker modules in framework now have a datastore option
to allow the user to select the KoreLogicRules
2015-01-07 12:32:26 -06:00
sinn3r
ef97d15158
Fix msftidy and make sure all print_*s in check() are vprint_*s
2015-01-07 12:12:25 -06:00
rastating
a5f48b23df
Add use of Msf::ThreadManager
2015-01-07 17:27:06 +00:00
James Lee
3e80efb5a8
Land #4521 , Pandora FMS upload
2015-01-07 11:13:57 -06:00
James Lee
1ccef7dc3c
Shorter timeout so we get shell sooner
...
The request to execute our payload will never return, so waiting for the
default timeout (20 seconds) is pointless.
2015-01-07 11:11:33 -06:00
rastating
e90e98547b
Add configurable timeout to WordPress login
2015-01-07 17:06:31 +00:00
sinn3r
4c240e8959
Fix #4098 - False negative check for script_mvel_rce
...
Fix #4098 , thanks @arnaudsoullie
2015-01-07 10:40:58 -06:00
sinn3r
c60b6969bc
Oh so that's it
2015-01-07 10:39:46 -06:00
James Lee
efe83a4f31
Whitespace
2015-01-07 10:19:17 -06:00
m7x
89699d1549
Typo workspace_id
2015-01-07 10:58:59 +00:00
Christian Mehlmauer
09bd0465cf
fix regex
2015-01-07 11:54:55 +01:00
rcnunez
b3def856fd
Applied changes recommended by jlee-r7
...
used Rex::ConnectionError
refactor begin/rescue blocks
removed ::URI::InvalidURIError
changed @peer with peer
used Exploit::CheckCode:Appears instead of Exploit::CheckCode::Vulnerable
2015-01-07 18:38:19 +08:00
Christian Mehlmauer
eaad4e0bea
fix check method
2015-01-07 11:01:08 +01:00
dmooray
8c23e8c2e8
ruby 2.2 compatibility
...
Fix circular argument reference warnings for ruby 2.2
2015-01-07 12:00:50 +02:00
Christian Mehlmauer
862af074e9
fix bug
2015-01-07 09:10:50 +01:00
Christian Mehlmauer
d007b72ab3
favor include? over =~
2015-01-07 07:33:16 +01:00
Christian Mehlmauer
4277c20a83
use include?
2015-01-07 06:51:28 +01:00
Christian Mehlmauer
39e33739ea
support for anonymous login
2015-01-07 00:08:04 +01:00
Christian Mehlmauer
bf0bdd00df
added some links, use the res variable
2015-01-06 23:25:11 +01:00
sinn3r
2ed05869b8
Make Msf::Exploit::PDF follow the Ruby method naming convention
...
Just changing method names.
It will actually also fix #4520
2015-01-06 12:42:06 -06:00
Christian Mehlmauer
f9f2bc07ac
some improvements to the mantis module
2015-01-06 11:33:45 +01:00
William Vu
0bece137c1
Land #4494 , Object.class.to_s fix
2015-01-06 02:27:35 -06:00
William Vu
f2710f6ba7
Land #4443 , BulletProof FTP client exploit
2015-01-06 02:10:42 -06:00
William Vu
482cfb8d59
Clean up some stuff
2015-01-06 02:10:25 -06:00
William Vu
46aa165ca5
Land #4481 , enum_users_history improvements
2015-01-06 01:52:38 -06:00
William Vu
745bfb2f35
Clean things up
2015-01-06 01:48:18 -06:00
Meatballs
dd5c638ab0
Merge remote-tracking branch 'upstream/master' into extapi_service_post
2015-01-05 22:18:44 +00:00
sinn3r
44dfa746eb
Resolve #4513 - Change #inspect to #to_s
...
Resolve #4513
2015-01-05 11:50:51 -06:00
sinn3r
4257fef91b
Land #4101 - Konica MFP FTP and SMB credential gathering module
2015-01-05 10:31:28 -06:00
rcnunez
547b7f2752
Syntax and File Upload BugFix
...
Fix unexpected ) in line 118
Fix file cleanup missing _
Fix more robust version check script
Fix file upload
2015-01-05 19:23:22 +08:00
jvazquez-r7
e7affb9048
Land #4493 , @pedrib's module for ManageEngine Central Desktop create admin
2015-01-04 23:46:31 -06:00
jvazquez-r7
c5e72fb324
Change module filename
2015-01-04 23:14:12 -06:00
jvazquez-r7
4798f2328d
Change module filename
2015-01-04 23:13:17 -06:00
jvazquez-r7
6bb3171328
Do minor cleanup
2015-01-04 23:12:42 -06:00
jvazquez-r7
711b97ecc5
Beautify metadata
2015-01-04 23:08:46 -06:00
rastating
92015ac124
Replace custom login with wordpress_login mixin
2015-01-04 23:07:07 +00:00
rastating
39412c4a48
Add WordPress long password DoS module
2015-01-04 18:50:23 +00:00
Pedro Ribeiro
c9b76a806a
Create manageengine_auth_upload.rb
2015-01-04 17:05:53 +00:00
Pedro Ribeiro
32d4bf03c3
Add OSVDB id and full disclosure URL
2015-01-04 12:36:51 +00:00
Tim
c959d42a29
minor tweak
2015-01-03 10:15:52 +00:00
sinn3r
d45cdd61aa
Resolve #4507 - respond_to? + send = evil
...
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.
Resolve #4507
2015-01-02 13:29:17 -06:00
sinn3r
3c755a6dfa
Template
2015-01-02 11:31:28 -06:00
root
c348663204
Add McAfee Hashdump
2015-01-02 10:22:11 +00:00
Tod Beardsley
c1718fa490
Land #4440 , git client exploit from @jhart-r7
...
Also fixes #4435 and makes progress against #4445 .
2015-01-01 13:18:43 -06:00
Tod Beardsley
d7564f47cc
Move Mercurial option to advanced, update ref url
...
See #4440
2015-01-01 13:08:36 -06:00
Tod Beardsley
914c724abe
Rename module
...
See rapid7#4440
2015-01-01 13:03:17 -06:00
Jon Hart
65977c9762
Add some more useful URLs
2014-12-31 10:54:04 -08:00
Tod Beardsley
264d3f9faa
Minor grammar fixes on modules
2014-12-31 11:45:14 -06:00
Spencer McIntyre
6d966dbbcf
Land #4203 , @jvazquez-r7's cleanup for java_rmi_server
2014-12-31 11:25:19 -05:00
Christian Mehlmauer
4f11dc009a
fixes #4490 , class.to_s should not be used for checks
2014-12-31 10:46:24 +01:00
Pedro Ribeiro
e81e68bdaf
Create me_dc9_admin.rb
2014-12-31 02:02:52 +00:00
Brendan Coles
cc75c33d60
Use user home directories
...
Replace hard-coded '/home/' and '/root/' with `~username` shorthand.
2014-12-31 09:12:35 +11:00
Brendan Coles
013e45e83d
Add support for MongoDB history
2014-12-31 08:38:58 +11:00
Brendan Coles
d2e6f90569
Use a list of users
2014-12-31 08:12:16 +11:00
sinn3r
48919eadb6
Land #4444 - i-FTP BoF
2014-12-30 12:38:28 -06:00
William Vu
4fd4d51d78
Land #4485 , Drupageddon greedy regex fix
2014-12-30 10:16:57 -06:00
Christian Mehlmauer
96fe693c54
update drupal regex
2014-12-30 09:12:39 +01:00
sinn3r
555713b6ae
Land #4456 - MS14-068, Kerberos Checksum (plus krb protocol support)
2014-12-29 16:09:28 -06:00
sinn3r
f2130311fa
Add the MSF blog reference
2014-12-29 16:08:35 -06:00
Brendan Coles
897e993971
Update description
2014-12-30 08:05:53 +11:00
Brendan Coles
8719a36d84
DRY status messages
2014-12-30 08:03:40 +11:00
Brendan Coles
0de80e9c76
Minor changes to style
2014-12-30 07:58:54 +11:00
Brendan Coles
0085bcf075
Use `blank?' instead of `nil?'
2014-12-30 07:38:34 +11:00
Brendan Coles
a50ac4050c
Add support for PostgreSQL history
2014-12-30 07:33:22 +11:00
Brendan Coles
4ebe0fc0a8
Add support for different shells
2014-12-30 07:26:12 +11:00
jvazquez-r7
d2af956b16
Do minor cleanups
2014-12-29 10:39:51 -06:00
Tod Beardsley
1dd9d60e34
Land #4461 , Android cookie database theft
...
`
Thanks @jvennix-r7!
2014-12-29 08:15:21 -06:00
Tod Beardsley
d10222365b
Add Rafay's blog as a reference
2014-12-29 08:12:19 -06:00
Tod Beardsley
1236684954
Use get_uri instead, note lack of Rex::Text method
...
See rapid7#4461
2014-12-28 15:06:34 -06:00
Tod Beardsley
788e315fd4
Fix msftidy warnings
2014-12-28 14:53:29 -06:00
Borja Merino
9791acd0bf
Add stager ipknock shellcode (PR 2)
2014-12-27 22:03:45 +01:00
jvazquez-r7
9f98fd4d87
Info leak webapp ROOT so we can cleanup
2014-12-27 08:47:51 -06:00
jvazquez-r7
5afd2d7f4b
Add module for ZDI-14-410
2014-12-26 20:40:28 -06:00
jvazquez-r7
655cfdd416
Land #4321 , @wchen-r7's fixes #4246 ms01_026_dbldecode undef method
2014-12-26 12:48:29 -06:00
Jon Hart
51049152b6
Use Rex::Text.rand_mail_address for more realistic fake commit
2014-12-26 10:39:52 -08:00
jvazquez-r7
c1b0385a4b
Land #4460 , @Meatballs1's ssl cert validation bypass on powershell web delivery
2014-12-26 12:07:45 -06:00
jvazquez-r7
2bed52dcd5
Land #4459 , @bcoles's ProjectSend Arbitrary File Upload module
2014-12-26 11:28:42 -06:00
jvazquez-r7
b5b0be9001
Do minor cleanup
2014-12-26 11:24:02 -06:00
jvazquez-r7
85ab11cf52
Use print_warning consistently
2014-12-26 09:54:38 -06:00
jvazquez-r7
f31a2e070e
Use print_warning to print the Kerberos error
2014-12-26 09:22:09 -06:00
jvazquez-r7
d148848d31
Support Kerberos error codes
2014-12-24 18:05:48 -06:00
jvazquez-r7
121c0406e9
Beautify restart_command creation
2014-12-24 15:52:15 -06:00
jvazquez-r7
43ec8871bc
Do minor c code cleanup
2014-12-24 15:45:38 -06:00
jvazquez-r7
92113a61ce
Check payload
2014-12-24 15:43:49 -06:00
jvazquez-r7
36ac0e6279
Clean get_restart_commands
2014-12-24 14:55:18 -06:00
jvazquez-r7
92b3505119
Clean exploit method
2014-12-24 14:49:19 -06:00
jvazquez-r7
9c4d892f5e
Use single quotes when possible
2014-12-24 14:37:39 -06:00
jvazquez-r7
bbbb917728
Do style cleaning on metadata
2014-12-24 14:35:35 -06:00
jvazquez-r7
af24e03879
Update from upstream
2014-12-24 14:25:25 -06:00
Gabor Seljan
0b85a81b01
Use REXML to generate exploit file
2014-12-24 19:23:28 +01:00
Mark Judice
30228bcfe7
Added underscore to user regex in smart_hashdump.rb to support usernames that contain underscores. Issue #4349 .
2014-12-23 22:36:11 -06:00
Jon Hart
a692656ab7
Update comments to reflect reality, minor cleanup
2014-12-23 19:09:45 -08:00
jvazquez-r7
ebb05a64ea
Land #4357 , @Meatballs1 Kerberos Support for current_user_psexec
2014-12-23 20:38:31 -06:00
jvazquez-r7
89d0a0de8d
Delete unnecessary connect
2014-12-23 19:35:59 -06:00
jvazquez-r7
265e0a7744
Upper case domain
2014-12-23 19:16:50 -06:00
jvazquez-r7
ed2d0cd07b
Use USER_SID instead of DOMAIN_SID and USER_RID
2014-12-23 19:11:05 -06:00
Joe Vennix
8d73794cc8
Add hint for exploit on old devices.
2014-12-23 12:29:08 -06:00
Jon Hart
59f75709ea
Print out malicious URLs that will be used by default
2014-12-23 10:10:31 -08:00
Jon Hart
905f483915
Remove unused and commented URIPATH
2014-12-23 09:40:27 -08:00
Jon Hart
8e57688f04
Use random URIs by default, different method for enabling/disabling Git/Mercurial
2014-12-23 09:39:39 -08:00
Jon Hart
bd3dc8a5e7
Use fail_with rather than fail
2014-12-23 08:20:03 -08:00
Jon Hart
015b96a24a
Add back perl and bash related payloads since Windows git will have these and OS X should
2014-12-23 08:13:00 -08:00
Meatballs
16302f752e
Enable generic command
2014-12-23 14:22:26 +00:00
Meatballs
a3b0b9de62
Configure module to target bash by default
2014-12-23 14:19:51 +00:00
Meatballs
313d6cc2f8
Add super call
2014-12-23 14:12:47 +00:00
Meatballs
43221d4cb0
Remove redundant debugging stuff
2014-12-23 14:09:12 +00:00
Meatballs
42a10d6d50
Add Powershell target
2014-12-23 14:07:57 +00:00
Meatballs
40c1fb814e
one line if statement
2014-12-23 11:20:24 +00:00
Meatballs
b41e259252
Move it to a common method
2014-12-23 11:16:07 +00:00
Brendan Coles
5c82b8a827
Add ProjectSend Arbitrary File Upload module
2014-12-23 10:53:03 +00:00
jvazquez-r7
01cf14d44e
Fix banner
2014-12-23 01:02:09 -06:00
jvazquez-r7
4928cd36e4
Land #4187 , @BorjaMerino's post module to get output rules
2014-12-23 01:01:03 -06:00
jvazquez-r7
49fef9e514
Do minor module clean up
2014-12-23 01:00:21 -06:00
Jon Hart
abec7c206b
Update description to describe current limitations
2014-12-22 20:32:45 -08:00
Jon Hart
1505588bf6
Rename the file to reflect what it really is
2014-12-22 20:27:40 -08:00
Jon Hart
ff440ed5a4
Describe vulns in more detail, add more URLs
2014-12-22 20:20:48 -08:00
Jon Hart
b4f6d984dc
Minor style cleanup
2014-12-22 17:51:35 -08:00
Jon Hart
421fc20964
Partial mercurial support. Still need to implement bundle format
2014-12-22 17:44:14 -08:00
jvazquez-r7
708cbd7b65
Allow to provide USER SID
2014-12-22 18:24:50 -06:00
jvazquez-r7
56eadc0d55
Delete default values from options
2014-12-22 18:11:43 -06:00
jvazquez-r7
787dab998d
Fix description
2014-12-22 17:51:44 -06:00
jvazquez-r7
a7faf798bf
Use explicit encryption algorithms
2014-12-22 15:51:17 -06:00
jvazquez-r7
f37cf555bb
Use random subkey
2014-12-22 15:39:08 -06:00
Jon Hart
fdd1d085ff
Don't encode the payload because this only complicates OS X
2014-12-22 13:36:38 -08:00
Joe Vennix
0bf3a9cd55
Fix duplicate :ua_maxver key.
2014-12-22 14:57:44 -06:00
jvazquez-r7
b0a178e0a3
Delete blank line
2014-12-22 14:40:32 -06:00
jvazquez-r7
5a6c915123
Clean options
2014-12-22 14:37:37 -06:00
jvazquez-r7
20ab14d7a3
Clean module code
2014-12-22 14:29:02 -06:00
Jon Hart
ea9f5ed6ca
Minor cleanup
2014-12-22 12:16:53 -08:00
Jon Hart
dd73424bd1
Don't link to unused repositories
2014-12-22 12:04:55 -08:00
Jon Hart
6c8cecf895
Make git/mercurial support toggle-able, default mercurial to off
2014-12-22 11:36:50 -08:00
Jon Hart
574d3624a7
Clean up setup_git verbose printing
2014-12-22 11:09:08 -08:00
Jon Hart
16543012d7
Correct planted clone commands
2014-12-22 10:56:33 -08:00
Jon Hart
01055cd41e
Use a trigger to try to only start a handler after the malicious file has been requested
2014-12-22 10:43:54 -08:00
jvazquez-r7
dabc890b2f
Change module filename again
2014-12-22 12:35:15 -06:00
jvazquez-r7
2b46bdd929
Add references and authors
2014-12-22 12:34:31 -06:00
jvazquez-r7
4319dbaaef
Change module filename
2014-12-22 12:29:28 -06:00
Jon Hart
3bcd67ec2e
Unique URLs for public repo page and malicious git/mercurial repos
2014-12-22 10:03:30 -08:00
William Vu
93be828738
Fix invalid URL in splat
2014-12-22 11:26:20 -06:00
William Vu
f1b9862665
Align shellcode in bind_hidden_tcp
2014-12-22 11:17:14 -06:00
Jon Hart
308eea0c2c
Make malicious hook file name be customizable
2014-12-22 08:28:55 -08:00
root
9a7e431a4a
New block_api applied
2014-12-22 17:21:13 +01:00
Peregrino Gris
42636fb3c0
Handler and block_hidden_bind_tcp deleted
2014-12-22 17:21:13 +01:00
root
fa8e944e34
AHOST OptAddress moved to the payload
2014-12-22 17:21:11 +01:00
Peregrino Gris
c0fa8c0e3f
Add stager for hidden bind shell payload
2014-12-22 17:21:11 +01:00
Jon Hart
7f3cfd2207
Add a ranking
2014-12-22 07:51:47 -08:00
Jon Cave
44084b4ef6
Correct Microsoft security bulletin for ppr_flatten_rec
2014-12-22 10:40:23 +00:00
Gabor Seljan
9be95eacb8
Use %Q for double-quoted string
2014-12-22 07:37:32 +01:00
jvazquez-r7
60d4525632
Add specs for Msf::Kerberos::Client::Pac
2014-12-21 17:49:36 -06:00
sgabe
bb33a91110
Update description to be a little more descriptive
2014-12-21 19:31:58 +01:00
Jon Hart
74783b1c78
Remove ruby and telnet requirement
2014-12-21 10:06:06 -08:00
sgabe
cd02e61a57
Add module for OSVDB-114279
2014-12-21 17:00:45 +01:00
Jon Hart
31f320c901
Add mercurial debugging
2014-12-20 20:00:12 -08:00
Jon Hart
3da1152743
Add better logging. Split out git support in prep for mercurial
2014-12-20 19:34:55 -08:00
Jon Hart
58d5b15141
Add another useful URL. Use a more git-like URIPATH
2014-12-20 19:11:56 -08:00
jvazquez-r7
9f1403a63e
Add initial specs for Msf::Kerberos::Client::TgsResponse
2014-12-20 20:29:00 -06:00
sgabe
9f97b55a4b
Add module for CVE-2014-2973
2014-12-20 18:38:22 +01:00
Jon Hart
f41d0fe3ac
Randomize most everything about the malicious commit
2014-12-19 19:31:00 -08:00
Jon Hart
805241064a
Create a partially capitalized .git directory
2014-12-19 19:07:45 -08:00
Jon Hart
f7630c05f8
Use payload.encoded
2014-12-19 18:52:34 -08:00
jvazquez-r7
b0ac68fbc3
Create build_subkey method
2014-12-19 19:46:57 -06:00
jvazquez-r7
4a106089b9
Move options to build_tgs_request_body
2014-12-19 19:12:17 -06:00
jvazquez-r7
e6781fcbea
Build AuthorizationData from the module
2014-12-19 18:59:39 -06:00
jvazquez-r7
9bd454d288
Build PAC extensions from the module
2014-12-19 18:47:41 -06:00
jvazquez-r7
def1695e80
Use options by call
2014-12-19 18:23:11 -06:00
jvazquez-r7
f332860c19
Clean creation of client and server principal names
2014-12-19 18:16:22 -06:00
jvazquez-r7
bd85723a9d
Build pre auth array out of the mixin
2014-12-19 18:10:14 -06:00
Jon Hart
7f2247f86d
Add description and URL
2014-12-19 15:50:16 -08:00
Jon Hart
9b815ea0df
Some style cleanup
2014-12-19 15:35:09 -08:00
Jon Hart
4d0b5d1a50
Add some vprints and use a sane URIPATH
2014-12-19 15:33:26 -08:00
Tod Beardsley
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
Jon Hart
48444a27af
Remove debugging pp
2014-12-19 15:27:06 -08:00
Jon Hart
1c7fb7cc7d
Mostly working exploit for CVE-2014-9390
2014-12-19 15:24:27 -08:00
jvazquez-r7
d058bd5259
Refact extraction of kerberos cache credentials
2014-12-19 15:53:24 -06:00
Jon Hart
4888ebe68d
Initial commit of POC module for CVE-2013-9390 ( #4435 )
2014-12-19 12:58:02 -08:00
HD Moore
fffa8cfdd1
Lands #4426 by cleaning up the module description
2014-12-19 14:54:17 -06:00
HD Moore
9ede2c2ca5
Lands #4429 by fixing windows/messagebox with EXITFUNC=none
2014-12-19 14:51:57 -06:00
jvazquez-r7
fad08d7fca
Add specs for Rex Kerberos client
2014-12-19 12:14:33 -06:00
Joe Vennix
e45af903d9
Add patch discovery date.
2014-12-19 12:04:41 -06:00
sinn3r
2c0c732967
Fix #4414 & #4415 - exitfunc and proper null-terminated string
...
This patch fixes the following for messagebox.rb
Issue 1 (#4415 )
When exitfunc is none, the payload will not be able to generate
due to an "invalid opcode" error.
Issue 2: (#4414 )
After "user32.dll" is pushed onto the stack for the LoadLibrary
call, the payload does not actually ensure bl is a null byte, it
just assumes it is and uses it to modify the stack to get a
null-terminated string.
Fix #4414
Fix #4415
2014-12-19 03:19:06 -06:00
Joe Vennix
25313b1712
Use the hash to pass the script.
2014-12-19 02:30:37 -06:00
Jon Hart
8d2bd74d31
Add preliminary module to cover 'Misfortune Cookie', CVE-2014-9222
2014-12-18 17:21:26 -08:00
jvazquez-r7
f325d2f60e
Add support for cache credentials in the mixin
2014-12-18 16:31:46 -06:00
Tod Beardsley
c15bad44a6
Be clearer on backslash usage.
...
See #4282
2014-12-18 16:16:02 -06:00
jvazquez-r7
9a58617387
Add dummy test module
2014-12-17 19:57:10 -06:00
sinn3r
6b0a98b69c
Resolve #4408 - bad uncaught nil get_once
2014-12-17 14:02:42 -06:00
Meatballs
6a822cca61
Move code out of begin/rescue block
2014-12-17 06:45:00 +00:00
Meatballs
dd63d793e5
Bring in @darkoperator's filters
2014-12-17 06:14:21 +00:00
Meatballs
8c7ff728ef
Gather some more info
2014-12-17 05:46:01 +00:00
Joe Vennix
84ea628284
Add Android cookie theft attack.
2014-12-16 19:12:01 -06:00
William Vu
f6af86a06d
Land #4402 , ms12_020_check NilClass fix
2014-12-16 15:34:25 -06:00
David Maloney
f237c56a13
This oracle scheduler exploit hangs if not vuln
...
When this exploit gets run against a system that isn't vulnerable
it can hang for a signifigant ammount of time. This change uses the check
method on the exploit to see whether it should proceed. Don't try to exploit
the host if it's not vulnerable.
2014-12-16 09:42:42 -06:00
William Vu
2604746fb7
Land #4361 , Kippo detector
2014-12-15 14:54:48 -06:00
William Vu
8394cc13a8
Perform final cleanup of detect_kippo
2014-12-15 14:38:38 -06:00
sinn3r
c611249723
Take full advantage of the check command
2014-12-15 12:50:59 -06:00
sinn3r
9edb2b4fab
Fix #4378 - Do exception handling
...
Fix #4378
2014-12-15 12:37:36 -06:00
Jon Hart
effb5b966f
Land #4328 , @bcoles' exploit for ActualAnalyzer < 2.81 'ant' code execution
2014-12-15 09:57:27 -08:00
Jon Hart
025c0771f8
Have exploit call check. Have check report_vuln
2014-12-15 09:53:11 -08:00
sinn3r
4c714b3eaf
Land #4386 - Fix issue #3852 (support for other languages for enable_rdp)
2014-12-15 11:37:05 -06:00
Jon Hart
f521e7d234
Use newer Ruby hash syntax
2014-12-15 09:17:32 -08:00
Jon Hart
c93dc04a52
Resolve address before storing the working cred
2014-12-15 09:11:12 -08:00
Brent Cook
c24fdb81b5
Land #4389 , Meatballs1's fix for enum_ad_* post module regressions
...
Fixes #4387 by adjusting for the new return type from ADSI queries.
2014-12-15 10:45:12 -06:00
Jon Hart
5ca8f187b3
Merge remote-tracking branch 'upstream/pr/4328' into temp
2014-12-15 08:15:51 -08:00
root
6480ae2c03
Show message at the end
2014-12-15 16:26:39 +01:00
root
288954afa0
recvfrom allocation changed
2014-12-14 18:58:48 +01:00
Sean Verity
9a0ed723d1
Adds error handling for drive letter enumeration
2014-12-14 12:56:20 -05:00
Brendan Coles
4530066187
return nil
2014-12-15 01:04:39 +11:00
Brendan Coles
55d9e9cff6
Use list of potential analytics hosts
2014-12-14 23:15:41 +11:00
Meatballs
00b802cc68
Reindent description
2014-12-14 10:04:18 +00:00
rcnunez
223d6b7923
Merged with Fr330wn4g3's changes
2014-12-14 13:08:19 +08:00
Sean Verity
0c5f4ce4ee
Removed the handler-ish code
2014-12-13 22:18:41 -05:00
Sean Verity
2addd0fdc4
Fixed name, removed tabs, updated license
2014-12-13 20:37:19 -05:00
HD Moore
e3943682a2
Improves linux/armle payloads, lands #3315
2014-12-13 18:27:14 -06:00
HD Moore
6ea5ed1a82
Shrinks windows payloads, lands #4391
2014-12-13 17:41:50 -06:00
HD Moore
f67a32ef9c
Add missing commits from #3770 , lands #4393
2014-12-13 17:36:26 -06:00
Meatballs
6ecf537f40
Grab user creds to database
2014-12-13 20:30:20 +00:00
Brandon Perry
eb47ca593e
update desc to include domain admin information
2014-12-13 13:01:41 -06:00
Brandon Perry
2e94280cba
mv bmc to scanner/http
2014-12-13 12:58:16 -06:00
HD Moore
5a645c5eba
Stagers updated from source
2014-12-13 12:50:47 -06:00
Meatballs
e914061745
Gsub out funny character when storing to database
2014-12-13 18:35:31 +00:00
Meatballs
316710329b
Fix field.value
2014-12-13 18:31:29 +00:00
HD Moore
92490ab5e8
Singles updated from the source
2014-12-13 12:22:07 -06:00
Meatballs
d3d744a7cb
Make sure we get the field :value
2014-12-13 18:13:36 +00:00
Brandon Perry
8c6b95c39c
Merge branch 'landing-4359' of https://github.com/jhart-r7/metasploit-framework into bmc_trackit
2014-12-13 11:37:57 -06:00
Brandon Perry
cd1e61a201
Merge branch 'master' into bmc_trackit
2014-12-13 11:36:30 -06:00
Andrew Morris
8dd5da9d64
added blog post reference
2014-12-12 18:53:26 -08:00
jvazquez-r7
b1453afb52
Land #4297 , fixes #4293 , Use OperatingSystems::Match::WINDOWS
...
* instead of Msf::OperatingSystems::WINDOWS
2014-12-12 18:19:58 -06:00
jvazquez-r7
5eb510f7bc
Use the correct variable for the filename
2014-12-12 17:40:26 -06:00
jvazquez-r7
27323bcaa5
Fix #3852 , make enable_rdp with other languages
2014-12-12 17:30:14 -06:00
HD Moore
f676b72767
Add Kademlia scanner, lands #4210
2014-12-12 16:40:58 -06:00
HD Moore
338cce02c9
Downcase the service name for consistency
2014-12-12 16:40:42 -06:00
HD Moore
4fc4866fd8
Merge code in from #2395
2014-12-12 16:22:51 -06:00
Tod Beardsley
488f46c8a1
Land #4324 , payload_exe rightening.
...
Fixes #4323 , but /not/ #4246 .
2014-12-12 15:04:57 -06:00
Tod Beardsley
9908e0e35b
Land #4384 , fix typo.
2014-12-12 14:39:47 -06:00
HD Moore
50b734f996
Add Portuguese target, lands #3961 (also reorders targets)
2014-12-12 14:23:02 -06:00
Andrew Morris
f5374d1552
Added report_service method for database support, added port number in the print_status output, removed arbitrary comments, fixed some spacing. Ready for another review from msf devs
2014-12-12 11:57:35 -08:00
jvazquez-r7
008c33ff51
Fix description
2014-12-12 13:36:28 -06:00
Tod Beardsley
183acb9582
Land #4383 to handle Dutch correctly.
2014-12-12 13:32:21 -06:00
Tod Beardsley
81460198b0
Add openssl payload to distcc exploit
...
This is required to test #4274
2014-12-12 13:25:55 -06:00
wez3
3b6e92726c
Update outlook rb, "NL" to "nl_NL"
...
Update outlook rb, "NL" to "nl_NL"
2014-12-12 20:09:34 +01:00
jvazquez-r7
c683e7bc67
Fix banner
2014-12-12 13:01:51 -06:00
jvazquez-r7
b1f7682713
Make msftidy happy
2014-12-12 12:59:00 -06:00
jvazquez-r7
493034ad10
Land #3305 , @claudijd Cisco SSL VPN Privilege Escalation exploit
2014-12-12 12:57:00 -06:00
jvazquez-r7
047bc3d752
Make msftidi happy
2014-12-12 12:49:12 -06:00
jvazquez-r7
a1876ce6fc
Land #4282 , @pedrib's module for CVE-2014-5445, NetFlow Analyzer arbitrary download
2014-12-12 12:47:50 -06:00
jvazquez-r7
b334e7e0c6
Land #4322 , @FireFart's wordpress exploit for download-manager plugin
2014-12-12 12:41:59 -06:00
jvazquez-r7
aaed7fe957
Make the timeout for the calling payload request lower
2014-12-12 12:41:06 -06:00
Jon Hart
00f66b6050
Correct named captures
2014-12-12 10:22:14 -08:00
jvazquez-r7
98dca6161c
Delete unused variable
2014-12-12 12:03:32 -06:00
jvazquez-r7
810bf598b1
Use fail_with
2014-12-12 12:03:12 -06:00
Jon Hart
1e6bbc5be8
Use blank?
2014-12-12 09:51:08 -08:00
jvazquez-r7
4f3ac430aa
Land #4341 , @EgiX's module for tuleap PHP Unserialize CVE-2014-8791
2014-12-12 11:48:25 -06:00
jvazquez-r7
64f529dcb0
Modify default timeout for the exploiting request
2014-12-12 11:47:49 -06:00
Jon Hart
24f1b916e0
Minor ruby style cleanup
2014-12-12 09:47:35 -08:00
Jon Hart
1d1aa5838f
Use Gem::Version to compare versions in check
2014-12-12 09:47:01 -08:00
jvazquez-r7
d01a07b1c7
Add requirement to description
2014-12-12 11:42:45 -06:00
jvazquez-r7
fd09b5c2f6
Fix title
2014-12-12 10:52:18 -06:00
jvazquez-r7
4871228816
Do minor cleanup
2014-12-12 10:52:06 -06:00
jvazquez-r7
a0b181b698
Land #4335 , @us3r777 JBoss DeploymentFileRepository aux module
2014-12-12 10:40:03 -06:00
jvazquez-r7
3059cafbcb
Do minor cleanup
2014-12-12 10:37:50 -06:00
Jon Hart
751bc7a366
Revert "Move to a more appropriate location"
...
This reverts commit 6c82529266
.
2014-12-12 07:42:22 -08:00
Jon Hart
6c82529266
Move to a more appropriate location
2014-12-12 07:40:37 -08:00
Christian Mehlmauer
0f27c63720
fix msftidy warnings
2014-12-12 13:16:21 +01:00
Jon Hart
65b316cd8c
Land #4372
2014-12-11 18:48:16 -08:00
Jon Hart
e5e40307e6
Land #4373
2014-12-11 18:45:53 -08:00
Jon Hart
3c2a33a316
Allow new password to be specified as an option
2014-12-11 17:26:42 -08:00
Jon Hart
a013dbf536
Correct and add more prints
2014-12-11 17:16:43 -08:00
Jon Hart
48dcfd9809
Use random security Q/A
2014-12-11 17:10:33 -08:00
Jon Hart
f208f31a33
Use correct username/domain in report_vuln
...
It would be nice if 'vulns' showed this
2014-12-11 16:59:21 -08:00
Jon Hart
70fce0bb33
Report the changed password
2014-12-11 16:56:22 -08:00
Jon Hart
f64a3be742
Avoid death by a thousand functions
2014-12-11 16:53:36 -08:00
Jon Hart
0627f708a2
Better handling of failed requests
2014-12-11 16:51:41 -08:00
Jon Hart
f2bda05d42
Correct last of the print_
2014-12-11 16:28:08 -08:00
Jon Hart
9486f67fbc
report_vuln upon exploitation with more specific details
2014-12-11 16:28:08 -08:00
Jon Hart
37d0959fd6
Include info in report_vuln. More style
2014-12-11 16:28:08 -08:00
Jon Hart
cfb02fe909
Add check support
2014-12-11 16:28:07 -08:00
Jon Hart
44818ba623
Minor style and usage updates as a result of Scanner
2014-12-11 16:28:07 -08:00
Jon Hart
0a29326ce7
Mixin Scanner. Yay speed!
2014-12-11 16:28:07 -08:00
Jon Hart
c9acd7a233
Remove unnecessary RPORT, which comes from HttpClient
2014-12-11 16:28:07 -08:00
Jon Hart
f8c25d83e5
Use get_cookies instead
2014-12-11 16:26:51 -08:00
Christian Mehlmauer
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
Christian Mehlmauer
de88908493
code style
2014-12-11 23:30:20 +01:00
Tod Beardsley
af9979d30b
Ruby style on methods please
...
Introduced in #4220 . This ain't no JavaScript!
2014-12-11 15:24:30 -06:00
dmaloney-r7
47c38ed04e
Merge pull request #4364 from todb-r7/bug/bruteforce-speed-3904
...
Modules should respect bruteforce_speed again
2014-12-11 13:19:42 -06:00
Tod Beardsley
51762e1194
Explicitly include the HTTP Login scanner
...
This should be the last commit that fixes #3904 .
2014-12-11 11:08:08 -06:00
Tod Beardsley
b533f74024
Add a bruteforce_speed option to all LoginScanners
2014-12-11 11:06:32 -06:00
Jon Hart
24dbc28521
Land #4356
2014-12-11 09:03:18 -08:00
Brandon Perry
54e8254a82
Update bmc_trackit_passwd_reset.rb
2014-12-11 10:59:43 -06:00
Andrew Morris
7afa87f168
screwed up formatting. updated indention at the end. ok seriously, going to bed now
2014-12-11 01:05:56 -08:00
Andrew Morris
291166e1ff
forgot to run through msftidy.rb. made a few minor corrections
2014-12-11 00:47:39 -08:00
Andrew Morris
a1624c15ae
Addressed some recommendations made by wvu-r7. Need to remove some comments, add reporting, etc.
2014-12-11 00:40:20 -08:00
Andrew Morris
22c9db5818
added detect_kippo.rb
2014-12-10 19:37:35 -08:00
Brandon Perry
67cf3e74c0
Update bmc_trackit_passwd_reset.rb
2014-12-10 20:45:54 -06:00
Brandon Perry
90cc9a9bed
Update bmc_trackit_passwd_reset.rb
2014-12-10 19:05:46 -06:00
Brandon Perry
f37dc13a19
Create bmc_trackit_passwd_reset.rb
2014-12-10 18:54:37 -06:00
Tod Beardsley
0eea9a02a1
Land #3144 , psexec refactoring
2014-12-10 17:30:39 -06:00
Meatballs
c813c117db
Use DNS names
2014-12-10 22:25:44 +00:00
Marc Wickenden
245b76477e
Fix issue with execution of perl due to gsub not matching across newlines
2014-12-10 21:38:04 +00:00
Spencer McIntyre
86ae104580
Land #4325 , consistent mssql module names
2014-12-09 21:52:05 -05:00
sinn3r
87c83cbb1d
Another round of name corrections
2014-12-09 20:16:24 -06:00
Jonathan Claudius
e89a399f95
Merge remote-tracking branch 'upstream/master' into add_cisco_ssl_vpn_priv_esc
2014-12-09 20:55:01 -05:00
Tod Beardsley
09617f990b
Implement BRUTEFORCE_SPEED respect (telnet)
...
This implements just for telnet, but assuming this strategy is kosher,
it's not too painful to add for the rest of the LoginScanner using the
old defaults used by `AuthBrute`.
See #3904 , @dmaloney-r7 or @jlee-r7
2014-12-09 15:40:43 -06:00
HD Moore
176296681a
Fix heartbleed cert parsing, lands #4338 , closes #4309
2014-12-09 14:58:27 -06:00
sinn3r
bb8dfdb15f
Ensure consistency for mssql modules
2014-12-09 10:28:45 -06:00
EgiX
700ccc71e7
Create tuleap_unserialize_exec.rb
2014-12-09 10:15:46 +01:00
Christian Mehlmauer
916503390d
use get_data
2014-12-08 22:49:02 +01:00
Christian Mehlmauer
fb9724e89d
fix heartbleed cert parsing, fix #4309
2014-12-08 21:58:38 +01:00
us3r777
4abfb84cfc
Upload WAR through Jboss DeploymentFileRepository
2014-12-08 19:02:51 +01:00
Tod Beardsley
909971e0bf
Margins on description, PowerShell not Powershell
2014-12-08 10:57:49 -06:00
Tod Beardsley
80dc781625
Email over E-mail
...
While I believe "e-mail" is the actually correct spelling, we tend to
say "email" everywhere else. See:
````
todb@mazikeen:~/git/rapid7/metasploit-framework$ grep -ri "print.*email"
modules/ | wc -l
19
[ruby-2.1.5@metasploit-framework](fixup-grammar)
todb@mazikeen:~/git/rapid7/metasploit-framework$ grep -ri
"print.*e-mail" modules/ | wc -l
1
````
2014-12-08 10:55:26 -06:00
Christian Mehlmauer
738fc78883
Land #4220 , outlook gather post module
2014-12-07 22:41:28 +01:00
Pedro Ribeiro
98e416f6ec
Correct OSVDB id
2014-12-07 17:54:31 +00:00
Pedro Ribeiro
e474ecc9cf
Add OSVDB id
2014-12-07 17:41:35 +00:00
jvazquez-r7
54705eee48
Fix option parsing
2014-12-06 21:50:54 -06:00
jvazquez-r7
21742b6469
Test #3729
2014-12-06 21:20:52 -06:00
Brendan Coles
42744e5650
Add actualanalyzer_ant_cookie_exec exploit
2014-12-06 19:09:20 +00:00
Christian Mehlmauer
cc63d435c7
another whitespace
2014-12-06 09:32:22 +01:00
Christian Mehlmauer
f0a47f98bc
final formatting
2014-12-06 00:38:05 +01:00
Christian Mehlmauer
f1f743804e
more formatting
2014-12-06 00:31:38 +01:00
Christian Mehlmauer
9187a409ec
outlook post module fixes
2014-12-06 00:28:44 +01:00
William Vu
2f98a46241
Land #4314 , @todb-r7's module cleanup
2014-12-05 14:05:09 -06:00
sinn3r
4b06334455
Minor title change for mssql_enum_domain_accounts_sqli
...
We don't really do "-" for naming
Kind of stands up on a list
2014-12-05 11:42:08 -06:00
sinn3r
7ae786a53b
Add a comment as an excuse to tag the issue
...
Fix #4246
... so it will automatically close the ticket.
2014-12-05 11:26:26 -06:00
sinn3r
f25e3ebaaf
Fix #4246 - More undef 'payload_exe' in other modules
...
Root cause: payload_exe is an accessor in the TFPT command stager
mixin, you need stager_instance in order to retreive that info.
2014-12-05 11:19:58 -06:00
headlesszeke
8d1ca872d8
Now with logging of command response output
2014-12-05 10:58:40 -06:00
Christian Mehlmauer
5ea062bb9c
fix bug
2014-12-05 11:30:45 +01:00
Christian Mehlmauer
55b8d6720d
add wordpress download-manager exploit
2014-12-05 11:17:54 +01:00
sinn3r
e3f7398acd
Fix #4246 - Access payload_exe information correctly
...
This fixes an undef method 'payload_exe' error. We broke this when
all modules started using Msf::Exploit::CmdStager as the only source
to get a command stager payload. The problem with that is "payload_exe"
is an accessor in CmdStagerTFTP, not in CmdStager, so when the module
wants to access that, we trigger the undef method error.
To be exact, this is the actual commit that broke it:
7ced5927d8
Fix #4246
2014-12-05 02:08:13 -06:00
Jon Hart
85e0d72711
Land #4229 , @tatehansen's module for CVE-2014-7992
2014-12-04 17:20:49 -08:00
Jon Hart
f0cfcd4faf
Update dlsw_leak_capture name and print_
...
This makes it more obvious exactly what is being scanned for
2014-12-04 17:20:01 -08:00
Pedro Ribeiro
e5bdf225a9
Update netflow_file_download.rb
2014-12-04 21:32:19 +00:00
Jon Hart
52851d59c0
Update GATEWAY to GATEWAY_PROBE_HOST, add GATEWAY_PROBE_PORT
2014-12-04 13:26:16 -08:00
Jon Hart
6bd56ac225
Update any modules that deregistered NETMASK
2014-12-04 13:22:06 -08:00
Meatballs
e471271231
Move comment
2014-12-04 20:24:37 +00:00
Meatballs
c14ba11e79
If extapi dont stage payload
2014-12-04 20:17:48 +00:00
Tod Beardsley
79f2708a6e
Slight fixes to grammar/desc/whitespace
...
Note that the format_all_drives module had a pile of CRLFs that should
have been caught by msftidy. Not sure why it didn't.
2014-12-04 13:11:33 -06:00
wez3
7c62fa5c95
Add Windows post module for reading/searching Outlook e-mail #8
2014-12-04 14:28:40 +01:00
tate
3aecd3a10e
added DLSw v1 and v2 check, added check for \x00 in leak segment
2014-12-03 23:27:11 -07:00
sinn3r
2fcbcc0c26
Resolve merge conflict for ie_setmousecapture_uaf ( #4213 )
...
Conflicts:
modules/exploits/windows/browser/ie_setmousecapture_uaf.rb
2014-12-03 14:12:15 -06:00
wez3
3cadcb942a
Add Windows post module for reading/searching Outlook e-mail #7
2014-12-03 18:30:22 +01:00
William Vu
3a978e1147
Land #4280 , frontpage_login improvements
2014-12-02 14:56:57 -06:00
sinn3r
a631ee65f6
Fix #4293 - Use OperatingSystems::Match::WINDOWS
...
Fix #4293 . Modules should use OperatingSystems::Match::WINDOWS
instead of Msf::OperatingSystems::WINDOWS, because the second
won't match anything anymore.
2014-12-02 13:46:27 -06:00
HD Moore
b29e53984e
Merge master with merge of PR #4225
2014-12-02 11:58:30 -06:00
HD Moore
fc96d011ab
Python reverse_http stager, lands #4225
2014-12-02 11:47:31 -06:00
HD Moore
7fe72fd118
Cosmetic tweaks for #4225
2014-12-02 11:47:14 -06:00
wez3
611e8c72eb
Add Windows post module for reading/searching Outlook e-mail #6
2014-12-02 14:05:08 +01:00
sinn3r
a88ee0911a
Fix os detection
...
See #3373
2014-12-02 01:15:55 -06:00
sinn3r
a42c7a81e7
Fix os detection
...
See #4283
2014-12-02 01:13:51 -06:00
headlesszeke
564488acb4
Changed and to &&
2014-12-02 00:02:53 -06:00
headlesszeke
280e10db55
Add module for Arris VAP2500 Remote Command Execution
2014-12-01 23:07:56 -06:00
William Vu
394d132d33
Land #2756 , tincd post-auth BOF exploit
2014-12-01 12:13:37 -06:00
jvazquez-r7
0ab2e99419
Delete version from title
2014-12-01 10:24:12 -06:00
jvazquez-r7
d1e8b160c7
Land #4271 , @espreto's module for CVE-2014-7816 WildFly's Traversal
...
* Issue in the web server JBoss Undertow
2014-12-01 10:22:47 -06:00
jvazquez-r7
f4e20284a4
Change mixin include order
2014-12-01 10:22:20 -06:00
jvazquez-r7
d85aabfed9
Use vprint by default
2014-12-01 10:20:12 -06:00
jvazquez-r7
e0cb0f7966
Fix description
2014-12-01 10:19:14 -06:00
jvazquez-r7
fa07b466d6
Use single quote and minor cosmetic changes
2014-12-01 09:57:29 -06:00
jvazquez-r7
d5888a7f6f
Fix module options
2014-12-01 09:55:36 -06:00
jvazquez-r7
47acf3487d
Do minor cleanup
...
* Prepend peer
* Use print_good when file downloaded
2014-12-01 09:53:00 -06:00
sinn3r
0f973fdf2b
Fix #4284 - Typo "neline" causing the exploit to break
...
"neline" isn't supposed to be there at all.
2014-12-01 01:24:30 -06:00
Tim
5c50a07c0f
futex_requeue
2014-12-01 03:49:22 +00:00
jvazquez-r7
7a2c9c4c0d
Land #4263 , @jvennix-r7's OSX Mavericks root privilege escalation
...
* Msf module for the Ian Beer exploit
2014-11-30 21:13:07 -06:00
jvazquez-r7
b357fd88a7
Add comment
2014-11-30 21:08:38 -06:00
jvazquez-r7
0ab99549bd
Change ranking
2014-11-30 21:08:12 -06:00
jvazquez-r7
7772da5e3f
Change paths, add makefile and compile
2014-11-30 21:06:11 -06:00
Roberto Soares Espreto
e4b3ee2811
Changed the module name.
2014-12-01 01:00:14 -02:00
Roberto Soares Espreto
ecbce679a8
Remove timeout on line 59.
2014-12-01 00:51:12 -02:00
Roberto Soares Espreto
f3957ea428
FILEPATH changed from false to true.
2014-12-01 00:48:47 -02:00
Roberto Soares Espreto
97ee975235
Deleted checking on line 48.
2014-12-01 00:46:58 -02:00
jvazquez-r7
d7d1b72bce
Rename local_variables
2014-11-30 20:40:55 -06:00
Roberto Soares Espreto
84ce573227
Deleted line 61 which returns the server status code.
2014-12-01 00:39:05 -02:00
jvazquez-r7
d77c02fe43
Delete unnecessary metadata
2014-11-30 20:37:34 -06:00
jvazquez-r7
ff30a272f3
Windows paths need 2 backslashes
2014-11-30 18:54:41 -06:00
jvazquez-r7
223bc340e4
Prepend peer
2014-11-30 18:46:15 -06:00
jvazquez-r7
5ad3cc6296
Make FILEPATH mandatory
2014-11-30 18:45:23 -06:00
jvazquez-r7
b1b10cf4e5
Use Rex::ConnectionError
2014-11-30 18:44:25 -06:00
jvazquez-r7
a549cbbef8
Beautify metadata
2014-11-30 18:44:03 -06:00
Deral Heiland
0887127264
Fixed several recommended changes by jvazquez-r7 and jlee-r7
2014-11-30 00:53:24 -05:00
Pedro Ribeiro
26d9ef4edd
Explain about Windows back slashes on option
2014-11-30 00:15:44 +00:00
Pedro Ribeiro
2fb38ec7bb
Create exploit for CVE-2014-5445
2014-11-30 00:12:37 +00:00
Tiago Sintra
6f6274735f
Update frontpage_login.rb
...
Vhost is now used if specified.
Added X-Vermeer-Content-Type header, which seems to be required for the RPC service otherwise server responds with:
method=
status=
status=262147
osstatus=0
msg=No "CONTENT_TYPE" on CGI environment.
osmsg=
2014-11-28 17:21:47 +00:00
sinn3r
f7f4a191c1
Land #4255 - CVE-2014-6332 Internet Explorer
2014-11-28 10:12:27 -06:00
sinn3r
2a7d4ed963
Touchup
2014-11-28 10:12:05 -06:00
OJ
48904c2d63
Land #4277 - vmware-mount configurable directory
2014-11-28 08:05:42 +10:00
Rasta Mouse
985838e999
Suggestions from OJ
2014-11-27 21:38:50 +00:00
HD Moore
10a05a393c
Add format_all_drives payload, lands #4268
2014-11-27 11:44:44 -06:00
HackSys Team
4a4608adbc
Add format_all_drives shellcode for Windows x86_x64
2014-11-27 23:06:54 +05:30
Rasta Mouse
25ecf73d7d
Add configurable directory, rather than relying on the session working
...
directory.
2014-11-27 17:12:37 +00:00
HackSys Team
8473ed144a
Add format_all_drives shellcode for Windows x86_x64
2014-11-27 14:13:49 +05:30
Roberto Soares Espreto
d75ffc36da
Changed the description of FILEPATH
2014-11-27 00:50:34 -02:00
Roberto Soares Espreto
f8dc366f42
Add CVE-2014-7816 Directory Traversal for WildFly 8 Application
2014-11-27 00:13:29 -02:00
peregrino
84bb5b5215
Rex::Socket.to_sockaddr changed
2014-11-26 17:51:38 +01:00
peregrino
16b64ff42a
Rex::Socket.to_sockaddr changed
2014-11-26 17:51:05 +01:00
Joe Vennix
cc33566ca8
Land #4265 , @shuckins-r7 fix for RPORT error on UDP sweep.
2014-11-26 10:27:15 -06:00
Jon Hart
79b2b5e231
RPORT is required by UDPScanner; deregister instead
2014-11-26 07:39:14 -08:00
HackSys Team
f5633ba3c3
Add format_all_drives shellcode for Windows x86_x64
2014-11-26 20:29:25 +05:30
peregrino
16a9450d43
session.tunnel_peer changed by session.session_host. Other minor changes
2014-11-26 12:08:54 +01:00
OJ
75e5553cd4
Change to in exploit
2014-11-26 16:53:30 +10:00
jvazquez-r7
9524efa383
Fix banner
2014-11-25 23:14:20 -06:00
jvazquez-r7
16ed90db88
Delete return keyword
2014-11-25 23:11:53 -06:00
jvazquez-r7
85926e1a07
Improve check
2014-11-25 23:11:32 -06:00
jvazquez-r7
5a2d2914a9
Fail on upload errors
2014-11-25 22:48:57 -06:00
jvazquez-r7
b24e641e97
Modify exploit logic
2014-11-25 22:11:43 -06:00
jvazquez-r7
4bbadc44d6
Use Msf::Exploit::FileDropper
2014-11-25 22:00:42 -06:00
jvazquez-r7
7fbd5b63b1
Delete the Rex::MIME::Message gsub
2014-11-25 21:54:50 -06:00
jvazquez-r7
eaa41e9a94
Added reference
2014-11-25 21:37:04 -06:00
jvazquez-r7
2c207597dc
Use single quotes
2014-11-25 18:30:25 -06:00
jvazquez-r7
674ceeed40
Do minor cleanup
2014-11-25 18:26:41 -06:00
jvazquez-r7
6ceb47619a
Change module filename
2014-11-25 18:09:15 -06:00
jvazquez-r7
1305d56901
Update from upstream master
2014-11-25 18:07:13 -06:00
jvazquez-r7
5615d65aee
Do minor cleanup
2014-11-25 17:35:07 -06:00
jvazquez-r7
d4e5cd25e1
Report credentials for new login level 15
2014-11-25 16:35:16 -06:00
jvazquez-r7
dc253efa19
Use Rex::Text.rand_text*
2014-11-25 16:35:06 -06:00
jvazquez-r7
f20afff1a8
Do return instead of abort
2014-11-25 16:34:57 -06:00
jvazquez-r7
d876efaa0f
Delete ssh_socket attribute
2014-11-25 16:34:47 -06:00
jvazquez-r7
5091bc76ad
Do minor cleanup
2014-11-25 16:34:22 -06:00
jvazquez-r7
c92a26e967
Update from upstream master
2014-11-25 16:30:45 -06:00
jvazquez-r7
5f4760c58e
Print final results in a table
2014-11-25 14:01:29 -06:00
jvazquez-r7
d998d97aaa
Refactor build_user_sid
2014-11-25 13:58:47 -06:00
jvazquez-r7
aad860a310
Make conditional easier
2014-11-25 13:54:08 -06:00
jvazquez-r7
ba57bc55b0
Don't report service
2014-11-25 13:52:22 -06:00
jvazquez-r7
059b0e91da
Don't report service
...
* The mssql could be in a third host, not rhost
2014-11-25 13:50:42 -06:00
jvazquez-r7
b467bda2d6
Reuse local variable
2014-11-25 13:49:24 -06:00
jvazquez-r7
31a84ef6ff
Make ternary operator more readable
2014-11-25 13:44:50 -06:00
jvazquez-r7
be566e5ad3
Use a lower fuzz number by default
2014-11-25 13:42:47 -06:00
jvazquez-r7
cd43f83cd7
Delete unnecessary comments
...
* No need to comment every step, just relevant
comments to undrestad code.
2014-11-25 13:40:57 -06:00
jvazquez-r7
f93dbc6deb
Use the target domain name
2014-11-25 13:36:48 -06:00
jvazquez-r7
7c87603b0e
Add progress information
2014-11-25 13:23:36 -06:00
jvazquez-r7
8e5b37ea6e
Fix reporting
2014-11-25 13:20:31 -06:00
jvazquez-r7
93539ae4c6
Use shorter variable name
2014-11-25 13:04:31 -06:00
jvazquez-r7
271f982f34
Use peer
2014-11-25 13:03:48 -06:00
jvazquez-r7
c549508abb
Use vprint
2014-11-25 13:03:18 -06:00
jvazquez-r7
249fb79a21
Fix print_* calls
2014-11-25 13:02:53 -06:00
jvazquez-r7
87cfd7c321
Dont use disconnect
2014-11-25 13:00:53 -06:00
jvazquez-r7
fb8372f505
Fix metadata
2014-11-25 12:59:11 -06:00
jvazquez-r7
71f35f5cd6
Update from upstream master
2014-11-25 12:46:44 -06:00
Joe Vennix
3a5de9970f
Update description, rename xnu_ver -> osx_ver.
2014-11-25 12:38:29 -06:00
Joe Vennix
7a3fb12124
Add an OSX privilege escalation from Google's Project Zero.
2014-11-25 12:34:16 -06:00
nullbind
4bd579bc1c
added mssql_enum_domain_accounts_sqli
2014-11-25 09:57:20 -06:00
wez3
5294594379
dd Windows post module for reading/searching Outlook e-mail #5 Add DE
2014-11-25 14:36:14 +01:00
William Vu
64f2b45ef4
Land #4258 , release fixes
2014-11-24 21:44:14 -06:00
jvazquez-r7
71669b9f9e
Change module filename
2014-11-24 20:34:12 -06:00
jvazquez-r7
5c4b1b0283
Output some information
2014-11-24 20:31:26 -06:00
jvazquez-r7
6e9cd331b3
Modify description
2014-11-24 20:28:38 -06:00
jvazquez-r7
261da9306e
Use store_loot
2014-11-24 20:22:21 -06:00
jvazquez-r7
cf52dd895f
Refactor search
2014-11-24 20:20:37 -06:00
jvazquez-r7
2fa5223d3b
move check out of the begin block
2014-11-24 19:28:53 -06:00
jvazquez-r7
90bdc770b5
Use literal creation notation
2014-11-24 19:27:50 -06:00
jvazquez-r7
2c4caeed29
Clean metadata
2014-11-24 19:26:12 -06:00
jvazquez-r7
443dd7b6c0
Use constants
2014-11-24 19:04:02 -06:00
jvazquez-r7
250250beb0
Fix indentation
2014-11-24 18:58:07 -06:00
jvazquez-r7
88ccffacb4
Update from upstream master
2014-11-24 18:32:35 -06:00
Jon Hart
0ed356f71c
Move Kademlia stuff to a more OO model, etc, per reviews
...
All of the work is done in rex. The msf mixin just prevents the
desire to call rex directly from the module
2014-11-24 14:03:43 -08:00
Tod Beardsley
bd948eb346
Normalize author name
...
From #4061 , please don't decorate author names with URLs.
2014-11-24 13:03:42 -06:00
jvazquez-r7
343a0d78bc
Delete admin check
2014-11-24 12:28:19 -06:00
jvazquez-r7
7164c4e038
Use shorter filename
2014-11-24 12:10:08 -06:00
jvazquez-r7
021b27dd83
Clean reporting
2014-11-24 12:01:09 -06:00
jvazquez-r7
f74ab34881
Delente unnecessary check
2014-11-24 11:50:41 -06:00
jvazquez-r7
3c858c793a
Use vprint
2014-11-24 11:49:36 -06:00
spdfire
583494c0db
use BrowserExploitServer
2014-11-24 18:49:27 +01:00
jvazquez-r7
4a169210ab
Use vprint
2014-11-24 11:48:16 -06:00
jvazquez-r7
ecb74c543a
Beautify description
2014-11-24 11:27:32 -06:00
jvazquez-r7
c52104e91d
Beautify metadata
2014-11-24 11:24:41 -06:00
jvazquez-r7
fcb4bea3c1
Fix code comments
2014-11-24 11:23:27 -06:00
Tod Beardsley
77b1f2d2f0
Fixup for release
...
Fixes the grammar on the SMTP enumeration module and the Cisco CDP
module, and adds a more informative description and reference for the
CDP module introduced on PR #4061 .
2014-11-24 10:50:43 -06:00
jvazquez-r7
10d0305cb2
Update from upstream master
2014-11-24 09:48:43 -06:00
Jon Hart
e9750e2df8
Minor style/usability cleanups
2014-11-24 06:57:31 -08:00
spdfire
08a67d78c5
module for CVE-2014-6332.
2014-11-24 08:25:18 +01:00
sinn3r
57419bb0fc
Fix #4253 - Print access level for snmp_login
...
Fix #4253 - module should print the access level
2014-11-22 23:09:15 -06:00
tate
9828598cb7
removing timeout method and option
2014-11-22 00:28:56 -07:00
tate
57b04f96a7
working with DLSw protocol check
2014-11-21 23:54:00 -07:00
tate
b9a274f869
improving DLSw detection
2014-11-21 18:58:02 -07:00
wez3
53b69583f4
Add Windows post module for reading/searching Outlook e-mail #4
2014-11-21 20:00:30 +01:00
jvazquez-r7
3ac1f7d4fb
Land #4242 , @Meatballs1 fix for sap_service_discovery report_note
...
* I cannot reproduce @Meatballs1 issue
* But I noticed report_note should :update with :unique_data
* Fixed the :update
2014-11-21 10:16:08 -06:00
jvazquez-r7
e30ee9fee2
Update with :unique_data
2014-11-21 10:14:39 -06:00
HD Moore
99a23ada5c
Module cleanup, error handling, and reporting
2014-11-20 16:18:20 -06:00
Jon Hart
e255db9429
Partial commit
2014-11-20 13:49:36 -08:00
Jon Hart
94e5ba13a4
YARD and spec cleanup
2014-11-20 13:28:01 -08:00
Jon Hart
df36ac910d
Mostly complete Kademlia PING / BOOTSTRAP scanner
2014-11-20 13:28:01 -08:00
Jon Hart
ab49d01a1b
Add beginnings of Kademlia gather module and protocol support
2014-11-20 13:28:00 -08:00
HD Moore
2f6c4a9ba4
Slight tweak to description/author email formatting
2014-11-20 14:53:52 -06:00
Meatballs
ee15179441
Fix service discovery errors
2014-11-20 18:22:33 +00:00
Rich Whitcroft
8306d739e3
add scanner module to extract domain from NTLM challenge
2014-11-20 11:02:21 -05:00
Mark Schloesser
8e7e5590c9
rename SHELLARG to ARGV0 because that's really what it is
2014-11-19 22:14:24 +01:00
mschloesser-r7
ac4c11ca39
work on linux/armle/shell_bind/tcp
...
same changes as to shell_reverse_tcp
2014-11-19 21:53:23 +01:00
mschloesser-r7
fd7248b3c0
work on linux/armle/shell_reverse_tcp
...
shorten the execve code, remove exit, grow argv[0] space
2014-11-19 21:53:23 +01:00
Mark Schloesser
9e9954e831
fix placeholder to show the firmware version I used
2014-11-19 21:23:39 +01:00
Mark Schloesser
a718e6f83e
add exploit for r7-2014-18 / CVE-2014-4880
2014-11-19 21:07:02 +01:00
Tod Beardsley
6a58774dd6
Land #4234 , crediting @jduck
2014-11-19 12:43:04 -06:00
tate
a4a1048f95
modified to get data collection off sock working
2014-11-19 11:17:58 -07:00
Jon Hart
684975a315
Use correct target address for fake As
2014-11-19 08:28:56 -08:00
Jon Hart
3777e78a85
Sanitize creation of target host. Return minimal for SRV
2014-11-19 08:28:56 -08:00
Jon Hart
52e004d8ab
Use less conflicting name for SRV record port
2014-11-19 08:28:56 -08:00
Jon Hart
ee90e4353b
Add more consistent logging for fakedns types that support fake vs bypass
2014-11-19 08:28:55 -08:00
Jon Hart
0910275fac
Don't artificially insert additional records when BYPASS
2014-11-19 08:28:55 -08:00
Fatih Ozavci
a38cb3ee53
@jhart-r7 commits are accepted and conflicts fixed.
2014-11-19 08:28:55 -08:00
Fatih Ozavci
ab7f6866f5
FAKE and BYPASS actions are implemented for SRV queries
2014-11-19 08:28:55 -08:00