Commit Graph

2187 Commits (701d628a1b3cfa9b39d85d6fba1e80d58bccb85c)

Author SHA1 Message Date
William Vu 6f4f2bfa5f Add PS target and remove MIFF 2016-10-13 17:39:55 -05:00
David Maloney 7894d5b2c1 Revert "Revert "use the new rex-exploitation gem""
This reverts commit f3166070ba.
2016-10-11 17:40:43 -05:00
Pearce Barry d1a11f46e8
Land #7418, Linux recvmmsg Priv Esc (CVE-2014-0038) 2016-10-09 18:37:52 -05:00
h00die 2dfebe586e working cve-2014-0038 2016-10-08 23:58:09 -04:00
Brent Cook f3166070ba
Revert "use the new rex-exploitation gem"
This reverts commit 52f6265d2e.
2016-10-08 21:55:16 -05:00
William Vu 3b3185069f
Land #7408, Mirai botnet wordlists 2016-10-06 10:07:20 -05:00
Tonimir Kisasondi 83548a0dde added mirai user/pass to unhash set 2016-10-05 22:24:11 +02:00
Tonimir Kisasondi 7ce73be936 Add linux.mirai wordlists 2016-10-05 17:57:08 +02:00
David Maloney 52f6265d2e use the new rex-exploitation gem
use the new rex-exploitation gem instead of the packaged in lbirary code
cleans up a huge ammount of space in framework

MS-1709
2016-10-05 09:05:27 -05:00
h00die 27cf5c65c4 working module 2016-10-04 23:21:53 -04:00
David Maloney af4f3e7a0d use templates from the gem for psh
use the templates now contained within the magical
gem of rex-powershell

7309
MS-2106
2016-10-04 14:14:25 -05:00
mach-0 dcc77fda5b Add back accidentally-deleted nasm comment. 2016-10-03 23:47:13 -05:00
mach-0 eff85e4118 Just remove DT_HASH. 2016-10-03 23:43:19 -05:00
mach-0 8828060886 Fix linux x64 elf-so template.
Previously the elf-so would crash when loaded with LD_PRELOAD,
due to not enough room for the symbol table.
2016-10-03 23:24:31 -05:00
nixawk 7368b995f2 CVE-2016-6415 Cisco - sendpacket.raw 2016-09-29 22:24:55 -05:00
h00die c036c258a9 cve-2016-4557 2016-09-29 05:23:12 -04:00
OJ 0e82ced082
Add LPE exploit module for the capcom driver flaw
This commit includes:

* RDI binary that abuses the SMEP bypass and userland function pointer
  invocation that is provided by the driver.
* Related metasploit module.
* Associated make.build to build from command line.
* Updated command line build file.

This also includes the beginnings of a new set of functions that help
with the management/automation of kernel-related work on Windows for
local priv esc exploits.
2016-09-27 22:37:45 +10:00
Pearce Barry 6382fffc75
Land #7326, Linux Kernel Netfilter Privesc 2016-09-26 12:38:50 -05:00
h00die 23e5556a4c binary drops work! 2016-09-24 21:31:00 -04:00
Joshua J. Drake dbf66f27d5 Add a browser-based exploit module for CVE-2015-3864 2016-09-23 11:14:31 -05:00
Adam Muntner 726079c6e7 diffed with fuzzdb
https://github.com/fuzzdb-project/fuzzdb/blob/master/discovery/predictable-filepaths/webservers-appservers/SAP.txt
2016-09-21 00:20:46 -04:00
dmohanty-r7 4c4f2e45d6
Land #7283, add jsp payload generator 2016-09-16 14:37:59 -05:00
Tim 6cb331e74d
Land 7281, add vagrant default password to wordlist 2016-09-07 13:01:01 +01:00
Tim 96f81b4817
add root:vagrant to root_userpass 2016-09-07 12:59:12 +01:00
Christian Mehlmauer c6012e7947
add jsp payload generator 2016-09-06 22:17:21 +02:00
Pearce Barry 9d5a276e91
Fix recent metasploit-framework.gemspec conflict. 2016-09-06 13:10:28 -05:00
wchen-r7 23a5d737fc Add password "vagrant" to wordlists
The password "vagrant" is often used in Metasploitable3.
2016-09-06 12:36:02 -05:00
Brendan 83160b7e49
Land #7173, Add post module to compress (zip) a file or directory 2016-08-24 09:38:04 -05:00
wchen-r7 e154aafaaa On Error Resume Next for zip.vbs 2016-08-17 17:08:38 -05:00
David Maloney 8bece28d00
remove *scan bins as well
all *scan bins need to be removed as the rex-bin_tools
gem will now handle these and put them in PATH

MS-1691
2016-08-15 14:04:00 -05:00
wchen-r7 8f7d0eae0c Fix #7155 - Add post module to compress (zip) a file or directory
Fix #7155
2016-08-02 14:44:58 -05:00
William Webb 21e6211e8d add exploit for cve-2016-0189 2016-08-01 13:26:35 -05:00
Brent Cook d1f65b27b8
Land #7151, Improve CVE-2016-0099 reliability 2016-07-29 09:22:11 -05:00
Brendan ee40c9d809
Land #6625, Send base64ed shellcode and decode with certutil (Actually MSXML) 2016-07-28 13:01:05 -07:00
wchen-r7 322fc11225 Fix whitespace 2016-07-27 12:37:14 -05:00
wchen-r7 dbe31766af Update CVE-2016-0099 Powershell 2016-07-27 12:35:43 -05:00
Brent Cook b08d1ad8d8
Revert "Land #6812, remove broken OSVDB references"
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
2016-07-15 12:00:31 -05:00
wchen-r7 8f928c6ca1
Land #7006, Add MS16-032 Local Priv Esc Exploit 2016-07-12 15:22:35 -05:00
wchen-r7 621f3fa5a9 Change naming style 2016-07-12 15:18:18 -05:00
Brent Cook 2b016e0216
Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
William Webb b4b3a84fa5 refactor ms16-016 code 2016-07-05 20:50:43 -05:00
khr0x40sh df1a9bee13 Move ps1, Use Env var, Fix license, New Cleanup
MS16-032 ps1 moved to external file.  This ps1 will now detect windir
to find cmd.exe.  The module now also detects windir to find
powershell.exe.  The license is now BSD_LICENSE, and the required
copyright has been moved to the ps1. The previous optional cleanup stage
 is now standard.  The optional 'W_PATH' assignment is corrected to
select the user's variable unless 'W_PATH' is nil.
2016-06-22 09:25:48 -04:00
Brent Cook ba72d3fd92
Land #6988, Update banners to metasploit.com, not .pro 2016-06-17 15:29:30 -05:00
h00die cd207df6b8 adding karaf to unix lists per 4358 2016-06-15 20:31:48 -04:00
Tod Beardsley fe4cfd7e3e
Update banners to metasploit.com, not .pro 2016-06-14 15:11:04 -05:00
wwebb-r7 ab27c1b701 Merge pull request #6940 from samvartaka/master
Exploit for previously unknown stack buffer overflow in Poison Ivy versions 2.1.x (possibly present in older versions too)
2016-06-08 11:25:51 -05:00
samvartaka 5260031991 Modifications based on suggestions by @wchen-r7 2016-06-08 01:17:15 +02:00
William Vu 9128ba3e57 Add popen() vuln to ImageMagick exploit
So... we've actually been sitting on this vuln for a while now. Now that
the cat's out of the bag [1], I'm updating the module. :)

Thanks to @hdm for his sharp eye. ;x

[1] http://permalink.gmane.org/gmane.comp.security.oss.general/19669
2016-06-02 11:35:37 -05:00
Brent Cook 7b024d1a72
Land #6914, add siem to the namelist 2016-05-24 14:22:44 -05:00
x90" * 365 9d545b0a05 Update namelist.txt 2016-05-24 13:00:59 -04:00
William Vu 2bac46097f Remove url() for MVG
Technically unnecessary here.
2016-05-05 14:18:42 -05:00
William Vu 334c432901 Force https://localhost for SVG and MVG
https: is all that's needed to trigger the bug, but we don't want wget
and curl to gripe. localhost should be a safe host to request.
2016-05-05 14:18:42 -05:00
William Vu decd770a0b Encode the entire SVG string
Because why not? Not like people care about what's around the command.
2016-05-05 14:18:42 -05:00
William Vu 232cc114de Change placeholder text to something useful
A la Shellshock. :)
2016-05-05 14:18:42 -05:00
William Vu 5c04db7a09 Add ImageMagick exploit 2016-05-05 14:18:42 -05:00
wchen-r7 71c8ad555e Resolve #6839, Make Knowledge Base as default
Resolve #6839
2016-05-02 14:12:09 -05:00
wchen-r7 d80d2bb8d3 Land #6825, Fixed borders on code boxes 2016-04-27 11:59:52 -07:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references.
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
2016-04-23 12:32:34 -05:00
Brent Cook 57ab974737 File.exists? must die 2016-04-21 00:47:07 -04:00
wchen-r7 22831695dd
Land #6721, Add additional SOLMAN default creds 2016-03-30 10:48:53 -05:00
Meatballs 4f84c5a3b7
Add additional SOLMAN default creds 2016-03-29 15:53:15 +01:00
f7b053223a9e 629bc00696 Use MSXML decoder instead 2016-03-25 22:52:16 +09:00
wchen-r7 57984706b8 Resolve merge conflict with Gemfile 2016-03-24 18:13:31 -05:00
wchen-r7 76c6f8c19d Move module_doc_template 2016-03-24 17:07:19 -05:00
l0gan e29fc5987f Add missing stream.raw for hp_sitescope_dns_tool
This adds the missing stream.raw.
2016-03-15 11:06:06 -05:00
wchen-r7 d6742c4097 Change <hr> color 2016-03-10 10:44:18 -06:00
wchen-r7 ad0a948ae7 Update module_doc_template 2016-03-08 12:21:20 -06:00
wchen-r7 58b8c35146 Escape HTML for KB and update rspec 2016-03-08 10:10:10 -06:00
wchen-r7 027315eeaa Update post_demo_template 2016-03-05 20:33:40 -06:00
wchen-r7 03eb568af7 Add --- to make sections to stand out more 2016-03-05 15:17:19 -06:00
wchen-r7 f4866fd5f0 Update template and web_delivery doc 2016-03-03 01:27:14 -06:00
wchen-r7 cececa749d Update css 2016-03-03 00:58:17 -06:00
wchen-r7 11964c5c1a Add remote exploit demo and web_delivery doc 2016-03-02 19:52:11 -06:00
f7b053223a9e 19bd7b98f4 Fix minor indenting issue 2016-03-01 11:50:56 +09:00
f7b053223a9e c8c5549b19 Send base64ed shellcode and decode with certutil 2016-03-01 10:48:25 +09:00
wchen-r7 fd8e3e719d real demo 2016-02-26 14:43:53 -06:00
wchen-r7 ed0dfa5725 basic usage 2016-02-26 14:35:07 -06:00
wchen-r7 250ce6fb17 lets be clear 2016-02-26 14:30:12 -06:00
wchen-r7 1c53e53d23 More info about how to write the doc 2016-02-26 14:24:24 -06:00
wchen-r7 e40f1e69db Update default template 2016-02-26 14:18:24 -06:00
wchen-r7 6060c7b09b We make this pretty 2016-02-26 14:15:54 -06:00
wchen-r7 95a9f42996 Add a template for future module documentation 2016-02-24 19:28:17 -06:00
wchen-r7 24530e2734 Scrollable list, tab name change, print_status 2016-02-19 20:46:39 -06:00
wchen-r7 34d10d7829 Should be fullname 2016-02-19 00:13:55 -06:00
wchen-r7 7444a0ff04 Make it more obvious which tab the user is viewing 2016-02-18 17:59:45 -06:00
wchen-r7 4fc7008561 Close div properly 2016-02-18 16:12:27 -06:00
wchen-r7 56c2ba9f75 Turn the HTML template into external 2016-02-18 15:41:14 -06:00
wchen-r7 e5ad6fa781 Support "knowledge base" 2016-02-18 15:02:24 -06:00
wchen-r7 f8d6a59cdc Change wording 2016-02-18 12:19:25 -06:00
wchen-r7 089d6985b6 Add more demo templates 2016-02-18 00:17:32 -06:00
wchen-r7 1bfe1ad140 More demos 2016-02-17 19:04:06 -06:00
wchen-r7 76f2c917ee Allow no GITHUB_OAUTH_TOKEN, and gsub for demo 2016-02-17 15:38:30 -06:00
wchen-r7 714106174e Do external erb template 2016-02-17 14:27:29 -06:00
wchen-r7 b0cfb4aacf Add info -d to show module documentation in .md 2016-02-16 22:44:03 -06:00
Jay Turla aeb1d80e0d Adding top 100 adobe passwords 2016-02-11 08:55:45 +08:00
Bigendian Smalls b3e8bd1dab
Updated zsploit screens to use std msf colors
Using Rex::Ui::Text::Colors now instead of ansi codes
Thanks to @mainframed for the quick turnaround
2016-02-09 12:01:25 -06:00
Bigendian Smalls 90e37ea749
Added three cool new mainframe themed screens
Thanks to *Solider of Fortran* @mainframed for his amazing original artwork!
These set of 3 limited edition, original, one-of-a-kind screens will modernize
your msf installation to the 1960s and beyond.  No seriously they are super cool
and now that metasploit-framework supports System Z - it seemed only fitting.
2016-01-20 06:10:51 -06:00
Brent Cook 7f9b804060
Land #6410, remove JtR binaries, update for independent framework releases 2016-01-06 14:16:49 -06:00
Chris Doughty 97ae09729c Add john.conf to data dir as referenced by: lib/metasploit/framework/jtr/cracker.rb 2016-01-06 13:00:05 -06:00
Chris Doughty ae57bce262 Adding wordlists back to path 2016-01-06 12:54:25 -06:00