2585c8c8b5
Land #7461 , convert futex_requeue (towelroot) module to use targetting and core_loadlib
2017-01-11 13:24:25 -06:00
31f85b905a
add comments
2017-01-07 12:50:11 -06:00
cdcf4cce7d
improve zip module windows script fallback
...
- handle non-English locales
- wait more reliably, handle network paths where FS info gets stale
- use absolute paths correctly
2017-01-07 12:27:03 -06:00
2652f347fa
add module binary
2016-12-22 03:25:10 -06:00
e6d4c0001c
hide debug printing
2016-12-20 00:52:11 +08:00
1dae206fde
Land #7379 , Linux Kernel BPF Priv Esc (CVE-2016-4557)
2016-11-11 16:50:20 -06:00
268a72f210
Land #7193 Office DLL hijack module
2016-11-08 23:15:27 -06:00
3c1f642c7b
Moved PPSX to data/exploits folder
2016-11-08 16:04:46 +01:00
31b593ac67
Land #7402 , Add Linux local privilege escalation via overlayfs
2016-11-01 12:46:40 -05:00
d918e25bde
Land #7439 , Add Ghostscript support to ImageMagick Exploit
2016-10-28 17:07:13 -05:00
43fd0a8813
Land #7436 , Put Rex-exploitation Gem Back
2016-10-18 16:03:54 -05:00
0d1fe20ae5
revamped
2016-10-15 20:57:31 -04:00
741c4b8916
updated android payload gem, removed unused extension jar
2016-10-14 09:59:06 -05:00
9fbe1ddd9d
Land #7384 , CVE-2016-6415 - Cisco IKE Information Disclosure
2016-10-14 08:41:34 -05:00
9b15899d91
Add PS template
2016-10-13 17:40:15 -05:00
6f4f2bfa5f
Add PS target and remove MIFF
2016-10-13 17:39:55 -05:00
7894d5b2c1
Revert "Revert "use the new rex-exploitation gem""
...
This reverts commit f3166070ba
2016-10-11 17:40:43 -05:00
d1a11f46e8
Land #7418 , Linux recvmmsg Priv Esc (CVE-2014-0038)
2016-10-09 18:37:52 -05:00
2dfebe586e
working cve-2014-0038
2016-10-08 23:58:09 -04:00
f3166070ba
Revert "use the new rex-exploitation gem"
...
This reverts commit 52f6265d2e
2016-10-08 21:55:16 -05:00
3b3185069f
Land #7408 , Mirai botnet wordlists
2016-10-06 10:07:20 -05:00
83548a0dde
added mirai user/pass to unhash set
2016-10-05 22:24:11 +02:00
7ce73be936
Add linux.mirai wordlists
2016-10-05 17:57:08 +02:00
52f6265d2e
use the new rex-exploitation gem
...
use the new rex-exploitation gem instead of the packaged in lbirary code
cleans up a huge ammount of space in framework
MS-1709
2016-10-05 09:05:27 -05:00
27cf5c65c4
working module
2016-10-04 23:21:53 -04:00
af4f3e7a0d
use templates from the gem for psh
...
use the templates now contained within the magical
gem of rex-powershell
7309
MS-2106
2016-10-04 14:14:25 -05:00
dcc77fda5b
Add back accidentally-deleted nasm comment.
2016-10-03 23:47:13 -05:00
eff85e4118
Just remove DT_HASH.
2016-10-03 23:43:19 -05:00
8828060886
Fix linux x64 elf-so template.
...
Previously the elf-so would crash when loaded with LD_PRELOAD,
due to not enough room for the symbol table.
2016-10-03 23:24:31 -05:00
7368b995f2
CVE-2016-6415 Cisco - sendpacket.raw
2016-09-29 22:24:55 -05:00
c036c258a9
cve-2016-4557
2016-09-29 05:23:12 -04:00
0e82ced082
Add LPE exploit module for the capcom driver flaw
...
This commit includes:
* RDI binary that abuses the SMEP bypass and userland function pointer
invocation that is provided by the driver.
* Related metasploit module.
* Associated make.build to build from command line.
* Updated command line build file.
This also includes the beginnings of a new set of functions that help
with the management/automation of kernel-related work on Windows for
local priv esc exploits.
2016-09-27 22:37:45 +10:00
6382fffc75
Land #7326 , Linux Kernel Netfilter Privesc
2016-09-26 12:38:50 -05:00
23e5556a4c
binary drops work!
2016-09-24 21:31:00 -04:00
dbf66f27d5
Add a browser-based exploit module for CVE-2015-3864
2016-09-23 11:14:31 -05:00
726079c6e7
diffed with fuzzdb
...
https://github.com/fuzzdb-project/fuzzdb/blob/master/discovery/predictable-filepaths/webservers-appservers/SAP.txt
2016-09-21 00:20:46 -04:00
4c4f2e45d6
Land #7283 , add jsp payload generator
2016-09-16 14:37:59 -05:00
6cb331e74d
Land 7281, add vagrant default password to wordlist
2016-09-07 13:01:01 +01:00
96f81b4817
add root:vagrant to root_userpass
2016-09-07 12:59:12 +01:00
c6012e7947
add jsp payload generator
2016-09-06 22:17:21 +02:00
9d5a276e91
Fix recent metasploit-framework.gemspec conflict.
2016-09-06 13:10:28 -05:00
23a5d737fc
Add password "vagrant" to wordlists
...
The password "vagrant" is often used in Metasploitable3.
2016-09-06 12:36:02 -05:00
83160b7e49
Land #7173 , Add post module to compress (zip) a file or directory
2016-08-24 09:38:04 -05:00
e154aafaaa
On Error Resume Next for zip.vbs
2016-08-17 17:08:38 -05:00
8bece28d00
remove *scan bins as well
...
all *scan bins need to be removed as the rex-bin_tools
gem will now handle these and put them in PATH
MS-1691
2016-08-15 14:04:00 -05:00
8f7d0eae0c
Fix #7155 - Add post module to compress (zip) a file or directory
...
Fix #7155
2016-08-02 14:44:58 -05:00
21e6211e8d
add exploit for cve-2016-0189
2016-08-01 13:26:35 -05:00
d1f65b27b8
Land #7151 , Improve CVE-2016-0099 reliability
2016-07-29 09:22:11 -05:00
ee40c9d809
Land #6625 , Send base64ed shellcode and decode with certutil (Actually MSXML)
2016-07-28 13:01:05 -07:00
322fc11225
Fix whitespace
2016-07-27 12:37:14 -05:00
dbe31766af
Update CVE-2016-0099 Powershell
2016-07-27 12:35:43 -05:00
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e02167b1d9596c7
2016-07-15 12:00:31 -05:00
8f928c6ca1
Land #7006 , Add MS16-032 Local Priv Esc Exploit
2016-07-12 15:22:35 -05:00
621f3fa5a9
Change naming style
2016-07-12 15:18:18 -05:00
2b016e0216
Land #6812 , remove broken OSVDB references
2016-07-11 22:59:11 -05:00
b4b3a84fa5
refactor ms16-016 code
2016-07-05 20:50:43 -05:00
df1a9bee13
Move ps1, Use Env var, Fix license, New Cleanup
...
MS16-032 ps1 moved to external file. This ps1 will now detect windir
to find cmd.exe. The module now also detects windir to find
powershell.exe. The license is now BSD_LICENSE, and the required
copyright has been moved to the ps1. The previous optional cleanup stage
is now standard. The optional 'W_PATH' assignment is corrected to
select the user's variable unless 'W_PATH' is nil.
2016-06-22 09:25:48 -04:00
ba72d3fd92
Land #6988 , Update banners to metasploit.com, not .pro
2016-06-17 15:29:30 -05:00
cd207df6b8
adding karaf to unix lists per 4358
2016-06-15 20:31:48 -04:00
fe4cfd7e3e
Update banners to metasploit.com, not .pro
2016-06-14 15:11:04 -05:00
ab27c1b701
Merge pull request #6940 from samvartaka/master
...
Exploit for previously unknown stack buffer overflow in Poison Ivy versions 2.1.x (possibly present in older versions too)
2016-06-08 11:25:51 -05:00
5260031991
Modifications based on suggestions by @wchen-r7
2016-06-08 01:17:15 +02:00
9128ba3e57
Add popen() vuln to ImageMagick exploit
...
So... we've actually been sitting on this vuln for a while now. Now that
the cat's out of the bag [1], I'm updating the module. :)
Thanks to @hdm for his sharp eye. ;x
[1] http://permalink.gmane.org/gmane.comp.security.oss.general/19669
2016-06-02 11:35:37 -05:00
7b024d1a72
Land #6914 , add siem to the namelist
2016-05-24 14:22:44 -05:00
9d545b0a05
Update namelist.txt
2016-05-24 13:00:59 -04:00
2bac46097f
Remove url() for MVG
...
Technically unnecessary here.
2016-05-05 14:18:42 -05:00
334c432901
Force https://localhost for SVG and MVG
...
https: is all that's needed to trigger the bug, but we don't want wget
and curl to gripe. localhost should be a safe host to request.
2016-05-05 14:18:42 -05:00
decd770a0b
Encode the entire SVG string
...
Because why not? Not like people care about what's around the command.
2016-05-05 14:18:42 -05:00
232cc114de
Change placeholder text to something useful
...
A la Shellshock. :)
2016-05-05 14:18:42 -05:00
5c04db7a09
Add ImageMagick exploit
2016-05-05 14:18:42 -05:00
71c8ad555e
Resolve #6839 , Make Knowledge Base as default
...
Resolve #6839
2016-05-02 14:12:09 -05:00
d80d2bb8d3
Land #6825 , Fixed borders on code boxes
2016-04-27 11:59:52 -07:00
816bc91e45
Resolve #6807 , remove all OSVDB references.
...
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.
Resolve #6807
2016-04-23 12:32:34 -05:00
57ab974737
File.exists? must die
2016-04-21 00:47:07 -04:00
22831695dd
Land #6721 , Add additional SOLMAN default creds
2016-03-30 10:48:53 -05:00
4f84c5a3b7
Add additional SOLMAN default creds
2016-03-29 15:53:15 +01:00
629bc00696
Use MSXML decoder instead
2016-03-25 22:52:16 +09:00
57984706b8
Resolve merge conflict with Gemfile
2016-03-24 18:13:31 -05:00
76c6f8c19d
Move module_doc_template
2016-03-24 17:07:19 -05:00
e29fc5987f
Add missing stream.raw for hp_sitescope_dns_tool
...
This adds the missing stream.raw.
2016-03-15 11:06:06 -05:00
d6742c4097
Change <hr> color
2016-03-10 10:44:18 -06:00
ad0a948ae7
Update module_doc_template
2016-03-08 12:21:20 -06:00
58b8c35146
Escape HTML for KB and update rspec
2016-03-08 10:10:10 -06:00
027315eeaa
Update post_demo_template
2016-03-05 20:33:40 -06:00
03eb568af7
Add --- to make sections to stand out more
2016-03-05 15:17:19 -06:00
f4866fd5f0
Update template and web_delivery doc
2016-03-03 01:27:14 -06:00
cececa749d
Update css
2016-03-03 00:58:17 -06:00
11964c5c1a
Add remote exploit demo and web_delivery doc
2016-03-02 19:52:11 -06:00
19bd7b98f4
Fix minor indenting issue
2016-03-01 11:50:56 +09:00
c8c5549b19
Send base64ed shellcode and decode with certutil
2016-03-01 10:48:25 +09:00
fd8e3e719d
real demo
2016-02-26 14:43:53 -06:00
ed0dfa5725
basic usage
2016-02-26 14:35:07 -06:00
250ce6fb17
lets be clear
2016-02-26 14:30:12 -06:00
1c53e53d23
More info about how to write the doc
2016-02-26 14:24:24 -06:00
e40f1e69db
Update default template
2016-02-26 14:18:24 -06:00
6060c7b09b
We make this pretty
2016-02-26 14:15:54 -06:00
95a9f42996
Add a template for future module documentation
2016-02-24 19:28:17 -06:00
24530e2734
Scrollable list, tab name change, print_status
2016-02-19 20:46:39 -06:00
34d10d7829
Should be fullname
2016-02-19 00:13:55 -06:00
7444a0ff04
Make it more obvious which tab the user is viewing
2016-02-18 17:59:45 -06:00
Brent Cook
Tim
Pearce Barry
scriptjunkie
Yorick Koster
William Webb
dmohanty-r7
h00die
William Vu
David Maloney
Tonimir Kisasondi
mach-0
nixawk
OJ
Joshua J. Drake
Adam Muntner
Christian Mehlmauer
wchen-r7
Brendan
khr0x40sh
h00die
Tod Beardsley
samvartaka
x90" * 365
Meatballs
f7b053223a9e
l0gan