a0c806c213
Update java meterpreter and payload references to use metasploit-payloads
2015-05-05 15:01:00 -05:00
c988447c18
title enhancement, OSVDB ref
...
touch up title and add OSVDB reference
2015-05-05 13:21:36 -06:00
232117117b
Fix missing includes
...
The powershell one broke thanks to include hierarchy changes. The others
failed in the specs only for some reason.
2015-05-05 14:24:21 +10:00
146f41992f
Fix up payload sizes
2015-05-05 13:52:20 +10:00
852961f059
Tweaking of transport behaviour, removal of patch
2015-05-05 11:45:22 +10:00
cf62d1fd7c
Remove patch and old stageless stuff
2015-05-05 09:27:01 +10:00
b42f4f5cd2
Merge branch 'upstream/master' into multi-transport-support
...
Conflicts:
lib/msf/core/payload/windows/stageless_meterpreter.rb
lib/msf/core/payload/windows/x64/stageless_meterpreter.rb
lib/rex/post/meterpreter/client_core.rb
modules/payloads/stages/linux/x86/meterpreter.rb
modules/payloads/stages/windows/meterpreter.rb
modules/payloads/stages/windows/x64/meterpreter.rb
2015-05-05 07:53:54 +10:00
05e4af8162
Land #5214 , initial meterpreter session recovery support
2015-05-04 16:25:27 -05:00
b95be1b25f
Support information to include logon scripts
2015-05-04 15:49:19 -05:00
dc42a3ee1a
add OSVDB ref
...
add OSVDB ref
2015-05-04 14:27:44 -06:00
e6ea5511ca
update linux and windows meterpreters to use metasploit-payloads
2015-05-04 09:44:36 -05:00
c2dc4677fb
Prevent stagless from overwriting socket
...
Stageless payloads need to have the socket FD left along (ie. 0)
otherwise each of them will think that the socket is already open.
Instead we need to make sure it's left as 0 as per the configuration and
from there the stageless code will fire up a new socket based on the
transport in question.
2015-05-04 22:36:59 +10:00
e835f2b99c
Rejig transport config into module
...
Adjust a few other things along the way, including tidying of code,
removing of dead stuff.
2015-05-04 22:04:34 +10:00
93bf995b32
Reverse tcp support for POSIX
...
Ported the stager and wired in the new work to make the configuration
function.
2015-05-04 20:11:26 +10:00
9300158c9a
Initial rework of POSIX stuff to handle new configuration
2015-05-04 18:58:55 +10:00
67a23f2c74
Land #5296 , info hash product name fix
2015-05-03 14:36:25 -05:00
4bfb9262e6
Add exploit module for MovableType CVE-2015-1592
...
This module targets the deserialization of untrusted Storable data in
MovableType before 5.2.12 and 6.0.7. The destructive attack will
function on most installations, but will leave the webapp corrupted.
The non-destructive attack will only function on servers that have the
Object::MultiType (uncommon) and DateTime (common) Perl modules
installed in addition to MovableType.
2015-05-03 14:18:01 -05:00
a5c10b7f10
Fix product name
...
Product name missing a letter in two locations
2015-05-03 13:11:22 -06:00
db999d2c62
Remove ff 31-34 exploit from autopwn, requires interaction.
2015-05-03 10:42:21 -05:00
7fb99cdaaf
Merged fixed conflicts
2015-05-02 05:37:36 -04:00
f95774c6b4
Fixed bugs
2015-05-02 05:09:03 -04:00
93ac8b48e3
Land #5178 , @jboss_vulnscan check for console default admin
...
* And minor fixes
2015-05-01 17:38:20 -05:00
697c6c20cb
Do minor cleanup
2015-05-01 17:37:45 -05:00
c6806b4e5f
Land #5102 , @wchen-r7's ManageEngine Desktop Central Login Utility
2015-05-01 15:20:21 -05:00
b037560c90
Do minor style fixes
2015-05-01 15:01:13 -05:00
a531ad9ec2
Land #5096 , @pedrib's exploit for Novell ZCM CVE-2015-0779
2015-05-01 14:35:28 -05:00
0ff33572a7
Fix waiting loop
2015-05-01 14:34:43 -05:00
645f239d94
Change module filename
2015-05-01 14:18:34 -05:00
11a3f59b0b
Return false if there isn't a positive answer
2015-05-01 14:06:57 -05:00
093c2e3ace
Do minor style cleanup
2015-05-01 13:56:48 -05:00
d38adef5cc
Make TOMCAT_PATH optional
2015-05-01 13:54:39 -05:00
d2a7d83f71
Avoid long sleep times
2015-05-01 13:51:52 -05:00
8fcf0c558d
Use single quotes
2015-05-01 13:20:27 -05:00
aa59b3acc6
title enhancement, description touch-up
...
Expanded title to be more precise and standardized use of vendor name
2015-04-30 17:23:15 -06:00
83288ff391
Fix typo
2015-04-30 17:58:26 -05:00
89d026c900
Fix merge conflict
2015-04-30 12:33:45 -05:00
17e54fff1f
Land #5275 , Flash CVE-2014-8440
2015-04-30 12:14:06 -05:00
ee5dc1d6e4
Land #5277 , typo in telnet_encrypt_overflow
2015-04-30 10:44:55 -05:00
5ab9f01eee
Use byte[] so it works even if Base64 unavailable
2015-04-30 12:46:14 +10:00
15bb4d1ea4
Fix #4243 , regression introduced by commit 6e80481384
2015-04-30 12:42:39 +10:00
d773f85dca
Add reference to malware
2015-04-29 17:53:29 -05:00
dbba466b5b
Add module for CVE-2014-8440
2015-04-29 17:52:04 -05:00
4c9f44b00c
Revert "Land #4888 , @h00die's brocade credential bruteforcer"
...
There were some issues with this module that caused backtraces when run outside
of msfconsole. Reverting it for now so we can add some specs and ensure that it
works like the other login scanners.
2015-04-29 15:36:03 -05:00
5defb50252
Fix #5267 , references fixes
2015-04-29 14:21:23 -05:00
a4531e62a0
Clean up references
2015-04-29 14:21:08 -05:00
7962be3e2a
Fix #5271 , moved OSVDB reference
2015-04-29 14:18:52 -05:00
b2d08251e4
Move reference
2015-04-29 14:18:45 -05:00
1eeb9af2d0
Land #5271 , Symantec Workspace Streaming updates
2015-04-29 14:16:23 -05:00
fd567195e3
Fix punctuation and missing comma
2015-04-29 14:12:44 -05:00
5f0736fa4c
enhance title and description, add OSVDB reference, standardized JBoss
2015-04-29 11:39:40 -06:00
cc47f8f6e8
Land #5265 , handle SSL being disabled in the SSL version scanner
2015-04-29 12:34:55 -05:00
c01fc829ab
Title enhancement, OSVDB refs
2015-04-28 15:56:34 -06:00
9b17191e48
Remove unnecessary {,dis}connect
2015-04-28 15:09:16 -05:00
28e661e204
Fix false positive in POODLE scanner
...
If SSL is false somehow.
2015-04-28 14:19:48 -05:00
6058dee99a
explicitly require bind_tcp/reverse_tcp modules
...
This transient error was noted in the release documentation builder.
metasploit-framework/modules/payloads/singles/windows/powershell_bind_tcp.rb:37:in
`initialize': uninitialized constant Msf::Handler::BindTcp (NameError)
2015-04-27 20:57:31 -05:00
7523e592d2
Land #5198 , WordPress contus video gallery 2.7 scanner
2015-04-27 23:24:57 +02:00
7a2084cdc5
Rename wordpress_contus_video_gallery_sqli.rb to wp_contus_video_gallery_sqli.rb
2015-04-26 16:54:21 -05:00
1fd601510c
Lands #5194 , merges in PowerShell session support & initial payloads
2015-04-26 16:01:51 -05:00
f56eac7f10
Cosmetic cleanup and binary mode read for powershell script
2015-04-26 15:57:51 -05:00
82fe480c2e
Update session to display username and hostname
2015-04-26 21:47:49 +01:00
f2c745d2a7
update cached sizes
2015-04-26 20:24:41 +01:00
d19406c593
Update the payload cache size
2015-04-26 18:56:32 +01:00
1cc167a7fb
Inserted ARCH_X86 payloads, removed interactive_powershell and updated base powershell session
2015-04-26 18:50:42 +01:00
4cb1a6c255
Updated payload cached size
2015-04-26 09:30:41 +01:00
e6c61c461e
Updated payloads and fixed msftidy.
2015-04-26 09:20:29 +01:00
6da8a14f62
Initial work on x64 payloads for new config
2015-04-26 13:41:31 +10:00
6ac3ecfa7c
Refactor, add reverse_winhttps support
...
Getting closer to a normalised view of what this stuff will look like.
There URL patching is slowly being removed. Reverse HTTPS works fine,
and by default HTTP should too.
Next up, x64 for the same main ones.
2015-04-26 12:11:14 +10:00
b330b1d41c
typo in title of telnet_encrypt_overflow.rb
2015-04-26 02:32:14 +02:00
2455163d24
Refactor configuration for meterpreter payloads (x86)
...
RDI is now back to what it was before, as this leaves all the other RDI
style payloads alone. Instead we have a new Meterpreter loader which
does the stuff that is required to make meterpreter work well with the
new configuration options.
This is just the case for reverse_tcp and bind_tcp so far, need to do
the other payloads too, along with all the x64 versions.
2015-04-26 09:57:30 +10:00
ded904c72c
New payloads
2015-04-26 00:16:59 +01:00
c41c7a1ba2
Rewrote the conditions of res.
2015-04-25 17:18:38 -03:00
d01da0c522
Changed if conditions and exception handling
2015-04-25 15:08:36 -03:00
3a84396f32
Removed authorization header.
2015-04-25 14:30:21 -03:00
a02ea90824
New payloads which work with cmd
2015-04-25 16:49:22 +01:00
b810a96dac
Add Module for Enum on InfluxDB database.
2015-04-25 04:41:33 -03:00
7afb6e1aa6
Removed stand-alone payloads and will push these as a seperate fork request.
2015-04-25 07:57:43 +01:00
6be2c0beab
Dynamic
2015-04-25 07:49:34 +01:00
2273fb541a
payload cached_sizes
2015-04-25 07:33:51 +01:00
215e67bcbd
Updated comments
2015-04-25 07:02:25 +01:00
4ffffa59fe
Land #5184 , restore store_loot for ssh_creds gatherer
2015-04-24 13:55:06 -05:00
ff96101dba
Land #5218 , fix #3816 , remove print_debug / DEBUG
2015-04-24 13:41:07 -05:00
941a4ee572
updated cached size using tools/update_payload_cached_sizes.rb
2015-04-24 19:13:54 +01:00
7167dc1147
Land #5243 , @espreto's WordPress WPshop eCommerce File Upload exploit
2015-04-24 11:30:28 -05:00
558103b25d
Do code cleanup
2015-04-24 11:30:08 -05:00
896d6e8cb7
Fix title
2015-04-24 11:09:39 -05:00
1825b45ac3
Land #5242 , @espreto's module for GI-Media Library Plugin Directory Traversal
2015-04-24 11:08:52 -05:00
7af6f31c3a
Fix message
2015-04-24 11:08:00 -05:00
5ca6fe3cb0
Do code cleanup
2015-04-24 11:07:13 -05:00
f457f36cdd
Land #5213 , improvements to MS15-035 DoS
2015-04-24 10:54:48 -05:00
7a3949ed52
Land #5230 , @espreto's exploit for WordPress InBoundio Marketing File Upload
...
* OSVDB 119890
2015-04-24 10:49:52 -05:00
8a8d9a26f4
Do code cleanup
2015-04-24 10:47:46 -05:00
b5223912cb
Fix check method
2015-04-24 10:41:41 -05:00
c9b4a272e3
Changed fail_with output.
2015-04-24 12:16:23 -03:00
bb0b2eee37
Fix missing . in SRV query
...
This update adds a missing . to the end of the
_ldap._tcp SRV record so that it properly forms
the DNS query.
2015-04-24 10:42:31 -04:00
2ccf818c7b
msftidy
2015-04-24 11:16:31 +01:00
e14c6af194
Removed double 'Calling payload'.
2015-04-24 06:26:04 -03:00
00d8958cc8
New payloads for reverse_tcp for powershell
2015-04-24 10:25:37 +01:00
01efc97c4a
Add WordPress WPshop eCommerce File Upload.
2015-04-24 06:21:49 -03:00
e51897d64e
Filepath option
2015-04-24 04:35:59 -03:00
7b0b59b5f6
Add WordPress GI-Media Library Plugin File Read.
2015-04-24 04:24:16 -03:00
9e137c6403
ref
2015-04-23 23:28:33 +01:00
468166408e
ref
2015-04-23 23:28:21 +01:00
3711b2579c
new powershell session
2015-04-23 23:13:12 +01:00
0f7442dec2
new powershell session
2015-04-23 23:12:58 +01:00
b642ddb989
interact powershell session
2015-04-23 23:12:38 +01:00
b6abd9dc8e
updates to rex
2015-04-23 22:14:11 +01:00
a3710752c6
updates to rex
2015-04-23 22:14:00 +01:00
5b604d07dd
updates
2015-04-23 22:13:46 +01:00
3e693c95df
update bind_tcp settings
2015-04-23 14:43:08 +01:00
94d99cd833
use Rex::Powershell::Command
2015-04-23 14:42:45 +01:00
e7b84ea40e
rhost mandatory
2015-04-23 10:17:13 +01:00
4ad3394e82
make rhost mandatory
2015-04-23 10:09:50 +01:00
5bf4c9187a
Removed double "Calling payload..."
2015-04-23 03:41:34 -03:00
844f768eee
Add WordPress InBoundio Marketing File Upload
2015-04-23 03:32:17 -03:00
19a6ae68ff
Update bind_tcp sizes to dynamic
...
This is required due to the fact that we can now turn on/off the
closing of the listen socket.
2015-04-23 09:53:18 +10:00
711061a49b
updates
2015-04-22 21:03:13 +01:00
5a648ef79b
updates to script
2015-04-22 20:45:43 +01:00
e9f8b25987
Update wordpress_contus_video_gallery_sqli.rb
...
Update to use the Wordpress mixin
2015-04-22 14:43:55 -05:00
26d208f089
Update wordpress_contus_video_gallery_sqli.rb
...
remove 'uri'
2015-04-22 14:42:03 -05:00
99156f1247
reverse payload
2015-04-22 20:41:45 +01:00
4ae3c5925d
bind payload
2015-04-22 20:41:35 +01:00
3963289519
Land #4888 , @h00die's brocade credential bruteforcer
2015-04-21 18:27:03 -05:00
3a1778ef7c
Spelling Fix
...
s/Brocde/Brocade/ as per bcook-r7
2015-04-21 17:57:36 -04:00
3db0e12b67
Modify autopwn comment
2015-04-21 14:19:15 -05:00
3f40342ac5
Fix sock_sendpage
2015-04-21 14:17:19 -05:00
ab94f15a60
Take care of modules using the 'DEBUG' option
2015-04-21 12:13:40 -05:00
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
073850c5ad
Land #5158 , OWA internal IP disclosure scanner
2015-04-21 11:10:39 -05:00
5296c6507d
Land #5157 , OWA login scanner auth timing logs
2015-04-21 11:06:08 -05:00
a44da8e6d7
URL refs
2015-04-21 09:29:08 -05:00
86957d9b07
Merge branch 'upstream/master' into connection-recovery
2015-04-21 20:01:59 +10:00
a3b0f2e424
Land #5175 , Update mcafee_vse_hashdump description
2015-04-20 21:49:24 -05:00
9a49538c1a
Land #5016 , add SSL Labs scanner
2015-04-20 21:34:16 -05:00
752c3243f6
wrap print* functions in report_* wrappers
...
Preserve the semantics in the code, but don't call functions like 'print_error'
unless there is an actual error running the module. Fix spelling of 'Overall'.
2015-04-20 21:13:43 -05:00
ff32d6cee3
Improve MS15-034 DOS
2015-04-20 20:36:08 -05:00
c6c7560aed
Land #4846 , @joevennix's android 4.3 uxss module
2015-04-20 18:43:24 -05:00
9b240e1d8f
Use parenthesis
2015-04-20 18:42:34 -05:00
3fbd4e2fe6
Land #5172 , x64 BSD shell_{bind,reverse}_tcp
2015-04-20 15:37:29 -05:00
79ca0a56f9
Land #4171 , Steam protocol support
2015-04-20 15:35:06 -05:00
f762873a31
Land #5192 , @joevennix's module for Safari CVE-2015-1126
...
* Module to profit cross domain vulnerability on safari
2015-04-20 15:19:54 -05:00
e2eaff6b3a
Don't modify datastore options
2015-04-20 15:16:21 -05:00
88c52ae7ae
Delete second stop_service, the mixin should had done the job
2015-04-20 15:13:11 -05:00
dc0549d2dd
Use #wait
2015-04-20 15:06:01 -05:00
c1234e05e2
Delete parenthesis from condition
2015-04-20 14:56:37 -05:00
0283ac05e5
Do minor style fixes
2015-04-20 14:54:39 -05:00
69b8edda4a
Use single quotes
2015-04-20 14:53:38 -05:00
16daa935dd
Do minor code cleanup
2015-04-20 13:08:51 -05:00
4f59abe842
Land #5203 , @Meatballs1 fixes #5199 by using the correct namespace
...
* Fixes web_delivery
2015-04-20 11:20:48 -05:00
d9d8451b9f
Updated tools/msftidy.rb issues
2015-04-20 16:03:34 +01:00
eb1c01417a
Bogus :
2015-04-20 11:00:26 +01:00
Brent Cook
Darius Freamon
OJ
jvazquez-r7
William Vu
John Lightsey
joev
Denis Kolegov
wchen-r7
James Lee
lanjelot
Christian Mehlmauer
Brandon Perry
HD Moore
Ben Turner
benpturner
m-1-k-3
Roberto Soares
kaospunk
Mike
Meatballs