b90ff36ef4
Rewriting the condition 'if' for only one line
2015-04-16 09:15:17 -03:00
7dde7f6f7c
Land #5130 , WordPress WorkTheFlow Upload
2015-04-16 14:06:37 +02:00
dc7f161339
Add author, EDB, OSVDB and WPVDB.
2015-04-16 08:56:33 -03:00
1112a3b0ae
Add WordPress Reflex Gallery Plugin File Upload
2015-04-16 08:40:51 -03:00
21e964e699
Add Author and references..
2015-04-16 07:20:48 -03:00
f6f4bd0746
Add WordPress Dukapress File Read Vulnerability
2015-04-16 07:17:46 -03:00
4aa4f83372
Removed timeout 2.
2015-04-16 05:37:11 -03:00
39556c10c7
Rewrote check method.
2015-04-16 05:36:20 -03:00
ace316a54f
Added WPVDB and EDB references.
2015-04-16 05:29:21 -03:00
10c218319a
Rewrote response condition.
2015-04-16 05:26:48 -03:00
5cb9b1a44c
Removed timeout 2.
2015-04-16 05:21:59 -03:00
0e1b173d15
Renamed USER/PASSWORD to WP_USER/WP_PASSWORD.
2015-04-16 05:11:56 -03:00
13ded8abe7
Added WPVDB.
2015-04-16 05:08:45 -03:00
64923ffdc2
Fixed plugin name in check method
2015-04-16 05:06:36 -03:00
c8e1185a04
Included Wordpress mixin.
2015-04-16 05:02:39 -03:00
e9212c4d6b
wordpress_url_admin_ajax intead of wordpress_url_backend
2015-04-16 04:53:05 -03:00
81d898fd7e
Rewrote check code.
2015-04-16 04:51:40 -03:00
aeb0484889
Removed timeout 2.
2015-04-16 04:48:00 -03:00
e6e9c173e3
Rewrote res conditions.
2015-04-16 04:43:34 -03:00
d11db4edc7
Rewrote check code.
2015-04-16 04:37:30 -03:00
f13d31c7c2
Added WPVDB.
2015-04-16 04:31:23 -03:00
cccda4e851
Removed unnecessary line.
2015-04-16 04:27:15 -03:00
42ff0decc7
Land #4722 , timing options for snmp_login
2015-04-16 02:25:29 -05:00
88062a578d
Clean up PR
2015-04-16 02:25:06 -05:00
d3a6de761d
Removed timeout 2.
2015-04-16 04:09:02 -03:00
01625e3bba
Land #5148 , DRY BSD/OS X shellcode
...
Also fix a semi-regression in the Rootpipe exploit.
2015-04-16 02:08:18 -05:00
13da15e434
Add default PAYLOAD again
...
PrependSetreuid doesn't work with generic/shell_reverse_tcp.
2015-04-16 02:07:02 -05:00
1249f29ee8
Add JSON::ParserError exception handler.
2015-04-16 04:03:54 -03:00
bec6270f07
Fix regex
2015-04-15 23:47:03 -05:00
86c5e96d19
Land #5146 , enum_system cleanup
2015-04-15 22:02:32 -05:00
001253a8da
Clean up module some more
2015-04-15 22:02:04 -05:00
0a4ab99aa5
Land #5149 , couchdb_enum cleanup
2015-04-15 21:50:30 -05:00
4410f8da6e
Clean up module some more
2015-04-15 21:48:19 -05:00
30d60975ba
Land #5144 , add missing report_note in apache_range_dos
2015-04-15 21:47:18 -05:00
01ae7002cf
Fix EOF whitespace
2015-04-15 21:27:53 -05:00
20d4d1ce3f
Move report_goods before the return
2015-04-15 21:22:41 -05:00
9b6aea12e1
Oops, missed a comma.
2015-04-15 19:26:53 -05:00
0031f09d60
Add author, EDB, WPVDB and fix loot.
2015-04-15 20:03:36 -03:00
0f1cf1d1b1
Add Module WP Mobile Edition Plugin File Read Vuln
2015-04-15 19:45:08 -03:00
66b7179a97
Rename module to owa_iis_internal_ip
2015-04-15 17:10:01 -05:00
a109dae033
Fix EOL whitespace
2015-04-15 16:58:59 -05:00
cc422eeeea
Fix splat
2015-04-15 16:58:18 -05:00
34ce4edacb
Add exchange_iis_internal_ip
2015-04-15 16:55:19 -05:00
7cc80c418b
Correct a bad spelling in ms15_034_ulonglongadd.rb
2015-04-15 15:32:55 -05:00
4a18714191
Update authors and license to original osx x86 module.
2015-04-15 14:34:26 -05:00
a01d98d1f5
Implement shell_bind and shell_reverse payloads for bsd x64.
2015-04-15 14:33:27 -05:00
3ca7d6aae5
Land #5150 , @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys
...
* `check` to test, `run` to DoS
2015-04-15 14:29:18 -05:00
28fac60c81
Add module for CVE-2015-0556
2015-04-15 14:08:16 -05:00
76d36a46dc
Missing a checkcode
2015-04-15 14:04:18 -05:00
8a542b841c
Don't check Server header
2015-04-15 13:33:09 -05:00
90ed6ee0b6
No "vhost"
2015-04-15 13:32:11 -05:00
3aa8e6908d
Converted to a DOS module
2015-04-15 13:13:16 -05:00
19ab71aa43
Final update i swear
2015-04-15 10:20:15 -05:00
7a77dbc9f0
Update description
2015-04-15 10:15:40 -05:00
ef6bf54e2f
Fix metadata
2015-04-15 09:22:59 -05:00
1da6b32df7
Land #4924 , @m-1-k-3's DLink CVE-2015-1187 exploit
...
* ncc service ping.cpp command injection
2015-04-15 09:17:10 -05:00
6019bbe0d2
Add ranking comment
2015-04-15 09:12:03 -05:00
ad465c4d5b
Do code cleanup
2015-04-15 09:10:18 -05:00
2206ae48a1
Match the PR title
2015-04-15 01:50:59 -05:00
63048a7385
Newline
...
-_-
2015-04-15 01:38:09 -05:00
6f874b81ff
Add MS15-034 check (CVE-2015-1635)
2015-04-15 01:37:43 -05:00
1d6300991c
Clean the code of the module couchdb_enum.
2015-04-15 02:58:51 -03:00
0d19b5d4c3
Fix require order issue.
2015-04-14 23:23:02 -05:00
e56590e1e3
DRY up common code between BSD / OSX.
2015-04-14 23:08:57 -05:00
c6e8ffb7e3
Fix some "mistakes" following the style guide
2015-04-15 00:35:14 -03:00
9250869ace
Fix typo
2015-04-14 20:19:38 -03:00
6aad8b3a70
Changed the conditions if/elsif to case statements
2015-04-14 20:05:52 -03:00
3cdc84bf27
Fix missing type in report_note
2015-04-14 14:02:20 -05:00
aca93cc86e
Add missing Rank
2015-04-14 13:33:37 -05:00
e114c85044
Land #5127 , x64 OS X prepend stubs 'n' stuff
2015-04-14 01:25:39 -05:00
8d1126eaa5
Land #5129 , x64 BSD prepend stubs 'n' stuff
2015-04-14 01:24:50 -05:00
a09e643a71
Add author, URL, WPVDB and disclosure date.
2015-04-13 22:54:05 -03:00
271a81778e
Add Module WP N-Media Website Contact Form Upload
2015-04-13 22:48:34 -03:00
7f10fb5bf0
Fix disclosure date
2015-04-13 18:53:20 -03:00
e94ca0bdd1
Add EDB, OSVDB and author.
2015-04-13 18:42:17 -03:00
d5d975c450
Add Module WordPress Creative Contact Form Upload
2015-04-13 18:38:43 -03:00
e324819feb
Add Privileged to info hash
...
Also remove default payload. Was set for CMD.
2015-04-13 15:23:30 -05:00
bd3b6514fa
Dubbed. Whump whump.
2015-04-13 10:52:32 -05:00
d87483b28d
Squashed commit of the following:
...
commit 49f480af8b9d27e676c02006ae8873a119e1aae6
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Apr 13 10:42:13 2015 -0500
Fix funny punctuation on rootpipe exploit title
See #5119
commit 0b439671efd6dabcf1a69fd0b089c28badf5ccff
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Apr 13 10:37:39 2015 -0500
Fix vendor caps
Trusting the github repo README at
https://github.com/embedthis/goahead
See #5101
2015-04-13 10:46:47 -05:00
7b57496501
Fix typo and add email addr.
2015-04-13 04:12:32 -03:00
abee3f17c4
Add author, CVE and EDB references
2015-04-13 04:08:34 -03:00
58c4042321
Add Module WP Slideshow Gallery Shell Upload
2015-04-13 03:56:59 -03:00
2d1f8c510e
Add author and references
2015-04-12 21:21:49 -03:00
9f06cee53d
Add Module WordPress WorkTheFlow Shell Upload
2015-04-12 21:09:44 -03:00
2d3614f647
Implement x64 BSD exec and exe template.
...
- Fixes bug in CachedSize due to all options being set
- Adds new payload to payload_spec.
2015-04-12 12:17:25 -05:00
ceadd1e6ec
Update osx x86 payload cached sizes to be accurate.
...
- Right now there is a bug in the payload_spec, which causes the payload's
datastore during the spec run to have things like 'PrependSetuid' => 'false',
where 'false' is a string, which means 'if (datastore['PrependSetuid'])'
branch will be taken, resulting in incorrect behavior.
2015-04-12 00:21:18 -05:00
c132a3fb0a
Fix OSX prepends and implement x64 setreuid.
2015-04-11 20:04:21 -05:00
284ef5bbbb
Land #5112 , Nessus REST Login Module
2015-04-10 13:32:53 -05:00
3313dac30f
Land #5119 , @wvu's addition of the OSX rootpipe privesc exploit.
...
orts
borts
2015-04-10 12:38:25 -05:00
4419c1c728
Land #5120 , Adobe Flash Player casi32 Integer Overflow
2015-04-10 12:18:11 -05:00
e8e7a2a67a
Land #5122 , undefined "upload_path" fix
2015-04-10 11:30:50 -05:00
fc814a17ae
Add admin check
...
Also break out version check.
2015-04-10 11:24:49 -05:00
41885133d8
Refactor and clean
...
Finally breaking free of some stubborn old habits. :)
2015-04-10 11:22:27 -05:00
a7601c1b9a
Use zsh to avoid dropping privs
...
Also add some configurable options.
2015-04-10 11:22:00 -05:00
4cc6ac6eaa
Clarify vulnerable versions
2015-04-10 11:22:00 -05:00
c4b7b32745
Add Rootpipe exploit
2015-04-10 11:22:00 -05:00
b2b7da2dc5
Fix spelling of Microsoft in module name
2015-04-10 11:09:16 +01:00
c6f062d49e
Ensure that local variable `upload_path` is defined
...
Merge `upload_payload` and `parse_upload_response` so that the
`upload_path` variable is defined for use in error messages in the event
of failure.
2015-04-10 10:58:20 +01:00
7810f3d9a3
Add previous nessus_xmlrpc_login file
2015-04-10 12:32:42 +05:00
bbbd4d3634
change name to keep both XML and REST modules
2015-04-10 12:20:43 +05:00
91f5d0af5a
Add module for CVE-2014-0569
...
* Adobe flash, Integer overflow on casi32
2015-04-09 19:37:26 -05:00
b6e750d7eb
Nessus auxiliary scanner for updated REST API
2015-04-09 11:36:17 +05:00
c9bf8f3140
Land #5105 , @joevennix's cable modem 0day
2015-04-08 16:09:46 -05:00
831a59b10b
Fix whitespace
2015-04-08 16:09:28 -05:00
52f1b95222
Add disclosure link
2015-04-08 16:07:33 -05:00
1bfda9e78f
Land #5101 , Add Directory Traversal for GoAhead Web Server
2015-04-08 15:30:23 -05:00
e03f2df691
Land #5002 , RMI/JMX improvements
2015-04-08 15:23:29 -05:00
7ed1655976
Adding module for R7-2015-01
...
Disclosure coming soon, will update this module with a pointer to the
correct reference.
2015-04-08 12:34:31 -05:00
dc14c770be
Changed the traversal variable to just one line
2015-04-08 02:26:59 -03:00
441042ed37
Removed the segments variable
2015-04-08 01:29:45 -03:00
d399d05383
Add Directory Traversal for GoAhead Web Server
2015-04-07 20:22:06 -03:00
9fd40870d0
Update http(s) generator functions
...
Methods now require a hash. I went with the hash because 1) that's what
we seem to use everywhere else, and 2) I couldn't get the new keyword
arguments working nicely with the block syntax (I'm clearly stupid).
2015-04-08 07:56:54 +10:00
8f58e08c13
Add support for stageless reverse_http payloads
...
This includes both x64 and x86.
2015-04-07 11:01:24 +10:00
38a77c930e
Land #5072 : Support and embed payload UUIDs
2015-04-07 10:10:36 +10:00
7a2d3f5ebd
Land #5082 , firefox_proxy_prototype autopwn_info
2015-04-06 13:36:03 -05:00
e1af495d21
Add extra release fixes
2015-04-06 13:08:40 -05:00
b62011121b
Minor word choice fix on Solarwinds exploit
...
Removing the second person pronoun usage.
[See #5050 ]
2015-04-06 12:40:22 -05:00
5be5b6097c
Minor grammar on #5030 , Adobe Flash
...
[See #5030 ]
2015-04-06 12:36:25 -05:00
1e6d895975
Description fixes on #4784 , jboss exploit
...
Also, needed to run through msftidy.
[See #4784 ]
2015-04-06 12:34:49 -05:00
cd65e6f282
Add browser_autopwn info to firefox_proxy_prototype
2015-04-06 10:42:32 +05:00
78c73cc2a3
Update cached sizes with the new uri defaults
2015-04-05 22:11:12 -05:00
7aceb9218e
Use bitwise OR to select both primary and backup DCs
...
SV_TYPE_DOMAIN_CTRL || SV_TYPE_DOMAIN_BAKCTRL returns
SV_TYPE_DOMAIN_CTRL rather than ORing the bits together.
2015-04-05 11:05:42 +01:00
c9696d3f6c
Merge in stageless/transport work, deconflict
2015-04-04 11:52:26 -07:00
56dc7afea6
Land #5068 , @todb-r7's module author cleanup
2015-04-03 16:00:36 -05:00
79b2a23dff
Land #5015 , @espreto file traversal scanner for RIPS
2015-04-03 15:35:58 -05:00
ce6e5e12d8
Make depth an option
2015-04-03 15:33:27 -05:00
70fad73092
Add metadata
2015-04-03 15:27:28 -05:00
e3bbb7c297
Solve conflicts
2015-04-03 14:57:49 -05:00
e729185804
Land #5051 , @nullbind's new options for mssql_enum_domain_accounts_sqli
2015-04-03 14:44:20 -05:00
fe9fbfd157
Make calculations easier
2015-04-03 14:43:01 -05:00
6c36a82f78
Land #5059 , @void-in's documentation clean up
2015-04-03 14:16:34 -05:00
828301a6cc
Land #5050 , @wchen-r7's exploit for Solarwinds Firewall Security Manager
...
* CVE-2015-2284
2015-04-03 13:45:30 -05:00
7c9b19c6f8
Do minor cleanup
2015-04-03 11:53:50 -05:00
452ebcf9ad
travis
2015-04-03 16:29:35 +05:00
be829e77ba
cravis error solve
2015-04-03 16:25:18 +05:00
4bd40fed7f
yard doc and comment corrections for auxiliary
2015-04-03 16:12:23 +05:00
16cb334325
Land #5065 : OJ fix missed merges for uri_checksum and others
2015-04-02 22:53:29 -05:00
fd043d4842
Fix up build and missing uri_checksum stuff
...
Somehow this made it into a merge when it shouldn't have. This fix moves
the URI checksum module to where it needs to be and updates all the
references where required. This will result in a class with the dynamic
transport branch, but I can fix that after.
2015-04-03 13:42:25 +10:00
0f7c644fff
Land #4784 , JBoss Seam 2 upload exec exploit
2015-04-02 22:32:35 -05:00
5b5dc3ef59
Merge branch 'upstream/master' into stageless-x64
...
Merge required adjustment of the proxy datastore names that were changed.
2015-04-03 08:53:09 +10:00
3ff91d74ca
More cleanup, mostly abysssec
...
[See #5012 ]
2015-04-02 16:16:38 -05:00
11057e5b3b
Fix up the last couple from Tenable, missed last
...
[See #5012 ]
2015-04-02 15:27:46 -05:00
4bbec88882
Various other one-off nonhuman author credits
...
[See #5012 ]
2015-04-02 15:25:47 -05:00
6d5bcb93a8
Normalize the SecurityXploded Team credits
...
[See #5012 ]
2015-04-02 15:15:37 -05:00
6532fad579
Remove credits to Alligator Security Team
...
All but one of these modules credits both a team name and individual
team members. We should just be crediting team members. The domain
persists in all the other credits.
The one that didn't was credited to dflah_ specifically, so merely
changed the author name.
Longer description, if needed, wrapped at 72 characters.
[See #5012 ]
2015-04-02 15:12:22 -05:00
db5293eeee
Lands #5054 , adds a module for the Ceragon mateidu SSH issue
2015-04-01 14:32:56 -05:00
b17727d244
Switching to privileged => false
2015-04-01 14:35:45 -05:00
a592f645f0
Land #5039 , Webdorado gallery wd 1.2.5 unauthenticated SQLi scanner
2015-04-01 14:34:58 -05:00
0825534d2c
Fix reference
2015-04-01 14:16:45 -05:00
8ec71e9daf
Add a module for R7-2015-05
2015-04-01 14:05:41 -05:00
02a5730d92
Use calculate_interface_hash
2015-04-01 12:09:42 -05:00
0b14a18ad2
This is final
2015-04-01 12:00:49 -05:00
f954ff78c0
Fix typo
2015-04-01 10:51:54 -05:00
91aeef0a8a
added startrid and endrid
2015-04-01 10:09:13 -05:00
0ee858cd65
Some useful messages
2015-04-01 01:41:31 -05:00
8ad07cdc0f
This should be on the right track
2015-04-01 01:27:50 -05:00
24171a1a08
Land #5045 : Convert stageless proxy to new format
2015-04-01 12:06:57 +10:00
6795c90eac
Some progress
2015-03-31 20:46:34 -05:00
97305629cb
Add Solarwinds FSM module
...
starter
2015-03-31 16:21:52 -05:00
34ff94e0da
Fix the proxy user/pass options
2015-03-31 15:49:43 -05:00
df15892958
Convert stageless proxy settings to the new format
2015-03-31 15:46:15 -05:00
a39ba05383
Functional Payload UUID embedding via PayloadUUIDSeed
2015-03-31 15:44:18 -05:00
63da27ece0
add missing HKLM root to regkey
...
the chevkm windows psot module had HKLM
missing from the front of one of it's reg key
paths. This was missed in Rails 3 due to the
error being swallowed unexpectedly. in rails 4
we actually see this cause a stack trace
MSP-12384
2015-03-31 14:17:18 -05:00
d1318d1b48
Fixups for release
2015-03-31 11:02:12 -05:00
633b46874d
Merge branch 'upstream/master'
2015-03-31 14:53:48 +10:00
e73286cfa5
update stale references
2015-03-30 17:17:48 -05:00
253e5d7dff
Include correct module, remove specified encoder type
2015-03-31 07:23:51 +10:00
613f4777ce
Land #5024 , add joomla_ecommercewd_sqli_scanner.rb
2015-03-30 12:45:09 -05:00
8ea1ffc6ff
Land #5030 , CVE-2015-0313 Flash Exploit
2015-03-30 11:31:53 -05:00
ee404713f1
Land #5014 , @wchen-r7's module for MS14-052
...
* As auxiliary module to gather info about existent local files
2015-03-30 11:02:56 -05:00
8ff54ff98d
Add msb reference
2015-03-30 10:58:08 -05:00
9af1e76bf7
Obfuscate js
2015-03-30 10:52:01 -05:00
c7fa01c5ae
Rename file
2015-03-30 10:39:33 -05:00
c28cc66398
Add x64 bind_tcp and reverse_ipv6_tcp
...
Also fix up a couple of modules to use Metasploit4 instead of
Metasploit3.
2015-03-30 18:59:30 +10:00
9d78aa96d9
Add output of API errors to console
2015-03-30 02:42:09 -04:00
26792975eb
Refactor of code to reduce duplication
...
Add mixin for the stageless http preparation
2015-03-30 13:18:56 +10:00
f8851551c5
Add initial x64 stageless meterrpeter module
2015-03-30 11:23:51 +10:00
ce8f6d72e1
More work on x64 stageless
...
Testing with HD's new changes that allow for generation of larger x64
payloads
2015-03-30 09:51:04 +10:00
28b9e89963
removed duplicate "uses" from description
2015-03-29 19:40:31 -04:00
17dc2b184d
Merging upstream/master
2015-03-30 09:12:20 +10:00
c430e5fab1
@m7x forgot to put a reference in
2015-03-29 02:13:31 +01:00
de2bf0181c
add first pass at gallerywd sqli scanner
2015-03-28 16:15:51 -05:00
9f0483248c
add TARGETURI datastore option
2015-03-28 15:46:41 -05:00
2ed9489f38
Delete load line
2015-03-28 20:31:35 +00:00
99f79e8533
Use incognito token stealing rather than process migration if we have
...
the privileges required for successful impersonation.
2015-03-28 20:31:35 +00:00
f83f4ae764
Move hashdump to gather
2015-03-28 20:31:35 +00:00
e2af15a0df
Refactor MSSQL Post
2015-03-28 20:31:35 +00:00
1558190a9d
Add module mssql_local_hashdump
2015-03-28 20:31:35 +00:00
6ede476423
Update joomla_ecommercewd_sqli_scanner.rb
2015-03-28 08:38:12 -05:00
ef8c0aac69
Land #5020 , spelling fixes for some modules
2015-03-28 00:36:04 -05:00
0dbd8544b4
Update joomla_ecommercewd_sqli_scanner.rb
2015-03-27 21:20:59 -05:00
31be47d5bc
Create joomla_ecommercewd_sqli_scanner.rb
2015-03-27 20:25:33 -05:00
f84a46df63
Add module for CVE-2015-0313
2015-03-27 18:51:13 -05:00
9cfafdd8b8
Land #4649 , improve post/windows/manage/run_as and as an exploit
2015-03-27 17:31:30 -05:00
4f4bf9debb
paylod vs payload
2015-03-27 11:55:15 -07:00
0a8fe781d1
paylod vs payload
2015-03-27 11:54:14 -07:00
5ba614a325
payloda vs payload
2015-03-27 11:53:20 -07:00
2d81460583
Explot vs Exploit
2015-03-27 11:37:11 -07:00
f129347b51
Filed vs Failed fix
2015-03-27 11:28:50 -07:00
48484c1f09
Filed vs Failed fix
2015-03-27 11:27:36 -07:00
Roberto Soares
Christian Mehlmauer
William Vu
Brent Cook
joev
Nate Power
sinn3r
jvazquez-r7
Tod Beardsley
Jon Cave
root
OJ
HD Moore
scriptjunkie
nullbind
David Maloney
Brandon Perry
Denis Kolegov
h00die
Meatballs
root
C-P