Commit Graph

1310 Commits (81d63c8cc790644042b2cafe577636002f029390)

Author SHA1 Message Date
Carter 81d63c8cc7 Create netgear_r7000_cgibin_exec.rb 2017-02-15 22:33:48 -05:00
William Webb 2ff170a1fa
Land #7820, Exploit for TrueOnline Billion 5200W-T 2017-01-31 11:33:56 -06:00
William Webb f167358540
Land #7821, Command Injection Exploit for TrueOnline ZyXEL P660HN 2017-01-31 11:28:46 -06:00
William Webb b3521dfb69
Land #7822, Command Injection Exploit for TrueOnline P660HN v2 2017-01-31 11:22:49 -06:00
Brent Cook ff2b8dcf99
Revert "Land #7605, Mysql privilege escalation, CVE-2016-6664" - premature merge
This reverts commit 92a1c1ece4, reversing
changes made to 9b16cdf602.
2017-01-22 19:16:33 -06:00
Brent Cook 92a1c1ece4
Land #7605, Mysql privilege escalation, CVE-2016-6664 2017-01-22 17:17:28 -06:00
Brent Cook 836da6177f Cipher::Cipher is deprecated 2017-01-22 10:20:03 -06:00
Pedro Ribeiro 2dca53e19a Add full disclosure link 2017-01-17 11:09:44 +00:00
Pedro Ribeiro 1160a47b55 Add full disclosure link 2017-01-17 11:09:29 +00:00
Pedro Ribeiro c2cd26a6e1 Add full disclosure link 2017-01-17 11:09:11 +00:00
Pedro Ribeiro 7fafade128 fix msftidy stuff v2 2017-01-12 18:06:13 +00:00
Pedro Ribeiro ba8dfbd9f1 fix msftidy stuff 2017-01-12 18:05:54 +00:00
Pedro Ribeiro f88e68da25 fix msftidy stuff 2017-01-12 18:04:58 +00:00
Pedro Ribeiro 2274e38925 fix msftidy stuff 2017-01-12 18:03:12 +00:00
Pedro Ribeiro b863db9d02 add billion sploit 2017-01-12 17:51:24 +00:00
Pedro Ribeiro 2827a7ea1a add 660v2 sploit 2017-01-12 17:50:57 +00:00
Pedro Ribeiro af2516d074 add 660v1 sploit 2017-01-12 17:49:28 +00:00
wchen-r7 74cea5dd04 Use Linux payloads instead of cmd/unix/interact
As of now, cmd/unix/interact causes msfconsole to freeze, so
we can't use this.
2017-01-09 11:11:17 -06:00
wchen-r7 e331066d6d Add CVE-2016-6433 Cisco Firepower Management Console UserAdd Exploit 2017-01-06 17:05:25 -06:00
William Vu 19319f15d4
Land #7626, Eir D1000 modem exploit 2017-01-04 17:02:39 -06:00
William Vu b0e79076fe Switch to wget CmdStager and tune timing
We don't want to trample the device with requests.
2017-01-04 16:42:53 -06:00
William Vu 94d76cfb06 Merge remote-tracking branch 'upstream/master' into tr-069-ntpserver-command-injection 2017-01-03 17:04:04 -06:00
Adam Cammack fe0a3c8669
Update themoon exploit to use wget command stager 2017-01-03 15:50:57 -06:00
William Vu 9d0ada9b83
Land #7749, make drb_remote_codeexec great again 2016-12-28 06:11:48 -06:00
William Vu cfca4b121c Clean up module 2016-12-28 06:10:46 -06:00
William Vu afd8315e1d
Remove apache_continuum_cmd_exec CmdStager flavor
It is inferred from the platform, and we don't want to override it
needlessly. :bourne is what worked during testing, but it won't always
work. Now we can override the flavor with CMDSTAGER::FLAVOR.
2016-12-27 16:24:16 -06:00
joernchen of Phenoelit 679ebf31bd Minor fix to make dRuby great again 2016-12-23 15:12:22 +01:00
joernchen of Phenoelit d69acd116d Make dRuby great again 2016-12-22 15:37:16 +01:00
Tod Beardsley a4f681ae35
Add quoted hex encoding 2016-12-06 09:05:35 -06:00
Tod Beardsley d549c2793f
Fix module filename to be TR-064 2016-12-02 08:49:21 -06:00
Tod Beardsley 9e4e9ae614
Add a reference to the TR-064 spec 2016-12-02 08:48:09 -06:00
Tod Beardsley ddac5600e3
Reference TR-064, not TR-069 2016-12-02 08:45:15 -06:00
William Vu 1d6ee7192a
Land #7427, new options for nagios_xi_chained_rce 2016-11-30 17:11:02 -06:00
William Vu 3e8cdd1f36 Polish up USER_ID and API_TOKEN options 2016-11-30 17:10:52 -06:00
Tod Beardsley 43cd788350
Switch back to echo as cmdstager flavor 2016-11-30 10:18:09 -06:00
Tod Beardsley b75fbd454a
Add missing peer in vprint_error 2016-11-30 07:59:41 -06:00
Tod Beardsley 657d52951b
Linemax 63, switch to printf 2016-11-30 07:51:36 -06:00
Tod Beardsley 08b9684c1a
Add a FORCE_EXPLOIT option for @FireFart 2016-11-29 16:37:13 -06:00
Tod Beardsley 57d156a5e2
Revert "XML encode the command passed"
This reverts commit 9952c0ac6f.
2016-11-29 16:24:26 -06:00
Tod Beardsley b7904fe0cc
Oh silly delimiters and lack thereof 2016-11-29 15:53:05 -06:00
Tod Beardsley 9952c0ac6f
XML encode the command passed 2016-11-29 15:49:55 -06:00
Tod Beardsley 851aae3f15 Oops, wrong module
This reverts commit d55d2099c5.
2016-11-29 15:15:18 -06:00
Tod Beardsley d55d2099c5
Just one platform thanks 2016-11-29 15:08:45 -06:00
Tod Beardsley 4d6b2dfb46
Use CmdStager instead
Oh, and this is totally untested as of this commit.
2016-11-29 15:03:38 -06:00
Tod Beardsley 8de17981c3
Get rid of the WiFi key stealer 2016-11-29 14:48:04 -06:00
Tod Beardsley 75bcf82a09
Never set DefaultPaylod, reverse target options 2016-11-29 14:43:10 -06:00
Tod Beardsley f55f578f8c
Title, desc, authors, refs 2016-11-29 14:39:38 -06:00
Tod Beardsley d691b86443
First commit of Kenzo's original exploit
This is a work in progress, and is merely the copy-paste
of the original PoC exploit from:

https://devicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/
2016-11-29 09:13:52 -06:00
x2020 6f70323460 Minor misspelling mistakes and corrected the check of the mysqld process 2016-11-25 19:03:23 +00:00
x2020 1119dc4abe Targets set to automatic
removed targets and set only automatic
the targets weren't used so there's no funcionallity loss
2016-11-25 17:35:28 +00:00