7579abb34e
report_note in a line
2016-04-23 19:43:44 +08:00
55e31bacee
add exception handler
2016-04-23 19:01:55 +08:00
73121f7e2f
add vprint_good
2016-04-23 18:50:48 +08:00
bc1f829fe5
class Metasploit4 -> class MetasploitModule
2016-04-23 17:36:22 +08:00
da9f156913
Print IP in print_*
2016-04-22 16:03:31 -05:00
3aa02891e9
Bring #6801 up to date with upstream-master
2016-04-22 14:04:26 -05:00
4a435e8d13
Bring hp_dataprotector_install_service up to date w/ upstream-master
2016-04-22 13:42:41 -05:00
db1d973ef0
Cosmetic changes for hp_dataprotector_install_service
2016-04-22 13:41:18 -05:00
16ff74e293
syntax check / code reduce
2016-04-22 10:53:03 +08:00
ca4bcfe62a
Update enum_emet.rb
...
Cleaned up a bit more
2016-04-22 00:41:10 +01:00
c81d0ade3f
Update, implemented
...
Took @bcook-r7's advice
2016-04-22 00:37:03 +01:00
30ac6b4a93
enum_emet
...
A module to enumerate all the EMET wildcard paths.
2016-04-22 00:20:25 +01:00
67968e912c
Land #6785 Add CVE-2016-0854 Advantech WebAccess Arbitrary File Upload
2016-04-21 12:02:04 -05:00
57ab974737
File.exists? must die
2016-04-21 00:47:07 -04:00
c08872144f
Update advantech_webaccess_dashboard_file_upload.rb
2016-04-21 09:33:03 +08:00
dcb9c83f98
Update advantech_webaccess_dashboard_file_upload.rb
2016-04-21 09:28:42 +08:00
6b3326eab2
Land #6707 , support for LURI handler
2016-04-20 16:26:07 -05:00
e1e43db551
Land #6789 , remove overwritten keys from hashes
2016-04-20 13:33:31 -05:00
57467b94d9
Fix RegExp evaluation in is_routable? function
2016-04-20 10:22:46 -05:00
57cb8e49a2
remove overwritten keys from hashes
2016-04-20 07:43:57 -04:00
b74930f5c9
Land #6771 , Deprecate dns_bruteforce / dns_cache_scraper / dns_info / dns_reverse_lookup / dns_srv_enum
2016-04-19 16:30:36 -05:00
2400345fff
Merge pull request #2 from open-security/advantech_webaccess_dashboard_file_upload
...
Advantech webaccess dashboard file upload
2016-04-19 12:59:32 +08:00
0407acc0ec
add print_status with vuln_version?
2016-04-19 11:22:00 +08:00
c88ddf1cc4
fix NilClass for res.body
2016-04-19 10:27:20 +08:00
fd603102db
Land #6765 , Fixed SQL error in lib/msf/core/exploit/postgres
2016-04-18 10:44:20 -07:00
89a3755754
Land #6786 , post/windows/manage/autoroute improvements
...
Resolve #6781
2016-04-18 12:11:42 -05:00
a895b452e6
fix
2016-04-19 00:21:26 +08:00
c596421b01
use generate_uri_uuid_mode for java reverse_http
2016-04-18 08:26:02 -05:00
edd30e433e
https tweaks
2016-04-18 08:26:02 -05:00
555352b210
Force lurl string duplication to avoid stageless issues
...
I have NO idea why this is even a problem. Mutating state is the spawn of satan.
2016-04-18 08:25:19 -05:00
a74a7dde55
More fixies for LURI in Python, and native too
2016-04-18 08:25:19 -05:00
06d53112e3
Add support for LURI to the java and android payloads
2016-04-18 08:24:41 -05:00
b95267997d
Fix LURI support for stageless, transport add/change and code tidies
2016-04-18 08:24:41 -05:00
ce9b692dd8
add print_status
2016-04-18 20:43:39 +08:00
7143668671
fix version_match
2016-04-18 20:31:32 +08:00
897238f3ec
identify fingerpriint / make the code clear
2016-04-18 19:55:42 +08:00
7d1095bc08
Update advantech_webaccess_dashboard_file_upload.rb
2016-04-18 11:24:03 +08:00
47b5398152
Update advantech_webaccess_dashboard_file_upload.rb
2016-04-18 11:05:25 +08:00
48556483b5
Fix a few comments
2016-04-17 19:16:52 -05:00
32590c89b7
Add interface name to routing status message
2016-04-17 14:15:50 -05:00
ae23da39b8
Update advantech_webaccess_dashboard_file_upload.rb
2016-04-17 21:23:45 +08:00
ab9e988dd4
Update advantech_webaccess_dashboard_file_upload.rb
2016-04-17 21:15:03 +08:00
6c969b1c3b
Update advantech_webaccess_dashboard_file_upload.rb
2016-04-17 18:49:56 +08:00
fb7194c125
Work on autoroute.md
2016-04-17 00:04:42 -05:00
32192d3034
Advantech WebAccess Dashboard Viewer Arbitrary File Upload
...
Advantech WebAccess Dashboard Viewer Arbitrary File Upload
2016-04-17 11:29:06 +08:00
a5e48b6112
Add default option and clean up comments
2016-04-16 19:50:08 -05:00
6550e0bc1b
Finish up autoadd_interface_routes
2016-04-16 18:42:41 -05:00
b3d199c055
Add get_subnet_octet and test
2016-04-16 14:57:39 -05:00
b1064af082
Initial get_subnet testing
2016-04-16 13:50:15 -05:00
018e7807fe
Identify routable networks
2016-04-15 22:21:54 -05:00
e8863ba09d
Initial autoadd_interface_routes work
2016-04-15 22:13:17 -05:00
a434622d21
Land #6769 , Add CVE-2016-1593 Novell ServiceDesk Authenticated Upload
2016-04-15 18:59:37 -05:00
5f5c330f2b
Initial Testing of Interface Info Gather
2016-04-14 21:59:48 -05:00
92ef8f4ab3
Land #6751 , Correct proftp version check at module runtime
2016-04-14 15:34:53 -05:00
f1523d0804
Land #6779 , Add CVE-2016-1531: Exim "perl_startup" Privilege Escalation
2016-04-14 15:16:50 -05:00
8dfe98d96c
Add bugtraq reference
2016-04-14 10:23:53 +01:00
c39410a070
Fix autoadd problem
2016-04-13 23:31:27 -05:00
6ce7055130
Land #6737 , Added reverse shell JCL payload for z/OS
2016-04-13 22:19:15 -05:00
09873f2f9c
Land #6717 , Add new cmd mainframe payload (generic_jcl) for z/OS
2016-04-13 22:10:23 -05:00
252632a802
Use %w{} for a couple things
...
Why not? :)
2016-04-13 19:38:57 -05:00
de004d7da3
Line up some hash rockets
2016-04-13 19:32:35 -05:00
f8e4253e2f
Add telnet to RequiredCmd
...
Baffles me that cmd/unix/reverse isn't cmd/unix/reverse_telnet.
2016-04-13 18:22:28 -05:00
07ee18a62b
Do something shady with the exploit method
...
Hat tip @acammack-r7.
2016-04-13 18:15:17 -05:00
43e74fce9e
Add Exim privesc
2016-04-13 17:51:20 -05:00
c52a6393b2
Land #6773 , Add Dell Kace K1000 unauthenticated remote root exploit
2016-04-13 10:20:53 -05:00
1d1a495a93
Style check
2016-04-13 10:19:57 -05:00
f73309ef01
Fix the ARM NOP generator after #6762 , #6768 , and #6644
2016-04-12 14:22:57 -05:00
b61175c6b4
Add Dell Kace K1000 unauthenticated remote root exploit
2016-04-12 16:15:37 +00:00
815a918a72
deprecate auxiliary/gather/dns_srv_enum
2016-04-12 08:44:47 +08:00
2bbb58d57e
deprecate auxiliary/gather/dns_reverse_lookup
2016-04-12 08:44:21 +08:00
5e1c540d31
deprecate auxiliary/gather/dns_info
2016-04-12 08:43:50 +08:00
67f8b309c6
deprecate auxiliary/gather/dns_cache_scraper
2016-04-12 08:43:23 +08:00
66ec001110
deprecate auxiliary/gather/dns_bruteforce
2016-04-12 08:42:56 +08:00
ca6beeb676
Land #6187 , @join-us' cleanup for enum_dns
2016-04-11 09:50:12 -07:00
2dc4539d0d
Change class name to MetasploitModule
2016-04-10 23:27:40 +01:00
1fa7c83ca1
Create file for CVE-2016-1593
2016-04-10 23:17:07 +01:00
99b4d0a2d5
remove more regex-style bool checks
2016-04-09 13:49:16 -05:00
a37f9c9eda
Clarify note type
2016-04-08 18:35:43 -07:00
44a98cc36f
Correct overly aggressive style cleanup
2016-04-08 18:00:03 -07:00
7ce5c07c03
Minor style cleanup
2016-04-08 17:39:32 -07:00
7c70a554ea
Merge branch 'pr/6187' into pr/fixup-6187 for pre-master merge testing
2016-04-08 16:56:38 -07:00
8219766538
Land #6760 , llmnr_response TTL fix
2016-04-08 16:45:55 -05:00
6b4dd8787b
Fix #6764 , nil SQL error in lib/msf/core/exploit/postgres
...
Fix #6764
2016-04-08 15:20:04 -05:00
28875313be
Change class name to MetasploitModule
2016-04-08 14:27:52 -05:00
ae46b5a688
Bring #6417 up to date with upstream-master
2016-04-08 13:41:40 -05:00
5839e2e3a8
Land #6762 , Fix ghetto true/false checking in NOP generator
2016-04-07 19:38:24 -05:00
068cf8eba1
Fix ghetto true/false checking in NOP generator
2016-04-07 18:23:33 -05:00
cba7353e1d
Fix another typo?
2016-04-07 17:12:11 -05:00
ff9d94218d
Fix a typo?
2016-04-07 17:11:42 -05:00
a3c390ee9d
Change class name to MetasploitModule
2016-04-07 17:11:08 -05:00
f09637a1c7
Bring #6377 up to date with upstream-master
2016-04-07 17:06:49 -05:00
0d3eb4f055
Change class name to MetasploitModule
2016-04-07 12:15:32 -05:00
0f56dbd858
Bring #6378 up to date with upstream-master
2016-04-07 12:10:55 -05:00
c4aac2a54a
Remove unwanted comments
2016-04-07 11:22:57 -05:00
fa5acba400
TTL setting honors TTL option
...
* change hard-coded ttl value to TTL option
* set TTL option default to 30
2016-04-07 10:59:05 -05:00
7658014fb7
Add CVEs
2016-04-07 08:39:29 -05:00
87d59a9bfb
Add exploit for ExaGrid known credentials
2016-04-07 04:17:43 -05:00
e78e12f295
Land #6515 , Autoadd for /post/windows/manage/autoroute
2016-04-06 15:29:58 -05:00
ac051bda7f
Add check is_routable?, and change netmask if needed
2016-04-06 15:28:54 -05:00
11bf1018aa
Fix typo
2016-04-06 14:20:41 -05:00
d240e0b3a2
Bring #6515 up to date with upstream-master
2016-04-06 11:27:32 -05:00
616bb8399f
remove db_filter / format a json data
2016-04-06 18:39:34 +08:00
a4ef9980f4
Land #6677 , atutor_sqli update
2016-04-05 19:52:44 -05:00
d9d257cb1a
Fix some things
2016-04-05 19:23:11 -05:00
08736c798d
Correct proftp version check at module runtime
2016-04-05 13:06:10 -05:00
dcb6da306c
Land #6720 , SSL scanner fixes
2016-04-04 23:37:52 -05:00
af7eef231c
Fix a few issues with the SSL scanner
...
First, we need to handle public keys with strength not measured on the same bit
scale as RSA keys. This fixes handshakes for ECDSA and others.
Second, depending on the host we are talking to, we may not have a peer cert.
Handle this properly by checking first on the socket before using it.
2016-04-04 22:08:01 -05:00
51b8b4a4d1
Bring #6404 up to date with upstream-master
2016-04-04 16:35:58 -05:00
da3388248a
Uses #blank?
2016-04-04 16:34:49 -05:00
5a6d1ee0a9
Uses MetasploitModule class name
2016-04-04 16:30:55 -05:00
2e1e1ca839
Land #6742 , psexec_psh restoration
2016-04-01 13:59:09 -05:00
d23a1c4551
Bump deprecation date
2016-04-01 13:57:58 -05:00
60bee16e8c
Restore psexec_psh
...
See @jabra-'s comments on #6222 .
2016-04-01 13:56:22 -05:00
41b802a8a2
Clean up module
2016-04-01 13:54:27 -05:00
6a4d7e3b58
Revshell cmd JCL payload for z/OS
...
Added a JCL-based reverse shell. Uses the same source code as the
shellcode version does. Source code is in
external/source/shellcode/mainframe/shell_reverse_tcp.s
2016-03-31 20:42:42 -05:00
ae0aecdd03
Change class name for exploits/windows/ftp/pcman_put.rb
2016-03-31 19:36:02 -05:00
de0e02549c
Bring #6507 up to date with upstream-master
2016-03-31 19:30:45 -05:00
f3336c7003
Update windows/http/easyfilesharing_seh
2016-03-31 19:24:06 -05:00
dd83757966
Bring #6488 up to date with upstream-master
2016-03-31 19:11:11 -05:00
75ebd08153
Land #6731 , Add CVE-2015-7755 juniper backdoor
2016-03-31 17:30:38 -05:00
618f379488
Update auxiliary/scanner/redis/redis_server and mixin
2016-03-31 17:14:49 -05:00
4d76b0e6a5
Rm auxiliary/scanner/misc/redis_server
...
Please use auxiliary/scanner/redis/redis_server or
auxiliary/scanner/redis/redis_login instead
2016-03-31 17:13:08 -05:00
2e7d07ff53
Fix PASSWORD datastore option
2016-03-31 17:12:00 -05:00
545cb11736
Bring #6409 up to date with upstream-master
2016-03-31 17:00:56 -05:00
5fdea91e93
Change naming
2016-03-31 17:00:29 -05:00
f33e994050
Delete anything related to configuring/saving username
2016-03-31 16:56:54 -05:00
101775a5ba
Bring #6545 up to date with upstream-master
2016-03-30 16:07:24 -05:00
82cec68606
Land #6427 , removes the deprecated psexec_psh module; please use exploit/windows/smb/psexec instead
2016-03-30 12:58:43 -07:00
dee9adbc50
Remove deprecated psexec_psh module
2016-03-30 14:35:47 -05:00
4074634a13
Land #6713 , Add post exploit module for HeidiSQL's stored passwords
2016-03-30 12:10:30 -05:00
0c6b4d81c8
More proper exception handling
2016-03-30 12:09:40 -05:00
aaa1515ba0
Print rhost:rport
2016-03-30 11:56:09 -05:00
c7e63c3452
Land #6694 , Add Apache Jetspeed exploit
...
CVE-2016-0710
CVE-2016-0709
2016-03-30 11:17:21 -05:00
74f25f04bd
Make sure to always print the target IP:Port
2016-03-30 11:16:41 -05:00
397d5580be
Use MetasploitModule convention
2016-03-30 15:44:37 +01:00
f8628e3438
Merge remote-tracking branch 'upstream/master' into wdigest_enable
2016-03-30 15:44:21 +01:00
9e45f0c104
Minor tidies
2016-03-30 15:29:03 +01:00
7fc2c860e9
remove comment
2016-03-29 21:26:36 -04:00
d35b5e9c2a
First add of CVE-2015-7755
2016-03-29 21:20:12 -04:00
85ab9d38f7
Land #6698 , Add ATutor 2.2.1 Directory Traversal Exploit
2016-03-29 15:42:58 -05:00
b84bf2290f
Land #6707 Print Response fix for HTTP NTLM
2016-03-29 13:35:49 -05:00
824a7837a2
LAND #6707 , Print Response Fix for HTTP NTLM
2016-03-29 13:08:43 -05:00
a6518b5273
Add generic JCL cmd payload for z/OS (mainframe)
...
This payload does nothing but return successfully. It can be used to
test exploits and as a basis for other JCL cmd payloads.
2016-03-28 21:01:39 -05:00
976932ed43
Initial commit
2016-03-26 12:00:25 +01:00
57984706b8
Resolve merge conflict with Gemfile
2016-03-24 18:13:31 -05:00
2b90846268
Add Apache Jetspeed exploit
2016-03-23 19:22:32 -05:00
6a462d5f60
Land #6703 , Make ms09_065_eot_integer passive
2016-03-23 13:39:41 -05:00
8fb55eeb6b
Land #6700 , add aux module to gather browser info
2016-03-23 13:19:27 -05:00
8c5c0086e6
Change cve_2012_6301 module path & make passive
...
This addresses two things:
1. The module is in the wrong directory. dos/http is for http
servers, not browsers.
2. PassiveActions should not be a 2D array.
2016-03-23 11:10:23 -05:00
53860bef1f
Make ms09_065_eot_integer passive
...
MS-932
2016-03-23 10:50:24 -05:00
8bf039a69e
ignore_items! should not be used in a loop
...
because it's not necessary.
2016-03-22 15:56:38 -05:00
102d28bda4
Update atutor_filemanager_traversal
2016-03-22 14:44:07 -05:00
9cb43f2153
Update atutor_filemanager_traversal
2016-03-22 14:42:36 -05:00
8836393cb1
Add aux module to gather browser information.
2016-03-22 13:56:12 -05:00
8028a9b5ce
Print response fix
2016-03-22 18:50:25 +01:00
3842009ffe
Add ATutor 2.2.1 Directory Traversal Exploit Module
2016-03-22 12:17:32 -05:00
ebc7316442
Spelling Fix
...
Fixed Thorugh to Through
2016-03-19 13:58:13 -04:00
570221379e
Land #6533 , move ie_unsafe_scripting to BES
2016-03-18 11:22:44 -05:00
d54bbdf9a3
Land #6566 , filezilla xml file locations
2016-03-17 16:27:24 -05:00
115a033036
Fix parsing the Last Server xml
2016-03-17 16:27:02 -05:00
31279291c2
Resolve merge conflict for ie_unsafe_scripting.rb
2016-03-17 14:42:36 -05:00
b1b68294bb
Update class name
2016-03-17 14:41:23 -05:00
7b2d717280
Change ranking to manual and restore BAP2 count to 21
...
Since the exploit requires the target to be configured manually,
it feel more appropriate to be ManualRanking.
2016-03-17 14:39:28 -05:00
1375600780
Land #6644 , datastore validation on assignment
2016-03-17 11:16:12 -05:00
e9f87d2883
Land #6685 , ensure platform variable is set for non-osx
2016-03-17 08:25:42 -05:00
9e7a330ac8
OptInt -> OptPort
2016-03-16 15:47:29 -05:00
af642379e6
Fix some OptInts
2016-03-16 14:13:18 -05:00
c21bad78e8
Fix some more String defaults
2016-03-16 14:13:18 -05:00
4e3a188f75
Land #6401 , EasyCafe server file retrieval module
2016-03-16 13:24:54 -04:00
9ac4ec4bfc
Update the class name to MetasploitModule
2016-03-16 13:22:06 -04:00
53f1338ad0
Update module to remove references to print peer
2016-03-16 13:10:39 -04:00
1769bad762
fix FORCE logic
2016-03-16 09:53:09 -05:00
d70308f76e
undo logic changes in adobe_flas_otf_font
2016-03-16 09:52:21 -05:00
f83cb4ee32
fix set_wallpaper
2016-03-16 13:07:41 +00:00
5ef8854186
Update ATutor - Remove Login Code
2016-03-15 17:37:37 -05:00
05f585157d
Land #6646 , add SSL SNI and unify SSLVersion opts
2016-03-15 16:35:22 -05:00
e29fc5987f
Add missing stream.raw for hp_sitescope_dns_tool
...
This adds the missing stream.raw.
2016-03-15 11:06:06 -05:00
38153d227c
Move apache_karaf_command_execution to the SSH directory
...
apache_karaf_command_execution does not gather data, therefore
it is not suitable to be in the gather directory.
2016-03-14 00:32:59 -05:00
6323f7f872
Fix a couple overlooked issues
2016-03-13 23:35:05 -05:00
df0ff30468
Land #6642 , make ipv6_neighbor_router_advertisement discovery smarter
2016-03-13 16:53:11 -05:00
635e31961a
generate valid prefixes
2016-03-13 16:44:57 -05:00
cd84ac37d6
Land #6569 , check if USERNAME env var exists before using in enum_chrome post module
2016-03-13 15:12:51 -05:00
a50b21238e
Land #6669 , remove debug code from apache_roller_ognl_injection that breaks Windows
2016-03-13 14:14:10 -05:00
23eeb76294
update php_utility_belt_rce to use MetasploitModule
2016-03-13 13:59:47 -05:00
a6316d326e
Land #6662 , update disclosure date for php_utility_belt_rce
2016-03-13 13:58:04 -05:00
c89e53d0a3
Land #6666 , fix filezilla_server display bug showing the session ID
2016-03-13 13:56:44 -05:00
dabe5c8465
Land #6655 , use MetasploitModule as module class name
2016-03-13 13:48:31 -05:00
b22a057165
Fix #6554 , hardcoded File.open path in apache_roller_ognl_injection
...
The hardcoded File.open path was meant for debugging purposes during
development, but apparently we forgot to remove it. This line causes
the exploit to be unusable on Windows platform.
Fix #6554
2016-03-11 18:48:17 -06:00
51cdb57d42
Fix #6569 , Add a check for USERNAME env var in enum_chrome post mod
...
Fix #6569
Depending on the context, the USERNAME environment variable might
not always be there.
2016-03-11 15:36:44 -06:00
8217d55e25
Fix display issue when SESSION is -1
2016-03-11 11:37:22 -06:00
8953952a8f
correction for the DisclosureDate based on Exploit-DB
2016-03-11 14:05:26 +08:00
7009682100
Landing #6659 , Fix bug in MS08-067 related to incorrect service pack identification when fingerprinting
2016-03-10 14:29:29 -06:00
8d22358892
Land #6624 , PHP Utility Belt exploit
2016-03-09 14:12:45 -06:00
52d12b68ae
Clean up module
2016-03-09 14:08:26 -06:00
179d38b914
Fix #6658 , MS08-067 unable to find the right target for W2k3SP0
...
Fix #6658 .
When there is no service pack, the
Msf::Exploit::Remote::SMB#smb_fingerprint_windows_sp method returns
an empty string. But in the MS08-067 exploit, instead of check an
empty string, it checks for "No Service Pack", which causes it to
never detect the right target for Windows Server 2003 SP0.
2016-03-09 11:05:34 -06:00
45c7e4b6ae
Update ipv6_neighbor_router_advertisement.rb
2016-03-09 11:21:24 +08:00
e417909111
Update ipv6_neighbor_router_advertisement.rb
2016-03-09 11:21:07 +08:00
3123175ac7
use MetasploitModule as a class name
2016-03-08 14:02:44 +01:00
c2f99b559c
Add documentation for auxiliary/scanner/http/tomcat_enum
...
Also fix a typo in normalizer
2016-03-07 15:39:15 -06:00
f703fa21d6
Revert "change Metasploit3 class names"
...
This reverts commit 666ae14259
2016-03-07 13:19:55 -06:00
join-us
wchen-r7
Vincent Yiu
dmohanty-r7
Brent Cook
504137480
Louis Sato
Josh Hale
Brian Patterson
thao doan
Tim
OJ
Pedro Ribeiro
William Vu
Joshua J. Drake
Brendan Coles
Jon Hart
Sonny Gonzalez
James Lee
greg.mikeska@rapid7.com
Bigendian Smalls
Meatballs
h00die
Brendan Watters
Hans-Martin Münch (h0ng10)
Adam Cammack
Lexus89
Steven Seeley
h00die
Spencer McIntyre
l0gan
Jay Turla
James Barnett
Fakhri Zulkifli
Christian Mehlmauer