faac44f257
Update xdh_x_exec.rb
2015-12-04 12:39:19 +08:00
f52e6ce65c
Update xdh_x_exec.rb
2015-12-04 11:17:16 +08:00
4955357015
Update xdh_x_exec.rb
2015-12-04 11:06:06 +08:00
4e43a90187
Add Xdh / fBot IRC Bot Remote Code Execution
2015-12-04 10:40:37 +08:00
340fe5640f
Land #6255 , @wchen-r7's module for Atlassian HipChat JIRA plugin
2015-12-03 20:01:06 -06:00
a972b33825
Fix typo
2015-12-03 20:00:37 -06:00
f8c11b9cd1
Move to multi
2015-12-03 17:49:21 -06:00
3bbc413935
Update phpfilemanager_rce.rb
2015-12-04 06:20:43 +08:00
67edf88c39
Doc
2015-12-03 14:25:01 -06:00
f33e63c16f
Support Win/Linx/Java payloads for Win/Linux platforms
2015-12-03 14:02:32 -06:00
28ca899914
Update phpfilemanager_rce.rb
2015-12-03 18:07:25 +08:00
83824b2902
First commit to support Windows for jira_hipchat_template
...
In Java
2015-12-03 02:39:55 -06:00
d63bb4768f
Update phpfilemanager_rce.rb
2015-12-03 14:09:02 +08:00
374b630601
Update phpfilemanager_rce.rb
2015-12-03 13:57:19 +08:00
56b810cb18
Update phpfilemanager_rce.rb
2015-12-03 12:44:41 +08:00
5414f33804
Update phpfilemanager_rce.rb
2015-12-03 12:43:47 +08:00
ab77ab509a
Update phpfilemanager_rce.rb
2015-12-03 12:35:49 +08:00
869caf789f
Update phpfilemanager_rce.rb
2015-12-03 12:34:17 +08:00
a2d51d48cd
Add phpFileManager 0.9.8 Remote Code Execution
2015-12-03 12:11:31 +08:00
0f24ca7d13
Land #6280 , @wchen-r7's module for Oracle Beehive processEvaluation Vulnerability
2015-12-01 21:38:09 -06:00
d269be22e7
Land #6223 , @wchen-r7's module for Oracle Beehive prepareAudioToPlay exploit
2015-12-01 21:36:18 -06:00
9697ce5033
Specify arch & platform for generate_payload_exe
...
If not specified, generic payloads will fail.
2015-12-01 18:46:52 -06:00
0e21265ecc
Fix cookie parsing, typo, and unused var
2015-12-01 17:39:40 -06:00
385378f338
Add reference to Rapid7 advisory
2015-12-01 11:37:27 -06:00
9dbf7cb86c
Remove the SSL option (not needed)
2015-12-01 11:34:03 -06:00
758e7c7b58
Rename
2015-12-01 11:33:45 -06:00
ea2174fc95
Typo and switch from raw -> encoded
2015-12-01 10:59:12 -06:00
16d0d53150
Update Shellshock modules, add Advantech coverage
2015-12-01 10:40:46 -06:00
ea363dd495
priv to true
2015-12-01 10:23:36 -06:00
2621753417
priv to true
2015-12-01 10:21:56 -06:00
d5d4a4acdc
Register the correct jsp to cleanup
2015-12-01 10:21:15 -06:00
7dc268d601
Land #6283 , increase the amount of space needed for ms08_067
2015-11-25 19:37:25 -06:00
35ea8c3f74
relax space needed a bit less, work with Windows XP and 2k3
2015-11-25 11:25:57 -06:00
2a89a2bc9a
increase the amount of space needed for ms08_067
2015-11-25 07:13:16 -06:00
f9d3652e1a
Land #6282 , deprecated module cleanup
...
rm modules/exploits/windows/browser/adobe_flash_pixel_bender_bof.rb
2015-11-24 23:48:09 -06:00
6fbcb3d127
Land #6263 , add BisonWare BisonFTP Server Buffer Overflow
2015-11-24 22:55:15 -06:00
f57ebad0e6
Change hard tabs to spaces
2015-11-24 22:54:52 -06:00
9a7e51daec
Update bison_ftp_bof.rb
2015-11-25 11:47:21 +08:00
3d6e4068cb
Update bison_ftp_bof.rb
2015-11-25 11:17:07 +08:00
591da3c97e
Please use exploit/multi/browser/adobe_flash_pixel_bender_bof
...
Time to say goodbye to:
exploits/windows/browser/adobe_flash_pixel_bender_bof.rb
Please use:
exploit/multi/browser/adobe_flash_pixel_bender_bof
Reason: The replacement supports multiple platforms, so better.
2015-11-24 20:37:57 -06:00
4e2eb7ca65
Add Oracle Beehive processEvaluation Vulnerability
2015-11-24 19:17:57 -06:00
441fff4b7c
Update bison_ftp_bof.rb
...
Adding constant NOP
2015-11-23 06:53:12 +08:00
b2d6458f50
Land #6129 , Joomla SQLi RCE
2015-11-20 14:30:23 -06:00
e3bca890c1
Update bison_ftp_bof.rb
2015-11-20 23:45:15 +08:00
1dee6dca1b
Update bison_ftp_bof.rb
2015-11-20 13:37:46 +08:00
bd856322e0
Update bison_ftp_bof.rb
2015-11-20 09:58:44 +08:00
335944aa9a
Update bison_ftp_bof.rb
2015-11-20 09:38:55 +08:00
fcc7520230
Create bison_ftp_bof.rb
2015-11-20 09:07:40 +08:00
7c5d292e42
Land #6201 , chkrootkit privesc
2015-11-19 10:37:30 -06:00
8d1f5849e0
Land #6228 , @m0t's module for F5 CVE-2015-3628
2015-11-18 15:39:40 -08:00
ae3d65f649
Better handling of handler creation output
2015-11-18 15:31:32 -08:00
bcdf2ce1e3
Better handling of invulnerable case; fix 401 case
2015-11-18 15:24:41 -08:00
3c72135a2f
No to_i
...
What happens here is it converts to a Fixnum, and then it converts
back to a String anway because it's in a String.
2015-11-18 15:25:18 -06:00
deec836828
scripts/handlers cannot start with numbers
2015-11-18 12:31:46 -08:00
7399b57e66
Elminate multiple sessions, better sleep handling for session waiting
2015-11-18 12:23:28 -08:00
e4bf5c66fc
Use slightly larger random script/handler names to avoid conflicts
2015-11-18 11:51:44 -08:00
e7307d1592
Make cleanup failure messages more clear
2015-11-18 11:44:34 -08:00
0e3508df30
Squash minor rubocop gripes
2015-11-18 11:05:10 -08:00
f8218f0536
Minor updates to print_ output; wire in handler_exists;
2015-11-18 11:05:10 -08:00
392803daed
Tighten up cleanup code
2015-11-18 11:05:10 -08:00
657e50bb86
Clean up module
2015-11-18 12:50:57 -06:00
c0d9c65ce7
always overwrite the payload file
2015-11-18 18:48:34 +00:00
682a41af2e
Update description
2015-11-18 11:52:50 -06:00
d6921fa133
Add Atlassian HipChat for Jira Plugin Velocity Template Injection
...
CVE-2015-5603
Also fixes a bug in response.rb (Fix #6254 )
2015-11-18 11:34:25 -06:00
a484b318eb
Update registry_persistence.rb
2015-11-18 16:13:18 +00:00
1fe8bc9cea
Added a SLEEP_TIME option
...
Added a SLEEP_TIME options which is the number of seconds to sleep prior to executing the initial IEX request. This is useful in cases where a machine would have to establish a VPN connection, initiated by the user, after a reboot.
Alternatively, as opposed to a sleep time, it could have a loop that attempts to retry for a certain period of item.
2015-11-18 11:17:57 +00:00
e21bf80ae4
Squash a rogue space
2015-11-17 14:17:59 -08:00
3396fb144f
A little more simplification/cleanup
2015-11-17 14:16:29 -08:00
dcfb3b5fbc
Let Filedropper handle removal
2015-11-17 13:01:06 -08:00
44d477a13c
Fix some rubocop warnings
2015-11-17 13:26:50 +01:00
715f20c92c
Add missing super in setup
2015-11-16 14:45:13 -08:00
70407a4f21
3600 * 60 * 24 isn't one day
2015-11-16 23:18:02 +01:00
902951c0ca
Clean up description; Simplify SOAP code more
2015-11-16 11:06:45 -08:00
1aa1d7b5e4
Use random path for payload
2015-11-16 10:57:48 -08:00
ee5d91faab
Better logging when exploit gets 401
2015-11-16 10:41:48 -08:00
c4ffd7ae36
When sending SOAP requests, print out proto/status/message when fail
2015-11-16 10:38:40 -08:00
e58e17450a
Simplify XML building
2015-11-13 11:36:56 -08:00
ecbd453301
Second pass at style cleanup. Conforms now
2015-11-13 11:24:11 -08:00
85e5b0abe9
Initial style cleanup
2015-11-13 10:42:26 -08:00
873994a154
Skip the explicit return
...
Thanks to kernelsmith for the feedback
2015-11-13 12:40:34 +01:00
9a0f0a7843
Land #6142 , uptime refactor
2015-11-12 16:58:55 -06:00
ee25cb88b5
Land #6196 , vBulletin 5.1.2 Unserialize Code Execution
2015-11-12 14:38:39 -06:00
6077617bfd
rm res var name
...
the res variable isn't used
2015-11-12 14:37:47 -06:00
199ed9ed25
Move vbulletin_unserialize.rb to exploits/multi/http/
...
According to @all3g, this works on Windows too, so we will move
this to multi/http.
2015-11-12 14:36:01 -06:00
3566b978c3
Add a module for a chkrootkit-powered privsec
...
This modules implements an exploit for CVE-2014-0476,
to gain root thanks to chkrootkit.
Its main issues is that you need to wait until chkrootkit
is executed in a crontab (or manually),
which can take 24h top with its default setup.
How to reproduce:
1. Install a version < 0.50 of chkrootkit
2. Launch the local module
3. Wait until chkrootkit's crontab kicks in
4. You've got a root shell
```
msf > use exploit/linux/local/chkrootkit
msf exploit(chkrootkit) > check
[*] 192.168.1.25 - The target appears to be vulnerable.
msf exploit(chkrootkit) > run
[*] Exploit completed, but no session was created.
[*] Started reverse handler on 192.168.1.11:9999
msf exploit(chkrootkit) > [+] Target is vulnerable.
[!] Rooting depends of the crontab, this could take a while.
[*] Payload written to /tmp/update
[*] Waiting to chkrookit to be run be a cron tab...
[*] Command shell session 6 opened (192.168.1.11:9999 -> 192.168.1.25:40006) at 2015-11-06 20:53:00 +0100
[+] Deleted /tmp/update
msf exploit(chkrootkit) > sessions -i 6
[*] Starting interaction with 6...
id
uid=0(root) gid=0(root) groups=0(root)
```
2015-11-12 19:30:05 +01:00
eae2d6c89d
F5 module
2015-11-12 09:51:09 +00:00
8ea0a864db
Add a reference for patching
2015-11-10 23:32:22 -06:00
66f3582991
Add Oracle Beehive prepareAudioToPlay Exploit Module
2015-11-10 23:05:11 -06:00
a0351133a6
Add more references to this exploit
...
Adding exploit-db doc about China Chopper webshell and details about this webshell in US-CERT.
2015-11-11 09:51:05 +08:00
f86f427d54
Move Compat into Payload so that is actually used
2015-11-09 16:06:05 -06:00
66ed66cc81
Merge pull request #1 from m0t/changes
...
F5 BIG-IP iCall privilege escalation vulnerability (CVE-2015-3628)
2015-11-09 16:11:29 +00:00
daa999fb1c
f5 module
2015-11-09 16:02:32 +00:00
d4d4e3ddb0
f5 module
2015-11-09 13:41:59 +00:00
893c4cd52d
f5 module
2015-11-09 13:10:54 +00:00
e2678af0fe
The modules now works on 5.1.X and 5.0.X
...
- Added automatic targeting
- Added support for 5.0.X
2015-11-07 14:28:25 +01:00
0cc8165b52
And I forgot to rm the test line
2015-11-06 18:11:27 -06:00
8f2a716306
I don't really need to override fail_with
2015-11-06 18:11:08 -06:00
0213da3810
Handle more NilClass bugs
2015-11-06 18:08:51 -06:00
43229c16e7
Correct some authors with unbalanced angle brackets
2015-11-06 13:24:58 -08:00
2df149b0a5
Land #6189 , extraneous Content-Length fix
2015-11-06 14:36:40 -06:00
JT
jvazquez-r7
wchen-r7
James Lee
HD Moore
Brent Cook
William Vu
Jon Hart
m0t
sammbertram
jvoisin
Louis Sato