infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
47,672 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

24452 Commits (8a175f50cd86137d0c77d9f89e86bc489e9adbfa)

Author SHA1 Message Date
Brendan Coles a71a5a10d5 Add Quest KACE Systems Management Command Injection 2018-06-22 08:07:18 +00:00
Brent Cook eaf043d30b
Land #10156, WebKit, as used in WebKitGTK+ Crash - CVE-2018-11646 2018-06-21 16:28:37 -05:00
Adam Cammack 6dafb13f28
Module metadata cleanup 2018-06-21 15:10:47 -05:00
Jeffrey Martin 2f40b2cb45
address missed impacket dependency check 2018-06-21 13:56:17 -05:00
Eliott Teissonniere c4632f44aa Fix windows 2018-06-21 16:46:15 +00:00
Eliott Teissonniere 2008de4080 Support Windows screensaver and locking 2018-06-21 16:46:00 +00:00
Brent Cook 38e1429879
Land #10189, ETERNALBLUE updates 2018-06-20 23:53:20 -05:00
William Vu 4bb6afb24e Move dependency check so we can send our metadata 
I missed this detail about the module.run method when adding the check.
Defining the metadata or where you put it doesn't matter so much as if
you're sending it over JSON-RPC.
 2018-06-20 15:03:26 -05:00
William Vu 8277a4da24 Add better targeting feedback 2018-06-20 12:41:22 -05:00
William Vu 13a4b2e359 Add dependency check for Impacket 2018-06-20 12:22:17 -05:00
Eliott Teissonniere a8e9c20d6c Make open works on windows 2018-06-20 09:23:57 +00:00
Eliott Teissonniere 4c0ac00f38 Make screensaver works on OSX 2018-06-20 09:13:51 +00:00
Brent Cook a1176e011a
Land #10184, Add sleepya's ETERNALBLUE exploit for Win8+ 2018-06-19 17:34:38 -05:00
William Vu 0820268d8a Improve rank handling with shim logic 2018-06-19 16:46:20 -05:00
Wei Chen 72432c200a
Land #10183, Add auxiliary mod to exploit httpdasm dir traversal vuln 2018-06-19 14:56:36 -05:00
Wei Chen b315886f9b Update option description 2018-06-19 14:55:53 -05:00
Wei Chen 9be8aa6877 Be more verbose on error handling 2018-06-19 14:54:27 -05:00
Shelby Pace a0189cc3f6
made suggested changes to module 2018-06-19 12:22:44 -05:00
William Vu 9913606ed9 Correct rank and formatting in Haraka 2018-06-19 11:44:02 -05:00
William Vu 9545bac809 Rename remote_exploit_generic template 
Dropping "generic" from the name. I initially had some reservations
about leaving it in, and after discussion with @acammack-r7, we've
decided it adds nothing useful.
 2018-06-19 11:43:56 -05:00
William Vu df4cee1d77 Fix PEP 8 in added code 2018-06-19 11:20:15 -05:00
William Vu 781478b283 Document some things 2018-06-19 11:20:15 -05:00
William Vu ecea36c459 Convert PoC to external module 2018-06-19 11:20:10 -05:00
William Vu 45e8adc617 Add sleepya's ETERNALBLUE exploit for Win8+ 2018-06-18 11:41:57 -05:00
Shelby Pace b78bb78f95
added auxiliary module and documentation 2018-06-18 10:25:33 -05:00
Jacob Robles cb50d0fade
Land #9825, Add 'phpMyAdmin Authenticated Remote Code Execution' 2018-06-18 08:51:53 -05:00
Jacob Robles 2e2ded22fc
Use Gem::Version 
Simplify version comparisons
 2018-06-18 08:35:47 -05:00
Jacob Robles 122ea2ddcb
Update module, Add docs 
Changed the module to an exploit module and
added documentation.
 2018-06-18 07:33:05 -05:00
Eliott Teissonniere 351a0bd37f Cleanup command execution code 2018-06-18 07:24:54 +00:00
Eliott Teissonniere a750aedb6b Move xdg_screensaver to multi module 2018-06-18 07:19:52 +00:00
Eliott Teissonniere 1f6b9a51ea Remove useless import 2018-06-18 06:56:39 +00:00
Eliott Teissonniere 8342751b05 Move xdg_open to multi module 2018-06-18 06:54:13 +00:00
Wei Chen ec88683ad2
Land #10165, Fix missing RequestError in a few post modules 2018-06-15 15:38:49 -05:00
Wei Chen 3e8bd83c29
Land #10172, Rm duplicate word in agitum_outpost_acs description 2018-06-15 15:13:23 -05:00
James Barnett 2ded48a510 Merge branch 'master' into remote_creds_data 2018-06-15 10:26:10 -05:00
William Vu b733b79533
Land #10021, post/multi/recon/sudo_commands module 2018-06-14 16:33:50 -05:00
James Barnett 9f2f61c481
Implement create_credential_and_login in the dataproxy 2018-06-14 13:28:03 -05:00
Clément Notin b64ab9b0de
Remove duplicate word in the agitum_outpost_acs module description 2018-06-14 15:15:29 +02:00
Eliott Teissonniere c4af2aca53 Check command availability 2018-06-14 10:00:26 +00:00
Eliott Teissonniere e523d5a114
Fix tabbed indents 2018-06-14 11:35:03 +02:00
Eliott Teissonniere b9d59315a8
Fix English in XDG screensaver 2018-06-14 11:30:04 +02:00
Eliott Teissonniere c5c0dffa3a
Fix English for XDG open 2018-06-14 11:28:30 +02:00
Eliott Teissonniere ee81ed6f7e Add XDG screensaver 2018-06-14 08:58:24 +00:00
Eliott Teissonniere 3c4bcf9258 Make XDG open module 2018-06-14 08:33:51 +00:00
Dhiraj Mishra c0a5a65e0c
Updated 
Suggestion's by acammack-r7
 2018-06-14 11:25:00 +05:30
Adam Cammack 853bd4d976
Land #10167, Add Linux x86 IPv6 reverse shell 2018-06-13 15:32:59 -05:00
Adam Cammack 0d9eb5b662
Clean up ipv6 address assembly packing 2018-06-13 15:31:49 -05:00
Adam Cammack d6f0673840
Fix indentation 2018-06-13 15:27:18 -05:00
Adam Cammack 402edba028
Remove automatic fork 
The PrependFork option works just as well
 2018-06-13 15:26:22 -05:00
Adam Cammack 9681c59f1d
Land #10138, Update psnuffle RHOSTS and style 2018-06-13 14:45:05 -05:00
Matteo Malvica e8a7a7e76f
first commit 2018-06-13 21:29:09 +02:00
James Barnett 71651a33f6
Update jtr modules to use remote data store 2018-06-13 12:09:58 -05:00
bwatters-r7 1cd76eb833
Land #10148, Add New Module - Badpdf 
Merge branch 'land-10148' into upstream-master
 2018-06-12 17:19:32 -05:00
William Vu 14da99bb3d Fix missing RequestError in a few post modules 
Should be Rex::Post::Meterpreter::RequestError.
 2018-06-12 17:11:29 -05:00
rmdavy 477d709ff6
Code Improvements 
Ran module through rubocop
 2018-06-12 22:55:38 +01:00
bwatters-r7 29f4870fa0
Land #10101, Add glibc 'realpath()' Privilege Escalation exploit 2018-06-12 16:41:07 -05:00
bwatters-r7 06b3fdce49
Update reliability because of failures 2018-06-12 16:39:41 -05:00
William Vu c3c6bc19da
Land #10059, CVE-2018-1111 exploit 2018-06-12 15:02:06 -05:00
William Vu f4bb00b9a5 Remove stray PayloadType outside Compat 2018-06-12 14:59:29 -05:00
Tim W 0c891e972f
Land #10066, implement AudioOutput api from channel 2018-06-11 16:20:11 +08:00
Tim W 57e3bbdba4 update payload cached sizes 2018-06-11 16:19:58 +08:00
Dhiraj Mishra b44265fcb2
Minor tweaks 
Suggestion's made by bcoles
 2018-06-11 13:25:02 +05:30
rmdavy 6b58163fde
Code Improvement 
Added further code improvement suggested by bcoles
 2018-06-11 08:06:02 +01:00
Brendan Coles 645c890888
Land #10157, Add IconFile path to .URL files generated with MultiDrop 2018-06-11 03:07:21 +00:00
rmdavy f10b2b12d4
Implemented changes suggested by bcoles 2018-06-10 22:18:17 +01:00
rmdavy 22538bfd63
Fixed Minor Code Error & Removed Spaces 2018-06-10 21:53:40 +01:00
rmdavy f4334828d0
Minor Improvement 
URL File Creation also supports IconFile - this has now been added
 2018-06-09 17:46:27 +01:00
rmdavy 5e630b34e1
Minor Update 
Removed some Spaces at EOL
 2018-06-09 17:03:32 +01:00
rmdavy 5ca538541a
Code Improvements 
Code improvements as suggested by bcoles.
 2018-06-09 16:44:37 +01:00
rmdavy f9c74419bb
Minor Code Update 
Improved injection and Minor Code Improvement
 2018-06-09 12:24:33 +01:00
Dhiraj Mishra 51823b1d3d
Spaces at EOL 2018-06-09 15:58:11 +05:30
Dhiraj Mishra d3a18b2ce9
Some tweak 
Thanks bcloes 😎
 2018-06-09 12:15:21 +05:30
Dhiraj Mishra 76588aed09
Error at disclosure date format 2018-06-09 12:03:41 +05:30
Dhiraj Mishra f1d29e730f
Spaces at EOL 2018-06-09 11:53:21 +05:30
Dhiraj Mishra 6e8412fa73
CVE-2018-11646 - Webkit+ 2018-06-09 11:43:47 +05:30
Tim W 9abf438428
Land #10118, cleanup OSX local exploit modules 2018-06-08 14:57:09 +08:00
Tim W 641ffca98c use base_dir 2018-06-08 14:53:21 +08:00
rmdavy 7e0c8d279f
Minor Code Update 2018-06-07 21:16:41 +01:00
rmdavy ab80eadc3f
Minor Code Improvement 2018-06-07 21:06:47 +01:00
rmdavy 98507b2e51
Update badpdf.rb 2018-06-07 19:08:51 +01:00
rmdavy aba05275ae
BadPDF Generator 
Generated PDF files which contain a UNC link back to listener, can be used to capture NetNTLM hashes.
 2018-06-07 16:40:57 +01:00
rmdavy 16fcaa3d00
Delete badpdf.rb 2018-06-07 16:38:57 +01:00
rmdavy c790537bb2
BadPDF Generator 2018-06-07 16:38:22 +01:00
Aaron Soto f53d2a14df
Land #10067, Added `auxiliary/fileformat/odt_badodt` 2018-06-06 11:27:23 -05:00
Aaron Soto 20e773498f
Moved to `auxiliary/fileformat/odt_badodt` and updated docs 2018-06-06 11:27:07 -05:00
Aaron Soto 61074d1220
Land #10115, Added module `auxiliary/fileformat/multidrop` 2018-06-05 16:30:30 -05:00
Aaron Soto c94263c915
Create 'fileformat' and move 'auxiliary/multidrop' to 'auxiliary/fileformat/multidrop' 2018-06-05 16:27:57 -05:00
Jacob Robles 3b2889cd77
Land #10106, Add the scanner/smb/impacket/wmiexec module 2018-06-05 08:33:34 -05:00
rmdavy 59873ba81a
Updated Authors 2018-06-04 23:03:00 +01:00
rmdavy 4fcbb5d03d
Minor Code Updates 
Minor Code Updates as per recommendations by Aaron Soto
 2018-06-04 19:20:37 +01:00
Chris Higgins 78bcd57694
Land #10092, Cleanup linux/local/recvmmsg_priv_esc 2018-06-04 10:32:35 -05:00
Brendan Coles e1d69d6307 Cleanup pSnuffle 2018-06-04 15:27:20 +00:00
Brendan Coles 3bcc329c07 Add HID discoveryd command_blink_on Unauthenticated RCE exploit 2018-06-03 05:41:10 +00:00
Brent Cook 61a98b94b6
Land #9528, WebKit apple safari trident exploit (CVE-2016-4657) 2018-06-02 21:52:52 -05:00
phra e9db949418
refactor: replace last string with hash 2018-06-01 16:59:38 +02:00
phra ae3e8dab78
chore: update references 2018-06-01 16:58:26 +02:00
phra 5649dd0598
refactor: use Hash.to_json instead of strings 2018-06-01 16:57:57 +02:00
rmdavy 061bb84a5a
Updated Code 
Updated code with suggestions provided by bcoles
 2018-06-01 11:13:40 +01:00
Aaron Soto 2bf5e26bfe
Removed `Deprecated` include from `udp_probe` 2018-05-31 14:32:31 -05:00
Aaron Soto 918705d510
Removed deprecated modules: `epmp1000_cmd_exec` and `cambium_snmp_loot` 2018-05-31 14:31:58 -05:00
Brendan Coles 9c14bddd93 Cleanup OSX local exploit modules 2018-05-31 12:26:33 +00:00
Aaron Soto 829e1c306a
Land #10102, SOCKS5 updates for BIND, parsing specs, refactoring 2018-05-30 16:15:53 -05:00
Adam Cammack 5e968529bf
Land #9976, Store non-nil linux enum_network loot 2018-05-30 15:33:39 -05:00
Adam Cammack 435f965418
Use #include? over Regexps with plain strings 2018-05-30 15:32:04 -05:00
bwatters-r7 1e57aa5a57
Land #9777, Slui File Handler Hijack LPE 2018-05-30 15:22:12 -05:00
rmdavy 51a9fc4c55
Multidrop 
Multidrop is a single module which can be used to create *.scf, *.url, *.lnk and desktop.ini files which contain a SMB/UNC link to a listener ready to capture NetNTLM hashes
 2018-05-30 17:36:11 +01:00
Tim W c0841ef0bf set default payload 2018-05-30 18:04:22 +08:00
Tim W 2ec7f11b90 add binary 2018-05-30 18:02:17 +08:00
Brent Cook e69c51132d
Land #10083, Add Msf::Post::OSX::Priv mixin 2018-05-29 23:01:36 -05:00
Pedro Ribeiro d77ee20fc7
Add fix for 7.3.0 2018-05-30 00:59:11 +03:00
Pedro Ribeiro f1663afd53
Change patch level of vulnerable versions 2018-05-30 00:37:29 +03:00
Aaron Soto c8b2fc8a35
Land #9701, Flexense HTTP Server DoS exploit 2018-05-29 16:19:59 -05:00
Aaron Soto 026b22d061
Refined packet sizes and counts, improved error messages 2018-05-29 16:09:27 -05:00
Pedro Ribeiro 476030bbd6
Fix grep with proper Base64 support; IBM bug! 2018-05-29 18:49:52 +03:00
Pedro Ribeiro a3c7ac830f
Fix typo in rand 2018-05-29 18:40:50 +03:00
actuated b0d8e93e79 Added Teradata ODBC Login and SQL modules and documentation 2018-05-29 10:12:43 -05:00
Pedro Ribeiro ac5718d24c
Fix whitespace 2018-05-29 15:02:36 +03:00
Pedro Ribeiro 809982b430
Make changes requested by bcoles 2018-05-29 14:48:57 +03:00
Pedro Ribeiro 56dd07639f
add vuln versions 2018-05-28 17:37:58 +03:00
Pedro Ribeiro aaaa9c7508
Fix warnings from travis 2018-05-28 17:18:52 +03:00
Pedro Ribeiro e126681814
Changed disclosure date 2018-05-28 17:08:48 +03:00
Pedro Ribeiro cfb7d4c2fe
Add github url 2018-05-28 16:53:54 +03:00
Pedro Ribeiro 7db8183bc7
Create file for CVE-2018-1418 2018-05-28 16:39:10 +03:00
Spencer McIntyre 7ac8af03d2 Remove the LD_PRELOAD hook for proxychains 2018-05-27 17:12:06 -04:00
Spencer McIntyre 28d15a113f Add the secretsdump impacket module and docs 2018-05-27 17:09:59 -04:00
Spencer McIntyre 9fab2316c5 Add the wmiexec impacket module and documentation 2018-05-27 16:24:56 -04:00
Brendan Coles 0af5d44c42 Add glibc 'realpath()' Privilege Escalation exploit 2018-05-26 21:25:59 +00:00
Spencer McIntyre c85cc9ad9e Refactor SOCKS5 TcpRelay and add packet tests 2018-05-26 13:46:00 -04:00
Spencer McIntyre 49341fc87d Add credential authentication support to socks5 2018-05-25 20:14:03 -04:00
Spencer McIntyre 9b5ae34896 Drop udp associate support and cleanup logging 2018-05-25 20:14:03 -04:00
Spencer McIntyre 6859856101 Refactor the socks5 code into multiple files 2018-05-25 20:14:03 -04:00
Spencer McIntyre 04bec0bdf0 Progress on the socks5 proxy module 2018-05-25 20:14:02 -04:00
Ege Balcı 3ab7526786
Name & description Change 
Exploit::CheckCode changed to Unknown as suggested.
 2018-05-25 20:22:51 +03:00
Brent Cook fad5a99c7d
fix incorrect disclosure date 2018-05-25 02:59:08 -05:00
Brendan Coles 4df01da49a Add GTFOBins 2018-05-25 04:20:25 +00:00
Brendan Coles 651fb69585 Cleanup linux/local/recvmmsg_priv_esc module 2018-05-24 17:56:07 +00:00
Auxilus 72fb51f877
add extra check for failed command outputs 2018-05-24 20:47:06 +05:30
rmdavy affa0bdc6f
Minor Update 
Removed Unused Comment
 2018-05-24 13:45:08 +01:00
rmdavy 7143f04ea7
Add files via upload 
Updated to use recommended method of creating zip files
 2018-05-24 09:53:53 +01:00
rmdavy 04a27e0221
Delete thumbnail.png 
Moved folder location
 2018-05-24 09:37:45 +01:00
rmdavy 81c4e9f7b9
Delete styles.xml 
Moved folder location
 2018-05-24 09:37:31 +01:00
rmdavy 73bfe1c9ab
Delete settings.xml 
Moved folder location
 2018-05-24 09:37:18 +01:00
rmdavy 247904746c
Delete meta.xml 
Moved folder location
 2018-05-24 09:37:04 +01:00
rmdavy f9bda873d2
Delete manifest.xml 
Moved folder location
 2018-05-24 09:36:55 +01:00
rmdavy 5002eae655
Delete manifest.rdf 
Moved folder location
 2018-05-24 09:36:45 +01:00
rmdavy 02afeb3e29
Delete content.xml 
Moved folder location
 2018-05-24 09:36:35 +01:00
Brent Cook 86a5b951aa
Land #9990, add SOCKS5 proxy support 2018-05-23 17:31:09 -05:00
Brent Cook bc5c7a15e5 remove single-entry OptEnum from module, since there is only one possible TECHNIQUE 2018-05-23 13:44:53 -05:00
bwatters-r7 77403479f5
code cleanup 2018-05-23 12:53:48 -05:00
gushmazuko 3ef6f82894
Update bypassuac_sluihijack.rb 2018-05-23 12:25:49 +02:00
Jan Rude 567e2dbc7e
Update telpho10_credential_dump.rb 
Current version still vulnerable, developer ignores mails. It seems like this is going to be a 'won´t fix'
 2018-05-23 09:32:41 +02:00
Aaron Soto 72efe66403
Refactored for better logging, IPv6 support, and prep for auth 2018-05-22 18:57:00 -05:00
Brendan Coles 45481f26b6 Add Msf::Post::OSX::Priv mixin 2018-05-22 22:25:39 +00:00
James Barnett 0472b9df3f
Land #10024, Fix find_or_create_* methods for remote data service 
This PR updates the find_or_create_* methods associated with each model to
no longer just proxy to the report_* model. It now performs a lookup through
the DataProxy and returns the found object if it exists, or creates a new
record if needed.
 2018-05-22 17:08:46 -05:00
Brendan Coles 15e472637a
Land #10070, Fix cleanup in exploits/osx/local/rootpipe_entitlements 2018-05-22 21:52:24 +00:00
Brendan Coles b14e354b25
Land #10048, Make shell and meterpreter sessions consistent with cmd_exec 2018-05-22 21:26:47 +00:00
bwatters-r7 40d5f46277
Lad #10017, D-Link DSL-2750B Unauthenticated OS Command Injection 
Merge branch 'land-10017' into upstream-master
 2018-05-22 10:54:33 -05:00
lucyoa 6cc1a8dcbd
Rubocop fixes 2018-05-22 10:34:05 -04:00
Matthew Kienow 4ecc1ff551
Modify loots, notes and services search methods 
Modify loots and services method signatures. Remove workspace as a
positional argument, move into opts hash argument and update callers.
Made host search for these models more uniform. Update find_or_create
methods to handle difference in opts between find and report
operations.
 2018-05-21 17:37:51 -04:00
phra 6d4ad57beb
refactor: use Rex built-in encoders 2018-05-21 22:14:39 +02:00
bwatters-r7 75562e2bbc
Land #10044, Fix is_system? in Msf::Post::Windows::Priv for non-English 
Merge branch 'land-10044' into upstream-master
 2018-05-21 14:24:26 -05:00
Kevin Kirsche 93e9c96a1c Adjust link / name ordering to be alphabetical by key (not sorted by value) 2018-05-21 14:42:13 -04:00
Tim W 88ab836e15
Land #9987, AF_PACKET chocobo_root exploit 2018-05-21 17:05:53 +08:00
Tim W 9e9dff8b6a fix file cleanup on failed exploitation 2018-05-21 16:47:09 +08:00
Tim W cd0161ada2 fix gcc for shell_reverse_tcp payloads on ubuntu 2018-05-21 16:46:42 +08:00
lucyoa 6ae55aadd4
Fixing documentation, improving exploits code 2018-05-20 12:55:46 -04:00
Brendan Coles aa033bf5c1 Fix cleanup 2018-05-20 16:19:25 +00:00
Kevin Kirsche c665a32eb9 Add privileged and fix PayloadType hash style 2018-05-19 19:06:50 -04:00
rmdavy ef229111c8
Delete readme.txt 2018-05-19 16:58:45 +01:00
rmdavy 5d3c95e51b
Create badodt 2018-05-19 16:58:14 +01:00
rmdavy a0d8f70dee
Create readme.txt 2018-05-19 16:57:40 +01:00
rmdavy 077a7c7c9e
Delete test.txt 2018-05-19 16:57:07 +01:00
rmdavy 018a8a3060
Create test.txt 2018-05-19 16:56:49 +01:00
rmdavy 622bc272fb
Delete odt 2018-05-19 16:56:30 +01:00
rmdavy b293ddfe5d
Create odt 2018-05-19 16:56:10 +01:00
phra c9ab44234a
refactor: remove predefined cmd stager flavor, increase linemax 2018-05-19 15:55:11 +02:00
phra d239fb17db
refactor: update code as requested 2018-05-19 15:50:10 +02:00
Kevin Kirsche d9d226376c Fix missing comma 2018-05-19 09:23:23 -04:00
Kevin Kirsche 4bf259e767 Add github and EDB ID number 2018-05-19 09:04:18 -04:00
Kevin Kirsche b0f556639f Change rand text length and remove disable nops 2018-05-19 09:02:00 -04:00
phra 8a1cb1e560
fix: fix indentation 2018-05-19 03:27:35 +02:00
phra 5d37451dc8
fix: use print_error instead of puts 2018-05-19 03:26:49 +02:00
phra b010d23427
exploits: add CVE-2018-1000049 exploit module, fixes #10063 2018-05-19 03:10:06 +02:00
Clément Notin a8fcd9d275
Fix display of uid in post/windows/gather/win_privs 
`inspect` is not necessary and triggers display of Unicode characters as "\x.." instead of printing their value.
As discussed in PR #10044
 2018-05-19 01:35:19 +02:00
bwatters-r7 294b263159
Land #9966, Add Reliable Datagram Sockets (RDS) Privilege Escalation exploit 
Merge branch 'land-9966' into upstream-master
 2018-05-18 17:06:04 -05:00
Touhid M Shaikh 12457d14f7
vTiger CRM v6.3.0 (CVE:2015-6000,CVE:2016-1713) 
an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file.
 2018-05-19 01:13:10 +05:30
Kevin Kirsche 6d0c6a7051 Randomize the starting letter 2018-05-18 15:14:40 -04:00
Kevin Kirsche 1efa5c4061 Move to PayloadType instead of Compat 2018-05-18 14:55:33 -04:00
Kevin Kirsche 599979be37 Add AKA and remove filename 2018-05-18 14:49:12 -04:00
Kevin Kirsche 0951aca881 Fix require that’s included by mixin 2018-05-18 13:31:20 -04:00
Kevin Kirsche 35ee1b5fa1 Use https instead of http in the comments 2018-05-18 13:10:47 -04:00
Kevin Kirsche 8f0242344d Fix style to use curly braces instead of pipes 2018-05-18 13:06:38 -04:00
Kevin Kirsche f1b9088609
Fix msf/core include requirement 
```
modules/exploits/unix/dhcp/rhel_dhcp_client_command_injection.rb - [WARNING] Explicitly requiring/loading msf/core is not necessary
```

removes `require msf/core`
 2018-05-18 13:04:55 -04:00
Kevin Kirsche 164f3ef48d Add CVE-2018-1111 exploit 2018-05-18 12:47:08 -04:00
Brent Cook 7af7587519
Land #9999, Optionally test empty group in cisco_ssl_vpn 2018-05-18 10:57:15 -05:00
Brent Cook 37f1e44a12
Land #10009, Add initial check support to external modules 2018-05-18 09:31:31 -05:00
Brendan Coles eb3733ffb4 unless 2018-05-17 17:42:55 +00:00
Brent Cook 520b8bc3c0 remove many duplicate code paths 2018-05-17 08:14:32 -05:00
Tim W a3879f0109
Land #9956, add module to extract wireless credentials on Android 2018-05-17 21:04:56 +08:00
Brent Cook 5c3cb097fb
Land #10047, remove invalid timeout argument on cmd_exec 2018-05-17 07:41:14 -05:00
Brent Cook 406f1fe165 fix #10046, remove invalid timeout argument on cmd_exec 2018-05-17 07:38:22 -05:00
Tim W 6594cbb5cc
Land #9947, AF_PACKET packet_set_ring exploit 2018-05-17 18:43:52 +08:00
Tim W dc227153c4 fix gcc on shell_reverse_tcp session 2018-05-17 18:43:27 +08:00
Aaron Soto c35c8e9c75
Update module name, per a good catch by @bcook 2018-05-16 13:55:45 -05:00
Tim W ce5b24eda0 fork early and cleanup files in module 2018-05-17 00:32:01 +08:00
Jacob Robles 999b895735
Land #9816, Add the scanner/smb/impacket/dcomexec module 2018-05-16 07:15:32 -05:00
William Vu eb0ac79143
Land #9975, local_exploit_suggester fixes 2018-05-16 06:48:02 -05:00
William Vu 739d58135f Move EXE generation in struts_code_exec_parameters 2018-05-16 06:15:40 -05:00
William Vu 6ec0272ff5
Land #8727, CVE-2017-9791 exploit 2018-05-16 05:41:26 -05:00
William Vu eaec1d7486 Clean up module 2018-05-16 05:39:17 -05:00
William Vu 436e414b93
Land #7815, CVE-2016-9299 exploit 2018-05-16 05:29:41 -05:00
William Vu 959cbde6eb Clean up module 2018-05-16 05:29:25 -05:00
William Vu 908857b563
Land #10036, reverse_bash_telnet_ssl fixes 2018-05-16 04:10:36 -05:00
William Vu 3810803276
Land #10035, awk payload improvements 2018-05-16 04:10:21 -05:00
William Vu 6723de2659
Land #10031, zsh payload improvements 2018-05-16 04:10:00 -05:00
William Vu c2c46586cd
Land #10030, reverse_ksh payload 2018-05-16 04:08:17 -05:00
William Vu 6abd0d068a Nix explicit return 2018-05-16 04:06:58 -05:00
Brendan Coles c5f980f633 GoodRanking 2018-05-16 02:38:19 +00:00
William Vu 3ea4548343 Fix PayloadType in reverse_bash_telnet_ssl 
It should not be cmd_bash, since it doesn't rely on being in bash.
 2018-05-15 20:50:30 -05:00
William Vu 49bfa3b707 Update CachedSize 2018-05-15 20:07:14 -05:00
William Vu a19c5f723b Improve bind_awk payload (credit @bcoles) 2018-05-15 20:01:57 -05:00
William Vu 5d229abf72 Improve reverse_awk payload (credit @bcoles) 2018-05-15 20:01:32 -05:00
William Vu cc35975164 Update CachedSize 2018-05-15 19:56:55 -05:00
William Vu 1100899ccb Change link to HTTPS 2018-05-15 19:56:42 -05:00
William Vu 3ccfc27096 Redirect stderr as well 2018-05-15 19:51:10 -05:00
William Vu 3f39475579 Update CachedSize 2018-05-15 19:42:39 -05:00
William Vu b58dc3bf5e Refactor zsh payloads 
This also fixes an oversight where the payloads would fail outside zsh.
 2018-05-15 19:26:19 -05:00
Brendan Coles 7ebe0d6dc5 Use sudo -l rather than sudo -l -l 2018-05-15 18:53:52 +00:00
WangYihang 49904e0377 Add an reverse shell payload by zsh through redirection operations 2018-05-15 22:43:37 +08:00
WangYihang 53844cb24a Add an reverse shell payload by ksh(the korn shell) 2018-05-15 22:36:47 +08:00
Auxilus 900480dd1a
check for root 2018-05-15 17:32:10 +05:30
Auxilus e1786d1ae0
Update sub_info.rb 2018-05-15 16:55:52 +05:30
Green-m 492be19aa0 Use && instead of and 2018-05-15 05:18:38 -04:00
Green-m a61d202586 Delete blank, fix typo and use single quote instead. 2018-05-15 04:27:36 -04:00
Green-m 03a7bb72af Add exploit module for apache hadoop unauthorized command execution 2018-05-15 03:47:20 -04:00
zerosum0x0 4a64401a58 fix ms17-010 similar to 4a56ecf3ae 2018-05-14 15:45:20 -06:00
Brendan Coles 17bd9aafb3 Add post/multi/recon/sudo_commands 2018-05-14 18:31:24 +00:00
Aaron Soto f5a43f2ed0
Land #9991, Remove need for temp file with xdebug_unauth_exec 2018-05-14 08:55:38 -05:00
lucyoa 8dd7a27f7b
Fixes according to code review 2018-05-14 05:46:23 -04:00
lucyoa f65361258b Adding vulnerable firmwares to description 2018-05-13 15:08:32 -04:00
lucyoa 382364a3ff
Adding documentation, improving description 2018-05-13 15:04:40 -04:00
lucyoa c3ad02121c
Exploit for D-Link DSL2750B OS Command Injection vulnerability 2018-05-13 13:58:35 -04:00
Tim W ed5f2bffa9
Land #9919, add libuser roothelper privilege escalation exploit 2018-05-12 17:11:21 +08:00
Tim W a8660e4042 make the PASSWORD option required 2018-05-12 17:10:21 +08:00
Adam Cammack b0e712e992
Add banner check exploit/linux/smtp/haraka 2018-05-11 12:45:32 -05:00
Adam Cammack 90f2fe545c
Add PEP8 whitespace to exploit/linux/smtp/haraka 2018-05-11 12:43:30 -05:00
Green-m 0ef0fae2b2 rm test code 2018-05-10 22:17:38 -04:00
Jacob Robles cc0fdee788
EmptyGroup advanced option, just in case... 2018-05-10 09:57:50 -05:00
Tim W 67c7a718db
Land #9868, fix post/osx/capture/keylog_recorder 2018-05-10 16:47:57 +08:00
Jacob Robles 9811de430c
Land #9878, Add MSF module for EDB 6768, Mantis <= v1.1.3 Post-auth RCE 2018-05-09 11:55:22 -05:00
Jacob Robles a1fed72423
store credential, use vprints 2018-05-09 11:50:07 -05:00
Jacob Robles 79a0610436
remove empty group 2018-05-09 11:11:03 -05:00
Hypnoze57 08b81a418f Customization of Golden Ticket Duration 
- Post exploitation module updated
- Kiwi extention updated

Using mimikatz /startoffset and /endin params
Duration in hours, default already 10 years
 2018-05-09 17:44:55 +02:00
miluxsec 5ed1bde65f Removed unused FileDropper include 2018-05-08 18:10:29 +02:00
miluxsec 5038098efb Remove need for writable directory when using xdebug exploit 
By base64 encoding the exploit code and decoding it on the target the
need for writing a temporary file is removed.
See #9918
 2018-05-07 22:11:21 +02:00
William Vu 0240c3f010
Land #9980, PAN-OS readSessionVarsFromFile exploit 2018-05-07 14:55:00 -05:00
Brent Cook 02849bcfd0
Land #9986, initial ruby_smb simple client integration 2018-05-07 14:02:22 -05:00
Jacob Robles a18459a14c
Fix indentation, documentation update 2018-05-07 09:22:21 -05:00
Touhid M Shaikh 235cac621f
playsms_CVE-2017-9101 
playsms_CVE-2017-9101
 2018-05-07 18:55:22 +05:30
Touhid M Shaikh 74793efdef
Delete playsms_uploadcsv_exec.rb 2018-05-07 18:54:35 +05:30
Touhid M Shaikh fefaa45a50
playsms_CVE-2017-9101 
playsms_CVE-2017-9101
 2018-05-07 18:53:07 +05:30
Jacob Robles 222b1fb27c
Land #9944, playsms_filename_exec.rb 2018-05-07 07:43:16 -05:00
Jacob Robles 601411fe7b
store credentials 2018-05-07 07:26:28 -05:00
Jacob Robles 4b8ceab522
Fix indentation, update documentation 2018-05-07 07:22:53 -05:00
Brendan Coles 5ae9b0185d Add AF_PACKET chocobo_root Privilege Escalation exploit 2018-05-07 07:11:07 +00:00
Green-m 24de2a3cd0 Merge branch 'master' into couchdb_cmd_exec 2018-05-07 02:53:13 -04:00
Brent Cook a4ecd43a8f remove unused constants 2018-05-07 00:24:38 -05:00
Jacob Robles 534d05ff44 simpleclient versions option 2018-05-07 00:24:38 -05:00
Jacob Robles ff202a5f5b Simpleclient/SMB2 support 2018-05-07 00:24:38 -05:00
HD Moore 2a211d99af Nuke base_directory after all, FileDropper does not like our path 2018-05-06 22:58:06 -05:00
HD Moore a9f9d61f1e Use the target_directory, not base 2018-05-06 22:56:59 -05:00
HD Moore cd48507aab Use FileDropper, switch to earlier target directory 2018-05-06 22:56:36 -05:00
HD Moore 1f7b13bea8 Additional module cleanup 2018-05-06 22:50:13 -05:00
HD Moore 3d172df0c4 MD5 of TID and cleanup if statement 2018-05-06 22:24:36 -05:00
HD Moore 68f2e08400 Swap to positive logic 2018-05-06 22:22:47 -05:00
HD Moore 9712215e66 Add Bugtraq ID 2018-05-06 22:21:13 -05:00
HD Moore 5d57e9db34 Remove unnecessary RHOST definition 2018-05-06 22:20:51 -05:00
Green-m 96a354ffc4 Merge branch 'couchdb_cmd_exec' of https://github.com/Green-m/metasploit-framework 2018-05-06 23:07:14 -04:00
Auxilus a612c4cc65
Update wireless_ap.rb 2018-05-06 17:37:12 +05:30
Auxilus 6bd31d7921
Update wireless_ap.rb 2018-05-06 17:33:20 +05:30
Auxilus f32fda6757
Update wireless_ap.rb 2018-05-06 16:52:18 +05:30
Tim W 3e949733e2 fix wpa_supplicant parsing 2018-05-06 19:11:35 +08:00
HD Moore 8141e949fc Note the runtimes 2018-05-05 18:34:11 -05:00
HD Moore e775a97ae2 Adds panos_readsessionvars exploit module 2018-05-05 15:41:17 -05:00
Tim W 5f01b6abc9
Land #9977, fix crash during x64 linux reverse_tcp stager retry 2018-05-05 17:13:00 +08:00
Brendan Coles 3aa7441e10 Update tested versions 2018-05-05 09:11:31 +00:00
Tim W 4216d06ffb fix #9963, update x64 linux reverse_tcp stager cached size 2018-05-05 16:30:45 +08:00
Brendan Coles 24af15b6e7 Update kernel version and system arch detection 2018-05-05 07:16:53 +00:00
Auxilus 40b6b97dbf
Update enum_network.rb 2018-05-05 10:56:55 +05:30
Auxilus ec55a631ef
Check if the data is nil before pasisng to store_loot 
when I ran this module for linux/aarch64/meterpreter_reverse_tcp for payload running in termux, it was obvious that without root the commands will return error, It still created empty files in `.msf4/loot`

```
msf5 post(linux/gather/enum_network) > run
                                                                                                  
[*] Running module against localhost.localdomain
[*] Module running as /system/bin/sh: /usr/bin/whoami: not found
[+] Info:
[+]
[+]     Linux localhost 3.10.84-perf+ #1 SMP PREEMPT Tue Oct 24 01:07:25 CST 2017 aarch64 Android
[*] Collecting data...
[+] /system/bin/sh: /sbin/route: not found
[-] Failed to open file: /etc/ssh/sshd_config: core_channel_open: Operation failed: 1
[-] unable to get data for Network config
[+] Network config stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_735775.txt
[-] unable to get data for Route table                                                            
[+] Route table stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_599334.txt
[-] unable to get data for Firewall config
[+] Firewall config stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_790893.txt
[-] unable to get data for DNS config
[+] DNS config stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_867340.txt
[-] unable to get data for SSHD config                                                           
[+] SSHD config stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_900906.txt                                                                  [-] unable to get data for Host file
[+] Host file stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_179877.txt
[-] unable to get data for Active connections                                                     
[+] Active connections stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_656035.txt                                                           [-] unable to get data for Wireless information
[+] Wireless information stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_168144.txt
[-] unable to get data for Listening ports                                                        
[+] Listening ports stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_999548.txt                                                              [-] unable to get data for If-Up/If-Down
[+] If-Up/If-Down stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_860869.txt
[*] Post module execution completed                                                               
msf5 post(linux/gather/enum_network) >
```
 2018-05-05 10:52:08 +05:30
Brendan Coles cb29b4cf7a Update Local Exploit Suggester - Fix #9974 2018-05-05 04:41:58 +00:00
Aaron Soto 2cd0d3d90a
Rudamentary SOCKS5 functionality, CONNECT, IPv4, non-DNS only 2018-05-04 14:44:03 -05:00
Touhid M Shaikh 71d6841471
updated 
indentation and fix CVE
 2018-05-04 21:33:07 +05:30
Touhid M Shaikh aa69fc9e77
updated 
print_status to vprint_status
 2018-05-04 21:13:26 +05:30
Touhid M Shaikh e824f0f8b0
updated 
added CVE, URL and done randomizing content
 2018-05-04 21:00:04 +05:30
William Vu 88f09dc302 Update a few stragglers in Drupalgeddon 2 
1. I added a missed header and YARD to the Drupal mixin.
2. I decided to match discovered versions more liberally.
 2018-05-03 18:35:25 -05:00
William Vu 728d7bc065 Fix #9876, second round of Drupalgeddon 2 updates 
Thanks to a reviewer for noticing my drupal_unpatched? method was
tri-state because of an unrefactored return. Oops! :)
 2018-05-03 17:38:32 -05:00
bwatters-r7 ce5be387c4
Land #8795, Added CVE-2016-0040 Windows Privilege Escalation 
Merge branch 'land-8795' into upstream-master
 2018-05-03 16:33:53 -05:00
bwatters-r7 96b892a546
Make Rubocop happy 2018-05-03 11:30:05 -05:00
Brendan Coles 3a688451b6 Add Reliable Datagram Sockets (RDS) Privilege Escalation 2018-05-03 12:51:21 +00:00