9c14bddd93
Cleanup OSX local exploit modules
2018-05-31 12:26:33 +00:00
829e1c306a
Land #10102 , SOCKS5 updates for BIND, parsing specs, refactoring
2018-05-30 16:15:53 -05:00
5e968529bf
Land #9976 , Store non-nil linux enum_network loot
2018-05-30 15:33:39 -05:00
435f965418
Use #include? over Regexps with plain strings
2018-05-30 15:32:04 -05:00
1e57aa5a57
Land #9777 , Slui File Handler Hijack LPE
2018-05-30 15:22:12 -05:00
51a9fc4c55
Multidrop
...
Multidrop is a single module which can be used to create *.scf, *.url, *.lnk and desktop.ini files which contain a SMB/UNC link to a listener ready to capture NetNTLM hashes
2018-05-30 17:36:11 +01:00
c0841ef0bf
set default payload
2018-05-30 18:04:22 +08:00
2ec7f11b90
add binary
2018-05-30 18:02:17 +08:00
e69c51132d
Land #10083 , Add Msf::Post::OSX::Priv mixin
2018-05-29 23:01:36 -05:00
d77ee20fc7
Add fix for 7.3.0
2018-05-30 00:59:11 +03:00
f1663afd53
Change patch level of vulnerable versions
2018-05-30 00:37:29 +03:00
c8b2fc8a35
Land #9701 , Flexense HTTP Server DoS exploit
2018-05-29 16:19:59 -05:00
026b22d061
Refined packet sizes and counts, improved error messages
2018-05-29 16:09:27 -05:00
476030bbd6
Fix grep with proper Base64 support; IBM bug!
2018-05-29 18:49:52 +03:00
a3c7ac830f
Fix typo in rand
2018-05-29 18:40:50 +03:00
b0d8e93e79
Added Teradata ODBC Login and SQL modules and documentation
2018-05-29 10:12:43 -05:00
ac5718d24c
Fix whitespace
2018-05-29 15:02:36 +03:00
809982b430
Make changes requested by bcoles
2018-05-29 14:48:57 +03:00
56dd07639f
add vuln versions
2018-05-28 17:37:58 +03:00
aaaa9c7508
Fix warnings from travis
2018-05-28 17:18:52 +03:00
e126681814
Changed disclosure date
2018-05-28 17:08:48 +03:00
cfb7d4c2fe
Add github url
2018-05-28 16:53:54 +03:00
7db8183bc7
Create file for CVE-2018-1418
2018-05-28 16:39:10 +03:00
7ac8af03d2
Remove the LD_PRELOAD hook for proxychains
2018-05-27 17:12:06 -04:00
28d15a113f
Add the secretsdump impacket module and docs
2018-05-27 17:09:59 -04:00
9fab2316c5
Add the wmiexec impacket module and documentation
2018-05-27 16:24:56 -04:00
0af5d44c42
Add glibc 'realpath()' Privilege Escalation exploit
2018-05-26 21:25:59 +00:00
c85cc9ad9e
Refactor SOCKS5 TcpRelay and add packet tests
2018-05-26 13:46:00 -04:00
49341fc87d
Add credential authentication support to socks5
2018-05-25 20:14:03 -04:00
9b5ae34896
Drop udp associate support and cleanup logging
2018-05-25 20:14:03 -04:00
6859856101
Refactor the socks5 code into multiple files
2018-05-25 20:14:03 -04:00
04bec0bdf0
Progress on the socks5 proxy module
2018-05-25 20:14:02 -04:00
3ab7526786
Name & description Change
...
Exploit::CheckCode changed to Unknown as suggested.
2018-05-25 20:22:51 +03:00
fad5a99c7d
fix incorrect disclosure date
2018-05-25 02:59:08 -05:00
4df01da49a
Add GTFOBins
2018-05-25 04:20:25 +00:00
651fb69585
Cleanup linux/local/recvmmsg_priv_esc module
2018-05-24 17:56:07 +00:00
72fb51f877
add extra check for failed command outputs
2018-05-24 20:47:06 +05:30
affa0bdc6f
Minor Update
...
Removed Unused Comment
2018-05-24 13:45:08 +01:00
7143f04ea7
Add files via upload
...
Updated to use recommended method of creating zip files
2018-05-24 09:53:53 +01:00
04a27e0221
Delete thumbnail.png
...
Moved folder location
2018-05-24 09:37:45 +01:00
81c4e9f7b9
Delete styles.xml
...
Moved folder location
2018-05-24 09:37:31 +01:00
73bfe1c9ab
Delete settings.xml
...
Moved folder location
2018-05-24 09:37:18 +01:00
247904746c
Delete meta.xml
...
Moved folder location
2018-05-24 09:37:04 +01:00
f9bda873d2
Delete manifest.xml
...
Moved folder location
2018-05-24 09:36:55 +01:00
5002eae655
Delete manifest.rdf
...
Moved folder location
2018-05-24 09:36:45 +01:00
02afeb3e29
Delete content.xml
...
Moved folder location
2018-05-24 09:36:35 +01:00
86a5b951aa
Land #9990 , add SOCKS5 proxy support
2018-05-23 17:31:09 -05:00
bc5c7a15e5
remove single-entry OptEnum from module, since there is only one possible TECHNIQUE
2018-05-23 13:44:53 -05:00
77403479f5
code cleanup
2018-05-23 12:53:48 -05:00
3ef6f82894
Update bypassuac_sluihijack.rb
2018-05-23 12:25:49 +02:00
567e2dbc7e
Update telpho10_credential_dump.rb
...
Current version still vulnerable, developer ignores mails. It seems like this is going to be a 'won´t fix'
2018-05-23 09:32:41 +02:00
72efe66403
Refactored for better logging, IPv6 support, and prep for auth
2018-05-22 18:57:00 -05:00
45481f26b6
Add Msf::Post::OSX::Priv mixin
2018-05-22 22:25:39 +00:00
0472b9df3f
Land #10024 , Fix find_or_create_* methods for remote data service
...
This PR updates the find_or_create_* methods associated with each model to
no longer just proxy to the report_* model. It now performs a lookup through
the DataProxy and returns the found object if it exists, or creates a new
record if needed.
2018-05-22 17:08:46 -05:00
15e472637a
Land #10070 , Fix cleanup in exploits/osx/local/rootpipe_entitlements
2018-05-22 21:52:24 +00:00
b14e354b25
Land #10048 , Make shell and meterpreter sessions consistent with cmd_exec
2018-05-22 21:26:47 +00:00
40d5f46277
Lad #10017 , D-Link DSL-2750B Unauthenticated OS Command Injection
...
Merge branch 'land-10017' into upstream-master
2018-05-22 10:54:33 -05:00
6cc1a8dcbd
Rubocop fixes
2018-05-22 10:34:05 -04:00
4ecc1ff551
Modify loots, notes and services search methods
...
Modify loots and services method signatures. Remove workspace as a
positional argument, move into opts hash argument and update callers.
Made host search for these models more uniform. Update find_or_create
methods to handle difference in opts between find and report
operations.
2018-05-21 17:37:51 -04:00
6d4ad57beb
refactor: use Rex built-in encoders
2018-05-21 22:14:39 +02:00
75562e2bbc
Land #10044 , Fix is_system? in Msf::Post::Windows::Priv for non-English
...
Merge branch 'land-10044' into upstream-master
2018-05-21 14:24:26 -05:00
93e9c96a1c
Adjust link / name ordering to be alphabetical by key (not sorted by value)
2018-05-21 14:42:13 -04:00
88ab836e15
Land #9987 , AF_PACKET chocobo_root exploit
2018-05-21 17:05:53 +08:00
9e9dff8b6a
fix file cleanup on failed exploitation
2018-05-21 16:47:09 +08:00
cd0161ada2
fix gcc for shell_reverse_tcp payloads on ubuntu
2018-05-21 16:46:42 +08:00
6ae55aadd4
Fixing documentation, improving exploits code
2018-05-20 12:55:46 -04:00
aa033bf5c1
Fix cleanup
2018-05-20 16:19:25 +00:00
c665a32eb9
Add privileged and fix PayloadType hash style
2018-05-19 19:06:50 -04:00
ef229111c8
Delete readme.txt
2018-05-19 16:58:45 +01:00
5d3c95e51b
Create badodt
2018-05-19 16:58:14 +01:00
a0d8f70dee
Create readme.txt
2018-05-19 16:57:40 +01:00
077a7c7c9e
Delete test.txt
2018-05-19 16:57:07 +01:00
018a8a3060
Create test.txt
2018-05-19 16:56:49 +01:00
622bc272fb
Delete odt
2018-05-19 16:56:30 +01:00
b293ddfe5d
Create odt
2018-05-19 16:56:10 +01:00
c9ab44234a
refactor: remove predefined cmd stager flavor, increase linemax
2018-05-19 15:55:11 +02:00
d239fb17db
refactor: update code as requested
2018-05-19 15:50:10 +02:00
d9d226376c
Fix missing comma
2018-05-19 09:23:23 -04:00
4bf259e767
Add github and EDB ID number
2018-05-19 09:04:18 -04:00
b0f556639f
Change rand text length and remove disable nops
2018-05-19 09:02:00 -04:00
8a1cb1e560
fix: fix indentation
2018-05-19 03:27:35 +02:00
5d37451dc8
fix: use print_error instead of puts
2018-05-19 03:26:49 +02:00
b010d23427
exploits: add CVE-2018-1000049 exploit module, fixes #10063
2018-05-19 03:10:06 +02:00
a8fcd9d275
Fix display of uid in post/windows/gather/win_privs
...
`inspect` is not necessary and triggers display of Unicode characters as "\x.." instead of printing their value.
As discussed in PR #10044
2018-05-19 01:35:19 +02:00
294b263159
Land #9966 , Add Reliable Datagram Sockets (RDS) Privilege Escalation exploit
...
Merge branch 'land-9966' into upstream-master
2018-05-18 17:06:04 -05:00
12457d14f7
vTiger CRM v6.3.0 (CVE:2015-6000,CVE:2016-1713)
...
an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file.
2018-05-19 01:13:10 +05:30
6d0c6a7051
Randomize the starting letter
2018-05-18 15:14:40 -04:00
1efa5c4061
Move to PayloadType instead of Compat
2018-05-18 14:55:33 -04:00
599979be37
Add AKA and remove filename
2018-05-18 14:49:12 -04:00
0951aca881
Fix require that’s included by mixin
2018-05-18 13:31:20 -04:00
35ee1b5fa1
Use https instead of http in the comments
2018-05-18 13:10:47 -04:00
8f0242344d
Fix style to use curly braces instead of pipes
2018-05-18 13:06:38 -04:00
f1b9088609
Fix msf/core include requirement
...
```
modules/exploits/unix/dhcp/rhel_dhcp_client_command_injection.rb - [WARNING] Explicitly requiring/loading msf/core is not necessary
```
removes `require msf/core`
2018-05-18 13:04:55 -04:00
164f3ef48d
Add CVE-2018-1111 exploit
2018-05-18 12:47:08 -04:00
7af7587519
Land #9999 , Optionally test empty group in cisco_ssl_vpn
2018-05-18 10:57:15 -05:00
37f1e44a12
Land #10009 , Add initial check support to external modules
2018-05-18 09:31:31 -05:00
eb3733ffb4
unless
2018-05-17 17:42:55 +00:00
520b8bc3c0
remove many duplicate code paths
2018-05-17 08:14:32 -05:00
a3879f0109
Land #9956 , add module to extract wireless credentials on Android
2018-05-17 21:04:56 +08:00
5c3cb097fb
Land #10047 , remove invalid timeout argument on cmd_exec
2018-05-17 07:41:14 -05:00
406f1fe165
fix #10046 , remove invalid timeout argument on cmd_exec
2018-05-17 07:38:22 -05:00
6594cbb5cc
Land #9947 , AF_PACKET packet_set_ring exploit
2018-05-17 18:43:52 +08:00
dc227153c4
fix gcc on shell_reverse_tcp session
2018-05-17 18:43:27 +08:00
c35c8e9c75
Update module name, per a good catch by @bcook
2018-05-16 13:55:45 -05:00
ce5b24eda0
fork early and cleanup files in module
2018-05-17 00:32:01 +08:00
999b895735
Land #9816 , Add the scanner/smb/impacket/dcomexec module
2018-05-16 07:15:32 -05:00
eb0ac79143
Land #9975 , local_exploit_suggester fixes
2018-05-16 06:48:02 -05:00
739d58135f
Move EXE generation in struts_code_exec_parameters
2018-05-16 06:15:40 -05:00
6ec0272ff5
Land #8727 , CVE-2017-9791 exploit
2018-05-16 05:41:26 -05:00
eaec1d7486
Clean up module
2018-05-16 05:39:17 -05:00
436e414b93
Land #7815 , CVE-2016-9299 exploit
2018-05-16 05:29:41 -05:00
959cbde6eb
Clean up module
2018-05-16 05:29:25 -05:00
908857b563
Land #10036 , reverse_bash_telnet_ssl fixes
2018-05-16 04:10:36 -05:00
3810803276
Land #10035 , awk payload improvements
2018-05-16 04:10:21 -05:00
6723de2659
Land #10031 , zsh payload improvements
2018-05-16 04:10:00 -05:00
c2c46586cd
Land #10030 , reverse_ksh payload
2018-05-16 04:08:17 -05:00
6abd0d068a
Nix explicit return
2018-05-16 04:06:58 -05:00
c5f980f633
GoodRanking
2018-05-16 02:38:19 +00:00
3ea4548343
Fix PayloadType in reverse_bash_telnet_ssl
...
It should not be cmd_bash, since it doesn't rely on being in bash.
2018-05-15 20:50:30 -05:00
49bfa3b707
Update CachedSize
2018-05-15 20:07:14 -05:00
a19c5f723b
Improve bind_awk payload (credit @bcoles)
2018-05-15 20:01:57 -05:00
5d229abf72
Improve reverse_awk payload (credit @bcoles)
2018-05-15 20:01:32 -05:00
cc35975164
Update CachedSize
2018-05-15 19:56:55 -05:00
1100899ccb
Change link to HTTPS
2018-05-15 19:56:42 -05:00
3ccfc27096
Redirect stderr as well
2018-05-15 19:51:10 -05:00
3f39475579
Update CachedSize
2018-05-15 19:42:39 -05:00
b58dc3bf5e
Refactor zsh payloads
...
This also fixes an oversight where the payloads would fail outside zsh.
2018-05-15 19:26:19 -05:00
7ebe0d6dc5
Use sudo -l rather than sudo -l -l
2018-05-15 18:53:52 +00:00
49904e0377
Add an reverse shell payload by zsh through redirection operations
2018-05-15 22:43:37 +08:00
53844cb24a
Add an reverse shell payload by ksh(the korn shell)
2018-05-15 22:36:47 +08:00
900480dd1a
check for root
2018-05-15 17:32:10 +05:30
e1786d1ae0
Update sub_info.rb
2018-05-15 16:55:52 +05:30
492be19aa0
Use && instead of and
2018-05-15 05:18:38 -04:00
a61d202586
Delete blank, fix typo and use single quote instead.
2018-05-15 04:27:36 -04:00
03a7bb72af
Add exploit module for apache hadoop unauthorized command execution
2018-05-15 03:47:20 -04:00
4a64401a58
fix ms17-010 similar to 4a56ecf3ae
2018-05-14 15:45:20 -06:00
17bd9aafb3
Add post/multi/recon/sudo_commands
2018-05-14 18:31:24 +00:00
f5a43f2ed0
Land #9991 , Remove need for temp file with xdebug_unauth_exec
2018-05-14 08:55:38 -05:00
8dd7a27f7b
Fixes according to code review
2018-05-14 05:46:23 -04:00
f65361258b
Adding vulnerable firmwares to description
2018-05-13 15:08:32 -04:00
382364a3ff
Adding documentation, improving description
2018-05-13 15:04:40 -04:00
c3ad02121c
Exploit for D-Link DSL2750B OS Command Injection vulnerability
2018-05-13 13:58:35 -04:00
ed5f2bffa9
Land #9919 , add libuser roothelper privilege escalation exploit
2018-05-12 17:11:21 +08:00
a8660e4042
make the PASSWORD option required
2018-05-12 17:10:21 +08:00
b0e712e992
Add banner check exploit/linux/smtp/haraka
2018-05-11 12:45:32 -05:00
90f2fe545c
Add PEP8 whitespace to exploit/linux/smtp/haraka
2018-05-11 12:43:30 -05:00
0ef0fae2b2
rm test code
2018-05-10 22:17:38 -04:00
cc0fdee788
EmptyGroup advanced option, just in case...
2018-05-10 09:57:50 -05:00
67c7a718db
Land #9868 , fix post/osx/capture/keylog_recorder
2018-05-10 16:47:57 +08:00
9811de430c
Land #9878 , Add MSF module for EDB 6768, Mantis <= v1.1.3 Post-auth RCE
2018-05-09 11:55:22 -05:00
a1fed72423
store credential, use vprints
2018-05-09 11:50:07 -05:00
79a0610436
remove empty group
2018-05-09 11:11:03 -05:00
08b81a418f
Customization of Golden Ticket Duration
...
- Post exploitation module updated
- Kiwi extention updated
Using mimikatz /startoffset and /endin params
Duration in hours, default already 10 years
2018-05-09 17:44:55 +02:00
5ed1bde65f
Removed unused FileDropper include
2018-05-08 18:10:29 +02:00
5038098efb
Remove need for writable directory when using xdebug exploit
...
By base64 encoding the exploit code and decoding it on the target the
need for writing a temporary file is removed.
See #9918
2018-05-07 22:11:21 +02:00
0240c3f010
Land #9980 , PAN-OS readSessionVarsFromFile exploit
2018-05-07 14:55:00 -05:00
02849bcfd0
Land #9986 , initial ruby_smb simple client integration
2018-05-07 14:02:22 -05:00
a18459a14c
Fix indentation, documentation update
2018-05-07 09:22:21 -05:00
235cac621f
playsms_CVE-2017-9101
...
playsms_CVE-2017-9101
2018-05-07 18:55:22 +05:30
74793efdef
Delete playsms_uploadcsv_exec.rb
2018-05-07 18:54:35 +05:30
fefaa45a50
playsms_CVE-2017-9101
...
playsms_CVE-2017-9101
2018-05-07 18:53:07 +05:30
222b1fb27c
Land #9944 , playsms_filename_exec.rb
2018-05-07 07:43:16 -05:00
601411fe7b
store credentials
2018-05-07 07:26:28 -05:00
4b8ceab522
Fix indentation, update documentation
2018-05-07 07:22:53 -05:00
5ae9b0185d
Add AF_PACKET chocobo_root Privilege Escalation exploit
2018-05-07 07:11:07 +00:00
24de2a3cd0
Merge branch 'master' into couchdb_cmd_exec
2018-05-07 02:53:13 -04:00
a4ecd43a8f
remove unused constants
2018-05-07 00:24:38 -05:00
534d05ff44
simpleclient versions option
2018-05-07 00:24:38 -05:00
ff202a5f5b
Simpleclient/SMB2 support
2018-05-07 00:24:38 -05:00
2a211d99af
Nuke base_directory after all, FileDropper does not like our path
2018-05-06 22:58:06 -05:00
a9f9d61f1e
Use the target_directory, not base
2018-05-06 22:56:59 -05:00
cd48507aab
Use FileDropper, switch to earlier target directory
2018-05-06 22:56:36 -05:00
1f7b13bea8
Additional module cleanup
2018-05-06 22:50:13 -05:00
3d172df0c4
MD5 of TID and cleanup if statement
2018-05-06 22:24:36 -05:00
68f2e08400
Swap to positive logic
2018-05-06 22:22:47 -05:00
9712215e66
Add Bugtraq ID
2018-05-06 22:21:13 -05:00
5d57e9db34
Remove unnecessary RHOST definition
2018-05-06 22:20:51 -05:00
96a354ffc4
Merge branch 'couchdb_cmd_exec' of https://github.com/Green-m/metasploit-framework
2018-05-06 23:07:14 -04:00
a612c4cc65
Update wireless_ap.rb
2018-05-06 17:37:12 +05:30
6bd31d7921
Update wireless_ap.rb
2018-05-06 17:33:20 +05:30
f32fda6757
Update wireless_ap.rb
2018-05-06 16:52:18 +05:30
3e949733e2
fix wpa_supplicant parsing
2018-05-06 19:11:35 +08:00
8141e949fc
Note the runtimes
2018-05-05 18:34:11 -05:00
e775a97ae2
Adds panos_readsessionvars exploit module
2018-05-05 15:41:17 -05:00
5f01b6abc9
Land #9977 , fix crash during x64 linux reverse_tcp stager retry
2018-05-05 17:13:00 +08:00
3aa7441e10
Update tested versions
2018-05-05 09:11:31 +00:00
4216d06ffb
fix #9963 , update x64 linux reverse_tcp stager cached size
2018-05-05 16:30:45 +08:00
24af15b6e7
Update kernel version and system arch detection
2018-05-05 07:16:53 +00:00
40b6b97dbf
Update enum_network.rb
2018-05-05 10:56:55 +05:30
ec55a631ef
Check if the data is nil before pasisng to store_loot
...
when I ran this module for linux/aarch64/meterpreter_reverse_tcp for payload running in termux, it was obvious that without root the commands will return error, It still created empty files in `.msf4/loot`
```
msf5 post(linux/gather/enum_network) > run
[*] Running module against localhost.localdomain
[*] Module running as /system/bin/sh: /usr/bin/whoami: not found
[+] Info:
[+]
[+] Linux localhost 3.10.84-perf+ #1 SMP PREEMPT Tue Oct 24 01:07:25 CST 2017 aarch64 Android
[*] Collecting data...
[+] /system/bin/sh: /sbin/route: not found
[-] Failed to open file: /etc/ssh/sshd_config: core_channel_open: Operation failed: 1
[-] unable to get data for Network config
[+] Network config stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_735775.txt
[-] unable to get data for Route table
[+] Route table stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_599334.txt
[-] unable to get data for Firewall config
[+] Firewall config stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_790893.txt
[-] unable to get data for DNS config
[+] DNS config stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_867340.txt
[-] unable to get data for SSHD config
[+] SSHD config stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_900906.txt [-] unable to get data for Host file
[+] Host file stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_179877.txt
[-] unable to get data for Active connections
[+] Active connections stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_656035.txt [-] unable to get data for Wireless information
[+] Wireless information stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_168144.txt
[-] unable to get data for Listening ports
[+] Listening ports stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_999548.txt [-] unable to get data for If-Up/If-Down
[+] If-Up/If-Down stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_860869.txt
[*] Post module execution completed
msf5 post(linux/gather/enum_network) >
```
2018-05-05 10:52:08 +05:30
cb29b4cf7a
Update Local Exploit Suggester - Fix #9974
2018-05-05 04:41:58 +00:00
2cd0d3d90a
Rudamentary SOCKS5 functionality, CONNECT, IPv4, non-DNS only
2018-05-04 14:44:03 -05:00
71d6841471
updated
...
indentation and fix CVE
2018-05-04 21:33:07 +05:30
aa69fc9e77
updated
...
print_status to vprint_status
2018-05-04 21:13:26 +05:30
e824f0f8b0
updated
...
added CVE, URL and done randomizing content
2018-05-04 21:00:04 +05:30
88f09dc302
Update a few stragglers in Drupalgeddon 2
...
1. I added a missed header and YARD to the Drupal mixin.
2. I decided to match discovered versions more liberally.
2018-05-03 18:35:25 -05:00
728d7bc065
Fix #9876 , second round of Drupalgeddon 2 updates
...
Thanks to a reviewer for noticing my drupal_unpatched? method was
tri-state because of an unrefactored return. Oops! :)
2018-05-03 17:38:32 -05:00
ce5be387c4
Land #8795 , Added CVE-2016-0040 Windows Privilege Escalation
...
Merge branch 'land-8795' into upstream-master
2018-05-03 16:33:53 -05:00
96b892a546
Make Rubocop happy
2018-05-03 11:30:05 -05:00
3a688451b6
Add Reliable Datagram Sockets (RDS) Privilege Escalation
2018-05-03 12:51:21 +00:00
50300426ca
fix feedback from code review
2018-05-03 18:28:14 +08:00
916dfa56fe
Add author name to the wlan_probe_request post-exploitation module
2018-05-03 11:41:09 +02:00
02920728a4
Update sub_info.rb
2018-05-03 02:51:39 +05:30
7a47e2aa25
Update sub_info.rb
2018-05-02 22:02:09 +05:30
bd92d189f4
Update sub_info.rb
2018-05-02 21:48:01 +05:30
e87116a5c1
Minor fixes
2018-05-02 20:51:30 +05:30
1c89bd80d9
Update sub_info.rb
2018-05-02 20:44:21 +05:30
c6df12dccb
Add android post module to extract subscriber info
2018-05-02 20:41:54 +05:30
98d81476f7
Fix get_password for pwds with `"`, `=` etc
2018-05-02 19:09:36 +05:30
fa727f5394
Update wireless_ap.rb
2018-05-02 18:22:00 +05:30
d6cf32fad8
Land #9821 , osCommerce 2.3.4.1 - Remote Code Execution
2018-05-02 07:29:15 -05:00
fc2c42f725
Land #9960 , fix continuation warnings in payloads
2018-05-02 06:28:17 -05:00
773e06b3ca
Update wireless_ap.rb
2018-05-02 01:28:15 +05:30
2817ff25cb
Update wireless_ap.rb
2018-05-02 00:00:34 +05:30
614de11a9c
Update wireless_ap.rb
2018-05-02 00:00:05 +05:30
9b00a5cffb
store loot
2018-05-01 23:10:29 +05:30
29467c2e37
Stylize the output
2018-05-01 22:58:17 +05:30
c62fc79537
Fixed typo in description.
2018-05-01 11:37:33 -04:00
89d6ded805
Removing the Nagios enum module, adding description
2018-05-01 11:35:45 -04:00
4a56ecf3ae
psexec native upload argument
2018-05-01 09:33:17 -05:00
34f8a9a5ee
fix continuation warnings in payloads
2018-05-01 04:57:42 -05:00
4c8ad3ca9c
Removing old exploit/docs
2018-04-30 22:26:37 -04:00
ad8bf6d8e3
Renamed exploit to electric boogaloo
2018-04-30 22:20:35 -04:00
28173222a8
Land #9881 , cleanup psexec code
2018-04-30 18:39:36 -05:00
e29a53b7cb
Land #9951 , Update linux/gather/enum_protections module
2018-04-30 16:52:30 -05:00
f3fa9af098
fixup osx sizes
2018-04-30 15:21:23 -05:00
7e31c2cf76
Land #9942 , IPv6 channel fixes for Python and Linux/macOS Meterpreters
2018-04-30 15:14:12 -05:00
bc0cad43bc
Update wireless_ap.rb
2018-04-30 19:19:12 +05:30
ca7afae730
Add wireless_ap post module for Android
...
This module displays all the saved wireless AP creds in the target device
2018-04-30 19:02:30 +05:30
2ca05ee7c1
Remove explicit EDB url in favor of MSF autogenerated one
...
Use more appropriate Failwith errors for connection issues
Remove an unnecessary `to_s` call
Use the cookie kwarg for send_request_cgi over explicitly setting a header
2018-04-29 22:24:49 -04:00
3351a59efb
Update linux/gather/enum_protections
2018-04-29 06:52:47 +00:00
9ae0acd489
Removing debug statement
2018-04-28 15:56:56 -07:00
c7caac627b
Replacing Import with Fiddle, adding fork compatibility for High Sierra
2018-04-28 15:53:23 -07:00
f7504dd9d5
Add AF_PACKET packet_set_ring Privilege Escalation exploit
2018-04-28 01:40:17 +00:00
c4bca03fea
Land #9908 , msfd_rce_remote and msfd_rce_browser
2018-04-27 18:54:17 -05:00
82fc4aba64
Land #9918 , XDebug Unauthenticated OS command execution
2018-04-27 17:08:58 -05:00
ce099aea76
playsms_filename_exec.rb
...
PlaySMS sendfromfile.php Authenticated "Filename" Field Code Execution
2018-04-28 01:15:52 +05:30
8fd7448e48
bump payloads, ipv6 channel fixes
2018-04-27 14:18:54 -05:00
b932988866
more fixes
2018-04-27 11:43:32 -06:00
2dda26606e
updated based on feedback from r7
2018-04-27 11:23:17 -06:00
d29bc920c1
print o/p to new line
2018-04-27 20:58:25 +05:30
912970ad3b
change vprint to print for printing o/p in psexec_command
2018-04-27 20:47:21 +05:30
0374de5e0d
change vprint to print for printing o/p
2018-04-27 10:49:04 +05:30
25cf8d175a
report command execution o/p
2018-04-27 08:43:30 +05:30
79d8f5e86c
autofilter = false means skip, which is reverse of intuition
2018-04-26 17:20:55 -05:00
1806c247f1
Fixing tabbed spaces, version number in documentation
2018-04-26 18:15:39 -04:00
a2ae4bcfb0
initial commit for nagios post module
2018-04-26 16:06:29 -06:00
b547e6282e
Adding print statement to run the corresponding post module
2018-04-26 17:55:31 -04:00
37a32c2726
Adding module for Nagios XI remote root exploit.
...
See http://blog.redactedsec.net/exploits/2018/04/26/nagios.html for
more information.
2018-04-26 17:42:10 -04:00
54aaf1f718
Land #9937 , enable autofilter on tp-link camera exploit
2018-04-26 16:08:09 -05:00
4789cdc596
enable autofilter on tp-link camera exploit
2018-04-26 14:56:39 -05:00
0fa0358993
Land #9853 , Update Linux sock_sendpage local exploit module
2018-04-26 14:30:51 -05:00
873cbcee27
Fix #9876 , minor updates to Drupalgeddon 2
...
1. Tested versions are already listed in the module doc, and we've
tested more than just 7.57 and 8.4.5 now. Removing a source of potential
inconsistency in the future.
2. No problem with ivars anymore. No idea what happened, but maybe I was
just too tired to code. Removing cleanup method.
2018-04-25 18:09:54 -05:00
f52e6a18a2
Land #9876 , Drupalgeddon 2
2018-04-25 15:49:53 -05:00
b8eb7f2a86
Set target type instead of regexing names
...
We're no longer matching multiple targets like /In-Memory/ or /Dropper/,
so it makes sense to match on a specific value now.
Old matching in this commit: 1900aa2708
2018-04-25 11:53:26 -05:00
2cd0228db2
Land #9900 , add base64 encoder for ruby
2018-04-25 04:06:50 -05:00
4cba6d1df4
suggest a reason if we get no server response
2018-04-25 03:57:12 -05:00
910e9337fb
Use print_good for patch level check, oops
2018-04-24 23:21:22 -05:00
b7ac16038b
Correct comment about PHP CLI (it's not our last!)
2018-04-24 23:18:51 -05:00
ec43801564
Add check for patch level in CHANGELOG.txt
...
Looks like 8.x has core/CHANGELOG.txt instead.
2018-04-24 23:12:33 -05:00
2ff0e597a0
Add SA-CORE-2018-002 as an AKA ref
...
Makes sense to me. Even though it's technically the advisory.
2018-04-24 22:51:33 -05:00
382a7f8aa3
Merge https://github.com/rapid7/metasploit-framework into psexec_cleanup
2018-04-25 09:09:48 +05:30
8bc1417c8c
Use PHP_FUNC as a fallback in case assert() fails
...
Additionally drop a file in a writable directory in case CWD fails.
2018-04-24 22:29:27 -05:00
cbfdaf23a0
updated for requested changes
2018-04-25 08:56:54 +05:30
8ff4407ca6
Clarify version detection error message
...
This was supposed to imply that we couldn't configure the exploit for a
targetable version. Instead, it just read weirdly. I think it was
missing "to target" at the end. "Determine" is a much better word,
though, since we may be doing detection instead of mere configuration.
2018-04-24 20:51:51 -05:00
e7ac2cd155
move report_auth to psexec module
2018-04-24 23:00:55 +05:30
c81ad8fec0
Changes after review
2018-04-24 18:33:27 +02:00
cfaca5baa3
Restore a return lost in the refactor :(
...
Also spiff up comments.
2018-04-24 11:25:55 -05:00
3353102dc1
fix opt dependencies
2018-04-24 21:55:09 +05:30
a0f16b4a66
Prefer print_warning for consistency
2018-04-24 11:17:19 -05:00
7ef8b99480
Improve printing in ETERNALBLUE's verify_arch
...
Now shows the invalid arch instead of showing nothing.
2018-04-24 11:09:54 -05:00
b507391f1b
Change back to vprint_status for the nth time
...
I really couldn't decide, especially once I got rid of CmdStager.
Also fully document the module options.
2018-04-24 04:23:52 -05:00
c8b6482ab0
Rewrite PHP targets to work with 7.x and 8.x
...
Win some, lose some. php -r spawns a new (obvious) command. :/
Check method and version detection also rewritten. :)
2018-04-24 03:38:05 -05:00
ef5272cdc6
Update tested versions
2018-04-23 20:28:24 +00:00
00583caadf
Add Libuser roothelper Privilege Escalation exploit
2018-04-23 17:49:11 +00:00
f9a804e7d8
Bring the PR up to date
2018-04-23 08:52:05 -05:00
e197cb5759
add arch check
2018-04-22 08:30:32 -04:00
60c6f970c1
Added base64 encoder for Ruby
2018-04-21 10:54:26 +02:00
8be58d315c
Stop being lazy about badchar analysis
...
Badchars apply to all targets.
2018-04-20 19:30:38 -05:00
5be4526085
Merge remote-tracking branch 'upstream/master' into feature/drupal
2018-04-20 18:42:15 -05:00
1c92134606
Land #9756 , Add lastore-daemon D-Bus Privilege Escalation exploit
...
Merge branch 'land-9756' into upstream-master
2018-04-20 15:45:37 -05:00
f12f6d54a5
Land #9862 , Post-exploitation module for meterpreter (Windows) to send wireless probe requests
...
Merge branch 'land-9862' into upstream-master
2018-04-20 14:32:01 -05:00
37a844bef0
Land # 9247, Add ASUS infosvr Auth Bypass Command Execution exploit
...
Merge branch 'land-9247' into upstream-master
2018-04-20 11:24:47 -05:00
fb3857222a
Java JMX Package Name Randomization
2018-04-19 10:10:56 -07:00
fcfe927b7a
Add PHP dropper functionality and targets
2018-04-19 05:11:21 -05:00
62aca93d8b
Cache version detection and print only once
...
Oops. This is the problem with overloading methods.
2018-04-19 04:59:07 -05:00
2670d06f99
Add in-memory PHP execution using assert()
2018-04-19 02:18:56 -05:00
7a2cc991ff
Refactor once more with feeling
...
Nested conditionals are the devil. Printing should be consistent now.
2018-04-18 23:59:14 -05:00
3d116d721d
Add version detection and automatic targeting
...
I also refactored error handling. Should be cleaner now.
2018-04-18 21:40:22 -05:00
86ffbc753e
Refactor clean URL handling and remove dead code
2018-04-18 19:56:42 -05:00
1547a47026
Land #9784 , add osx high sierra APFS password disclosure post module
2018-04-18 14:27:22 +08:00
72cd97d3e4
minor documentation and comment tweaks
2018-04-18 14:22:32 +08:00
1900aa2708
Refactor module and address review comments
2018-04-17 19:05:45 -05:00
f0b9ea635a
cleanup psexec code
2018-04-16 09:04:36 +05:30
143fdde1f8
Flipped Safe and Appears in check
2018-04-15 12:10:10 -04:00
a60f205ee0
Fix check return CheckCode and typos
2018-04-15 18:08:49 +10:00
60ac89c336
Restructure some logic to make the flow more intuitive
2018-04-14 15:03:12 -04:00
36c1bf5453
Remove a missed tab
2018-04-14 10:30:49 -04:00
083f6936fd
Update for @bcoles review
...
Refactor version checking to use Gem::Version
Change the title of the exploit to fit convention
Change print statements used in check to vprint
Change fail_with Failure for connection issues to be Unknown instead
of NoAccess
Add CVE reference
Refactor how some nil checking is done for response for
send_request_cgi
Text-wrap description to 80 chars
Remove unnecessary string interpolation for cookie in payload
delivery
Change how the payload cradle is escaped and encoded; switch to HTTP
POST for stealth
Remove nil check that is redundant and also typo'd to
2018-04-14 10:24:05 -04:00
486ab7c776
Update for msftidy and contribution guidelines
2018-04-14 09:20:13 -04:00
27ded57cda
Add MSF module for EDB 6768
2018-04-14 08:51:51 -04:00
d8508b8d7d
Add Drupal Drupalgeddon 2
2018-04-14 00:22:30 -05:00
9a3064ad7e
Cleanup and refactor upload_and_compile
2018-04-12 16:43:43 +00:00
b282db3c6a
Fixing broken imports for keylog_recorder.rb and improving control chars
2018-04-12 02:08:53 -07:00
0286204b5d
Couchdb debug code
2018-04-12 03:54:02 -04:00
054e525a61
Couchdb debug code
2018-04-12 03:51:37 -04:00
22eb36a131
Merge branch 'master' into couchdb_cmd_exec
2018-04-12 02:23:07 -04:00
c72ca7544b
dont let this run on meterpreter
2018-04-11 21:05:15 -04:00
2a6acfd1d0
Land #9823 , Private IP leak via WebRTC
2018-04-11 17:37:56 -05:00
2d33320921
Added a post-exploitation module to send wireless probe requests
2018-04-11 16:43:33 +02:00
154951cd37
minor update
2018-04-11 01:45:41 +10:00
8be159bdc7
Fixing space-tab mixed
2018-04-10 20:45:38 +05:30
7cbba34c83
Parsing IP address only
...
Changed title name and description, however few things still needs to fix.
2018-04-10 20:32:52 +05:30
fc7040099c
Update Linux sock_sendpage local exploit module
2018-04-10 11:15:42 +00:00
3c5cbd2664
Use cmdstager method, update function to clean file, delete lots of useless code and etc.
2018-04-10 06:14:47 -04:00
ee6f83c281
match newfs_apfs regex
2018-04-10 14:45:14 +08:00
be18930f12
Cleaned up output, only querying for %WINDIR% if necessary
2018-04-09 15:27:50 -05:00
c07f2f1a09
Update run_as.rb
2018-04-09 21:24:16 +05:30
c34b796f13
Remove temp file from dist after cmd execution
...
https://github.com/rapid7/metasploit-framework/issues/9830
2018-04-09 20:14:01 +05:30
c0be313691
Update the get_version and check function
2018-04-09 00:07:58 -04:00
6682acc4db
Pass range as parameter to rand_text_alpha_lower
2018-04-08 23:38:44 -04:00
d9dc2ec2f7
Merge branch 'master' into couchdb_cmd_exec
2018-04-08 23:35:04 -04:00
dabd9c8811
Improve function get_version and check
2018-04-08 07:51:37 -04:00
a473dd04a8
Land #9813 , Add etcd library and version scanner
2018-04-08 07:05:31 -04:00
bd672ae148
Description changed
2018-04-08 12:00:14 +02:00
1e439b623b
Description changed
2018-04-08 11:46:01 +02:00
fd83caf51d
use Gem::Version between
2018-04-08 02:23:45 -04:00
076a73c2ee
use Gem::Version for version comparisons
2018-04-07 23:37:56 -04:00
b55eb9b8f2
bump payloads, add Python UDP channel support
...
This pulls in Python UDP channel support from
https://github.com/rapid7/metasploit-payloads/pull/276
2018-04-07 14:21:30 -05:00
3f40f43609
Make final output more readable
2018-04-07 11:05:47 -04:00
dd523c7d20
compile path not local file
2018-04-06 18:51:04 -04:00
201cdfb189
Handling execption by MSFTIDY
2018-04-06 22:54:21 +05:30
37c578e16d
Update oscommerce_installer_unauth_code_exec.rb
2018-04-06 17:10:53 +01:00
4e6afd49ed
Update browser_getprivateip.rb
2018-04-06 21:10:29 +05:30
dee01189ca
Update oscommerce_installer_unauth_code_exec.rb
2018-04-06 15:41:21 +01:00
50c3f53e03
Update oscommerce_installer_unauth_code_exec.rb
2018-04-06 14:39:45 +01:00
0c829a5c6b
Update oscommerce_installer_unauth_code_exec.rb
2018-04-06 14:35:33 +01:00
cbdb3a35b2
Update oscommerce_installer_unauth_code_exec.rb
2018-04-06 14:14:11 +01:00
c8544c3bc0
Add 'phpMyAdmin Authenticated Remote Code Execution' aux module - CVE-2016-5734
2018-04-06 14:57:07 +02:00
f6cfcefbae
Some tweaks suggested by bcoles.
2018-04-06 17:44:43 +05:30
6698f1b64b
Update oscommerce_installer_unauth_code_exec.rb
2018-04-06 13:05:40 +01:00
806c72ebcb
Update and rename oscommerce.rb to oscommerce_installer_unauth_code_exec.rb
2018-04-06 11:29:29 +01:00
3efd17a801
Rename osCommerce.rb to oscommerce.rb
2018-04-06 10:46:00 +01:00
0d254b4e5c
Update osCommerce.rb
2018-04-06 10:40:28 +01:00
582eb2e61c
Create browser_getprivateip.rb
2018-04-06 14:42:57 +05:30
b5681cb954
osCommerce Module
2018-04-05 20:28:14 +01:00
81c78a51c2
Land #9794 , Added support for regional dialects
2018-04-05 12:56:07 -05:00
0a3bcf570c
Add the scanner/smb/impacket/dcomexec module
2018-04-04 17:34:41 -04:00
63aabc00f1
etcd rubocop style
2018-04-04 11:01:38 -07:00
a8c76638d3
Rename
2018-04-04 10:54:20 -07:00
518e17118a
Add DisclosureDate
2018-04-04 10:52:47 -07:00
a6c31aceb2
Refactor common etc capabilities; add separate version scanner
2018-04-04 10:48:27 -07:00
0d470f67ef
Run bash on the script directly.
2018-04-04 05:49:35 -04:00
c53341f6c0
Fix msftidy problem.
2018-04-04 00:38:57 -04:00
388927b933
Add advanced option Attempts to control exploit times
2018-04-04 00:08:32 -04:00
2472bfdfdc
Fix rand_text_alpha_lower problem.
2018-04-03 23:05:08 -04:00
bbf6d072ea
Fix some errors and bugs.
2018-04-03 22:47:41 -04:00
1fa40bfe3b
Land #8539 , ProcessMaker Plugin Upload exploit
2018-04-03 20:52:17 -05:00
0faf2f4e04
Land # 8007, Added NTDSgrab module to metasploit.
...
Merge branch 'land-8007' into upstream-master
2018-04-03 15:56:37 -05:00
d9039d43ef
Land #9734 , Remove unwanted 'pop RAX' from windows/x64/reverse_(win)http
2018-04-03 14:23:41 -05:00
e17be05e6a
Land #9595 , Add post module RID Hijacking on Windows
2018-04-03 14:12:34 -05:00
8f7d9f3ac8
rename module
2018-04-03 13:44:55 -05:00
19eef59f23
add disclosure date, fix target
2018-04-03 13:39:11 -05:00
cd7831a2a3
An unforgettable luncheon
2018-04-03 13:39:11 -05:00
0806c0725f
Fix some bugs with command exits
...
Also fix a bug in check()
2018-04-03 10:35:49 -04:00
dfb3a421fe
Remove require statement
2018-04-03 12:56:06 +00:00
8c2138f13b
Land #9742 , QNX exploit improvements
2018-04-03 07:50:29 -05:00
9f174e7323
msftidy
2018-04-03 16:10:41 +08:00
7c3e5da450
add more credits/references
2018-04-03 14:59:00 +08:00
c5039251a2
add CVE-2016-4655
...
rebase
2018-04-03 14:58:57 +08:00
d465226d89
add loader
2018-04-03 14:44:54 +08:00
cd1f4e1373
webkit apple safari trident exploit
2018-04-03 14:44:54 +08:00
d860d7af5b
require 'rex/tar'
2018-04-03 06:34:30 +00:00
bd3c00dfd0
Land #9726 , add simple Rex::Tar wrapper for consistency with other archive types
2018-04-02 23:35:22 -05:00
226ef160ff
Land #9748 , Convert the smbloris DoS into an external module
...
Help reliability and performance. This some Ruby-specific external module
tooling as a result as well.
2018-04-02 23:25:10 -05:00
b445583a14
Land #9774 , use correct whitespace when patching python meterpreter
2018-04-02 23:07:36 -05:00
d6dc0a2d4f
Adjust rid_hijack.rb code style with rubocop recommendations.
2018-04-03 04:57:41 +02:00
11389a6d53
Fixed errors 2
2018-04-02 17:33:53 +02:00
1327c0bb7e
Fixed errors
2018-04-02 17:21:16 +02:00
fa34f3e0a4
Land #9718 , Add get_user_spns 'kerberoasting' module
2018-04-02 10:04:44 -05:00
c401872af6
Fix some logic flaws and other review things
...
Also make the output more reliable
2018-03-30 19:20:20 -07:00
76af9d5a15
Add apfs_encrypted_volume_passwd.rb
2018-03-29 23:47:45 -07:00
e3e12ad924
Land #9782 , CheckCode::Safe for ms_ndproxy
2018-03-29 17:07:33 -05:00
3a54f0d5f8
Land #9776 , if data is nil, stop reading the heartbleed socket
2018-03-29 11:23:08 -05:00
3aac041dcf
Return CheckCode::Safe for unsupported x64 systems
2018-03-29 12:03:33 +00:00
922ed8c284
Slui File Handler Hijack LPE
...
Slui File Handler Hijack LPE
2018-03-29 00:15:03 +02:00
69d9321e6b
Slui File Handler Hijack LPE
...
Slui File Handler Hijack LPE - MSF Module
UAC Bypass | Local Privilege Escalation Via Slui Hijack
2018-03-28 20:44:16 +02:00
a1e83ce835
Land #9760 , @h00die's etcd scanner
2018-03-28 10:41:22 -07:00
5cdfadd0df
Fix more style issues
2018-03-28 09:43:30 -07:00
7767505678
Fix some style issues
2018-03-28 09:43:22 -07:00
a1fff486bc
Land #9666 , Add 2017-8917 RCE for Joomla 3.7.0
2018-03-28 11:08:38 -05:00
0fa63ae7b3
Update documentation and module
...
Included Super User in the documentation.
Implemented changes h00die suggested.
Modified sqli to generate strings used in regex.
2018-03-28 10:57:28 -05:00
c97743925f
jhart suggestions
2018-03-27 18:46:31 -04:00
288bd28d3a
if data is nil stop reading the heartbleed socket
2018-03-27 15:51:14 -05:00
94fd599756
Land #9684 , Adding ManageEngine Application Manager RCE
...
Land #9684
2018-03-27 15:17:20 -05:00
1f31bcd26f
Update telpho10_credential_dump
2018-03-27 14:57:57 -05:00
0a0bef0c4f
Land #9633 , Exodus Wallet Remote Code Execution
...
Land #9633
2018-03-27 14:51:15 -05:00
7a76593e1c
update payload size cause whitespace is more exact
2018-03-27 14:38:17 -05:00
8c88c53e5d
Land #9670 , Gitstack v2.3.10 RCE
...
Land #9670
2018-03-27 13:00:47 -05:00
611a3dc19c
Add exploit module apache_couchdb_cmd_exec
2018-03-27 05:43:03 -04:00
Brendan Coles
Aaron Soto
Adam Cammack
bwatters-r7
rmdavy
Tim W
Brent Cook
Pedro Ribeiro
actuated
Spencer McIntyre
Ege Balcı
Auxilus
gushmazuko
Jan Rude
James Barnett
lucyoa
Matthew Kienow
phra
Kevin Kirsche
Clément Notin
Touhid M Shaikh
Kevin Kirsche
Jacob Robles
William Vu
WangYihang
Green-m
zerosum0x0
Hypnoze57
miluxsec
HD Moore
Borja Merino
BennyHusted
Jeffrey Martin
Lars Sorenson
Chris Long
caleBot
root
Robin Stenvi
Wei Chen
h00die
Sergey Gorbaty
Dhiraj Mishra
thecarterb
Daniel Teixeira
Cantoni Matteo
Jon Hart
Chris Higgins
r4wd3r