Commit Graph

45289 Commits (95cd14937822f42129588858418198139d2d1a4a)

Author SHA1 Message Date
William Vu 3880f6a65e Finally fix "Unknown admin user ''" after 2yrs
The failed password auth was necessary after all. I misread the PoC. :'(

Apparently the password auth sets the username, while the backdoored
keyboard-interactive auth sets the password.
2018-02-21 20:44:35 -06:00
William Vu cc2495dd9c Explain fortinet-backdoor -> FortinetBackdoor 2018-02-21 17:05:30 -06:00
William Vu a5d78b82d4 Add require for Net::SSH::CommandStream 2018-02-21 15:51:53 -06:00
William Vu 854ac67b8e Use start_session in fortinet_backdoor
Still get "Unknown admin user ''" from a shell channel request,
@busterb's more complete implementation notwithstanding.

Hoping we fix this in a subsequent commit or related PR.

Please see #6612 and #9524.
2018-02-21 15:33:34 -06:00
Aaron Soto af45c1764b
Tweak exception handling and timing of `ms17_010_eternalblue` 2018-02-21 13:40:04 -06:00
Brent Cook 78822fd799
Land #9524, prefer 'shell' channels over 'exec' channels for ssh CommandStream 2018-02-21 06:59:09 -06:00
William Vu 9cbc55ce40
Land #9593, finger_users regex fix 2018-02-21 01:27:40 -06:00
Aaron Soto bda7fefa7f
Land #9444 - `hsts_eraser` module and docs 2018-02-20 21:22:55 -06:00
Jacob Robles b2cb4c425d
Land #9594, CloudMe Sync v1.10.9 Buffer Overflow 2018-02-20 17:49:19 -06:00
Jacob Robles a23240a742
Update Documentation
[ticket: #9594]
2018-02-20 17:48:21 -06:00
Jacob Robles 6a62ca15e7
Remove NOPS
[ticket: #9594]
2018-02-20 17:40:33 -06:00
Daniel Teixeira 04882b0464
Fixed indentation 2018-02-20 22:00:36 +00:00
Daniel Teixeira 745ad4d727
CloudMe Sync Client BoF 2018-02-20 21:57:13 +00:00
Daniel Teixeira ff3b318abd
CloudMe Sync Client documentation 2018-02-20 21:56:31 +00:00
James Lee d6206dc046
Better regex in finger_users 2018-02-20 15:48:00 -06:00
Jacob Robles 107a41a4ce
Land #9561, Disk Savvy Enterprise v10.4.18 built-in server buffer overflow 2018-02-20 15:42:12 -06:00
Jacob Robles ab6f6d75d2
Update Documentation
[ticket: #9561]
2018-02-20 15:37:40 -06:00
Jacob Robles d02bf40d69
Modified Exploit
Remove NOPS that weren't needed and freed up space for a larger payload.

[ticket: #9561]
2018-02-20 15:35:43 -06:00
Pedro Ribeiro f89cebbd89
Add sploit doc 2018-02-20 19:35:10 +00:00
Tim W f10d58bc2d upgrade osx shells to osx meterpreter 2018-02-21 02:54:38 +08:00
Brent Cook aec1b253f7
Land #9589, add some more payload specs 2018-02-20 11:12:35 -06:00
Jeffrey Martin ea9b6d894d
add missing payload specs 2018-02-20 09:38:24 -06:00
Brent Cook 8f3d15a6e1
Land #9588, Fix silent fail on missing argument to wmap_sites -d idx 2018-02-20 07:13:32 -06:00
klayklogg 74021d9570 Fix silent fail on missing argument to wmap_sites -d idx 2018-02-21 00:43:20 +13:00
Brent Cook 36e8f7a2bc
Land #9585, fix ctrl-D handling with block continuation 2018-02-20 04:52:09 -06:00
Brent Cook 99965c142b remove duplicate check 2018-02-20 04:42:49 -06:00
Brent Cook bb3a11dd20 use ctrl-d to cancel input instead 2018-02-20 04:40:00 -06:00
Brent Cook f5f7b4d25a handle sessions still open 2018-02-20 03:31:20 -06:00
Brent Cook e995ccfc33 make this a little easier to read 2018-02-20 03:27:55 -06:00
Brent Cook e26fb49c99 if we have no more input from the console, quit 2018-02-20 03:27:38 -06:00
Brent Cook 42b4381ce5
Land #9583, move osx stage binary 2018-02-20 03:15:14 -06:00
Tim W a01f0f3023 fix #9366, fix osx x64 stage location 2018-02-20 13:50:44 +08:00
Brent Cook 3d8451e616
Land #8997, add local 'ls' support to Meterpreter sessions 2018-02-19 23:21:59 -06:00
Brent Cook 05e002e3c5
Land #9366, Add x64 staged Meterpreter for macOS 2018-02-19 23:15:03 -06:00
Brent Cook 69c7e83a55
Land #9164, add OWA 2016 support 2018-02-19 23:12:27 -06:00
Chris Higgins 74c6e21f49
Lands #9504, MagniComp SysInfo privilege escalation 2018-02-19 22:47:33 -06:00
Brent Cook 56c00a8cb6 initial OWA 2016 support 2018-02-19 21:43:49 -06:00
Brent Cook b9c1a64d20
Land #9505, Support local knowledge base documents 2018-02-19 21:39:55 -06:00
Brent Cook 93689f0f0e
Land #9270, Implement plugin API for hooking database events 2018-02-19 21:36:26 -06:00
Brent Cook 4e9d900a17
Land #9507, Expand paths for meterpreter's cp, mv, and rm commands 2018-02-19 21:26:03 -06:00
Brent Cook 3d67d2ed12
Land #9443, Add warning to FileDropper for deleting CWD 2018-02-19 21:22:39 -06:00
Brent Cook 25d1642664
Land #9575, Fix wmap_sites -a exception on missing url 2018-02-18 20:49:39 -06:00
Brent Cook 310ab9c11d
Land #9573, fixes for bind_named_pipe 2018-02-18 20:47:20 -06:00
Brent Cook e48f53851e
Land #9568, handle mismatch uid/gids in docker images 2018-02-18 20:42:58 -06:00
klayklogg e6e595000f Fix silent fail on missing url 2018-02-19 12:07:33 +13:00
UserExistsError b3f26ea55f bind_named_pipe fixes 2018-02-18 10:31:57 -07:00
klayklogg ca6c55047e Fix wmap_sites -a exception on missing url 2018-02-19 01:17:48 +13:00
Christian Mehlmauer 70ad41903b
another approach 2018-02-17 20:12:35 +01:00
Brent Cook eaca91cad7
Land #9572, add bind_named_pipe tests 2018-02-16 20:47:24 -06:00
Jeffrey Martin 0acc5fed20
add missing payload tests for bind_named_pipe 2018-02-16 18:05:45 -06:00