Commit Graph

10226 Commits (96e3d618832b6815e60c2d0c1feb3526465a36d2)

Author SHA1 Message Date
mr_me c359e15de6 updated the print statement 2017-04-11 09:31:17 -05:00
mr_me 84ac9d905c improved the description of the module 2017-04-11 09:24:43 -05:00
mr_me b1d127e689 satisfied travis 2017-04-10 14:11:18 -05:00
mr_me 0f07875a2d added CVE-2016-7552/CVE-2016-7547 exploit 2017-04-10 13:32:58 -05:00
William Vu 06ca406d18 Fix weird whitespace 2017-04-09 22:23:58 -05:00
Christian Mehlmauer 74dc7e478f
update piwik module 2017-04-05 20:19:07 +02:00
bwatters-r7 64c06a512e
Land #8020, ntfs-3g local privilege escalation 2017-04-04 09:48:15 -05:00
Brent Cook 4c0539d129
Land #8178, Add support for non-Ruby modules 2017-04-02 21:02:37 -05:00
h00die 0092818893
Land #8169 add exploit rank where missing 2017-04-02 20:59:25 -04:00
Bryan Chu 151ed16c02 Re-ranking files
../exec_shellcode.rb
Rank Great -> Excellent

../cfme_manageiq_evm_upload_exec.rb
Rank Great -> Excellent

../hp_smhstart.rb
Rank Average -> Normal
2017-04-02 18:33:46 -04:00
h00die e80b8cb373 move sploit.c out to data folder 2017-03-31 20:51:33 -04:00
Adam Cammack 6910cb04dd
Add first exploit written in Python 2017-03-31 17:07:55 -05:00
dmohanty-r7 1ce7bf3938
Land #8126, Add SolarWind LEM Default SSH Pass/RCE 2017-03-31 11:21:32 -05:00
dmohanty-r7 c445a1a85a
Wrap ssh.loop with begin/rescue 2017-03-31 11:16:10 -05:00
Bryan Chu 5e31a32771 Add missing ranks
../exec_shellcode.rb
Rank = Great
This exploit is missing autodetection and version checks,
but should be ranked Great due to high number of possible targets

../cfme_manageiq_evm_upload_exec.rb
Rank = Great
This exploit implements a check to assess target availability,
and the vulnerability does not require any user action

../dlink_dcs_930l_authenticated_remote_command_execution
Rank = Excellent
Exploit utilizes command injection

../efw_chpasswd_exec
Rank = Excellent
Exploit utilizes command injection

../foreman_openstack_satellite_code_exec
Rank = Excellent
Exploit utilizes code injection

../nginx_chunked_size
Rank = Great
Exploit has explicit targets with nginx version auto-detection

../tp_link_sc2020n_authenticated_telnet_injection
Rank = Excellent
See dlink_dcs_930l_authenticated_remote_command_execution,
exploit uses OS Command Injection

../hp_smhstart
Rank = Average
Must be specific user to exploit, no autodetection,
specific versions only
2017-03-31 02:39:44 -04:00
Pearce Barry 9db2e9fbcd
Land #8146, Add Default Secret & Deserialization Exploit for Github Enterprise 2017-03-24 14:38:47 -05:00
William Webb e04f01ed6b
Land #7778, RCE on Netgear WNR2000v5 2017-03-23 15:34:16 -05:00
wchen-r7 3b062eb8d4 Update version info 2017-03-23 13:46:09 -05:00
wchen-r7 fdb52a6823 Avoid checking res.code to determine RCE success
Because it's not accurate
2017-03-23 13:39:45 -05:00
wchen-r7 39682d6385 Fix grammar 2017-03-23 13:23:30 -05:00
wchen-r7 ee21377d23 Credit Brent & Adam 2017-03-23 11:22:49 -05:00
wchen-r7 196a0b6ac4 Add Default Secret & Deserialization Exploit for Github Enterprise 2017-03-23 10:40:31 -05:00
Mehmet Ince d37966f1bb
Remove old file 2017-03-23 12:53:08 +03:00
Mehmet Ince 8a43a05c25
Change name of the module 2017-03-23 12:49:31 +03:00
bwatters-r7 a93aef8b7a
Land #8086, Add Module Logsign Remote Code Execution 2017-03-22 11:33:49 -05:00
William Vu 1a8e8402ae
Land #8113, SysGauge SMTP server validation sploit 2017-03-21 16:45:42 -05:00
wchen-r7 d10b3da6ec
Land #8132, Support Python 2 & 3 for web_delivery 2017-03-21 13:48:27 -05:00
wchen-r7 6b3cfe0a98 Support both Python 2 and Python 3 in one line
Tested on:

* Python 2.7.13 on Windows
* Python 3.5.3 on Windows
2017-03-21 13:47:07 -05:00
James Lee 2e096be869
Remove debugging output 2017-03-21 11:26:02 -05:00
Swiftb0y ffe77c484e fixed spacing 2017-03-20 16:37:35 +01:00
Swiftb0y e51063aa56 added the python3 syntax to the web_delivery script 2017-03-20 16:08:08 +01:00
h00die 7bcd53d87d
Land #8079, exploit and aux for dnaLims 2017-03-20 11:08:05 -04:00
h00die fd5345a869 updates per pr 2017-03-20 10:40:43 -04:00
h00die fe5167bf26 changes to file per pr 2017-03-20 10:16:42 -04:00
h00die 84e4b8d596
land #8115 which adds a CVE reference to IMSVA 2017-03-18 09:51:52 -04:00
Mehmet Ince 6aa42dcf08
Add solarwinds default ssh user rce 2017-03-17 21:54:35 +03:00
Brent Cook 52cea93ea2 Merge remote-tracking branch 'upstream/master' into land-8118- 2017-03-17 12:39:30 -05:00
Chris Higgins 7a12e446a0 Updated documentation and fixed module header. Whoops, copy/paste fail. 2017-03-16 21:28:24 -05:00
Dallas Kaman 80c33fc27f
adding '-' to rails deserialization regex for cookie matching 2017-03-16 10:54:32 -05:00
Thomas Reburn 59c7de671e
Updated rails_secret_deserialization to add '.' regex for cookie matching. 2017-03-16 10:45:43 -05:00
Chris Higgins f4bb1d6a37 Updated based on @wvu's comments 2017-03-15 19:15:12 -05:00
Mehmet Ince f706c4d7f6
Removing prefix 2017-03-16 00:49:55 +03:00
Mehmet Ince 60186f6046
Adding CVE number 2017-03-16 00:31:21 +03:00
Brent Cook 8995629037
Land #7061, allow chaining the service stub with other encoders 2017-03-15 13:56:09 -05:00
Chris Higgins b3fbbbee34 Spelling is hard 2017-03-14 23:34:00 -05:00
Chris Higgins cc4f18e6c5 Add sysgauge_client_bof module and documentation 2017-03-14 23:29:19 -05:00
William Webb e96013cd0f
Land #7781, IBM Websphere Java Deserialization RCE 2017-03-14 17:21:18 -05:00
wchen-r7 1736332638
Land #8103, Add CVE-2017-5638, Struts2 Content-Type OGNL injection 2017-03-14 16:10:49 -05:00
wchen-r7 9201f5039d Use vprint for check because of rules 2017-03-14 15:02:54 -05:00
James Lee f429b80c4e
Forgot to rm this when i combined 2017-03-14 12:18:11 -05:00
William Vu 01ea5262b8
Land #8070, msftidy vars_get fixes 2017-03-14 12:05:24 -05:00
William Vu 5c436f2867 Appease msftidy in tr064_ntpserver_cmdinject
Also s/"/'/g.
2017-03-14 11:52:21 -05:00
William Vu 5d6a159ba9 Use query instead of uri in mvpower_dvr_shell_exec
I should have caught this in #7987, @bcoles, but I forgot. Apologies.
This commit finishes what @itsmeroy2012 attempted to do in #8070.
2017-03-14 11:51:55 -05:00
itsmeroy2012 79331191be msftidy error updated 2.5 2017-03-14 22:02:59 +05:30
itsmeroy2012 67fc43a0a1 msftidy error updated 2.4 2017-03-14 21:33:53 +05:30
James Lee 53c9caa013
Allow native payloads 2017-03-13 20:10:02 -05:00
James Lee 2053b77b01
ARCH_CMD works 2017-03-13 18:37:50 -05:00
itsmeroy2012 fe4e2306b4 Reverting one step 2017-03-13 22:22:24 +05:30
wizard32 78ff7a8865 Module renamed
Renamed from websphere_java_deserialize.rb to ibm_websphere_java_deserialize.rb
2017-03-13 08:22:24 +02:00
William Vu 8638f9ec7e Update freesshd_authbypass to use CmdStager fully 2017-03-11 19:59:39 -06:00
Pearce Barry 4e32c80e8e
Use the Msf::Exploit::CmdStager mixin. Fixes #8092. 2017-03-11 17:44:05 -06:00
William Vu fe4f20c0cc
Land #7968, NETGEAR R7000 exploit 2017-03-10 16:02:30 -06:00
itsmeroy2012 1c54e0ba94 msftidy error updated 2.2 2017-03-10 23:59:38 +05:30
itsmeroy2012 6d8789a56e Updated msftidy error 2.1 2017-03-10 23:03:37 +05:30
itsmeroy2012 c0f17cf6b8 msftidy error updated 2.0 2017-03-10 22:16:27 +05:30
Mehmet Ince f6bac3ae31
Add iso link to md file and change CheckCode code 2017-03-10 13:00:49 +03:00
James Lee e7b65587b4
Move to a more descriptive name 2017-03-09 14:19:06 -06:00
James Lee e07d5332de Don't step on the payload accessor 2017-03-09 13:54:00 -06:00
James Lee d92ffe2d51 Grab the os.name when checking 2017-03-09 13:52:58 -06:00
James Lee 83f5f98bb0
Merge remote-tracking branch 'upstream/pr/8074' into land-8072 2017-03-09 11:08:29 -06:00
flakey-biscuits 0ab3ad86ee change dnalims_file_retrieve module type 2017-03-09 10:06:31 -05:00
flakey-biscuits 95a01b9f5e add dnaLIMS exploits 2017-03-09 09:46:18 -05:00
William Vu 081ca17ebf Specify default resource in start_service
This eliminates the need to override resource_uri. Depends on #8078.
2017-03-09 03:00:51 -06:00
= c52b0cba5e msftidy error on master updated 2017-03-08 20:58:01 +05:30
William Vu 0f899fdb0b Convert ARCH_CMD to CmdStager 2017-03-08 07:35:37 -06:00
root c5fb69bd89 Struts2 S2-045 Exploit 2017/03/08 2017-03-08 14:26:33 +08:00
root b73a884c05 struts2_s2045_rce.rb 2017-03-08 13:38:18 +08:00
nixawk 75a1d979dc Fix: Incorrect disclosure month forma 2017-03-07 20:28:29 -06:00
nixawk fc0f63e774 exploit Apache Struts2 S2-045 2017-03-07 20:10:59 -06:00
= 7976966ce9 Issue 7923 - msftidy errors on master 2017-03-08 03:12:41 +05:30
Brent Cook bb140b9581
fix deprecated target ARCH 2017-03-03 13:38:16 -06:00
William Webb d76e80bc44
Land #7424, Ektron Webservices XSLT Remote Code Execution 2017-03-03 12:12:21 -06:00
h00die fb5e090f15 fixes from jvoisin 2017-02-28 20:09:26 -05:00
Mehmet Ince e5636d6ce1
Adding logsign rce module and doc 2017-02-28 21:04:37 +03:00
h00die e3e607a552 reword description 2017-02-26 15:24:22 -05:00
h00die 0c353841ab forgot add fixes for travis 2017-02-25 23:25:36 -05:00
h00die a8609f5c66 ntfs-3g lpe 2017-02-25 23:09:22 -05:00
Pedro Ribeiro f18b533226 change platform time to unix (although it is linux in reality but whatevs) 2017-02-24 22:58:24 +00:00
wchen-r7 70f7dccf62 copy and paste fail 2017-02-23 17:11:08 -06:00
wchen-r7 5d0b532b20 Fix #8002, Use post/windows/manage/priv_migrate instead of migrate -f
Because migrate -f uses a meterpreter script, and meterpreter scripts
are deprecated, we should be replacing with a post module

Fix #8002
2017-02-23 17:04:36 -06:00
Brendan Coles 5d3a4cce67 Use all caps for module option names 2017-02-23 16:30:01 +11:00
Carter 25b3cc685a Update netgear_r7000_cgibin_exec.rb 2017-02-22 11:36:52 -05:00
Brendan Coles 47fec5626e Style update 2017-02-22 07:56:17 +00:00
Brendan Coles e491f01c70 Add MVPower DVR Shell Unauthenticated Command Execution module 2017-02-22 05:15:57 +00:00
wchen-r7 48f6740fee
Land #7969, Add Module Trend Micro IMSVA Remote Code Execution 2017-02-21 17:29:04 -06:00
bwatters-r7 a9b9a58d4d
Land #7893, Add Module AlienVault OSSIM/USM Remote Code Execution 2017-02-21 13:35:56 -06:00
William Webb 83cc28a091
Land #7972, Microsoft Office Word Macro Generator OS X Edition 2017-02-21 13:26:42 -06:00
William Vu dad21b1c1d
Land #7979, another downcase fix for a password 2017-02-19 21:26:52 -06:00
h00die 92c1fa8390 remove downcase 2017-02-18 20:13:32 -05:00
Carter e99ba0ea86 Msftidy stuff 2017-02-18 00:34:49 -05:00