mr_me
c359e15de6
updated the print statement
2017-04-11 09:31:17 -05:00
mr_me
84ac9d905c
improved the description of the module
2017-04-11 09:24:43 -05:00
mr_me
b1d127e689
satisfied travis
2017-04-10 14:11:18 -05:00
mr_me
0f07875a2d
added CVE-2016-7552/CVE-2016-7547 exploit
2017-04-10 13:32:58 -05:00
William Vu
06ca406d18
Fix weird whitespace
2017-04-09 22:23:58 -05:00
Christian Mehlmauer
74dc7e478f
update piwik module
2017-04-05 20:19:07 +02:00
bwatters-r7
64c06a512e
Land #8020 , ntfs-3g local privilege escalation
2017-04-04 09:48:15 -05:00
Brent Cook
4c0539d129
Land #8178 , Add support for non-Ruby modules
2017-04-02 21:02:37 -05:00
h00die
0092818893
Land #8169 add exploit rank where missing
2017-04-02 20:59:25 -04:00
Bryan Chu
151ed16c02
Re-ranking files
...
../exec_shellcode.rb
Rank Great -> Excellent
../cfme_manageiq_evm_upload_exec.rb
Rank Great -> Excellent
../hp_smhstart.rb
Rank Average -> Normal
2017-04-02 18:33:46 -04:00
h00die
e80b8cb373
move sploit.c out to data folder
2017-03-31 20:51:33 -04:00
Adam Cammack
6910cb04dd
Add first exploit written in Python
2017-03-31 17:07:55 -05:00
dmohanty-r7
1ce7bf3938
Land #8126 , Add SolarWind LEM Default SSH Pass/RCE
2017-03-31 11:21:32 -05:00
dmohanty-r7
c445a1a85a
Wrap ssh.loop with begin/rescue
2017-03-31 11:16:10 -05:00
Bryan Chu
5e31a32771
Add missing ranks
...
../exec_shellcode.rb
Rank = Great
This exploit is missing autodetection and version checks,
but should be ranked Great due to high number of possible targets
../cfme_manageiq_evm_upload_exec.rb
Rank = Great
This exploit implements a check to assess target availability,
and the vulnerability does not require any user action
../dlink_dcs_930l_authenticated_remote_command_execution
Rank = Excellent
Exploit utilizes command injection
../efw_chpasswd_exec
Rank = Excellent
Exploit utilizes command injection
../foreman_openstack_satellite_code_exec
Rank = Excellent
Exploit utilizes code injection
../nginx_chunked_size
Rank = Great
Exploit has explicit targets with nginx version auto-detection
../tp_link_sc2020n_authenticated_telnet_injection
Rank = Excellent
See dlink_dcs_930l_authenticated_remote_command_execution,
exploit uses OS Command Injection
../hp_smhstart
Rank = Average
Must be specific user to exploit, no autodetection,
specific versions only
2017-03-31 02:39:44 -04:00
Pearce Barry
9db2e9fbcd
Land #8146 , Add Default Secret & Deserialization Exploit for Github Enterprise
2017-03-24 14:38:47 -05:00
William Webb
e04f01ed6b
Land #7778 , RCE on Netgear WNR2000v5
2017-03-23 15:34:16 -05:00
wchen-r7
3b062eb8d4
Update version info
2017-03-23 13:46:09 -05:00
wchen-r7
fdb52a6823
Avoid checking res.code to determine RCE success
...
Because it's not accurate
2017-03-23 13:39:45 -05:00
wchen-r7
39682d6385
Fix grammar
2017-03-23 13:23:30 -05:00
wchen-r7
ee21377d23
Credit Brent & Adam
2017-03-23 11:22:49 -05:00
wchen-r7
196a0b6ac4
Add Default Secret & Deserialization Exploit for Github Enterprise
2017-03-23 10:40:31 -05:00
Mehmet Ince
d37966f1bb
Remove old file
2017-03-23 12:53:08 +03:00
Mehmet Ince
8a43a05c25
Change name of the module
2017-03-23 12:49:31 +03:00
bwatters-r7
a93aef8b7a
Land #8086 , Add Module Logsign Remote Code Execution
2017-03-22 11:33:49 -05:00
William Vu
1a8e8402ae
Land #8113 , SysGauge SMTP server validation sploit
2017-03-21 16:45:42 -05:00
wchen-r7
d10b3da6ec
Land #8132 , Support Python 2 & 3 for web_delivery
2017-03-21 13:48:27 -05:00
wchen-r7
6b3cfe0a98
Support both Python 2 and Python 3 in one line
...
Tested on:
* Python 2.7.13 on Windows
* Python 3.5.3 on Windows
2017-03-21 13:47:07 -05:00
James Lee
2e096be869
Remove debugging output
2017-03-21 11:26:02 -05:00
Swiftb0y
ffe77c484e
fixed spacing
2017-03-20 16:37:35 +01:00
Swiftb0y
e51063aa56
added the python3 syntax to the web_delivery script
2017-03-20 16:08:08 +01:00
h00die
7bcd53d87d
Land #8079 , exploit and aux for dnaLims
2017-03-20 11:08:05 -04:00
h00die
fd5345a869
updates per pr
2017-03-20 10:40:43 -04:00
h00die
fe5167bf26
changes to file per pr
2017-03-20 10:16:42 -04:00
h00die
84e4b8d596
land #8115 which adds a CVE reference to IMSVA
2017-03-18 09:51:52 -04:00
Mehmet Ince
6aa42dcf08
Add solarwinds default ssh user rce
2017-03-17 21:54:35 +03:00
Brent Cook
52cea93ea2
Merge remote-tracking branch 'upstream/master' into land-8118-
2017-03-17 12:39:30 -05:00
Chris Higgins
7a12e446a0
Updated documentation and fixed module header. Whoops, copy/paste fail.
2017-03-16 21:28:24 -05:00
Dallas Kaman
80c33fc27f
adding '-' to rails deserialization regex for cookie matching
2017-03-16 10:54:32 -05:00
Thomas Reburn
59c7de671e
Updated rails_secret_deserialization to add '.' regex for cookie matching.
2017-03-16 10:45:43 -05:00
Chris Higgins
f4bb1d6a37
Updated based on @wvu's comments
2017-03-15 19:15:12 -05:00
Mehmet Ince
f706c4d7f6
Removing prefix
2017-03-16 00:49:55 +03:00
Mehmet Ince
60186f6046
Adding CVE number
2017-03-16 00:31:21 +03:00
Brent Cook
8995629037
Land #7061 , allow chaining the service stub with other encoders
2017-03-15 13:56:09 -05:00
Chris Higgins
b3fbbbee34
Spelling is hard
2017-03-14 23:34:00 -05:00
Chris Higgins
cc4f18e6c5
Add sysgauge_client_bof module and documentation
2017-03-14 23:29:19 -05:00
William Webb
e96013cd0f
Land #7781 , IBM Websphere Java Deserialization RCE
2017-03-14 17:21:18 -05:00
wchen-r7
1736332638
Land #8103 , Add CVE-2017-5638, Struts2 Content-Type OGNL injection
2017-03-14 16:10:49 -05:00
wchen-r7
9201f5039d
Use vprint for check because of rules
2017-03-14 15:02:54 -05:00
James Lee
f429b80c4e
Forgot to rm this when i combined
2017-03-14 12:18:11 -05:00
William Vu
01ea5262b8
Land #8070 , msftidy vars_get fixes
2017-03-14 12:05:24 -05:00
William Vu
5c436f2867
Appease msftidy in tr064_ntpserver_cmdinject
...
Also s/"/'/g.
2017-03-14 11:52:21 -05:00
William Vu
5d6a159ba9
Use query instead of uri in mvpower_dvr_shell_exec
...
I should have caught this in #7987 , @bcoles, but I forgot. Apologies.
This commit finishes what @itsmeroy2012 attempted to do in #8070 .
2017-03-14 11:51:55 -05:00
itsmeroy2012
79331191be
msftidy error updated 2.5
2017-03-14 22:02:59 +05:30
itsmeroy2012
67fc43a0a1
msftidy error updated 2.4
2017-03-14 21:33:53 +05:30
James Lee
53c9caa013
Allow native payloads
2017-03-13 20:10:02 -05:00
James Lee
2053b77b01
ARCH_CMD works
2017-03-13 18:37:50 -05:00
itsmeroy2012
fe4e2306b4
Reverting one step
2017-03-13 22:22:24 +05:30
wizard32
78ff7a8865
Module renamed
...
Renamed from websphere_java_deserialize.rb to ibm_websphere_java_deserialize.rb
2017-03-13 08:22:24 +02:00
William Vu
8638f9ec7e
Update freesshd_authbypass to use CmdStager fully
2017-03-11 19:59:39 -06:00
Pearce Barry
4e32c80e8e
Use the Msf::Exploit::CmdStager mixin. Fixes #8092 .
2017-03-11 17:44:05 -06:00
William Vu
fe4f20c0cc
Land #7968 , NETGEAR R7000 exploit
2017-03-10 16:02:30 -06:00
itsmeroy2012
1c54e0ba94
msftidy error updated 2.2
2017-03-10 23:59:38 +05:30
itsmeroy2012
6d8789a56e
Updated msftidy error 2.1
2017-03-10 23:03:37 +05:30
itsmeroy2012
c0f17cf6b8
msftidy error updated 2.0
2017-03-10 22:16:27 +05:30
Mehmet Ince
f6bac3ae31
Add iso link to md file and change CheckCode code
2017-03-10 13:00:49 +03:00
James Lee
e7b65587b4
Move to a more descriptive name
2017-03-09 14:19:06 -06:00
James Lee
e07d5332de
Don't step on the payload accessor
2017-03-09 13:54:00 -06:00
James Lee
d92ffe2d51
Grab the os.name when checking
2017-03-09 13:52:58 -06:00
James Lee
83f5f98bb0
Merge remote-tracking branch 'upstream/pr/8074' into land-8072
2017-03-09 11:08:29 -06:00
flakey-biscuits
0ab3ad86ee
change dnalims_file_retrieve module type
2017-03-09 10:06:31 -05:00
flakey-biscuits
95a01b9f5e
add dnaLIMS exploits
2017-03-09 09:46:18 -05:00
William Vu
081ca17ebf
Specify default resource in start_service
...
This eliminates the need to override resource_uri. Depends on #8078 .
2017-03-09 03:00:51 -06:00
=
c52b0cba5e
msftidy error on master updated
2017-03-08 20:58:01 +05:30
William Vu
0f899fdb0b
Convert ARCH_CMD to CmdStager
2017-03-08 07:35:37 -06:00
root
c5fb69bd89
Struts2 S2-045 Exploit 2017/03/08
2017-03-08 14:26:33 +08:00
root
b73a884c05
struts2_s2045_rce.rb
2017-03-08 13:38:18 +08:00
nixawk
75a1d979dc
Fix: Incorrect disclosure month forma
2017-03-07 20:28:29 -06:00
nixawk
fc0f63e774
exploit Apache Struts2 S2-045
2017-03-07 20:10:59 -06:00
=
7976966ce9
Issue 7923 - msftidy errors on master
2017-03-08 03:12:41 +05:30
Brent Cook
bb140b9581
fix deprecated target ARCH
2017-03-03 13:38:16 -06:00
William Webb
d76e80bc44
Land #7424 , Ektron Webservices XSLT Remote Code Execution
2017-03-03 12:12:21 -06:00
h00die
fb5e090f15
fixes from jvoisin
2017-02-28 20:09:26 -05:00
Mehmet Ince
e5636d6ce1
Adding logsign rce module and doc
2017-02-28 21:04:37 +03:00
h00die
e3e607a552
reword description
2017-02-26 15:24:22 -05:00
h00die
0c353841ab
forgot add fixes for travis
2017-02-25 23:25:36 -05:00
h00die
a8609f5c66
ntfs-3g lpe
2017-02-25 23:09:22 -05:00
Pedro Ribeiro
f18b533226
change platform time to unix (although it is linux in reality but whatevs)
2017-02-24 22:58:24 +00:00
wchen-r7
70f7dccf62
copy and paste fail
2017-02-23 17:11:08 -06:00
wchen-r7
5d0b532b20
Fix #8002 , Use post/windows/manage/priv_migrate instead of migrate -f
...
Because migrate -f uses a meterpreter script, and meterpreter scripts
are deprecated, we should be replacing with a post module
Fix #8002
2017-02-23 17:04:36 -06:00
Brendan Coles
5d3a4cce67
Use all caps for module option names
2017-02-23 16:30:01 +11:00
Carter
25b3cc685a
Update netgear_r7000_cgibin_exec.rb
2017-02-22 11:36:52 -05:00
Brendan Coles
47fec5626e
Style update
2017-02-22 07:56:17 +00:00
Brendan Coles
e491f01c70
Add MVPower DVR Shell Unauthenticated Command Execution module
2017-02-22 05:15:57 +00:00
wchen-r7
48f6740fee
Land #7969 , Add Module Trend Micro IMSVA Remote Code Execution
2017-02-21 17:29:04 -06:00
bwatters-r7
a9b9a58d4d
Land #7893 , Add Module AlienVault OSSIM/USM Remote Code Execution
2017-02-21 13:35:56 -06:00
William Webb
83cc28a091
Land #7972 , Microsoft Office Word Macro Generator OS X Edition
2017-02-21 13:26:42 -06:00
William Vu
dad21b1c1d
Land #7979 , another downcase fix for a password
2017-02-19 21:26:52 -06:00
h00die
92c1fa8390
remove downcase
2017-02-18 20:13:32 -05:00
Carter
e99ba0ea86
Msftidy stuff
2017-02-18 00:34:49 -05:00