William Vu
bf9530d5ba
Land #5941 , X11 keyboard exec module
2015-10-14 11:38:47 -05:00
Brent Cook
30d2a3f2a9
Land #5999 , teach PSH web delivery to use a proxy
2015-10-14 11:05:45 -05:00
William Vu
c1b6de90a0
Land #6083 , autofilter fixes for aggro modules
2015-10-14 00:14:20 -05:00
William Vu
2a2d8d941d
Land #6054 , HTTP Host header injection module
2015-10-13 23:37:31 -05:00
HD Moore
d67b55d195
Fix autofilter values for aggressive modules
2015-10-13 15:56:18 -07:00
jaguasch
d933962ff9
Last fix, including espreto minor changes
2015-10-13 18:41:51 +01:00
William Vu
c642057fa0
Clean up module
2015-10-13 12:03:41 -05:00
jaguasch
772f9d8742
Changes based on espreto recommendations
2015-10-13 16:06:26 +01:00
jaguasch
7790f14af2
Auxiliary module to exploit CVE-2015-5531 (Directory traversal) in Elasticsearch before 1.6.1
2015-10-13 13:05:58 +01:00
William Vu
a4f0666fea
Land #6081 , DLink -> D-Link
2015-10-12 18:05:52 -05:00
Tod Beardsley
185e947ce5
Spell 'D-Link' correctly
2015-10-12 17:12:01 -05:00
Tod Beardsley
336c56bb8d
Note the CAPTCHA exploit is good on 1.12.
2015-10-12 17:09:45 -05:00
HD Moore
6f3bd81b64
Enable 64-bit payloads for MSSQL modules
2015-10-11 12:52:46 -05:00
jvazquez-r7
ed0b9b0721
Land #6072 , @hmoore-r7's lands Fix #6050 and moves RMI/JMX mixin namespace
2015-10-10 00:24:12 -05:00
jvazquez-r7
b9b488c109
Deleted unused exception handling
2015-10-09 23:38:52 -05:00
jvazquez-r7
c60fa496c7
Delete extra spaces
2015-10-09 23:37:11 -05:00
jvazquez-r7
e6fbca716c
Readd comment
2015-10-09 23:29:23 -05:00
jvazquez-r7
af445ee411
Re apply a couple of fixes
2015-10-09 23:24:51 -05:00
HD Moore
a590b80211
Update autoregister_ports, try both addresses for the MBean
2015-10-09 20:20:35 -07:00
HD Moore
2b94b70365
Always connect to RHOST regardless of JMXRMI address
2015-10-09 17:49:22 -07:00
HD Moore
cd2e9d4232
Move Msf::Java to the normal Msf::Exploit::Remote namespace
2015-10-09 13:24:34 -07:00
Tod Beardsley
94bb94d33a
Working URL for real
2015-10-09 15:07:44 -05:00
Tod Beardsley
b04f947272
Fix blog post date, derp
2015-10-09 14:59:57 -05:00
Tod Beardsley
55ef6ebe91
HP SiteScope vuln, R7-2015-17
...
On behalf of @l0gan, already reviewed once by @jvazquez-r7, reviewed
again by me.
For details, see:
https://community.rapid7.com/community/metasploit/blog/2017/10/09/r7-2015-17-hp-sitescope-dns-tool-command-injection
2015-10-09 14:55:48 -05:00
jvazquez-r7
5e9faad4dc
Revert "Merge branch using Rex sockets as IO"
...
This reverts commit c48246c91c
, reversing
changes made to 3cd9dc4fde
.
2015-10-09 14:09:12 -05:00
jvazquez-r7
347495e2f5
Rescue Rex::StreamClosedError when there is a session
2015-10-09 13:41:41 -05:00
William Vu
b95d5790f6
Improve output
2015-10-09 11:13:50 -05:00
William Vu
6d2a89e9a6
Be more descriptive about EOFError
...
There are other modules that could be updated, surely.
2015-10-09 11:05:17 -05:00
jvazquez-r7
5fab1cc71a
Add loop timeout
2015-10-09 11:05:05 -05:00
brent morris
28454f3b2e
MSFTidyness
2015-10-08 12:59:46 -04:00
wchen-r7
3a0f7ce699
Land #6044 , ManageEngine ServiceDesk Plus Arbitrary File Download
2015-10-07 15:24:14 -05:00
wchen-r7
f0b6d3c68e
Change error message to avoid an undef method bug
2015-10-07 15:23:29 -05:00
wchen-r7
871f46a14e
Land #6038 , ManageEngine ServiceDesk Plus Arbitrary File Upload
2015-10-07 15:17:58 -05:00
wchen-r7
dddfaafac7
Update reference
2015-10-07 15:17:22 -05:00
wchen-r7
a2c9e2549d
Land #6014 , support TCP advanced options for loginscanner mods
2015-10-07 14:26:25 -05:00
Christian Mehlmauer
eb597bb9f3
Land #5842 , watermark fileformat exploit
2015-10-07 19:29:04 +02:00
William Vu
ddea0ea708
Fix #5797 , extraneous nil fix
2015-10-07 01:11:51 -05:00
William Vu
0182f394b4
Remove extraneous nil
...
Didn't need it, forgot to remove it.
2015-10-07 01:10:33 -05:00
JT
205b175a95
Update host_header_injection.rb
2015-10-07 13:20:06 +08:00
JT
6b3da7f7d8
Update host_header_injection.rb
...
made some changes as suggested by @espreto
2015-10-07 13:01:49 +08:00
JT
a1e0e0cdd9
Add HTTP Host-Header Injection Detection
2015-10-07 11:19:00 +08:00
jakxx
c5237617f2
Update buffer size for reliability
2015-10-06 18:12:40 -04:00
wchen-r7
5fac0a6ae5
Land #5995 , advanced options on Metasploit::Framework::LoginScanner::SMB
2015-10-06 16:36:18 -05:00
William Vu
3f2d5d7f06
Add newline back in
2015-10-05 11:42:58 -05:00
xistence
41b07eeef6
Small changes to servicedesk_plus_traversal
2015-10-05 08:56:00 +07:00
Roberto Soares
ed8f5456a4
Fix bugs in drupal_views_user_enum.
2015-10-04 05:53:54 -03:00
xistence
e6a57d5317
Add ManageEngine ServiceDesk Plus Path Traversal module
2015-10-03 15:54:44 +07:00
Brent Cook
dea0142da1
catch network exceptions
2015-10-02 18:26:37 -05:00
William Vu
55895c6305
Fix nil bug in mssql_idf
2015-10-02 18:20:06 -05:00
jvazquez-r7
c967b60bf8
Land #5948 , @bcook-r7's fix shell_to_meterpreter from powershell
2015-10-02 15:59:43 -05:00
jvazquez-r7
6468eb51b2
Do changes to have into account powershell sesions are not cmd sessions
2015-10-02 15:26:42 -05:00
brent morris
5eff3e5637
Removed hard tabs
2015-10-02 14:34:00 -04:00
brent morris
4ee7ba05aa
Removing hard tabs test
2015-10-02 14:31:46 -04:00
brent morris
6406a66bc0
Remove Ranking
2015-10-02 14:24:46 -04:00
brent morris
9f71fd9bfd
Formatting ZPanel Exploit
2015-10-02 14:23:07 -04:00
brent morris
89a50c20d0
Added Zpanel Exploit
2015-10-02 13:29:53 -04:00
William Vu
a773627d26
Land #5946 , simple_backdoors_exec module
2015-10-02 11:18:29 -05:00
William Vu
5b8f98ee06
Land #6022 , zemra_panel_rce module
2015-10-02 11:18:09 -05:00
Pedro Ribeiro
659a09f7d2
Create manageengine_sd_uploader.rb
2015-10-02 16:04:05 +01:00
jvazquez-r7
1f26ec1252
Land #6018 , @pedrib's module for Kaseya VSA ZDI-15-448
2015-10-02 08:58:43 -05:00
jvazquez-r7
75d2a24a0a
Land #6019 , @pedrib's Kaseya VSA ZDI-15-449 exploit
2015-10-02 08:51:28 -05:00
Pedro Ribeiro
d334dc237f
Update kaseya_master_admin.rb
2015-10-02 13:21:28 +01:00
Pedro Ribeiro
cbbeef0f53
Update kaseya_uploader.rb
2015-10-02 13:20:59 +01:00
JT
33916997a4
Update zemra_panel_rce.rb
...
revised the name and the description
2015-10-02 09:49:59 +08:00
JT
fa1391de87
Update simple_backdoors_exec.rb
...
Updating the code as suggested
2015-10-02 07:53:15 +08:00
JT
501325d9f4
Update zemra_panel_rce.rb
2015-10-02 06:48:34 +08:00
Brent Cook
55f6fe7037
Land #5510 , update x86/alpha* encoders to be SaveRegister aware
2015-10-01 15:07:10 -05:00
Brent Cook
d551f421f8
Land #5799 , refactor WinSCP module and library code to be more useful and flexible
2015-10-01 14:35:10 -05:00
jvazquez-r7
1b21cd9481
Do code cleanup
2015-10-01 13:37:18 -05:00
jvazquez-r7
a88a6c5580
Add WebPges to the paths
2015-10-01 13:22:56 -05:00
jvazquez-r7
f9a9a45cf8
Do code cleanup
2015-10-01 13:20:40 -05:00
jvazquez-r7
5f590b8c2e
Land #6032 , @h0ng10 adds reference to java_jmx_server
2015-10-01 13:07:08 -05:00
Hans-Martin Münch (h0ng10)
30101153fa
Remove spaces
2015-10-01 18:56:37 +02:00
jvazquez-r7
c35e99664e
Land #6003 , @earthquake's x86-64 pushq signedness error fixed
2015-10-01 11:52:28 -05:00
jvazquez-r7
aa01383361
Fix comment
2015-10-01 11:51:45 -05:00
Hans-Martin Münch (h0ng10)
41cf0ef676
Add reference for CVE-2015-2342 - VMWare VCenter JMX RMI RCE
2015-10-01 18:43:21 +02:00
jvazquez-r7
195418b262
Update the sin_family on bind_tcp_small
2015-10-01 11:22:59 -05:00
JT
2802b3ca43
Update zemra_panel_rce.rb
...
sticking res
2015-10-02 00:00:30 +08:00
William Vu
2ab779ad3d
Land #6010 , capture_sendto fixes
2015-10-01 10:54:24 -05:00
JT
5c5f3a4e7f
Update zemra_panel_rce.rb
...
called http_send_command right away :)
2015-10-01 23:39:36 +08:00
William Vu
0bacb3db67
Land #6029 , Win10 support for bypassuac_injection
2015-10-01 10:17:34 -05:00
jvazquez-r7
77ce7ef5f0
Save 3 more bytes on shell_bind_ipv6_tcp
2015-10-01 09:45:02 -05:00
jvazquez-r7
4efb3bf26c
Save 3 more bytes on shell_bind_tcp_small
2015-10-01 09:42:35 -05:00
jvazquez-r7
04879ed752
Save two bytes on shell_bind_ipv6_tcp
2015-10-01 09:33:22 -05:00
jvazquez-r7
88eecca4b1
Save two bytes on shell_bind_tcp_small
2015-10-01 09:29:39 -05:00
JT
66560d5339
Update zemra_panel_rce.rb
2015-10-01 19:16:23 +08:00
William Vu
2e2d27d53a
Land #5935 , final creds refactor
2015-10-01 00:25:14 -05:00
William Vu
8866b15f3b
Fix creds reporting
2015-10-01 00:24:43 -05:00
William Vu
494b9cf75f
Clean up module
...
Prefer TARGETURI and full_uri.
2015-09-30 22:37:03 -05:00
OJ
7451cf390c
Add Windows 10 "support" to bypassuac_injection
2015-10-01 11:16:18 +10:00
Jake Yamaki
2e5999a119
Missed colon for output standardization
2015-09-30 16:41:46 -04:00
Jake Yamaki
3d41b4046c
Standardize output and include full uri
2015-09-30 16:33:15 -04:00
Jake Yamaki
1bfa087518
Add IP to testing results
...
When specifying multiple hosts the resulting output is useless because you don't know which bypass goes to what IP address
2015-09-30 15:22:24 -04:00
JT
a7fa939fda
Zemra Botnet C2 Web Panel Remote Code Execution
...
This module exploits the C2 web panel of Zemra Botnet which contains a backdoor inside its leaked source code. Zemra is a crimeware bot that can be used to conduct DDoS attacks and is detected by Symantec as Backdoor.Zemra.
2015-09-30 19:24:21 +08:00
JT
2de6c77fa2
Update simple_backdoors_exec.rb
2015-09-30 18:11:05 +08:00
jakxx
47c79071eb
fix indention and typo
2015-09-29 22:41:36 -04:00
jakxx
f18e1d69a1
Add x64 ret address and add to buffer
2015-09-29 22:36:30 -04:00
Brent Cook
54f9a3b25a
Land #6013 , add mainframe as a platform and architecture
2015-09-29 13:28:23 -05:00
Pedro Ribeiro
61c922c24d
Create kaseya_uploader.rb
2015-09-29 11:56:34 +01:00
Pedro Ribeiro
8af5a8e310
Create exploit for Kaseya privilege escalation
2015-09-29 11:51:21 +01:00
JT
46adceec8f
Update simple_backdoors_exec.rb
2015-09-29 10:40:28 +08:00
JT
dd650409e4
Update simple_backdoors_exec.rb
2015-09-29 08:05:13 +08:00
OJ
b608abffbc
Update payload cache sizes for x64 windows
2015-09-29 09:03:57 +10:00
jvazquez-r7
269641a0ff
Update vmauthd_login to have into account advanced TCP options
2015-09-28 14:38:35 -05:00
jvazquez-r7
2f46335c90
Update brocade_enbale_login to have into account advanced TCP options
2015-09-28 14:36:23 -05:00
jvazquez-r7
adb76a9223
Update telnet_login to have into account advanced TCP options
2015-09-28 14:35:58 -05:00
jvazquez-r7
0eed30ce05
Update pop3_login to have into account advanced TCP options
2015-09-28 14:29:50 -05:00
jvazquez-r7
d02193aaeb
Update mysql_login to have into account advanced TCP options
2015-09-28 14:28:32 -05:00
jvazquez-r7
0abb387c1a
Update mssql_login to have into account advanced TCP options
2015-09-28 14:22:19 -05:00
jvazquez-r7
df3e4e8afd
Update ftp_login to have into account advanced TCP options
2015-09-28 14:18:05 -05:00
jvazquez-r7
a99e44b43a
Update vnc_login to have into account advanced TCP options
2015-09-28 14:13:08 -05:00
jvazquez-r7
4d8f0a6ec4
Update db2_auth to have into account advanced Tcp options
2015-09-28 14:10:55 -05:00
jvazquez-r7
07b44fccb9
Update AFP login scanner to have into account advanced options
2015-09-28 14:03:55 -05:00
jvazquez-r7
1e4e5c5bae
Update ACPP login scanner to have into account advanced options
2015-09-28 13:50:20 -05:00
bigendian smalls
a47557b9c1
Upd. multi/handler to include mainframe platform
...
Quick update to multi handler so it recognizes mainframe platform based
modules
2015-09-28 11:14:08 -05:00
Jon Hart
96e4e883ae
Fix #6008 for wireshark_lwres_getaddrbyname_loop
2015-09-27 14:56:11 -07:00
Jon Hart
bd2f73f40a
Fix #6008 for wireshark_lwres_getaddrbyname
2015-09-27 14:55:19 -07:00
Jon Hart
bbd08b84e5
Fix #6008 for snort_dce_rpc
2015-09-27 14:53:40 -07:00
Jon Hart
989fe49750
Fix #6008 for synflood
2015-09-27 14:50:59 -07:00
Jon Hart
7ad7db7442
Fix #6008 for rogue_send. Correctly.
2015-09-27 14:48:58 -07:00
Jon Hart
7b026676f1
Fix #6008 for avahi_portzero
2015-09-27 14:47:05 -07:00
Jon Hart
20ddb65ff8
Fix #6008 for bnat_scan
2015-09-27 14:18:51 -07:00
Jon Hart
06a10e136a
Fix #6008 for rogue_send
2015-09-27 14:12:23 -07:00
Jon Hart
d3a41323b8
Fix #6008 for ipidseq.rb
2015-09-27 14:05:05 -07:00
Jon Hart
5b1ee8c8ca
Fix #6008 for syn.rb
2015-09-27 13:54:11 -07:00
Jon Hart
3888b793bd
Fix #6008 for ack.rb
2015-09-27 13:53:47 -07:00
Jon Hart
766829c939
Fix #6008 for xmas.rb
2015-09-27 13:46:00 -07:00
jvazquez-r7
b206de7708
Land #5981 , @xistence's ManageEngine EventLog Analyzer Remote Code Execution exploit
2015-09-27 00:42:17 -05:00
jvazquez-r7
55f573b4c9
Do code cleanup
2015-09-27 00:33:40 -05:00
jvazquez-r7
c85913fd12
Land #5983 , @jhart-r7's SOAP PortMapping UPnP auxiliary module
2015-09-26 15:47:04 -05:00
Brent Cook
f3451eef75
Land #5380 , pageantjacker, an SSH agent proxy
2015-09-26 10:52:44 -04:00
Brent Cook
46ed129966
update to metasploit-payloads 1.0.14
2015-09-26 10:50:20 -04:00
jvazquez-r7
f6f3efea75
print the body as verbose
2015-09-25 13:51:18 -05:00
jvazquez-r7
80c9cd4e6f
Restore required option
2015-09-25 13:41:27 -05:00
jvazquez-r7
e4e9609bc2
Use single quotes
2015-09-25 13:35:38 -05:00
jvazquez-r7
a5698ebce0
Fix metadata
2015-09-25 13:34:16 -05:00
jvazquez-r7
c8880e8ad6
Move local exploit to correct location
2015-09-25 11:37:38 -05:00
jvazquez-r7
6b46316a56
Do watchguard_local_privesc code cleaning
2015-09-25 11:35:21 -05:00
jvazquez-r7
c79671821d
Update with master changes
2015-09-25 10:47:37 -05:00
jvazquez-r7
e87d99a65f
Fixing blocking option
2015-09-25 10:45:19 -05:00
jvazquez-r7
890ac92957
Warn about incorrect payload
2015-09-25 10:10:08 -05:00
jvazquez-r7
19b577b30a
Do some code style fixes to watchguard_cmd_exec
2015-09-25 09:51:00 -05:00
jvazquez-r7
b35da0d91d
Avoid USERNAME and PASSWORD datastore options collisions
2015-09-25 09:36:47 -05:00
jvazquez-r7
52c4be7e8e
Fix description
2015-09-25 09:35:30 -05:00
Balazs Bucsay
a863409734
x86-64 pushq signedness error fixed. Signed port numbers (2bytes) were not working properly. Fix means +6bytes in shellcode length
2015-09-24 13:07:02 +02:00
JT
e185277ac5
Update simple_backdoors_exec.rb
2015-09-24 14:14:23 +08:00
JT
56a551313c
Update simple_backdoors_exec.rb
2015-09-24 13:54:40 +08:00
JT
192369607d
Update simple_backdoors_exec.rb
...
updated the string 'echo me' to a random text
2015-09-24 13:49:33 +08:00
Brent Cook
9519eef55d
Land #5993 , handle ADSI exceptions nicely
2015-09-23 22:56:44 -05:00
Meatballs
66c9222968
Make web_delivery proxy aware
2015-09-23 20:45:51 +01:00