Auxilus
9bae6246b2
Check for accessible named pipe on vuln targets
...
```
msf5 auxiliary(scanner/smb/smb_ms17_010) > run
[+] 192.168.0.2:445 - Host is likely VULNERABLE to MS17-010! - Windows 7 Ultimate 7601 Service Pack 1 x64 (64-bit)
[*] 192.168.0.2:445 - Checking for accessible named pipes
[+] 192.168.0.2:445 - Found accessible named pipe: netlogon
[+] 192.168.0.2:445 - Found accessible named pipe: lsarpc
[+] 192.168.0.2:445 - Found accessible named pipe: samr
[+] 192.168.0.2:445 - Found accessible named pipe: browser
[+] 192.168.0.2:445 - Found accessible named pipe: atsvc
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
2018-02-24 03:20:34 +05:30
Brent Cook
2e568aa660
Land #9607 , upgrade osx shells to osx meterpreter
2018-02-23 11:11:44 -06:00
Brent Cook
4365bd3af5
bump rex-exploitation
2018-02-23 11:10:49 -06:00
Brent Cook
cd728defed
Merge branch 'master' into land-9607-
2018-02-23 11:09:20 -06:00
William Vu
7663e5c1f6
Land #9601 , ms17_010_eternalblue reliability fixes
2018-02-22 15:30:45 -06:00
Brent Cook
65b0d9555f
Land #9611 , Fix bug causing all OWA logins to appear valid
2018-02-22 11:55:36 -06:00
James Barnett
e531dbc976
Fix bug causing all logins to appear valid
...
The headers we were looking for were a little too loose
and were incorrectly identifying all responses as successful
login attempts
2018-02-22 11:25:35 -06:00
dmohanty-r7
0f0270b144
Land #9610 , lock ruby_smb to '0.0.18'
2018-02-22 11:03:40 -06:00
Brent Cook
d737f77b84
bump gems, lock ruby_smb for now
2018-02-22 10:45:49 -06:00
bwatters-r7
4b8a8fa2b1
Land #9441 , Create exploit for AsusWRT LAN RCE
...
Merge branch 'land-9441' into upstream-master
2018-02-22 10:40:45 -06:00
Jacob Robles
738d6ab33a
Land #9604 , Fix logged errors when running without Python 3.6 / gmpy2
2018-02-22 08:11:30 -06:00
Brent Cook
99e278fa29
Land #9584 , Fix reverse_php_ssl infinite loop
2018-02-22 07:03:52 -06:00
Brent Cook
855fbc1689
Land #9602 , Create sessions with the Fortinet SSH backdoor scanner
2018-02-22 06:04:18 -06:00
Trevor Sibanda
77b3673e38
Fix reverse_php_ssl infinite loop
2018-02-22 08:42:54 +00:00
Brent Cook
7e665ab287
check for extra libraries explicitly, fail gracefully
2018-02-21 21:54:58 -06:00
Brent Cook
3f88e59516
handle Python 3.5/3.6 differences so we always have a UTF-8 string
2018-02-21 21:54:27 -06:00
William Vu
a9d6845f25
Add module doc
2018-02-21 21:50:08 -06:00
William Vu
3880f6a65e
Finally fix "Unknown admin user ''" after 2yrs
...
The failed password auth was necessary after all. I misread the PoC. :'(
Apparently the password auth sets the username, while the backdoored
keyboard-interactive auth sets the password.
2018-02-21 20:44:35 -06:00
William Vu
cc2495dd9c
Explain fortinet-backdoor -> FortinetBackdoor
2018-02-21 17:05:30 -06:00
William Vu
a5d78b82d4
Add require for Net::SSH::CommandStream
2018-02-21 15:51:53 -06:00
William Vu
854ac67b8e
Use start_session in fortinet_backdoor
...
Still get "Unknown admin user ''" from a shell channel request,
@busterb's more complete implementation notwithstanding.
Hoping we fix this in a subsequent commit or related PR.
Please see #6612 and #9524 .
2018-02-21 15:33:34 -06:00
Aaron Soto
af45c1764b
Tweak exception handling and timing of `ms17_010_eternalblue`
2018-02-21 13:40:04 -06:00
Brent Cook
78822fd799
Land #9524 , prefer 'shell' channels over 'exec' channels for ssh CommandStream
2018-02-21 06:59:09 -06:00
William Vu
9cbc55ce40
Land #9593 , finger_users regex fix
2018-02-21 01:27:40 -06:00
Aaron Soto
bda7fefa7f
Land #9444 - `hsts_eraser` module and docs
2018-02-20 21:22:55 -06:00
Jacob Robles
b2cb4c425d
Land #9594 , CloudMe Sync v1.10.9 Buffer Overflow
2018-02-20 17:49:19 -06:00
Jacob Robles
a23240a742
Update Documentation
...
[ticket: #9594 ]
2018-02-20 17:48:21 -06:00
Jacob Robles
6a62ca15e7
Remove NOPS
...
[ticket: #9594 ]
2018-02-20 17:40:33 -06:00
Daniel Teixeira
04882b0464
Fixed indentation
2018-02-20 22:00:36 +00:00
Daniel Teixeira
745ad4d727
CloudMe Sync Client BoF
2018-02-20 21:57:13 +00:00
Daniel Teixeira
ff3b318abd
CloudMe Sync Client documentation
2018-02-20 21:56:31 +00:00
James Lee
d6206dc046
Better regex in finger_users
2018-02-20 15:48:00 -06:00
Jacob Robles
107a41a4ce
Land #9561 , Disk Savvy Enterprise v10.4.18 built-in server buffer overflow
2018-02-20 15:42:12 -06:00
Jacob Robles
ab6f6d75d2
Update Documentation
...
[ticket: #9561 ]
2018-02-20 15:37:40 -06:00
Jacob Robles
d02bf40d69
Modified Exploit
...
Remove NOPS that weren't needed and freed up space for a larger payload.
[ticket: #9561 ]
2018-02-20 15:35:43 -06:00
Pedro Ribeiro
f89cebbd89
Add sploit doc
2018-02-20 19:35:10 +00:00
Tim W
f10d58bc2d
upgrade osx shells to osx meterpreter
2018-02-21 02:54:38 +08:00
Brent Cook
aec1b253f7
Land #9589 , add some more payload specs
2018-02-20 11:12:35 -06:00
Jeffrey Martin
ea9b6d894d
add missing payload specs
2018-02-20 09:38:24 -06:00
Brent Cook
8f3d15a6e1
Land #9588 , Fix silent fail on missing argument to wmap_sites -d idx
2018-02-20 07:13:32 -06:00
klayklogg
74021d9570
Fix silent fail on missing argument to wmap_sites -d idx
2018-02-21 00:43:20 +13:00
Brent Cook
36e8f7a2bc
Land #9585 , fix ctrl-D handling with block continuation
2018-02-20 04:52:09 -06:00
Brent Cook
99965c142b
remove duplicate check
2018-02-20 04:42:49 -06:00
Brent Cook
bb3a11dd20
use ctrl-d to cancel input instead
2018-02-20 04:40:00 -06:00
Brent Cook
f5f7b4d25a
handle sessions still open
2018-02-20 03:31:20 -06:00
Brent Cook
e995ccfc33
make this a little easier to read
2018-02-20 03:27:55 -06:00
Brent Cook
e26fb49c99
if we have no more input from the console, quit
2018-02-20 03:27:38 -06:00
Brent Cook
42b4381ce5
Land #9583 , move osx stage binary
2018-02-20 03:15:14 -06:00
Tim W
a01f0f3023
fix #9366 , fix osx x64 stage location
2018-02-20 13:50:44 +08:00
Brent Cook
3d8451e616
Land #8997 , add local 'ls' support to Meterpreter sessions
2018-02-19 23:21:59 -06:00