Commit Graph

45114 Commits (9db75849a964782d7b15eb9417360f571c8d7e98)

Author SHA1 Message Date
Metasploit 3a7a539c84
Bump version of framework to 4.16.31 2018-01-04 12:17:08 -08:00
Jeffrey Martin 78872be2ad
Merge released '4.x' 2018-01-04 14:13:18 -06:00
h00die 65f444ddcc
land #9362 exploit for pfsense graph injection 2018-01-04 14:35:52 -05:00
wetw0rk c9d6d0a7a7 -51 2018-01-04 12:25:31 -06:00
Metasploit d4de9eef9b
Bump version of framework to 4.16.30 2018-01-04 10:03:21 -08:00
William Vu 50f4ebb3b2 Add register_dirs_for_cleanup to FileDropper 2018-01-04 11:06:32 -06:00
William Vu d7c826b5e8 Add rm_rf to Post::File 2018-01-03 23:14:21 -06:00
William Vu 366a20a4a4
Fix #9215, minor style nitpick 2018-01-03 23:11:51 -06:00
Brent Cook 520e890520
Land #8581, VMware Workstation ALSA Config File Local Privilege Escalation 2018-01-03 21:35:57 -06:00
Wei Chen b8dde2e650 Land #9360, Ayukov NFTP FTP client buffer overflow vulnerability
Land #9360
2018-01-03 20:56:12 -06:00
Wei Chen 04cf3017c0 Update ayukov_nftp exploit and module documentation 2018-01-03 20:52:57 -06:00
Aaron Soto 7849155347
Land #9359, Improve DCE/RPC fault handling 2018-01-03 20:42:17 -06:00
William Vu c3f10c1d57
Land #9336, Linksys WVBR0-25 exploit 2018-01-03 18:13:44 -06:00
headlesszeke 589de0483b Clarification in product linkage and small syntax fixup in repro steps 2018-01-03 17:00:26 -06:00
dmohanty-r7 a5fa63405f
Land #9206, Add Xplico RCE exploit module 2018-01-03 16:02:51 -06:00
Adam Cammack 16fa3b99ef
Land #9350, Improve fake SSL cert details 2018-01-03 15:32:27 -06:00
Adam Cammack a98de2d9a3
Land #9358, Support password protected key files 2018-01-03 15:12:28 -06:00
William Vu a1d43c8f33
Land #9215, new Drupageddon vector 2018-01-03 14:45:32 -06:00
William Vu 84c951cc1d
Land #8059, Postfixadmin alias modification module 2018-01-03 14:29:49 -06:00
wetw0rk 16d709f180 changes+filedropper 2018-01-03 14:09:30 -06:00
Brent Cook 70fbcc3ea8
Land #9280, add initial module automation tests 2018-01-03 10:47:24 -06:00
headlesszeke 3b0f0aa358 Adding doc file for module linksys_wvbr0_user_agent_exec_noauth 2018-01-02 14:54:18 -06:00
wetw0rk 8f0e41e159 requested changes 2018-01-01 17:30:43 -06:00
wetw0rk bc088cb379 added md 2018-01-01 05:46:04 -06:00
wetw0rk c47d09717d pfsense graph sploit 2018-01-01 03:18:51 -06:00
Daniel Teixeira 3af27a04e0
Update ayukov_nftp.rb 2017-12-31 17:48:37 +00:00
Daniel Teixeira 67357e316b
Update ayukov_nftp.rb 2017-12-31 17:48:23 +00:00
Daniel Teixeira 10b2833e7c
Update ayukov_nftp.rb 2017-12-31 17:00:17 +00:00
Daniel Teixeira 21717ae0a2
Create ayukov_nftp.rb 2017-12-31 15:43:16 +00:00
Daniel Teixeira 76d345039d
Create ayukov_nftp.md 2017-12-31 15:42:32 +00:00
bka-dev 086f657c56
Fix early termination of auxiliary/scanner/dcerpc/hidden
This commit fixes an issue, where auxiliary/scanner/dcerpc/hidden terminates directly, once an endpoint can't be reached or access is denied. Instead the next endpoint in list should be checked, instead of terminating directly.
2017-12-31 14:41:33 +01:00
RageLtMan f2a8d68a1f Permit encrypted SSH keys for login scanner
Net::SSH::KeyFactory permits loading keys using a passphrase.
The Framework SSH modules were implemented back when we had a fork
of net-ssh in our tree, and can now use functionality provided by
the upstream gem.
Update the ssh key login scanner to add a KEY_PASS datastore
OptString which is then passed to the KeyCollection class and used
in the updated :read_key method which now calls the KeyFactory to
read data and give us the appropriate String representation of the
key in the KeyCollection's cache.
A bit of cleanup performed as well, removing legacy code paths no
longer hit by the module. Shamelessly added self to authors, fair
amount of blood and sweat in the SSH subsystem over the years, hope
nobody objects.

Testing:
  None yet
2017-12-31 02:53:06 -05:00
Brendan Coles c153788424 Remove sleeps 2017-12-30 15:20:56 +00:00
Jan-Frederik Rieckers 7f3df74134
fixup! Adding Module for Postfixadmin CVE-2017-5930
Add error handling if request fails

Fix a typo in doc, add default value to doc
2017-12-30 13:04:23 +01:00
Matthew Kienow 2b96f8e272
Land #9353, Implement CommandShellCleanupCommand 2017-12-29 17:06:28 -05:00
h00die 3516305517
land #9191 an exploit against HP LoadRunner magentproc 2017-12-29 16:35:43 -05:00
h00die 4dacc70b9a slight updates to magentproc docs 2017-12-29 16:35:12 -05:00
h00die b698095c49 slight updates to magentproc docs 2017-12-29 16:30:32 -05:00
Brent Cook a444bdb329 handle no datastore 2017-12-29 15:26:28 -06:00
Jeffrey Martin bb97467b31
docs for auxiliary/scanner/http/directadmin_login 2017-12-29 14:43:20 -06:00
Brent Cook 198aeda2c8 rename option 2017-12-29 12:31:56 -06:00
Brent Cook e546598cf1 Implement a method for command shells to register a post-session cleanup command 2017-12-29 12:14:34 -06:00
Jan-Frederik Rieckers 289e887895
Adding Module for Postfixadmin CVE-2017-5930
This exploit allows domain admins to delete protected aliases.
It can be used to redirect aliases like abuse@domain and can aid in
further attacks.
2017-12-29 17:13:59 +01:00
RageLtMan c32ef4a3be Require msf/core/cert_provider in framework.rb
Add an explicit require for the new cert_provider in framework.rb
in case it has not yet been loaded.

This should address the Travis failure on initial PR, although the
gem version in socket has not been updated, so this might take a
bit to propagate. In the end, if the dependency already gives us
this functionality by the time we call Rex::Socket::Ssl then this
commit can safely be dropped
2017-12-29 02:14:48 -05:00
Brent Cook 8de760f1f7
Land #9348, Only use basic auth in couchdb_enum when credentials are provided 2017-12-28 21:24:45 -06:00
RageLtMan 18f3815147 Update TLS certificate generation routines
Msf relies on Rex::Socket to create TLS certificates for services
hosted in the framework and used by some payloads. These certs are
flagged by NIDS - snort sid 1-34864 and such.

Now that Rex::Socket can accept a @@cert_provider from the Msf
namespace, a more robust generation routine can be used by all TLS
socket services, provided down from Msf to Rex, using dependencies
which Rex does not include.

This work adds the faker gem into runtime dependencies, creates an
Msf::Exploit::Remote::Ssl::CertProvider namespace, and provides
API compatible method invocations with the Rex version, but able
to generate higher entropy certs with more variables, options, etc.

This should reduce the hit rate against NIDS on the wire, reducing
pesky blue team interference until we slip up some other way. Also,
with the ability to generate different cert types, we may want to
look at extending this effort to probide a more comprehensive key
oracle to Framework and consumers.

Testing:
  None yet, internal tests pending.
  Travis should fail as this requires rex-socket #8.
2017-12-28 21:00:03 -05:00
Metasploit 7254130b77
Bump version of framework to 4.16.29 2017-12-28 15:19:22 -08:00
Jeffrey Martin 66ca61f636
Merge released '4.x' 2017-12-28 17:15:29 -06:00
Pearce Barry e614e9b732
Land #9268, Update DiskBoss Module (EDB 42395) 2017-12-28 16:39:26 -06:00
Brent Cook 5e71be7772
add ard_root_pw documentation 2017-12-28 14:37:25 -06:00