Commit Graph

2148 Commits (9e7a330ac849a746b4e68798a9bacd44a829837c)

Author SHA1 Message Date
James Lee af642379e6
Fix some OptInts 2016-03-16 14:13:18 -05:00
Brent Cook 1769bad762 fix FORCE logic 2016-03-16 09:53:09 -05:00
Brent Cook c7c0e12bb3 remove various module hacks for the datastore defaults not preserving types 2016-03-05 23:11:39 -06:00
wchen-r7 ba4e0d304b Do regex \d+ instead 2016-03-03 11:05:16 -06:00
net-ninja cda4c6b3b3 Update the regex for the number of students in ATutor 2016-03-01 09:41:17 -06:00
wchen-r7 274b9acb75 rm #push 2016-02-29 18:58:05 -06:00
wchen-r7 f55835cceb Merge new code changes from mr_me 2016-02-29 18:39:52 -06:00
wchen-r7 638d91197e Override print_* to always print the IP and port 2016-02-29 16:18:03 -06:00
wchen-r7 54ede19150 Use FileDropper to cleanup 2016-02-29 16:15:50 -06:00
wchen-r7 727a119e5b Report cred 2016-02-29 16:06:31 -06:00
wchen-r7 4cc690fd8d Let the user specify username/password 2016-02-29 15:45:33 -06:00
wchen-r7 726c1c8d1e There is no http_send_command, so I guess the check should not work 2016-02-29 15:43:47 -06:00
net-ninja a3fa57c8f6 Add CVE-2016-2555: ATutor 2.2.1 SQL Injection Exploit Module 2016-02-29 14:59:26 -06:00
Brent Cook 3d1861b3f4 Land #6526, integrate {peer} string into logging by default 2016-02-15 15:19:26 -06:00
James Lee 12256a6423
Remove now-redundant peer
These all include either Msf::Exploit::Remote:Tcp or Msf::Exploit::Remote:HttpClient
2016-02-01 15:12:03 -06:00
Louis Sato f6f2e1403b
Land #6496, specify scripting language - elastic search 2016-01-27 15:42:47 -06:00
wchen-r7 b02c762b93 Grab zeroSteiner's module/jenkins-cmd branch 2016-01-22 10:17:32 -06:00
Lutz Wolf 99de466a4d Bugfix: specify scripting language 2016-01-22 15:00:10 +01:00
William Vu fec75c1daa
Land #6457, FileDropper for axis2_deployer 2016-01-14 15:10:05 -06:00
Brent Cook 37178cda06
Land #6449, properly handle HttpServer resource collisions 2016-01-14 12:15:18 -06:00
Rory McNamara 0216d027f9 Use OptEnum instead of OptString 2016-01-14 09:06:45 +00:00
Rory McNamara 564b4807a2 Add METHOD to simple_backdoors_exec 2016-01-13 14:42:11 +00:00
Rory McNamara 889a5d40a1 Add VAR to simple_backdoors_exec 2016-01-13 13:46:26 +00:00
wchen-r7 514199e88f Register early so the cleanup can actually rm the file 2016-01-12 15:22:03 -06:00
wchen-r7 78bc394f80 Fix #6268, Use FileDropper for axis2_deployer
Fix #6268
2016-01-08 17:09:09 -06:00
wchen-r7 6a2b4c2530 Fix #6445, Unexpected HttpServer terminations
Fix #6445

Problem:
When an HttpServer instance is trying to register a resource that
is already taken, it causes all HttpServers to terminate, which
is not a desired behavior.

Root Cause:
It appears the Msf::Exploit::Remote::TcpServer#stop_service method
is causing the problem. When the service is being detected as an
HttpServer, the #stop method used actually causes all servers to
stop, not just for a specific one. This stopping route was
introduced in 04772c8946, when Juan
noticed that the java_rmi_server exploit could not be run again
after the first time.

Solution:
Special case the stopping routine on the module's level, and not
universal.
2016-01-07 16:55:41 -06:00
Jon Hart 27a6aa0be1
Fix current msftidy warnings about PACKETSTORM vs URL 2015-12-24 09:05:02 -08:00
Jon Hart efdb6a8885
Land #6392, @wchen-r7's 'def peer' cleanup, fixing #6362 2015-12-24 08:53:32 -08:00
Brent Cook e4f9594646
Land #6331, ensure generic payloads raise correct exceptions on failure 2015-12-23 15:43:12 -06:00
Brent Cook 7444f24721 update whitespace / syntax for java_calendar_deserialize 2015-12-23 15:42:27 -06:00
wchen-r7 cea3bc27b9 Fix #6362, avoid overriding def peer repeatedly
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
Brent Cook 493700be3a remove duplicate key warning from Ruby 2.2.x
This gets rid of the warning:

modules/exploits/multi/http/uptime_file_upload_2.rb:283: warning: duplicated key at line 284 ignored: "newuser"
2015-12-23 10:39:35 -06:00
Christian Mehlmauer 424e7b6bfe
Land #6384, more joomla rce references 2015-12-22 22:54:58 +01:00
JT 18398afb56 Update joomla_http_header_rce.rb 2015-12-23 05:48:26 +08:00
JT cc40c61848 Update joomla_http_header_rce.rb 2015-12-23 05:38:57 +08:00
Christian Mehlmauer f6eaff5d96
use the new and shiny joomla mixin 2015-12-22 21:36:42 +01:00
JT 314e902098 Add original exploit discoverer and exploit-db ref
Adding Gary @ Sec-1 ltd for the original exploit and two exploit-db references. Marc-Alexandre Montpas modified Gary's exploit that uses "User-Agent" header. Marc-Alexandre Montpas used "X-FORWARDED-FOR" header to avoid default logged to access.log
2015-12-22 22:44:59 +08:00
Louis Sato 726578b189
Land #6370, add joomla reference 2015-12-18 17:05:07 -06:00
Christian Mehlmauer fb6ede80c9
add joomla reference 2015-12-18 18:27:48 +01:00
wchen-r7 485196af4e Remove modules/exploits/multi/http/uptime_file_upload.rb
Please use exploit/multi/http/uptime_file_upload_1 for exploiting
post2file.php on an older version of uptime.

If you are exploiting uptime that is patched against
exploit/multi/http/uptime_file_upload_1, then you may want to try
exploit/multi/http/uptime_file_upload_2.
2015-12-17 23:01:57 -06:00
wchen-r7 06f1949e2c
Land #6355, Joomla HTTP Header Unauthenticated Remote Code Execution
CVE-2015-8562
2015-12-16 17:55:51 -06:00
Christian Mehlmauer 8c43ecbfaf
add random terminator and clarify target 2015-12-17 00:08:52 +01:00
Christian Mehlmauer 08d0ffd709
implement @wvu-r7 's feedback 2015-12-16 22:44:01 +01:00
Christian Mehlmauer 76438dfb2f
implement @wchen-r7 's suggestions 2015-12-16 20:31:43 +01:00
Christian Mehlmauer b43d580276
try to detect joomla version 2015-12-16 16:16:59 +01:00
Christian Mehlmauer 30f90f35e9
also check for debian version number 2015-12-16 15:19:33 +01:00
Christian Mehlmauer 67eba0d708
update description 2015-12-16 14:46:00 +01:00
Christian Mehlmauer fa3fb1affc
better ubuntu version check 2015-12-16 14:18:44 +01:00
Christian Mehlmauer 60181feb51
more ubuntu checks 2015-12-16 14:02:26 +01:00
Christian Mehlmauer 934c6282a5
check for nil 2015-12-16 13:52:06 +01:00