James Lee
af642379e6
Fix some OptInts
2016-03-16 14:13:18 -05:00
Brent Cook
1769bad762
fix FORCE logic
2016-03-16 09:53:09 -05:00
Brent Cook
c7c0e12bb3
remove various module hacks for the datastore defaults not preserving types
2016-03-05 23:11:39 -06:00
wchen-r7
ba4e0d304b
Do regex \d+ instead
2016-03-03 11:05:16 -06:00
net-ninja
cda4c6b3b3
Update the regex for the number of students in ATutor
2016-03-01 09:41:17 -06:00
wchen-r7
274b9acb75
rm #push
2016-02-29 18:58:05 -06:00
wchen-r7
f55835cceb
Merge new code changes from mr_me
2016-02-29 18:39:52 -06:00
wchen-r7
638d91197e
Override print_* to always print the IP and port
2016-02-29 16:18:03 -06:00
wchen-r7
54ede19150
Use FileDropper to cleanup
2016-02-29 16:15:50 -06:00
wchen-r7
727a119e5b
Report cred
2016-02-29 16:06:31 -06:00
wchen-r7
4cc690fd8d
Let the user specify username/password
2016-02-29 15:45:33 -06:00
wchen-r7
726c1c8d1e
There is no http_send_command, so I guess the check should not work
2016-02-29 15:43:47 -06:00
net-ninja
a3fa57c8f6
Add CVE-2016-2555: ATutor 2.2.1 SQL Injection Exploit Module
2016-02-29 14:59:26 -06:00
Brent Cook
3d1861b3f4
Land #6526 , integrate {peer} string into logging by default
2016-02-15 15:19:26 -06:00
James Lee
12256a6423
Remove now-redundant peer
...
These all include either Msf::Exploit::Remote:Tcp or Msf::Exploit::Remote:HttpClient
2016-02-01 15:12:03 -06:00
Louis Sato
f6f2e1403b
Land #6496 , specify scripting language - elastic search
2016-01-27 15:42:47 -06:00
wchen-r7
b02c762b93
Grab zeroSteiner's module/jenkins-cmd branch
2016-01-22 10:17:32 -06:00
Lutz Wolf
99de466a4d
Bugfix: specify scripting language
2016-01-22 15:00:10 +01:00
William Vu
fec75c1daa
Land #6457 , FileDropper for axis2_deployer
2016-01-14 15:10:05 -06:00
Brent Cook
37178cda06
Land #6449 , properly handle HttpServer resource collisions
2016-01-14 12:15:18 -06:00
Rory McNamara
0216d027f9
Use OptEnum instead of OptString
2016-01-14 09:06:45 +00:00
Rory McNamara
564b4807a2
Add METHOD to simple_backdoors_exec
2016-01-13 14:42:11 +00:00
Rory McNamara
889a5d40a1
Add VAR to simple_backdoors_exec
2016-01-13 13:46:26 +00:00
wchen-r7
514199e88f
Register early so the cleanup can actually rm the file
2016-01-12 15:22:03 -06:00
wchen-r7
78bc394f80
Fix #6268 , Use FileDropper for axis2_deployer
...
Fix #6268
2016-01-08 17:09:09 -06:00
wchen-r7
6a2b4c2530
Fix #6445 , Unexpected HttpServer terminations
...
Fix #6445
Problem:
When an HttpServer instance is trying to register a resource that
is already taken, it causes all HttpServers to terminate, which
is not a desired behavior.
Root Cause:
It appears the Msf::Exploit::Remote::TcpServer#stop_service method
is causing the problem. When the service is being detected as an
HttpServer, the #stop method used actually causes all servers to
stop, not just for a specific one. This stopping route was
introduced in 04772c8946
, when Juan
noticed that the java_rmi_server exploit could not be run again
after the first time.
Solution:
Special case the stopping routine on the module's level, and not
universal.
2016-01-07 16:55:41 -06:00
Jon Hart
27a6aa0be1
Fix current msftidy warnings about PACKETSTORM vs URL
2015-12-24 09:05:02 -08:00
Jon Hart
efdb6a8885
Land #6392 , @wchen-r7's 'def peer' cleanup, fixing #6362
2015-12-24 08:53:32 -08:00
Brent Cook
e4f9594646
Land #6331 , ensure generic payloads raise correct exceptions on failure
2015-12-23 15:43:12 -06:00
Brent Cook
7444f24721
update whitespace / syntax for java_calendar_deserialize
2015-12-23 15:42:27 -06:00
wchen-r7
cea3bc27b9
Fix #6362 , avoid overriding def peer repeatedly
...
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
Brent Cook
493700be3a
remove duplicate key warning from Ruby 2.2.x
...
This gets rid of the warning:
modules/exploits/multi/http/uptime_file_upload_2.rb:283: warning: duplicated key at line 284 ignored: "newuser"
2015-12-23 10:39:35 -06:00
Christian Mehlmauer
424e7b6bfe
Land #6384 , more joomla rce references
2015-12-22 22:54:58 +01:00
JT
18398afb56
Update joomla_http_header_rce.rb
2015-12-23 05:48:26 +08:00
JT
cc40c61848
Update joomla_http_header_rce.rb
2015-12-23 05:38:57 +08:00
Christian Mehlmauer
f6eaff5d96
use the new and shiny joomla mixin
2015-12-22 21:36:42 +01:00
JT
314e902098
Add original exploit discoverer and exploit-db ref
...
Adding Gary @ Sec-1 ltd for the original exploit and two exploit-db references. Marc-Alexandre Montpas modified Gary's exploit that uses "User-Agent" header. Marc-Alexandre Montpas used "X-FORWARDED-FOR" header to avoid default logged to access.log
2015-12-22 22:44:59 +08:00
Louis Sato
726578b189
Land #6370 , add joomla reference
2015-12-18 17:05:07 -06:00
Christian Mehlmauer
fb6ede80c9
add joomla reference
2015-12-18 18:27:48 +01:00
wchen-r7
485196af4e
Remove modules/exploits/multi/http/uptime_file_upload.rb
...
Please use exploit/multi/http/uptime_file_upload_1 for exploiting
post2file.php on an older version of uptime.
If you are exploiting uptime that is patched against
exploit/multi/http/uptime_file_upload_1, then you may want to try
exploit/multi/http/uptime_file_upload_2.
2015-12-17 23:01:57 -06:00
wchen-r7
06f1949e2c
Land #6355 , Joomla HTTP Header Unauthenticated Remote Code Execution
...
CVE-2015-8562
2015-12-16 17:55:51 -06:00
Christian Mehlmauer
8c43ecbfaf
add random terminator and clarify target
2015-12-17 00:08:52 +01:00
Christian Mehlmauer
08d0ffd709
implement @wvu-r7 's feedback
2015-12-16 22:44:01 +01:00
Christian Mehlmauer
76438dfb2f
implement @wchen-r7 's suggestions
2015-12-16 20:31:43 +01:00
Christian Mehlmauer
b43d580276
try to detect joomla version
2015-12-16 16:16:59 +01:00
Christian Mehlmauer
30f90f35e9
also check for debian version number
2015-12-16 15:19:33 +01:00
Christian Mehlmauer
67eba0d708
update description
2015-12-16 14:46:00 +01:00
Christian Mehlmauer
fa3fb1affc
better ubuntu version check
2015-12-16 14:18:44 +01:00
Christian Mehlmauer
60181feb51
more ubuntu checks
2015-12-16 14:02:26 +01:00
Christian Mehlmauer
934c6282a5
check for nil
2015-12-16 13:52:06 +01:00