wchen-r7
46fac897bd
Land #6144 , China Chopper Web Shell (Backdoor) module
2015-11-05 18:29:36 -06:00
wchen-r7
ea22583ed1
Update title and description
2015-11-05 18:29:03 -06:00
wchen-r7
27be832c4c
remove the fail_with because it's always triggering anyway
2015-11-05 18:19:46 -06:00
dmohanty-r7
a71d7ae2ae
Land #6089 , @jvazquez-r7 Fix HTTP mixins namespaces
2015-11-05 16:56:41 -06:00
wchen-r7
038cb66937
Use the right module path
2015-11-05 16:16:46 -06:00
nixawk
109e9b6b6e
remove debug info - require 'pry'
2015-11-03 06:52:11 +00:00
nixawk
46fe0c0899
base64 for evasion purposes
2015-11-03 06:42:52 +00:00
nixawk
6c16d2a1ca
caidao's exploit module
2015-11-02 08:54:18 +00:00
Louis Sato
57304a30a8
Land #6139 , remove bad ref links
2015-10-29 16:00:43 -05:00
wchen-r7
da52c36687
Put back some links
2015-10-29 15:48:47 -05:00
wchen-r7
8757743821
Update description
2015-10-27 17:39:11 -05:00
wchen-r7
cfe9748962
Deprecate exploits/multi/http/uptime_file_upload
...
Please use uptime_file_upload_1.rb
2015-10-27 17:36:54 -05:00
wchen-r7
0c648eb210
Move to modules/exploits/multi/http/uptime_file_upload_2
...
This exploit is rather similiar to uptime_file_upload.rb, because
they both abuse post2file to upload. The difference is that this
module requires a priv escalation to be able to upload, and the
other one doesn't.
2015-10-27 17:31:31 -05:00
wchen-r7
592fdef93d
Update uptime_code_exec
2015-10-27 17:29:55 -05:00
wchen-r7
5b86d2ef95
Fix #6133 , update description, authors and references
...
Fix #6133
Thank you @japp-0xlabs
2015-10-27 14:38:18 -05:00
wchen-r7
154fb585f4
Remove bad references (dead links)
...
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
wchen-r7
0d9ebe13a1
Modify check
2015-10-26 15:25:38 -05:00
JT
4f244c54f8
Update mma_backdoor_upload.rb
2015-10-26 23:01:38 +08:00
JT
ad80f00159
Update mma_backdoor_upload.rb
2015-10-24 11:16:49 +08:00
JT
f461c4682b
Update mma_backdoor_upload.rb
2015-10-24 11:15:26 +08:00
wchen-r7
181e7c4c75
Update metadata
2015-10-23 17:22:31 -05:00
wchen-r7
01c2641c6b
Change print_*
2015-10-23 16:27:52 -05:00
wchen-r7
3c961f61a7
Modify check to use Nokogiri
2015-10-23 14:29:16 -05:00
wchen-r7
6f02cedff8
Move method create_exec_service
2015-10-23 13:10:00 -05:00
Ewerson Guimaraes (Crash)
2828653f8f
Update uptime_code_exec.rb
2015-10-23 11:49:21 +02:00
Ewerson Guimaraes (Crash)
5539363218
Update uptime_code_exec.rb
2015-10-23 11:33:59 +02:00
JT
be89cb32c9
Th3 MMA mma.php Backdoor Arbitrary File Upload
2015-10-23 08:47:40 +08:00
wchen-r7
f06d7591d6
Add header for zpanel_information_disclosure_rce.rb
2015-10-20 16:19:44 -05:00
wchen-r7
70b005de7f
Land #6041 , Zpanel info disclosure exploit
2015-10-20 16:08:16 -05:00
wchen-r7
728fd17856
Make code changes for zpanel_information_disclosure_rce.rb
...
Use Nokogiri and URI, as well as indent fixes and other things
2015-10-20 16:07:02 -05:00
jvazquez-r7
28ca34c40a
Fix conflicts
2015-10-16 15:38:59 -05:00
wchen-r7
c399d7e381
Land #5959 , Add Nibbleblog File Upload Vuln
2015-10-16 15:30:13 -05:00
wchen-r7
9666660c06
Enforce check and add another error message
2015-10-16 15:29:12 -05:00
xistence
6a1553ae63
Add EDB/CVE/URL references to arkeia_agent_exec
2015-10-16 10:23:20 +07:00
jvazquez-r7
4517270627
Fix modules using Msf::HTTP::JBoss
2015-10-15 11:49:15 -05:00
Brent Cook
30d2a3f2a9
Land #5999 , teach PSH web delivery to use a proxy
2015-10-14 11:05:45 -05:00
HD Moore
d67b55d195
Fix autofilter values for aggressive modules
2015-10-13 15:56:18 -07:00
jvazquez-r7
b9b488c109
Deleted unused exception handling
2015-10-09 23:38:52 -05:00
jvazquez-r7
c60fa496c7
Delete extra spaces
2015-10-09 23:37:11 -05:00
jvazquez-r7
e6fbca716c
Readd comment
2015-10-09 23:29:23 -05:00
jvazquez-r7
af445ee411
Re apply a couple of fixes
2015-10-09 23:24:51 -05:00
HD Moore
a590b80211
Update autoregister_ports, try both addresses for the MBean
2015-10-09 20:20:35 -07:00
HD Moore
2b94b70365
Always connect to RHOST regardless of JMXRMI address
2015-10-09 17:49:22 -07:00
HD Moore
cd2e9d4232
Move Msf::Java to the normal Msf::Exploit::Remote namespace
2015-10-09 13:24:34 -07:00
jvazquez-r7
5e9faad4dc
Revert "Merge branch using Rex sockets as IO"
...
This reverts commit c48246c91c
, reversing
changes made to 3cd9dc4fde
.
2015-10-09 14:09:12 -05:00
jvazquez-r7
347495e2f5
Rescue Rex::StreamClosedError when there is a session
2015-10-09 13:41:41 -05:00
brent morris
28454f3b2e
MSFTidyness
2015-10-08 12:59:46 -04:00
wchen-r7
871f46a14e
Land #6038 , ManageEngine ServiceDesk Plus Arbitrary File Upload
2015-10-07 15:17:58 -05:00
wchen-r7
dddfaafac7
Update reference
2015-10-07 15:17:22 -05:00
brent morris
5eff3e5637
Removed hard tabs
2015-10-02 14:34:00 -04:00
brent morris
4ee7ba05aa
Removing hard tabs test
2015-10-02 14:31:46 -04:00
brent morris
6406a66bc0
Remove Ranking
2015-10-02 14:24:46 -04:00
brent morris
9f71fd9bfd
Formatting ZPanel Exploit
2015-10-02 14:23:07 -04:00
brent morris
89a50c20d0
Added Zpanel Exploit
2015-10-02 13:29:53 -04:00
William Vu
a773627d26
Land #5946 , simple_backdoors_exec module
2015-10-02 11:18:29 -05:00
William Vu
5b8f98ee06
Land #6022 , zemra_panel_rce module
2015-10-02 11:18:09 -05:00
Pedro Ribeiro
659a09f7d2
Create manageengine_sd_uploader.rb
2015-10-02 16:04:05 +01:00
JT
33916997a4
Update zemra_panel_rce.rb
...
revised the name and the description
2015-10-02 09:49:59 +08:00
JT
fa1391de87
Update simple_backdoors_exec.rb
...
Updating the code as suggested
2015-10-02 07:53:15 +08:00
JT
501325d9f4
Update zemra_panel_rce.rb
2015-10-02 06:48:34 +08:00
Hans-Martin Münch (h0ng10)
30101153fa
Remove spaces
2015-10-01 18:56:37 +02:00
Hans-Martin Münch (h0ng10)
41cf0ef676
Add reference for CVE-2015-2342 - VMWare VCenter JMX RMI RCE
2015-10-01 18:43:21 +02:00
JT
2802b3ca43
Update zemra_panel_rce.rb
...
sticking res
2015-10-02 00:00:30 +08:00
William Vu
2ab779ad3d
Land #6010 , capture_sendto fixes
2015-10-01 10:54:24 -05:00
JT
5c5f3a4e7f
Update zemra_panel_rce.rb
...
called http_send_command right away :)
2015-10-01 23:39:36 +08:00
JT
66560d5339
Update zemra_panel_rce.rb
2015-10-01 19:16:23 +08:00
JT
a7fa939fda
Zemra Botnet C2 Web Panel Remote Code Execution
...
This module exploits the C2 web panel of Zemra Botnet which contains a backdoor inside its leaked source code. Zemra is a crimeware bot that can be used to conduct DDoS attacks and is detected by Symantec as Backdoor.Zemra.
2015-09-30 19:24:21 +08:00
JT
2de6c77fa2
Update simple_backdoors_exec.rb
2015-09-30 18:11:05 +08:00
JT
46adceec8f
Update simple_backdoors_exec.rb
2015-09-29 10:40:28 +08:00
JT
dd650409e4
Update simple_backdoors_exec.rb
2015-09-29 08:05:13 +08:00
bigendian smalls
a47557b9c1
Upd. multi/handler to include mainframe platform
...
Quick update to multi handler so it recognizes mainframe platform based
modules
2015-09-28 11:14:08 -05:00
Jon Hart
96e4e883ae
Fix #6008 for wireshark_lwres_getaddrbyname_loop
2015-09-27 14:56:11 -07:00
Jon Hart
bd2f73f40a
Fix #6008 for wireshark_lwres_getaddrbyname
2015-09-27 14:55:19 -07:00
Jon Hart
bbd08b84e5
Fix #6008 for snort_dce_rpc
2015-09-27 14:53:40 -07:00
JT
e185277ac5
Update simple_backdoors_exec.rb
2015-09-24 14:14:23 +08:00
JT
56a551313c
Update simple_backdoors_exec.rb
2015-09-24 13:54:40 +08:00
JT
192369607d
Update simple_backdoors_exec.rb
...
updated the string 'echo me' to a random text
2015-09-24 13:49:33 +08:00
Meatballs
66c9222968
Make web_delivery proxy aware
2015-09-23 20:45:51 +01:00
William Vu
d798ef0885
Land #5893 , w3tw0rk/Pitbul RCE module
2015-09-23 02:41:01 -05:00
William Vu
8106bcc320
Clean up module
2015-09-21 14:37:54 -05:00
JT
9e6d3940b3
Update simple_backdoors_exec.rb
2015-09-13 23:30:14 +08:00
Hans-Martin Münch (h0ng10)
0c4604734e
Webserver starts at the beginning, stops at the end
2015-09-12 19:42:31 +02:00
wchen-r7
602a12a1af
typo
2015-09-10 18:28:42 -05:00
Roberto Soares
68521da2ce
Fix check method.
2015-09-10 04:40:12 -03:00
Roberto Soares
4566f47ac5
Fix check method.
2015-09-10 03:56:46 -03:00
Roberto Soares
0ba03f7a06
Fix words.
2015-09-09 21:27:57 -03:00
Roberto Soares
bc3f5b43ab
Removerd WordPress mixin.
2015-09-09 21:26:15 -03:00
Roberto Soares
4e31dd4e9f
Add curesec team as vuln discovery.
2015-09-09 21:13:51 -03:00
Roberto Soares
6336301df3
Add Nibbleblog File Upload Vulnerability
2015-09-09 21:05:36 -03:00
Roberto Soares
d3aa61d6a0
Move bolt_file_upload.rb to exploits/multi/http
2015-09-09 13:41:44 -03:00
JT
31a8907385
Update simple_backdoors_exec.rb
2015-09-09 08:30:21 +08:00
JT
4e23bba14c
Update simple_backdoors_exec.rb
...
removing the parenthesis for the if statements
2015-09-08 15:47:38 +08:00
JT
002aada59d
Update simple_backdoors_exec.rb
...
changed shell to res
2015-09-08 14:54:26 +08:00
JT
467f9a8353
Update simple_backdoors_exec.rb
2015-09-08 14:45:54 +08:00
JT
37c28ddefb
Update simple_backdoors_exec.rb
...
Updated the description
2015-09-08 13:42:12 +08:00
JT
0f8123ee23
Simple Backdoor Shell Remote Code Execution
2015-09-08 13:08:47 +08:00
Ewerson Guimaraes (Crash)
944f47b064
Update
...
Check nil
Removed headers
Fixed url normalization
2015-09-05 10:07:58 +02:00
JT
2f8dc7fdab
Update w3tw0rk_exec.rb
...
changed response to res
2015-09-05 14:21:07 +08:00
Ewerson Guimaraes (Crash)
68d27acd69
Update
...
Add exploit-db references
nil check to version
2015-09-04 23:18:24 +02:00
Ewerson Guimaraes (Crash)
5b5e97f37a
Update
...
Add normalize_uri
Change print_status tp vprint_status
Removed unused http headers
an other minor changes
2015-09-04 22:12:42 +02:00
Ewerson Guimaraes (Crash)
5063acac3c
Poorly designed argument fixed
...
Poorly designed argument fixed
2015-09-04 19:43:49 +02:00
HD Moore
04d622b69b
Cleanup Jenkins-CI module titles and option descriptions
2015-09-04 10:25:51 -07:00
Ewerson Guimaraes (Crash)
cf8b34191d
Updates
...
Add Def for cgi request.
2015-09-04 19:19:02 +02:00
James Lee
b2c401696b
Add certutil support.
...
Tested while landing #5736
2015-09-03 14:24:37 -05:00
James Lee
1e6a1f6d05
Revert "Fix spec like I shoulda done before landing #5736"
...
This reverts commit 956c8e550d
.
Conflicts:
spec/lib/rex/exploitation/cmdstager/certutil_spec.rb
2015-09-03 14:18:55 -05:00
Ewerson Guimaraes (Crash)
92aa09a586
Merge remote-tracking branch 'rapid7/master' into Uptime
2015-09-03 20:48:50 +02:00
Ewerson Guimaraes (Crash)
6250983fb4
Update
...
Update
2015-09-03 20:29:57 +02:00
James Lee
b4547711f3
Add certutil support.
...
Tested while landing #5736
2015-09-03 13:27:10 -05:00
HD Moore
cd65478d29
Land #5826 , swap ExitFunction -> EXITFUNC
2015-09-01 13:58:12 -05:00
Christian Mehlmauer
3e613dc333
change exitfunc to thread
2015-09-01 10:43:45 +02:00
Christian Mehlmauer
648c034d17
change exitfunc to thread
2015-09-01 10:42:15 +02:00
Ewerson Guimaraes (Crash)
252e80e793
Uptime Version 7.4.0 / 7.5.0 Upload and Exec file
...
Uptime Version 7.4.0 / 7.5.0 Upload and Exec file
2015-08-31 23:57:39 +02:00
Brent Cook
d670a62000
Land #5822 , migrate obsolete payload compatibility options
2015-08-31 15:20:20 -05:00
JT
ff868f9704
Update w3tw0rk_exec.rb
2015-08-26 23:51:09 +08:00
JT
3f6c04a445
Update w3tw0rk_exec.rb
2015-08-26 23:48:31 +08:00
JT
16341d34a2
Update w3tw0rk_exec.rb
2015-08-26 23:34:29 +08:00
JT
892f427664
Update w3tw0rk_exec.rb
...
removed w3tw0rk_login
2015-08-26 09:18:15 +08:00
JT
6edba2cdc8
Update w3tw0rk_exec.rb
2015-08-26 09:11:30 +08:00
JT
c77226c354
Update w3tw0rk_exec.rb
2015-08-26 01:28:07 +08:00
JT
25fb325410
w3tw0rk / Pitbul IRC Bot Remote Code Execution
2015-08-26 01:22:55 +08:00
joev
98e2d074c3
Add disclosure date.
2015-08-15 20:09:41 -05:00
joev
a133e98ba5
Adds a ff 35-36 RCE vector based off the recent ff bug.
2015-08-15 20:02:00 -05:00
Christian Mehlmauer
80a22412d9
use EXITFUNC instead of ExitFunction
2015-08-13 21:22:32 +02:00
William Vu
605a14350f
Land #5833 , sshexec improvements
2015-08-13 14:16:22 -05:00
William Vu
3bd6c4cee4
Add a comma
2015-08-13 14:16:09 -05:00
William Vu
c94a185610
Land #5697 , Werkzeug debug RCE
2015-08-13 13:32:27 -05:00
William Vu
d54ee19ce9
Clean up module
2015-08-13 13:32:22 -05:00
Spencer McIntyre
28fbb7cdde
Update the description of the sshexec module
2015-08-12 16:05:09 -04:00
Spencer McIntyre
dfe2bbf1e9
Add a python target to the sshexec module
2015-08-12 15:46:47 -04:00
jvazquez-r7
203c231b74
Fix #5659 : Update CMD exploits payload compatibility options
2015-08-10 17:12:59 -05:00
h00die
eab9b3bf5b
interpolation fix on secret
2015-08-01 14:39:12 -04:00
h00die
ceb49a51a6
thanks @espreto for help
2015-08-01 11:11:37 -04:00
h00die
4561241609
updates per @jvazquez-r7 comments
2015-07-24 20:34:40 -04:00
jvazquez-r7
2c9183fa56
Return check code
2015-07-24 16:14:43 -05:00
jvazquez-r7
a163606513
Delete unused SLEEP option
2015-07-24 15:29:56 -05:00
jvazquez-r7
1b1ac09d2a
Merge to solve conflicts
2015-07-24 15:24:29 -05:00
Tod Beardsley
cadb03bac0
Fix my own blasted typo, ty @wvu-r7
2015-07-20 17:14:34 -05:00
Tod Beardsley
2052b4ef56
Fixed the HT leak attribution a little
2015-07-20 16:36:47 -05:00
Tod Beardsley
f7c11d0852
More cleanups
...
Edited modules/exploits/multi/browser/adobe_flash_hacking_team_uaf.rb
first landed in #5678 , adobe_flash_hacking_team_uaf.rb
Edited
modules/exploits/multi/browser/adobe_flash_opaque_background_uaf.rb
first landed in #5698 , Adobe Flash CVE-2015-5122 opaqueBackground
Edited modules/exploits/multi/http/sysaid_auth_file_upload.rb first
landed in #5471 , @pedrib's module for SysAid CVE-2015-2994
Edited modules/exploits/multi/http/sysaid_rdslogs_file_upload.rb first
landed in #5473 Correct spelling of sysaid module
2015-07-20 16:29:49 -05:00
Tod Beardsley
ab6204ca2e
Correct spelling of sysaid module
...
First landed in #5473 .
2015-07-20 16:21:50 -05:00
Pedro Ribeiro
3fe165a265
Remove whitespace at the end
2015-07-18 20:18:34 +01:00
Pedro Ribeiro
70a2247941
Pick target is not needed...
2015-07-18 20:12:49 +01:00
Pedro Ribeiro
7483e77bba
Fix Linux target by trying again if exploit fails
2015-07-18 20:12:13 +01:00
wchen-r7
7113c801b1
Land #5732 , reliability update for adobe_flash_hacking_team_uaf
2015-07-17 16:43:39 -05:00
wchen-r7
837eb9ea38
Land #5742 , better quality coverage for adobe_flash_opaque_background_uaf
2015-07-17 16:25:14 -05:00
wchen-r7
f77f7d6916
Bump rank
2015-07-17 16:23:27 -05:00
wchen-r7
0bd1dc017e
Update coverage information
2015-07-17 16:23:00 -05:00
jvazquez-r7
4e6b00fe31
Land #5473 , @pedrib's exploit for Sysaid CVE-2015-2994
...
* sysaid rdslogs arbitrary file upload
2015-07-17 12:10:40 -05:00
jvazquez-r7
00adbd7f64
Fix quotes
2015-07-17 12:09:54 -05:00
jvazquez-r7
57c4a3387b
Fix paths for windows and cleanup
2015-07-17 12:09:18 -05:00