0615d908c4
Update description to explain quarantine effects.
2015-08-13 23:46:37 -05:00
84144bf6cf
Update webarchive_uxss to use the webarchive mixin.
...
- Fixes extension installation to use a new window, not an iframe
- Steals the entire cookie file
- Removes cache poisoning scripts, which no longer seem to work
2015-08-13 23:41:27 -05:00
33f1324fa9
Land #5813 , @jakxx adds VideoCharge SEH file exploit
2015-08-13 18:01:25 -04:00
f19186adda
Land #5841 , homm3_h3m default target change
2015-08-13 14:54:58 -05:00
02c6ea31bb
Use the more recent HD version as default target
2015-08-13 14:42:21 -05:00
80a22412d9
use EXITFUNC instead of ExitFunction
2015-08-13 21:22:32 +02:00
605a14350f
Land #5833 , sshexec improvements
2015-08-13 14:16:22 -05:00
3bd6c4cee4
Add a comma
2015-08-13 14:16:09 -05:00
677ec341dd
Land #5839 , pre-bloggery cleanup edits
2015-08-13 13:43:57 -05:00
c94a185610
Land #5697 , Werkzeug debug RCE
2015-08-13 13:32:27 -05:00
d54ee19ce9
Clean up module
2015-08-13 13:32:22 -05:00
61e23ad23e
Switch back to ::Net::DNS::Packet.new
2015-08-13 11:29:56 -07:00
9f2c62d4ce
Use query_name instead of datastore
2015-08-13 11:17:27 -07:00
bb4116ed9d
Avoid msftidy.rb rule breaking on missing newline
2015-08-13 12:38:05 -05:00
50041fad2a
Pre-Bloggery cleanup
...
Edited modules/auxiliary/gather/lansweeper_collector.rb first landed in
and minor description word choice changes.
Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
options. Also removed from the description the missing options of
'WhiteList' and 'RealList' -- those don't appear to be available
according to `show options` and `show advanced`, @wchen-r7.
Edited modules/post/multi/recon/local_exploit_suggester.rb first landed
in #5823 , mv local_exploit_{suggestor,suggester} for minor description
cleanup and axing the description of the SHOWDESCRIPTION option (it's
already described identically on the option itself).
2015-08-13 12:33:04 -05:00
3a7cea51b4
Merge master and fix Net::DNS::RR merge conflicts
2015-08-13 08:53:25 -07:00
e7566d6aee
Adding print_status line
2015-08-12 16:08:04 -04:00
28fbb7cdde
Update the description of the sshexec module
2015-08-12 16:05:09 -04:00
dfe2bbf1e9
Add a python target to the sshexec module
2015-08-12 15:46:47 -04:00
979d7e6be3
improve module
2015-08-12 15:37:37 +02:00
2b225b2e7e
Added changes per feedback
...
Updated to include and use seh mixin
changed offset and space for reliability
got rand_text buffer junk working
removed double spaces and stupid fillers in file data
2015-08-12 01:34:45 -04:00
80f415074b
Land #5823 , mv local_exploit_{suggestor,suggester}
2015-08-11 13:52:55 -05:00
7f0d992914
Fixed name typo
2015-08-11 11:51:52 -05:00
4c28cae5d1
updated to include recommendation from @zerosteiner
2015-08-10 18:38:23 -04:00
203c231b74
Fix #5659 : Update CMD exploits payload compatibility options
2015-08-10 17:12:59 -05:00
76f6312fab
Fix #3916 Support 64 bits targets on enum_cred_store
2015-08-10 15:16:12 -05:00
a611fff7bf
Use Rex::ThreadSafe.select on CVE-2015-1793
2015-08-08 07:43:39 -07:00
c8ba5bb90c
Land #5513 , @rcvalle's exploit for incomplete internal state distinction in JSSE
2015-08-08 07:41:53 -07:00
2707b3b402
Use Rex::ThreadSafe.select
2015-08-08 07:40:19 -07:00
a0eef3880a
Initialize version local variable
2015-08-08 07:35:37 -07:00
bb74b6fecb
Fix data reading
2015-08-08 07:18:01 -07:00
23f51bf265
specify junk data
2015-08-07 18:04:11 -04:00
28ad0fccbd
Added VideoCharge Studio File Format Exploit
2015-08-07 15:54:32 -04:00
6fe7672732
Improve Rex sockets usage
2015-08-07 00:11:58 -07:00
67f661823a
Land #5614 , @cldrn's module to collect lansweeper credentials
2015-08-04 16:55:49 -05:00
ed3f993b75
Do some style fixes
2015-08-04 16:41:15 -05:00
0e3434ebad
Fix metadata
2015-08-04 16:28:50 -05:00
7bb4f9479f
Added new reference and removed empty line.
2015-08-04 03:58:57 -03:00
d9b6e9cc58
Changed res condition and some words.
2015-08-04 03:44:25 -03:00
19ceccd93a
Added JSON parse output.
2015-08-04 03:13:11 -03:00
f4679f5341
Added WP Mobile Pack Info Disclosure Vuln - Functional Module.
2015-08-04 02:21:26 -03:00
d221e9d961
Added more references.
2015-08-03 02:46:54 -03:00
e59e4828e4
Removed unnecessary DEPTH option.
2015-08-02 22:56:17 -03:00
514849bcdc
Added WP Subscribe Comments File Read Vuln - Functional.
2015-08-02 21:24:52 -03:00
74ed8cf0c9
actually that didn't work
2015-08-02 18:57:13 -05:00
06754c36a4
unless, not if not
2015-08-02 18:51:23 -05:00
527eaea6ec
single quotes and some error handling
2015-08-02 18:25:17 -05:00
a33724667c
small code cleanup
2015-08-02 16:36:41 -05:00
830aee8aa5
check if cookie is actually returned, and if not, fail
2015-08-02 15:22:40 -05:00
a534008ba6
add some status lines
2015-08-02 15:03:59 -05:00
fe20bc88ad
remove badchars
2015-08-02 11:37:06 -05:00
f7ceec36d0
set default RPORT and SSL
2015-08-02 08:59:36 -05:00
a33dff637d
exploit cve 2015-1489 to get SYSTEM
2015-08-02 08:31:03 -05:00
12ac6d81fa
add markus as the discoverer specifically
2015-08-02 08:17:12 -05:00
e70ec8c07b
no need to store res for the later requests
2015-08-01 18:00:35 -05:00
272d75e437
check res before calling get_cookies
2015-08-01 17:58:41 -05:00
6f31183904
Fix VSS Persistance to check integrity level
2015-08-01 23:13:05 +01:00
47e86000ee
randomize the file names
2015-08-01 16:50:06 -05:00
2bfc8e59be
remove printline
2015-08-01 16:43:31 -05:00
0067d25180
add the sepm auth bypass rce module
2015-08-01 16:40:03 -05:00
a6a8117e46
Revert "Land #5777 , fix #4558 vss_persistence"
...
This reverts commit ba4b2fbbeaaffc86bfd9
2015-08-01 22:35:24 +01:00
eab9b3bf5b
interpolation fix on secret
2015-08-01 14:39:12 -04:00
cebcf72a99
Add discoverer credit, blog ref, longer desc
2015-08-01 10:31:41 -05:00
ceb49a51a6
thanks @espreto for help
2015-08-01 11:11:37 -04:00
fcb7981199
Add BIND TKEY DoS
2015-08-01 06:01:35 -05:00
ba4b2fbbea
Land #5777 , fix #4558 vss_persistence
2015-07-31 16:46:01 -05:00
1ec960d8f9
Make the time to write flush configurable
2015-07-31 16:43:43 -05:00
affc86bfd9
Land #5779 , make cachedump / lsa_secrets work on 64-bit windows
2015-07-31 16:25:47 -05:00
672d83eaae
Land #5789 , Heroes of Might and Magic III .h3m Map File Buffer Overflow
2015-07-31 15:43:43 -05:00
7c5e5f0f22
add crc32 forging for Heroes III demo target
2015-08-01 04:53:49 -07:00
7af83a112d
fix unreliable address
2015-08-01 04:52:50 -07:00
908d6f946f
added target Heroes III Demo 1.0.0.0
2015-07-31 18:19:37 -07:00
16042cd45b
fix variable names in comment
2015-07-31 18:16:15 -07:00
66c92aae5d
fix documentation
2015-07-31 17:12:50 -07:00
6fdd2f91ce
rescue only Errno::ENOENT
2015-07-31 13:54:29 -07:00
6671df6672
add documentation
2015-07-31 13:53:56 -07:00
013201bd99
remove unneeded require
2015-07-31 13:49:27 -07:00
629afd86fc
Land #5788 , local exploit suggestor
...
Good luck getting Mr. Robot, Elliot.
2015-07-31 11:43:53 -05:00
8e2e5d9bef
Land #5793 , s/OSVBD/OSVDB/
2015-07-31 10:20:45 -05:00
12a6bdb67b
Add Heroes of Might and Magic III .h3m map file Buffer Overflow module
2015-07-31 02:06:47 -07:00
d4c8d5884c
Fix a small typo
2015-07-31 11:47:46 -07:00
fdb2b008f9
Fix a small typo - OSVDB instead of OSVBD.
2015-07-31 02:23:19 -03:00
34279776a6
Minor edit
2015-07-30 18:40:41 -05:00
fc4fdba482
Merge branch 'suggestor' of https://github.com/MSadek-r7/metasploit-framework into pr5788
2015-07-30 18:31:49 -05:00
08338b73b2
Add get_target_arch and get_target_os
...
We cannot use session.platform to fingerprint the target's platform
and arch, because it's not really meant to be used that way.
2015-07-30 18:26:41 -05:00
af55ef7352
Added session.present?
2015-07-30 10:10:42 -05:00
7aa78dfd4e
Revamped os, platform, arch detection. Added count for exploits being tried
2015-07-30 09:36:02 -05:00
1521c8f87e
Reworded to no suggestions available
2015-07-29 17:40:27 -05:00
66489202fc
Added error message if no exploits are found
2015-07-29 17:31:23 -05:00
b58c6248fe
Fixed ShowDescription bug
2015-07-29 16:52:06 -05:00
2cddfda0a0
wchen-r7's fixes, fixed indentation, removed newlines, added desc.
2015-07-29 16:13:50 -05:00
54c5c6ea38
Another update
2015-07-29 14:31:35 -05:00
61b2ca6675
Land #5781 , Msf::Format::Webarchive rename
2015-07-29 13:38:42 -05:00
c725f74d46
Add Local Exploit Suggestor
...
Resolve #5647
2015-07-29 13:19:51 -05:00
55d395d237
Land #5785 , @todb-r7's sticky_keys fixes
2015-07-29 12:54:27 -05:00
a342a9db10
Another sticky keys ref, from @carnal0wnage
2015-07-29 12:32:38 -05:00
8043e5a88e
Add a reference to the sticky keys exploit
2015-07-29 12:31:43 -05:00
ee66cadde2
Don't use bullet points in descriptions
...
They never render correctly in anything other than a text editor.
modules/post/windows/manage/sticky_keys.rb first landed in #5760 ,
Sticky Keys post module
2015-07-29 12:29:09 -05:00
e6a932eadb
Land #5778 , final cmdstager generic payload fix
2015-07-29 11:48:01 -05:00
ff9b975576
Land #5701 , @g0tmi1k's filezilla_server refactor
2015-07-29 11:13:22 -05:00
e966545e08
Fix mask
2015-07-29 09:13:37 -05:00
38e952ba07
Python -> Ruby
2015-07-29 10:55:28 +01:00
c46ce6c391
Land #5780 , password_prompt fix for Telnet scanner
2015-07-28 17:54:43 -05:00
2415072c17
Replaced 'and' with '&&'
2015-07-28 14:14:25 -05:00
ee5e5b1e71
Fixed NoMethodError for .match on nil
2015-07-28 09:03:54 -05:00
7681d73e01
Relocate Webarchive into the Exploit namespace, fixes #5717
2015-07-28 04:11:17 -07:00
e53419a911
use password_prompt? not @password_prompt
2015-07-27 19:21:59 -05:00
ab7ffb1a08
Fich cachedump
2015-07-27 17:26:53 -05:00
704c8cadd9
Fix lsa_secrets
2015-07-27 16:19:01 -05:00
768de00214
Automatically pass arch & platform from cmdstager
...
This allows the cmdstager mixin to automatically pass the arch
and platform information without changing the modules. This should
address the following tickets:
Fix #5727
Fix #5718
Fix #5761
2015-07-27 14:17:21 -05:00
bf6975c01a
Fix #4558 by restoring the old wmicexec
2015-07-27 14:04:10 -05:00
2d0a26ea8b
Land #5774 , Fix URIPATH=/ and stack trace on missing ntdll version match
2015-07-25 17:54:49 -05:00
a7b5890dc5
Fix URIPATH=/ and stack trace on missing ntdll version match
2015-07-25 15:39:20 -07:00
4561241609
updates per @jvazquez-r7 comments
2015-07-24 20:34:40 -04:00
347f48b0ec
Land #5762 , adjust PHP stager to work in and outside of eval()
2015-07-24 17:43:26 -05:00
c30127cfe8
Land #5729 , add user-agent list, MeterpreterUserAgent derives from this
...
Later PRs will convert modules to use this. A random user agent might be nice
for meterpreter actually.
2015-07-24 17:39:30 -05:00
e231664b97
Land #5746 , @pedrib's Fix sysaid rdslogs file upload on Linux
2015-07-24 16:15:13 -05:00
2c9183fa56
Return check code
2015-07-24 16:14:43 -05:00
18636e3b9b
Land #5739 , @wchen-r7 fixes #5738 updating L/URI HOST/PORT options
2015-07-24 15:45:31 -05:00
a163606513
Delete unused SLEEP option
2015-07-24 15:29:56 -05:00
1b1ac09d2a
Merge to solve conflicts
2015-07-24 15:24:29 -05:00
ec7bf606c6
Land #5735 , @rcvalle's for CVE-2015-1793 OpenSSL mitm
2015-07-24 14:38:27 -05:00
45b4334006
Use Rex::Socket::SslTcpServer
...
* Also add rex sockets managing
2015-07-24 11:16:09 -05:00
eb8f5c0880
Land #5771 , moved vmessage nil fix
2015-07-24 11:03:45 -05:00
10783d60cd
Land #5763 , generate_payload_exe merged opts fix
2015-07-24 10:56:29 -05:00
866a99ed07
This is better
2015-07-23 20:51:21 -05:00
f5387ab3f2
Fix #5766 , check res for send_request_raw
...
Fix #5766
2015-07-23 20:49:18 -05:00
8bead5fde2
Modate update on using metasploit-credential
...
Update some more modules to usethe new cred API.
Also, make sure to always provide proof because that seems handy.
2015-07-23 18:07:19 -05:00
218201b925
Land #5767 , @todb-r7's fix for ZDI reference
2015-07-23 17:28:53 -05:00
4dd2c31b44
Land #5760 , Sticky Keys post module
2015-07-23 17:12:31 -05:00
06ed7ba574
Add a comma
2015-07-23 17:12:17 -05:00
e32b3c71f4
Fix ZDI ref on sandbox escape module
2015-07-23 17:11:19 -05:00
ebdbb179ce
Last of the style fixes
2015-07-24 08:09:25 +10:00
db7fadfc36
Fix indentation
2015-07-24 08:08:01 +10:00
616e1ddd68
Change enum to action, a couple of tidies
2015-07-24 08:01:58 +10:00
a818dc4460
Land #5657 , misc fixes to domain_hashdump
2015-07-23 16:58:46 -05:00
e60f590f09
Add DisplaySwitch.exe support with WINDOWS+P
...
As per @mubix's request.
2015-07-24 07:20:31 +10:00
91fc213ddf
More metasploit-credential update
2015-07-23 15:50:50 -05:00
50c9293aab
Land #5758 , OS X DYLD_PRINT_TO_FILE privesc
2015-07-23 13:21:23 -05:00
c1a9628332
Fix some fixes
...
So you can fix while you fix.
2015-07-23 12:59:20 -05:00
6ededbd7a7
Un-ticking the output
2015-07-23 12:23:56 -05:00
9d8dd2f8bd
FIxup pr #5758
2015-07-23 12:21:36 -05:00
6720a57659
Fix #5761 , pass the correct arch and platform for exe generation
...
Fix #5761
2015-07-23 01:34:44 -05:00
728e9b19ec
Update payload cached sizes
2015-07-23 15:15:13 +10:00
1dd765d6e6
Remove trailing spaces
2015-07-23 13:17:34 +10:00
0f2692f24f
Fix up silly mistake with `fail_with`
2015-07-23 13:14:35 +10:00
691b13ebd8
Add the sticky_keys module
2015-07-23 12:53:47 +10:00
50074c4617
Fix typo .blank to .blank?
2015-07-22 09:05:16 -05:00
4561850055
Use metasploit-credential API instead of report_auth_info
2015-07-22 01:11:43 -05:00
165cb195bf
Remove python dependency, add credit URL.
2015-07-21 22:48:23 -05:00
joev
Spencer McIntyre
William Vu
Tod Beardsley
Christian Mehlmauer
Mo Sadek
Jon Hart
jakxx
jvazquez-r7
Roberto Soares
Brandon Perry
Meatballs
h00die
wchen-r7
Brent Cook
aakerblom
g0tmi1k
kn0
HD Moore
OJ
Samuel Huckins
Christian Sanders