3013ab4724
Add osx root privilege escalation.
2015-07-21 21:50:55 -05:00
121fe1adda
Land #5654 : Python Meterpreter Transport
2015-07-22 10:39:06 +10:00
d3f31fb56a
Fix msftidy results
2015-07-21 21:29:44 +01:00
55be2eff06
Replace return with fail_with
2015-07-21 21:25:42 +01:00
928c82c96e
Land #5745 , undefined variable "rop" fix
2015-07-21 11:01:49 -05:00
52e4f45ecd
Use the new thing in wlan_geolocate
2015-07-20 20:24:07 -05:00
d6e12d431f
Style and whitespace
2015-07-20 19:40:25 -05:00
6a9c934c54
Resolve conflict
2015-07-20 18:44:17 -05:00
1e17ac4ec7
Use the cred API correctly
2015-07-20 18:40:48 -05:00
cadb03bac0
Fix my own blasted typo, ty @wvu-r7
2015-07-20 17:14:34 -05:00
2052b4ef56
Fixed the HT leak attribution a little
2015-07-20 16:36:47 -05:00
f7c11d0852
More cleanups
...
Edited modules/exploits/multi/browser/adobe_flash_hacking_team_uaf.rb
first landed in #5678 , adobe_flash_hacking_team_uaf.rb
Edited
modules/exploits/multi/browser/adobe_flash_opaque_background_uaf.rb
first landed in #5698 , Adobe Flash CVE-2015-5122 opaqueBackground
Edited modules/exploits/multi/http/sysaid_auth_file_upload.rb first
landed in #5471 , @pedrib's module for SysAid CVE-2015-2994
Edited modules/exploits/multi/http/sysaid_rdslogs_file_upload.rb first
landed in #5473 Correct spelling of sysaid module
2015-07-20 16:29:49 -05:00
f94fe3cefd
More correct URL, not just a bare wiki link
...
Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
2015-07-20 16:23:29 -05:00
ab6204ca2e
Correct spelling of sysaid module
...
First landed in #5473 .
2015-07-20 16:21:50 -05:00
4cacbcc4f7
Minor fixups on sysaid modules
...
Edited modules/auxiliary/admin/http/sysaid_file_download.rb first landed
in #5472 , @pedrib's module for SysAid CVE-2015-2996 and CVE-2015-2997
Edited modules/auxiliary/admin/http/sysaid_sql_creds.rb first landed in
2015-07-20 16:19:21 -05:00
c63fdad1f1
Add URL reference
2015-07-20 18:15:17 +01:00
f1a909c292
Add WP All In One Migration export module
2015-07-20 18:13:32 +01:00
3fe165a265
Remove whitespace at the end
2015-07-18 20:18:34 +01:00
70a2247941
Pick target is not needed...
2015-07-18 20:12:49 +01:00
7483e77bba
Fix Linux target by trying again if exploit fails
2015-07-18 20:12:13 +01:00
29defc979b
Fix #5740 , remove variable ROP for adobe_flashplayer_flash10o
2015-07-17 16:57:37 -05:00
7113c801b1
Land #5732 , reliability update for adobe_flash_hacking_team_uaf
2015-07-17 16:43:39 -05:00
837eb9ea38
Land #5742 , better quality coverage for adobe_flash_opaque_background_uaf
2015-07-17 16:25:14 -05:00
f77f7d6916
Bump rank
2015-07-17 16:23:27 -05:00
0bd1dc017e
Update coverage information
2015-07-17 16:23:00 -05:00
115fb04be0
Land #5730 , port killav script as a post module
2015-07-17 13:47:58 -05:00
425a9dc266
credit OJ
2015-07-17 13:47:17 -05:00
663bcbe53b
Avoid checking these system process names
2015-07-17 13:46:02 -05:00
454dd59da8
Add vuln discoverers
2015-07-17 13:37:30 -05:00
29718ce4e1
Land #5474 , @pedrib's module for sysaid CVE-2015-2996 and CVE-2015-2998
...
* sysaid SQL database cred disclosure
2015-07-17 12:36:48 -05:00
a54b58fc24
Fix port parsing and cleanup
2015-07-17 12:34:46 -05:00
4e6b00fe31
Land #5473 , @pedrib's exploit for Sysaid CVE-2015-2994
...
* sysaid rdslogs arbitrary file upload
2015-07-17 12:10:40 -05:00
00adbd7f64
Fix quotes
2015-07-17 12:09:54 -05:00
57c4a3387b
Fix paths for windows and cleanup
2015-07-17 12:09:18 -05:00
869ac87b64
Land #5472 , @pedrib's module for SysAid CVE-2015-2996 and CVE-2015-2997
...
* SysAid arbitrary file download
2015-07-17 11:46:00 -05:00
9ac1688eb1
Do code cleanup
2015-07-17 11:45:28 -05:00
46ffb97c1c
Land #5471 , @pedrib's module for SysAid CVE-2015-2994
...
* sysaid arbitrary file upload
2015-07-17 11:27:22 -05:00
309a86ec57
Do code cleanup
2015-07-17 11:26:54 -05:00
787c0e2c41
Land #5470 , @pedrib's module for SysAid CVE-2015-2993
...
* SysAid Help Desk Administrator Account Creation
2015-07-17 11:09:08 -05:00
ca38fc5518
Update description
2015-07-17 11:08:28 -05:00
255d8ed096
Improve adobe_flash_opaque_background_uaf
2015-07-16 14:56:32 -05:00
449c751521
Add missing info
2015-07-16 09:36:18 -07:00
8d0e34dbc0
Resolve #5738 , make the LHOST option visible
...
Resolve #5738
2015-07-16 11:00:15 -05:00
e1b1db9f88
Fix stupid typo
2015-07-16 23:03:49 +10:00
5d6c15a43d
Add openssl_altchainsforgery_mitm_proxy.rb
...
This module exploits a logic error in OpenSSL by impersonating the
server and sending a specially-crafted chain of certificates, resulting
in certain checks on untrusted certificates to be bypassed on the
client, allowing it to use a valid leaf certificate as a CA certificate
to sign a fake certificate. The SSL/TLS session is then proxied to the
server allowing the session to continue normally and application data
transmitted between the peers to be saved. This module requires an
active man-in-the-middle attack.
2015-07-15 22:36:29 -07:00
986463e489
Fix killav post module, handle errors, better output
2015-07-16 11:35:01 +10:00
2735c035b5
fixed issues as requested.
...
fixed.
2015-07-15 20:36:19 -04:00
579fb5fb1f
Fixed
...
Fixed
2015-07-15 20:09:42 -04:00
c762e9e8d6
Fixed as requested.
...
I added the possibility to read from file, instead of modifying the module each time.
2015-07-15 20:02:18 -04:00
b504f0be8e
Update adobe_flash_hacking_team_uaf
2015-07-15 18:18:04 -05:00
7520bc9a8a
Exported Killav into a post-exploitation module
...
I was unsure if this was the place to send the update.
2015-07-15 14:04:37 -04:00
ea4a7d98b9
Land #5728 , Arch specification for psexec
2015-07-15 15:36:27 +00:00
886ca47dfb
Land #5650 , @wchen-r7's browser autopwn 2
2015-07-15 10:21:44 -05:00
b31c637c1b
Land #5533 , DSP-W110 cookie command injection
2015-07-15 11:22:33 +02:00
21375edcb2
final cleanup
2015-07-15 11:21:39 +02:00
b6e25506d0
Add a common user agent list, use the shortest for Meterpreter
2015-07-15 13:03:47 +10:00
4f8f640189
Rename autopwnv2 to just autopwn2
2015-07-14 17:38:51 -05:00
a7d866bc83
specify the 'Arch' values that psexec supports
2015-07-14 15:45:52 -06:00
8384be6466
Fix rand_text_alpha and bump max exploit count to 21
2015-07-14 01:02:01 -05:00
a2bdd0bab9
Land #5541 , add more compat fixed-cmd 64-bit BSD payloads
...
Merge branch 'land-5541-bsd-shellcode' into upstream-master
2015-07-13 21:01:55 -05:00
57f62ffa76
changed URI to TARGETURI as per comments
2015-07-13 20:18:45 -04:00
07d05828d0
Land #5688 , remove msfcli
2015-07-13 15:27:38 -05:00
0a5119a4ac
Land #5702 , vprint_* optional parameter
2015-07-13 18:47:22 +00:00
53bcee011b
Land #5709 , s/Filed/Failed/ typo fixes
2015-07-13 18:37:46 +00:00
405261df4f
Land #5710 , php_wordpress_total_cache removal
...
Deprecated.
2015-07-13 18:33:12 +00:00
3feef639b9
Land #5711 , php_wordpress_optimizepress removal
...
Deprecated.
2015-07-13 18:32:37 +00:00
6e12cbf98f
Land #5712 , php_wordpress_lastpost removal
...
Deprecated.
2015-07-13 18:31:31 +00:00
dd188b1943
Land #5713 , php_wordpress_infusionsoft removal
...
Deprecated.
2015-07-13 18:31:01 +00:00
ecca1c29f2
Land #5714 , php_wordpress_foxypress removal
...
Deprecated.
2015-07-13 18:30:28 +00:00
e4e9ac9d28
Remove cold_fusion_version, use coldfusion_version instead
...
Please use auxiliary/scanner/http/coldfusion_version instead.
2015-07-13 12:56:46 -05:00
4960e64597
Remove php_wordpress_foxypress, use wp_foxypress_upload
...
Please use exploit/unix/webapp/wp_foxypress_upload instead.
2015-07-13 12:53:34 -05:00
dfbeb24a8f
Remove php_wordpress_infusionsoft, use wp_infusionsoft_upload
...
Please use exploit/unix/webapp/wp_infusionsoft_upload instead.
2015-07-13 12:51:48 -05:00
b80427aed2
Remove php_wordpress_lastpost, use wp_lastpost_exec instead.
...
Please use exploit/unix/webapp/wp_lastpost_exec instead
2015-07-13 12:49:27 -05:00
90cc3f7891
Remove php_wordpress_optimizepress, use wp_optimizepress_upload
...
Please use exploit/unix/webapp/wp_optimizepress_upload instead.
2015-07-13 12:45:39 -05:00
4177cdacd6
Remove php_wordpress_total_cache, please use wp_total_cache_exec
...
The time is up for exploit/unix/webapp/php_wordpress_total_cache,
please use exploit/unix/webapp/wp_total_cache_exec instead.
2015-07-13 12:41:29 -05:00
884b779b36
Land #5593 , CVE-2015-1155 Safari file:// Redirection Sandbox Escape
2015-07-13 11:28:39 -05:00
6a5645d747
Changed "Filed" to "Failed" in multiple files
2015-07-13 11:21:20 -05:00
d1f23c54c7
Changed Filed to Failed on line 43 in java_rmi_registry.rb
2015-07-13 10:33:15 -05:00
e638d85f30
Merge branch 'upstream-master' into bapv2
2015-07-12 02:01:09 -05:00
8819674522
updated per feedback from PR
2015-07-11 21:03:02 -04:00
d795b2f831
Module cleanup
2015-07-11 19:40:21 +01:00
14d0d456f4
Fix FileZilla perm loot bug
2015-07-11 19:11:59 +01:00
c92d0d9df6
Fix FileZilla Server
2015-07-11 18:14:55 +01:00
f7ce6dcc9f
We agreed to Normal
2015-07-11 02:07:18 -05:00
0ff7333090
Lower the ranking for CVE-2015-5122
...
As an initial release we forgot to lower it.
2015-07-11 02:05:56 -05:00
1289ec8863
authors
2015-07-11 01:38:21 -05:00
6eabe5d48c
Update description
2015-07-11 01:36:26 -05:00
54fc712131
Update Win 8.1 checks
2015-07-11 01:33:23 -05:00
6f0b9896e1
Update description
2015-07-11 00:56:18 -05:00
115549ca75
Delete old check
2015-07-11 00:42:59 -05:00
63005a3b92
Add module for flash CVE-2015-5122
...
* Just a fast port for the exploit leaked
* Just tested on win7sp1 / IE11
2015-07-11 00:28:55 -05:00
7d55e86bdc
Land #5691 , bump to metasploit-payloads-1.0.6
2015-07-10 22:30:44 -05:00
226137896e
updated cached payload sizes
2015-07-10 22:30:20 -05:00
bff92f2304
Initial add
2015-07-10 21:13:12 -04:00
5a045677bc
Add waiting message
2015-07-10 18:48:46 -05:00
8d52c265d9
Delete wfsdelay
2015-07-10 18:46:27 -05:00
63e91fa50f
Add reference
2015-07-10 18:46:06 -05:00
677cd97cc2
Update information
2015-07-10 18:39:11 -05:00
6c6a778218
Modify arkeia_agent_exec title
2015-07-10 18:38:25 -05:00
4995728459
Modify arkeia_agent_exec ranking
2015-07-10 18:37:24 -05:00
858f63cdbf
Land #5693 , @xistence VNC Keyboard EXEC module
2015-07-10 18:35:44 -05:00
1326a26be5
Do code cleanup
2015-07-10 18:35:13 -05:00
917282a1f1
Fix ranking
2015-07-10 17:49:15 -05:00
e063e26627
Land #5689 , @xistence's module for Western Digital Arkeia command injection
2015-07-10 17:11:35 -05:00
bdd8b56336
fix comment
2015-07-10 16:28:20 -05:00
95ae7d8cae
Fix length limitation
2015-07-10 16:24:49 -05:00
3347b90db7
Land #5676 , print_status with ms14_064
2015-07-10 14:40:49 -05:00
29a497a616
Read header as 6 bytes
2015-07-10 14:25:57 -05:00
bed3257a3f
Change default HTTP_DELAY
2015-07-10 12:50:26 -05:00
c9d2ab58d3
Use HttpServer::HTML
...
* And make the exploit Aggressive
2015-07-10 12:48:21 -05:00
e1192c75a9
Fix network communication on `communicate`
...
* Some protocol handling just to not read amounts of data blindly
2015-07-10 11:57:48 -05:00
9206df077f
Land #5694 , R7-2015-08
2015-07-10 11:42:57 -05:00
9ba515f185
Fix network communication on `check`
...
* Some protocol handling just to not read amounts of data blindly
2015-07-10 11:32:49 -05:00
728b338593
Give msftidy a cookie
2015-07-10 11:28:10 -05:00
cf4b18700d
Fix CVE reference
2015-07-10 11:14:59 -05:00
c70be64517
Fix version check
2015-07-10 10:57:55 -05:00
34a6984c1d
Fix variable name
2015-07-10 10:44:38 -05:00
2c7cc83e38
Use single quotes
2015-07-10 10:34:47 -05:00
f66cf91676
Fix metadata
2015-07-10 10:33:02 -05:00
b916a9d267
VNC Keyboard Exec
2015-07-10 14:08:32 +07:00
52d41c8309
Western Digital Arkeia 'ARKFS_EXEC_CMD' <= v11.0.12 Remote Code Execution
2015-07-10 09:51:28 +07:00
f59c99e2ff
Remove msfcli, please use msfconsole -x instead
...
msfcli is no longer supported, please use msfconsole.
Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
d7beb1a685
feedback included
2015-07-09 08:31:11 +02:00
67666160e8
Add patched server detection
2015-07-08 13:47:59 -05:00
25e0f888dd
Initial commit of R7-2015-08 coverage
2015-07-08 13:42:11 -05:00
a3ec56c4cb
Do it in on_request_exploit because it's too specific
2015-07-08 12:32:38 -05:00
cefbdbb8d3
Avoid unreliable targets
...
If we can't garantee GreatRanking on specific targets, avoid them.
2015-07-08 12:12:53 -05:00
c86d16ffb6
update payload sizes
2015-07-07 23:15:57 -05:00
23abc288c8
Resolved conflicts with master
2015-07-07 22:34:30 -05:00
6a33807d80
No Chrome for now
2015-07-07 15:56:58 -05:00
f8b668e894
Update ranking and References
2015-07-07 15:43:02 -05:00
116c3f0be1
Add CVE as a real ref, too
2015-07-07 14:46:44 -05:00
3d630de353
Replace with a real CVE number
2015-07-07 14:44:12 -05:00
d3902771b6
Fixes call to the credentials API and adds version info
2015-07-07 13:48:16 -05:00
fdb715c9dd
Merge branch 'upstream-master' into bapv2
2015-07-07 13:45:39 -05:00
829b08b2bf
Complete authors list
2015-07-07 12:49:54 -05:00
49effdf3d1
Update description
2015-07-07 12:46:02 -05:00
d885420aff
This changes the version requirement for adobe_flash_hacking_team_uaf.rb
...
Because it works for Win 8.1 + IE11 too
2015-07-07 12:42:56 -05:00
d30688b116
Add more requirement info
2015-07-07 12:33:47 -05:00
d9aacf2d41
Add module for hacking team flash exploit
2015-07-07 11:19:48 -05:00
c37b60de7b
Do some print_status with ms14_064
2015-07-07 00:57:37 -05:00
9a1500ee96
Change module name a little bit, makes it easier to find in GUI
2015-07-06 22:31:07 -05:00
4a70e23f9a
Add ExploitReloadTimeout datastore option
...
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
2015-07-06 19:20:15 -05:00
e16cd08599
Update the payload CachedSize
2015-07-06 17:16:56 -04:00
2a89e248d7
Pymet fix send uuid logic for Python 3.x
2015-07-06 11:20:34 -04:00
3d30cef58e
Land #5668 , I don't know how to avoif things
2015-07-06 09:24:18 -05:00
5b6ceff339
mime message
2015-07-06 15:00:12 +02:00
a9edfa1b4b
Fix a small typo
2015-07-06 13:37:36 +02:00
133e221dcd
Remove unnecessary steps.
2015-07-05 19:00:58 -05:00
c993c70006
Remove sleep(), clean up WritableDir usage.
2015-07-05 18:59:00 -05:00
d2063c92e1
Refactor datastore names to match standards
2015-07-05 18:21:45 -05:00
72a1e9ad99
Add module for rootpipe+entitlements exploit for 10.10.3.
2015-07-05 18:19:46 -05:00
b577f79845
Fix some bugs in the safari file navigation module.
2015-07-05 16:46:18 -05:00
632bcda345
Land #5652 , improve LAPS filter to reduce empty results
2015-07-03 15:02:39 -04:00
29d45e3b18
Pymet patch in timeout info on generate_stage
2015-07-03 14:12:29 -04:00
43d47ad83e
Port BAPv2 to Auxiliary
2015-07-02 15:29:24 -05:00
e843db78dc
put rhost option back
...
it is needed for the wmic query that
creates the shadowcopy
MSP-12867
2015-07-02 14:46:40 -05:00
7b2b526ea1
deregister unwated options
...
deregister mixin options that we don't need
for this module
2015-07-02 14:33:21 -05:00
8892cbdd10
Fix some minor things
2015-07-02 14:32:16 -05:00
cc51d1e8fd
use registry data for VSS grab
...
use the location data we got from the registry for copying
the NTDS.dit file correctly with the VSS method
2015-07-02 14:27:51 -05:00
89d283da09
check registry for ntds location
...
check the registry for the location of the ntds.dit
file
MSP-12867
2015-07-02 14:07:47 -05:00
95f19e6f1f
Minor description edits for clarity
...
Edited modules/exploits/multi/browser/adobe_flash_nellymoser_bof.rb
first landed in #5642 , Adobe Flash CVE-2015-3113 Nellymoser Audio
Decoding BOF
Edited modules/post/windows/gather/credentials/enum_laps.rb first landed
in #5590 , @Meatballs1 adds MS LAPS Enum post mod
Edited modules/post/windows/gather/enum_ad_bitlocker.rb first landed in
Keys from AD
2015-07-02 13:51:37 -05:00
87e6325737
Revert BAPv2 changes to framework/libraries/handlers
2015-07-02 12:10:21 -05:00
42daf4d38b
fix up ordering of pre-checks
...
i hate early returns, but we need to bail out early
if some of these checks fail
MSP-12867
2015-07-02 11:52:02 -05:00
99c29052c7
Merge branch 'smb_enumuser_domain_storage' of github.com:jabra-/metasploit-framework into smb_enumuser_domain_storage
2015-07-02 08:24:04 -04:00
dfa71a2b44
update to store creds using the new method
2015-07-02 08:22:21 -04:00
8a3873d730
Tweak filter to reduce empty results
2015-07-02 09:53:08 +01:00
2957924c78
Merge branch 'upstream-master' into bapv2
2015-07-02 01:46:31 -05:00
49d3b275b2
Land #5648 , Update CVE-2015-3043 info
2015-07-02 01:36:26 -05:00
a37ac1b089
Land #5590 , @Meatballs1 adds MS LAPS Enum post mod
2015-07-01 21:19:15 -04:00
3b9ba189f7
Add CVE-2015-3043 information
2015-07-01 19:56:35 -05:00
8051a99f4a
Merge branch 'upstream-master' into bapv2
2015-07-01 18:45:42 -05:00
32d5e7f3de
Land #5642 , Adobe Flash CVE-2015-3113 Nellymoser Audio Decoding BOF
2015-07-01 18:44:38 -05:00
93c74efb97
Add Ubuntu as a tested target
2015-07-01 18:43:22 -05:00
1c5abec97a
Land #5632 , mozilla_reduceright nil fix
2015-07-01 15:56:31 -05:00
ee118aa89d
Fix description
2015-07-01 13:30:22 -05:00
1de94a6865
Add module for CVE-2015-3113
2015-07-01 13:13:57 -05:00
399b3d2810
Land #5629 , moar cmd_exec refactoring
2015-07-01 00:36:19 -05:00
d6261a54b1
Land #5608 , part 2, update payload cache sizes
2015-07-01 00:31:40 -05:00
6711091c70
update cached payload sizes
2015-07-01 00:31:09 -05:00
e99d63687f
Land #5608 , android and java meterpreter transport and sleep support
...
This also includes stageless Windows meterpreter fixes for process migration.
2015-07-01 00:23:36 -05:00
3632cc44c5
Fix nil error when target not found
2015-06-30 11:48:41 -05:00
7aeb9e555b
Change ranking and support CAMPAIGN_ID
2015-06-29 12:13:46 -05:00
656e6f5c73
Fix windows enum modules
2015-06-29 11:56:38 -05:00
834c0e594a
Update multi modules
2015-06-29 11:36:28 -05:00
ae172691f2
Update linux gather post modules
2015-06-29 10:21:13 -05:00
2cbb107bba
Update enum_configs
2015-06-29 09:55:18 -05:00
afa442ad89
Fix a stack trace with ipmi_dumphashes when no database was configured.
2015-06-29 00:46:35 -05:00
355738909a
Fixes typo
2015-06-28 09:32:16 -05:00
5c18fc82f2
Stores credentials using create_credential_login
2015-06-28 09:24:31 -05:00
1d50bda609
initial add of blank file
2015-06-27 21:38:25 -04:00
b332b25795
Stores credentials in DB, fixes loop variable and nil dereference bug
2015-06-27 19:06:15 -05:00
9bd920b169
Merge branch 'upstream-master' into bapv2
2015-06-27 12:19:55 -05:00
bb43f7e30f
use the correct transport for x64/meterpreter_reverse_https
2015-06-27 10:50:54 -05:00
007da4af41
Force :init_connect for stageless
2015-06-27 18:21:15 +10:00
52b49503a0
Land #5498 , @hmoore-r7's patch for a number of Net::DNS/enum_dns issues
2015-06-26 18:25:03 -05:00
093f339f6b
Land #5268 , @Meatballs1's post windows module to retrieve Bitlocker Recovery Keys from AD
2015-06-26 17:07:36 -05:00
326bec0a1f
Land #5581 , s/shell_command_token/cmd_exec/
2015-06-26 16:59:40 -05:00
600a296291
Do minor cleanup
2015-06-26 16:51:00 -05:00
a10fa02b00
Land #5606 , @wchen-r7's glassfish fixes
2015-06-26 14:12:50 -05:00
3b5e2a0c6e
Use TARGETURI
2015-06-26 14:02:17 -05:00
b46e1be22f
Land #5371 , Add file checking to the on_new_session cleanup
2015-06-26 13:33:57 -05:00
c04490e5eb
Remove comma before coordinating conjunction
...
An independent clause does not follow.
2015-06-26 12:50:37 -05:00
2968f52ca4
Removes debug sql output
2015-06-26 12:22:34 -05:00
a338920cb3
lansweeper_collector retrieves and decrypts credentials store in the database of Lansweeper
2015-06-26 12:21:35 -05:00
31eedbcfa0
Minor cleanups on recent modules
...
Edited modules/auxiliary/scanner/http/ms15_034_http_sys_memory_dump.rb
first landed in #5577 , MS15-034 HTTP.SYS Information Disclosure
Edited modules/exploits/multi/browser/adobe_flash_shader_drawing_fill.rb
first landed in #5605 , CVE-2015-3105 flash exploit
Edited modules/exploits/multi/browser/adobe_flash_shader_job_overflow.rb
first landed in #5559 , Adobe Flash Player ShaderJob Buffer Overflow
Edited modules/auxiliary/test/report_auth_info.rb first landed in #5540 ,
@wchen-r7's changes for multiple auxiliary modules to use the new cred
API
2015-06-26 12:18:33 -05:00
7ccc86d338
Use cmd_exec
2015-06-26 11:54:19 -05:00
31b7ef49d6
Solve conficts
2015-06-26 11:36:17 -05:00
eba1e24b96
Land #5605 , CVE-2015-3105 flash exploit
2015-06-26 10:30:10 -05:00
84c0e62fd3
Land #5493 , update OWA scanner creds persistence
2015-06-26 08:46:27 -05:00
7f4a96f3dc
Fixes coding style issues
2015-06-26 03:29:17 -05:00
a773979992
Java config wiring, tweak to include block counts
...
This commit adjusts the way that the config block is set for java and
android because behind the scenes the stageless connect-backs need to
know what to discard. as a result of connecting back to staged listeners
we need to be able to discard a number of bytes/blocks before we can
continue process (at least in the case of TCP).
2015-06-26 13:59:09 +10:00
c70e38a14e
Do more reporting
2015-06-25 22:39:56 -05:00
3da3595181
MSF module to download and decrypt credentials stored in Lansweeper's database
2015-06-25 19:29:30 -05:00
5ef4cc2bb4
Save creds
2015-06-25 17:10:20 -05:00
1a371b11b0
Update description
2015-06-25 17:04:31 -05:00
ee0377ca16
Add module for CVE-2015-3105
2015-06-25 13:35:01 -05:00
63f584cbfd
Add last_attempted_at
2015-06-25 12:08:38 +05:00
c330d10403
Make SSL as a basic option
...
Also:
Fix #5558
2015-06-25 02:06:51 -05:00
5c98da05fb
This works for Glassfish 4.0 & 9.1
2015-06-25 01:58:24 -05:00
c826785ebb
Fix auth bypass
2015-06-24 19:49:04 -05:00
8e4fa80728
This looks good so far
2015-06-24 19:30:02 -05:00
d9b6e46685
Merge branch 'upstream/master' into android-java-transport-refactor
2015-06-25 09:50:42 +10:00
2206a6af73
Support older targets x86 for MS15-051
2015-06-25 09:33:15 +10:00
cea8605365
Fix #5596 by catching RuntimeError from Rex::Poly
2015-06-24 15:17:33 -05:00
827d241482
Land #5539 , Quake scanner fix
2015-06-24 15:00:39 -05:00
a149fb5710
Land #5554 , @g0tmi1k's persistence improvements
...
age aborts
age aborts
2015-06-24 14:37:25 -05:00
e7e8135acd
Clean up module
2015-06-24 14:35:10 -05:00
c8dddbff70
server header
2015-06-24 21:32:01 +02:00
380af29482
Progress?
2015-06-24 14:17:45 -05:00
0493ba83a0
Add transport configuration support
2015-06-24 21:26:47 +10:00
8b6fba4988
Tweak and fix some things in Safari file URL module.
2015-06-24 02:08:06 -05:00
e796e56c6c
Modify the staging process
2015-06-24 13:22:33 +10:00
9c4a96761e
Small tidyup
2015-06-23 23:10:29 +01:00
4392b7c1de
Enum LAPS
2015-06-23 23:02:22 +01:00
221980820a
Committed wrong file
...
This reverts commit 76c2198ef0
2015-06-23 23:01:59 +01:00
76c2198ef0
LAPS enum
2015-06-23 22:56:53 +01:00
18a9585f7a
Add safari module for CVE-2015-1155
2015-06-23 16:15:50 -05:00
8bc012a665
echo stager via upload vulnerability
2015-06-23 23:09:08 +02:00
c45e42465a
Land #5492 , update PCAnywhere login scanner
2015-06-23 14:48:25 -05:00
5751e196bb
Remove extraneous newline
2015-06-23 14:43:37 -05:00
6046994138
version does not return nil
2015-06-23 10:31:01 -05:00
59af7ef1fc
Remove the extra target_uri
2015-06-23 10:27:50 -05:00
a2a231c242
Land #5577 , MS15-034 HTTP.SYS Information Disclosure
2015-06-23 10:20:54 -05:00
11366971da
Oh never mind, user-agent makes it more difficult to use (more crashes)
2015-06-23 01:24:17 -05:00
6127b8a037
Pass user-agent
2015-06-23 01:23:01 -05:00
8ce5cc23cf
More consistent filename style
2015-06-23 01:08:34 -05:00
e9b548e8a2
Changes for ms15034_http_sys_memory_dump.rb
2015-06-23 01:07:33 -05:00
302db36daa
Add last_attempted_at to creds object
2015-06-23 09:46:01 +05:00
8086a6f8cc
remove unnecessary begin/rescue, change print_* to vprint_* in check()
2015-06-22 20:25:12 -04:00
f216841d01
Update enum_vbox
2015-06-22 17:54:17 -05:00
8ade66027a
update cached payload sizes
2015-06-22 17:19:02 -05:00
e696d2f3dc
Merge branch 'master' into land-5348-ntds
2015-06-22 17:18:13 -05:00
c20d2a1dd9
Update post/multi/gather/env
...
* Use cmd_exec
2015-06-22 16:20:46 -05:00
a309d99da9
Fix enum_osx
...
* Use cmd_exec
2015-06-22 16:09:30 -05:00
dedfca163d
Change check()
2015-06-22 15:05:12 -05:00
90e17aee6b
clarified affected OSes and error messages
2015-06-22 15:47:26 -04:00
4475b7ec8e
Update enum_keychain
...
* Use cmd_exec
2015-06-22 14:30:46 -05:00
784be06b6f
Update nmap
...
* Use cmd_exec
2015-06-22 14:20:02 -05:00
d98d2ffd4d
Update setuid_viscosity
...
* Use cmd_exec
2015-06-22 14:04:04 -05:00
60bdc10aed
Update setuid_tunnelblick
...
* Use cmd_exec
2015-06-22 13:57:33 -05:00
6a00ce62de
Update persistence module
...
* Delete unused method
2015-06-22 12:25:00 -05:00
774aef7241
add module to dump memory via MS15-034
2015-06-22 10:31:31 -04:00
3686accadd
Merge branch 'upstream/master' into cve-2015-1701
2015-06-22 07:52:17 +10:00
7bda1e494b
Use Rex::Socket::Tcp
2015-06-21 13:40:31 -07:00
efece12b40
Minor clean ups for ruby strings and check method
2015-06-21 16:07:44 -04:00
7f55f6631c
Remove the timeout option
2015-06-20 20:14:47 -07:00
01e87282a9
Use Msf::ThreadManager#spawn
2015-06-20 18:48:10 -07:00
dabc7abae5
Change method names to lowercase
2015-06-20 18:23:34 -07:00
ea49fd2fdc
Update sysaid_rdslogs_fle_upload.rb
2015-06-20 16:59:28 +01:00
50a3a32bfd
Update sysaid_sql_creds.rb
2015-06-20 16:58:42 +01:00
78c2f8a3a3
Update sysaid_sql_creds.rb
2015-06-20 16:57:34 +01:00
11aca8b27a
Update sysaid_file_download.rb
2015-06-20 16:54:33 +01:00
3181d76e63
Update sysaid_auth_file_upload.rb
2015-06-20 16:53:33 +01:00
cf8008ed38
Update sysaid_admin_acct.rb
2015-06-20 16:52:13 +01:00
d8e11789ea
cmd_interact - first try
2015-06-20 07:59:25 +02:00
74bc9f7a91
Land #5529 , @omarix's Windows 2003 SP1 & SP2 French targets for MS08-067
2015-06-19 16:57:07 -05:00
61ad4ada7d
Delete commas
2015-06-19 16:03:16 -05:00
4762e9f62c
Land #5540 , @wchen-r7's changes for multiple auxiliary modules to use the new cred API
2015-06-19 15:39:09 -05:00
fa6e45964e
Provide context to the note
2015-06-19 15:38:26 -05:00
83427583ea
report_note for group info
2015-06-19 15:09:50 -05:00
ef286fdfcf
Remove report_auth_info
2015-06-19 15:06:02 -05:00
b104155cf1
Do Metasploit::Model::Login::Status::UNTRIED
2015-06-19 15:05:42 -05:00
bd097e3264
Land #5497 , Refactor LoginScanner::SNMP to be fast and less buggy
2015-06-19 14:57:36 -05:00
34d5d92646
Land #5555 , @Th3R3p0's support for for RFB Version 4
2015-06-19 14:15:04 -05:00
d19c2e7206
Land #5544 , track updates to SSL Labs API
2015-06-19 11:39:38 -05:00
bf170a195d
the API sometimes returns negative percents - treat these as 0
2015-06-19 11:38:36 -05:00
5a277389f2
remove some trailing commas
2015-06-19 11:38:22 -05:00
9da99a8265
Merge branch 'upstream-master' into bapv2
2015-06-19 11:36:27 -05:00
5a548c3792
Land #5453 , Update dbvis_enum to use the new cred API
2015-06-19 11:35:07 -05:00
2587595a92
Land #5556 , vprint_status fix
2015-06-19 11:24:54 -05:00
b994801172
Revert auto tab replacement
2015-06-19 11:22:40 -05:00
6ec8488929
Land #5560 , @wchen-r7 Changes ExcellentRanking to GoodRanking for MS14-064
2015-06-19 11:15:41 -05:00
ebd376e0f3
Land #5485 , @wchen-r7 updates wordpress_login_enum to use the new cred API
2015-06-19 10:50:07 -05:00
dfae4bbbf0
Do reporting more accurate
2015-06-19 10:48:12 -05:00
7f56b4635c
Land #5546 , Use the new cred API for auxiliary/server/capture/telnet
2015-06-19 10:46:01 -05:00
d86c21e94a
Land #5567 , author fix
2015-06-19 10:41:41 -05:00
15985e8b4f
Land #5559 , Adobe Flash Player ShaderJob Buffer Overflow
2015-06-19 10:38:05 -05:00
c95b3bb31d
Land #5479 , @wchen-r7 Updates kloxo_sqli to use the new cred API
2015-06-19 10:32:21 -05:00
c2f0973ed0
Report attempt_time
2015-06-19 10:31:50 -05:00
joev
OJ
rastating
William Vu
James Lee
wchen-r7
Tod Beardsley
Pedro Ribeiro
jvazquez-r7
Ramon de C Valle
Marc-Andre Meloche
Christian Mehlmauer
Brent Cook
h00die
Mo Sadek
g0tmi1k
HD Moore
xistence
Michael Messner
cldrn
Spencer McIntyre
Donny Maasland
David Maloney
Josh Abraham
Meatballs
Trevor Rosen
root
rwhitcroft