jvazquez-r7
a4bc17ef89
deregister options needed for exploitation
2014-09-26 10:15:46 -05:00
jvazquez-r7
54e6763990
Add injection to HOSTNAME and URL
2014-09-26 10:13:24 -05:00
jvazquez-r7
a31b4ecad9
Merge branch 'review_3893' into test_land_3893
2014-09-26 08:41:43 -05:00
James Lee
86f85a356d
Add DHCP server module for CVE-2014-6271
2014-09-26 01:24:42 -05:00
sinn3r
38c8d92131
Land #3888 - exploit module version of CVE-2014-6271
2014-09-26 00:31:41 -05:00
HD Moore
b878ad2b75
Add a module to exploit bash via DHCP, lands #3891
...
This module is just a starting point for folks to test their DHCP client implementations and we plan to significantly overhaul this once we get a bit of breathing room.
2014-09-25 23:38:40 -05:00
Ramon de C Valle
9c11d80968
Add dhclient_bash_env.rb (Bash exploit)
...
This module exploits a code injection in specially crafted environment
variables in Bash, specifically targeting dhclient network configuration
scripts through the HOSTNAME, DOMAINNAME, and URL DHCP options.
2014-09-26 01:37:00 -03:00
HD Moore
52ffddd639
Adds domain and url options to DHCP/PXE server, lands #3889
...
There are serious style and code quality issues with this class and normally I would push for a full refactor, but given the urgency of delivering DHCP functionality to support the bash issues, we will have to refactor the DHCP Server code another day.
2014-09-25 22:43:51 -05:00
HD Moore
6516abb3a0
Fix an ancient bug in the DHCP mixin, lands #3890
2014-09-25 22:39:51 -05:00
Ramon de C Valle
bdac82bc7c
Fix lib/msf/core/exploit/dhcp.rb
2014-09-25 22:18:26 -03:00
Ramon de C Valle
5dde73bb51
Add domain name and url options to DHCP server
2014-09-25 19:58:42 -03:00
jvazquez-r7
ad864cc94b
Delete unnecessary code
2014-09-25 16:18:01 -05:00
jvazquez-r7
9245bedf58
Make it more generic, add X86_64 target
2014-09-25 15:54:20 -05:00
Samuel Huckins
be6552dae7
Clarifying VMware priv esc via bash module name
2014-09-25 14:34:09 -05:00
jvazquez-r7
d8c03d612e
Avoid failures due to bad payload selection
2014-09-25 13:49:04 -05:00
jvazquez-r7
91e5dc38bd
Use datastore timeout
2014-09-25 13:36:05 -05:00
jvazquez-r7
8a43d635c3
Add exploit module for CVE-2014-6271
2014-09-25 13:26:57 -05:00
jvazquez-r7
e0fc30c040
Land #3884 , @wvu's check and reporting for apache_mod_cgi_bash_env
2014-09-25 09:52:17 -05:00
William Vu
f66c854ad6
Fix description to be less lulzy
2014-09-25 07:09:08 -05:00
William Vu
9ed28408e1
Favor check_host for a scanner
2014-09-25 07:06:12 -05:00
William Vu
62b74aeaed
Reimplement old check code I was testing before
...
I would like to credit @wchen-r7 for providing advice and feedback.
@jvazquez-r7, too! :)
2014-09-25 06:38:25 -05:00
Joe Vennix
979d046bbf
Land #3885 , @mubix's improvements to vmware root.
...
This prevents the need to kill any processes before getting root
privs, which is a good timesaver.
2014-09-25 01:38:57 -05:00
William Vu
d9120cd586
Fix typo in description
...
Running on fumes here...
2014-09-25 01:22:08 -05:00
William Vu
790df96396
Fix missed var
2014-09-25 01:19:14 -05:00
Rob Fuller
f13289ab65
remove debugging
2014-09-25 02:16:19 -04:00
William Vu
e051cf020d
Add missed mixin
2014-09-25 01:14:58 -05:00
William Vu
27b8580f8d
Add protip to description
...
This gets you lots of shells.
2014-09-25 01:10:22 -05:00
Rob Fuller
8cb4ed4cb7
re-add quotes -oops
2014-09-25 02:09:12 -04:00
William Vu
b1e9b3664e
Improve false positive check
2014-09-25 01:01:11 -05:00
Rob Fuller
6fb587ef96
update to use vmware-vmx-stats
2014-09-25 01:55:04 -04:00
William Vu
8daf8d4339
Report vuln for apache_mod_cgi_bash_env
...
Now with fewer false positives! It's kinda like a check method.
2014-09-25 00:42:14 -05:00
jvazquez-r7
37753e656e
Land #3882 , @jvennix-r7's vmware/bash privilege escalation module
2014-09-25 00:42:12 -05:00
jvennix-r7
a9049f445b
Merge pull request #15 from jvazquez-r7/test_3882
...
Fix processes check
2014-09-25 00:39:13 -05:00
jvazquez-r7
456d731aa3
Fix processes check
2014-09-25 00:24:39 -05:00
William Vu
fd34bdb22f
Add missed fix (formatting)
2014-09-24 23:12:29 -05:00
William Vu
5a59b7cd89
Fix formatting
2014-09-24 23:12:11 -05:00
William Vu
d70c5b889a
Add missed fix (add peer)
2014-09-24 22:53:33 -05:00
William Vu
e6f0736797
Add peer
2014-09-24 22:48:51 -05:00
Tod Beardsley
47ff2fdf89
Land #3883 , more generic HTTP method/CMD
2014-09-24 22:44:18 -05:00
William Vu
8b6519b5b4
Revert shortened reference
...
But it's so long. :(
2014-09-24 22:43:33 -05:00
William Vu
ecb10ebe28
Add variable HTTP method and other stuff
2014-09-24 22:41:01 -05:00
Joe Vennix
f6708b4d83
Check for running vmware processes first.
2014-09-24 19:11:38 -05:00
Tod Beardsley
ff5398bf3f
Land #3880 , bash scanner module
2014-09-24 19:03:37 -05:00
William Vu
a600a0655d
Scannerify the module
2014-09-24 18:58:39 -05:00
William Vu
abadf65d8d
Clean up title and formatting
2014-09-24 18:42:43 -05:00
William Vu
2562964581
Revert to my original code of using CMD
2014-09-24 18:00:13 -05:00
Joe Vennix
99da950734
Adds osx vmware/bash priv escalation.
2014-09-24 17:44:14 -05:00
William Vu
6ae578f80f
Add Stephane Chazelas as an author
2014-09-24 17:14:18 -05:00
William Vu
b2555408a4
Rename module
...
I don't think we're gonna make a supermodule like we had hoped.
2014-09-24 16:55:10 -05:00
William Vu
31e9e97146
Replace unnecessary reference with a better one
2014-09-24 16:52:43 -05:00