Commit Graph

27459 Commits (a4bc17ef894c47a411ed65df4124d88e757b4506)

Author SHA1 Message Date
jvazquez-r7 a4bc17ef89 deregister options needed for exploitation 2014-09-26 10:15:46 -05:00
jvazquez-r7 54e6763990 Add injection to HOSTNAME and URL 2014-09-26 10:13:24 -05:00
jvazquez-r7 a31b4ecad9
Merge branch 'review_3893' into test_land_3893 2014-09-26 08:41:43 -05:00
James Lee 86f85a356d
Add DHCP server module for CVE-2014-6271 2014-09-26 01:24:42 -05:00
sinn3r 38c8d92131
Land #3888 - exploit module version of CVE-2014-6271 2014-09-26 00:31:41 -05:00
HD Moore b878ad2b75 Add a module to exploit bash via DHCP, lands #3891
This module is just a starting point for folks to test their DHCP client implementations and we plan to significantly overhaul this once we get a bit of breathing room.
2014-09-25 23:38:40 -05:00
Ramon de C Valle 9c11d80968 Add dhclient_bash_env.rb (Bash exploit)
This module exploits a code injection in specially crafted environment
variables in Bash, specifically targeting dhclient network configuration
scripts through the HOSTNAME, DOMAINNAME, and URL DHCP options.
2014-09-26 01:37:00 -03:00
HD Moore 52ffddd639 Adds domain and url options to DHCP/PXE server, lands #3889
There are serious style and code quality issues with this class and normally I would push for a full refactor, but given the urgency of delivering DHCP functionality to support the bash issues, we will have to refactor the DHCP Server code another day.
2014-09-25 22:43:51 -05:00
HD Moore 6516abb3a0 Fix an ancient bug in the DHCP mixin, lands #3890 2014-09-25 22:39:51 -05:00
Ramon de C Valle bdac82bc7c Fix lib/msf/core/exploit/dhcp.rb 2014-09-25 22:18:26 -03:00
Ramon de C Valle 5dde73bb51 Add domain name and url options to DHCP server 2014-09-25 19:58:42 -03:00
jvazquez-r7 ad864cc94b Delete unnecessary code 2014-09-25 16:18:01 -05:00
jvazquez-r7 9245bedf58 Make it more generic, add X86_64 target 2014-09-25 15:54:20 -05:00
Samuel Huckins be6552dae7
Clarifying VMware priv esc via bash module name 2014-09-25 14:34:09 -05:00
jvazquez-r7 d8c03d612e Avoid failures due to bad payload selection 2014-09-25 13:49:04 -05:00
jvazquez-r7 91e5dc38bd Use datastore timeout 2014-09-25 13:36:05 -05:00
jvazquez-r7 8a43d635c3 Add exploit module for CVE-2014-6271 2014-09-25 13:26:57 -05:00
jvazquez-r7 e0fc30c040
Land #3884, @wvu's check and reporting for apache_mod_cgi_bash_env 2014-09-25 09:52:17 -05:00
William Vu f66c854ad6
Fix description to be less lulzy 2014-09-25 07:09:08 -05:00
William Vu 9ed28408e1
Favor check_host for a scanner 2014-09-25 07:06:12 -05:00
William Vu 62b74aeaed
Reimplement old check code I was testing before
I would like to credit @wchen-r7 for providing advice and feedback.

@jvazquez-r7, too! :)
2014-09-25 06:38:25 -05:00
Joe Vennix 979d046bbf
Land #3885, @mubix's improvements to vmware root.
This prevents the need to kill any processes before getting root
privs, which is a good timesaver.
2014-09-25 01:38:57 -05:00
William Vu d9120cd586
Fix typo in description
Running on fumes here...
2014-09-25 01:22:08 -05:00
William Vu 790df96396
Fix missed var 2014-09-25 01:19:14 -05:00
Rob Fuller f13289ab65 remove debugging 2014-09-25 02:16:19 -04:00
William Vu e051cf020d
Add missed mixin 2014-09-25 01:14:58 -05:00
William Vu 27b8580f8d
Add protip to description
This gets you lots of shells.
2014-09-25 01:10:22 -05:00
Rob Fuller 8cb4ed4cb7 re-add quotes -oops 2014-09-25 02:09:12 -04:00
William Vu b1e9b3664e
Improve false positive check 2014-09-25 01:01:11 -05:00
Rob Fuller 6fb587ef96 update to use vmware-vmx-stats 2014-09-25 01:55:04 -04:00
William Vu 8daf8d4339 Report vuln for apache_mod_cgi_bash_env
Now with fewer false positives! It's kinda like a check method.
2014-09-25 00:42:14 -05:00
jvazquez-r7 37753e656e
Land #3882, @jvennix-r7's vmware/bash privilege escalation module 2014-09-25 00:42:12 -05:00
jvennix-r7 a9049f445b Merge pull request #15 from jvazquez-r7/test_3882
Fix processes check
2014-09-25 00:39:13 -05:00
jvazquez-r7 456d731aa3 Fix processes check 2014-09-25 00:24:39 -05:00
William Vu fd34bdb22f
Add missed fix (formatting) 2014-09-24 23:12:29 -05:00
William Vu 5a59b7cd89
Fix formatting 2014-09-24 23:12:11 -05:00
William Vu d70c5b889a
Add missed fix (add peer) 2014-09-24 22:53:33 -05:00
William Vu e6f0736797
Add peer 2014-09-24 22:48:51 -05:00
Tod Beardsley 47ff2fdf89
Land #3883, more generic HTTP method/CMD 2014-09-24 22:44:18 -05:00
William Vu 8b6519b5b4
Revert shortened reference
But it's so long. :(
2014-09-24 22:43:33 -05:00
William Vu ecb10ebe28
Add variable HTTP method and other stuff 2014-09-24 22:41:01 -05:00
Joe Vennix f6708b4d83
Check for running vmware processes first. 2014-09-24 19:11:38 -05:00
Tod Beardsley ff5398bf3f
Land #3880, bash scanner module 2014-09-24 19:03:37 -05:00
William Vu a600a0655d
Scannerify the module 2014-09-24 18:58:39 -05:00
William Vu abadf65d8d
Clean up title and formatting 2014-09-24 18:42:43 -05:00
William Vu 2562964581
Revert to my original code of using CMD 2014-09-24 18:00:13 -05:00
Joe Vennix 99da950734
Adds osx vmware/bash priv escalation. 2014-09-24 17:44:14 -05:00
William Vu 6ae578f80f
Add Stephane Chazelas as an author 2014-09-24 17:14:18 -05:00
William Vu b2555408a4
Rename module
I don't think we're gonna make a supermodule like we had hoped.
2014-09-24 16:55:10 -05:00
William Vu 31e9e97146
Replace unnecessary reference with a better one 2014-09-24 16:52:43 -05:00