0dbad5d2e3
Land #11349 , Add Evince CBT File Command Injection module
2019-02-06 17:54:07 -06:00
15f624b745
Land #11304 , Add CVE-2018-1000999 to MailCleaner module
2019-02-05 07:19:32 -06:00
ac94557a15
Land #11347 , add version check to Safari RCE exploit
2019-02-04 05:22:01 -06:00
6f31b1a110
Change default payload to reverse_bash
2019-02-03 06:18:31 +00:00
9c3368f325
Add Evince CBT File Command Injection module
2019-02-03 05:38:56 +00:00
9070435603
Change to support the new nuuo lib
2019-01-30 21:32:33 +07:00
b7bc52d20b
Fix HTTP/SMB mixin order to restore SSL option
...
Mixin order matters. Mixins kinda suck.
2019-01-29 11:09:34 -06:00
f5afe98111
Add github and full disc URL
2019-01-24 22:01:02 +07:00
2bf663cf7d
Add full disclosure URL
2019-01-24 21:59:45 +07:00
2d1cecd4d5
Fix request pattern matching
2019-01-23 13:39:52 -05:00
daa3076d42
Add CVE-2018-1000999 to MailCleaner module
...
See PR #11148
This adds the new CVE assigned by DWF for this vulnerability.
Note that [CVE-2018-10933](https://www.cvedetails.com/cve/CVE-2018-10933/ )
describes a vulnerability in libssh, but this one describes the issue as
it pertains to MailCleaner specifically.
2019-01-23 09:27:12 -06:00
47fd066a29
Msftidy
2019-01-22 21:06:11 -05:00
1f56bccf31
Small improvements from review
2019-01-22 20:46:28 -05:00
2ae6142de7
Land #11243 , Add ASan SUID Privesc
2019-01-22 15:50:53 -06:00
f4aaf6c816
Add https to msf link
2019-01-22 19:14:52 +07:00
fbde697e3f
Update nuuo_cms_fu.rb
2019-01-22 18:57:02 +07:00
5fc0c66109
add version to check to safari exploit
2019-01-22 16:10:51 +08:00
f336f41182
Update nuuo_cms_sqli.rb
2019-01-22 12:50:02 +07:00
4e1d79ac4b
Update nuuo_cms_fu.rb
2019-01-22 12:45:47 +07:00
da4bd2e9b8
Remove peer
2019-01-22 12:10:45 +07:00
0685ebed76
Remove peer as that is not needed
2019-01-22 12:08:41 +07:00
9a068e9221
Repair CMS installation and use getsystem
2019-01-22 11:57:54 +07:00
688ee3d579
Remove tested versions since that is already on the docs
2019-01-22 11:43:33 +07:00
100fd7b80a
Make description shorter
2019-01-21 17:40:50 +07:00
15d4ca9070
Add CMS link and manual ranking
2019-01-21 17:33:58 +07:00
f8de99422d
Add correct rand call
...
Co-Authored-By: pedrib <pedrib@gmail.com>
2019-01-21 17:31:23 +07:00
5b699768fb
Add correct rand call
...
Co-Authored-By: pedrib <pedrib@gmail.com>
2019-01-21 17:31:08 +07:00
88c74fcd40
add https for link
...
Co-Authored-By: pedrib <pedrib@gmail.com>
2019-01-21 17:30:54 +07:00
01e510b48f
add failure tag
...
Co-Authored-By: pedrib <pedrib@gmail.com>
2019-01-21 17:30:35 +07:00
bd3d6ee6bf
Create nuuo_cms_sqli.rb
2019-01-21 17:14:41 +07:00
9ffff16e95
Add Nuuo CMS file upload exploit
2019-01-21 17:06:10 +07:00
060d20694d
Attribution
2019-01-20 09:18:43 +00:00
f47060870a
horde imp h3 imap_open
2019-01-18 19:43:45 -05:00
2585e4b708
horde imp h3 imap_open
2019-01-18 19:38:30 -05:00
1121ce1127
Change default filename to random
2019-01-17 20:12:53 -05:00
5d49f04948
not working horde imp imap_open
2019-01-17 19:55:42 -05:00
2577160449
update print_error, add PrependFork and adjust timeout
2019-01-16 23:20:06 -08:00
31a7b13c19
ms17_010_psexec: fix RHOST in "authenticating..." message
2019-01-16 11:23:21 +01:00
1947bae45b
Land #11230 , add JuicyPotato local privilege escalation
2019-01-15 21:20:25 -06:00
27d6fffdad
Land #11125 , Import/generate `ysoserial` Java serialization objects
2019-01-15 17:09:56 -06:00
a73fe9433b
land #11169 blueman priv esc on linux
2019-01-15 10:32:46 -05:00
8c636f27d5
Update check method to confirm vulnerability
2019-01-15 11:31:31 +11:00
47f8738f74
Add Imran Rashid to CVE-2018-11770 credit
2019-01-14 15:28:08 -06:00
52ff0a8b75
Update exploits/linux/http/spark_unauth_rce as CVE-2018-11770
2019-01-14 15:10:29 -06:00
8cd26b74d7
Please msftidy gods
2019-01-13 19:22:51 -05:00
171d46db9b
Add disclosure date, more references, and authors
2019-01-13 19:11:05 -05:00
89e8ff9c80
Update office_excel_slk.rb
2019-01-13 18:08:51 -05:00
d88d1d0f1d
Create office_excel_slk.rb
2019-01-13 17:31:34 -05:00
c6f4eda7f9
Add ASan SUID Executable Privilege Escalation module
2019-01-12 09:14:20 +00:00
e69d509bdf
chore: update description and ranking
2019-01-12 04:32:21 +01:00
3a865a0c05
feat: spawn as NT AUTHORITY\SYSTEM
2019-01-12 04:03:26 +01:00
e9a8d5708a
Land #11234 , @bcoles revisionism
2019-01-11 20:15:34 -06:00
fe6956d7f7
Use mixins
2019-01-11 22:46:58 +00:00
20fd6b6134
Add check for writable and nosuid WritableDir
2019-01-11 22:41:14 +00:00
149f895329
feat: add LOGFILE support for debug
2019-01-11 18:21:54 +01:00
dca99552e6
feat: pass payload length to the dll
2019-01-11 16:28:49 +01:00
7653d64c4a
fix: improve exploit check
2019-01-11 15:38:57 +01:00
24f807490f
revisionism
2019-01-10 19:19:14 +00:00
9f8bac59f7
Land #11215 , success
2019-01-10 12:57:46 -06:00
74330f87dc
Land #11223 - ueb priv esc suggestion
...
ueb priv esc suggestion.
2019-01-10 10:35:28 -06:00
dc2d3c5774
feat: add juicy potato post module, fixes #11229
2019-01-10 17:20:43 +01:00
2f939481e7
Land #11206 , add coldfusion ckeditor file upload
2019-01-10 07:27:38 -06:00
b81f59e7b1
Fix targets and syntax changes
2019-01-10 06:39:45 -06:00
71aa4c8d9e
Adding respond code/body check for successful command execution
2019-01-10 00:01:19 -08:00
3aabeee959
Update SSL, timeout and uid regex
2019-01-09 23:20:37 -08:00
5a956bb27b
Apply suggestions from code review
...
Co-Authored-By: rsp3ar <rsp3ar@users.noreply.github.com>
2019-01-09 21:07:01 -08:00
799a79b715
ueb priv esc suggestion
2019-01-09 20:28:53 -05:00
0c984fa232
Fix messages /successfuly/successfully
2019-01-09 06:32:22 -06:00
24de5d6ee3
Update to use CmdStager
2019-01-08 20:07:35 -08:00
16b8cf7059
Land #11148 , Adding Module MailCleaner RCE
2019-01-08 14:10:31 -06:00
a0acfa79d7
Target payloads
2019-01-08 13:27:26 -06:00
bab651e94d
Add Imperva SecureSphere module
2019-01-07 22:18:04 -08:00
a63c057c3a
Integrate bcoles' comments (filename generation, conditional block improvement, etc.)
2019-01-06 22:50:46 +01:00
c03466d2f2
Fixed date format issue and added Bugtraq ID
2019-01-06 14:34:40 +01:00
4644ad8966
Add CVE-2018-15961 Adobe ColdFusion CKEditor unrestricted file upload
2019-01-06 04:55:20 +01:00
29e7c49332
Land #10444 , add Consul rexec RCE module
2018-12-28 09:14:28 -06:00
fb8f06b2f5
Land #10443 , add Consul service RCE module
2018-12-28 08:33:56 -06:00
4e8ad22a7a
Adding CVE number
2018-12-26 13:15:36 +03:00
fa542b9691
Adding platform and arch to top level
2018-12-25 15:56:25 +03:00
18c844623a
Remove extra spaces.
2018-12-24 13:48:07 +01:00
e10792f4e6
Remove extra space.
2018-12-24 13:30:03 +01:00
98dc59728e
Add blueman set_dhcp_handler D-Bus Privilege Escalation
2018-12-24 08:03:55 +00:00
b9742802aa
Land #11137 , Clean up linux/local/vmware_alsa_config exploit module
2018-12-21 17:04:11 -06:00
983b39a5b3
Use @iZsh's exploit
2018-12-21 15:40:01 +00:00
4bc871c499
Add CmdStager to erlang_cookie_rce
2018-12-21 07:33:37 -06:00
c959c98161
add original public research author
2018-12-21 02:54:35 -06:00
a7e8afe760
update references, remove unused metadata, use more straightforward string operations
2018-12-21 02:54:35 -06:00
0dab74a71f
tweak description
2018-12-21 02:54:35 -06:00
46acd7a206
simplify
2018-12-21 02:54:35 -06:00
2f35695327
update web link
2018-12-21 02:54:35 -06:00
ac51fbd122
style fixes
2018-12-21 02:54:35 -06:00
dc6ae6f058
initial import, CVE-2016-4117 OSX exploit
2018-12-21 02:54:35 -06:00
bf2de42077
Now supports all version of Consul.
2018-12-20 18:56:07 +01:00
2919b970cd
Implement execution checks with a timeout limit so we don't leave zombie checks running in background.
2018-12-20 18:41:35 +01:00
ba5c40db77
No need for CVE field.
2018-12-20 18:18:53 +01:00
9481ad04f2
Adding support for ARCH_CMD and updating docs
2018-12-20 12:12:01 +03:00
68ceb08957
Fixing minor issues such as err codes
2018-12-19 22:17:34 +03:00
e5c8c18ded
Adding Mailcleaner exec
2018-12-19 17:35:40 +03:00
6921b79890
Land #11089 , Erlang cookie rce exploit module
2018-12-19 08:02:40 -06:00
60f3cfbb79
ysoserial: Cleaned up ysoserial payload in `hp_imc_java_deserialize`
2018-12-18 15:17:51 -06:00
bb758f9a61
I didn't forget msftidy I swear
2018-12-18 14:55:12 -06:00
8a2a605a99
added targets
2018-12-18 14:50:57 -06:00
ef8601aa71
Bail early if we receive an unexpected response.
2018-12-18 19:42:26 +01:00
4ee7bdee6c
Merge branch 'consul_service_exec' of github.com:QKaiser/metasploit-framework into consul_service_exec
2018-12-18 19:33:51 +01:00
b3563b1bc2
Cleaner version of check function thanks to @bcoles.
2018-12-18 19:33:30 +01:00
5e134d7d8d
Update modules/exploits/multi/misc/consul_service_exec.rb
...
Co-Authored-By: QKaiser <QKaiser@users.noreply.github.com>
2018-12-18 19:27:19 +01:00
5192c081ee
Update modules/exploits/multi/misc/consul_service_exec.rb
...
Co-Authored-By: QKaiser <QKaiser@users.noreply.github.com>
2018-12-18 19:27:08 +01:00
6ad40deac3
print_status will never throw a JSON::ParseError exception.
2018-12-18 19:15:13 +01:00
a52ffbcead
Missing disclosure date.
2018-12-18 17:03:09 +01:00
a3d020a7e2
Add support for authorization with X-Consul-Token ACL header.
2018-12-18 16:56:03 +01:00
1839144978
Cleaner to define this as a Hash, then call .to_json on it.
2018-12-18 16:53:49 +01:00
177ae2f927
fail_with is not allowed in check method. Use vprint_error and return a CheckCode instead. Cleaner response check in check function. Usage of CheckCode instead of Exploit::CheckCode.
2018-12-18 16:33:53 +01:00
0feadf636b
Define in RPORT and SSL in register_options rather than DefaultOptions. Support for echo and printf command stager flavors + support for curl and wget command stager flavors (hence reactivation of SRVHOST, SRVPORT, URIPATH and SSLCert).
2018-12-18 16:29:36 +01:00
0acdcd98f2
Merge branch 'master' into consul_service_exec
2018-12-18 16:27:08 +01:00
f487f978c2
Merge branch 'consul_exec' of github.com:QKaiser/metasploit-framework into consul_exec
2018-12-18 16:09:18 +01:00
08541cd7b9
Merge branch 'master' into consul_exec
2018-12-18 16:07:08 +01:00
a1e1e4a4f4
Remove useless comment.
2018-12-18 16:05:50 +01:00
b80e5715d4
Add support for authorization with X-Consul-Token ACL header.
2018-12-18 16:02:39 +01:00
551f8c5e92
Support for echo and printf command stager flavors + support for curl and wget command stager flavors (hence reactivation of SRVHOST, SRVPORT, URIPATH and SSLCert).
2018-12-18 15:48:58 +01:00
f290221a66
Cleaner response check in check function. Usage of CheckCode instead of Exploit::CheckCode.
2018-12-18 15:36:52 +01:00
aeec5cf23e
Cleaner to define this as a Hash, then call .to_json on it. Better support of agent definition in check function.
2018-12-18 15:31:30 +01:00
e51530688b
fail_with is not allowed in check method. Use vprint_error and return a CheckCode instead.
2018-12-18 15:09:04 +01:00
4682cf5796
Define in register_options rather than DefaultOptions.
2018-12-18 15:04:28 +01:00
fc2d217c0a
Land #11135 , strip comments from source code before uploading it to the target
2018-12-17 21:23:29 -06:00
2fc501d260
Land #11112 , Fix bpf_priv_esc exploit module
2018-12-17 10:00:50 -06:00
7839add2fd
Land #11123 , Add module windows persistent service
2018-12-17 09:07:21 -06:00
88b7b7df4a
Fix additional path space issues
2018-12-17 07:00:23 -06:00
d973a58052
Clean up linux/local/vmware_alsa_config
2018-12-17 08:01:34 +00:00
0aa6e5a640
Handle path with spaces correctly.
2018-12-17 10:25:06 +08:00
fcb512878c
Add strip_comments method to Linux local exploits
2018-12-16 14:11:54 +00:00
5bf28887d2
Land #11127 , Fix TARGETURI support in struts2_namespace_ognl
2018-12-15 09:33:48 -06:00
b8e134b95d
Update version check
2018-12-15 05:39:50 +00:00
cd2dbf0edf
ysoserial: Modified `hp_imc_java_deserialize` to use the library
2018-12-14 16:13:17 -06:00
8adfef5730
Remove Version, Fix Whitespace
2018-12-14 13:19:49 -06:00
e67eaa94c9
Move code to ERB template
2018-12-14 13:13:32 -06:00
38bdee19e8
Fix TARGETURI support in struts2_namespace_ognl
2018-12-14 13:08:50 -06:00
6c9fafb9d5
Delete unused variable
...
I suppose the variable 'f' was for Name in 06720ee18b/modules/exploits/linux/smtp/haraka.py (L70)06720ee18b/modules/exploits/linux/smtp/haraka.py (L70)
2018-12-14 22:27:11 +05:30
556d182231
Remove code that was replaced
2018-12-14 09:15:01 -06:00
a057b72bd9
Use argument
2018-12-14 09:14:27 -06:00
dfa84aa1af
Use exploit default exception handling
2018-12-14 09:12:32 -06:00
5fd7b82f7a
Remove unused parameter
2018-12-14 09:10:29 -06:00
673cfe6889
Land #11119 , Add WEBUI_PORT to hp_van_sdn_cmd_inject exploit
2018-12-13 16:15:53 -06:00
58aa16d06b
Work around snprintf
2018-12-13 14:29:54 -06:00
f00118851a
Revert "Land #10886 , Bypassuac computerdefault"
...
This reverts commit 14b2cdc120a79b936e09
2018-12-13 13:56:16 -06:00
cc7cb7302e
Land #10944 , Add macOS Safari exploit from pwn2own2018
2018-12-13 13:50:19 -06:00
92feeea0ca
Minor syntax change
2018-12-13 13:46:40 -06:00
cb5648a1c7
Add WEBUI_PORT to hp_van_sdn_cmd_inject exploit
2018-12-13 12:22:36 -06:00
3f1aa425b4
msftidy....lol
2018-12-13 11:03:41 -06:00
2e26ceac8f
added comments
2018-12-13 10:55:09 -06:00
89e4e8bdea
Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master
2018-12-13 09:30:10 -06:00
Pearce Barry
Jacob Robles
Brent Cook
Brendan Coles
Pedro Ribeiro
William Vu
Carter Brainerd
Tod Beardsley
Shelby Pace
Tim W
h00die
rsp3ar
Clément Notin
Wei Chen
phra
Qazeer
Qazeer
Mehmet İnce
Quentin Kaiser
asoto-r7
Milton-Valencia
Quentin Kaiser
Green-m
Auxilus
bwatters-r7