bb758f9a61
I didn't forget msftidy I swear
2018-12-18 14:55:12 -06:00
8a2a605a99
added targets
2018-12-18 14:50:57 -06:00
ef8601aa71
Bail early if we receive an unexpected response.
2018-12-18 19:42:26 +01:00
4ee7bdee6c
Merge branch 'consul_service_exec' of github.com:QKaiser/metasploit-framework into consul_service_exec
2018-12-18 19:33:51 +01:00
b3563b1bc2
Cleaner version of check function thanks to @bcoles.
2018-12-18 19:33:30 +01:00
5e134d7d8d
Update modules/exploits/multi/misc/consul_service_exec.rb
...
Co-Authored-By: QKaiser <QKaiser@users.noreply.github.com>
2018-12-18 19:27:19 +01:00
5192c081ee
Update modules/exploits/multi/misc/consul_service_exec.rb
...
Co-Authored-By: QKaiser <QKaiser@users.noreply.github.com>
2018-12-18 19:27:08 +01:00
6ad40deac3
print_status will never throw a JSON::ParseError exception.
2018-12-18 19:15:13 +01:00
a52ffbcead
Missing disclosure date.
2018-12-18 17:03:09 +01:00
a3d020a7e2
Add support for authorization with X-Consul-Token ACL header.
2018-12-18 16:56:03 +01:00
1839144978
Cleaner to define this as a Hash, then call .to_json on it.
2018-12-18 16:53:49 +01:00
177ae2f927
fail_with is not allowed in check method. Use vprint_error and return a CheckCode instead. Cleaner response check in check function. Usage of CheckCode instead of Exploit::CheckCode.
2018-12-18 16:33:53 +01:00
0feadf636b
Define in RPORT and SSL in register_options rather than DefaultOptions. Support for echo and printf command stager flavors + support for curl and wget command stager flavors (hence reactivation of SRVHOST, SRVPORT, URIPATH and SSLCert).
2018-12-18 16:29:36 +01:00
0acdcd98f2
Merge branch 'master' into consul_service_exec
2018-12-18 16:27:08 +01:00
f487f978c2
Merge branch 'consul_exec' of github.com:QKaiser/metasploit-framework into consul_exec
2018-12-18 16:09:18 +01:00
08541cd7b9
Merge branch 'master' into consul_exec
2018-12-18 16:07:08 +01:00
a1e1e4a4f4
Remove useless comment.
2018-12-18 16:05:50 +01:00
b80e5715d4
Add support for authorization with X-Consul-Token ACL header.
2018-12-18 16:02:39 +01:00
551f8c5e92
Support for echo and printf command stager flavors + support for curl and wget command stager flavors (hence reactivation of SRVHOST, SRVPORT, URIPATH and SSLCert).
2018-12-18 15:48:58 +01:00
f290221a66
Cleaner response check in check function. Usage of CheckCode instead of Exploit::CheckCode.
2018-12-18 15:36:52 +01:00
aeec5cf23e
Cleaner to define this as a Hash, then call .to_json on it. Better support of agent definition in check function.
2018-12-18 15:31:30 +01:00
e51530688b
fail_with is not allowed in check method. Use vprint_error and return a CheckCode instead.
2018-12-18 15:09:04 +01:00
4682cf5796
Define in register_options rather than DefaultOptions.
2018-12-18 15:04:28 +01:00
fc2d217c0a
Land #11135 , strip comments from source code before uploading it to the target
2018-12-17 21:23:29 -06:00
2fc501d260
Land #11112 , Fix bpf_priv_esc exploit module
2018-12-17 10:00:50 -06:00
7839add2fd
Land #11123 , Add module windows persistent service
2018-12-17 09:07:21 -06:00
88b7b7df4a
Fix additional path space issues
2018-12-17 07:00:23 -06:00
d973a58052
Clean up linux/local/vmware_alsa_config
2018-12-17 08:01:34 +00:00
0aa6e5a640
Handle path with spaces correctly.
2018-12-17 10:25:06 +08:00
fcb512878c
Add strip_comments method to Linux local exploits
2018-12-16 14:11:54 +00:00
5bf28887d2
Land #11127 , Fix TARGETURI support in struts2_namespace_ognl
2018-12-15 09:33:48 -06:00
b8e134b95d
Update version check
2018-12-15 05:39:50 +00:00
cd2dbf0edf
ysoserial: Modified `hp_imc_java_deserialize` to use the library
2018-12-14 16:13:17 -06:00
8adfef5730
Remove Version, Fix Whitespace
2018-12-14 13:19:49 -06:00
e67eaa94c9
Move code to ERB template
2018-12-14 13:13:32 -06:00
38bdee19e8
Fix TARGETURI support in struts2_namespace_ognl
2018-12-14 13:08:50 -06:00
6c9fafb9d5
Delete unused variable
...
I suppose the variable 'f' was for Name in 06720ee18b/modules/exploits/linux/smtp/haraka.py (L70)06720ee18b/modules/exploits/linux/smtp/haraka.py (L70)
2018-12-14 22:27:11 +05:30
556d182231
Remove code that was replaced
2018-12-14 09:15:01 -06:00
a057b72bd9
Use argument
2018-12-14 09:14:27 -06:00
dfa84aa1af
Use exploit default exception handling
2018-12-14 09:12:32 -06:00
5fd7b82f7a
Remove unused parameter
2018-12-14 09:10:29 -06:00
673cfe6889
Land #11119 , Add WEBUI_PORT to hp_van_sdn_cmd_inject exploit
2018-12-13 16:15:53 -06:00
58aa16d06b
Work around snprintf
2018-12-13 14:29:54 -06:00
f00118851a
Revert "Land #10886 , Bypassuac computerdefault"
...
This reverts commit 14b2cdc120a79b936e09
2018-12-13 13:56:16 -06:00
cc7cb7302e
Land #10944 , Add macOS Safari exploit from pwn2own2018
2018-12-13 13:50:19 -06:00
92feeea0ca
Minor syntax change
2018-12-13 13:46:40 -06:00
cb5648a1c7
Add WEBUI_PORT to hp_van_sdn_cmd_inject exploit
2018-12-13 12:22:36 -06:00
3f1aa425b4
msftidy....lol
2018-12-13 11:03:41 -06:00
2e26ceac8f
added comments
2018-12-13 10:55:09 -06:00
89e4e8bdea
Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master
2018-12-13 09:30:10 -06:00
e69f006992
Remove CommandShell mixin in exploits
...
This was cargo culting. Exploits use handler instead of start_session.
2018-12-12 15:43:13 -06:00
8ffd9e47b0
Up to date PR10429
2018-12-12 13:30:58 -06:00
96c281daef
Add send_not_found and module documentation for webdav_delivery
2018-12-12 13:26:46 -06:00
68d451711b
Fix bpf_priv_esc module
2018-12-12 17:23:12 +00:00
ea724dec46
Merge in upstream/master
2018-12-12 11:00:31 -06:00
aa0c206b4b
Land #11107 , double negative logic cleanup
2018-12-11 20:29:53 -06:00
ae089ce573
Land #10960 , add wp duplicator code inject module
2018-12-11 12:02:07 -06:00
b82e3469a2
renamed module and doc
2018-12-11 11:59:19 -06:00
7e953e34b9
Added the clean_up function
2018-12-11 18:13:46 +01:00
b109321b44
Kill `unless not`
2018-12-11 10:16:16 -06:00
1ab69c221c
Land #11040 , Add CyberLink LabelPrint Local BOF
2018-12-11 08:19:51 -06:00
165f082160
Fix syntax, minor edits
2018-12-11 07:55:20 -06:00
9cc5569ca2
Cleaned up module per @bcoles's recommendations.
2018-12-11 02:56:56 +08:00
bc6356a2cd
Land #11090 , update code and style for exploit/linux/local/glibc_origin_expansion_priv_esc
2018-12-10 09:59:03 -06:00
bbd0c8be32
Greatly improved check and tidied up documentation.
2018-12-10 21:02:51 +08:00
565f2e3e38
wait wrong
2018-12-09 19:23:54 -06:00
ee2ed46143
added date based on man page
2018-12-09 19:17:22 -06:00
f6bfbddb8d
twks
2018-12-09 15:59:58 -06:00
2beddf1012
req changes
2018-12-09 15:01:09 -06:00
91d0c8f283
Removed offending code, added warning for users,
...
and updated documentation.
2018-12-10 01:57:44 +08:00
b8dd147d49
Add FreeBSD 9 Intel SYSRET Privilege Escalation module
2018-12-09 16:04:38 +00:00
237d3c86c4
Code cleanup and update style
2018-12-09 07:26:51 +00:00
39229125b7
tweak
2018-12-09 00:22:49 -06:00
02f3d4688f
changes
2018-12-09 00:10:54 -06:00
69ed80f685
varys -> varies
2018-12-08 22:51:52 -06:00
fcad3f0c8f
erlang cookie rce exploit module
2018-12-08 22:36:56 -06:00
a9c0a5d53d
Use ::File::binread for exploit_data file read
2018-12-09 04:09:56 +00:00
d8ab6a552b
Add lkrg_installed? checks
2018-12-08 13:37:12 +00:00
fdb0a80442
Improved version check, made requests more organic,
...
and improved made PowerShell work on version 6.0.2.
2018-12-08 19:48:26 +08:00
2918acc0d2
Added links to functionality and cleaned up `check`
...
to make it much cleaner per @bcoles's recommendations.
2018-12-08 03:17:52 +08:00
29627331cf
Implemented @bcole's recommendations.
2018-12-07 18:48:57 +08:00
0573caafc3
Improved check method.
2018-12-07 17:21:38 +08:00
275c043cfd
Add kernel_config checks
2018-12-07 03:28:17 +00:00
140833215f
Add CVE as issued by DWF
...
See discussion on #10987 .
Now that I said that out loud, I realize that the original PR for this
module is a really funny PR number.
2018-12-06 14:59:05 -06:00
92c56472ba
Improved module and added documentation.
2018-12-07 03:02:37 +08:00
f94559a36a
Update nuuo_nvrmini_upgrade_rce.rb
2018-12-06 07:09:44 +03:00
9d7389b448
Update nuuo_nvrmini_upgrade_rce.rb
2018-12-06 07:04:24 +03:00
cbe3f0eec9
Update nuuo_nvrmini_upgrade_rce.rb
2018-12-06 06:36:29 +03:00
4880dcbda8
Update nuuo_nvrmini_upgrade_rce.rb
2018-12-06 06:34:13 +03:00
ca558d4b14
Update nuuo_nvrmini_upgrade_rce.rb
2018-12-06 06:26:34 +03:00
c72065987b
Update nuuo_nvrmini_upgrade_rce.rb
2018-12-06 06:19:16 +03:00
3ac5096e1a
Create nuuo_nvrmini_upgrade_rce.rb
2018-12-06 05:51:10 +03:00
224e782772
Cleaned the create_wp_config_file function
2018-12-05 10:56:22 +01:00
2774c17ca1
Replaced print_error and return with a fail_with
2018-12-05 10:11:09 +01:00
1bc024eaa7
Update cyberlink_lpp_bof.rb
...
Update includes all suggestions and new targets (Win8.1 x64 and Win10 x64)
2018-12-05 14:53:10 +07:00
2735c71bda
Fixed typos, removed not working cleaning
2018-12-04 18:42:54 +01:00
b58342843b
Refactored check
2018-12-04 12:03:49 +01:00
c27c149a4d
Land #10947 , HPE Intelligent Management Center Java Deserialization RCE
2018-12-03 17:07:31 -06:00
0f82b207c4
hp_imc_java_deserialize: Repro steps for JSONSS ysoserial payload sections
2018-12-03 17:03:04 -06:00
3f930ff141
hp_imc_java_deserialize: Default WfsDelay to 10 seconds to increase reliability
2018-12-03 16:36:37 -06:00
4242de3468
Refactor check method
2018-12-03 12:22:40 -06:00
d1220bc170
Add Emacs movemail local exploit
2018-12-01 12:05:08 -06:00
6874dddc55
Fix space at EOL and sed replace
2018-11-30 15:26:14 +01:00
a4ee221333
Fixed the timeout for web requests
2018-11-30 14:47:41 +01:00
8047bf2b09
Add authenticating... message
2018-11-30 07:24:35 -06:00
b31afb4e3d
Spaces at EOL fixes
2018-11-29 17:29:05 -06:00
dec08a0b43
Land #10954 , apache spark unauth rce module
2018-11-29 13:56:21 -06:00
160015d3a7
Check the HTTP response first
2018-11-29 18:54:07 +01:00
984354194f
Check the HTTP response first
2018-11-29 18:49:41 +01:00
01af176679
Change delay implementation
2018-11-29 10:05:47 -06:00
ed6c2896e3
Remove duplicate check
2018-11-29 10:04:51 -06:00
8508824cc2
Modify check logic
2018-11-29 10:04:05 -06:00
2b61c4e118
Fixes for PR
2018-11-29 15:02:03 +01:00
a4c3b8edc7
Add CyberLink LabelPrint < 2.5 - Local Buffer Overflow (SEH Unicode)
...
Add CyberLink LabelPrint < 2.5 - Local Buffer Overflow (SEH Unicode)
2018-11-29 20:20:05 +07:00
4888ec0c29
Delete unused variable.
2018-11-29 10:48:25 +08:00
ca0a2684f5
Randomize payload main class.
2018-11-28 11:26:51 +08:00
b3ad4a0358
Land #11033 , update refs for imap_open vulnerability
2018-11-27 20:23:46 -06:00
e3e7285288
Land #9946 a UEB local priv escalation
2018-11-27 21:19:34 -05:00
38a99ac90a
ueb privesc updates
2018-11-27 21:18:05 -05:00
4af5ab3089
ueb privesc updates
2018-11-27 21:14:05 -05:00
63125bbc1a
update imap_open refs
2018-11-27 20:31:57 -05:00
180876d8fc
Add check for SMAP
2018-11-27 23:24:02 +00:00
503a544c17
Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master
2018-11-27 16:57:39 -06:00
b05bb616bf
Land #10987 , add exploit for PHP imap_open function against various web apps
2018-11-27 16:44:51 -06:00
66cae6240f
Land #10994 , Added exploit for CVE-2018-18955
2018-11-27 16:12:05 -06:00
6712363bb5
Land #10737 , add TeamCity XML-RPC exploit module
2018-11-27 14:59:37 -06:00
56f14733a9
changed cmd_stager flavor to printf
2018-11-27 14:23:56 -06:00
d523124faf
Land #10965 , Add the macOS LPE from pwn2own2018 (CVE-2018-4237)
2018-11-27 14:00:35 -06:00
398987e94a
::File.binread
2018-11-27 18:58:05 +00:00
45ca248568
chmod
2018-11-27 18:39:03 +00:00
aae86241ef
Update version check
2018-11-27 18:13:29 +00:00
befca0f2fe
Land #10949 , ForceExploit for Linux local exploits
2018-11-27 11:23:03 -06:00
0fddb8e31c
Land #10768 , Exploit for Netgear CVE-2016-1555
2018-11-26 11:45:10 -06:00
14b2cdc120
Land #10886 , Bypassuac computerdefault
...
Merge branch 'land-10886' into upstream-master
2018-11-26 11:19:46 -06:00
0b6c73a7d4
Land #11019 , Replace WsfDelay with WfsDelay
2018-11-26 10:59:04 -06:00
e2d58afe13
cleaned up code, added custom
2018-11-25 10:59:53 -05:00
5c06cdca73
Replace WsfDelay with WfsDelay - Fixes #11018
2018-11-25 05:09:16 +00:00
be6cfde921
Land #11015 , Fix payload and console check for Xorg_privesc Linux targets
2018-11-25 04:51:27 +00:00
93db7b399f
Using Wfsdelay instead of sleep loop, users get shells ASAP
2018-11-24 22:26:04 -06:00
debf79416b
Replace WsfDelay with WfsDelay - Fixes #11018
2018-11-25 04:22:11 +00:00
01ed57cbb3
Remove check for nosuid
2018-11-25 01:53:07 +00:00
ff23a006b7
cleanup
2018-11-25 00:16:39 +00:00
1783617770
consolelock check updated to use id, payload upload changed, documentation updated, misc formatting
2018-11-24 15:10:21 -06:00
945755b058
add custom php_imap target
2018-11-24 14:18:13 -05:00
45f2c5beb2
update php_imap_open docs
2018-11-24 07:26:42 -05:00
e36cef3b96
e107 exploitable now
2018-11-23 20:16:53 -05:00
8a402da056
Explain "junk" in buffer for morris_fingerd_bof
...
And unrelated whitespace changes because I suck.
2018-11-22 23:15:12 -06:00
a59913434d
Land #10916 , Xorg SUID privesc
2018-11-21 19:46:11 -06:00
2197da4cd9
Fix code as jrobles suggest.
2018-11-21 11:24:50 +08:00
acf421ffb0
remove eol spaces
2018-11-20 19:45:17 -05:00
31ad58fb91
edb and author
2018-11-20 19:30:43 -05:00
4111a61e1a
fix module description
2018-11-20 18:35:20 -05:00
4c59a271e2
added suitecrm to imap_open exploit
2018-11-20 18:33:42 -05:00
d5d8216377
Land #10977 , Add documentation and some enhancement to freesshd_authbypass module
2018-11-20 11:44:49 -06:00
eb17c45000
Add Linux Nested User Namespace idmap Limit Local Privilege Escalation module
2018-11-20 14:10:28 +00:00
3829cc11bb
add DEBUG_EXPLOIT option
2018-11-20 17:58:36 +08:00
57bad6b213
move offsets to hash
...
fix
2018-11-20 17:58:34 +08:00
9884bea84e
Update the reference link.
2018-11-20 17:39:01 +08:00
9f573d6f27
Fix code as jrobles suggest.
2018-11-20 16:54:22 +08:00
bee3c3d4d3
add documentation
2018-11-20 16:53:34 +08:00
44b1b6fe31
fix forking
2018-11-20 15:58:55 +08:00
a28feed7d8
fix normalize and date
2018-11-19 04:00:58 -05:00
4b09584047
php_imap_open_rce
2018-11-18 21:28:19 -05:00
b679bfa3d9
Carriage return errors fixed.
2018-11-18 03:29:17 +08:00
fd0f40a141
Add PowerShell as a separate target then set it as default.
2018-11-18 03:20:48 +08:00
cbdcd367ee
Minor print out mod
2018-11-16 20:31:34 +01:00
6f094799b6
Update modules/exploits/windows/http/hp_imc_java_deserialize.rb
...
Print payload length
Co-Authored-By: carmaa <carsten@carmaa.com>
2018-11-16 20:20:52 +01:00
709befea5c
Update modules/exploits/windows/http/hp_imc_java_deserialize.rb
...
Fixed if/else block return
Co-Authored-By: carmaa <carsten@carmaa.com>
2018-11-16 20:19:23 +01:00
90b9204703
Update DisclosureDate to ISO 8601 in my modules
...
Basic msftidy fixer:
diff --git a/tools/dev/msftidy.rb b/tools/dev/msftidy.rb
index 9a21b9e398..e9ff2b21e5 100755
--- a/tools/dev/msftidy.rb
+++ b/tools/dev/msftidy.rb
@@ -442,6 +442,8 @@ class Msftidy
# Check disclosure date format
if @source =~ /["']DisclosureDate["'].*\=\>[\x0d\x20]*['\"](.+?)['\"]/
d = $1 #Captured date
+ File.write(@full_filepath, @source.sub(d, Date.parse(d).to_s))
+ fixed('Probably updated traditional DisclosureDate to ISO 8601')
# Flag if overall format is wrong
if d =~ /^... (?:\d{1,2},? )?\d{4}$/
# Flag if month format is wrong
2018-11-16 12:18:28 -06:00
08b3efa046
Enhanced module and added documentation.
2018-11-16 21:18:45 +08:00
a174c606aa
Changed SELINUX check to use built in methods
2018-11-16 04:22:18 -06:00
680393d4d6
Refined check method to actually verify vulnerability
2018-11-15 22:31:31 +01:00
420be60900
add CVE-2018-4237
2018-11-15 08:48:10 +08:00
2c30459a1b
add CVE-2018-4233 and CVE-2018-4404
2018-11-15 08:44:18 +08:00
795aa3c99c
Land #10828 , git submodule url exec CVE-2018-17456
2018-11-14 12:39:13 -06:00
02f2a2828e
Fix references CVE and WPVDB
2018-11-14 18:19:12 +01:00
3daec992c8
Fix indentation
2018-11-14 18:08:31 +01:00
798d3156bc
Print git command for module
2018-11-14 10:57:36 -06:00
b9348bd579
Added the CVE number in the references
2018-11-14 16:52:57 +01:00
5f9570cbcf
Added WordPress Duplicator <= 1.2.40 and documentation
2018-11-14 16:39:42 +01:00
f43aaac290
Clean code.
2018-11-14 16:48:39 +08:00
4fc047db87
Added advanced option to check console lock on linux systems, default true & updated docs
2018-11-13 22:33:12 -06:00
7cc4d09a92
Clean code.
2018-11-14 10:35:38 +08:00
5e85683228
removed to_s from string
2018-11-13 15:28:55 -06:00
ac8932c144
update 9631 to a current branch
2018-11-13 15:15:25 -06:00
da134f06e3
Updated check method
...
Fixed check method and redundant variable declarations
2018-11-13 16:01:40 -05:00
538055c406
Initial documentation for Xorg Privesc Module
...
killed white spaces
2018-11-12 15:44:13 -06:00
541283a4dd
Tidied up set_payload
2018-11-12 20:45:49 +01:00
0bdab320f7
Remove useless variable declaration
...
Co-Authored-By: carmaa <carsten@carmaa.com>
2018-11-12 12:04:22 +01:00
388aebc335
Add exploit module for spark unauthenticated rce.
2018-11-12 17:07:50 +08:00
16d146fd59
Fixing indentation.
2018-11-12 13:24:00 +08:00
3e4df06500
Some more modifications
...
Placed contents of request_post into execute_command
Randomized fingerprint with rand_text_alpha(12)
Spaces at EOL fixed
Normalized target URI
2018-11-12 13:04:42 +08:00
818cb37aca
Implemented changes recommended by @bcoles.
2018-11-12 12:26:23 +08:00
e06af184c8
Tidy check method
2018-11-11 22:53:13 +01:00
8894af58de
serialized, not deserialized...
2018-11-11 22:47:57 +01:00
1e8fbc3a1b
Fixed indentation and added a status message printout when exploiting
2018-11-11 22:37:42 +01:00
cf5ca78350
Added YSOSerial payload generating string
2018-11-11 22:15:30 +01:00
ef7fc783be
Added Selinux check, changed version check, retested on all platforms
2018-11-11 12:34:30 -06:00
a5429d21a6
Update modules/exploits/multi/local/xorg_x11_suid_server.rb
...
Co-Authored-By: aringo <ringo.aaron@gmail.com>
2018-11-11 07:39:32 -06:00
2a7b18bcbf
Update modules/exploits/multi/local/xorg_x11_suid_server.rb
...
Co-Authored-By: aringo <ringo.aaron@gmail.com>
2018-11-11 07:38:42 -06:00
40bc44d2b6
Add ForceExploit to Linux local modules
2018-11-11 09:37:56 +00:00
e6f548c5f4
added meterpreter, took out in session, moved to exploits/multi/local
2018-11-11 01:43:36 -06:00
3770f121fe
Changing result parsing style
...
Co-Authored-By: carmaa <carsten@carmaa.com>
2018-11-11 08:07:37 +01:00
951d3e1117
Changing result parsing style
...
Co-Authored-By: carmaa <carsten@carmaa.com>
2018-11-11 08:07:32 +01:00
446eec00b3
Remove disconnect
...
Co-Authored-By: carmaa <carsten@carmaa.com>
2018-11-11 08:04:43 +01:00
189c203e3d
Remove handler
...
Co-Authored-By: carmaa <carsten@carmaa.com>
2018-11-11 08:04:34 +01:00
e5df5494d9
Remove connect
...
Co-Authored-By: carmaa <carsten@carmaa.com>
2018-11-11 08:04:22 +01:00
5a978dca2e
Removed architecture to make payload selection work
2018-11-10 23:00:54 +01:00
cbaacf696a
Add exploit module for CVE-2017-12557
...
HP Intelligent Management Java Deserialization RCE (Windows)
2018-11-10 22:36:43 +01:00
1f14a9846d
Land #10767 , Add Cisco Prime Infrastructure remote root exploit
2018-11-10 17:08:16 +00:00
981893a8bf
Merge branch 'master' into sparkrce
2018-11-09 14:12:33 +08:00
b93f14a5c2
Fixed some PR feedback, still working on adding meterpreter and cleanup
2018-11-08 22:10:46 -06:00
3f3bee6a79
added version check
2018-11-08 22:08:11 -06:00
012c8a450f
Feedback from PR work cont. changed loop, formatting errors, options
2018-11-08 22:08:11 -06:00
adb8be7f9f
includes partially implemented feedback from PR
2018-11-08 22:08:11 -06:00
18bf58e547
Update modules/exploits/openbsd/local/xorg_x11_suid_server.rb
...
Co-Authored-By: aringo <ringo.aaron@gmail.com>
2018-11-08 22:08:11 -06:00
8c4eb5f741
Update modules/exploits/openbsd/local/xorg_x11_suid_server.rb
...
Co-Authored-By: aringo <ringo.aaron@gmail.com>
2018-11-08 22:08:11 -06:00
84b79e6787
Update modules/exploits/openbsd/local/xorg_x11_suid_server.rb
...
Co-Authored-By: aringo <ringo.aaron@gmail.com>
2018-11-08 22:08:11 -06:00
7feb960d9b
Initial add of Xorg SUID privesc
2018-11-08 22:08:11 -06:00
9dd0f2a5ea
modified to allow unix cmd for testing and other targets not supported, took out interpolation,notes section re-added
...
added notes section back in
2018-11-06 20:45:20 -06:00
dd57b27652
Rename `hash` to `generate_process_hash`
...
In the interest of compatibility this uses a more descriptive name for
the process hash creation method instead of overriding ruby's hash method.
See https://docs.ruby-lang.org/en/2.0.0/Hash.html
2018-11-05 17:16:16 -06:00
aff4ef0752
land #10912 moving polycom exploit to misc folder
2018-11-05 16:54:24 -05:00
0c38babb9e
Land #10874 , rm size restriction from pyld_inject
2018-11-05 15:16:40 -06:00
f185c06204
Land 10794, Add support for ms17_010_eternalblue_win8 ProcessName option
...
Merge branch 'land-10794' into upstream-master
2018-11-05 15:08:59 -06:00
7ca2311325
Land #10792 , Add support for ms17_010_eternalblue ProcessName option
...
Merge branch 'land-10792' into upstream-master
2018-11-05 14:19:10 -06:00
1f0941101f
shut up, msftidy
2018-11-05 14:13:33 -06:00
4f2ba46125
Stop some of the rubocop carnage
2018-11-05 14:11:24 -06:00
a32d8083f0
Land #10847 - Add blueimp's jQuery (Arbitrary) File Upload
...
CVE-2018-9206
2018-11-05 11:37:20 -06:00
5ec155fd44
Changed some options to advanced
2018-11-05 09:59:17 -06:00
ff07289132
better style according to the review
2018-11-05 13:46:36 +08:00
7464d81c01
Add warning about JSP deletion
2018-11-05 00:52:34 +09:00
fdf45f269b
Move polycom_hdx_auth_bypass to exploit/unix/misc/
2018-11-04 06:14:26 +00:00
c3080d69f2
Use writable? method for local modules
2018-11-04 05:28:32 +00:00
6bc4b71ca3
Land #10873 , Add notes to exploit modules
2018-11-02 14:11:11 -05:00
7faa775b55
Remove the now unnecessary DisableNops option
2018-11-02 14:57:41 -04:00
86469cc5a0
Land #10836 , Add Morris worm sendmail debug mode exploit
2018-11-02 11:17:33 -05:00
1d81f3764f
Land #10700 , Add Morris worm fingerd exploit and VAX reverse shell
2018-11-02 11:16:46 -05:00
114a8127e8
Land #10858 , bypassuac_eventvwr optimizations - reduce created processes and artifacts
...
Merge branch 'land-10858' into upstream-master
2018-10-31 16:44:32 -05:00
af7a7d586b
Add validation check to make sure x64 remote host and a x86 session
...
cannot select an x64 target.
2018-10-31 16:31:52 -05:00
0cf8563fae
Update bypassuac_computerDefault.rb
2018-10-30 11:37:05 +01:00
bf295ecce5
Update bypassuac_computerDefault.rb
2018-10-30 11:36:38 +01:00
6fe7bb0bb6
Increase sleep time to 10 seconds
...
Increase the wait time before removing the registry key - allows the payload to spawn successfully on slow systems.
2018-10-29 12:55:03 -04:00
1d337e9987
No debug.
2018-10-29 13:46:07 +01:00
e76f3ab22f
No debug.
2018-10-29 13:44:16 +01:00
1c340f8202
Land #10853 , Add universal targeting to Mercury/32 IMAP LOGIN exploit
2018-10-28 18:17:46 +00:00
370bcaf8d8
Update mercury_login.md
2018-10-28 09:49:15 +01:00
a34310095c
Update modules/exploits/windows/imap/mercury_login.md
...
Co-Authored-By: kr3bz <44395414+kr3bz@users.noreply.github.com>
2018-10-28 09:41:29 +01:00
bfd3a17c0e
Update modules/exploits/windows/imap/mercury_login.rb
...
Co-Authored-By: kr3bz <44395414+kr3bz@users.noreply.github.com>
2018-10-28 09:41:14 +01:00
5efbefdaea
Update mercury_login.md
2018-10-28 09:37:47 +01:00
2839a73cbd
Update mercury_login.rb
2018-10-28 09:35:15 +01:00
Milton-Valencia
Quentin Kaiser
Brendan Coles
Quentin Kaiser
Brent Cook
Shelby Pace
Jacob Robles
Green-m
Wei Chen
asoto-r7
William Vu
Auxilus
bwatters-r7
Julien Legras
Imran E. Dawoodjee
Tod Beardsley
Berk Dusunur
Thomas Gregory
h00die
Aaron Ringo
Tim W
Carsten Maartmann-Moe
Alex Gonzalez
Jeffrey Martin
l9c
Pedro Ribeiro
Spencer McIntyre
Fabien
Elazar Broad
kr3bz