Commit Graph

24731 Commits (ab443831a952e776743ac041d5121e3bf92743cb)

Author SHA1 Message Date
Adam Cammack 79736406b2
Land #10394, Cleanup aws_ec2_instance_metadata 2018-08-15 14:51:12 -05:00
Kevin Kirsche 09434bd57c Fix tabbing caused by incorrect VM nvim configuration 2018-08-15 07:00:45 -07:00
Kevin Kirsche 905f26372d Remove host key checks on ssh scanner modules 2018-08-15 06:48:35 -07:00
Jacob Robles 85a137e0a0
Land #10420, cgit < 1.2.1 Directory Traversal 2018-08-13 16:25:23 -05:00
Jacob Robles 5a3d040d71
Fix module, Add documentation 2018-08-13 15:48:21 -05:00
Shelby Pace ce8cbd64d4
Land #10404, Add Path Traversal Oracle GlassFish 2018-08-13 11:15:26 -05:00
Wei Chen d9fc99ec4a Correct false negative post_auth? status 2018-08-09 23:34:03 -05:00
Wei Chen 9122c5945e Add a comment explaining the last sleep(10) 2018-08-09 14:51:56 -05:00
Jacob Robles 66e5685ed2
Moved to exploit/windows 2018-08-09 11:35:14 -05:00
Jacob Robles 228bd4c3ab
Add weblogic_deserialize module CVE-2018-2628 2018-08-08 17:55:41 -05:00
Wei Chen 6223685c37 Update auth requirement for json metadata 2018-08-07 16:42:00 -05:00
Dhiraj Mishra 14b12f38d0
Fixing 2018-08-05 23:26:18 +05:30
Dhiraj Mishra 9502c26dc1
Updated 2018-08-05 19:14:12 +05:30
Dhiraj Mishra 8a175f50cd
Indentation 2018-08-05 00:15:04 +05:30
Dhiraj Mishra ebcc9a3c20
Fixing Indentation 2018-08-04 19:16:12 +05:30
Dhiraj Mishra 502c103d37
cgit < 1.2.1 Directory Traversal 2018-08-04 18:52:24 +05:30
Brent Cook 78f66986e9
Land #10386, Add IEC104 client module 2018-08-04 07:43:15 -05:00
Brent Cook ae48ba635a
Land #10417, Update check method of Hadoop exploit 2018-08-04 07:28:45 -05:00
Brent Cook 919da41aab
Land #9692, Add DoS module for Siemens Siprotec 4 2018-08-04 07:20:57 -05:00
Dhiraj Mishra 458fca6ff0
Fixing
Thanks bcoles
2018-08-04 13:15:25 +05:30
Brendan Coles 1c82592882
Land #10358, Add Dicoogle PACS Directory Traversal scanner module 2018-08-04 05:31:16 +00:00
h00die e5dcfa62c9 remove encoding and escaping 2018-08-03 20:23:33 -04:00
Michael John dc2f893b31 Amended code formating
This commit incorporates suggested formatting changes based on feedback and rubocop tool run:
Corrected indentation issues
Using "<<" instead of "+=" for string append
Modified if/else branches as per tool suggestion
2018-08-03 20:13:48 +02:00
Green-m d2c53e1c88
Update the check method. 2018-08-03 01:39:37 -04:00
Wei Chen 0785d59146
Land #10412, Add Cisco directory traversal auxiliary module 2018-08-02 16:44:59 -05:00
reka193 d60aa55e07
Modified regex
Based on the comment: https://github.com/rapid7/metasploit-framework/pull/10394#discussion_r207042496
2018-08-02 15:55:24 +02:00
Tim W 8785ec21b6
Land #9884, add linux ufo priv esc module 2018-08-02 17:53:36 +08:00
Tim W ff418afd1a add a default payload 2018-08-02 17:48:44 +08:00
Tim W cbe85acef5 fix bad link in bpf priv esc 2018-08-02 17:28:22 +08:00
Tim W 1c810249b1 ufo privesc is x64 only 2018-08-02 17:24:44 +08:00
Adam Cammack 41fdb75502
Land #10405, Cleanup dropped files for CMSMS 2018-08-01 14:44:33 -05:00
Adam Cammack 54abc65c55
Land #10406, Fix notes service, port, protocol 2018-08-01 14:39:34 -05:00
Shelby Pace 10d4061672
changed default port 2018-08-01 13:30:19 -05:00
Shelby Pace de83926e6c
separated list_users into two functions 2018-08-01 12:59:53 -05:00
Shelby Pace 0264eb2ea3
cleaned up module 2018-08-01 09:51:45 -05:00
William Vu 4eef9e64ea Implement dropper target in axis_srv_parhand_rce 2018-07-31 21:43:29 -05:00
Shelby Pace 021264fd5a
listing files and grabbing logged in user names 2018-07-31 16:03:17 -05:00
William Vu 090624fe17 Correctly set proto and sname in joomla_pages 2018-07-31 11:51:34 -05:00
William Vu 41ce96b19d Clean up module 2018-07-31 11:01:02 -05:00
Jacob Robles 6c11d5800f
Register files on same line 2018-07-31 10:03:59 -05:00
Jacob Robles 569ddd9d59
Remove files from application 2018-07-31 09:47:39 -05:00
Dhiraj Mishra 323c814abf
Fixing some tweaks 2018-07-31 19:52:39 +05:30
Dhiraj Mishra 55dce52bea
Fixing some tabbed indent 2018-07-31 18:24:28 +05:30
Dhiraj Mishra 3a7d18a98d
Fixing, Warning of EOL 2018-07-31 18:11:09 +05:30
Dhiraj Mishra d9e94f94dc
Oracle GlassFish 2018-07-31 17:59:03 +05:30
Alexander Halbarth 80d5d1d4ee
use variable port instead of datastore 2018-07-31 07:38:09 +02:00
Alexander Halbarth b0fa17ccfb
Better output added to joomla_pages 2018-07-31 07:29:56 +02:00
Wei Chen bcfb3d099b
Land #10255, Adding Micro Focus Secure Messaging Gateway RCE 2018-07-30 21:07:02 -05:00
Mehmet İnce 48a903f0b3 Fixing r and sql variables use same object issue 2018-07-31 00:57:32 +03:00
Shelby Pace ca8a01d27c
getting filenames in http responses 2018-07-30 16:25:45 -05:00
Shelby Pace 7cf2c840a3
metadata set up 2018-07-30 14:25:58 -05:00
William Vu 129fd44350
Land #10305, SonicWall XML-RPC RCE 2018-07-30 14:14:26 -05:00
William Vu 38f6b8aada Clean up module 2018-07-30 14:06:33 -05:00
William Vu ce9f447a29
Land #10384, upload_exec fixes 2018-07-30 13:55:40 -05:00
h00die 7c8190573c remove unused juniper options 2018-07-30 14:20:01 -04:00
Jacob Robles 4ed2cc8189
Land #10397, Added line in psexec_psh to support SMB2 2018-07-30 13:06:00 -05:00
bwatters-r7 cdefb88770
Added line to support SMB2 2018-07-30 12:37:06 -05:00
Jacob Robles 952ab801e8
Land #10060, vTiger CRM v6.3.0 Upload RCE 2018-07-30 12:32:24 -05:00
Jacob Robles 62f663207b
Change option type 2018-07-30 12:15:59 -05:00
Jacob Robles fe9315dc89
Update module, Add documentation 2018-07-30 12:11:08 -05:00
Shelby Pace d58785f959
Land #10247, add WordPress Arbitrary File Deletion 2018-07-30 09:05:23 -05:00
reka193 ece9a72d13
Removed tabs 2018-07-30 15:07:55 +02:00
reka193 5962fa752e
Fixes in aws_ec2_instance_metadata
@@ -36,7 +36,7 @@ def initialize(info = {})

    - unless resp =~ /^instance-id.$/m
    + unless resp =~ /^instance-id$/m
The original regex requires one character after 'instance-id' which is not present in the instance.

@@ -50,15 +50,16 @@ def check_curl

    - base_resp.split(/\r\n/).each do |l|
    -    new_uri = base_uri.merge("./#{l}")
    + base_resp.split(/\r?\n/).each do |l|
    +   new_uri = "#{base_uri}#{l}"

    - key_uri = new_uri.merge("./#{key_id}/")
    - key_resp = simple_get(key_uri)
    + new_uri = new_uri.slice(0..(new_uri.index(%r{/public-keys/})+'/public-keys'.length))
    + key_uri = "#{new_uri}#{key_id}/"
    + key_resp = simple_get(key_uri)

1. merge function was causing 'rescue in merge' errors
2. the split function could not succeed, there were no '\r\n' between the lines but '\n' only
3. the special case was not handled correctly 
was trying to curl http://169.254.169.254/latest/meta-data/public-keys/0=Key0/ instead of http://169.254.169.254/latest/meta-data/public-keys/0/

@@ -94,6 +95,6 @@ def setup

    - cmd_exec("curl #{url}")
    + cmd_exec("curl -s #{url}")
Curl was causing issues when not in silent mode.
2018-07-30 14:02:15 +02:00
reka193 6790ac1998
Reset to original 2018-07-30 10:48:32 +02:00
h00die c440eeaa31 rogue end 2018-07-29 10:35:33 -04:00
h00die 53cca07442 bcoles suggestions 2018-07-29 10:31:01 -04:00
Wei Chen 32384cf850
Land #10387, Update mov_ss and add mov_ss_dll 2018-07-27 14:52:21 -05:00
bwatters-r7 6d4c70d019
ughhhhh EOL 2018-07-27 11:35:31 -05:00
bwatters-r7 036e2b2247
shut up, Rubocop 2018-07-27 11:11:32 -05:00
bwatters-r7 b4792e08a4
Combine the modules and update the binaries 2018-07-27 11:08:04 -05:00
bwatters-r7 aaf1a22c7c Rubocop changes 2018-07-27 10:15:45 -05:00
bwatters-r7 eab62c18c6
Update mov_ss and add mov_ss_dll 2018-07-27 09:40:34 -05:00
michaelj0hn 7b5e8463ba
msftidy-final 2018-07-27 14:52:10 +02:00
michaelj0hn 4e42834be3
msftidy 538 2018-07-27 14:48:04 +02:00
michaelj0hn 44c1fa9197
msftidy558 2018-07-27 14:29:32 +02:00
michaelj0hn da1363721f
msftidy 90-91-2 2018-07-27 14:07:10 +02:00
michaelj0hn 07896b0a3c
msftidy 90-91 2018-07-27 13:58:15 +02:00
michaelj0hn 5435c7a5eb
msftidy fix 2018-07-27 13:43:37 +02:00
michaelj0hn 09320ece91 iec104 client 2018-07-27 11:46:26 +02:00
Wei Chen 1bcf2f9b37
Land #10383, Add WP Responsive Thumbnail Slider Plugin Exploit Module 2018-07-26 23:53:25 -05:00
Wei Chen 72d634b10b Update module and its documentation 2018-07-26 23:08:20 -05:00
William Vu 0433cb92ba Fix upload_exec for absolute paths
Also prefer chmod 700 over 755, since it's our file.
2018-07-26 19:48:12 -05:00
Brent Cook 32d6344e6b
Land #9964, android post module to extract subscriber info 2018-07-26 16:58:27 -05:00
Brent Cook 71646da97f fix error handling 2018-07-26 16:48:34 -05:00
Shelby Pace be1bf8b1fc
modified status 2018-07-26 15:41:19 -05:00
Shelby Pace 6accca4181
added documentation and check method 2018-07-26 15:32:37 -05:00
Shelby Pace ed4c4046ba
parsing for uploaded file, gets session 2018-07-26 14:23:24 -05:00
Wei Chen 2dff66aacb Check nil 2018-07-26 11:23:16 -05:00
Shelby Pace c23ffcbf62
successfully uploads payload and gets a session 2018-07-26 11:09:01 -05:00
Brent Cook c1418955f5
Land #10319, enable VHOST for ms15_034_http_sys_memory_dump 2018-07-25 18:51:57 -05:00
Brent Cook e78337d59a
Land #10374, Net::SSH::CommandStream fixes 2018-07-25 18:21:39 -05:00
William Vu e4386d3665
Land #10375, smb_login defaults that suck less 2018-07-25 15:21:34 -05:00
Jacob Robles 5a7c25b498
Fix description 2018-07-25 15:13:41 -05:00
William Vu 6b10921232
Land #10375, DETECT_ANY_AUTH should be false 2018-07-25 15:09:19 -05:00
Jacob Robles 1105474fb9
Modify options for smb_login
Change default value for DETECT_ANY_AUTH
and add option for DETECT_ANY_DOMAIN
2018-07-25 14:53:06 -05:00
Wei Chen 6c2e8f2402
Land #10300, Add root exploit for Axis network cameras 2018-07-25 14:46:04 -05:00
Wei Chen f169afff6a Add documentation and a new reference 2018-07-25 14:44:44 -05:00
William Vu 60faddebbf Update authors with sinn3r 2018-07-25 14:35:09 -05:00
Shelby Pace 8f89275df8
authenticating to WordPress 2018-07-25 14:22:24 -05:00
William Vu efacaef9df Clamp compatible payloads until we know better 2018-07-25 14:14:15 -05:00
William Vu 86d634cb64 Update module for MVP 2018-07-25 12:01:36 -05:00
Shelby Pace 668bcb38cb
metadata setup 2018-07-25 11:29:47 -05:00
Sonny Gonzalez f5ccdcfcd2
Net SSH CommandStream fixes implemented
* Net::SSH::CommandStream typos fixed
* Net::SSH::CommandStream cleanup made more robust and refactored
* require 'net/ssh/command_stream' added to various modules
2018-07-25 11:22:28 -05:00
William Vu 9fde9127ad
Land #10370, minor CouchDB fix 2018-07-25 01:11:23 -05:00
William Vu d3b7dffcdc Prefer res.body over res 2018-07-25 01:05:18 -05:00
William Vu bc89d7fe52
Land #10357, CouchDB improvements and docs 2018-07-25 00:54:55 -05:00
Wei Chen 625ea87ea9
Land #10368, PhpMyAdmin Login Scanner Module 2018-07-24 23:25:27 -05:00
Wei Chen 5df5ab30f6 Use store_valid_credential to save good credentials 2018-07-24 23:21:59 -05:00
Shelby Pace efa3a77adc
modified name 2018-07-24 15:00:14 -05:00
Shelby Pace 4f81fcdc87
retn versions in chk_setup, tests to reflect, doc 2018-07-24 14:51:00 -05:00
Shelby Pace 976a3464e1
added phpmyadmin login scanner and aux module 2018-07-24 09:47:01 -05:00
Matthew Kienow dac5780feb
Land #10176, creds data service CRUD operations 2018-07-23 23:36:32 -04:00
Brent Cook 5d7f40d459
Land #10362, Fix reporting in backup_file, add more docs 2018-07-23 18:22:35 -05:00
James Barnett e3da0a6828 Merge branch 'master' into remote_creds_data 2018-07-23 16:39:13 -05:00
Adam Cammack d2ed78570a
Land #10364, Handle nil for shell_reverse_tcp_ipv6
This makes things like `msfvenom --list-options` or `info` when options
are not set work.
2018-07-23 14:02:14 -05:00
William Vu 086af80509 Specify address family in shell_reverse_tcp_ipv6 2018-07-23 13:39:40 -05:00
asoto-r7 cb0b90435d
Land #10349, deconflict the method names in mix-ins 2018-07-23 13:38:46 -05:00
reka193 408dc7793f
Update aws_ec2_instance_metadata.rb 2018-07-23 10:00:12 +02:00
h00die 83ae5cb14d fix backup_file.rb and add a few docs 2018-07-22 20:50:22 -04:00
h00die 2a969d70db dicoogle 2018-07-21 21:31:45 -04:00
h00die abfed97e03 remove EOL spaces 2018-07-21 11:21:11 -04:00
h00die 8b324c19d8 update couchdb scanner 2018-07-21 11:02:50 -04:00
bwatters-r7 0c906ed8d3
Update cached payload sizes 2018-07-19 17:58:45 -05:00
bwatters-r7 658267849b
deconflict the method names in mix-ins 2018-07-19 17:01:40 -05:00
James Barnett 65d42380d3
Merge branch 'master' into remote_creds_data 2018-07-19 16:25:06 -05:00
Brendan Coles 19239c72c0 Update cmsms_upload_rename_rce check and docs 2018-07-19 18:26:42 +00:00
Wei Chen 28e3f3a5f0
Land #10327, Add CMS Made Simple Upload/Rename Authenticated RCE 2018-07-19 12:18:12 -05:00
Wei Chen c5ac4c791f Make changes based on community feedback 2018-07-19 12:17:02 -05:00
Brent Cook 08290b81c0
Land #10282, Add support for running external modules outside of msfconsole 2018-07-18 17:38:40 -05:00
Brent Cook b90583d07c don't throw an exception in haraka checks if we cannot connect 2018-07-18 17:17:45 -05:00
Adam Cammack 0024cca3bf
Land #10328, Log errors in Python ETERNALBLUE 2018-07-18 14:50:40 -05:00
Tim W 70a1df70a1
Land #9753, Linux BPF sign extension local privesc 2018-07-18 18:44:14 +08:00
reka193 4c4f0c1d3e
Update
Fixes for Kali linux 4.14 with ruby 2.3.
2018-07-18 10:42:51 +00:00
Jacob Robles 08e33cad0c
Spelling fix 2018-07-17 20:12:37 -05:00
Jacob Robles 20905d1ca1
Fix syntax error 2018-07-17 18:48:07 -05:00
Jacob Robles a24666a00a
msftidy fixes 2018-07-17 18:28:33 -05:00
William Vu e5efa4faac Make failures consistent 2018-07-17 17:35:52 -05:00
William Vu 96f9e60e84 Swap return for sys.exit(1) 2018-07-17 17:25:38 -05:00
William Vu 09d347ca33 Add missed sys.exit(1) 2018-07-17 16:31:57 -05:00
William Vu e1be94e568 Pass RPORT to sess_port in Impacket 2018-07-17 13:49:38 -05:00
William Vu 0bdaa0e23a Catch connection errors and module.log them 2018-07-17 13:49:34 -05:00
William Vu 5650412cc2
Land #10317, nil fix for enum_dns 2018-07-17 13:03:06 -05:00
Jacob Robles 677b22698d
Land #10273, [clean up] iis_webdav_scstoragepathfromurl 2018-07-17 09:33:32 -05:00
Jacob Robles 1e004769ca
CMS Made Simple Upload/Rename Authenticated RCE 2018-07-17 09:00:39 -05:00
Eliott Teissonniere 703f94d981 Check that /etc/rc.local is writeable 2018-07-17 12:52:51 +02:00
Eliott Teissonniere 97e89cf3bb Cleanup rc_local patching code 2018-07-17 12:49:55 +02:00
Eliott Teissonniere df32ab674d Fix newline bad character 2018-07-17 12:48:26 +02:00
Brendan Coles 6bf184dbcf Update tested versions 2018-07-17 06:24:16 +00:00
William Vu 9a7c34e6e9
Land #10064, Claymore Dual Miner API RCE 2018-07-16 18:02:20 -05:00
Eliott Teissonniere 7df20539af Fix msftidy 2018-07-16 11:55:37 +02:00
Eliott Teissonniere c84eb9fee9 Handle file patching on framework side 2018-07-16 11:54:37 +02:00
Eliott Teissonniere 4f137f2f3f rc.local persistence 2018-07-16 09:34:03 +02:00
Sunny Neo 8e1f68f384
Update ms15_034_http_sys_memory_dump.rb with VHOST
Added VHOST to cater to targets that require virtual hostname to be defined
2018-07-16 15:13:23 +08:00
Brendan Coles 7524af35ec Check if IPRANGE was supplied - Fix #10316 2018-07-15 15:38:56 +00:00
Jacob Robles 134417b598
Account for nil 2018-07-14 10:44:09 -05:00
Jacob Robles 6e450973b9
Land #10295, Add QNAP Q'Center change_passwd Command Execution exploit 2018-07-14 10:09:46 -05:00
Jacob Robles 18e65abc54
Fix link 2018-07-14 10:03:01 -05:00
Brendan Coles 9bdec97b2e Fix bpf_sign_extension_priv_esc 2018-07-13 23:01:17 +00:00
Brent Cook 72e5b94eb8
Land #10293, fixup php/base64 and add docs for cmd/unix/reverse_bash 2018-07-13 17:15:22 -05:00
Brendan Coles 4e72dff791
Update module references 2018-07-14 05:03:13 +10:00
Wei Chen b40a146723
Land #10297, Add priv escalation mod for CVE-2018-8897 2018-07-13 10:54:25 -05:00
bwatters-r7 f33d12676f
Added License, make msftidy happy, and include original cve project
readme document.
2018-07-13 10:19:41 -05:00
bwatters-r7 4fa2a4775d Update the target check and added cleanup 2018-07-13 09:27:41 -05:00
Wei Chen 9ba0a72ea1 Rename file 2018-07-13 01:11:37 -05:00
Wei Chen e1e8444188 Clean up ruby code for CVE-2018-8897 2018-07-13 01:06:21 -05:00
Brendan Coles a020d48caf Move module documentation to documentation directory 2018-07-13 04:46:25 +00:00
Wei Chen f02c05e530 This one is the same as cve_2018_8897_exe.rb 2018-07-12 22:09:44 -05:00
William Vu c9001699cd
Land #10027, Hadoop unauthed command execution 2018-07-12 21:58:49 -05:00
William Vu 50252c75d6 Clean up module
With a little rubocop -a.
2018-07-12 21:58:00 -05:00
William Vu 2f37482535
Land #10278, gitlist_arg_injection fixes 2018-07-12 19:03:52 -05:00
William Vu 9080b38dcc Add Axis camera exploit (VDOO research) 2018-07-12 18:46:49 -05:00
Wei Chen e613b2570a
Land #10299, Add 88 CVEs to various auxiliary and exploit modules 2018-07-12 18:26:07 -05:00
William Vu 88bbc50104 Utilize uniq to make char array more readable
Hat tip @bcoles.
2018-07-12 17:59:12 -05:00
bwatters-r7 cfcb77afd0
Rename to please msftidy 2018-07-12 17:41:06 -05:00
William Vu 3546286049 Add missed ARCH_CMD to top-level Arch array
It's not necessary because of targets, but it's required for printing.
2018-07-12 17:37:06 -05:00
asoto-r7 1a3a4ef5e4
Revised 88 aux and exploit modules to add CVEs / references 2018-07-12 17:34:52 -05:00
bwatters-r7 156b822401
First stab at cve-2018-8897 2018-07-12 17:31:53 -05:00
Brendan Coles 4b62f41369 Add QNAP Q'Center change_passwd Command Execution exploit 2018-07-12 20:00:17 +00:00
William Vu 3dda19f3c6 Update documentation in cmd/unix/reverse_bash
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=146464
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/215034
2018-07-12 13:29:33 -05:00
William Vu 1f0535618d Document bareword string deprecation in php/base64 2018-07-12 13:29:33 -05:00
William Vu 378930e5f4 Prefer %w array over quoted array in php/base64
irb(main):001:0> ["(",")",".","_","c","h","r","e","v","a","l","b","s","6","4","d","o"] == %w{( ) . _ c h r e v a l b s 6 4 d o}
=> true
irb(main):002:0>
2018-07-12 13:29:33 -05:00
Brendan Coles 904de2dd09
Land #10238, Add ManageEngine Exchange Reporter Plus RCE exploit 2018-07-12 16:07:32 +00:00
Kacper Szurek 486225c2a8
Code review changes
Use target_uri, split url inside normalize function, replace print with vprint, return CheckCode::Appears
2018-07-12 14:27:28 +02:00
William Vu acb20e5a29
Land #9780, CouchDB auth bypass and RCE 2018-07-12 03:36:17 -05:00
William Vu a08420e0d0
Land #10286, Docker server version scanner 2018-07-12 03:08:41 -05:00
William Vu cce3b6f369 Clean up module 2018-07-12 02:57:14 -05:00
William Vu f53080ee60 Fix exploit and do final cleanup 2018-07-12 02:13:30 -05:00
William Vu 167745c124 Selectively add RuboCop fixes 2018-07-11 22:49:46 -05:00
William Vu ccc3267166 Correct rubocop -a
We'll update .rubocop.yml later.
2018-07-11 22:49:46 -05:00
William Vu ca5e496b8f Run rubocop -a 2018-07-11 21:40:19 -05:00
Agora Security 7d8b9a90d7 Add more reporting 2018-07-11 17:22:48 -04:00
Agora Security 30c43e22d9 Fix typo 2018-07-11 17:04:31 -04:00
Agora Security bb8ac4a7ab Add info & update_info 2018-07-11 16:52:16 -04:00
Shelby Pace 1ded8ffb29
Land #10260, Add phpMyAdmin v4.8.1/4.8.0 LFI RCE 2018-07-11 11:10:52 -05:00
James Barnett c26fcc0af1 Merge branch 'master' into remote_creds_data 2018-07-11 10:27:49 -05:00
Agora Security 1f0045fa03 Improve Description 2018-07-11 01:27:10 -04:00
Agora Security 00f4d3967c Add basic reporting 2018-07-11 00:47:43 -04:00
Agora Security d488b51264 Use peer instead of ip & port 2018-07-11 00:41:55 -04:00
Agora Security 5a89642ddd Simplify the module greatly 2018-07-11 00:15:56 -04:00
Agora Security ffc2f044cc Remove lines that were not required 2018-07-11 00:04:44 -04:00
Agora Security 7b1e7eb085 Minor improvement to description 2018-07-11 00:04:12 -04:00
Agora Security 2b2029b487 Align Hashrockets 2018-07-11 00:03:26 -04:00
Agora Security 9491c63778 Fix several minor details 2018-07-10 23:56:05 -04:00
Agora Security 66c207a124 Remove timeout of 25 seconds 2018-07-10 23:53:13 -04:00
Agora Security 718606c9f2 Add Auxiliary module to enumerate the Docker Server Version 2018-07-10 19:34:49 -04:00
Erin Bleiweiss ef3ea2dd44
Land #10280, Use default CheckCode in ETERNALBLUE 2018-07-10 17:39:42 -05:00
Shelby Pace 10cd6c99d9
Land #10231, Monstra Fileupload Exec 2018-07-10 14:23:15 -05:00
Shelby Pace 07dca243ff
changed grammar, removed redundant code 2018-07-10 14:13:57 -05:00
Brent Cook 1af360d7e0
Land #10108, add IBM QRadar SIEM exploit 2018-07-10 11:52:32 -05:00
Shelby Pace 171fa562a3
added parsing for repos in Gitlist source 2018-07-10 11:32:46 -05:00
William Vu f64c9588e9 Undefine check method and let the base class do it
Preserve the to-do without rewording - should be enough.
2018-07-10 11:05:00 -05:00
Adam Cammack 1fddbdb8ef
Specify the `command` option external modules 2018-07-10 10:24:07 -05:00
William Vu 533d87efa4 Return CheckCode::Unsupported in ETERNALBLUE
Defining a check method in the module overrides it.
2018-07-09 16:01:24 -05:00
Shelby Pace 5776b64a1b
modified exploit 2018-07-09 13:56:33 -05:00
Jacob Robles 64ec8e96cb
Land #10275, Update missing CVE references for exploit modules 2018-07-09 13:26:18 -05:00
Shelby Pace f5e40b14a3
removed double eval as suggested 2018-07-09 13:24:31 -05:00
Jacob Robles 4f039de2fc
Fix CVE numbers 2018-07-09 13:22:08 -05:00
Jacob Robles 4403a4ab47
Fix CVE number 2018-07-09 12:56:00 -05:00
flandini 7d8a95de9f Fixed requested changes for PR 2018-07-09 12:44:38 -05:00
Shelby Pace 44b9798afb
modified regex, id=filesmanager lines 2018-07-09 10:55:29 -05:00
James Barnett bbc16e1873 Merge branch 'master' into remote_creds_data 2018-07-09 09:49:14 -05:00
Jacob Robles bf24ce847a
Fix token issues 2018-07-09 09:29:11 -05:00
Touhid M Shaikh bc33078e01
fixed comma
fixed comma
2018-07-09 12:27:58 +05:30
Touhid M Shaikh 6f6ad86e2c
fix tab
fix tab and space.
2018-07-09 11:49:11 +05:30
Wei Chen aff39e65d5 Update missing CVE references for auxiliary modules
Based on existing references such as BID, OSVDB, blog posts, etc
2018-07-08 19:00:11 -05:00
Wei Chen 5fc5a47cd2 Update CVE references for exploit modules
These are based on cross references by EDB, OSVDB, module short
name, blog post and BID.
2018-07-08 18:46:04 -05:00
Brendan Coles f14d06b9d1 Fix ufo_privilege_escalation 2018-07-08 11:05:30 +00:00
Brendan Coles a634e6347d minor code cleanup 2018-07-08 06:09:38 +00:00
Touhid M Shaikh 4a835b2493
fix warning, and version
fix warning, and version and indentation
2018-07-07 17:27:09 +05:30
Jacob Robles 1c448de882
Land #10107, Add the scanner/smb/impacket/secretsdump module 2018-07-06 14:59:33 -05:00
Shelby Pace b5fb970aec
Land #10133, Add HID discoveryd RCE exploit 2018-07-06 14:32:29 -05:00
Wei Chen 545e91af00
Land #10262, Add GitList argument injection exploit module 2018-07-06 14:28:20 -05:00
Wei Chen 82c74eb765 Small changes 2018-07-06 14:25:58 -05:00
Shelby Pace b1456df757
made suggested changes 2018-07-06 12:48:38 -05:00
Jacob Robles fe1b17684a
Add Targets and Session file inclusion 2018-07-06 12:17:26 -05:00
Brent Cook b4b7bf03da
Land #10171, Implement desktop shell and screensaver post modules 2018-07-05 17:33:06 -05:00
thesubtlety 970c164e06 fix undefined method capitalize error for array 2018-07-05 14:33:51 -07:00
Shelby Pace 5d0652fab1
changed inconsistent capitalization 2018-07-05 15:56:41 -05:00
Shelby Pace 2b452d5681
added documentation and check 2018-07-05 15:47:21 -05:00
Jacob Robles cb078b9586
Drop database 2018-07-05 14:58:30 -05:00
Brent Cook 05a0d79be7
Land #10219, Add HP VAN SDN Controller exploit 2018-07-05 14:21:44 -05:00
Jacob Robles 43096d9d78
Add phpMyAdmin v4.8.1/4.8.0 LFI RCE
Module and Doc
2018-07-05 13:33:35 -05:00
William Vu 53d5d82498 Rename module to match new vector 2018-07-05 13:31:16 -05:00
Shelby Pace 507fd22958
added http post and generating payload 2018-07-05 13:21:22 -05:00
William Vu 762b4b5e53 Simplify creds auth by checking X-Auth-Token alone
It's a lot more direct than checking for the redirect.
2018-07-05 13:20:27 -05:00
William Vu 2b069f45ca Clarify how we're using the auth token for creds
In the service token's case, the service token *is* the auth token.
2018-07-05 13:05:23 -05:00
flandini b00f0e87e0 Add SonicWall XML-RPC Remote Code Execution exploit module 2018-07-05 12:06:13 -05:00
Mehmet İnce a272dcabd7 Fix typos and additional updates regarding to review 2018-07-05 13:33:40 +01:00
Mehmet İnce 3b8149216f print a verbose error message 2018-07-04 23:20:58 +01:00
Mehmet İnce 4c1c2e9288 Adding Micro Focus Secure Messaging Gateway RCE 2018-07-04 17:47:13 +01:00