Adam Cammack
79736406b2
Land #10394 , Cleanup aws_ec2_instance_metadata
2018-08-15 14:51:12 -05:00
Kevin Kirsche
09434bd57c
Fix tabbing caused by incorrect VM nvim configuration
2018-08-15 07:00:45 -07:00
Kevin Kirsche
905f26372d
Remove host key checks on ssh scanner modules
2018-08-15 06:48:35 -07:00
Jacob Robles
85a137e0a0
Land #10420 , cgit < 1.2.1 Directory Traversal
2018-08-13 16:25:23 -05:00
Jacob Robles
5a3d040d71
Fix module, Add documentation
2018-08-13 15:48:21 -05:00
Shelby Pace
ce8cbd64d4
Land #10404 , Add Path Traversal Oracle GlassFish
2018-08-13 11:15:26 -05:00
Wei Chen
d9fc99ec4a
Correct false negative post_auth? status
2018-08-09 23:34:03 -05:00
Wei Chen
9122c5945e
Add a comment explaining the last sleep(10)
2018-08-09 14:51:56 -05:00
Jacob Robles
66e5685ed2
Moved to exploit/windows
2018-08-09 11:35:14 -05:00
Jacob Robles
228bd4c3ab
Add weblogic_deserialize module CVE-2018-2628
2018-08-08 17:55:41 -05:00
Wei Chen
6223685c37
Update auth requirement for json metadata
2018-08-07 16:42:00 -05:00
Dhiraj Mishra
14b12f38d0
Fixing
2018-08-05 23:26:18 +05:30
Dhiraj Mishra
9502c26dc1
Updated
2018-08-05 19:14:12 +05:30
Dhiraj Mishra
8a175f50cd
Indentation
2018-08-05 00:15:04 +05:30
Dhiraj Mishra
ebcc9a3c20
Fixing Indentation
2018-08-04 19:16:12 +05:30
Dhiraj Mishra
502c103d37
cgit < 1.2.1 Directory Traversal
2018-08-04 18:52:24 +05:30
Brent Cook
78f66986e9
Land #10386 , Add IEC104 client module
2018-08-04 07:43:15 -05:00
Brent Cook
ae48ba635a
Land #10417 , Update check method of Hadoop exploit
2018-08-04 07:28:45 -05:00
Brent Cook
919da41aab
Land #9692 , Add DoS module for Siemens Siprotec 4
2018-08-04 07:20:57 -05:00
Dhiraj Mishra
458fca6ff0
Fixing
...
Thanks bcoles
2018-08-04 13:15:25 +05:30
Brendan Coles
1c82592882
Land #10358 , Add Dicoogle PACS Directory Traversal scanner module
2018-08-04 05:31:16 +00:00
h00die
e5dcfa62c9
remove encoding and escaping
2018-08-03 20:23:33 -04:00
Michael John
dc2f893b31
Amended code formating
...
This commit incorporates suggested formatting changes based on feedback and rubocop tool run:
Corrected indentation issues
Using "<<" instead of "+=" for string append
Modified if/else branches as per tool suggestion
2018-08-03 20:13:48 +02:00
Green-m
d2c53e1c88
Update the check method.
2018-08-03 01:39:37 -04:00
Wei Chen
0785d59146
Land #10412 , Add Cisco directory traversal auxiliary module
2018-08-02 16:44:59 -05:00
reka193
d60aa55e07
Modified regex
...
Based on the comment: https://github.com/rapid7/metasploit-framework/pull/10394#discussion_r207042496
2018-08-02 15:55:24 +02:00
Tim W
8785ec21b6
Land #9884 , add linux ufo priv esc module
2018-08-02 17:53:36 +08:00
Tim W
ff418afd1a
add a default payload
2018-08-02 17:48:44 +08:00
Tim W
cbe85acef5
fix bad link in bpf priv esc
2018-08-02 17:28:22 +08:00
Tim W
1c810249b1
ufo privesc is x64 only
2018-08-02 17:24:44 +08:00
Adam Cammack
41fdb75502
Land #10405 , Cleanup dropped files for CMSMS
2018-08-01 14:44:33 -05:00
Adam Cammack
54abc65c55
Land #10406 , Fix notes service, port, protocol
2018-08-01 14:39:34 -05:00
Shelby Pace
10d4061672
changed default port
2018-08-01 13:30:19 -05:00
Shelby Pace
de83926e6c
separated list_users into two functions
2018-08-01 12:59:53 -05:00
Shelby Pace
0264eb2ea3
cleaned up module
2018-08-01 09:51:45 -05:00
William Vu
4eef9e64ea
Implement dropper target in axis_srv_parhand_rce
2018-07-31 21:43:29 -05:00
Shelby Pace
021264fd5a
listing files and grabbing logged in user names
2018-07-31 16:03:17 -05:00
William Vu
090624fe17
Correctly set proto and sname in joomla_pages
2018-07-31 11:51:34 -05:00
William Vu
41ce96b19d
Clean up module
2018-07-31 11:01:02 -05:00
Jacob Robles
6c11d5800f
Register files on same line
2018-07-31 10:03:59 -05:00
Jacob Robles
569ddd9d59
Remove files from application
2018-07-31 09:47:39 -05:00
Dhiraj Mishra
323c814abf
Fixing some tweaks
2018-07-31 19:52:39 +05:30
Dhiraj Mishra
55dce52bea
Fixing some tabbed indent
2018-07-31 18:24:28 +05:30
Dhiraj Mishra
3a7d18a98d
Fixing, Warning of EOL
2018-07-31 18:11:09 +05:30
Dhiraj Mishra
d9e94f94dc
Oracle GlassFish
2018-07-31 17:59:03 +05:30
Alexander Halbarth
80d5d1d4ee
use variable port instead of datastore
2018-07-31 07:38:09 +02:00
Alexander Halbarth
b0fa17ccfb
Better output added to joomla_pages
2018-07-31 07:29:56 +02:00
Wei Chen
bcfb3d099b
Land #10255 , Adding Micro Focus Secure Messaging Gateway RCE
2018-07-30 21:07:02 -05:00
Mehmet İnce
48a903f0b3
Fixing r and sql variables use same object issue
2018-07-31 00:57:32 +03:00
Shelby Pace
ca8a01d27c
getting filenames in http responses
2018-07-30 16:25:45 -05:00
Shelby Pace
7cf2c840a3
metadata set up
2018-07-30 14:25:58 -05:00
William Vu
129fd44350
Land #10305 , SonicWall XML-RPC RCE
2018-07-30 14:14:26 -05:00
William Vu
38f6b8aada
Clean up module
2018-07-30 14:06:33 -05:00
William Vu
ce9f447a29
Land #10384 , upload_exec fixes
2018-07-30 13:55:40 -05:00
h00die
7c8190573c
remove unused juniper options
2018-07-30 14:20:01 -04:00
Jacob Robles
4ed2cc8189
Land #10397 , Added line in psexec_psh to support SMB2
2018-07-30 13:06:00 -05:00
bwatters-r7
cdefb88770
Added line to support SMB2
2018-07-30 12:37:06 -05:00
Jacob Robles
952ab801e8
Land #10060 , vTiger CRM v6.3.0 Upload RCE
2018-07-30 12:32:24 -05:00
Jacob Robles
62f663207b
Change option type
2018-07-30 12:15:59 -05:00
Jacob Robles
fe9315dc89
Update module, Add documentation
2018-07-30 12:11:08 -05:00
Shelby Pace
d58785f959
Land #10247 , add WordPress Arbitrary File Deletion
2018-07-30 09:05:23 -05:00
reka193
ece9a72d13
Removed tabs
2018-07-30 15:07:55 +02:00
reka193
5962fa752e
Fixes in aws_ec2_instance_metadata
...
@@ -36,7 +36,7 @@ def initialize(info = {})
- unless resp =~ /^instance-id.$/m
+ unless resp =~ /^instance-id$/m
The original regex requires one character after 'instance-id' which is not present in the instance.
@@ -50,15 +50,16 @@ def check_curl
- base_resp.split(/\r\n/).each do |l|
- new_uri = base_uri.merge("./#{l}")
+ base_resp.split(/\r?\n/).each do |l|
+ new_uri = "#{base_uri}#{l}"
- key_uri = new_uri.merge("./#{key_id}/")
- key_resp = simple_get(key_uri)
+ new_uri = new_uri.slice(0..(new_uri.index(%r{/public-keys/})+'/public-keys'.length))
+ key_uri = "#{new_uri}#{key_id}/"
+ key_resp = simple_get(key_uri)
1. merge function was causing 'rescue in merge' errors
2. the split function could not succeed, there were no '\r\n' between the lines but '\n' only
3. the special case was not handled correctly
was trying to curl http://169.254.169.254/latest/meta-data/public-keys/0=Key0/ instead of http://169.254.169.254/latest/meta-data/public-keys/0/
@@ -94,6 +95,6 @@ def setup
- cmd_exec("curl #{url}")
+ cmd_exec("curl -s #{url}")
Curl was causing issues when not in silent mode.
2018-07-30 14:02:15 +02:00
reka193
6790ac1998
Reset to original
2018-07-30 10:48:32 +02:00
h00die
c440eeaa31
rogue end
2018-07-29 10:35:33 -04:00
h00die
53cca07442
bcoles suggestions
2018-07-29 10:31:01 -04:00
Wei Chen
32384cf850
Land #10387 , Update mov_ss and add mov_ss_dll
2018-07-27 14:52:21 -05:00
bwatters-r7
6d4c70d019
ughhhhh EOL
2018-07-27 11:35:31 -05:00
bwatters-r7
036e2b2247
shut up, Rubocop
2018-07-27 11:11:32 -05:00
bwatters-r7
b4792e08a4
Combine the modules and update the binaries
2018-07-27 11:08:04 -05:00
bwatters-r7
aaf1a22c7c
Rubocop changes
2018-07-27 10:15:45 -05:00
bwatters-r7
eab62c18c6
Update mov_ss and add mov_ss_dll
2018-07-27 09:40:34 -05:00
michaelj0hn
7b5e8463ba
msftidy-final
2018-07-27 14:52:10 +02:00
michaelj0hn
4e42834be3
msftidy 538
2018-07-27 14:48:04 +02:00
michaelj0hn
44c1fa9197
msftidy558
2018-07-27 14:29:32 +02:00
michaelj0hn
da1363721f
msftidy 90-91-2
2018-07-27 14:07:10 +02:00
michaelj0hn
07896b0a3c
msftidy 90-91
2018-07-27 13:58:15 +02:00
michaelj0hn
5435c7a5eb
msftidy fix
2018-07-27 13:43:37 +02:00
michaelj0hn
09320ece91
iec104 client
2018-07-27 11:46:26 +02:00
Wei Chen
1bcf2f9b37
Land #10383 , Add WP Responsive Thumbnail Slider Plugin Exploit Module
2018-07-26 23:53:25 -05:00
Wei Chen
72d634b10b
Update module and its documentation
2018-07-26 23:08:20 -05:00
William Vu
0433cb92ba
Fix upload_exec for absolute paths
...
Also prefer chmod 700 over 755, since it's our file.
2018-07-26 19:48:12 -05:00
Brent Cook
32d6344e6b
Land #9964 , android post module to extract subscriber info
2018-07-26 16:58:27 -05:00
Brent Cook
71646da97f
fix error handling
2018-07-26 16:48:34 -05:00
Shelby Pace
be1bf8b1fc
modified status
2018-07-26 15:41:19 -05:00
Shelby Pace
6accca4181
added documentation and check method
2018-07-26 15:32:37 -05:00
Shelby Pace
ed4c4046ba
parsing for uploaded file, gets session
2018-07-26 14:23:24 -05:00
Wei Chen
2dff66aacb
Check nil
2018-07-26 11:23:16 -05:00
Shelby Pace
c23ffcbf62
successfully uploads payload and gets a session
2018-07-26 11:09:01 -05:00
Brent Cook
c1418955f5
Land #10319 , enable VHOST for ms15_034_http_sys_memory_dump
2018-07-25 18:51:57 -05:00
Brent Cook
e78337d59a
Land #10374 , Net::SSH::CommandStream fixes
2018-07-25 18:21:39 -05:00
William Vu
e4386d3665
Land #10375 , smb_login defaults that suck less
2018-07-25 15:21:34 -05:00
Jacob Robles
5a7c25b498
Fix description
2018-07-25 15:13:41 -05:00
William Vu
6b10921232
Land #10375 , DETECT_ANY_AUTH should be false
2018-07-25 15:09:19 -05:00
Jacob Robles
1105474fb9
Modify options for smb_login
...
Change default value for DETECT_ANY_AUTH
and add option for DETECT_ANY_DOMAIN
2018-07-25 14:53:06 -05:00
Wei Chen
6c2e8f2402
Land #10300 , Add root exploit for Axis network cameras
2018-07-25 14:46:04 -05:00
Wei Chen
f169afff6a
Add documentation and a new reference
2018-07-25 14:44:44 -05:00
William Vu
60faddebbf
Update authors with sinn3r
2018-07-25 14:35:09 -05:00
Shelby Pace
8f89275df8
authenticating to WordPress
2018-07-25 14:22:24 -05:00
William Vu
efacaef9df
Clamp compatible payloads until we know better
2018-07-25 14:14:15 -05:00
William Vu
86d634cb64
Update module for MVP
2018-07-25 12:01:36 -05:00
Shelby Pace
668bcb38cb
metadata setup
2018-07-25 11:29:47 -05:00
Sonny Gonzalez
f5ccdcfcd2
Net SSH CommandStream fixes implemented
...
* Net::SSH::CommandStream typos fixed
* Net::SSH::CommandStream cleanup made more robust and refactored
* require 'net/ssh/command_stream' added to various modules
2018-07-25 11:22:28 -05:00
William Vu
9fde9127ad
Land #10370 , minor CouchDB fix
2018-07-25 01:11:23 -05:00
William Vu
d3b7dffcdc
Prefer res.body over res
2018-07-25 01:05:18 -05:00
William Vu
bc89d7fe52
Land #10357 , CouchDB improvements and docs
2018-07-25 00:54:55 -05:00
Wei Chen
625ea87ea9
Land #10368 , PhpMyAdmin Login Scanner Module
2018-07-24 23:25:27 -05:00
Wei Chen
5df5ab30f6
Use store_valid_credential to save good credentials
2018-07-24 23:21:59 -05:00
Shelby Pace
efa3a77adc
modified name
2018-07-24 15:00:14 -05:00
Shelby Pace
4f81fcdc87
retn versions in chk_setup, tests to reflect, doc
2018-07-24 14:51:00 -05:00
Shelby Pace
976a3464e1
added phpmyadmin login scanner and aux module
2018-07-24 09:47:01 -05:00
Matthew Kienow
dac5780feb
Land #10176 , creds data service CRUD operations
2018-07-23 23:36:32 -04:00
Brent Cook
5d7f40d459
Land #10362 , Fix reporting in backup_file, add more docs
2018-07-23 18:22:35 -05:00
James Barnett
e3da0a6828
Merge branch 'master' into remote_creds_data
2018-07-23 16:39:13 -05:00
Adam Cammack
d2ed78570a
Land #10364 , Handle nil for shell_reverse_tcp_ipv6
...
This makes things like `msfvenom --list-options` or `info` when options
are not set work.
2018-07-23 14:02:14 -05:00
William Vu
086af80509
Specify address family in shell_reverse_tcp_ipv6
2018-07-23 13:39:40 -05:00
asoto-r7
cb0b90435d
Land #10349 , deconflict the method names in mix-ins
2018-07-23 13:38:46 -05:00
reka193
408dc7793f
Update aws_ec2_instance_metadata.rb
2018-07-23 10:00:12 +02:00
h00die
83ae5cb14d
fix backup_file.rb and add a few docs
2018-07-22 20:50:22 -04:00
h00die
2a969d70db
dicoogle
2018-07-21 21:31:45 -04:00
h00die
abfed97e03
remove EOL spaces
2018-07-21 11:21:11 -04:00
h00die
8b324c19d8
update couchdb scanner
2018-07-21 11:02:50 -04:00
bwatters-r7
0c906ed8d3
Update cached payload sizes
2018-07-19 17:58:45 -05:00
bwatters-r7
658267849b
deconflict the method names in mix-ins
2018-07-19 17:01:40 -05:00
James Barnett
65d42380d3
Merge branch 'master' into remote_creds_data
2018-07-19 16:25:06 -05:00
Brendan Coles
19239c72c0
Update cmsms_upload_rename_rce check and docs
2018-07-19 18:26:42 +00:00
Wei Chen
28e3f3a5f0
Land #10327 , Add CMS Made Simple Upload/Rename Authenticated RCE
2018-07-19 12:18:12 -05:00
Wei Chen
c5ac4c791f
Make changes based on community feedback
2018-07-19 12:17:02 -05:00
Brent Cook
08290b81c0
Land #10282 , Add support for running external modules outside of msfconsole
2018-07-18 17:38:40 -05:00
Brent Cook
b90583d07c
don't throw an exception in haraka checks if we cannot connect
2018-07-18 17:17:45 -05:00
Adam Cammack
0024cca3bf
Land #10328 , Log errors in Python ETERNALBLUE
2018-07-18 14:50:40 -05:00
Tim W
70a1df70a1
Land #9753 , Linux BPF sign extension local privesc
2018-07-18 18:44:14 +08:00
reka193
4c4f0c1d3e
Update
...
Fixes for Kali linux 4.14 with ruby 2.3.
2018-07-18 10:42:51 +00:00
Jacob Robles
08e33cad0c
Spelling fix
2018-07-17 20:12:37 -05:00
Jacob Robles
20905d1ca1
Fix syntax error
2018-07-17 18:48:07 -05:00
Jacob Robles
a24666a00a
msftidy fixes
2018-07-17 18:28:33 -05:00
William Vu
e5efa4faac
Make failures consistent
2018-07-17 17:35:52 -05:00
William Vu
96f9e60e84
Swap return for sys.exit(1)
2018-07-17 17:25:38 -05:00
William Vu
09d347ca33
Add missed sys.exit(1)
2018-07-17 16:31:57 -05:00
William Vu
e1be94e568
Pass RPORT to sess_port in Impacket
2018-07-17 13:49:38 -05:00
William Vu
0bdaa0e23a
Catch connection errors and module.log them
2018-07-17 13:49:34 -05:00
William Vu
5650412cc2
Land #10317 , nil fix for enum_dns
2018-07-17 13:03:06 -05:00
Jacob Robles
677b22698d
Land #10273 , [clean up] iis_webdav_scstoragepathfromurl
2018-07-17 09:33:32 -05:00
Jacob Robles
1e004769ca
CMS Made Simple Upload/Rename Authenticated RCE
2018-07-17 09:00:39 -05:00
Eliott Teissonniere
703f94d981
Check that /etc/rc.local is writeable
2018-07-17 12:52:51 +02:00
Eliott Teissonniere
97e89cf3bb
Cleanup rc_local patching code
2018-07-17 12:49:55 +02:00
Eliott Teissonniere
df32ab674d
Fix newline bad character
2018-07-17 12:48:26 +02:00
Brendan Coles
6bf184dbcf
Update tested versions
2018-07-17 06:24:16 +00:00
William Vu
9a7c34e6e9
Land #10064 , Claymore Dual Miner API RCE
2018-07-16 18:02:20 -05:00
Eliott Teissonniere
7df20539af
Fix msftidy
2018-07-16 11:55:37 +02:00
Eliott Teissonniere
c84eb9fee9
Handle file patching on framework side
2018-07-16 11:54:37 +02:00
Eliott Teissonniere
4f137f2f3f
rc.local persistence
2018-07-16 09:34:03 +02:00
Sunny Neo
8e1f68f384
Update ms15_034_http_sys_memory_dump.rb with VHOST
...
Added VHOST to cater to targets that require virtual hostname to be defined
2018-07-16 15:13:23 +08:00
Brendan Coles
7524af35ec
Check if IPRANGE was supplied - Fix #10316
2018-07-15 15:38:56 +00:00
Jacob Robles
134417b598
Account for nil
2018-07-14 10:44:09 -05:00
Jacob Robles
6e450973b9
Land #10295 , Add QNAP Q'Center change_passwd Command Execution exploit
2018-07-14 10:09:46 -05:00
Jacob Robles
18e65abc54
Fix link
2018-07-14 10:03:01 -05:00
Brendan Coles
9bdec97b2e
Fix bpf_sign_extension_priv_esc
2018-07-13 23:01:17 +00:00
Brent Cook
72e5b94eb8
Land #10293 , fixup php/base64 and add docs for cmd/unix/reverse_bash
2018-07-13 17:15:22 -05:00
Brendan Coles
4e72dff791
Update module references
2018-07-14 05:03:13 +10:00
Wei Chen
b40a146723
Land #10297 , Add priv escalation mod for CVE-2018-8897
2018-07-13 10:54:25 -05:00
bwatters-r7
f33d12676f
Added License, make msftidy happy, and include original cve project
...
readme document.
2018-07-13 10:19:41 -05:00
bwatters-r7
4fa2a4775d
Update the target check and added cleanup
2018-07-13 09:27:41 -05:00
Wei Chen
9ba0a72ea1
Rename file
2018-07-13 01:11:37 -05:00
Wei Chen
e1e8444188
Clean up ruby code for CVE-2018-8897
2018-07-13 01:06:21 -05:00
Brendan Coles
a020d48caf
Move module documentation to documentation directory
2018-07-13 04:46:25 +00:00
Wei Chen
f02c05e530
This one is the same as cve_2018_8897_exe.rb
2018-07-12 22:09:44 -05:00
William Vu
c9001699cd
Land #10027 , Hadoop unauthed command execution
2018-07-12 21:58:49 -05:00
William Vu
50252c75d6
Clean up module
...
With a little rubocop -a.
2018-07-12 21:58:00 -05:00
William Vu
2f37482535
Land #10278 , gitlist_arg_injection fixes
2018-07-12 19:03:52 -05:00
William Vu
9080b38dcc
Add Axis camera exploit (VDOO research)
2018-07-12 18:46:49 -05:00
Wei Chen
e613b2570a
Land #10299 , Add 88 CVEs to various auxiliary and exploit modules
2018-07-12 18:26:07 -05:00
William Vu
88bbc50104
Utilize uniq to make char array more readable
...
Hat tip @bcoles.
2018-07-12 17:59:12 -05:00
bwatters-r7
cfcb77afd0
Rename to please msftidy
2018-07-12 17:41:06 -05:00
William Vu
3546286049
Add missed ARCH_CMD to top-level Arch array
...
It's not necessary because of targets, but it's required for printing.
2018-07-12 17:37:06 -05:00
asoto-r7
1a3a4ef5e4
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
bwatters-r7
156b822401
First stab at cve-2018-8897
2018-07-12 17:31:53 -05:00
Brendan Coles
4b62f41369
Add QNAP Q'Center change_passwd Command Execution exploit
2018-07-12 20:00:17 +00:00
William Vu
3dda19f3c6
Update documentation in cmd/unix/reverse_bash
...
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=146464
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/215034
2018-07-12 13:29:33 -05:00
William Vu
1f0535618d
Document bareword string deprecation in php/base64
2018-07-12 13:29:33 -05:00
William Vu
378930e5f4
Prefer %w array over quoted array in php/base64
...
irb(main):001:0> ["(",")",".","_","c","h","r","e","v","a","l","b","s","6","4","d","o"] == %w{( ) . _ c h r e v a l b s 6 4 d o}
=> true
irb(main):002:0>
2018-07-12 13:29:33 -05:00
Brendan Coles
904de2dd09
Land #10238 , Add ManageEngine Exchange Reporter Plus RCE exploit
2018-07-12 16:07:32 +00:00
Kacper Szurek
486225c2a8
Code review changes
...
Use target_uri, split url inside normalize function, replace print with vprint, return CheckCode::Appears
2018-07-12 14:27:28 +02:00
William Vu
acb20e5a29
Land #9780 , CouchDB auth bypass and RCE
2018-07-12 03:36:17 -05:00
William Vu
a08420e0d0
Land #10286 , Docker server version scanner
2018-07-12 03:08:41 -05:00
William Vu
cce3b6f369
Clean up module
2018-07-12 02:57:14 -05:00
William Vu
f53080ee60
Fix exploit and do final cleanup
2018-07-12 02:13:30 -05:00
William Vu
167745c124
Selectively add RuboCop fixes
2018-07-11 22:49:46 -05:00
William Vu
ccc3267166
Correct rubocop -a
...
We'll update .rubocop.yml later.
2018-07-11 22:49:46 -05:00
William Vu
ca5e496b8f
Run rubocop -a
2018-07-11 21:40:19 -05:00
Agora Security
7d8b9a90d7
Add more reporting
2018-07-11 17:22:48 -04:00
Agora Security
30c43e22d9
Fix typo
2018-07-11 17:04:31 -04:00
Agora Security
bb8ac4a7ab
Add info & update_info
2018-07-11 16:52:16 -04:00
Shelby Pace
1ded8ffb29
Land #10260 , Add phpMyAdmin v4.8.1/4.8.0 LFI RCE
2018-07-11 11:10:52 -05:00
James Barnett
c26fcc0af1
Merge branch 'master' into remote_creds_data
2018-07-11 10:27:49 -05:00
Agora Security
1f0045fa03
Improve Description
2018-07-11 01:27:10 -04:00
Agora Security
00f4d3967c
Add basic reporting
2018-07-11 00:47:43 -04:00
Agora Security
d488b51264
Use peer instead of ip & port
2018-07-11 00:41:55 -04:00
Agora Security
5a89642ddd
Simplify the module greatly
2018-07-11 00:15:56 -04:00
Agora Security
ffc2f044cc
Remove lines that were not required
2018-07-11 00:04:44 -04:00
Agora Security
7b1e7eb085
Minor improvement to description
2018-07-11 00:04:12 -04:00
Agora Security
2b2029b487
Align Hashrockets
2018-07-11 00:03:26 -04:00
Agora Security
9491c63778
Fix several minor details
2018-07-10 23:56:05 -04:00
Agora Security
66c207a124
Remove timeout of 25 seconds
2018-07-10 23:53:13 -04:00
Agora Security
718606c9f2
Add Auxiliary module to enumerate the Docker Server Version
2018-07-10 19:34:49 -04:00
Erin Bleiweiss
ef3ea2dd44
Land #10280 , Use default CheckCode in ETERNALBLUE
2018-07-10 17:39:42 -05:00
Shelby Pace
10cd6c99d9
Land #10231 , Monstra Fileupload Exec
2018-07-10 14:23:15 -05:00
Shelby Pace
07dca243ff
changed grammar, removed redundant code
2018-07-10 14:13:57 -05:00
Brent Cook
1af360d7e0
Land #10108 , add IBM QRadar SIEM exploit
2018-07-10 11:52:32 -05:00
Shelby Pace
171fa562a3
added parsing for repos in Gitlist source
2018-07-10 11:32:46 -05:00
William Vu
f64c9588e9
Undefine check method and let the base class do it
...
Preserve the to-do without rewording - should be enough.
2018-07-10 11:05:00 -05:00
Adam Cammack
1fddbdb8ef
Specify the `command` option external modules
2018-07-10 10:24:07 -05:00
William Vu
533d87efa4
Return CheckCode::Unsupported in ETERNALBLUE
...
Defining a check method in the module overrides it.
2018-07-09 16:01:24 -05:00
Shelby Pace
5776b64a1b
modified exploit
2018-07-09 13:56:33 -05:00
Jacob Robles
64ec8e96cb
Land #10275 , Update missing CVE references for exploit modules
2018-07-09 13:26:18 -05:00
Shelby Pace
f5e40b14a3
removed double eval as suggested
2018-07-09 13:24:31 -05:00
Jacob Robles
4f039de2fc
Fix CVE numbers
2018-07-09 13:22:08 -05:00
Jacob Robles
4403a4ab47
Fix CVE number
2018-07-09 12:56:00 -05:00
flandini
7d8a95de9f
Fixed requested changes for PR
2018-07-09 12:44:38 -05:00
Shelby Pace
44b9798afb
modified regex, id=filesmanager lines
2018-07-09 10:55:29 -05:00
James Barnett
bbc16e1873
Merge branch 'master' into remote_creds_data
2018-07-09 09:49:14 -05:00
Jacob Robles
bf24ce847a
Fix token issues
2018-07-09 09:29:11 -05:00
Touhid M Shaikh
bc33078e01
fixed comma
...
fixed comma
2018-07-09 12:27:58 +05:30
Touhid M Shaikh
6f6ad86e2c
fix tab
...
fix tab and space.
2018-07-09 11:49:11 +05:30
Wei Chen
aff39e65d5
Update missing CVE references for auxiliary modules
...
Based on existing references such as BID, OSVDB, blog posts, etc
2018-07-08 19:00:11 -05:00
Wei Chen
5fc5a47cd2
Update CVE references for exploit modules
...
These are based on cross references by EDB, OSVDB, module short
name, blog post and BID.
2018-07-08 18:46:04 -05:00
Brendan Coles
f14d06b9d1
Fix ufo_privilege_escalation
2018-07-08 11:05:30 +00:00
Brendan Coles
a634e6347d
minor code cleanup
2018-07-08 06:09:38 +00:00
Touhid M Shaikh
4a835b2493
fix warning, and version
...
fix warning, and version and indentation
2018-07-07 17:27:09 +05:30
Jacob Robles
1c448de882
Land #10107 , Add the scanner/smb/impacket/secretsdump module
2018-07-06 14:59:33 -05:00
Shelby Pace
b5fb970aec
Land #10133 , Add HID discoveryd RCE exploit
2018-07-06 14:32:29 -05:00
Wei Chen
545e91af00
Land #10262 , Add GitList argument injection exploit module
2018-07-06 14:28:20 -05:00
Wei Chen
82c74eb765
Small changes
2018-07-06 14:25:58 -05:00
Shelby Pace
b1456df757
made suggested changes
2018-07-06 12:48:38 -05:00
Jacob Robles
fe1b17684a
Add Targets and Session file inclusion
2018-07-06 12:17:26 -05:00
Brent Cook
b4b7bf03da
Land #10171 , Implement desktop shell and screensaver post modules
2018-07-05 17:33:06 -05:00
thesubtlety
970c164e06
fix undefined method capitalize error for array
2018-07-05 14:33:51 -07:00
Shelby Pace
5d0652fab1
changed inconsistent capitalization
2018-07-05 15:56:41 -05:00
Shelby Pace
2b452d5681
added documentation and check
2018-07-05 15:47:21 -05:00
Jacob Robles
cb078b9586
Drop database
2018-07-05 14:58:30 -05:00
Brent Cook
05a0d79be7
Land #10219 , Add HP VAN SDN Controller exploit
2018-07-05 14:21:44 -05:00
Jacob Robles
43096d9d78
Add phpMyAdmin v4.8.1/4.8.0 LFI RCE
...
Module and Doc
2018-07-05 13:33:35 -05:00
William Vu
53d5d82498
Rename module to match new vector
2018-07-05 13:31:16 -05:00
Shelby Pace
507fd22958
added http post and generating payload
2018-07-05 13:21:22 -05:00
William Vu
762b4b5e53
Simplify creds auth by checking X-Auth-Token alone
...
It's a lot more direct than checking for the redirect.
2018-07-05 13:20:27 -05:00
William Vu
2b069f45ca
Clarify how we're using the auth token for creds
...
In the service token's case, the service token *is* the auth token.
2018-07-05 13:05:23 -05:00
flandini
b00f0e87e0
Add SonicWall XML-RPC Remote Code Execution exploit module
2018-07-05 12:06:13 -05:00
Mehmet İnce
a272dcabd7
Fix typos and additional updates regarding to review
2018-07-05 13:33:40 +01:00
Mehmet İnce
3b8149216f
print a verbose error message
2018-07-04 23:20:58 +01:00
Mehmet İnce
4c1c2e9288
Adding Micro Focus Secure Messaging Gateway RCE
2018-07-04 17:47:13 +01:00