38c42f3b10
Fixed Typos
...
Fixed minor typing errors.
2018-03-02 17:38:19 +05:30
c84ece15a3
Update exodus.rb
2018-02-28 11:04:16 +00:00
c366f94017
Update exodus.rb
2018-02-28 10:35:05 +00:00
15bd45cee3
Exodus Module
2018-02-26 21:31:13 +00:00
af45c1764b
Tweak exception handling and timing of `ms17_010_eternalblue`
2018-02-21 13:40:04 -06:00
b2cb4c425d
Land #9594 , CloudMe Sync v1.10.9 Buffer Overflow
2018-02-20 17:49:19 -06:00
6a62ca15e7
Remove NOPS
...
[ticket: #9594 ]
2018-02-20 17:40:33 -06:00
745ad4d727
CloudMe Sync Client BoF
2018-02-20 21:57:13 +00:00
d02bf40d69
Modified Exploit
...
Remove NOPS that weren't needed and freed up space for a larger payload.
[ticket: #9561 ]
2018-02-20 15:35:43 -06:00
651ddbb7eb
Disk Savvy Server Buffer Overflow
2018-02-15 10:09:07 +00:00
929027ab96
Disk Savvy Server Buffer Overflow
2018-02-14 20:35:32 +00:00
ca4ad1d0c4
Land #9478 , Improve Dup Scout BOF exploit
2018-02-07 23:51:14 -06:00
c9473f8cbc
Land #9473 , new MS17-010 aux and exploit modules
2018-02-01 23:56:29 -06:00
ffc7e078e2
don't disconnect until cleanup
2018-02-01 21:46:56 -07:00
bc18389284
Updated Document and Module
...
Update the documentation based on analysis of the vulnerability.
Slight modifications to the exploit module as well to reduce the
size of the generated file and reduce bad characters.
2018-02-01 10:05:50 -06:00
656bb7f567
Modified DupScout Fileformat Exploit
2018-01-30 09:12:05 -06:00
7cc00c0e10
fixed padding/offsets for win 10
2018-01-28 21:10:51 -07:00
2723b328aa
misc tidying, added more randomness
2018-01-28 18:20:18 -07:00
6c2d5b1fc2
semi-completed exploit files
2018-01-28 18:13:25 -07:00
4cd5801e6f
Dup Scout Import Command Buffer Overflow
2018-01-24 20:47:46 +00:00
a27cfeaea9
Land #9416 , Sync Breeze Enterprise 9.5.16 Import Command buffer overflow
...
Merge branch 'land-9416' into upstream-master
2018-01-23 16:35:51 -06:00
3922844650
ninja style changes
2018-01-23 16:34:49 -06:00
aa9b5e4419
Sync Breeze Enterprise Import Command
2018-01-15 20:46:40 +00:00
488f27bf76
Small Typo
2018-01-12 07:05:30 -05:00
e6c4fb1dab
Land #9269 , Add a new target for Sync Breeze Enterprise GET BoF
...
Land #9269
2018-01-11 16:54:23 -06:00
f395e07fc6
Land #9269 , add new target for Sync Breeze Enterprise GET BoF
...
Land #9269
2018-01-11 16:53:02 -06:00
dd737c3bc8
Land #9317 , remove multiple deprecated modules
...
Land #9317
The following modules are replaced by the following:
auxiliary/scanner/discovery/udp_probe
is replaced by:
auxiliary/scanner/discovery/udp_sweep
exploit/unix/webapp/wp_ninja_forms_unauthenticated_file_upload
is replaced by:
exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload
exploit/windows/misc/regsvr32_applocker_bypass_server
is replaced by:
exploits/multi/script/web_delivery
2018-01-10 15:47:20 -06:00
8d77f35b16
Land #9373 , Add LabF nfsAxe FTP Client 3.7 Stack Buffer Overflow
...
Land #9373
2018-01-09 22:40:50 -06:00
25280e3319
Update labf_nfsaxe and module documentation
2018-01-09 22:39:40 -06:00
777e383568
Land #9377 , Add HPE iMC dbman RestoreDBase Unauthenticated RCE exploit
...
Land #9377
2018-01-09 13:56:53 -06:00
a0c9cdd73d
Land #9376 , Add HPE iMC dbman RestartDB Unauthenticated RCE exploit
...
Land #9376
2018-01-09 13:28:03 -06:00
d138f1508c
Land #9340 , Add exploit for Commvault Remote Command Injection
...
Land #9340
2018-01-07 12:17:26 -06:00
ff1806ef5f
Update labf_nfsaxe.rb
2018-01-07 16:46:06 +00:00
a69f275a39
Update labf_nfsaxe.rb
2018-01-05 21:14:47 +00:00
c819aebc76
Add files via upload
2018-01-05 21:11:21 +00:00
e797ca4781
Add files via upload
2018-01-05 21:00:47 +00:00
aca76e2a4e
Update labf_nfsaxe.rb
2018-01-05 20:58:36 +00:00
2643acbc25
Update labf_nfsaxe.rb
2018-01-05 20:55:49 +00:00
b29710c66b
Add files via upload
2018-01-05 20:47:27 +00:00
94a1198485
Update labf_nfsaxe.rb
2018-01-05 20:41:49 +00:00
b97785c7a9
Update labf_nfsaxe.rb
2018-01-05 18:46:33 +00:00
e7946549d7
Update labf_nfsaxe.rb
2018-01-05 18:31:40 +00:00
006514864b
Add HPE iMC dbman RestoreDBase Unauthenticated RCE exploit
2018-01-05 11:28:48 +00:00
52a5fc9e0a
Add HPE iMC dbman RestartDB Unauthenticated RCE exploit
2018-01-05 11:28:14 +00:00
a3fb8b6619
Update labf_nfsaxe.rb
2018-01-04 20:55:38 +00:00
e5bb4bf057
Add files via upload
2018-01-04 20:26:28 +00:00
04cf3017c0
Update ayukov_nftp exploit and module documentation
2018-01-03 20:52:57 -06:00
67357e316b
Update ayukov_nftp.rb
2017-12-31 17:48:23 +00:00
10b2833e7c
Update ayukov_nftp.rb
2017-12-31 17:00:17 +00:00
21717ae0a2
Create ayukov_nftp.rb
2017-12-31 15:43:16 +00:00
3516305517
land #9191 an exploit against HP LoadRunner magentproc
2017-12-29 16:35:43 -05:00
4dacc70b9a
slight updates to magentproc docs
2017-12-29 16:35:12 -05:00
b698095c49
slight updates to magentproc docs
2017-12-29 16:30:32 -05:00
e614e9b732
Land #9268 , Update DiskBoss Module (EDB 42395)
2017-12-28 16:39:26 -06:00
ec7625af9f
Damn spaces...
2017-12-22 10:57:11 -05:00
2b33b88fa4
Damn spaces
2017-12-22 10:54:31 -05:00
e088c95a99
Module Cleanup
2017-12-22 10:51:01 -05:00
d657a9dc53
Commvault Remote Command Injection
2017-12-22 10:04:13 -05:00
caae33b417
Land #9170 , Linux UDF for mysql_udf_payload
2017-12-21 20:48:24 -06:00
a2c5cc0ffb
Remove old deprecated modules
2017-12-19 07:56:16 -08:00
8e4b007edc
Move verify_arch to dcerpc_getarch
...
We can use this code elsewhere, such as the MS17-010 scanner.
2017-12-14 02:08:25 -06:00
b99663fb6c
Bring #9282 up to date with upstream-master
2017-12-13 13:16:30 -06:00
d79b0ad981
Land #9286 , Advantech WebAccess webvrpcs BOF RCE
2017-12-12 00:25:56 -05:00
e7a2dd2e71
fixed email
2017-12-11 23:20:46 -06:00
26e2eb8f1a
Changed to good ranking
2017-12-11 23:14:36 -06:00
9a6c54840b
Minor tweak to use vprint...
2017-12-11 16:48:47 -06:00
f8977ed72c
added some fixes
2017-12-11 11:34:17 -06:00
e91830efe7
Add Dup Scout Enterprise login buffer overflow
2017-12-09 02:20:05 -06:00
604b949e23
Updated per review comments.
2017-12-08 10:42:43 -06:00
34ef650b0d
fixed up msftidy, opps.
2017-12-07 17:03:39 -06:00
75a82b3fe7
Advantech WebAccess webvrpcs ViewDll1 Stack-based Buffer Overflow Remote Code Execution Vulnerability
2017-12-07 16:34:26 -06:00
5a81f8091d
change some options for somethinf for sensible
2017-12-07 14:44:36 -05:00
335cc13cab
remove option, advanced Message seems to break it.
2017-12-07 14:17:14 -05:00
7bdc99a153
Fix HANDLER + some default options!
2017-12-07 13:53:39 -05:00
09aa433fdc
Add MESSAGE field for "obfuscation"
2017-12-07 08:04:31 -05:00
8bb6a8f47c
Rename office_dde_delivery to office_dde_delivery.rb
2017-12-06 22:40:37 -05:00
9d11c60d88
Office DDE Payload Delivery
...
Generate / Inject existing RTF files with DDE Payloads!
2017-12-06 21:41:00 -05:00
adba277be0
axe errant spaces at EOL
2017-12-04 16:57:48 -08:00
69b01d26bb
Land #9226 , Microsoft Office OLE object memory corruption
2017-12-04 16:50:27 -08:00
b96dac28d5
fix info segment
2017-12-04 16:42:41 -05:00
4cbb5f2619
added new target
2017-12-01 18:35:45 -06:00
c79186593a
Update DiskBoss Module (EDB 42395)
...
Added a new target option for the
DiskBoss Server.
2017-12-01 15:08:57 -06:00
c788e4e540
Update office_ms17_11882.rb
2017-12-01 11:36:03 -05:00
7df46b33e8
disassembly ASM
2017-12-01 08:03:56 -05:00
2544b4d8db
Change target name
2017-11-28 21:39:04 -05:00
cb7f173811
Update office_ms17_11882.rb
2017-11-28 21:36:25 -05:00
0d79a3a3e2
Add support to Windows .NET Server
2017-11-23 08:35:55 -02:00
960893b99d
change default payload
2017-11-22 06:36:46 -05:00
275f70e77e
better saving
2017-11-21 19:34:04 -05:00
db4c0fcca9
spelling
2017-11-21 19:02:14 -05:00
fcea6fd8d4
actually create new file ;-;
2017-11-21 15:00:06 -05:00
39a4d193a1
Create office_ms17_11882.rb
2017-11-21 14:47:02 -05:00
df2b62dc27
Add Mako Server CMD injection Linux support, update docs, move to multi
2017-11-10 16:28:39 -05:00
ea260e87b7
Remove headers, since we didn't send them before
...
http was an invalid key for setting headers, and we still got a shell.
These headers also don't seem relevant to the PUT request.
2017-11-09 11:06:50 -06:00
7213e6cc49
Fix #9133 , makoserver_cmd_exec cleanup
2017-11-09 10:52:03 -06:00
52888871e3
Land #8747 RCE for Geutebrueck GCore on Windows
2017-11-08 20:22:54 -05:00
7ad151e68b
gcore formatting update
2017-11-08 20:21:40 -05:00
39916ef61a
Land #9133 , Command injection in Mako Server examples
2017-11-08 15:11:01 -06:00
d95b333ae9
Added exploit module for HP LoadRunner command exec vuln CVE-2010-1549.
2017-11-09 03:59:18 +11:00
b7c604f941
Land #9189 , s/patrick/aushack/g
2017-11-08 10:27:03 -06:00
5a07be9b96
Land #9041 , Add LPE on Windows using CVE-2017-8464
2017-11-08 10:09:03 -06:00
2f6da89674
Change author name to nick.
2017-11-09 03:00:24 +11:00
6683ba501f
added one missing change
2017-11-07 20:05:43 +01:00
8963d77bca
multiple changes as requested by h00die
2017-11-07 20:00:56 +01:00
7d1de9bc48
Fix removing the dropped files after exploitation
2017-11-04 18:50:20 -04:00
697031eb36
mysql UDF now multi
2017-11-03 05:26:05 -04:00
70033e2b94
Enable the payload handler by default
2017-11-02 12:31:54 -04:00
b96fa690a9
Add brackets to print functions
2017-10-27 15:23:22 -04:00
8613852ee8
Add Mako Server v2.5 command injection module/docs
2017-10-26 23:29:11 -04:00
f2cba8d920
Land #8933 , Web_Delivery - Merge regsvr32_applocker_bypass_server & Add PSH(Binary)
...
This restores the original PR
2017-10-25 16:29:11 -05:00
ca28abf2a2
Revert "Land #8933 , Web_Delivery - Merge regsvr32_applocker_bypass_server & Add PSH(Binary)"
...
This reverts commit 4999606b614274b76473
2017-10-25 16:19:14 -05:00
4999606b61
Land #8933 , Web_Delivery - Merge regsvr32_applocker_bypass_server & Add PSH(Binary)
2017-10-25 12:44:04 -05:00
df14dc4452
autodetection fixing
2017-10-23 09:07:46 +02:00
7cd532c384
Change targetr to target to fix small typo bug on one failure
...
The target object seems to have a typo where it is referred to as
“targetr” which I’d guess isn’t exactly what we’d like to do in this
case. So, I’ve changed that to “target” in order to work.
So, I’ve simply fixed that small typo.
2017-10-19 19:55:58 -04:00
c67a5872cd
Land #9055 , Add exploit for Sync Breeze HTTP Server
...
Land #9055
2017-10-13 17:34:03 -05:00
3a2c6128be
Support automatic targeting
2017-10-13 16:53:22 -05:00
294230c455
Land #8509 , add Winsxs bypass for UAC
2017-10-11 16:24:52 -05:00
a4bc3ea3c2
Merge branch 'pr9032' into upstream-master
...
Land #9032 , Improve CVE-2017-8464 LNK exploit
Land #9032
2017-10-10 17:11:51 -05:00
c14c93d450
Integrate OfficeScan 11 exploitation and fix grammer issues
2017-10-09 22:11:42 +03:00
ef282ea154
Sync Breeze HTTP Server v10.0.28 BOF
...
Added support for v10.0.28 to Sync Breeze BOF module
2017-10-09 13:50:24 -04:00
fc5ab96ad6
Merging to prep for testing
...
Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master
2017-10-09 10:31:30 -05:00
7df18e378d
Fix conflicts in PR 8509 by mergeing to master
2017-10-09 10:30:21 -05:00
79c9123261
Adding Trend Micro OfficeScan widget rce module
2017-10-08 17:54:18 +03:00
b7184e87c0
fixing a type
2017-10-07 14:16:01 +02:00
8d50c34e4b
codefixing
2017-10-07 14:06:58 +02:00
d9e0d891a1
Land #9010 , Remove checks for hardcoded SYSTEM account name
2017-10-06 13:42:18 -05:00
770547269b
added documentation, and fixed 4 to 2 indentation
2017-10-06 15:39:25 +02:00
9d2e8b1e4d
Land #8003 , Evasions for delivering nops/shellcode into memory
2017-10-05 16:44:36 -05:00
e4d99a14b6
Fix EXITFUNC back to process for the RCE too
2017-10-05 11:38:08 -04:00
4729c885f1
Cleanup the CVE-2017-8464 LPE module
2017-10-05 11:10:37 -04:00
d0ebfa1950
Change the template technicque to work as an LPE
2017-10-05 10:30:28 -04:00
825ad940e6
Update the advanced option names and a typo
2017-10-05 10:16:31 -04:00
482ce005fd
Update the advanced option names and a typo
2017-10-05 10:11:00 -04:00
10dafdcb12
Fix #9036 , broken refs in bypassuac_comhijack
...
Each ref needs to be an individual array.
2017-10-03 13:36:29 -05:00
9ff6efd3a3
Remove broken link
2017-10-02 20:43:55 +05:30
f2f48cbc8f
Update the CVE-2017-8464 module
2017-09-30 18:25:16 -04:00
41e3895424
remove checks for hardcoded name
2017-09-27 07:41:06 +02:00
e8eeb784e4
Land #8960 , spelling/grammar fixes part 3
2017-09-22 18:51:31 -05:00
8de6fa79c1
Tweakz, yo.
2017-09-22 18:49:09 -05:00
c90f885938
Finished spelling issues
2017-09-17 16:00:04 -04:00
d5362333e2
Land #8958 , Add Disk Pulse Enterprise web server buffer overflow
2017-09-15 13:34:22 -05:00
30f833f684
80 pages left
2017-09-13 22:03:34 -04:00
52385f4d9e
fix formatting to fit rubocop
2017-09-13 11:46:57 -05:00
b8c40a9d95
Clean up formatting
2017-09-13 11:13:33 -05:00
3c204f91ef
Correct module title
2017-09-13 11:02:13 -05:00
65f2ee9109
added generate_seh_record
2017-09-13 10:56:32 -05:00
7db506887b
Add exploit code
2017-09-13 10:36:36 -05:00
eb0d174987
Add disk_pulse_enterprise_get module
2017-09-13 10:19:24 -05:00
7b87915e1f
Land #8923 , Add additional error checking to mssql_clr_payload module
2017-09-11 17:39:33 -05:00
5f66b7eb1a
Land #8940 , @h00die's second round of desc fixes
...
One ninja edit along the way as well.
2017-09-11 13:05:13 -05:00
Biswajit Roy
Daniel Teixeira
Aaron Soto
Jacob Robles
Brent Cook
William Vu
zerosum0x0
bwatters-r7
Agahlot
Wei Chen
Brendan Coles
h00die
Pearce Barry
b0yd
Jon Hart
Matthew Kienow
mr_me
Chris Higgins
Austin
William Webb
wetw0rk
vipzen
Steven Patterson
Adam Cammack
Patrick Webster
Maurice Popp
Spencer McIntyre
Steven Patterson
Jeffrey Martin
Kent Gruber
Wei Chen
Mehmet Ince
jakxx
Brent Cook
Christian Mehlmauer
loftwing
Tod Beardsley