77b3673e38
Fix reverse_php_ssl infinite loop
2018-02-22 08:42:54 +00:00
7e665ab287
check for extra libraries explicitly, fail gracefully
2018-02-21 21:54:58 -06:00
3880f6a65e
Finally fix "Unknown admin user ''" after 2yrs
...
The failed password auth was necessary after all. I misread the PoC. :'(
Apparently the password auth sets the username, while the backdoored
keyboard-interactive auth sets the password.
2018-02-21 20:44:35 -06:00
cc2495dd9c
Explain fortinet-backdoor -> FortinetBackdoor
2018-02-21 17:05:30 -06:00
a5d78b82d4
Add require for Net::SSH::CommandStream
2018-02-21 15:51:53 -06:00
854ac67b8e
Use start_session in fortinet_backdoor
...
Still get "Unknown admin user ''" from a shell channel request,
@busterb's more complete implementation notwithstanding.
Hoping we fix this in a subsequent commit or related PR.
Please see #6612 and #9524 .
2018-02-21 15:33:34 -06:00
af45c1764b
Tweak exception handling and timing of `ms17_010_eternalblue`
2018-02-21 13:40:04 -06:00
78822fd799
Land #9524 , prefer 'shell' channels over 'exec' channels for ssh CommandStream
2018-02-21 06:59:09 -06:00
9cbc55ce40
Land #9593 , finger_users regex fix
2018-02-21 01:27:40 -06:00
bda7fefa7f
Land #9444 - `hsts_eraser` module and docs
2018-02-20 21:22:55 -06:00
b2cb4c425d
Land #9594 , CloudMe Sync v1.10.9 Buffer Overflow
2018-02-20 17:49:19 -06:00
6a62ca15e7
Remove NOPS
...
[ticket: #9594 ]
2018-02-20 17:40:33 -06:00
745ad4d727
CloudMe Sync Client BoF
2018-02-20 21:57:13 +00:00
d6206dc046
Better regex in finger_users
2018-02-20 15:48:00 -06:00
107a41a4ce
Land #9561 , Disk Savvy Enterprise v10.4.18 built-in server buffer overflow
2018-02-20 15:42:12 -06:00
d02bf40d69
Modified Exploit
...
Remove NOPS that weren't needed and freed up space for a larger payload.
[ticket: #9561 ]
2018-02-20 15:35:43 -06:00
f10d58bc2d
upgrade osx shells to osx meterpreter
2018-02-21 02:54:38 +08:00
05e002e3c5
Land #9366 , Add x64 staged Meterpreter for macOS
2018-02-19 23:15:03 -06:00
69c7e83a55
Land #9164 , add OWA 2016 support
2018-02-19 23:12:27 -06:00
74c6e21f49
Lands #9504 , MagniComp SysInfo privilege escalation
2018-02-19 22:47:33 -06:00
56c00a8cb6
initial OWA 2016 support
2018-02-19 21:43:49 -06:00
9e3f12665e
Plaintext for console type to see what's going on.
2018-02-17 20:11:05 +01:00
e877151895
Attempt at clarifying network exchange using Telnet class IAC related constants.
2018-02-17 14:00:57 +01:00
ac7fe99a2b
specify a python encoding for the module
2018-02-16 16:17:52 -06:00
242f2d3117
Land #9512 , Add Claymore Dual GPU Miner<= 10.5 DoS module
2018-02-16 10:46:48 -06:00
354eb4092a
Reverse TCP x64 RC4 via max3raza's rc4_x64 asm
...
To round out the work done by mihi for x86 stages back in the day,
this PR provides x64 Windows stage encryption in RC4 via assembly
written/modified by max3raza during adjacent work on DNS tunneled
transport.
Stage encryption differs from encoding in that there is no decoder
stub or key materiel carried with the stage which can be used by
defensive systems to decode and identify the contents. Persistence
payloads, oob-delivered stage0, and other contexts benefit heavily
from this as their subsequent stage is difficult to detect/identify,
and the chance of accidental execution of the wrong payload/stage
is drastically reduced if separate keys are in play for individual
targets - acquiring the wrong stage will result in decryption
failure and prevent further execution.
For historical context, all of the RC4 stagers implement in-place
decryption via stage0 for the contents of stage1 using the provided
passphrase converted to a key and embedded in stage0 as part of the
payload.
Testing:
In-house testing with Max - we got sessions, loaded extensions.
Notes:
All credit for the work goes to Max3raza - big ups for getting
this knocked out.
2018-02-16 05:15:05 -05:00
25d2b551d8
Land #9539 , add bind_named_pipe transport to Windows meterpreter
2018-02-15 17:39:32 -06:00
d28f6888b2
bump payloads, include bind_named_pipe support
2018-02-15 17:37:33 -06:00
b533ec6019
Land #9509 , Ulterius Server < v1.9.5.0 Directory Traversal
...
Land #9509
2018-02-15 16:34:31 -06:00
949b474a0a
Avoid target_uri.path
...
It doesn't look like target_uri.path is suitable for this scenario,
because it causes our input to be modified and hard to use.
2018-02-15 16:31:09 -06:00
38b03fdfff
Merge branch 'upstream-master' into land-9539-
2018-02-15 16:22:13 -06:00
5467f4c97e
Add header
2018-02-15 16:19:54 -06:00
e86169c217
Clean up Telnet IAC negotation and xplain obscure hex bytes.
2018-02-15 23:08:17 +01:00
c4c864f391
Land #9558 , Fix #9417 , map timeout exp to a var for telnet_encrypt_overflow
2018-02-15 15:54:23 -06:00
67dc579fd3
update magic numbers
2018-02-15 15:10:26 -06:00
651ddbb7eb
Disk Savvy Server Buffer Overflow
2018-02-15 10:09:07 +00:00
929027ab96
Disk Savvy Server Buffer Overflow
2018-02-14 20:35:32 +00:00
ef948ccc38
Fix #9417 , map timeout exp to a var for telnet_encrypt_overflow
...
Fix #9417
2018-02-14 09:19:28 -06:00
7cfc17860d
udp_probe is necessary for pivot scans
2018-02-14 08:45:46 -06:00
ef13f01820
Remove actually deprecated modules
2018-02-14 08:43:20 -06:00
234f5a316b
Revert "Remove old deprecated modules"
...
This reverts commit a2c5cc0ffb
2018-02-14 08:42:44 -06:00
5063415b79
Land #9552 , add private_type for stored tomcat pw
...
Fixes #9513
2018-02-13 19:25:27 -05:00
5fbeb74f0c
Remove osx platform and fix date.
2018-02-13 23:57:53 +01:00
0259e794ba
OSGi console remote command execution.
2018-02-13 23:38:18 +01:00
3811665b69
Land #7699 , Add UDP handlers and payloads (redux)
2018-02-13 14:50:09 -06:00
d56111a33c
update cache sizes from new tests
2018-02-13 14:34:21 -06:00
fbeba8bfd2
Fix #9513 , Add private_type to be able to store password for Tomcat
...
If there is no :private_type, the create_credential method in
Metasploit::Credential::Creation will quietly skip the password,
which makes it look like a bug when the user is trying to view
the password from the creds command.
Fix #9513
2018-02-13 14:31:56 -06:00
2221779ddd
update package namespaces
2018-02-13 13:33:36 -06:00
de24451035
Correct Typo
2018-02-13 15:57:09 +05:30
fe46f635db
Changes as requested by bcoles
2018-02-13 10:54:42 +01:00
ecb5fffb0b
Typo fix: "withint" --> "within"
2018-02-13 06:20:57 +13:00
bad1429989
reverted CachedSize values
2018-02-11 19:07:41 -07:00
8ae8a0d94b
added bind_named_pipe payload
2018-02-11 18:56:50 -07:00
285b329ee1
Land #9422 abrt race condition priv esc on linux
2018-02-11 11:58:39 -05:00
add7ae8fa1
Land #9536 , Add Ubuntu notes to documentation
2018-02-11 07:27:00 -06:00
321b78b0fe
Land #9408 , Add Juju-run Agent Privilege Escalation module (CVE-2017-9232)
2018-02-11 07:19:49 -06:00
4e5cbd68b9
Add Ubuntu notes to documentation
2018-02-11 06:52:36 +00:00
1177efef89
Update tested versions
2018-02-10 16:32:20 +00:00
0d573e1434
Support shell sessions
2018-02-09 16:15:04 -05:00
45249d582d
Add partition check
2018-02-09 16:15:04 -05:00
0ba37f8104
Add glibc $ORIGIN Expansion Privilege Escalation exploit
2018-02-09 16:15:04 -05:00
cb1b59545b
Land #9469 linux local exploit for glibc ld audit
2018-02-09 14:00:42 -05:00
f606773096
Add module for HP iLO CVE-2017-12542 authentication bypass
2018-02-09 11:14:20 +01:00
44b08feeb0
Land #9525 , Update mysql_hashdump for MySQL 5.7 and above
2018-02-08 13:56:26 -06:00
1bb5499fce
fix whitespace
2018-02-08 13:55:40 -06:00
c642d420c2
Land #9489 , Add scanner for the Bleichenbacker oracle (AKA: ROBOT)
2018-02-08 12:55:02 -06:00
c9a3894bdb
Removed require statements
2018-02-08 12:00:47 -06:00
00ead05237
Update for MySQL 5.7 and above
...
Starting from MySQL 5.7 the password column was changed to authentication_string. I've added a check to determine the version. Tested on both MySQL 5.6 and 5.7.
2018-02-08 13:40:35 +00:00
5b251ae672
Support shell sessions on Debian
2018-02-08 11:29:09 +00:00
b1d0529161
prefer 'shell' channels over 'exec' channels for ssh
...
If a command is not specified to CommandStream, request a "shell"
session rather than running exec. This allows targets that do not have a
true "shell" which supports exec to instead return a raw shell session.
2018-02-08 02:21:16 -06:00
ca4ad1d0c4
Land #9478 , Improve Dup Scout BOF exploit
2018-02-07 23:51:14 -06:00
724a0e29f6
Update Parsing, Added Rescue
2018-02-07 19:19:58 -06:00
1af1631ef6
bump cached payload sizes
2018-02-07 08:06:37 -06:00
1de8ec1073
Implemented Suggested Changes
...
Updated documentation headings and function/filename formatting.
Updated module options and formatting. Added check for file to parse.
2018-02-07 08:01:54 -06:00
0abee0303f
add change
2018-02-07 03:48:36 +08:00
278e9a92fc
add module and documentation
2018-02-06 20:30:34 +08:00
1233bb855c
msftidy checks
2018-02-05 22:54:03 -06:00
1e9e9c9be0
Ulterius Server < v1.9.5.0 Directory Traversal
...
Adds documentation and module for Ulterius Server
directory traversal vulnerability.
2018-02-05 22:50:09 -06:00
41dbae29a6
Add MagniComp SysInfo mcsiwrapper Privilege Escalation exploit
2018-02-05 13:47:09 +00:00
696817215b
Update tested versions
2018-02-05 04:48:52 +00:00
e158ccb20b
Support cleanup for meterpreter sessions
2018-02-04 04:38:53 +00:00
74ab02f27b
Support meterpreter sessions
2018-02-03 11:55:08 +00:00
eae9c60430
Disclaimer and wget support added and syntax errors fixed.
2018-02-03 02:18:30 -03:00
51e098da35
Add scanner for Bleichenbacher oracle (ROBOT)
2018-02-02 16:29:07 -06:00
c9473f8cbc
Land #9473 , new MS17-010 aux and exploit modules
2018-02-01 23:56:29 -06:00
ffc7e078e2
don't disconnect until cleanup
2018-02-01 21:46:56 -07:00
7cb0a118c1
Land #9399 a linux priv esc against apport and abrt
2018-02-01 21:54:54 -05:00
3c21eb8111
Update documentation
2018-02-02 02:27:13 +00:00
bc18389284
Updated Document and Module
...
Update the documentation based on analysis of the vulnerability.
Slight modifications to the exploit module as well to reduce the
size of the generated file and reduce bad characters.
2018-02-01 10:05:50 -06:00
812d7ca739
Update native DNS spoofer for Dnsruby
...
Fix methods relating to answer/question data structures which were
set up for Net::DNS objects in the original implementation
utilizing uppercase letters in the exact same method names.
Testing:
None yet, completely forgot i even wrote this module till i saw
it in my merge conflicts after upstream merged the PR.
2018-01-31 23:44:51 -05:00
0d80ca6f79
Change documentation extension from rb to md
2018-01-31 23:26:30 +00:00
beb4d56f7d
Land #9354 , Debut embedded httpd server (Brother printers) DoS
2018-01-31 17:03:13 -06:00
8be2b1f59e
Land # 9407, Add BMC Server Automation RSCD Agent RCE exploit module
...
Merge branch 'land-9407' into upstream-master
2018-01-31 13:35:29 -06:00
656bb7f567
Modified DupScout Fileformat Exploit
2018-01-30 09:12:05 -06:00
0ce125ec55
more fixes
2018-01-30 17:54:10 +08:00
39c07e2289
add references
2018-01-30 17:52:01 +08:00
08dcb5cc49
Land #9445 fixes for ssl labs scanner module
2018-01-29 20:51:05 -05:00
d4a0372238
Land #9457 , Dup Scout Enterprise v10.4.16 - Import Command Buffer Overflow
2018-01-29 11:40:54 -06:00
7cc00c0e10
fixed padding/offsets for win 10
2018-01-28 21:10:51 -07:00
237c3f7b2c
crash 10.14393... should fail to leak transaction
2018-01-28 18:52:43 -07:00
2723b328aa
misc tidying, added more randomness
2018-01-28 18:20:18 -07:00
6c2d5b1fc2
semi-completed exploit files
2018-01-28 18:13:25 -07:00
092eb0cd11
Add glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation exploit
2018-01-28 05:11:38 +00:00
23f4bf1583
Add documentation
2018-01-27 03:15:06 +00:00
54c6aa7629
Add full disclosure URL
2018-01-26 15:35:18 +07:00
c390696ddf
Land #9379 , Oracle Weblogic RCE exploit and documentation
2018-01-25 21:47:18 -06:00
309deb9ee7
Land #9446 , Post API fix for setuid_nmap
2018-01-25 16:00:40 -06:00
62573731fe
remove empty line
2018-01-24 20:54:21 -05:00
4be0e7f9ef
final fixes for brother debut dos
2018-01-24 20:53:08 -05:00
4cd5801e6f
Dup Scout Import Command Buffer Overflow
2018-01-24 20:47:46 +00:00
6caba521d3
Land #9424 , Add SharknAT&To external scanner
2018-01-24 12:40:29 -05:00
eb572a3ef5
Land #8632 , colorado ftp fixes
2018-01-23 17:45:07 -06:00
a27cfeaea9
Land #9416 , Sync Breeze Enterprise 9.5.16 Import Command buffer overflow
...
Merge branch 'land-9416' into upstream-master
2018-01-23 16:35:51 -06:00
3922844650
ninja style changes
2018-01-23 16:34:49 -06:00
d81d50b491
Land #9430 , Improve Hyper-V checkvm checks
2018-01-23 15:22:12 -06:00
685a950077
Land #9114 , Add module for Kaltura <= 13.1.0 RCE (CVE-2017-14143)
...
Merge branch 'land-9114' into upstream-master
2018-01-23 12:35:59 -06:00
5684b9ed7c
Readd dropped return during refactoring
2018-01-23 10:12:15 -06:00
be08af5404
More Python style fixes
2018-01-23 09:17:22 -06:00
d3b3946669
Use Msf::Post::File#setuid? in setuid_nmap
2018-01-23 02:05:26 -06:00
ed47efdadc
Silence tidy failures
2018-01-23 02:03:50 -05:00
721163bd67
Python shell via reverse UDP
...
Python-based UDP egress shell, another PoC of the protocol used
as a raw transport.
2018-01-23 02:00:56 -05:00
ef1d4ddb03
Add UDP handlers and payloads (redux)
...
This is a repackaging effort for the work i originally pushed in
6035. This segment of the PR provides UDP session handlers for
bind and reverse sessions, a Windows Metasm stager (really the
TCP stager with a small change), and a pair of socat payloads for
testing simple UDP shells. Netcat or any scripting language with
a sockets library is sufficient to use these sessions as they are
stateless and simple.
Testing of this PR requires rex/core #1 and rex/socket #2
The SSL testing which was being done on 6035 is backed out, left
for a later time when we can do DTLS properly.
2018-01-23 02:00:55 -05:00
03d1523d43
Land #6611 , add native DNS to Rex, MSF mixin, sample modules
2018-01-22 23:54:32 -06:00
a6e5944ec5
fix msftidy, add nicer errors on bind failure
2018-01-22 23:37:39 -06:00
aae77fc1a4
Land #9349 , GoAhead LD_PRELOAD CGI Module
2018-01-22 23:10:36 -06:00
621868b7fb
Add CVE numbers
2018-01-23 11:26:39 +07:00
d1569f8280
Land #9413 , Expand the number of class names searched when checking for an exploitable JMX server
2018-01-22 16:49:01 -06:00
10fde42adc
Land #9431 , Fix owa_login to handle inserting credentials for a hostname
2018-01-22 16:46:39 -06:00
b12953fa85
Land #9404 , update module author
2018-01-22 16:41:50 -06:00
04d305feb3
update SSL Labs scanner with new API, be robust
...
This updates the SSL Labs scanner to know about new additions to the API, and prevents the module from breaking again just because there is new JSON in the output. I couldn't figure out how to get the Api class to print messages normally, and there is some other output that needs to be added. But the module does work again.
2018-01-22 16:32:16 -06:00
ae93162faf
HSTS eraser module
2018-01-22 18:53:16 -03:00
394c31c1e3
Remove NoMethod Rescue for cerberus_sftp_enumusers
...
Please see reasons in #9436
2018-01-22 11:10:23 -06:00
38d056b930
Land #9436 - Fix cerberus_sftp_enumusers undefined method start for nil
...
Land #9436
Thanks Steve!
2018-01-22 11:07:23 -06:00
85d018096b
Pass password_prompt and non_interactive to fix #8970
...
Fix #8970
2018-01-22 11:06:12 -06:00
682c915a09
Land #9267 , Add targets to sshexec
2018-01-22 09:59:48 -06:00
b734af4e79
Add my advisory URL
2018-01-22 22:00:48 +07:00
c1fe355329
Create exploit for AsusWRT LAN RCE
2018-01-22 21:44:02 +07:00
69818aea22
update payload sizes
2018-01-21 08:03:07 -06:00
2a6b3671bf
Add connection addr+port info to http response object.
...
Update owa_login to use this instead of doing lookups on its own.
2018-01-19 13:37:33 -06:00
8f75d3a46b
Possible fix to changes in net::ssh usage
2018-01-19 15:10:14 +00:00
c7d3b5dfbb
Update payload and disable check functionality
...
The check functionality is broken as MSF cannot handle HttpServer and HttpClient at this time.
The payloads were updated to ensure CVE-2017-10271 is being exploited instead of CVE-2017-3506 as explained on https://blog.nsfocusglobal.com/threats/vulnerability-analysis/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability/
2018-01-18 13:26:44 -05:00
7849743789
update stageless python sizes
2018-01-18 00:41:58 -06:00
e9ce2374e5
Auto-resolve target if it's a hostname (owa_login).
...
Ensures the module does save the creds which it claims to be saving. See MS-2968.
2018-01-17 16:47:21 -06:00
9328374155
Update 'author' field of metadata
2018-01-17 16:43:37 -06:00
0f0b116751
Rename scanner bits to avoid confusion
2018-01-17 14:46:31 -06:00
10cf327c26
Improve Hyper-V tests in checkvm
...
All Win10 machines, physical and virtual, were being reported as 'Hyper-V' (false positives)
Added functionality to extract hostname of physical hypervisor from VM registry
2018-01-17 14:29:03 -06:00
4c11eae774
Maybe that timeout is needed.....
2018-01-17 13:21:36 -06:00
c7894f1d74
Split long lines and add comments
2018-01-17 12:04:12 -06:00
35bec8d3cd
Fixed classes names and added RMI interfaces
2018-01-17 17:10:36 +01:00
d345008b20
Added all the classes that implement RMI server
2018-01-17 17:03:32 +01:00
f439edfa1a
Fixes by the fabled wvu
2018-01-17 08:20:52 -06:00
d6e966b079
Land #9414 , wp_admin_shell_upload - remove plugin dir after exploitation
2018-01-16 21:08:22 -06:00
37bf68869f
Add scanner for the open proxy from 'SharknAT&To'
2018-01-16 21:05:19 -06:00
5e11d36351
Add ABRT raceabrt Privilege Escalation module
2018-01-16 14:52:33 +00:00
1c156c3d3c
Add powershell payload to module
2018-01-16 14:30:02 +00:00
4ade798cef
Fix check for juju-run path
2018-01-16 07:19:48 +00:00
e5bd36da1c
Land #9402 , NIS bootparamd domain name disclosure
2018-01-15 15:36:00 -06:00
aa9b5e4419
Sync Breeze Enterprise Import Command
2018-01-15 20:46:40 +00:00
2f9eebe28b
remove plugin dir
2018-01-15 14:48:59 +01:00
dfb9941e95
Fix java_jmx_server exploit
...
Add test case when discovering RMI endpoint as the previous one was not complete
2018-01-15 12:13:09 +01:00
333ee893d3
Tidied up platform detection, check method, and minor typos.
2018-01-14 18:28:40 +00:00
e1cbe4e906
Rename apport_chroot_priv_esc to apport_abrt_chroot_priv_esc
2018-01-14 08:33:43 +00:00
c234d0523a
Add support for abrt on Fedora
2018-01-14 08:33:10 +00:00
c94763bfe0
Add Juju-run Agent Privilege Escalation module
2018-01-14 05:57:17 +00:00
736d438813
Address second round of feedback
...
Brain fart on guard clauses when I've been using them all this time...
Updating the conditions made the ternary fall out of favor.
Changed some wording in the doc to suggest the domain name for a
particular NIS server may be different from the bootparamd client's
configuration.
2018-01-13 22:55:01 -06:00
6568d29b67
Add BMC Server Automation RSCD Agent RCE exploit module.
2018-01-14 01:12:55 +00:00
1a8eb7bf2a
Update nis_ypserv_map after bootparam feedback
...
Yes, yes, I see the off-by-one "error." It's more accurate this way.
Basically, we want to ensure there's actually data to dump.
2018-01-13 15:40:17 -06:00
c080329ee6
Update module after feedback
...
Looks like I can't decide on certain style preferences.
Not keen on using blank?, but I've used it before. Time to commit?
Also, fail_with has been fixed for aux and post since #8643 . Use it!
2018-01-13 15:40:11 -06:00
2f3e3b486a
Use cross-compiled exploit
2018-01-13 05:44:42 +00:00
d172259f5d
umlaut
2018-01-13 16:06:11 +11:00
eb8429cbd3
Revert "umlaut"
...
This reverts commit ffd7073420
2018-01-12 22:57:22 -06:00
ffd7073420
umlaut
2018-01-13 15:48:45 +11:00
1f1dc59d17
Land #9392 , python meterpreter whitespace normalization
2018-01-12 21:24:13 -06:00
2916c5ae45
Rescue Rex::Proto::SunRPC::RPCTimeout
...
Coincidentally, this also fixes the rescue in the library, since
rescuing Timeout instead of Timeout::Error does nothing.
2018-01-12 19:34:59 -06:00
0c9f1d71d3
Add NIS bootparamd domain name disclosure
2018-01-12 19:34:53 -06:00
842736f7b1
register_dir_for_cleanup
2018-01-12 14:21:43 +00:00
488f27bf76
Small Typo
2018-01-12 07:05:30 -05:00
c65c03722c
Migrate native DNS services to Dnsruby data format
...
Dnsruby provides advanced options like DNSSEC in its data format
and is a current and well supported library.
The infrastructure services - resolver, server, etc, were designed
for a standalone configuration, and carry entirely too much weight
and redundancy to implement for this context. Instead of porting
over their native resolver, update the Net::DNS subclassed Rex
Resolver to use Dnsruby data formats and method calls.
Update the Msf namespace infrastructure mixins and native server
module with new method calls and workarounds for some instance
variables having only readers without writers. Implement the Rex
ServerManager to start and stop the DNS service adding relevant
alias methods to the Rex::Proto::DNS::Server class.
Rex services are designed to be modular and lightweight, as well
as implement the sockets, threads, and other low-level interfaces.
Dnsruby's operations classes implement their own threading and
socket semantics, and do not fit with the modular mixin workflow
used throughout Framework. So while the updated resolver can be
seen as adding rubber to the tire fire, converting to dnsruby's
native classes for resolvers, servers, and caches, would be more
like adding oxy acetylene and heavy metals.
Testing:
Internal tests for resolution of different record types locally
and over pivot sessions.
2018-01-12 05:00:00 -05:00
8bbffd20cd
Add Apport chroot Privilege Escalation exploit
2018-01-12 07:25:35 +00:00
04e4ff6b3c
Use stop_service to avoid cleanup overload
2018-01-11 19:14:26 -05:00
40f54df129
Feedback updates
2018-01-11 18:54:58 -05:00
172ffdfea1
Use geturi instead of building it ourselves
2018-01-11 18:27:56 -05:00
e6c4fb1dab
Land #9269 , Add a new target for Sync Breeze Enterprise GET BoF
...
Land #9269
2018-01-11 16:54:23 -06:00
f395e07fc6
Land #9269 , add new target for Sync Breeze Enterprise GET BoF
...
Land #9269
2018-01-11 16:53:02 -06:00
d4056e72da
Lower the default timeout for CHECK
2018-01-11 17:38:30 -05:00
3617a30e34
Add URIPATH random URI
2018-01-11 17:33:14 -05:00
a28d4a4b5b
Add check and update for some style considerations
2018-01-11 17:28:09 -05:00
0d9a40d2e5
Use target['Platform'] instead of target_platform
2018-01-11 15:44:07 -05:00
c490d642e2
Was missing a comma
2018-01-11 09:42:24 -05:00
3132566d8f
Fix OptFloat error
2018-01-11 09:22:16 -05:00
c05b440f26
Fix additional feedback
...
This
* uses ternary operators
* uses an `RPORT` option shortcut
* removes the `xml_payload` variable and instead more explicitly uses the method directly
* Uses `OptFloat` for the timeout option to allow partial seconds
2018-01-11 08:17:13 -05:00
4b225c30fd
Land #9368 , ye olde NIS ypserv map dumper
2018-01-10 22:02:36 -06:00
f66b11f262
Nix an unneeded variable declaration
2018-01-10 20:24:02 -06:00
6510ee53bc
Land #9204 , Add exploit for Samsung SRN-1670D (CVE-2017-16524)
...
Land #9204
2018-01-10 20:15:29 -06:00
18c179a091
Update module and add documentation
...
This updates the module to pass:
* msftidy
* Ruby style guidelines
* Proper usage of Metasploit API
* Mostly other cosmetic fixes
A documentation is also added.
2018-01-10 20:13:42 -06:00
b66889ac86
Rescue additional errors and refactor code
...
https://jvns.ca/blog/2015/11/27/why-rubys-timeout-is-dangerous-and-thread-dot-raise-is-terrifying/
2018-01-10 20:11:25 -06:00
7e2c7837e5
Land #9325 , Add CVE-2017-6090 phpCollab 2.5.1 file upload exploit module
...
Land #9325
2018-01-10 17:39:50 -06:00
b1f3f471f3
Update phpcollab_upload_exec code (also module documentation)
2018-01-10 17:38:52 -06:00
dd737c3bc8
Land #9317 , remove multiple deprecated modules
...
Land #9317
The following modules are replaced by the following:
auxiliary/scanner/discovery/udp_probe
is replaced by:
auxiliary/scanner/discovery/udp_sweep
exploit/unix/webapp/wp_ninja_forms_unauthenticated_file_upload
is replaced by:
exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload
exploit/windows/misc/regsvr32_applocker_bypass_server
is replaced by:
exploits/multi/script/web_delivery
2018-01-10 15:47:20 -06:00
550e9a3d31
fix payload cached size
2018-01-10 15:06:08 +08:00
Trevor Sibanda
Brent Cook
William Vu
Aaron Soto
Jacob Robles
Daniel Teixeira
James Lee
Tim W
Chris Higgins
Quentin Kaiser
RageLtMan
Wei Chen
HD Moore
Spencer McIntyre
Jeffrey Martin
Agahlot
Fab
follower
UserExistsError
h00die
Pearce Barry
Brendan Coles
Osanda Malith Jayathissa
青鸟
bluebird
UnaPibaGeek
Adam Cammack
zerosum0x0
bwatters-r7
Pedro Ribeiro
Matthew Kienow
Steve Embling
Kevin Kirsche
Philippe Tranca
attackdebris
Christian Mehlmauer
Nicky Bloor