Commit Graph

2106 Commits (b37dc8ea27b88d54800f51f39d27756ed24f72b5)

Author SHA1 Message Date
William Webb 21e6211e8d add exploit for cve-2016-0189 2016-08-01 13:26:35 -05:00
Brent Cook d1f65b27b8
Land #7151, Improve CVE-2016-0099 reliability 2016-07-29 09:22:11 -05:00
Brendan ee40c9d809
Land #6625, Send base64ed shellcode and decode with certutil (Actually MSXML) 2016-07-28 13:01:05 -07:00
wchen-r7 322fc11225 Fix whitespace 2016-07-27 12:37:14 -05:00
wchen-r7 dbe31766af Update CVE-2016-0099 Powershell 2016-07-27 12:35:43 -05:00
Brent Cook b08d1ad8d8
Revert "Land #6812, remove broken OSVDB references"
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
2016-07-15 12:00:31 -05:00
wchen-r7 8f928c6ca1
Land #7006, Add MS16-032 Local Priv Esc Exploit 2016-07-12 15:22:35 -05:00
wchen-r7 621f3fa5a9 Change naming style 2016-07-12 15:18:18 -05:00
Brent Cook 2b016e0216
Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
William Webb b4b3a84fa5 refactor ms16-016 code 2016-07-05 20:50:43 -05:00
khr0x40sh df1a9bee13 Move ps1, Use Env var, Fix license, New Cleanup
MS16-032 ps1 moved to external file.  This ps1 will now detect windir
to find cmd.exe.  The module now also detects windir to find
powershell.exe.  The license is now BSD_LICENSE, and the required
copyright has been moved to the ps1. The previous optional cleanup stage
 is now standard.  The optional 'W_PATH' assignment is corrected to
select the user's variable unless 'W_PATH' is nil.
2016-06-22 09:25:48 -04:00
Brent Cook ba72d3fd92
Land #6988, Update banners to metasploit.com, not .pro 2016-06-17 15:29:30 -05:00
h00die cd207df6b8 adding karaf to unix lists per 4358 2016-06-15 20:31:48 -04:00
Tod Beardsley fe4cfd7e3e
Update banners to metasploit.com, not .pro 2016-06-14 15:11:04 -05:00
wwebb-r7 ab27c1b701 Merge pull request #6940 from samvartaka/master
Exploit for previously unknown stack buffer overflow in Poison Ivy versions 2.1.x (possibly present in older versions too)
2016-06-08 11:25:51 -05:00
samvartaka 5260031991 Modifications based on suggestions by @wchen-r7 2016-06-08 01:17:15 +02:00
William Vu 9128ba3e57 Add popen() vuln to ImageMagick exploit
So... we've actually been sitting on this vuln for a while now. Now that
the cat's out of the bag [1], I'm updating the module. :)

Thanks to @hdm for his sharp eye. ;x

[1] http://permalink.gmane.org/gmane.comp.security.oss.general/19669
2016-06-02 11:35:37 -05:00
Brent Cook 7b024d1a72
Land #6914, add siem to the namelist 2016-05-24 14:22:44 -05:00
x90" * 365 9d545b0a05 Update namelist.txt 2016-05-24 13:00:59 -04:00
William Vu 2bac46097f Remove url() for MVG
Technically unnecessary here.
2016-05-05 14:18:42 -05:00
William Vu 334c432901 Force https://localhost for SVG and MVG
https: is all that's needed to trigger the bug, but we don't want wget
and curl to gripe. localhost should be a safe host to request.
2016-05-05 14:18:42 -05:00
William Vu decd770a0b Encode the entire SVG string
Because why not? Not like people care about what's around the command.
2016-05-05 14:18:42 -05:00
William Vu 232cc114de Change placeholder text to something useful
A la Shellshock. :)
2016-05-05 14:18:42 -05:00
William Vu 5c04db7a09 Add ImageMagick exploit 2016-05-05 14:18:42 -05:00
wchen-r7 71c8ad555e Resolve #6839, Make Knowledge Base as default
Resolve #6839
2016-05-02 14:12:09 -05:00
wchen-r7 d80d2bb8d3 Land #6825, Fixed borders on code boxes 2016-04-27 11:59:52 -07:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references.
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
2016-04-23 12:32:34 -05:00
Brent Cook 57ab974737 File.exists? must die 2016-04-21 00:47:07 -04:00
wchen-r7 22831695dd
Land #6721, Add additional SOLMAN default creds 2016-03-30 10:48:53 -05:00
Meatballs 4f84c5a3b7
Add additional SOLMAN default creds 2016-03-29 15:53:15 +01:00
f7b053223a9e 629bc00696 Use MSXML decoder instead 2016-03-25 22:52:16 +09:00
wchen-r7 57984706b8 Resolve merge conflict with Gemfile 2016-03-24 18:13:31 -05:00
wchen-r7 76c6f8c19d Move module_doc_template 2016-03-24 17:07:19 -05:00
l0gan e29fc5987f Add missing stream.raw for hp_sitescope_dns_tool
This adds the missing stream.raw.
2016-03-15 11:06:06 -05:00
wchen-r7 d6742c4097 Change <hr> color 2016-03-10 10:44:18 -06:00
wchen-r7 ad0a948ae7 Update module_doc_template 2016-03-08 12:21:20 -06:00
wchen-r7 58b8c35146 Escape HTML for KB and update rspec 2016-03-08 10:10:10 -06:00
wchen-r7 027315eeaa Update post_demo_template 2016-03-05 20:33:40 -06:00
wchen-r7 03eb568af7 Add --- to make sections to stand out more 2016-03-05 15:17:19 -06:00
wchen-r7 f4866fd5f0 Update template and web_delivery doc 2016-03-03 01:27:14 -06:00
wchen-r7 cececa749d Update css 2016-03-03 00:58:17 -06:00
wchen-r7 11964c5c1a Add remote exploit demo and web_delivery doc 2016-03-02 19:52:11 -06:00
f7b053223a9e 19bd7b98f4 Fix minor indenting issue 2016-03-01 11:50:56 +09:00
f7b053223a9e c8c5549b19 Send base64ed shellcode and decode with certutil 2016-03-01 10:48:25 +09:00
wchen-r7 fd8e3e719d real demo 2016-02-26 14:43:53 -06:00
wchen-r7 ed0dfa5725 basic usage 2016-02-26 14:35:07 -06:00
wchen-r7 250ce6fb17 lets be clear 2016-02-26 14:30:12 -06:00
wchen-r7 1c53e53d23 More info about how to write the doc 2016-02-26 14:24:24 -06:00
wchen-r7 e40f1e69db Update default template 2016-02-26 14:18:24 -06:00
wchen-r7 6060c7b09b We make this pretty 2016-02-26 14:15:54 -06:00