909773120c
typos
2016-12-13 17:02:23 +08:00
ebf7ae0739
add CVE-2013-6282, put_user/get_user exploit for Android
2016-12-13 17:02:23 +08:00
b5beb2eb93
throw errors
2016-12-12 21:48:08 -05:00
082a8949e4
Land #7694 , Initial stageless mettle payloads
2016-12-12 13:01:31 -06:00
7aa743b205
Land #7682 , @godinezj's improvements to #7604
2016-12-12 10:54:15 -08:00
deec6eccdf
Update hashcarve.rb
2016-12-12 17:09:04 +11:00
3e80ee1d6a
Better Error Handling
2016-12-12 17:07:47 +11:00
2dca7c871b
applying #7582 to all ftp aux traversals
2016-12-10 16:05:09 -05:00
ccba73b324
Add stageless mettle for Linux/zarch
2016-12-09 18:30:52 -06:00
24cf756f5b
Add stageless mettle for Linux/x86
2016-12-09 18:29:34 -06:00
62a9a31222
Add stageless mettle for Linux/x64
2016-12-09 18:28:29 -06:00
7d36d41b20
Add stageless mettle for Linux/ppc64le
2016-12-09 18:27:22 -06:00
ee7d5fc0c9
Add stageless mettle for Linux/ppc
2016-12-09 18:25:57 -06:00
4570a7198c
Add stageless mettle for Linux/mipsle
2016-12-09 18:24:12 -06:00
25b069f6b4
Add stageless mettle for Linux/mipsbe
2016-12-09 18:23:03 -06:00
7aec68c1fe
Add stageless mettle for Linux/mips64
2016-12-09 18:21:52 -06:00
7a654ca76c
Add stageless mettle for Linux/armle
2016-12-09 18:19:58 -06:00
b74482aa6e
Add stageless mettle for Linux/armbe
2016-12-09 18:18:22 -06:00
12b296ab1a
Add stageless mettle for Linux/aarch64
2016-12-09 18:05:34 -06:00
f0dca7abbf
Land #7692 , print_error for error_sql_injection
2016-12-09 17:09:52 -06:00
2b0bce6459
Land #7690 , drupal_views_user_enum user count fix
2016-12-09 16:55:01 -06:00
4e235be484
Ensure a trailing slash for base_uri
...
Technically, the GET parameters should be in vars_get, but we don't want
to refactor the entire module right now.
2016-12-09 16:53:58 -06:00
8780c325a7
Fixed issues #7691 , silent exit.
...
Add a print statement to alert user what is missing, user could be confused that "show missing" is empty yet something is missing.
2016-12-09 16:20:44 -06:00
77dd952370
Land #7592 , check nil return value when using redis_command
2016-12-09 16:07:12 -06:00
17c12a78f5
Fixed issue #7689 , count of found users not accurate
...
In module drupal_views_user_enum, the count of found users is not accurate.
Fixed it by doing flatten before doing counting.
2016-12-09 15:19:43 -06:00
50f95f9940
Land #7681 , Get ready for stageless mettle
2016-12-09 09:31:47 -06:00
7b4dce5e7e
One left!
2016-12-09 16:27:40 +11:00
74c48f5fa4
I'll get there!
2016-12-09 16:24:49 +11:00
c898e768f6
Struggling with tidyness
2016-12-09 16:00:32 +11:00
586b2d92e2
Corrected status prints
2016-12-09 15:45:30 +11:00
fb360e69c0
Initial Commit
...
This module "carves" a hash in the registries to set it as a user password.
The benefits are:
1/ It doesn't change the password last change field
2/ You can set a hash directly, so you can change a user's password and revert it without cracking its hash.
I have tested it in Windows 7, and 8.1. Should work on every version though.
Usage:
run post/windows/manage/hashcarve user=test pass=<password>
run post/windows/manage/hashcarve user=test pass=<nthash>
run post/windows/manage/hashcarve user=test pass=<lmhash:nthash>
This work is based on the hashdump implementation.
2016-12-09 15:41:01 +11:00
0d41160b03
Sanity checks, errors out with nil ptr if API call fails
2016-12-08 16:14:10 -08:00
a17d1a7e19
Added options for setting the PASSWORD and GROUPNAME
2016-12-08 16:13:31 -08:00
4614b7023d
Land #7604 , @godinezj's post module for creating AWS IAM accounts
2016-12-08 14:26:22 -08:00
aa29fcad80
Update docs and pretty print the loot
2016-12-08 14:25:07 -08:00
70668c289f
Use better loot args
2016-12-08 13:14:36 -08:00
7e0b224eb2
Make ABORT_ON_LOCKOUT non default
2016-12-08 15:07:53 -06:00
162204b338
Support creating a password for the user, etc
2016-12-08 12:56:00 -08:00
0110b97fa2
Fix #7671 , support LOCKED_OUT and DISABLED login status
...
This allows login scanner modules to skip a user if it is
locked out, or disabled.
Fix #7671
2016-12-07 16:49:16 -06:00
ba9ce3fcfb
Land #7665 , Add ABORT_ON_LOCKOUT option for smb_login
2016-12-07 15:52:50 -06:00
a9cb08a352
Token should be passed as nil if not set
2016-12-07 10:16:41 -08:00
b902b4c28a
Update payload sizes
2016-12-07 15:08:45 +10:00
d3a8409a49
prevent further lockouts in smb_login
2016-12-06 21:53:08 -05:00
1c3f0437ed
Move some options back to non-advanced
2016-12-06 17:39:37 -08:00
a13382c80b
Address most of rubocop's nits
2016-12-06 17:10:34 -08:00
8f21a1f68c
move most options to advance, since they never change
...
Also, doc empty username
2016-12-06 16:29:00 -08:00
c5641c9681
Factor out mettle configuration
...
Also cleans up some stuff: s/url/uri/ and base-64 encodes UUIDs
2016-12-06 18:28:48 -06:00
a4f681ae35
Add quoted hex encoding
2016-12-06 09:05:35 -06:00
7346223a65
update payloads
2016-12-06 07:16:44 -06:00
ffee0ff1b6
Fix payload cache size issue, fix shell/bind payloads
2016-12-06 11:12:02 +10:00
4a35f8449a
Fixed issue #7650 by matching Server header using regex as Wei suggested
...
The suggestion by Wei is simpler than the one I checked in which checks for presence of Server header before calling include method.
2016-12-02 20:26:38 -06:00
35fdf1473b
Fixed issue #7650 where etherpad_duo_login module may crash
...
Add check for presence of Server header.
2016-12-02 18:07:18 -06:00
d549c2793f
Fix module filename to be TR-064
2016-12-02 08:49:21 -06:00
9e4e9ae614
Add a reference to the TR-064 spec
2016-12-02 08:48:09 -06:00
ddac5600e3
Reference TR-064, not TR-069
2016-12-02 08:45:15 -06:00
ff8141c1b5
Land #7644 , cred fix for vbulletin_vote_sqli_exec
2016-12-01 15:47:31 -06:00
11906eb540
Fix issue #7645 where dolibarr_login module crashed
...
Add "res" (http response) when trying to retrieve the cookie
2016-12-01 15:38:26 -06:00
41355898fa
Remove extra def report_cred in vbulletin_vote_sqli_exec
2016-12-01 15:31:24 -06:00
9325ef8d8f
Land #7573 , Add WP Symposium Plugin SQLI aux mod to steal credentials
2016-12-01 14:56:30 -06:00
6b5dba72d4
Update description
2016-12-01 14:55:16 -06:00
64bc029106
Fix Ruby style
2016-12-01 14:53:55 -06:00
90ec367a99
Add method to save creds to database
2016-12-01 14:52:51 -06:00
174cd74900
Land #7532 , Add bypass UAC local exploit via Event Viewer module
2016-12-01 11:16:49 -06:00
1e9d80c998
Fix another typo
2016-12-01 11:16:06 -06:00
b8243b5d10
Fix a typo
2016-12-01 11:15:26 -06:00
54684d31bd
Land #7641 , check_conn? fix for cisco_ssl_vpn
2016-11-30 21:14:19 -06:00
032312d40b
Properly check res
2016-11-30 21:03:29 -06:00
72a20ce464
Merge timwr's changes that fix android/reverse_http
2016-12-01 09:59:41 +10:00
1d6ee7192a
Land #7427 , new options for nagios_xi_chained_rce
2016-11-30 17:11:02 -06:00
3e8cdd1f36
Polish up USER_ID and API_TOKEN options
2016-11-30 17:10:52 -06:00
ec83a861c8
Fix issue #7640 where cisco SSL VPN not move despite server responded
...
Add the "return true" statement that was missing.
2016-11-30 16:25:13 -06:00
ebf5121359
Merge branch 'upstream/master' into add-bypassuac-eventvwr
2016-12-01 07:58:16 +10:00
6890e56b30
Remove call to missing function
2016-12-01 07:57:54 +10:00
56505d2cc1
Resolve merge conflict
2016-11-30 14:33:23 -06:00
c70c3701c5
Fix #7628 , concrete5_member_list HTML parser
...
Fix #7628
2016-11-30 14:20:36 -06:00
b6bb1995ad
Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master
2016-11-30 12:00:45 -06:00
c31758e0ea
Land #7627 , Fix typo in payloads/linux/armle/mettle
2016-11-30 11:58:47 -06:00
530e9a9bc6
Land #7633 , fix dell_idrac to stop trying on a user after a valid login
2016-11-30 11:46:31 -06:00
d1be2d735f
Land #7578 , pdf-shaper exploit
...
Land lsato's work on the pdf-shaper buffer overflow
exploit
2016-11-30 11:13:12 -06:00
43cd788350
Switch back to echo as cmdstager flavor
2016-11-30 10:18:09 -06:00
b75fbd454a
Add missing peer in vprint_error
2016-11-30 07:59:41 -06:00
657d52951b
Linemax 63, switch to printf
2016-11-30 07:51:36 -06:00
78480e31e7
remove AutoLoadAndroid
2016-11-30 21:23:14 +08:00
92751714c1
fix android/meterpreter/reverse_http
2016-11-30 20:12:00 +08:00
bdc2e7c3cd
Fix missing stager_config functions, payload sizes
2016-11-30 16:11:51 +10:00
3fad75641d
Final touches to make MSF happy with all refactorings
2016-11-30 11:30:59 +10:00
08b9684c1a
Add a FORCE_EXPLOIT option for @FireFart
2016-11-29 16:37:13 -06:00
57d156a5e2
Revert "XML encode the command passed"
...
This reverts commit 9952c0ac6f
2016-11-29 16:24:26 -06:00
b7904fe0cc
Oh silly delimiters and lack thereof
2016-11-29 15:53:05 -06:00
9952c0ac6f
XML encode the command passed
2016-11-29 15:49:55 -06:00
851aae3f15
Oops, wrong module
...
This reverts commit d55d2099c5
2016-11-29 15:15:18 -06:00
d55d2099c5
Just one platform thanks
2016-11-29 15:08:45 -06:00
4d6b2dfb46
Use CmdStager instead
...
Oh, and this is totally untested as of this commit.
2016-11-29 15:03:38 -06:00
afed1f465e
Fix issue 7632 where MSF keeps trying after success.
...
Thanks to Wei who suggested adding "return :next_user" after success.
2016-11-29 14:57:15 -06:00
8de17981c3
Get rid of the WiFi key stealer
2016-11-29 14:48:04 -06:00
75bcf82a09
Never set DefaultPaylod, reverse target options
2016-11-29 14:43:10 -06:00
f55f578f8c
Title, desc, authors, refs
2016-11-29 14:39:38 -06:00
3c9ebb97be
Land #7624 , Wvu's style fixes
...
land's wvu's style and text fixes for the
OS X archived messages module
2016-11-29 14:05:05 -06:00
497e02955b
Fixed checking for access keys being retrieved
2016-11-29 11:08:55 -08:00
1beeb99d44
Fix issue 7628, username extracted became garbled
...
Make the regular expression less aggressive.
2016-11-29 12:52:57 -06:00
Tim
h00die
Brent Cook
Jon Hart
p3nt4
Adam Cammack
William Vu
Jin Qian
dmohanty-r7
Javier Godinez
wchen-r7
OJ
Rich Whitcroft
Tod Beardsley
William Webb
David Maloney