Commit Graph

42686 Commits (b82051757d69223f10ae42349689ce0f25c804bd)

Author SHA1 Message Date
TheNaterz 53cbbbacd8 getsystem update session info 2017-05-26 17:28:11 -06:00
HD Moore 123a03fd21 Detect server-side path, work on Samba 3.x and 4.x 2017-05-26 17:02:18 -05:00
HD Moore eebfd9b7f2 Switch to the mixin-provided SMB share enumeration methods 2017-05-26 17:02:06 -05:00
HD Moore e8b5cc3397 Avoid a stacktrace by verifying that the share is known 2017-05-26 17:01:44 -05:00
HD Moore 8caaba01f1 Add share enumeration methods to the SMB mixin 2017-05-26 17:01:18 -05:00
David Maloney ee5f37d2f7
remove nt trans raw sock op
don't send the nt transact packet as raw
socket data, instead use the client send_recv
method
2017-05-26 15:50:18 -05:00
William Webb d4ba28a20b
Land #8457, Update multi/fileformat/office_word_macro to allow custom templates 2017-05-26 15:09:23 -05:00
David Maloney f0f99ad479
nttrans packet setup correctly,everything broken
got the nttrans packet setup correctly but somewhere
along the line i broke the whole exploit wtf?
2017-05-26 14:54:46 -05:00
Renato Piccoli ab8326755d Travis: disable the failing tests. #8444
They have not been executed for a while.
TODO: re-enable them when they succeed again.
2017-05-26 21:25:56 +02:00
Renato Piccoli a91c954361 Fix .travis.yml
- Try to update the bundler before using it.
- Use single quotes (') around the variable definition.
- Echo the final command right before running it.
- Call bash to run the final command.
2017-05-26 21:25:55 +02:00
William Webb f176315942
Land #8462, Remove deprecated windows/fileformat/office_word_macro 2017-05-26 13:38:02 -05:00
h00die 06ccd17d49
land #8466 update to docs for is_known_pipename 2017-05-26 14:14:01 -04:00
h00die b3a5a8840b added ubuntu information 2017-05-26 14:10:26 -04:00
David Maloney b3e99ee9d2
point to local gem copy for testing and dev
remove this later, use a local copy of rubysmb
2017-05-26 12:30:19 -05:00
Metasploit 15b3b7de41
Bump version of framework to 4.14.23 2017-05-26 10:02:14 -07:00
root 9b9d2f2345 Final version of configurable depth 2017-05-26 16:23:22 +02:00
root 33ddef9303 Add documentation, add configurable depth path 2017-05-26 16:14:03 +02:00
wchen-r7 162a660d45 Remove the old windows/fileformat/office_word_macro
windows/fileformat/office_word_macro.rb has been deprecated and
it should have been removed on March 16th.

If you want to create a Microsoft Office macro exploit, please
use the multi/fileformat/office_word_macro exploit instead, which
supports multiple platforms, and will support template injection.
2017-05-26 07:33:46 -05:00
wchen-r7 04a701dba5 Check template file extension name 2017-05-26 07:31:34 -05:00
HD Moore 072ab7291c Add /tank (from ryan-c) to search path 2017-05-26 06:56:41 -05:00
wchen-r7 2835c165d7 Land #8390, Add module to execute powershell on Octopus Deploy server 2017-05-25 17:33:07 -05:00
wchen-r7 330526af72 Update check method 2017-05-25 17:30:58 -05:00
William Vu ae22b4ccf4
Land #8450, Samba is_known_pipename() exploit 2017-05-25 16:36:28 -05:00
HD Moore 4ec5831bd4 Merge pull request #15 from h00die/sambapwn
docs for is_known_pipename
2017-05-25 17:32:06 -04:00
HD Moore 1474faf909 Remove ARMLE for now, will re-PR once functional 2017-05-25 16:14:35 -05:00
HD Moore 2ad386948f Small cosmetic typo 2017-05-25 16:10:37 -05:00
HD Moore 18a871d6a4 Delete the .so, add PID bruteforce option, cleanup 2017-05-25 16:03:14 -05:00
wchen-r7 ee13195760 Update office_word_macro exploit to support template injection 2017-05-25 15:53:45 -05:00
h00die e8a34c5797 updates to docs 2017-05-25 16:53:39 -04:00
William Webb eb1f6fcd8d
Land #8456, Correct typo in exploits/unix/webapp/webmin_show_cgi_exec 2017-05-25 14:17:09 -05:00
David Maloney 0b0e2f64ca
update SMB1 "Freehole" packet
the 'Freehole' packet is now generated with
RubySMB and sent by the client, rather than raw bytes
sent over the bare socket
2017-05-25 13:43:16 -05:00
nks 1a8961b5e3 fied typo 2017-05-25 19:14:59 +02:00
David Maloney bc8ad811aa
remove old anonymous login packet
we are now using the anonymous login from the
RubySMB client we no longer need this method to
manually build the packet
2017-05-25 10:49:42 -05:00
David Maloney 238052a18b
use RubySMB client echo
replaced the manually created echo packet
with the RubySMB client echo command
2017-05-25 10:47:14 -05:00
HD Moore cf7cfa9b2c Add check() implementation based on bcoles notes 2017-05-25 09:49:45 -05:00
h00die 98ad754475 updated OJ info and wvu ubuntu box 2017-05-25 08:09:37 -04:00
itsmeroy2012 92a1a3ecf7 Adding for loop instead of while, removing 'counter' 2017-05-25 15:09:34 +05:30
h00die b1514fcbc0 docs 2017-05-24 22:18:46 -04:00
HD Moore 0520d7cf76 First crack at Samba CVE-2017-7494 2017-05-24 19:42:04 -05:00
David Maloney 4ffe666b52
improve the cred fallback
we might get a successful sessionsetup
but a failure on IPC$ due to anonymous access
2017-05-24 17:36:07 -05:00
David Maloney 4c02b7b13a
added credentialed fallback
if anonymous login is blocked, then the user can
supply credentials for the exploit to try as a fallback
2017-05-24 16:09:51 -05:00
David Maloney dc67fcd5a8
use RubySMB for anonymous login
use the new anonymous login capabilities in
RubySMB
2017-05-24 15:40:05 -05:00
William Vu e4ea618edf
Land #8419, ETERNALBLUE fixes (round two)
Hope I resolved the conflicts correctly.
2017-05-23 17:03:21 -05:00
William Vu 46eb6bdf62
Land #8399, ETERNALBLUE fixes (round one) 2017-05-23 16:51:19 -05:00
William Vu f80c3aa3f4 Correct absolute path 2017-05-23 16:50:25 -05:00
bwatters-r7 461649ed34
Land #8378, Add check in archmigrate to prevent privdesc 2017-05-23 14:37:29 -05:00
Carter c73e7673b1 Please the rubocop god 2017-05-23 15:13:55 -04:00
Carter e945773576 Update archmigrate.rb 2017-05-23 14:40:42 -04:00
Jeffrey Martin b7b1995238
Land #8274, Wordpress admin upload `check` 2017-05-22 22:08:32 -05:00
Brent Cook fc3af168d4
Land #8424, change postgres docker image to alpine and add timezone 2017-05-22 22:07:01 -04:00