bb5fffebc4
Land #8796 , SMBLoris Denial of Service Module.
2017-08-09 16:24:55 -05:00
901a1fdd1b
Minor tweaks.
2017-08-09 15:44:32 -05:00
1b6acd768e
Land #8817 , fixing @jhart-r7's ruby 2.2 blunder
2017-08-09 13:19:20 -07:00
1b6b29c22b
fix error with rdp scanníng
2017-08-09 21:32:15 +02:00
dd79aa3afb
Land #8627 , Add post module multi/gather/jenkins
2017-08-09 10:43:21 -05:00
e64eaf1573
remove additional match? for older ruby compat
2017-08-08 19:51:35 -05:00
3f8ee86e3e
revert match change - this has problems with older ruby versions
2017-08-08 19:47:48 -05:00
0ac19087cd
Land #8720 , add resiliency (retries + sleep) to linux x86 stagers
2017-08-08 19:36:47 -05:00
4ca68a178b
switch reverse_tcp stagers to all prefer StagerRetryCount
...
This leaves ReverseConnectRetries as an alternate spelling.
2017-08-08 19:27:00 -05:00
83212b8b6b
minor code cleanup
2017-08-08 19:26:59 -05:00
bca8e77163
add alias support for datastore options
2017-08-08 19:26:59 -05:00
b35d53bd02
code cleanup in opt_int while we're here
2017-08-08 19:06:51 -05:00
47dc3772a7
add OptFloat datastore option
2017-08-08 19:06:51 -05:00
331279d891
handle fractional seconds
2017-08-08 19:06:46 -05:00
67e86da50b
make SMBLoris run continuously as requested
...
as per ZeroSum's request the module now runs
continuously, refreshing the connections on every pass
until manually killed
2017-08-08 10:16:16 -05:00
a396d860e7
change SleepSeconds to StagerRetryWait
2017-08-08 19:26:24 +09:00
f71ca924c4
Land #8801 , Support padding on the CAN bus.
2017-08-06 21:03:28 -05:00
e1576154fb
Document the new padding option.
2017-08-06 18:34:56 -05:00
cfd377fbd4
Support padding on the CAN bus.
...
Also use a hash for passing options around instead of individual params.
2017-08-06 18:05:59 -05:00
289f03241b
add module documentation
...
add module docs for the new smbloris DoS
2017-08-04 16:10:44 -05:00
15cc2a9dc0
removedthreading stuff, tried keepalives
...
still seem to be topping out at
about 1.3GB allocated
2017-08-04 15:28:01 -05:00
83cd0bc977
Bump version of framework to 4.15.6
2017-08-04 10:07:09 -07:00
7ce813ae6e
Land #8767 , Add exploit module for CVE-2017-8464
...
LNK Code Execution Vulnerability
2017-08-03 17:10:16 -05:00
da3ca9eb90
update some documentation
2017-08-03 17:09:44 -05:00
e73ffe648e
tried adding supervisor model to smbloris
...
tried to overcome issues with slowdown
around the 4500 connection mark by using the
supervisor pattern to terminate the threads on
the backend. this seems to get us further, but we still
hit a slowdown and the allocations die out before
we hit any serious usage
2017-08-03 14:19:35 -05:00
347b79e5f2
Land #8643 , pretty printing for aux/post fail_with
2017-08-03 12:07:55 -05:00
c9da2d56b9
first pass at SMBLoris DoS module
...
the first pass on the DoS module for SMBLoris
running into issues with it topping out around 600MB
2017-08-03 11:32:57 -05:00
81500f7336
Updated Mutex code, reduce the number of times the payload is executed
2017-08-03 10:26:55 -05:00
fcb939c717
Land #8792 , ruby 2.2 compatibility
2017-08-03 16:08:20 +02:00
ddd841c0a8
code style cleanup + add automatic targeting based on payload
2017-08-03 00:27:54 -05:00
b62429f6fa
handle drive letters specified like E: nicely
2017-08-03 00:27:22 -05:00
a12f3c4c23
remove if => unless suggestions from rubocop
2017-08-03 00:26:04 -05:00
c3bc27385e
Added source code for DLL template
2017-08-02 15:47:22 -05:00
46ec04dd15
Removed This PC ItemID & increased timeout in WaitForSingleObject
...
Remove the This PC ItemID to bypass (some) AV.
Timeout for WaitForSingleObject is set to 2,5s. After this timeout a
mutex is released allowed a new payload to be executed.
2017-08-02 15:47:22 -05:00
e6e94bad4b
Replace CreateEvent with CreateMutex/WaitForSingleObject
...
Time out is set to 1500 ms to prevent running the payload multiple times
2017-08-02 15:47:22 -05:00
e51e1d9638
Added new DLL templates to prevent crashing of Explorer
2017-08-02 15:47:21 -05:00
67dddd2402
Typo reported by @nixawk
2017-08-02 15:47:21 -05:00
3229320ba9
Code review feedback from @nixawk
2017-08-02 15:46:51 -05:00
565a3355be
CVE-2017-8464 LNK Remote Code Execution Vulnerability
...
This module exploits a vulnerability in the handling of Windows
Shortcut files (.LNK) that contain a dynamic icon, loaded from a
malicious DLL.
This vulnerability is a variant of MS15-020 (CVE-2015-0096). The
created LNK file is similar except in an additional
SpecialFolderDataBlock is included. The folder ID set in this
SpecialFolderDataBlock is set to the Control Panel. This is enought to
bypass the CPL whitelist. This bypass can be used to trick Windows into
loading an arbitrary DLL file.
2017-08-02 15:46:30 -05:00
24d323d4ed
remove more instances of positive?
2017-08-02 12:47:34 -05:00
6f97e45b35
enable Ruby 2.2 compat checks in Rubocop, correct multi/handler compat
2017-08-02 06:18:02 -05:00
ff189147e7
rb-readline made a release, use 0.5.5 instead of git HEAD
2017-08-02 06:09:27 -05:00
54ded4300e
Land #8791 - Update Accuvant refs to point to Optiv
2017-08-02 13:26:52 +10:00
8989d6dff2
Modified Accuvant bog posts to the new Optive urls
2017-08-02 13:25:17 +10:00
bb2304a2d1
Land #8769 , improve style, compatibility, for ssh modules
2017-08-01 21:43:32 -05:00
1d75a30936
update style for other ssh exploits
2017-08-01 16:05:25 -05:00
390f4d52db
add ed25519 support for net-ssh
2017-08-01 16:05:25 -05:00
e27b0c7589
remove conditional assignment warning
2017-08-01 15:19:13 -05:00
8c9fb1d529
remove unneeded netssh checks in modules
2017-08-01 14:46:10 -05:00
4395f194b1
fixup style warnings in f5 bigip privkey exploit
2017-08-01 14:45:05 -05:00
Pearce Barry
Jon Hart
Christian Mehlmauer
bwatters-r7
Brent Cook
David Maloney
tkmru
Metasploit
William Vu
Yorick Koster
OJ
TC Johnson