d885420aff
This changes the version requirement for adobe_flash_hacking_team_uaf.rb
...
Because it works for Win 8.1 + IE11 too
2015-07-07 12:42:56 -05:00
d30688b116
Add more requirement info
2015-07-07 12:33:47 -05:00
d9aacf2d41
Add module for hacking team flash exploit
2015-07-07 11:19:48 -05:00
8892cbdd10
Fix some minor things
2015-07-02 14:32:16 -05:00
95f19e6f1f
Minor description edits for clarity
...
Edited modules/exploits/multi/browser/adobe_flash_nellymoser_bof.rb
first landed in #5642 , Adobe Flash CVE-2015-3113 Nellymoser Audio
Decoding BOF
Edited modules/post/windows/gather/credentials/enum_laps.rb first landed
in #5590 , @Meatballs1 adds MS LAPS Enum post mod
Edited modules/post/windows/gather/enum_ad_bitlocker.rb first landed in
Keys from AD
2015-07-02 13:51:37 -05:00
3b9ba189f7
Add CVE-2015-3043 information
2015-07-01 19:56:35 -05:00
93c74efb97
Add Ubuntu as a tested target
2015-07-01 18:43:22 -05:00
ee118aa89d
Fix description
2015-07-01 13:30:22 -05:00
1de94a6865
Add module for CVE-2015-3113
2015-07-01 13:13:57 -05:00
1d50bda609
initial add of blank file
2015-06-27 21:38:25 -04:00
a10fa02b00
Land #5606 , @wchen-r7's glassfish fixes
2015-06-26 14:12:50 -05:00
3b5e2a0c6e
Use TARGETURI
2015-06-26 14:02:17 -05:00
b46e1be22f
Land #5371 , Add file checking to the on_new_session cleanup
2015-06-26 13:33:57 -05:00
31eedbcfa0
Minor cleanups on recent modules
...
Edited modules/auxiliary/scanner/http/ms15_034_http_sys_memory_dump.rb
first landed in #5577 , MS15-034 HTTP.SYS Information Disclosure
Edited modules/exploits/multi/browser/adobe_flash_shader_drawing_fill.rb
first landed in #5605 , CVE-2015-3105 flash exploit
Edited modules/exploits/multi/browser/adobe_flash_shader_job_overflow.rb
first landed in #5559 , Adobe Flash Player ShaderJob Buffer Overflow
Edited modules/auxiliary/test/report_auth_info.rb first landed in #5540 ,
@wchen-r7's changes for multiple auxiliary modules to use the new cred
API
2015-06-26 12:18:33 -05:00
c70e38a14e
Do more reporting
2015-06-25 22:39:56 -05:00
5ef4cc2bb4
Save creds
2015-06-25 17:10:20 -05:00
1a371b11b0
Update description
2015-06-25 17:04:31 -05:00
ee0377ca16
Add module for CVE-2015-3105
2015-06-25 13:35:01 -05:00
c330d10403
Make SSL as a basic option
...
Also:
Fix #5558
2015-06-25 02:06:51 -05:00
5c98da05fb
This works for Glassfish 4.0 & 9.1
2015-06-25 01:58:24 -05:00
c826785ebb
Fix auth bypass
2015-06-24 19:49:04 -05:00
8e4fa80728
This looks good so far
2015-06-24 19:30:02 -05:00
380af29482
Progress?
2015-06-24 14:17:45 -05:00
6046994138
version does not return nil
2015-06-23 10:31:01 -05:00
ea49fd2fdc
Update sysaid_rdslogs_fle_upload.rb
2015-06-20 16:59:28 +01:00
3181d76e63
Update sysaid_auth_file_upload.rb
2015-06-20 16:53:33 +01:00
2587595a92
Land #5556 , vprint_status fix
2015-06-19 11:24:54 -05:00
b994801172
Revert auto tab replacement
2015-06-19 11:22:40 -05:00
15985e8b4f
Land #5559 , Adobe Flash Player ShaderJob Buffer Overflow
2015-06-19 10:38:05 -05:00
afcb016814
Minor description fixups.
...
Edited modules/exploits/multi/browser/adobe_flash_pixel_bender_bof.rb
first landed in #5524 , adobe_flash_pixel_bender_bof in flash renderer .
Removed ASCII bullets since those rarely render correctly.
Edited modules/exploits/unix/webapp/wp_frontend_editor_file_upload.rb
first landed in #5252 , @espreto's module for WordPress Front-end Editor
File Upload Vuln . Fixed up some language usage, camel-cased "WordPress."
2015-06-18 13:25:39 -05:00
de1542e589
Add module for CVE-2015-3090
2015-06-18 12:36:14 -05:00
ce9481d2b7
Inconstancy - If datastore['VERBOSE'] vs vprint
2015-06-18 09:27:01 +01:00
8ed13b1d1b
Add linux support for CVE-2014-0515
2015-06-11 16:18:50 -05:00
0d979f61ae
Minor fixups on newish modules
2015-06-10 11:09:42 -05:00
318f67fcda
update descriptions
2015-06-05 09:01:20 -05:00
71a8487091
Correct Flash version in the module description
...
There is no 11.2.202.404, mang.
2015-06-04 23:46:41 -05:00
02181addc5
Update CVE-2014-0556
2015-06-04 18:23:50 -05:00
23df66bf3a
Land #5481 , no powershell. exec shellcode from the renderer process.
2015-06-04 15:45:09 -05:00
ab68d8429b
Add more targets
2015-06-04 12:11:53 -05:00
80cb70cacf
Add support for Windows 8.1/Firefox
2015-06-03 22:46:04 -05:00
74117a7a52
Allow to execute payload from the flash renderer
2015-06-03 16:33:41 -05:00
d5b33a0074
Update sysaid_rdslogs_fle_upload.rb
2015-06-03 22:01:13 +01:00
37827be10f
Update sysaid_auth_file_upload.rb
2015-06-03 22:00:44 +01:00
62993c35d3
Create sysaid_rdslogs_fle_upload.rb
2015-06-03 21:45:14 +01:00
193b7bcd2e
Create sysaid_auth_file_upload.rb
2015-06-03 21:44:02 +01:00
2a260f0689
Update description
2015-05-28 15:18:05 -05:00
e9714bfc82
Solve conflics
2015-05-27 23:22:00 -05:00
24b4dacec5
Land #5408 , @g0tmi1k fixes verbiage and whitespace
2015-05-27 21:02:02 -04:00
e5d42850c1
Add support for Linux to CVE-2015-0336
2015-05-27 17:05:10 -05:00
95b5ff6bea
Minor fixups on recent modules.
...
Edited modules/auxiliary/admin/http/netgear_soap_password_extractor.rb
first landed in #5301 , @m-1-k-3's aux module to extract passwords from
Netgear soap interfaces
Edited modules/auxiliary/scanner/http/influxdb_enum.rb first landed in
Edited modules/auxiliary/scanner/http/title.rb first landed in #5333 ,
HTML Title Grabber
Edited modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
first landed in #5401 , multi-platform CVE-2015-0311 - Flash uncompress()
UAF
Edited modules/exploits/unix/webapp/wp_revslider_upload_execute.rb first
landed in #5290 , Wordpress RevSlider Module
2015-05-26 17:00:10 -05:00
b9f9647ab1
Use all the BES power
2015-05-21 14:06:41 -05:00
aa919da84d
Add the multiplatform exploit
2015-05-20 18:57:59 -05:00
2882374582
Land #5276 , @lanjelot fixes #4243 and improves java_jdwp_debugger
2015-05-15 11:12:10 -05:00
a46975f1f0
Fix read_reply to use get_once correctly
2015-05-15 11:11:25 -05:00
0fb21af247
Verify deletion at on_new_session moment
2015-05-11 18:56:18 -05:00
71518ef613
Land #5303 , metasploit-payloads Java binaries
2015-05-07 22:39:54 -05:00
2f2169af90
Use single quotes consistently
2015-05-07 22:39:36 -05:00
a066105a86
prefer reading directly with MetasploitPayloads where possible
2015-05-07 16:59:02 -05:00
b8c7161819
Fix up NameError'd payload_exe
2015-05-06 11:34:05 -05:00
a0c806c213
Update java meterpreter and payload references to use metasploit-payloads
2015-05-05 15:01:00 -05:00
db999d2c62
Remove ff 31-34 exploit from autopwn, requires interaction.
2015-05-03 10:42:21 -05:00
a531ad9ec2
Land #5096 , @pedrib's exploit for Novell ZCM CVE-2015-0779
2015-05-01 14:35:28 -05:00
0ff33572a7
Fix waiting loop
2015-05-01 14:34:43 -05:00
645f239d94
Change module filename
2015-05-01 14:18:34 -05:00
11a3f59b0b
Return false if there isn't a positive answer
2015-05-01 14:06:57 -05:00
093c2e3ace
Do minor style cleanup
2015-05-01 13:56:48 -05:00
d38adef5cc
Make TOMCAT_PATH optional
2015-05-01 13:54:39 -05:00
d2a7d83f71
Avoid long sleep times
2015-05-01 13:51:52 -05:00
8fcf0c558d
Use single quotes
2015-05-01 13:20:27 -05:00
5ab9f01eee
Use byte[] so it works even if Base64 unavailable
2015-04-30 12:46:14 +10:00
15bb4d1ea4
Fix #4243 , regression introduced by commit 6e80481384
2015-04-30 12:42:39 +10:00
ab94f15a60
Take care of modules using the 'DEBUG' option
2015-04-21 12:13:40 -05:00
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
4f59abe842
Land #5203 , @Meatballs1 fixes #5199 by using the correct namespace
...
* Fixes web_delivery
2015-04-20 11:20:48 -05:00
eb1c01417a
Bogus :
2015-04-20 11:00:26 +01:00
aa4f913800
Resolves #5199
...
Fix Powershell namespace in web_delivery module
2015-04-20 09:37:42 +01:00
4f903a604c
Fix #5103 , Revert unwanted URI encoding
...
Fix #5103 . By default, Httpclient will encode the URI but
we don't necessarily want that. These modules originally
didn't use URI encoding when they were written so we should
just keep them that way.
2015-04-17 13:59:49 -05:00
352e170624
more failure reasons
2015-04-16 22:04:11 +02:00
8c5890d506
more fixes
2015-04-16 21:56:42 +02:00
ba6548db75
be consistent about naming
2015-04-16 21:44:56 +02:00
4dc402fd3c
moar fail_with's
2015-04-16 21:16:52 +02:00
c6f062d49e
Ensure that local variable `upload_path` is defined
...
Merge `upload_payload` and `parse_upload_response` so that the
`upload_path` variable is defined for use in error messages in the event
of failure.
2015-04-10 10:58:20 +01:00
4808d61af3
Add OSVDB id and full disclosure URL
2015-04-09 16:32:22 +01:00
e03f2df691
Land #5002 , RMI/JMX improvements
2015-04-08 15:23:29 -05:00
cf8b92b747
Create zcm_file_upload.rb
2015-04-07 16:05:51 +01:00
7a2d3f5ebd
Land #5082 , firefox_proxy_prototype autopwn_info
2015-04-06 13:36:03 -05:00
e1af495d21
Add extra release fixes
2015-04-06 13:08:40 -05:00
1e6d895975
Description fixes on #4784 , jboss exploit
...
Also, needed to run through msftidy.
[See #4784 ]
2015-04-06 12:34:49 -05:00
cd65e6f282
Add browser_autopwn info to firefox_proxy_prototype
2015-04-06 10:42:32 +05:00
56dc7afea6
Land #5068 , @todb-r7's module author cleanup
2015-04-03 16:00:36 -05:00
e3bbb7c297
Solve conflicts
2015-04-03 14:57:49 -05:00
0f7c644fff
Land #4784 , JBoss Seam 2 upload exec exploit
2015-04-02 22:32:35 -05:00
4bbec88882
Various other one-off nonhuman author credits
...
[See #5012 ]
2015-04-02 15:25:47 -05:00
6532fad579
Remove credits to Alligator Security Team
...
All but one of these modules credits both a team name and individual
team members. We should just be crediting team members. The domain
persists in all the other credits.
The one that didn't was credited to dflah_ specifically, so merely
changed the author name.
Longer description, if needed, wrapped at 72 characters.
[See #5012 ]
2015-04-02 15:12:22 -05:00
02a5730d92
Use calculate_interface_hash
2015-04-01 12:09:42 -05:00
f954ff78c0
Fix typo
2015-04-01 10:51:54 -05:00
48484c1f09
Filed vs Failed fix
2015-03-27 11:27:36 -07:00
356e8c727c
Add specs for Msf::Java::Rmi::Client::Jmx::Server
2015-03-24 18:56:58 -05:00
39e87f927a
Make code consistent
2015-03-24 11:44:26 -05:00
04341bfc78
Support JMX_ROLE again
2015-03-23 17:32:26 -05:00
d8d4c23d60
JMX code refactoring
2015-03-23 17:06:51 -05:00
962bb670de
Remove old JMX mixin
2015-03-23 15:48:10 -05:00
21a97c0926
Add exploit for R7-2015-04, Firefox Proxy RCE
2015-03-23 13:44:41 -05:00
79068c8ec2
Delete JMX discovery stream
2015-03-23 10:21:37 -05:00
127d07342e
Remove trailing space
2015-03-20 01:36:56 +00:00
7426e72317
Grammar - traq_plugin_exec
2015-03-20 01:31:01 +00:00
5709d49aae
Clean up traq_plugin_exec
2015-03-20 01:19:46 +00:00
ae84c8ee30
Delete even more comments
2015-03-18 15:55:52 -05:00
f956ba1a46
Do first JMX cleaning try
2015-03-18 15:37:07 -05:00
14be07a2c4
Update java_rmi_server modules
2015-03-17 21:29:52 -05:00
ebe7ad07b0
Add specs, plus modify java_rmi_server modules
2015-03-17 11:26:27 -05:00
75b2ef81dc
Land #4890 , @julianvilas's improvements struts_code_exec_classloader
2015-03-12 17:25:00 -05:00
b6146b1499
Use print_warning
2015-03-12 17:22:03 -05:00
8a452a7cba
Do somce cleanup
2015-03-10 17:10:44 -05:00
4a84693fb0
Support windows
2015-03-10 16:58:33 -05:00
c26bea3429
Fix credits
2015-03-10 16:27:07 -05:00
980c83cb70
Fix metadata
2015-03-10 16:25:02 -05:00
9e17874389
Exploit CVE-2015-1427
2015-03-10 16:17:51 -05:00
f8f178b1db
Fix script_mvel_rce check
2015-03-10 09:39:02 -05:00
9dc99e4207
Update check
2015-03-10 09:26:22 -05:00
fc4b312879
Add template
2015-03-09 23:04:32 -05:00
fe822f8d33
Modify automatic file cleanup
2015-03-10 00:45:20 +01:00
0ef303cb6c
Fix Java payload
2015-03-10 00:01:27 +01:00
3075c56064
Fix "response HTML" message
...
In modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb.
2015-03-07 17:08:08 -06:00
2eb0011a99
Autotrigger JSP shell at docBase
2015-03-07 20:41:08 +01:00
3be2bde5a2
Use bypass for bulletin S2-020
2015-03-07 19:14:20 +01:00
9f3f8bb727
Merging #3323 work
2015-03-05 15:44:15 -06:00
c388fd49c2
Fix print message
2015-03-05 15:43:54 -06:00
e1a4b046a0
Add support for tomcat 7 to struts_code_exec_classloader
2015-03-05 15:40:24 -06:00
8978b1d7b5
Add a version
2015-03-05 11:29:44 -06:00
32188f09d6
Update phpmoadmin_exec.rb
...
Changes:
Added required comment at the top of the file;
Changed Class name "Metasploit3" >> "Metasploit4";
Standard name/email format for public PoC author.
2015-03-05 12:56:08 +00:00
95962aab0d
Update phpmoadmin_exec.rb
...
Changes:
"Check if vulnerable" code improvement;
Payload delivery code improvement;
Minor indent issues.
Thanks for your feedback guys :)
2015-03-05 12:46:53 +00:00
9530e15c81
Update phpmoadmin_exec.rb
...
Changes:
Changed description section;
Changed 'URL' to 'EDB' in references section;
Added newline at the end.
2015-03-04 21:59:08 +00:00
c19895ac85
Update phpmoadmin_exec.rb
...
Changes:
Added new URL;
Added CVE number;
Corrected the disclosure date;
Corrected the normalize_uri() function syntax.
2015-03-04 21:31:44 +00:00
4d67e0e1bb
Add PHPMoAdmin RCE
2015-03-04 18:17:31 +00:00
94b4bc24bd
Minor word choice changes
...
[See #4804 ]
2015-02-24 12:29:11 -06:00
5cdb678654
Fix invalid use of RPORT (should be RHOST)
2015-02-24 05:24:09 -06:00
1633a6d4fd
Read response back while staging
2015-02-20 01:06:47 -06:00
b0c6671721
Add module for ZDI-15-038, HPCA command injection
2015-02-20 00:41:17 -06:00
49f4b68671
Land #4790 , injecting code into eval-based Javascript unpackers
2015-02-19 12:33:52 -06:00
483a145d19
Fix msftidy issues.
2015-02-18 14:08:03 -06:00
f8609ab0ba
Add file format exploit for injecting code into unpackers.
2015-02-18 11:26:45 -06:00
69b37976c1
Fix disclosure date.
2015-02-17 17:29:52 -08:00
a19a5328f1
Add JBoss Seam 2 upload execute module
...
Versions of the JBoss Seam 2 framework < 2.2.1CR2 fails to properly
sanitize inputs to some JBoss Expression Language expressions. As a
result, attackers can gain remote code execution through the
application server. This module leverages RCE to upload and execute
a meterpreter payload. CVE-2010-1871
2015-02-17 17:25:01 -08:00
e08206d192
Land #4768 , jvazquez-r7 reorganizes the SMB mixins
2015-02-17 10:36:19 -06:00
0372b08d83
Fix mixin usage on modules
2015-02-13 17:17:59 -06:00
29c68ef1ec
End fixing namespaces
2015-02-10 11:55:14 -06:00
1f4fdb5d18
Update from master
2015-02-10 10:47:17 -06:00
a7156cf4a8
Fix zabbix_script_exec datastore
2015-02-05 02:53:22 -06:00
fbf32669c6
Use single quote
2015-02-04 09:47:27 -06:00
wchen-r7
jvazquez-r7
William Vu
Tod Beardsley
h00die
Pedro Ribeiro
g0tmi1k
Spencer McIntyre
Brent Cook
joev
lanjelot
Meatballs
Christian Mehlmauer
Jon Cave
root
scriptjunkie
C-P
Julian Vilas
Ricardo Almeida
vulp1n3