b1e26dd17e
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into feature/linux_reverse_tcp_x86_retry
2017-07-29 17:24:59 +09:00
c5021bf665
Land #8761 , Add CVE-2017-7442: Nitro Pro PDF Reader JS API Code X
2017-07-28 17:02:59 -05:00
b2ecaa489d
Rescue only RubySMB::Error::CommunicationError
2017-07-27 19:19:45 +10:00
f2091928ec
Adding no SMBv1 error handler for ms17-010 exploit
2017-07-27 16:21:09 +10:00
eb536ba67c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into feature/linux_reverse_tcp_x64_retry
2017-07-26 09:48:17 +09:00
9c930aad6e
Add space after comma in f5_bigip_known_privkey module to coincide with Ruby style guide
2017-07-25 19:43:29 -04:00
354869205a
make exploit/multi/handler passive
...
This gives exploit/multi/handler a makeover, updating to use more-or-less
standard Ruby, and removing any mystical hacks at the same time (like select
instead of sleep).
This also gives it a Passive stance, and sets ExitOnSession to be false by
default, which is the setting that people use 99% of the time anyway.
2017-07-24 15:47:06 -07:00
bf4dce19fb
I added the SSD advisory
2017-07-24 14:25:10 -07:00
b099196172
deregistered SSL, added the HTA dodgy try/catch feature
2017-07-24 10:28:03 -07:00
17b28388e9
Added the advisory, opps
2017-07-24 10:09:21 -07:00
14ca2ed325
Added a icon loading trick by Brendan
2017-07-24 10:06:20 -07:00
b2a002adc0
Brendan is an evil genius\!
2017-07-24 09:58:23 -07:00
cc8dc002e9
Added CVE-2017-7442
2017-07-24 08:21:59 -07:00
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
80d18fae6a
update example modules to have zero violations
2017-07-24 06:15:54 -07:00
1d290d2491
resurrect one print_error/bad conversion for symmetry
2017-07-24 05:55:34 -07:00
8db3f74b81
fix a broken link
2017-07-24 05:53:09 -07:00
838b066abe
Merge branch 'master' into land-8716
2017-07-24 05:51:44 -07:00
8444038c62
Add eval alternative to PHP Meterpreter to bypass suhosin
...
See https://suhosin.org/stories/index.html for more information on this system.
2017-07-23 22:04:09 -07:00
fb905c4bc7
Land #8754 , fix some module documentation
2017-07-23 11:44:07 -05:00
a140209c36
Land #8739 , cleanup windows_autologin
2017-07-23 11:35:34 -05:00
7c55cdc1c8
fix some module documentation
...
3 modules got documentation landed in the wrong spot. This also fixes a few
typos and improves formatting.
2017-07-23 07:46:52 -07:00
df22e098ed
Land #8695 , Fix #8675 , Add Cache-Control header, also meta tag for BAP2
2017-07-23 07:17:45 -07:00
8c8dbc6d38
Land #8692 , Fix #8685 , Check nil condition for #wordlist_file in jtr modules
2017-07-23 07:12:21 -07:00
2c3712479d
Land #8750 , openssl_heartbleed fix, use ruby 2.4 OpenSSL::PKey::RSA API
2017-07-23 06:58:40 -07:00
b75530b978
Fix an issue where 'sleep' with Python Meterpreter appears to fail.
2017-07-23 05:38:06 -07:00
399557124f
update payload cached sizes
2017-07-23 05:28:32 -07:00
109fd8b6d3
Add Asterisk Gather Credentials auxiliary module
2017-07-23 09:55:12 +00:00
b4bb384577
add @pbarry-r7 's feedback
2017-07-22 18:54:36 +02:00
e710701416
Made msftidy.rb happy
...
...untested with the set-cookie 'fix'
2017-07-21 19:55:26 -07:00
6bb745744b
Land #8471 , Add VICIdial user_authorization Unauthenticated Command Execution module
2017-07-21 15:57:08 -05:00
5d04775f5e
use 2.4 OpenSSL::PKey::RSA api
2017-07-21 16:28:07 -04:00
524373bb48
OCD - Removed un-needed full stop
2017-07-21 07:41:51 -07:00
772bec23a1
Fix various typos
2017-07-21 07:40:08 -07:00
510ff888fd
Land #8439 , native OSX meterpreter support
2017-07-20 22:01:49 -05:00
7d033688ce
clean up formatting
2017-07-19 17:27:44 -04:00
ffad0d1bbf
Land #8559 , Ipfire oinkcode exec
2017-07-19 14:31:18 -05:00
116a838cb0
Version check update and stylistic fix
2017-07-19 13:26:40 -05:00
3f6925196b
OCD - store_loot & print_good
2017-07-19 13:02:49 +01:00
ef826b3f2c
OCD - print_good & print_error
2017-07-19 12:48:52 +01:00
0f453c602e
Even more print_status -> print_good
2017-07-19 11:46:39 +01:00
df9b642746
More print_status -> print_good
2017-07-19 11:39:15 +01:00
b8d80d87f1
Remove last newline after class - Make @wvu-r7 happy
2017-07-19 11:19:49 +01:00
3d4feffc62
OCD - Spaces & headings
2017-07-19 11:04:15 +01:00
a008f8e795
BruteForce - > Brute Force
2017-07-19 10:39:58 +01:00
5d4105db33
minor fixes per rubocop
2017-07-18 22:36:45 -04:00
0d3f5ae220
cleanup windows_autologin
2017-07-18 22:50:34 +02:00
45f81f3c98
Squash some style issues
2017-07-18 12:45:02 -07:00
cc3168933f
update mettle payloads, template generator
2017-07-18 13:13:38 -05:00
f5e76092d6
Merge branch 'master' into land-8439-
2017-07-18 08:25:18 -05:00
ba92d42b57
Updated version check per @bcoles
2017-07-17 15:52:50 -05:00
e93e524c3b
Merge branch 'upstream-master' into feature/rdp-scanner
2017-07-17 13:46:59 -07:00
43e04c8894
Improve RDP probe packet
2017-07-17 13:14:47 -07:00
2a1c661c79
Land #8723 , Razr Synapse local exploit
...
lands ZeroSteiner's Razr Synapse local priv esc module
2017-07-17 13:34:17 -05:00
6c5d8279ca
change to generate payload from metasm
2017-07-16 19:21:09 +09:00
b4813ce2c7
Update the pre-exploit check conditions
2017-07-15 14:48:54 -04:00
9775df1f6e
Land #8586 , Easy Chat Server 2 to 3.1 - Buffer overflow (SEH) exploit
2017-07-14 15:20:01 -05:00
ee1c87b868
Land #8172 , example modules
...
lands several example modules
2017-07-14 15:17:20 -05:00
e3e5c33b9b
WIP commit of RDP scanner
2017-07-14 13:02:43 -07:00
8f6cac9c37
Land #8652 , rpc console write exploit
...
lands pr for the metasploit rpc console write exploit
2017-07-14 14:47:35 -05:00
0fde6c6b42
Land #8650 , igss9 launch path
...
land pr to fix launch path in the igss9 exploit
2017-07-14 14:39:38 -05:00
833b2a67d4
Fix the architecture check for only x64
2017-07-14 07:06:54 -04:00
4720d1a31e
OCD fixes - Spaces
2017-07-14 08:46:59 +01:00
9309115627
OCD - Banner clean up
2017-07-14 08:19:50 +01:00
fd843f364b
Removed extra lines
2017-07-14 08:17:16 +01:00
a79692aac1
Typo
2017-07-14 08:16:30 +01:00
5d45680bc1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into feature/linux_reverse_tcp_x86_retry
2017-07-14 13:53:53 +09:00
f66021c8a2
update CachedSize
2017-07-14 13:53:43 +09:00
67310fa96c
print_status -> print_good. [When it is successful, show it!]
2017-07-14 00:09:35 +01:00
424522147e
OCD fixes - Start of *.rb files
2017-07-13 23:53:59 +01:00
de230478eb
Land #8566 , Add ye olde NNTP Login Utility scanner module
2017-07-13 13:19:34 -05:00
5470670223
Change the hook for windows 10 compatibility
2017-07-13 11:49:06 -04:00
59de7d3635
Land #8671 , Add a module for CVE-2017-7615
2017-07-12 14:58:02 -05:00
580219695a
Oof, missed the parens...
2017-07-12 13:52:59 -05:00
aa22651340
Few style/spelling tweaks, nothing to see here...
2017-07-12 13:41:20 -05:00
e43adf0223
Land #8710 , explicitly use Rex::Encoder::XDR
...
The previous use of XDR in these modules allowed for namespace collisions
with similar gems.
2017-07-12 12:01:24 -05:00
345407b0a4
Rex::Encoder::XDR conflicts with the XDR gem
2017-07-12 11:52:10 -05:00
e69460a529
Land #8683 , Remove duplicate setting of suhosin.simulation in php_cgi_arg_injection
2017-07-12 09:34:35 -05:00
b7d082fe06
land #8679 update to credits for rfpwnon
2017-07-11 19:36:41 -04:00
aa0fca9dd1
Land #8631 , Add railgun support to Python Meterpreter for the OSX
...
platform
2017-07-11 16:05:16 -05:00
5473b2132d
Implement :request_url for Msf HttpClient mixin
...
To round out implementation of a simple path for users to access
HttpClient like Open or Net::HTTP, create :request_url method which
takes a single URL parameter, uses :request_opts_from_url to build
the request configuration for Rex::Proto::Http::Client, executes
a GET request with it, and disconnects the client unless keepalive
is specified as the second parameter to :request_url.
Example usage of functionality is implemented in http_pdf_authors.
2017-07-11 16:07:13 -04:00
14b37c2101
Land #8691 , Improve php reverse_tcp stager logic
2017-07-11 13:50:27 -05:00
db8698e82b
Land #8655 , add error handling to mipsle linux reverse tcp stager
2017-07-11 22:33:54 +08:00
55cbd9b6a9
Add headers to php_eval
2017-07-10 21:25:27 -04:00
6d7a066477
fixes oracle_hashdump and jtr_oracle_fast modules
...
fixes functionality in the oracle database hashdumper
and the oracle hash cracker modules
2017-07-10 16:57:57 -05:00
50b1ec4044
Fix #8675 , Add Cache-Control header, also meta tag for BAP2
...
Hopefully that browsers will respect this.
Fix #8675
2017-07-10 16:05:09 -05:00
53d5060fbd
Add the LPE for CVE-2017-9769
2017-07-10 16:57:23 -04:00
fe360e3e2a
Fix #8685 , Check nil condition for #wordlist_file in jtr modules
...
JTR modules should never assume there is always a database
connected while using #wordlist_file, considering a database is
an optional component for Framework.
Fix #8685
2017-07-10 11:18:20 -05:00
2ee6df66cf
Land #8514 , wmi persistence module
2017-07-10 09:53:55 -05:00
f4c739c190
check if running as system
2017-07-10 10:05:57 +01:00
df697aa23c
Implement HttpClient options generation from URL
...
To address the complexity which comes with the flexibility offered
by Rex::Proto::Http::Client and its Msf mixin descendant, a simple
process needs to be implemented for issuing a request using only
the URL string in order to provide ease of access to users who may
not have the time to study how these clients work in detail.
Implement :request_opts_from_url in Msf's HttpClient mixin such as
to extract the options required for :send_request_* from a URL
string passed into the method. This approach reduces HTTP requests
in the mixin to `send_request_raw(request_opts_from_url(url))` when
`url` is just a string.
Implement this approach in the http_pdf_authors gather module to
further reduce infrastructure complexity around the simple need to
acquire PDF files via HTTP/S.
Testing:
Local to this module only, and in Pry of course. Seems to work...
2017-07-10 04:19:26 -04:00
997150a215
Use Msf::Exploit::Remote::HttpClient
...
Replace Net::HTTP usage with proper Rex::Proto::Http::Client via
the Msf module mixin. Generate the request opts from the same URI
parsed URL string, execute a one shot GET request, disconencting
after reciept of results. Depending on the response code, either
pass back an empty StringIO or if its 200, a StringIO(res.body).
2017-07-10 03:37:41 -04:00
653890f9d4
fixed unit tests
2017-07-09 16:08:32 -07:00
df024bb594
Remove duplicate setting of suhosin.simulation
2017-07-10 00:46:05 +03:00
263a42707e
Fix a typo
2017-07-09 16:34:51 +02:00
8510cda5ae
Implement @bcoles advices
2017-07-09 16:34:10 +02:00
75c571de83
Land #8653 , add error handling to mipsbe linux reverse tcp stager
2017-07-09 19:36:15 +08:00
cd0c2c213f
pedantic tweaks
2017-07-09 19:36:03 +08:00
50339289a7
Update rfpwnon.rb
2017-07-09 05:12:35 -04:00
f10cf75ae0
Fix some stuff
2017-07-09 10:45:15 +02:00
5fe805aaca
s/\t/ /g
2017-07-09 02:29:37 +02:00
968fa0c244
Add even more references
2017-07-09 02:27:54 +02:00
ae930ae7c1
Add a module for CVE-2017-7615
2017-07-09 02:14:21 +02:00
8e2ff7a4c5
Add command stager and code cleanup
2017-07-07 16:54:56 -05:00
b3be89b508
Land #8663 , typo fix for zoomeye_search
2017-07-07 16:53:48 -05:00
8f464e17a1
Land #8658 , Add Gather PDF Authors auxiliary module
2017-07-07 16:20:29 -05:00
e5244f3113
Fixed typo
2017-07-07 15:26:37 -04:00
683ce10167
Add URL option
2017-07-07 18:42:00 +00:00
3bda361544
add old hackingteam leak name
2017-07-07 00:52:11 -05:00
f4820d24fb
add a few more AKA references
2017-07-06 22:43:46 -05:00
d864ce16b1
Add Gather PDF Authors auxiliary module
2017-07-06 23:29:17 +00:00
f45facdf6e
Fix HTTP verb in jboss_vulnscan print_status
2017-07-06 14:55:33 -05:00
a4a959266b
update cachedSize
2017-07-06 17:43:27 +09:00
ed0b5a843d
add error handling bin to reverse_tcp on mipsbe
2017-07-06 17:34:22 +09:00
2d8a71de6f
tab to space
2017-07-05 18:22:06 +09:00
615eb53796
update cachedSize
2017-07-05 18:05:38 +09:00
d02d6826a9
fix reverse tcp stager src
2017-07-05 17:56:59 +09:00
d1f08a80bd
add error handling to reverse_tcp on mipsbe
2017-07-05 17:50:49 +09:00
baff473cae
Add Metasploit RPC Console Command Execution module
2017-07-05 08:48:35 +00:00
45af651993
Fix issue generate/launch path
...
Generate file in C:\ but try to launch it in Documents and Settings\All Users\Application Data\7T\
PoC with windows/meterpreter/reverse_tcp
2017-07-04 22:14:32 +02:00
aa387e96a7
Land #8577 , Add SurgeNews User Credentials scanner
2017-07-03 10:14:03 -05:00
38b1e56bbd
negated wording regarding legacy auth
...
According to the docs this variable means the opposite:
https://dev.mysql.com/doc/refman/5.5/en/mysql-command-options.html#option_mysql_secure-auth
OFF -> insecure
ON -> secure
2017-07-03 14:29:07 +02:00
dff96ce9a0
Re-order includes with Auxiliary::Scanner last
2017-07-01 08:30:17 +00:00
a2602bf514
Land #8600 , Add GoAutoDial 3.3 RCE Command Injection / SQL injection module
2017-06-30 17:32:51 -05:00
dd530a2953
Minor indentation tweaks.
2017-06-30 17:29:43 -05:00
3d4d03c9b4
Land #8575 , Cerberus Helpdesk hash disclosure
2017-06-30 16:02:53 -05:00
40f0d36f6b
Land #8615 , add @artkond's DoS module for Cisco CVE-2017-3881
2017-06-30 11:17:09 -04:00
994f00622f
tidy module output
2017-06-29 16:12:23 +01:00
7e1b50ab3b
Land #8629 , AKA (also known as) module reference
2017-06-28 19:15:45 -05:00
aa8c580aba
updates
2017-06-28 20:14:38 -04:00
d20036e0fb
revise spelling, add heartbleed and tidy checks
2017-06-28 18:50:20 -04:00
43d8c4c5e7
Land #8519 , Apache ActiveMQ file upload exploit
2017-06-28 17:19:39 -05:00
461ab4501d
add 'Also known as', AKA 'AKA', to module references
2017-06-28 15:53:00 -04:00
a87f937634
fix msftidy warning
2017-06-28 11:53:11 -04:00
6349026134
Land #8442 , Exploit module for Backup Exec Windows Agent UaF
2017-06-28 10:39:28 -05:00
e1ca78e6c6
add option to enable job log parsing
2017-06-27 19:01:12 -04:00
29c6f41622
add longer timeout for large file systems
2017-06-27 18:38:54 -04:00
0da9f4d64a
Refactor railgun "DLL" references to library
2017-06-27 17:34:06 -04:00
cb82bdc6a9
Land #8607 , add error handling to x64 Linux stagers
2017-06-27 03:53:07 -05:00
0d9f57ad7c
add @artkond's DoS module for Cisco CVE-2017-3881
...
This makes a few improvements, adds module docs.
2017-06-27 01:53:23 -05:00
10c663dd3e
initial commit
2017-06-27 01:37:22 -04:00
66161b10c5
Land #8455 , post module for mounting VMDKs
2017-06-27 00:35:48 -05:00
639f341b21
Clean up module
2017-06-26 15:08:37 -05:00
05c72214ae
Land #8205 , Add Satel SenNet Command Exec Module
2017-06-25 18:01:44 -05:00
2918b3af13
Land #8599 , Dynamic DNS updater module
2017-06-25 15:08:22 -05:00
07e7baebb8
sign my name
2017-06-25 14:59:01 -05:00
7bc0dcea42
add ipv6 support for CHOST
2017-06-25 14:57:15 -05:00
66eb89e72a
Exploit now uses HTTP mixin
2017-06-25 16:38:21 +02:00
084b211e9b
add x64 stager_sock_reverse src
2017-06-25 16:31:37 +09:00
269597f994
add initial CHOST support
2017-06-24 18:57:43 -05:00
tkmru
wchen-r7
multiplex3r
1cph93
Brent Cook
mr_me
Pearce Barry
Brendan Coles
Christian Mehlmauer
g0tmi1k
Evgeny Naumov
thesubtlety
bwatters-r7
Jon Hart
David Maloney
Spencer McIntyre
James Barnett
h00die
William Webb
RageLtMan
Adam Cammack
Tim
Matt Robinson
NickTyrer
Dave Farrow
Emanuel Bronshtein
jvoisin
Corey Harding
William Vu
dmohanty-r7
MD5HashBrowns
syndrome5
Roman
Rob Fuller
Mzack9999