Jon Hart
65c1a8230a
Address most Rubocop complaints
2014-10-03 13:47:29 -07:00
Jon Hart
0715c671c6
Update NTP readvar module to detect DRDoS, UDPScanner to be faster
2014-10-03 13:28:30 -07:00
William Vu
f7e709dcb3
Land #3941 , new WPVDB reference
2014-10-03 10:17:02 -05:00
Christian Mehlmauer
f45b89503d
change WPVULNDBID to WPVDB
2014-10-03 17:13:18 +02:00
Brandon Perry
2c9446e6a8
Update f5_icontrol_exec.rb
2014-10-02 17:56:24 -05:00
Christian Mehlmauer
33b37727c7
Added wpvulndb links
2014-10-02 23:03:31 +02:00
Joe Vennix
5a8eca8946
Adds a :vuln_test option to BES, just like in BAP.
...
I needed this to run a custom JS check for the Android
webview vuln when the exploit is served straight
through BES. The check already existed when using BAP,
so I tried to preserve that syntax, and also added a
:vuln_test_error as an optional error message.
This commit also does some mild refactoring of un-
useful behavior in BES.
2014-10-01 23:34:31 -05:00
HD Moore
0380c5e887
Add CVE-2014-6278 support, lands #3932
2014-10-01 18:25:41 -05:00
William Vu
c1b0acf460
Add CVE-2014-6278 support to the exploit module
...
Same thing.
2014-10-01 17:58:25 -05:00
William Vu
5df614d39b
Land #3928 , release fixes
2014-10-01 17:21:08 -05:00
HD Moore
77bb2df215
Adds support for both CVEs, lands #3931
2014-10-01 17:06:59 -05:00
William Vu
51bc5f52c1
Add CVE-2014-6278 support
...
Going with an OptEnum to simplify the code for now...
2014-10-01 16:40:55 -05:00
Spencer McIntyre
8cf718e891
Update pureftpd bash module rank and description
2014-10-01 17:19:31 -04:00
James Lee
7e05ff343e
Fix smbdirect
...
Also some whitespace and a typo in output message
2014-10-01 16:02:59 -05:00
James Lee
a21752bc9c
Fix NoMethodError on os, mark DCs as 'server'
2014-10-01 16:02:46 -05:00
Tod Beardsley
4fbab43f27
Release fixes, all titles and descs
2014-10-01 14:26:09 -05:00
Spencer McIntyre
cf6029b2cf
Remove the less stable echo stager from the exploit
2014-10-01 15:15:07 -04:00
Spencer McIntyre
632edcbf89
Add CVE-2014-6271 exploit via Pure-FTPd ext-auth
2014-10-01 14:57:40 -04:00
William Vu
9bfd013e10
Land #3923 , mv misc/pxexploit to local/pxeexploit
...
Also renamed typo'd pxexploit -> pxeexploit.
2014-09-30 17:48:06 -05:00
William Vu
039e544ffa
Land #3925 , rm indeces_enum
...
Deprecated.
2014-09-30 17:45:38 -05:00
sinn3r
be1df68563
Remove auxiliary/scanner/elasticsearch/indeces_enum.rb
...
Time is up, so good bye.
2014-09-30 17:24:21 -05:00
sinn3r
b17396931f
Fixes #3876 - Move pxeexploit to local directory
2014-09-30 17:16:13 -05:00
William Vu
5ea968f3ee
Update description to prefer the exploit module
2014-09-30 11:34:28 -05:00
William Vu
162e42080a
Update title to reflect scanner status
2014-09-30 11:04:17 -05:00
William Vu
de65ab0519
Fix broken check in exploit module
...
See 71d6b37088
.
2014-09-29 23:03:09 -05:00
William Vu
12d7073086
Use idiomatic Ruby for the marker
2014-09-29 22:32:07 -05:00
William Vu
71d6b37088
Fix bad header error from pure Bash CGI script
2014-09-29 22:25:42 -05:00
William Vu
df44dfb01a
Add OSVDB and EDB references to Shellshock modules
2014-09-29 21:39:07 -05:00
sinn3r
b2d2101be2
Land #3913 - Change hardcoded table prefixes
2014-09-29 17:55:45 -05:00
sinn3r
8f3e03d4f2
Land #3903 - ManageEngine OpManager / Social IT Arbitrary File Upload
2014-09-29 17:53:43 -05:00
Christian Mehlmauer
b266233e95
fix bug
2014-09-30 00:21:52 +02:00
Pedro Ribeiro
533b807bdc
Add OSVDB id
2014-09-29 21:52:44 +01:00
HD Moore
878f3d12cd
Remove kind_of? per @trosen-r7
2014-09-29 15:39:10 -05:00
HD Moore
77efa7c19a
Change if/else to case statement
2014-09-29 15:37:58 -05:00
HD Moore
bfadfda581
Fix typo on match string for opera_configoverwrite
2014-09-29 15:34:35 -05:00
sinn3r
ffe5aafb2f
Land #3905 - Update exploits/multi/http/apache_mod_cgi_bash_env_exec
2014-09-29 15:19:35 -05:00
sinn3r
21b2d9eb3f
Land #3899 - WordPress custom-contact-forms Plugin SQL Upload
2014-09-29 14:40:28 -05:00
sinn3r
9e5826c4eb
Land #3844 - Add the JSObfu mixin to Firefox exploits
2014-09-29 11:15:14 -05:00
sinn3r
ababc3d8ff
Land #3869 - HP Network Node Manager I PMD Buffer Overflow
2014-09-29 11:00:12 -05:00
Meatballs
d5959d6bd6
Land #2585 , Refactor Bypassuac with Runas Mixin
2014-09-28 09:24:22 +01:00
Spencer McIntyre
fe12ed02de
Support a user defined header in the exploit too
2014-09-27 18:58:53 -04:00
Pedro Ribeiro
f20610a657
Added full disclosure URL
2014-09-27 21:34:57 +01:00
Pedro Ribeiro
030aaa4723
Add exploit for CVE-2014-6034
2014-09-27 19:33:49 +01:00
HD Moore
64dbc396dd
Add header specification to check module, lands #3902
2014-09-27 12:58:29 -05:00
William Vu
044eeb87a0
Add variable HTTP header
...
Also switch from OptEnum to OptString for flexibility.
2014-09-27 12:39:24 -05:00
Brandon Perry
161a145ec2
Create f5_icontrol_exec.rb
2014-09-27 10:40:13 -05:00
Christian Mehlmauer
c51c19ca88
bugfix
2014-09-27 14:56:34 +02:00
Christian Mehlmauer
9a424a81bc
fixed bug
2014-09-27 13:46:55 +02:00
Christian Mehlmauer
1c30c35717
Added WordPress custom_contact_forms module
2014-09-27 13:42:49 +02:00
sinn3r
c75a0185ec
Land #3897 - Fix check for apache_mod_cgi_bash_env & apache_mod_cgi_bash_env_exec
2014-09-26 17:06:23 -05:00
jvazquez-r7
80d9af9b49
Fix spacing in description
2014-09-26 17:03:28 -05:00
jvazquez-r7
9e540637ba
Add module for CVE-2014-5377 ManageEngine DeviceExpert User Credentials
2014-09-26 17:02:27 -05:00
jvazquez-r7
3259509a9c
Use return
2014-09-26 16:04:15 -05:00
jvazquez-r7
0a3735fab4
Make it better
2014-09-26 16:01:10 -05:00
jvazquez-r7
3538b84693
Try to make a better check
2014-09-26 15:55:26 -05:00
jvazquez-r7
6e2d297e0c
Credit the original vuln discoverer
2014-09-26 13:45:09 -05:00
jvazquez-r7
e1f00a83bc
Fix Rex because domainname and domain_name were duplicated
2014-09-26 13:40:52 -05:00
jvazquez-r7
5044117a78
Refactor dhclient_bash_env to use the egypt's mixin mods
2014-09-26 13:34:44 -05:00
nullbind
ebf4e5452e
Added mssql_escalate_dbowner module
2014-09-26 10:29:35 -05:00
jvazquez-r7
a4bc17ef89
deregister options needed for exploitation
2014-09-26 10:15:46 -05:00
jvazquez-r7
54e6763990
Add injection to HOSTNAME and URL
2014-09-26 10:13:24 -05:00
jvazquez-r7
a31b4ecad9
Merge branch 'review_3893' into test_land_3893
2014-09-26 08:41:43 -05:00
James Lee
86f85a356d
Add DHCP server module for CVE-2014-6271
2014-09-26 01:24:42 -05:00
sinn3r
38c8d92131
Land #3888 - exploit module version of CVE-2014-6271
2014-09-26 00:31:41 -05:00
HD Moore
b878ad2b75
Add a module to exploit bash via DHCP, lands #3891
...
This module is just a starting point for folks to test their DHCP client implementations and we plan to significantly overhaul this once we get a bit of breathing room.
2014-09-25 23:38:40 -05:00
Ramon de C Valle
9c11d80968
Add dhclient_bash_env.rb (Bash exploit)
...
This module exploits a code injection in specially crafted environment
variables in Bash, specifically targeting dhclient network configuration
scripts through the HOSTNAME, DOMAINNAME, and URL DHCP options.
2014-09-26 01:37:00 -03:00
jvazquez-r7
ad864cc94b
Delete unnecessary code
2014-09-25 16:18:01 -05:00
Joe Vennix
2b02174999
Yank Android->jsobfu integration. Not really needed currently.
2014-09-25 16:00:37 -05:00
jvazquez-r7
9245bedf58
Make it more generic, add X86_64 target
2014-09-25 15:54:20 -05:00
Samuel Huckins
be6552dae7
Clarifying VMware priv esc via bash module name
2014-09-25 14:34:09 -05:00
jvazquez-r7
d8c03d612e
Avoid failures due to bad payload selection
2014-09-25 13:49:04 -05:00
jvazquez-r7
91e5dc38bd
Use datastore timeout
2014-09-25 13:36:05 -05:00
jvazquez-r7
8a43d635c3
Add exploit module for CVE-2014-6271
2014-09-25 13:26:57 -05:00
jvazquez-r7
e0fc30c040
Land #3884 , @wvu's check and reporting for apache_mod_cgi_bash_env
2014-09-25 09:52:17 -05:00
William Vu
f66c854ad6
Fix description to be less lulzy
2014-09-25 07:09:08 -05:00
William Vu
9ed28408e1
Favor check_host for a scanner
2014-09-25 07:06:12 -05:00
William Vu
62b74aeaed
Reimplement old check code I was testing before
...
I would like to credit @wchen-r7 for providing advice and feedback.
@jvazquez-r7, too! :)
2014-09-25 06:38:25 -05:00
William Vu
d9120cd586
Fix typo in description
...
Running on fumes here...
2014-09-25 01:22:08 -05:00
William Vu
790df96396
Fix missed var
2014-09-25 01:19:14 -05:00
Rob Fuller
f13289ab65
remove debugging
2014-09-25 02:16:19 -04:00
William Vu
e051cf020d
Add missed mixin
2014-09-25 01:14:58 -05:00
William Vu
27b8580f8d
Add protip to description
...
This gets you lots of shells.
2014-09-25 01:10:22 -05:00
Rob Fuller
8cb4ed4cb7
re-add quotes -oops
2014-09-25 02:09:12 -04:00
William Vu
b1e9b3664e
Improve false positive check
2014-09-25 01:01:11 -05:00
Rob Fuller
6fb587ef96
update to use vmware-vmx-stats
2014-09-25 01:55:04 -04:00
William Vu
8daf8d4339
Report vuln for apache_mod_cgi_bash_env
...
Now with fewer false positives! It's kinda like a check method.
2014-09-25 00:42:14 -05:00
jvazquez-r7
37753e656e
Land #3882 , @jvennix-r7's vmware/bash privilege escalation module
2014-09-25 00:42:12 -05:00
jvazquez-r7
456d731aa3
Fix processes check
2014-09-25 00:24:39 -05:00
William Vu
5a59b7cd89
Fix formatting
2014-09-24 23:12:11 -05:00
William Vu
e6f0736797
Add peer
2014-09-24 22:48:51 -05:00
William Vu
8b6519b5b4
Revert shortened reference
...
But it's so long. :(
2014-09-24 22:43:33 -05:00
William Vu
ecb10ebe28
Add variable HTTP method and other stuff
2014-09-24 22:41:01 -05:00
Joe Vennix
f6708b4d83
Check for running vmware processes first.
2014-09-24 19:11:38 -05:00
William Vu
a600a0655d
Scannerify the module
2014-09-24 18:58:39 -05:00
William Vu
abadf65d8d
Clean up title and formatting
2014-09-24 18:42:43 -05:00
William Vu
2562964581
Revert to my original code of using CMD
2014-09-24 18:00:13 -05:00
Joe Vennix
99da950734
Adds osx vmware/bash priv escalation.
2014-09-24 17:44:14 -05:00
William Vu
6ae578f80f
Add Stephane Chazelas as an author
2014-09-24 17:14:18 -05:00
William Vu
b2555408a4
Rename module
...
I don't think we're gonna make a supermodule like we had hoped.
2014-09-24 16:55:10 -05:00
William Vu
31e9e97146
Replace unnecessary reference with a better one
2014-09-24 16:52:43 -05:00