Commit Graph

42386 Commits (c0bf2cc6e749304fe9492754e8cc5ff0b69f4ef8)

Author SHA1 Message Date
wchen-r7 c0bf2cc6e7 Land #8401, Buffer Overflow on Sync Breeze Enterprise 9.4.28 2017-05-17 23:39:50 -05:00
wchen-r7 3360171977 Land #8319, Add exploit module for Mediawiki SyntaxHighlight extension 2017-05-17 23:23:50 -05:00
wchen-r7 1cc00b2944 Add vulnerable setup info in mediawiki_syntaxhighlight.md 2017-05-17 23:23:00 -05:00
wchen-r7 ca1f8da7e5 Get around encoding issues in mediawiki_syntaxhighlight.md 2017-05-17 22:50:56 -05:00
James Lee b78749bc1b
Land #8221, move autoroute 2017-05-17 15:17:45 -05:00
Daniel Teixeira ad8788cc74 Update syncbreeze_bof.rb 2017-05-17 11:33:24 +01:00
Daniel Teixeira 5329ce56c4 Sync Breeze Enterprise GET Buffer Overflow 2017-05-17 10:53:28 +01:00
Daniel Teixeira 57eac49222 Add files via upload 2017-05-17 10:52:36 +01:00
William Webb 7e2dab4ddc
Land #8303, Buffer Overflow on Dupscout Enterprise v9.5.14 2017-05-17 01:04:59 -05:00
William Vu 1f4ff30adb
Improve 200 fail_with in wp_phpmailer_host_header
One. last. commit. Noticed this in the response body.
2017-05-16 22:38:36 -05:00
William Vu 21e741b530
Comment out x86 targets in ms17_010_eternalblue.md
Still under development.
2017-05-16 19:52:44 -05:00
Jeffrey Martin 8d9561be3b
Land #8397, Secure (https) links in README.md 2017-05-16 17:33:12 -05:00
wchen-r7 11da7c7c81 Land #8394, Add Moxa Credential Recovery Module 2017-05-16 16:45:22 -05:00
wchen-r7 8025eb573a Enforce check
Because we are not able to get our hands on the hardware for testing,
and that this module may trigger a backtrace if the UDP server isn't
Moxa, we force check to make sure that doesn't happen.
2017-05-16 16:43:22 -05:00
wchen-r7 77a9676efb Land #8347, Add Serviio Media Server checkStreamUrl Command Execution 2017-05-16 16:20:39 -05:00
Metasploit 729f2a9ab8
Bump version of framework to 4.14.19 2017-05-16 14:09:45 -07:00
William Vu 6d81ca4208
Fix Array/String TypeError in ms17_010_eternalblue 2017-05-16 15:53:34 -05:00
William Vu e24de5f110
Fix Class/String TypeError in ms17_010_eternalblue 2017-05-16 15:41:16 -05:00
wchen-r7 58d65ce4b5 Land #8380, check for command injection in smtp email addresses
aborts
2017-05-16 15:36:22 -05:00
Patrick DeSantis d85d1de057 Merge pull request #1 from wchen-r7/pr8394_fix
Pass msftidy for moxa_credentials_recovery.rb
2017-05-16 16:11:10 -04:00
James Lee e3f4cc0dfd
Land #8345, WordPress PHPMailer Exim injection
CVE-2016-10033
2017-05-16 15:07:21 -05:00
wchen-r7 2d7f7f9aec Pass msftidy 2017-05-16 15:05:12 -05:00
William Vu 29b7aa5b9b Update fail_with for 200 (bad user?) 2017-05-16 15:03:42 -05:00
wchen-r7 e62fc3e93c Land #8376, Add BuilderEngine 3.5 Arbitrary file upload & exec exploit 2017-05-16 14:53:32 -05:00
wchen-r7 631267480d Update module description 2017-05-16 14:48:46 -05:00
William Vu 3893bc4d83 Update doc with new prestager command 2017-05-16 14:48:12 -05:00
wchen-r7 2ed8ae11b4 Add doc and make minor changes 2017-05-16 14:47:19 -05:00
Will e974782b28 Secure (https) links in README.md
Secure (https) links in README.md
2017-05-16 15:25:30 -04:00
William Vu 7c1dea2f02 Refactor prestager to work with newer Exim
Apparently it doesn't like reduce with extract.
2017-05-16 14:22:43 -05:00
William Vu eff4914240
Land #8381, ETERNALBLUE exploit (to be continued) 2017-05-16 12:19:45 -05:00
zerosum0x0 53bb5a8440 Update ms17_010_eternalblue.rb 2017-05-16 10:43:43 -06:00
William Vu 7c2fb9acc1 Fix nil bug in Server header check 2017-05-16 10:43:04 -05:00
wchen-r7 20b682b2e4 Land #8391, fix a typo in vmware_enum_permissions module description
orts
2017-05-16 09:33:26 -05:00
Patrick DeSantis 77dd3d19b9 add moxa credentials recovery module documentation 2017-05-16 10:22:50 -04:00
Patrick DeSantis 4a0535c2d0 add moxa credential recovery module 2017-05-16 10:21:44 -04:00
William Vu 8021b209ba Update doc with new usage
Also kick version down to 4.6, since I wasn't using the tag originally.
2017-05-15 21:28:41 -05:00
William Vu 5fd6cb0890 Remove nil case, since response might be nil
It doesn't always return something. Forgot that.
2017-05-15 21:23:49 -05:00
William Vu b41427412b Improve fail_with granularity for 400 error
Also corrects BadConfig to NoTarget in another one of my modules. Oops.
2017-05-15 21:15:43 -05:00
h00die b2f69e9018 spelling 2017-05-15 21:11:19 -04:00
William Vu 1a644cadc4 Add print_good to on_request_uri override
Maybe the ability to send prestagers will be a part of CmdStager in the
future, or maybe CmdStager will actually be able to encode for badchars.
2017-05-15 19:17:58 -05:00
William Vu c4c55be444 Clarify why we're getting 400 and add fail_with 2017-05-15 18:53:36 -05:00
William Vu 489d9a6032 Drop module to AverageRanking and note 400 error 2017-05-15 17:35:40 -05:00
William Vu 2055bf8f65 Add note about PHPMailer being bundled 2017-05-15 14:29:11 -05:00
William Vu 35670713ff Remove budding anti-patterns to avoid copypasta
While it offers a better OOBE, don't set a default LHOST. Force the user
to think about what they're setting it to. Also, RequiredCmd is largely
unnecessary and difficult to determine ahead of time unless the target
is a virtual appliance or something else "shipped."
2017-05-15 12:56:14 -05:00
Brent Cook da160a8831
Land #8179, cleanup msfupdate, add git config checks 2017-05-14 23:01:25 -05:00
Brent Cook 1892ac0c6c tidy code, remove pro support, don't use tempfile, simplify checks 2017-05-14 22:58:47 -05:00
zerosum0x0 cb4c700e62 fix typo 2017-05-14 21:52:36 -06:00
zerosum0x0 865a36068e sleep fix and new shellcode 2017-05-14 21:45:19 -06:00
William Vu 416a5cdc3b
Land #8379, payload opts check for RHOST warning 2017-05-14 22:21:58 -05:00
William Vu 78148c7979 Prefer && instead of and
I think @zeroSteiner's been writing a lot of Python. :-)
2017-05-14 22:19:15 -05:00