wchen-r7
c0bf2cc6e7
Land #8401 , Buffer Overflow on Sync Breeze Enterprise 9.4.28
2017-05-17 23:39:50 -05:00
wchen-r7
3360171977
Land #8319 , Add exploit module for Mediawiki SyntaxHighlight extension
2017-05-17 23:23:50 -05:00
wchen-r7
1cc00b2944
Add vulnerable setup info in mediawiki_syntaxhighlight.md
2017-05-17 23:23:00 -05:00
wchen-r7
ca1f8da7e5
Get around encoding issues in mediawiki_syntaxhighlight.md
2017-05-17 22:50:56 -05:00
James Lee
b78749bc1b
Land #8221 , move autoroute
2017-05-17 15:17:45 -05:00
Daniel Teixeira
ad8788cc74
Update syncbreeze_bof.rb
2017-05-17 11:33:24 +01:00
Daniel Teixeira
5329ce56c4
Sync Breeze Enterprise GET Buffer Overflow
2017-05-17 10:53:28 +01:00
Daniel Teixeira
57eac49222
Add files via upload
2017-05-17 10:52:36 +01:00
William Webb
7e2dab4ddc
Land #8303 , Buffer Overflow on Dupscout Enterprise v9.5.14
2017-05-17 01:04:59 -05:00
William Vu
1f4ff30adb
Improve 200 fail_with in wp_phpmailer_host_header
...
One. last. commit. Noticed this in the response body.
2017-05-16 22:38:36 -05:00
William Vu
21e741b530
Comment out x86 targets in ms17_010_eternalblue.md
...
Still under development.
2017-05-16 19:52:44 -05:00
Jeffrey Martin
8d9561be3b
Land #8397 , Secure (https) links in README.md
2017-05-16 17:33:12 -05:00
wchen-r7
11da7c7c81
Land #8394 , Add Moxa Credential Recovery Module
2017-05-16 16:45:22 -05:00
wchen-r7
8025eb573a
Enforce check
...
Because we are not able to get our hands on the hardware for testing,
and that this module may trigger a backtrace if the UDP server isn't
Moxa, we force check to make sure that doesn't happen.
2017-05-16 16:43:22 -05:00
wchen-r7
77a9676efb
Land #8347 , Add Serviio Media Server checkStreamUrl Command Execution
2017-05-16 16:20:39 -05:00
Metasploit
729f2a9ab8
Bump version of framework to 4.14.19
2017-05-16 14:09:45 -07:00
William Vu
6d81ca4208
Fix Array/String TypeError in ms17_010_eternalblue
2017-05-16 15:53:34 -05:00
William Vu
e24de5f110
Fix Class/String TypeError in ms17_010_eternalblue
2017-05-16 15:41:16 -05:00
wchen-r7
58d65ce4b5
Land #8380 , check for command injection in smtp email addresses
...
aborts
2017-05-16 15:36:22 -05:00
Patrick DeSantis
d85d1de057
Merge pull request #1 from wchen-r7/pr8394_fix
...
Pass msftidy for moxa_credentials_recovery.rb
2017-05-16 16:11:10 -04:00
James Lee
e3f4cc0dfd
Land #8345 , WordPress PHPMailer Exim injection
...
CVE-2016-10033
2017-05-16 15:07:21 -05:00
wchen-r7
2d7f7f9aec
Pass msftidy
2017-05-16 15:05:12 -05:00
William Vu
29b7aa5b9b
Update fail_with for 200 (bad user?)
2017-05-16 15:03:42 -05:00
wchen-r7
e62fc3e93c
Land #8376 , Add BuilderEngine 3.5 Arbitrary file upload & exec exploit
2017-05-16 14:53:32 -05:00
wchen-r7
631267480d
Update module description
2017-05-16 14:48:46 -05:00
William Vu
3893bc4d83
Update doc with new prestager command
2017-05-16 14:48:12 -05:00
wchen-r7
2ed8ae11b4
Add doc and make minor changes
2017-05-16 14:47:19 -05:00
Will
e974782b28
Secure (https) links in README.md
...
Secure (https) links in README.md
2017-05-16 15:25:30 -04:00
William Vu
7c1dea2f02
Refactor prestager to work with newer Exim
...
Apparently it doesn't like reduce with extract.
2017-05-16 14:22:43 -05:00
William Vu
eff4914240
Land #8381 , ETERNALBLUE exploit (to be continued)
2017-05-16 12:19:45 -05:00
zerosum0x0
53bb5a8440
Update ms17_010_eternalblue.rb
2017-05-16 10:43:43 -06:00
William Vu
7c2fb9acc1
Fix nil bug in Server header check
2017-05-16 10:43:04 -05:00
wchen-r7
20b682b2e4
Land #8391 , fix a typo in vmware_enum_permissions module description
...
orts
2017-05-16 09:33:26 -05:00
Patrick DeSantis
77dd3d19b9
add moxa credentials recovery module documentation
2017-05-16 10:22:50 -04:00
Patrick DeSantis
4a0535c2d0
add moxa credential recovery module
2017-05-16 10:21:44 -04:00
William Vu
8021b209ba
Update doc with new usage
...
Also kick version down to 4.6, since I wasn't using the tag originally.
2017-05-15 21:28:41 -05:00
William Vu
5fd6cb0890
Remove nil case, since response might be nil
...
It doesn't always return something. Forgot that.
2017-05-15 21:23:49 -05:00
William Vu
b41427412b
Improve fail_with granularity for 400 error
...
Also corrects BadConfig to NoTarget in another one of my modules. Oops.
2017-05-15 21:15:43 -05:00
h00die
b2f69e9018
spelling
2017-05-15 21:11:19 -04:00
William Vu
1a644cadc4
Add print_good to on_request_uri override
...
Maybe the ability to send prestagers will be a part of CmdStager in the
future, or maybe CmdStager will actually be able to encode for badchars.
2017-05-15 19:17:58 -05:00
William Vu
c4c55be444
Clarify why we're getting 400 and add fail_with
2017-05-15 18:53:36 -05:00
William Vu
489d9a6032
Drop module to AverageRanking and note 400 error
2017-05-15 17:35:40 -05:00
William Vu
2055bf8f65
Add note about PHPMailer being bundled
2017-05-15 14:29:11 -05:00
William Vu
35670713ff
Remove budding anti-patterns to avoid copypasta
...
While it offers a better OOBE, don't set a default LHOST. Force the user
to think about what they're setting it to. Also, RequiredCmd is largely
unnecessary and difficult to determine ahead of time unless the target
is a virtual appliance or something else "shipped."
2017-05-15 12:56:14 -05:00
Brent Cook
da160a8831
Land #8179 , cleanup msfupdate, add git config checks
2017-05-14 23:01:25 -05:00
Brent Cook
1892ac0c6c
tidy code, remove pro support, don't use tempfile, simplify checks
2017-05-14 22:58:47 -05:00
zerosum0x0
cb4c700e62
fix typo
2017-05-14 21:52:36 -06:00
zerosum0x0
865a36068e
sleep fix and new shellcode
2017-05-14 21:45:19 -06:00
William Vu
416a5cdc3b
Land #8379 , payload opts check for RHOST warning
2017-05-14 22:21:58 -05:00
William Vu
78148c7979
Prefer && instead of and
...
I think @zeroSteiner's been writing a lot of Python. :-)
2017-05-14 22:19:15 -05:00