wchen-r7
cb04ff48bc
Land #7180 , Add exploit for CVE 2016-5674 / Nuuo / Netgear unauth RCE
2016-08-08 15:55:39 -05:00
wchen-r7
8654baf3dd
Land #6880 , add a module for netcore/netdis udp 53413 backdoor
2016-08-08 15:43:34 -05:00
wchen-r7
f98efb1345
Fix typos
2016-08-08 15:41:03 -05:00
Pedro Ribeiro
7ca7682d17
Fix whitespace error from msftidy
2016-08-08 17:57:03 +01:00
wchen-r7
3d1289dac3
Land #7185 , Add VMware Host Guest Client Redirector DLL Hijack Exploit
2016-08-08 11:41:40 -05:00
wchen-r7
51c457dfb3
Update vmhgfs_webdav_dll_sideload
2016-08-08 11:40:03 -05:00
Pearce Barry
ae59c4ae74
Land #6687 , Fix meterpreter platform to include OS in the tuple for all meterpreters
2016-08-07 05:00:24 -05:00
Pedro Ribeiro
3b64b891a6
Update nuuo_nvrmini_unauth_rce.rb
2016-08-05 21:53:25 +01:00
Pedro Ribeiro
746ba4d76c
Add bugtraq reference
2016-08-05 21:53:08 +01:00
Pedro Ribeiro
106f26587e
Add bugtraq reference
2016-08-05 21:52:46 +01:00
Steven Seeley
230903562f
Add Samsung Security Manager 1.5 ActiveMQ Broker exploit
2016-08-05 15:19:22 -05:00
Yorick Koster
dae1679245
Fixed build warnings
2016-08-05 20:40:41 +02:00
Yorick Koster
02e065dae6
Fixed disclosure date format
2016-08-05 20:32:58 +02:00
Yorick Koster
97d11a7041
Exploit module for CVE-2016-5330 VMware Host Guest Client Redirector DLL hijack
2016-08-05 20:19:40 +02:00
Pedro Ribeiro
07e210c143
Add changes requested to target.uri
2016-08-04 17:50:16 +01:00
Pedro Ribeiro
036d0502db
Add github link
2016-08-04 17:38:45 +01:00
Pedro Ribeiro
2aca610095
Add github link
2016-08-04 17:38:31 +01:00
Pedro Ribeiro
7d8dc9bc82
Update nuuo_nvrmini_unauth_rce.rb
2016-08-04 17:38:14 +01:00
Pedro Ribeiro
ec67db03f1
add exploit for CVE 2016-5676
2016-08-04 16:56:16 +01:00
Pedro Ribeiro
b48518099c
add exploit for CVE 2016-5674
2016-08-04 16:55:21 +01:00
Pedro Ribeiro
0deac80d61
add exploit for CVE 2016-5675
2016-08-04 16:54:38 +01:00
wchen-r7
14a387e4eb
Land #7163 , Add exploit payload delivery via SMB
2016-08-03 14:44:59 -05:00
wchen-r7
2f6e0fb58c
Land #7172 , Add exploit for CVE-2016-0189 (MSIE)
2016-08-03 14:14:16 -05:00
wchen-r7
e16c57ed07
Lower rank
2016-08-03 14:02:47 -05:00
wchen-r7
96dbf627ae
Remove unwanted metadata for HttpServer
2016-08-03 13:55:58 -05:00
wchen-r7
45801bc44e
get_env
2016-08-03 11:11:34 -05:00
wchen-r7
bddf5edcf1
Fix typo
2016-08-03 11:04:53 -05:00
Jon Hart
554a0c5ad7
Deprecate nbname_probe, which duplicate nbname as of 77cd6dbc8b
2016-08-02 17:36:22 -07:00
wchen-r7
8f7d0eae0c
Fix #7155 - Add post module to compress (zip) a file or directory
...
Fix #7155
2016-08-02 14:44:58 -05:00
William Webb
be4f55aa2f
forgot to update ranking
2016-08-02 13:30:12 -05:00
William Webb
4c15e5e33a
Land #7171 , Hint about incorrect RAILSVERSION
2016-08-01 15:40:27 -05:00
William Webb
160c49721b
Land #7166 , Fix empty output in nbns_response
2016-08-01 14:52:33 -05:00
Brent Cook
abf435d6c2
Land #6960 , Auth bypass for Polycom HDX video endpoints
2016-08-01 14:02:50 -05:00
Brent Cook
5309f2e4fb
endpoints, not end points
2016-08-01 14:02:17 -05:00
Brent Cook
b34201e65c
restore session as an instance variable
2016-08-01 13:58:54 -05:00
William Webb
ba0da52274
msftidy cleanup
2016-08-01 13:36:05 -05:00
William Webb
21e6211e8d
add exploit for cve-2016-0189
2016-08-01 13:26:35 -05:00
William Vu
3b13adba70
Hint about incorrect RAILSVERSION
...
If the secret doesn't match, you might have set the wrong RAILSVERSION.
The difference is secret_token (Rails 3) vs. secret_key_base (Rails 4).
2016-08-01 09:36:25 -07:00
William Vu
e699d3f05b
Fix empty output in nbns_response
...
Normally, the module prints nothing unless VERBOSE is true. In practice,
we at least want to see responded-to hosts. We leave details to be
printed when VERBOSE is set.
2016-07-31 09:47:19 -07:00
James Lee
d46c3a1d8c
Collector looks like hex, store it as a string
2016-07-29 21:57:51 -05:00
AgoraSecurity
b61aaef03e
Fix undercase issue with userlist.dat
...
Remove the 2nd element of the array at line 102.
Add .downcase for line 103.
Fix to find filenames on systems that created the userlist.dat on uppercase.
2016-07-29 15:54:34 -05:00
Andrew Smith
1d6fa11c4f
Addition of SMB delivery module
2016-07-29 14:58:30 -04:00
wchen-r7
1e1866f583
Fix #7158 , tiki_calendar_exec incorrectly reports successful login
...
Fix #7158
2016-07-28 17:03:31 -05:00
Pearce Barry
6c7cc061ea
Minor formatting tweaks.
2016-07-28 16:29:42 -05:00
Robert Kugler
ef2899dfd4
msftidy updates
2016-07-28 16:29:42 -05:00
Robert Kugler
7b4bb75294
Create avira_password.rb
2016-07-28 16:29:42 -05:00
Brendan
af137f3ec3
Land #7127 , Fix #6989 , scanner modules printing RHOST in progress messages
2016-07-27 09:16:08 -07:00
Brent Cook
288b39e37f
update to mettle 0.0.6
2016-07-27 08:59:21 -05:00
Vex Woo
864989cf6c
For echo command
2016-07-26 20:27:23 -05:00
Brendan
4720d77c3a
Land #6965 , centreon useralias exec
2016-07-26 15:02:36 -07:00
Mehmet Ince
dadafd1fdf
Use data:// instead of bogus web server and check() improvements.
2016-07-26 13:31:46 +03:00
wchen-r7
cce1ae6026
Fix #6989 , scanner modules printing RHOST in progress messages
...
Fix #6989
2016-07-25 23:15:59 -05:00
wchen-r7
df15eebdf8
Land #7106 , multiple keylog_recorder improvements
2016-07-25 14:54:06 -05:00
wchen-r7
1016cb675d
Land #7107 , Use VHOST info for redirection in firefox_proto_crmfrequest
2016-07-24 15:50:21 -05:00
wchen-r7
72caeaa72f
Fix redirect url
2016-07-24 15:49:03 -05:00
Mehmet Ince
780e83dabb
Fix for Opt params and Space limits
2016-07-22 20:48:15 +03:00
Josh Hale
352d63480d
scriptjunkie's recs and fixes additional issues
2016-07-21 22:54:48 -05:00
Mehmet Ince
7e9c5f9011
Fix for double space and indentation
2016-07-21 20:27:52 +03:00
Mehmet Ince
634ee93de4
Add Drupal CODER remote command execution
2016-07-21 20:23:54 +03:00
William Vu
32f1c83c9e
Switch to single quotes
...
Might as well, since we're avoiding escaping.
2016-07-21 00:10:17 -05:00
William Vu
2e631cab5b
Prefer quoting over escaping
...
Having to escape backslashes in a single-quoted string sucks.
2016-07-21 00:02:08 -05:00
William Vu
c6b309d5c9
Fix drupal_restws_exec check method false positive
2016-07-20 23:28:49 -05:00
William Vu
8bd6db8bd7
Land #7108 , Drupal RESTWS exploit
2016-07-20 13:49:37 -05:00
William Vu
b49a847c98
Fix additional things
2016-07-20 13:49:23 -05:00
Mehmet Ince
51bb950201
Avoid return where not required
2016-07-20 21:27:51 +03:00
Mehmet Ince
b0a0544627
Remove random string from URI
2016-07-20 20:50:10 +03:00
Pedro Ribeiro
c93e88f3a3
Make changes requested by wvu-r7
2016-07-20 14:21:04 +02:00
James Lee
b057a9486c
Don't use ssh agent
2016-07-19 17:07:22 -05:00
James Lee
ff63e6e05a
Land #7018 , unvendor net-ssh
2016-07-19 17:06:35 -05:00
Mehmet Ince
089816236d
Remove double spaces and fix checkcode
2016-07-20 00:01:25 +03:00
Mehmet Ince
9c8e351ba8
Use vars_get un send_request_cgi
2016-07-19 20:12:14 +03:00
Mehmet Ince
ec2f8fcc71
Change check method and use meterpreter instead of unix cmd
2016-07-19 11:13:06 +03:00
forzoni
6f35a04e21
Incorporate review fixes, ensure PrependFork is true, fix echo compat.
2016-07-19 01:45:56 -05:00
Mehmet Ince
650034b600
Use normalize_uri params instead of string concatenation
2016-07-19 01:01:05 +03:00
Mehmet Ince
c8deb54938
Add Drupal RESTWS Remote Unauth PHP Code Exec
2016-07-18 21:32:10 +03:00
RageLtMan
14c9569afa
2013-1710 - Use header VHOST info for redirection
...
When this exploit is hit by hostname, the HTTP request contains
a Host header field which does not match the IP-based redirection.
Update the module to check request headers for host information,
and fallback to the prior behavior if none exists.
Tested in conjunction with #6611 DNS spoofer - works great, see
issue #7098 for details.
2016-07-17 04:50:54 -04:00
Josh Hale
722133491d
Wording change in advanced options and doc
2016-07-16 22:57:36 -05:00
Josh Hale
9cb9a2f69d
Update for windows keylog_recorder
2016-07-16 22:38:10 -05:00
AgoraSecurity
dcd09f17bd
New Post Module
...
New post module for windows.
It gathers the users and cracks the password of MDaemon Mail server.
NOTE: The module have a bug and I would appreciate help fixing it (problem when storing credentials)
2016-07-16 19:07:27 -05:00
ktreimann
e3801c425b
Fix typo in USB error message
2016-07-16 09:43:48 -04:00
Brent Cook
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e0216
, reversing
changes made to 7b1d9596c7
.
2016-07-15 12:00:31 -05:00
h00die
03dca5fee2
updates round 2
2016-07-15 09:02:23 -04:00
h00die
33ce3ec3ed
fixes round 2
2016-07-15 08:44:39 -04:00
h00die
7734279147
round 2 of updates
2016-07-15 08:21:17 -04:00
Brendan
8968a6603e
Syntax cleanup
2016-07-14 13:25:31 -07:00
Brendan
927b3a88a1
Changed to one delete
2016-07-14 13:11:59 -07:00
David Maloney
b6b52952f4
set ssh to non-interactive
...
have to set the non-interactive flag so that it does not
prompt the user on an incorrect password
MS-1688
2016-07-14 11:12:03 -05:00
David Maloney
01d0d1702b
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-07-14 09:48:28 -05:00
thao doan
9862a2fc25
Land #7080 , Updated docs and made enhancements for Netgear soap password extractor
2016-07-13 14:30:46 -07:00
William Vu
b2c3267a2a
Land #7042 , fetch_ninja_form_nonce/wponce fix
2016-07-13 11:38:11 -05:00
Brent Cook
ee90e5e96d
update payload sizes
2016-07-13 01:06:05 -05:00
Brent Cook
fcdb32795d
Land #6777 , Linux Xen 4.2.0 DoS
2016-07-13 00:40:42 -05:00
Brent Cook
7b5e3a880d
added module docs and some output tweaks for consistency with other modules
2016-07-13 00:38:46 -05:00
Brent Cook
3e6fed7958
update metadata
2016-07-13 00:13:02 -05:00
Brent Cook
0304b2c1e2
simplify logic, Ubuntu support
2016-07-12 23:50:32 -05:00
wchen-r7
8f928c6ca1
Land #7006 , Add MS16-032 Local Priv Esc Exploit
2016-07-12 15:22:35 -05:00
wchen-r7
815c426b4d
Match naming style
2016-07-12 15:18:39 -05:00
James Lee
556620d981
Fix pack on big endian host systems
2016-07-12 15:17:52 -05:00
wchen-r7
f11b84f106
Update wfsdelay and check for ms16-032
2016-07-12 15:17:21 -05:00
James Lee
e9350986a4
Style
2016-07-12 14:51:37 -05:00
James Lee
1a15fc1c2e
Whitespace
2016-07-12 14:51:37 -05:00
William Webb
8f73167b15
Land #7060 , Fix up the 64-bit BSD reverse shell
2016-07-12 14:37:51 -05:00
William Vu
f164afaef8
Land #6932 , joomla_contenthistory_sqli_rce fixes
2016-07-12 14:26:49 -05:00
James Lee
c3e8f81982
Land #7038 , zutto_deriku, an x64 encoder
2016-07-12 13:46:55 -05:00
William Vu
310332b521
Clean up module
2016-07-12 11:17:10 -05:00
wchen-r7
b869b890c7
Land #7090 , Add module for Tikiwiki Upload Exec
2016-07-12 11:16:50 -05:00
wchen-r7
2471e8bc8c
Add FileDropper to cleanup properly
2016-07-12 11:16:18 -05:00
William Vu
277950cc79
Land #6733 , psexec StackAdjustment fix
2016-07-12 11:14:16 -05:00
Mehmet Ince
43833c8756
Fixing double normalize function call
2016-07-12 07:30:18 +03:00
Brent Cook
2b016e0216
Land #6812 , remove broken OSVDB references
2016-07-11 22:59:11 -05:00
Pearce Barry
7b1d9596c7
Land #7068 , Introduce 'mettle' - new POSIX meterpreter
2016-07-11 22:38:40 -05:00
Brent Cook
627fffdb08
Land #7089 , correct usage of OptPort and OptRegex
2016-07-11 22:13:27 -05:00
Brent Cook
128f802928
use the regex source when generating or displaying a regex
2016-07-11 22:05:50 -05:00
khr0x40sh
7211936f96
Fix Payload exit issue
...
Fixed payload exiting issue by adding while ($true){Start-Sleep 1000};
statement.
2016-07-11 16:21:08 -04:00
Mehmet Ince
fc56ab6722
Fixing some coding style because of rubocop
2016-07-11 23:10:18 +03:00
Brendan
47f2cef22e
Syntax changes to humor rubocop and ruby style
2016-07-11 12:50:58 -07:00
Mehmet Ince
e79c3ba7c0
Tiki Wiki unauth rce
2016-07-11 22:44:07 +03:00
Brendan
963437d5e7
Land #7063 , Add module for WebNMS 5.2 Arbitrary File Download
2016-07-11 10:05:21 -07:00
Brendan
c2a5da08af
Land #7064 , Add moule to steal creds from WebNMS 5.2
2016-07-11 06:38:50 -07:00
William Webb
52c6daa0f2
Land #7048 , Riverbed SteelCentral NetProfiler and NetExpress Remote
...
Command Injection
2016-07-10 18:54:12 -05:00
Francesco
b75084249a
Removed duplicate 'Privileged' key
2016-07-10 01:37:03 -04:00
h00die
fdce5bc30c
add disclosure date
2016-07-09 09:30:00 -04:00
sho-luv
25f49c0091
Fixed Description
...
Just cleaned up Description.
2016-07-08 16:17:39 -07:00
Brendan
bbe4162320
Added error checking and some suggested style changes
2016-07-08 08:27:56 -07:00
wchen-r7
d0e1c67c18
Land #7026 , Add Action Pack render exploit CVE-2016-2098
2016-07-07 16:16:37 -05:00
wchen-r7
2cc6565cc9
Update rails_actionpack_inline_exec
2016-07-07 15:56:50 -05:00
James Lee
cfb56211e7
Revert "Revert "Land #7009 , egypt's rubyntlm cleanup""
...
This reverts commit 1164c025a2
.
2016-07-07 15:00:41 -05:00
Brendan
09dcd1dade
Added version check and error handling, changed regex to ruby syntax.
...
Also made a few syntax changes to placate rubocop.
2016-07-07 10:35:18 -07:00
h00die
892f354ece
give me some credit
2016-07-06 21:39:45 -04:00
h00die
47cf6d5edf
better docs, extract more data
2016-07-06 21:28:57 -04:00
wchen-r7
fee361dae0
Land #7075 , Add ms16-016 local privilege escalation
2016-07-06 12:01:01 -05:00
wchen-r7
532ea5d4c4
Make sure there's a ref and checkcode
2016-07-06 12:00:20 -05:00
wchen-r7
45401bfe45
Land #7069 , modify check codes in multiple local exploits
2016-07-06 00:04:24 -05:00
William Webb
b4b3a84fa5
refactor ms16-016 code
2016-07-05 20:50:43 -05:00
James Lee
1164c025a2
Revert "Land #7009 , egypt's rubyntlm cleanup"
...
This reverts commit d90f0779f8
, reversing
changes made to e3e360cc83
.
2016-07-05 15:22:44 -05:00
Brent Cook
21bede1166
unify stager style
2016-07-05 11:24:54 -05:00
Brent Cook
049b322ae4
add x86 and x64 stagers for mettle
2016-07-05 11:24:54 -05:00
Adam Cammack
8490a3b775
Remove hard-float requirement for MIPS O32
2016-07-05 11:24:54 -05:00
Adam Cammack
0390ed4d6e
Add MIPS O32 Linux support (big and little endian)
2016-07-05 11:24:54 -05:00
Adam Cammack
8de508c4e0
Add mettle module for ARM
2016-07-05 11:24:54 -05:00
wchen-r7
6290cb681f
Change class name Metasploit4 to MetasploitModule
2016-07-05 11:12:49 -05:00
David Maloney
5f9f3259f8
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-07-05 10:48:38 -05:00
agix
7d638a0975
Remove misc_anti_emu
2016-07-05 17:29:37 +02:00
Brendan
e29d5b9efe
Land #6954 , Fix the available size of payload for exploit/.../payload_inject
2016-07-05 07:38:27 -07:00
Clément Notin
0f8efec001
Fix modules broken by @wchen-r7 's 4275a65407
commit.
...
These modules call check() in the exploit() function and expected to get a CheckCode::Vulnerable, now that check() returns Appears instead of Vulnerable they always refuse to run.
I've flipped the logic, based on examples in other modules, now they refuse to run only if check() positively returns Safe.
2016-07-05 13:49:14 +02:00
Brent Cook
cfc368ab65
Land #6959 , Add Linux ARM big endian ipv4 bind shellcode
2016-07-05 00:41:00 -05:00
Brent Cook
54dfcee665
Land #7055 , add netgear_soap_password_extractor docs
2016-07-04 23:59:10 -05:00
Stephen Deck
9d13df3a25
Corrected for console width errors causing erroneous carriage returns, resulting in incorrect hash extraction on ms sql server 2012
2016-07-04 16:23:07 -04:00
Pedro Ribeiro
ec4769fade
Create exploit for WebNMS credential disclosure
2016-07-04 21:15:15 +01:00
Pedro Ribeiro
05ef5316df
Create exploit for WebNMS arbitrary file download
2016-07-04 21:10:14 +01:00
Pedro Ribeiro
eeba35f87a
Create file for WebNMS 5.2 remote code execution
2016-07-04 21:07:03 +01:00
Hans Jerry Illikainen
78335f8e20
Update the cache size in bsd/x64/shell_reverse_tcp
2016-07-04 00:35:52 +02:00
Hans Jerry Illikainen
f246aa0b58
dup2() to STDERR_FILENO in bsd/x64/shell_reverse_tcp
2016-07-04 00:00:33 +02:00
Hans Jerry Illikainen
54092177a2
Remove superfluous xor in bsd/x64/shell_reverse_tcp
2016-07-03 23:53:11 +02:00
Pearce Barry
12812650c0
Land #7054 , Fix busted alpha encoding on ms02_018_htr
2016-07-02 17:07:25 -05:00
Francesco
4ed12d7077
Added: support for credentials saving using report_cred method as suggested
...
Added: support for detection of valid user credentials to skip login SQLi if not necessary.
2016-07-02 01:41:13 -04:00
h00die
844c13dc17
added new vuln device to netgear list, plus docs
2016-07-01 18:32:30 -04:00
James Lee
3850431966
Fix busted alpha encoding on this old-ass exploit
2016-07-01 17:20:00 -05:00
wchen-r7
bca0d716c0
Land #7047 , Ensure http_login scanner module saves passwds
2016-07-01 12:21:28 -05:00
Brendan
70a79bb0e8
Land #7014 , Nagios remote root shell exploit
2016-07-01 08:17:38 -07:00
William Vu
a1bd640eff
Fix hashrocket alignment
2016-07-01 09:05:03 -05:00
William Vu
9663f88fdc
Download profile.zip instead of including it
...
profile.zip is GPL-licensed...
2016-07-01 01:17:23 -05:00
Pearce Barry
159446ce92
Ensure http_login scanner module saves passwds.
...
Fixes #6983 . When the auxiliary/scanner/http/http_login module discovers a successful basic auth user+password combination, make sure we properly store the password by specifically telling the credentials gem that the private data we're storing is a :password.
2016-06-30 16:58:39 -05:00
William Webb
1401a61f59
Land #6998 , Fix #6984 Undefined method 'winver' in ms10_092_schelevator
2016-06-30 16:14:09 -05:00
agix
3edb0b3625
Reduce chance to get a null byte in the decoder stub
2016-06-30 19:14:32 +02:00
agix
31ea58d7f0
Inherit from Msf::Encoder::Xor to get key preventing badchars
...
I guess it what Msf::Encoder::Xor find_bad_keys is for.
2016-06-30 18:29:30 +02:00
wchen-r7
1ecef265a1
Do a fail_with in case nonce is not found at all
2016-06-30 11:21:45 -05:00
wchen-r7
e2b9225907
Fix #7022 , Failing to find wpnonce in fetch_ninja_form_nonce
...
This patch fixes a problem when the module is used against an older
version of ninja forms (such as 2.9.27), the nonce is found in a
hidden input instead of the JavaScript code, which actually causes
an undefined method 'gsub' bug in the module.
Fix #7022
2016-06-30 11:15:38 -05:00
Tod Beardsley
afbeb2b668
Land #7023 , fixes for swagger exploit
...
Thanks @sdavis-r7!
See #7015 as well.
2016-06-30 10:54:34 -04:00
Tod Beardsley
d1281b6594
Chmod to remove the exec bit.
2016-06-30 10:43:46 -04:00
Francesco
068a4007de
Riverbed SteelCentral NetProfiler & NetExpress Exploit Module
...
Changes to be committed:
new file: modules/exploits/linux/http/riverbed_netprofiler_netexpress_exec.rb
2016-06-29 22:27:40 -04:00
agix
8a777bec41
Forget to rename function after msftidy correction
2016-06-29 23:30:48 +02:00
agix
c489c5ce3e
Add two x64 encoders to improve anti-virus evasion
2016-06-29 23:11:24 +02:00
William Vu
68bd4e2375
Fire and forget the shell
...
Edge case where reverse_perl returns 302 when app is unconfigured.
2016-06-29 14:51:05 -05:00
forzoni
d414ea59c3
Remove bash dependency. Oops.
2016-06-28 22:39:45 -05:00
David Maloney
3d93c55174
move sshfactory into a mixin method
...
use a convience method to DRY up creation
of the SSHFactory inside modules. This will make it easier
to apply changes as needed in future. Also changed msframework attr
to just framework as per our normal convention
MS-1688
2016-06-28 15:23:12 -05:00
James Lee
4e63591ce8
Use the proper Author key, not Authors
2016-06-28 15:21:19 -05:00
David Maloney
ee2d1d4fdc
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-06-28 15:00:35 -05:00
David Maloney
97f9ca4028
Merge branch 'master' into egypt/ruby-ntlm
2016-06-28 14:14:56 -05:00
Louis Sato
d5d0b9e9b8
Revert "Land #6729 , Speed up the datastore"
...
This reverts commit c6b1955a5a
, reversing
changes made to 4fb7472391
.
2016-06-28 13:39:52 -05:00
forzoni
5f044ffda0
s/print_warning/print_error.
2016-06-28 10:26:23 -05:00
forzoni
0635fee820
Move some log lines to vprint_status.
2016-06-28 03:28:41 -05:00
forzoni
6c11692b04
Add privilege escalation for host users that can access the docker daemon.
2016-06-28 03:24:41 -05:00
RageLtMan
fcf8cda22f
Add basic module for CVE-2016-2098
...
ActionPack versions prior to 3.2.22.2, 4.1.14.2, and 4.2.5.2
implement unsafe dynamic rendering of inline content such that
passing ERB wrapped Ruby code leads to remote execution.
This module only implements the Ruby payloads, but can easily
be extended to use system calls to execute native/alternate
payload types as well.
Test Procedures:
Clone https://github.com/hderms/dh-CVE_2016_2098
Run bundle install to match gem versions to those in lockfile
Run the rails server and configure the metasploit module:
Set TARGETURI to /exploits
Configure payload and handler options
Execute the module, move on to post-exp
2016-06-28 03:28:16 -04:00
William Vu
5f08591fef
Add Nagios XI exploit
2016-06-27 15:17:18 -05:00
Scott Lee Davis
2480781409
pesky pry.
2016-06-27 01:55:49 -04:00
Scott Lee Davis
c2b4e22b46
updated with discovered changes from k kali & documentation update changes requested.
2016-06-27 01:53:20 -04:00
h00die
1c20122648
fedora compatibility, added naming options
2016-06-25 08:43:55 -04:00
James Lee
058115c21f
Land #7015 , sdavis' swagger exploit
2016-06-24 16:13:51 -05:00
James Lee
15a1a9ed71
Raise if payload.arch doesn't match expected
...
This is necessary when payload is a generic/* since we can't actually
figure out what we need the prefix/suffix to be because the generics are
a pain to extract the arch/platform info out of.
Also remove some unnecessary options.
2016-06-24 16:08:47 -05:00
David Maloney
409e26351b
remove test module
...
sponge left in patient
2016-06-24 15:12:47 -05:00
David Maloney
6c3871bd0c
update ssh modules to use new SSHFactory
...
updated all of our SSh based module to use the
new SSHFactory class to plug Rex::Sockets into
Net::SSH
MS-1688
2016-06-24 13:55:28 -05:00
David Maloney
5bc513d6cd
get ssh sessions working properly
...
ssh sessions now working correctly
MD-1688
2016-06-24 12:14:48 -05:00
wchen-r7
9f280d714e
Land #6994 , NetBIOS Name Brute Force Spoofing modules
2016-06-23 17:54:51 -05:00
Scott Davis
3fb9eae687
EOL space if a ruby devil.
2016-06-23 15:40:16 -07:00
Scott Davis
b38b116c9a
@ePaul comments added to description.
2016-06-23 15:33:11 -07:00
Tod Beardsley
08d08d2c95
Fix Java payload generator
2016-06-23 14:51:26 -05:00
Tod Beardsley
464808d825
First, put the RC data in the module proper
2016-06-23 14:43:37 -05:00
Tod Beardsley
92c70dab6f
Real array, and fix PHP
2016-06-23 13:22:21 -05:00
Tod Beardsley
ffabf26593
No Automatic target.
2016-06-23 12:50:23 -05:00