wchen-r7
d622c782ef
Land #5519 , adobe_flash_uncompress_zlib_uninitialized in the flash renderer
2015-06-10 11:52:47 -05:00
wchen-r7
667db8bc30
Land #5517 , adobe_flash_casi32_int_overflow (exec from the flash renderer)
2015-06-10 11:39:13 -05:00
William Vu
b23647d5ae
Land #5521 , @todb-r7's module cleanup
2015-06-10 11:29:41 -05:00
Tod Beardsley
dc2fec76a9
Land #5509 , remove msfencode and msfpayload
...
Fixes #4326
Thanks @wchen-r7!
2015-06-10 11:15:35 -05:00
Tod Beardsley
0d979f61ae
Minor fixups on newish modules
2015-06-10 11:09:42 -05:00
jvazquez-r7
fb531d0069
Update version coverage
2015-06-10 09:38:00 -05:00
jvazquez-r7
a6fe383852
Use AS Exploiter
2015-06-10 09:32:52 -05:00
root
7cb82f594b
Add ftp port for service
2015-06-10 14:24:05 +05:00
root
3ffe006e09
Update titan_ftp_admin_pwd to use the new creds API
2015-06-10 13:36:26 +05:00
root
3fe6ddd10a
Change credential status from untried to successful
2015-06-10 10:09:57 +05:00
root
78a6e1bc90
Change credential status from untried to successful
2015-06-10 10:07:33 +05:00
root
1b3f911f84
Change credential status from untried to successful
2015-06-10 09:54:10 +05:00
jvazquez-r7
e5d6c9a3cb
Make last code cleanup
2015-06-09 16:01:57 -05:00
jvazquez-r7
cf8c6b510b
Debug version working
2015-06-09 15:46:21 -05:00
William Vu
9fa423464c
Fix #5224 , comma fixes
...
My fault for missing these.
2015-06-09 14:28:01 -05:00
William Vu
8a69704d3e
Fix up commas
2015-06-09 14:27:35 -05:00
William Vu
d31a59cd22
Fix #5224 , altered option description
2015-06-09 14:15:58 -05:00
William Vu
cc8650f98a
Fix TMPPATH description
2015-06-09 14:15:18 -05:00
William Vu
9c97da3b7c
Land #5224 , ProFTPD mod_copy exploit
2015-06-09 14:11:27 -05:00
William Vu
5ab882a8d4
Clean up module
2015-06-09 14:10:46 -05:00
jvazquez-r7
b7f0fad72f
Modify CVE-2014-0569 to use the flash exploitation code
2015-06-09 11:31:39 -05:00
wchen-r7
6eb25743e3
Merge branch 'upstream-master' into bapv2
2015-06-09 10:10:00 -05:00
root
49e4820c57
Add depcrecated note to the existing modules
2015-06-09 10:42:53 +05:00
Josh Abraham
8381d4f994
update smb_enumusers_domain to store enumerated users in the DB
2015-06-08 19:42:03 -04:00
David Maloney
bb56f6043e
explicitly use windows\temp
...
instead of using the user temp directory
trying to get around some intermittant permissions
issues
MSP-12358
2015-06-08 13:17:18 -05:00
David Maloney
2a474c8375
Merge branch 'master' into feature/MSP-12358/ntds-dump-module
2015-06-08 11:42:03 -05:00
wchen-r7
5a6a16c4ec
Resolve #4326 , remove msfpayload & msfencode. Use msfvenom instead!
...
msfpayload and msfencode are no longer in metasploit. Please use
msfvenom instead.
Resolves #4326
2015-06-08 11:30:04 -05:00
root
3279518bbd
Move VMware modules to the VMware directory
2015-06-08 14:58:22 +05:00
root
245c76374d
Update nessus_xmlrpc_logic to use the new creds API
2015-06-08 14:40:15 +05:00
jvazquez-r7
a39539f8ef
Land #5457 , @wchen-r7 updates spark_im to use the new cred API
2015-06-07 20:45:42 -05:00
HD Moore
25aa96cfc1
Land #5456 , removes obsolete comment
2015-06-07 14:25:23 -05:00
HD Moore
1f11cd5470
Lands #5446 , support for 64-bit native powershell payloads
2015-06-07 14:16:19 -05:00
HD Moore
c80017992a
A dirty patch for a number of Net::DNS/dns_enum issues
2015-06-06 13:48:52 -05:00
jvazquez-r7
dca2607d54
Land #5452 , @wchen-r7 Update tortoisesvn to use the new cred API
2015-06-06 01:35:40 -05:00
jvazquez-r7
bf35b9bdf4
Minor fix
2015-06-06 01:35:09 -05:00
HD Moore
135958a225
Cleanup the udp_(sweep|probe) SNMP generators
2015-06-06 00:54:08 -05:00
HD Moore
6b05302059
Fixes #5459 , refactors LoginScanner::SNMP
2015-06-06 00:50:55 -05:00
wchen-r7
ea33d7060e
Correct ranking
2015-06-05 21:07:27 -05:00
wchen-r7
ff39e32cc6
Single quote
2015-06-05 21:06:57 -05:00
jvazquez-r7
c3437dab2a
Land #5451 , @wchen-r7 Update filezilla_client_cred to use the new cred API
2015-06-05 16:39:31 -05:00
jvazquez-r7
57b7d10ec5
Land #5449 , @wchen-r7 updates total_commander to use the new cred API
2015-06-05 16:28:32 -05:00
wchen-r7
ee13a215e9
Merge branch 'upstream-master' into bapv2
2015-06-05 14:09:07 -05:00
jvazquez-r7
318f67fcda
update descriptions
2015-06-05 09:01:20 -05:00
root
3ec6d9b7aa
Update owa_login to use new cred API
2015-06-05 15:41:07 +05:00
root
b6936febbe
Update pcanywhere_login to use the new cred API
2015-06-05 12:16:00 +05:00
wchen-r7
71a8487091
Correct Flash version in the module description
...
There is no 11.2.202.404, mang.
2015-06-04 23:46:41 -05:00
wchen-r7
5f4b2ed22a
Newline
2015-06-04 23:36:36 -05:00
wchen-r7
69968fc9f1
Merge branch 'upstream-master' into bapv2
2015-06-04 23:36:24 -05:00
jvazquez-r7
02181addc5
Update CVE-2014-0556
2015-06-04 18:23:50 -05:00
wchen-r7
874e090aa1
Update wordpress_login_enum to use the new cred API
2015-06-04 18:16:14 -05:00
root
d4f418fe3f
Style corrections
...
See #5480
2015-06-04 15:52:07 -05:00
wchen-r7
23df66bf3a
Land #5481 , no powershell. exec shellcode from the renderer process.
2015-06-04 15:45:09 -05:00
wchen-r7
487cc15b0b
Land #5476 , multi-platform update for adobe_flash_net_connection_confusion
2015-06-04 12:32:42 -05:00
jvazquez-r7
ab68d8429b
Add more targets
2015-06-04 12:11:53 -05:00
wchen-r7
be709ba370
Merge branch 'upstream-master' into bapv2
2015-06-04 10:33:07 -05:00
wchen-r7
744baf2d44
Update kloxo_sqli to use the new cred API
2015-06-03 23:28:35 -05:00
jvazquez-r7
80cb70cacf
Add support for Windows 8.1/Firefox
2015-06-03 22:46:04 -05:00
wchen-r7
78e4677bb1
Oops it blew up
2015-06-03 20:10:01 -05:00
wchen-r7
a0aa6135c5
Update ca_arcserve_rpc_authbypass to use the new cred API
2015-06-03 20:02:07 -05:00
John Sherwood
d3c3741478
Use run_host so that we can use THREADS
...
- The refactor left the module using run_batch even though the
features of the code that made this desirable were removed (i.e.,
it was no longer doing one batch per community string). By now
switching back to run_host, we can again take advantage of the
built-in metasploit multithreading capabilities.
- Also, added back in the display of the result.proof field. This
aids in identifying false positives (which have a blank response)
and is functionality worth keeping.
2015-06-03 18:08:38 -04:00
jvazquez-r7
74117a7a52
Allow to execute payload from the flash renderer
2015-06-03 16:33:41 -05:00
wchen-r7
39d38f1641
Update pptpd_chap_secrets to use the new cred API
2015-06-03 16:33:10 -05:00
Pedro Ribeiro
d5b33a0074
Update sysaid_rdslogs_fle_upload.rb
2015-06-03 22:01:13 +01:00
Pedro Ribeiro
37827be10f
Update sysaid_auth_file_upload.rb
2015-06-03 22:00:44 +01:00
Pedro Ribeiro
7f35c3b4f5
Update sysaid_sql_creds.rb
2015-06-03 22:00:08 +01:00
Pedro Ribeiro
54bfe29527
Update and rename sysaid_file_ to sysaid_file_download.rb
2015-06-03 21:59:45 +01:00
Pedro Ribeiro
42e84cd7d5
Update sysaid_admin_acct.rb
2015-06-03 21:59:04 +01:00
Pedro Ribeiro
6683b86822
Create sysaid_sql_creds.rb
2015-06-03 21:46:48 +01:00
Pedro Ribeiro
72b7982e7a
Create sysaid_file_
2015-06-03 21:46:13 +01:00
Pedro Ribeiro
62993c35d3
Create sysaid_rdslogs_fle_upload.rb
2015-06-03 21:45:14 +01:00
Pedro Ribeiro
193b7bcd2e
Create sysaid_auth_file_upload.rb
2015-06-03 21:44:02 +01:00
Pedro Ribeiro
765077d741
Create sysaid_admin_acct.rb
2015-06-03 21:38:43 +01:00
wchen-r7
656f64d9bd
Update razorsql to use the new cred API
2015-06-03 13:49:06 -05:00
Roberto Soares
b305fa62f4
Changed vprint_error when nothing was downloaded.
2015-06-03 14:46:59 -03:00
Roberto Soares
24ec3b2fb5
Changed vprint_error to fail_with method.
2015-06-03 13:46:59 -03:00
OJ
a6467f49ec
Update description
2015-06-03 22:17:25 +10:00
OJ
455a3b6b9d
Add butchered version of CVE-2015-1701
2015-06-03 21:48:23 +10:00
wchen-r7
b038760be7
Update razer_synapse to use the new cred API
2015-06-03 01:44:20 -05:00
wchen-r7
ef0d6490da
Update smartermail to use the new cred API
2015-06-03 00:48:52 -05:00
wchen-r7
c64f025c4e
Add module_fullname: fullname
2015-06-02 12:35:06 -05:00
wchen-r7
e43163135b
Add module_fullname: fullname,
2015-06-02 12:33:34 -05:00
benpturner
dddbf3886b
Updated payload spec to be in the correct order and updated payload cached size
2015-06-02 18:33:06 +01:00
wchen-r7
63708f2bba
Add module_fullname: fullname
2015-06-02 12:27:35 -05:00
wchen-r7
28556ea6e2
Update spark_im to use the new cred API
2015-06-02 12:16:07 -05:00
wchen-r7
aac2db826f
Remove comment about report_auth_info
...
This module isn't using report_auth_info, so this comment is no
longer needed.
2015-06-02 10:24:55 -05:00
Tim
ac2a52b522
fix android/java reverse_tcp
2015-06-02 10:54:49 +01:00
root
7485cf776e
Remove unnecessary spaces
2015-06-02 14:18:36 +05:00
root
b4cfe93977
Add creds API
2015-06-02 14:16:16 +05:00
wchen-r7
1ae9265fb9
Update tortoisesvn to use the new cred API
2015-06-02 00:52:43 -05:00
wchen-r7
b98cc89f0c
Update filezilla_client_cred to use the new cred API
2015-06-02 00:22:17 -05:00
Tim
c721cb6f4e
Land #5448 , fix author name typo
2015-06-02 05:08:48 +01:00
wchen-r7
c3e15059a7
Update total_commander to use the new cred API
2015-06-01 21:17:58 -05:00
James Lee
d03ee5667b
Remove assigned but unused local vars
2015-06-01 16:45:36 -05:00
James Lee
7133f0a68e
Fix typo in author's name
2015-06-01 16:45:09 -05:00
Brent Cook
449ce32f07
update for new UUID namespace
2015-06-01 15:16:04 -05:00
benpturner
9d1a7cead4
New modules to support 64bit process powershell.
2015-06-01 16:11:23 +01:00
Brent Cook
64e86165ef
remove android meterpreter bins, update to payloads 1.0.2
...
This switches us to using the Android payload files from the
metasploit-payloads gem
2015-06-01 09:14:31 -05:00
Brent Cook
70ef1b83f9
Merge branch 'master' into land-5366-android
2015-06-01 09:07:55 -05:00
wchen-r7
e83677d29d
rm deprecated mod
2015-05-29 17:43:26 -05:00
OJ
3dd3ef5edb
Merge branch 'upstrea/master' into winhttp-ie-proxy
2015-05-30 08:03:43 +10:00
jvazquez-r7
4a6fec7f1e
Land #5439 , @Firefart's explanations on dlink_upnp_header_exec_noauth
2015-05-29 16:46:41 -05:00
Brent Cook
b8a8e65c2c
Merge branch 'master' into land-5394-uuid-tracker
2015-05-29 16:22:45 -05:00
jvazquez-r7
6669665d6d
Land #5402 , @nstarke's module to extract accouns information from a AVTECH744_DVR device
2015-05-29 16:14:50 -05:00
jvazquez-r7
843572df6d
Change module filename
2015-05-29 16:14:16 -05:00
jvazquez-r7
acb0af3826
Update description
2015-05-29 16:13:43 -05:00
jvazquez-r7
39ae6263e9
Use Rex::Text.encode_base64
2015-05-29 16:12:21 -05:00
Christian Mehlmauer
73f7885eea
add comment
2015-05-29 23:08:55 +02:00
jvazquez-r7
8338b21f6c
Make some code cleanup
2015-05-29 16:04:29 -05:00
Brent Cook
7b0006a1b2
Merge branch 'master' into land-5394-uuid-tracker
2015-05-29 15:41:31 -05:00
Brent Cook
96a1e1b344
Land #5367 , add UUID stagers
2015-05-29 15:18:53 -05:00
wchen-r7
13779adab4
Merge branch 'upstream-master' into bapv2
2015-05-29 14:59:04 -05:00
wchen-r7
6be363d82a
Merge branch 'upstream-master' into bapv2
2015-05-29 14:58:38 -05:00
jvazquez-r7
1be04a9e7e
Land #5182 , @m-1-k-3's exploit for Dlink UPnP SOAP-Header Injection
2015-05-29 14:49:09 -05:00
jvazquez-r7
8b2e49eabc
Do code cleanup
2015-05-29 14:45:47 -05:00
jvazquez-r7
8c7d41c50c
Land #5426 , @wchen-r7's adds more restriction on Windows 7 target for MS14-064
2015-05-29 14:35:44 -05:00
wchen-r7
c3fa52f443
Update description
2015-05-29 13:47:20 -05:00
wchen-r7
dab9a66ea3
Use current ruby hash syntax
2015-05-29 13:43:20 -05:00
jvazquez-r7
9ccf04a63b
Land #5420 , @m-1-k-3's miniigd command injection module (ZDI-15-155)
2015-05-29 13:29:03 -05:00
jvazquez-r7
9ebd6e5d6e
Use REXML
2015-05-29 13:27:19 -05:00
Brent Cook
7d5af66fa0
Merge branch 'master' into land-5367-uuid-stagers
2015-05-29 13:00:35 -05:00
jvazquez-r7
294fa78c1f
Land #5430 , @m-1-k-3's adding specific endianess Arch to some exploits
2015-05-29 11:43:25 -05:00
jvazquez-r7
dd39d196f5
Land #5226 , @m-1-k-3's Airties login Buffer Overflow exploit
2015-05-29 10:51:32 -05:00
jvazquez-r7
952f391fb4
Do minor code cleanup
2015-05-29 10:49:51 -05:00
wchen-r7
bb444a8259
Land #5429 , Decrypt encrypted passwords in DBVisualizer
2015-05-29 09:57:08 -05:00
root
17c0af6380
Consistent column names
2015-05-29 11:08:24 +05:00
root
101f12b9d2
Remove base64 require
2015-05-29 10:38:06 +05:00
root
3ac5088a9a
Add decryption.final for proper padding
2015-05-29 10:33:55 +05:00
wchen-r7
b6b055a5f2
Land #5431 , deprecate cold_fusion_version, use coldfusion_version instead.
2015-05-28 15:40:34 -05:00
wchen-r7
80c3022dc1
Deprecate cold_fusion_version. Please use coldfusion_version.
...
auxiliary/scanner/http/cold_fusion_version is deprecated. Please use
auxiliary/scanner/http/coldfusion_version instead.
2015-05-28 15:39:14 -05:00
wchen-r7
00a80ce2ab
Land #5425 , Add Linux support to CVE-2015-0336
2015-05-28 15:18:44 -05:00
wchen-r7
2a260f0689
Update description
2015-05-28 15:18:05 -05:00
Christian Mehlmauer
52e30d4fc2
Land #5434 , OSVDB reference
2015-05-28 22:00:44 +02:00
wchen-r7
068198c980
Land #5386 , automatically find file for ms15_034
2015-05-28 14:52:31 -05:00
wchen-r7
f9f35db7f3
Update description
2015-05-28 14:52:03 -05:00
Tod Beardsley
818dbf58f0
Adding an OSVDB number to the Netgear module
2015-05-28 14:37:39 -05:00
Michael Messner
666b0bc34a
MIPSBE vs MIPS
2015-05-28 18:50:48 +02:00
erwanlr
a74c3372c0
Uses vprint instead of print in #check_host
2015-05-28 15:46:51 +01:00
erwanlr
6d01d7f986
Uses peer instead of ip:port across all the module
2015-05-28 09:32:05 +01:00
erwanlr
447c4ee7df
Allows the targetèuri to be shared between the #check and #dos
2015-05-28 09:30:04 +01:00
root
2756c7375e
Add datastore options
2015-05-28 10:58:36 +05:00
root
1ab49397a2
Decrypt encrypted passwords
2015-05-28 10:21:00 +05:00
jvazquez-r7
e9714bfc82
Solve conflics
2015-05-27 23:22:00 -05:00
Spencer McIntyre
24b4dacec5
Land #5408 , @g0tmi1k fixes verbiage and whitespace
2015-05-27 21:02:02 -04:00
wchen-r7
bcdae5fa1a
Forgot to add the datastore option
2015-05-27 18:12:38 -05:00
wchen-r7
4f0e908c8b
Never mind, Vista doesn't have powershell.
2015-05-27 18:08:58 -05:00
wchen-r7
d43706b65e
It doesn't look like Vista shows the powershell prompt
2015-05-27 18:04:35 -05:00
wchen-r7
53774fed56
Be more strict with Win 7 for MS14-064
...
The Powershell prompt can cause BAP to hang so we need to be more
strict about that.
2015-05-27 18:01:40 -05:00
jvazquez-r7
e5d42850c1
Add support for Linux to CVE-2015-0336
2015-05-27 17:05:10 -05:00
wchen-r7
2ae9e39719
Land #5376 , Report ipmi_dumphashes credentials with create_credential_login
2015-05-27 13:11:07 -05:00
Tod Beardsley
95b5ff6bea
Minor fixups on recent modules.
...
Edited modules/auxiliary/admin/http/netgear_soap_password_extractor.rb
first landed in #5301 , @m-1-k-3's aux module to extract passwords from
Netgear soap interfaces
Edited modules/auxiliary/scanner/http/influxdb_enum.rb first landed in
Edited modules/auxiliary/scanner/http/title.rb first landed in #5333 ,
HTML Title Grabber
Edited modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
first landed in #5401 , multi-platform CVE-2015-0311 - Flash uncompress()
UAF
Edited modules/exploits/unix/webapp/wp_revslider_upload_execute.rb first
landed in #5290 , Wordpress RevSlider Module
2015-05-26 17:00:10 -05:00
wchen-r7
60cdf71e6c
Merge branch 'upstream-master' into bapv2
2015-05-26 15:56:48 -05:00
wchen-r7
a0e0e3d360
Description
2015-05-25 17:24:41 -05:00
Michael Messner
43f505b462
fix contact details
2015-05-25 19:31:50 +02:00
OJ
307dcd09dd
Update payload cache sizes again
2015-05-25 20:12:20 +10:00
OJ
7f59a7482e
Update authors and stuff
2015-05-25 12:02:52 +10:00
OJ
e103b2365a
Update payload sizes and add new payloads to spec
2015-05-25 11:31:15 +10:00
OJ
9e50114082
Merge branch 'upstream/master' into uuid-stagers
2015-05-25 11:22:35 +10:00
OJ
9042f141ff
Implement the IPv6 UUID bind stagers
2015-05-25 11:21:28 +10:00
jvazquez-r7
f953dc08d9
Land #5280 , @m-1-k-3's support for Airties devices to miniupnpd_soap_bof
2015-05-24 15:17:38 -05:00
Nicholas Starke
a3ff9859c8
Adding Credentials Capabilities
...
This commit adds the ability for credentials
to be retrieved via the 'creds' command. It
also contains a few miscellaneous stylistic
syntax changes.
2015-05-24 15:03:06 -05:00
Michael Messner
10baf1ebb6
echo stager
2015-05-23 15:50:35 +02:00
wchen-r7
60b0be8e3f
Fix a lot of bugs
2015-05-23 01:59:29 -05:00
jvazquez-r7
5bceeb4f27
Land #5349 , @h0ng10's module for CVE-2015-2219 Lenovo System Update Local Privilege Escalation
2015-05-22 17:14:20 -05:00
wchen-r7
9600f6a30a
rm deprecated exploit
2015-05-22 17:14:08 -05:00
wchen-r7
6de75ffd9f
Merge branch 'upstream-master' into bapv2
2015-05-22 17:11:03 -05:00
wchen-r7
eb5aadfb4e
Land #5401 , multi-platform CVE-2015-0311 - Flash uncompress() UAF
2015-05-22 16:50:13 -05:00
jvazquez-r7
3aa1ffb4f5
Do minor code cleanup
2015-05-22 16:20:36 -05:00
wchen-r7
2bb6f390c0
Add session limiter and fix a race bug in notes removal
2015-05-22 12:22:41 -05:00
jvazquez-r7
03b70e3714
Land #5388 , @wchen-r7's fixes #5373 by add info to BrowserRequiements
2015-05-22 10:21:59 -05:00
HD Moore
c17ee64d81
Merge branch 'master' into feature/uuid-registration
2015-05-22 00:29:16 -05:00
OJ
1c73c190fc
Add machine_id support to windows php meterp
2015-05-22 14:55:29 +10:00
Brent Cook
9ce669f878
Land #5328 : reworked x64 http/https stagers
2015-05-21 23:26:34 -05:00
Tim
7a9e875a25
use uuid aware generate_uri_uuid_mode
2015-05-22 05:21:08 +01:00
OJ
10bd75348c
Merge branch 'upstream/master' into uuid-stagers
2015-05-22 13:07:25 +10:00
OJ
a6a274d3a3
Merge recent stager changes
2015-05-22 13:01:45 +10:00
Nicholas Starke
9430d38a09
Adding AVTECH744_DVR Module
...
This module retrieves account information from
an AVTECH 744 DVR, including username, cleartext
password, account role, and the device PIN.
2015-05-21 16:33:06 -05:00
jvazquez-r7
e1f10772b3
Use create_cracked_credential
2015-05-21 16:30:42 -05:00
jvazquez-r7
305da46491
Land #5301 , @m-1-k-3's aux module to extract passwords from Netgear soap interfaces
2015-05-21 16:07:05 -05:00
jvazquez-r7
6da94b1dd5
Deprecate windows module
2015-05-21 15:01:41 -05:00
jvazquez-r7
b9f9647ab1
Use all the BES power
2015-05-21 14:06:41 -05:00
Roberto Soares
b4a6cdbad0
Remove new line in vprint_line.
2015-05-21 12:33:09 -03:00
Roberto Soares
0135b3639f
Add WordPress Simple Backup File Read Vulnerability.
2015-05-21 12:23:24 -03:00
erwanlr
d9d8634948
Changes the message displayed when vulnerable
2015-05-21 08:46:16 +01:00
wchen-r7
6e8ee2f3ba
Add whitelist feature
2015-05-21 00:05:14 -05:00
wchen-r7
bdf30dd383
Land #5374 , --smallest option in msfvenom
2015-05-20 21:06:10 -05:00
HD Moore
a8d111ce89
Merge branch 'master' into feature/uuid-registration
2015-05-20 19:48:39 -05:00
jvazquez-r7
aa919da84d
Add the multiplatform exploit
2015-05-20 18:57:59 -05:00
wchen-r7
2cadd5e658
Resolve #5373 , Add ActiveX info in BrowserRequirements
...
Resolve #5373
2015-05-20 16:34:09 -05:00
Brent Cook
a4df3468de
unique: should be update:, include uri in data hash
2015-05-20 16:20:09 -05:00
Brent Cook
c85b82e8a7
Merge branch 'master' into land-5358-notes
2015-05-20 16:02:59 -05:00
erwanlr
4f6fe2abce
Avoids swallowing exceptions
2015-05-20 21:36:03 +01:00
erwanlr
202a77fc12
Improves detection of the MS15-034
2015-05-20 18:08:00 +01:00
wchen-r7
23c77adc68
Land #5377 , Update cred reporting method for http_ntlm
2015-05-20 11:57:42 -05:00
OJ
44f8cf4124
Add more size to stagers, adjust psexec payloads
...
This psexec payload size should be evaluated to make sure I'm not doing
anything stupid. i can't see a reason why increasing these sizes would
be bad. They seem to work fine.
2015-05-20 17:07:56 +10:00
OJ
5963a5833a
Fix up php stageless payload includes
2015-05-20 16:50:00 +10:00
Tim
96a30118e2
add https cert validation
2015-05-20 07:27:59 +01:00
OJ
d0a5b803e8
Use generate_payload_uuid instead of manual obj creation
2015-05-20 16:25:52 +10:00
OJ
289873c25f
Merge all the stager changes
2015-05-20 16:02:37 +10:00
OJ
6859b24c1c
Fix missing label, update payload sizes
2015-05-20 15:42:31 +10:00
William Vu
c1b8cee315
Land #5369 , @dmaloney-r7's snmp_login fixes
2015-05-19 10:39:03 -05:00
Tim
ebd20fbedd
fix http
2015-05-19 16:25:46 +01:00
Tim
e7c8a3b56c
add support for SessionRetryTotal and SessionRetryWait on Android
2015-05-19 16:16:04 +01:00
OJ
a93565b5d1
Add 'Payload' section with 'Size' to psexec_psh
...
This missing parameter was causing the payload 'Size' to come through to
the encoders as `nil`. This meant that all the stagers that were
looking at the payload sizes were being told there was no size. In the
case of the meterpreter payloads, this was causing issues with the proxy
settings because the proxy configuration detail isn't added to the
payload unless there's enough space.
This fix adds a default size of 2048 (the same as the plain psexec
module). This makes the proxy settings work as expected.
2015-05-19 22:11:29 +10:00
OJ
9fddc21cf3
Shaved another sneaky byte off the payload
2015-05-19 21:21:07 +10:00
OJ
6e96e6d118
Shellcode golf to make the payload smaller
...
Tried to implement some more of the stuff that egypt suggested, managed
to get some in, but not others. Ultimately, its smaller than it was, and
I'm sure there are ways to make it better as well.
2015-05-19 21:17:42 +10:00
OJ
62720ab357
Fix the wininet stager for http/s
...
For some reason this was only working on Windows7/2008, yet when tired
on Windows 2012 it was resulting in crashes. It was also stopping
working in exploits such as psexec_psh.
Went back to the beginning and started again. With this in place, we can
now do a bit of shellcode golf to make it a bit smaller.
Adjusted payload sizes as well.
2015-05-19 20:03:22 +10:00
jvazquez-r7
55c07b1bdd
Report credentials with create_credential_login
2015-05-19 00:14:55 -05:00
HD Moore
c7932855f2
Move UUIDOptions to UUID::Options
2015-05-18 23:35:18 -05:00
jvazquez-r7
d564a85f6f
Fix jtr_format
2015-05-18 19:55:48 -05:00
jvazquez-r7
f49362492a
Report hash's username correctly
2015-05-18 19:46:17 -05:00
jvazquez-r7
c6fcb9c6c5
Report credentials with create_credential_login
2015-05-18 19:39:03 -05:00
HD Moore
448736989d
Merge branch 'master' into feature/msfvenom-smallest
2015-05-18 18:41:44 -05:00
wchen-r7
89be3fc1f2
Do global requirement comparison in BAP
2015-05-18 16:27:18 -05:00
Brent Cook
5d085a3e13
Land #5351 , use 32-bit registry view when detecting epo_sql
2015-05-18 15:48:14 -05:00
Brent Cook
79db696c15
fix EOL character
2015-05-18 15:46:55 -05:00
HD Moore
093ca31c7d
The InvalidPayloadSizeException wasn't actually defined anywhere
2015-05-18 15:36:15 -05:00
HD Moore
b0a8c77127
Switch RuntimeError -> EncodingError
2015-05-18 15:33:01 -05:00
HD Moore
7989a29203
Switch to the stock EncodingError exception
2015-05-18 15:27:31 -05:00
HD Moore
5c31586c68
Switch to the correct exception class
2015-05-18 15:25:26 -05:00
David Maloney
69a7a89936
use the correct print_error message
...
vrpint_error feeds through the old authbrute mixin
which does not behave properly anymore. use
print_error instead
5266
2015-05-18 13:51:23 -05:00
David Maloney
09d735e855
remove proof from failure message
...
the snmp login scanner will only have
proof on success, not on failure. remove it from
the failure message for cleaner formatting
5266
2015-05-18 13:45:01 -05:00
Donny Maasland (Fox-IT)
e1eed6e9d9
single quotes and slashes..
2015-05-18 16:33:57 +02:00
OJ
4a5f92072e
Make msftidy happy
2015-05-18 22:00:51 +10:00
OJ
923c4274d3
Formatting fixes
2015-05-18 21:52:33 +10:00
OJ
28abceaec5
Update payload sizes and specs
2015-05-18 21:22:54 +10:00
OJ
e7f80042d4
Finalise work on the bind_ipv6_tcp stager for UUID support
2015-05-18 21:19:04 +10:00
Donny Maasland (Fox-IT)
7d65095472
fix quotes
2015-05-18 12:20:42 +02:00
OJ
6c00e62649
Small fix to PHP stage
2015-05-18 19:11:33 +10:00
Donny Maasland (Fox-IT)
30f7c651c9
use REGISTRY_VIEW_32_BIT
2015-05-18 10:19:32 +02:00
OJ
e2d4ed6045
Add the UUID payloads for PHP
2015-05-18 17:49:34 +10:00
OJ
9296a024e2
PHP meterpreter refactoring in prep for uuid work
2015-05-18 17:40:48 +10:00
OJ
e41ae93524
Payload sizes, specs and more
2015-05-18 14:58:10 +10:00
OJ
4488a5e634
Add uuid support to python, and rework stages/stagers
2015-05-18 14:33:35 +10:00
OJ
0d56b3ee66
Stage UUIDs, generation options, php and python meterp uuid
2015-05-18 13:29:46 +10:00
OJ
bf2b113abb
Merge branch 'upstream/master' into update-x64-stagers
2015-05-18 13:28:36 +10:00
Hans-Martin Münch (h0ng10)
d99eedb1e4
Adding begin...ensure block
2015-05-17 20:48:11 +02:00
Hans-Martin Münch (h0ng10)
acb053a2a7
CloseHandle cleanup
2015-05-17 20:39:10 +02:00
Brent Cook
d804f5fe49
update to metasploit-payloads 0.0.7
2015-05-17 10:06:38 -05:00
Stuart Morgan
79b9ef008a
Bugfix
2015-05-17 13:55:56 +01:00
Brent Cook
829f8420e2
Update static payload sizes for metasploit-payloads-0.0.6
2015-05-15 18:43:47 -05:00
David Maloney
fd1a24d6f9
some more minor cleanup noise
...
apparently we standardized on using get_env
instead of expand_path in these cases. Not sure
on the effective difference here but no big deal
MSP-12358
2015-05-15 13:33:48 -05:00
jvazquez-r7
dd5060e08c
Land #5340 , @wchen-r7's change to the symantec_web_gateway_login writing style
2015-05-15 13:18:35 -05:00
jvazquez-r7
cf5fa6752e
Use parenthesis
2015-05-15 13:17:54 -05:00
jvazquez-r7
d05cae5faf
Land #5329 , @wchen-r7's add configurable options to jenkins_login
2015-05-15 11:38:21 -05:00
David Maloney
631dfc0a0e
increase timeout on ntdsutil
...
default timeout is 15 seconds. we'll give it 90
seconds for now. This may still be too short for
really really large domains, but too long of a timeout
can create other issues
MSP-12358
2015-05-15 11:19:35 -05:00
David Maloney
a3d91dff0b
clean up ntds.dit file when done
...
delete the ntds.dit file we copied when
we are done
MSP-12358
2015-05-15 11:13:19 -05:00
jvazquez-r7
2882374582
Land #5276 , @lanjelot fixes #4243 and improves java_jdwp_debugger
2015-05-15 11:12:10 -05:00
jvazquez-r7
a46975f1f0
Fix read_reply to use get_once correctly
2015-05-15 11:11:25 -05:00
David Maloney
ac04b8d1e7
a little bit of cleanup
...
constantise some of the magic numbers in
the NTDS Account class
MSP-12358
2015-05-15 10:47:31 -05:00
Donny Maasland (Fox-IT)
2721be946a
also check Wow6432Node keys
2015-05-15 14:28:12 +02:00
Hans-Martin Münch (h0ng10)
e075495a5b
string concatenation, clear \ handling
2015-05-15 06:51:42 +02:00
Hans-Martin Münch (h0ng10)
94d39c5c75
remove hard coded pipe name
2015-05-15 06:35:55 +02:00
Hans-Martin Münch (h0ng10)
bb4f5da6d9
replace client.sys.config.getenv with get_env
2015-05-15 06:33:57 +02:00
OJ
7b2aee2a60
Merge branch 'upstream/master' into update-x64-stagers
2015-05-15 12:27:40 +10:00
wchen-r7
8bcdd08f34
Some basic code in place for real-time exploit list generation
2015-05-14 19:09:38 -05:00
Hans-Martin Münch (h0ng10)
bba261a1cf
Initial version
2015-05-15 00:36:03 +02:00
David Maloney
724b7c6f16
save the ntlm hases as creds
...
the last step is now complete. the current and historical
hashes are all saved to the database for cracking and/or
replay
MSP-12358
2015-05-14 13:52:11 -05:00
wchen-r7
24a989b8a3
Land #5249 , Add Module for Enum on InfluxDB database
2015-05-14 11:22:54 -05:00
wchen-r7
005c36b2a6
If data is empty, don't save (or even continue)
2015-05-14 11:22:10 -05:00
David Maloney
452fc6b149
Merge branch 'feature/MSP-12357/meterp-ntds' into feature/MSP-12358/ntds-dump-module
2015-05-14 10:31:28 -05:00
OJ
83fbd41970
Merge branch 'upstream/master' into multi-transport-support
...
Conflicts:
Gemfile.lock
modules/payloads/singles/cmd/windows/powershell_bind_tcp.rb
2015-05-14 14:50:25 +10:00
HD Moore
5f3947312d
Lands #5327 , SSL support + refactor for PowerShell
2015-05-13 23:25:15 -05:00
wchen-r7
1a8ab91ce3
Configurable max exploits
2015-05-13 16:23:22 -05:00
wchen-r7
7617217eff
Add ability to exclude
2015-05-13 15:55:19 -05:00
David Maloney
0e666d5732
gaurd against arch mismatch
...
this will not work from an x86 proc
on an x64 machine, so guard against that.
MSP-12358
2015-05-13 15:28:11 -05:00
David Maloney
9308da7956
2003 code path working
...
using VSS directly on server 2003 and repairing
the database with esentutl is now working
MSP-12358
2015-05-13 12:25:44 -05:00
benpturner
36aa136091
missing require
2015-05-13 17:36:45 +01:00
benpturner
1f294eac0b
Updated to remove dup code
2015-05-13 17:26:21 +01:00
OJ
e9e3d9c1e4
Update payloads gem, and updated payload sizes
2015-05-13 15:37:09 +10:00
wchen-r7
ac0e4e747a
Change writing style of symantec_web_gateway_login
2015-05-13 00:23:37 -05:00
OJ
7148e45bfc
Fix incorrect reference to data path for linux meterpreter stage
2015-05-13 14:21:22 +10:00
wchen-r7
202c5e0121
Land #5333 , HTML Title Grabber
2015-05-12 11:19:06 -05:00
wchen-r7
faec5844cb
Some fixes
2015-05-12 11:18:21 -05:00
jvazquez-r7
a5267ab77e
Land #4940 , @dnkolegov's modules for F5 BIG-IP devices
2015-05-12 09:59:21 -05:00
Stuart Morgan
f0048b9a6d
Apparently you don't quote the keys with the new syntax
2015-05-12 11:00:18 +01:00
Stuart Morgan
7c81adbd89
MSFTidy is now quiet and happy
2015-05-12 10:47:49 +01:00
Stuart Morgan
1f6bd3e2be
Updated to new ruby hash syntax and removed <> from title
2015-05-12 10:43:32 +01:00
OJ
237827bfdc
Fix up payload cached sizes again
...
This time it's against the currently "installed" version of Meterpeter
binaries. When Meterpreter is landed down the track we'll need to make
sure that the payload sizes are updated again.
2015-05-12 12:44:34 +10:00
OJ
836feaa2d8
Fix uuid setting, fix reverse_https x64 payload
...
The payload changes in this PR will be fixed up/removed in the
update-x64-stagers PR.
2015-05-12 10:24:11 +10:00
jvazquez-r7
0fb21af247
Verify deletion at on_new_session moment
2015-05-11 18:56:18 -05:00
OJ
51e6c13bc4
Adjust transport configuration include for x64/reverse_http
...
Not sure how I missed this, but I did!
2015-05-12 09:54:08 +10:00
OJ
474461d2a4
Merge format and structure changes from multi transport
2015-05-12 09:46:02 +10:00
OJ
69d2b8ffb1
Various code format, style changes, file moves
...
As per Egypt's suggestions.
2015-05-12 09:43:41 +10:00
jvazquez-r7
a40af79ed9
Delete dummy test case
2015-05-11 17:15:13 -05:00
OJ
0dbfc1e02b
Merge the stager size work from mult-transport-support
2015-05-12 07:50:56 +10:00
OJ
fe51f552b8
Make stageless, and reverse_tcp x64 non-dynamic
2015-05-12 07:37:12 +10:00
Stuart Morgan
518e28674e
Removed CGI dependency (@hmoore-r7, @wchen-r7)
2015-05-11 21:10:18 +01:00
jvazquez-r7
3cba27e461
Add test case
2015-05-11 15:03:05 -05:00
David Maloney
21004046c1
begin parsing of the database
...
clean up and begin aprsing the database
after we have copied it
MSP-12358
2015-05-11 14:48:12 -05:00
Stuart Morgan
78e310562b
Readability style change
2015-05-11 19:48:12 +01:00
Stuart Morgan
8e3d803e74
Updated style as per @void-in's comments
2015-05-11 19:46:10 +01:00
Stuart Morgan
62d67469da
Updated code style as per @hmoore-r7's instructions
2015-05-11 19:34:23 +01:00
Stuart Morgan
b8f7c80fd2
Rubocop
2015-05-11 18:50:03 +01:00
Stuart Morgan
8308c2a925
Added check for nonsensical options
2015-05-11 18:48:55 +01:00
Stuart Morgan
99133deabb
Reran tests, sorted out strip problem
2015-05-11 18:29:44 +01:00
Stuart Morgan
c25a5d3859
Fixed a bunch of rubocop errors
2015-05-11 18:14:37 +01:00
Stuart Morgan
34cf90af59
Removed unnecessary include
2015-05-11 17:31:31 +01:00
Stuart Morgan
c001f014ce
HTML Title Grabber
2015-05-11 17:29:22 +01:00
wchen-r7
d8cc2c19d3
Fix #5315 , User configurable options for jenkins_login
...
Fix #5315 . This patch allows the user to configure the HTTP method
for the login, as well as the URL.
2015-05-11 10:15:49 -05:00
OJ
6fdf23ad98
Update payload sizes again
2015-05-11 22:33:45 +10:00
benpturner
a97f24a12d
Update payload cached sizes
2015-05-11 10:00:14 +01:00
OJ
d9068b7719
Fix up payload cache sizes, and powershell include
2015-05-11 17:43:51 +10:00
OJ
e69e6c4a73
Implement winhttp for x64
...
Still has some quirks to fix up, but we're getting there. Everything
seems to work except for reverse_winhttps. I can't see why at this
point.
2015-05-11 17:27:47 +10:00
OJ
800ab11abd
Payload size adjustment, typo fix
...
Woot, this somehow reduces the payload sizes by 2 bytes... woot.. or
something.
2015-05-11 17:24:32 +10:00
OJ
21397b46aa
Add proxy user/pass to x64 reverse_http/s
2015-05-11 17:24:31 +10:00
OJ
b922da8f80
Add support for x64 reverse_http
...
Still need to bake in support for proxies in the stagers, but wer'e
getting there.
2015-05-11 17:24:31 +10:00
OJ
15e9fb7e40
Port reverse_https (wininet) x64 to metasm
...
This laid the groundwork for implementation of reverse_http as well.
2015-05-11 17:24:31 +10:00
wchen-r7
30b1c508f1
javascript portion
2015-05-10 16:50:32 -05:00
benpturner
c0388a770e
Update cached sizes
2015-05-10 22:01:30 +01:00
benpturner
c916021fc5
SSL Support for Powershell Payloads
2015-05-10 21:45:59 +01:00
Denis Kolegov
efb226a55c
Fixed some minor errors
2015-05-10 02:59:57 -04:00
William Vu
cc87df9123
Land #5323 , default creds fix for NETGEAR dirtrav
2015-05-09 14:36:00 -05:00
William Vu
eeb87a3489
Polish up module
2015-05-09 14:33:41 -05:00
HD Moore
fe907dfe98
Fix the disclosure date
2015-05-09 10:44:28 -05:00
Meatballs
d2e1fdbbc3
Land #5324 , fixes #5318
...
Fixes enum_domain_group_users when running as SYSTEM.
2015-05-09 10:49:05 +01:00
Meatballs
028f9dd43b
Tidy and rubocop
2015-05-09 10:48:07 +01:00
Meatballs
e9dc93f345
Use cmd_exec
2015-05-09 10:44:02 +01:00
jvazquez-r7
cb51bcc776
Land #5147 , @lightsey's exploit for CVE-2015-1592 MovableType deserialization
2015-05-09 01:56:38 -05:00
jvazquez-r7
89bc405c54
Do minor code cleanup
2015-05-09 01:54:05 -05:00
jvazquez-r7
a8adcda941
Redo port checks
2015-05-08 15:29:30 -05:00
jvazquez-r7
156aac1dff
Use timeout options
2015-05-08 15:23:08 -05:00
jvazquez-r7
bf9ca1f88f
Change module filename
2015-05-08 15:08:59 -05:00
jvazquez-r7
f56115552f
Do code cleanup
2015-05-08 14:56:39 -05:00
jvazquez-r7
b73241882b
Use datastore option
2015-05-08 14:48:19 -05:00
jvazquez-r7
b5f5bacb8c
Use the connect/read timeout as used by the HTTPClient mixin
2015-05-08 14:46:08 -05:00
rwhitcroft
8c3a97667a
use get_env instead of client.sys.config.getenv
2015-05-08 15:25:20 -04:00
jvazquez-r7
9fdbfd7031
Use vprint_error
2015-05-08 14:21:36 -05:00
jvazquez-r7
017ae463ed
Fix description style
2015-05-08 14:18:29 -05:00
jvazquez-r7
2e01eb519d
Do minor fixes
2015-05-08 14:04:44 -05:00
jvazquez-r7
5588ad36b3
Print status message
2015-05-08 13:51:00 -05:00
jvazquez-r7
7e62ba85a1
Do code cleanup
2015-05-08 13:33:28 -05:00
jvazquez-r7
60c2c7a7cd
Delete unused variable
2015-05-08 13:19:39 -05:00
jvazquez-r7
c0f21c3ae1
Fix metadata
2015-05-08 13:19:23 -05:00
rwhitcroft
b2ce2ddb05
determine the domain using env vars instead of parsing net.exe output
2015-05-08 14:17:49 -04:00
void-in
a7988f9e93
Change credentials to service:service
2015-05-08 22:52:59 +05:00
wchen-r7
8e86a92210
Update
2015-05-08 00:25:34 -05:00
William Vu
508574970c
Land #5307 , Brocade login scanner resurrection
2015-05-07 22:43:39 -05:00
William Vu
8d3737d13c
Fix some stylistic issues
2015-05-07 22:43:23 -05:00
William Vu
71518ef613
Land #5303 , metasploit-payloads Java binaries
2015-05-07 22:39:54 -05:00
William Vu
2f2169af90
Use single quotes consistently
2015-05-07 22:39:36 -05:00
wchen-r7
95f087ffd3
Some progress
2015-05-07 19:26:38 -05:00
jvazquez-r7
51bb4b5a9b
Add module for CVE-2015-0359
2015-05-07 17:00:00 -05:00
Brent Cook
a066105a86
prefer reading directly with MetasploitPayloads where possible
2015-05-07 16:59:02 -05:00
William Vu
134a674ef3
Land #5312 , @todb-r7's release fixes
2015-05-07 15:34:31 -05:00
William Vu
c9cb9ad564
Fix extraneous comma
2015-05-07 15:32:48 -05:00
Christian Mehlmauer
1469a151ad
Land #5290 , Wordpress RevSlider Module
2015-05-07 22:15:56 +02:00
OJ
fd827db6dd
Fix up bind stager payload sizes
2015-05-07 10:13:27 +10:00
OJ
9d7a7cb68d
Merge branch 'upstream/master' into multi-transport-support
...
Conflicts:
lib/msf/core/payload/linux/bind_tcp.rb
2015-05-07 07:24:22 +10:00
OJ
60e25170fa
Land #5313 : fixup bind_tcp stager
2015-05-07 07:09:19 +10:00
Tod Beardsley
4df622c76b
Oops, one last for #5312 .
2015-05-06 14:48:17 -05:00
Tod Beardsley
e8913e5620
Addressed most of @wvu's issues with #5312
2015-05-06 14:47:08 -05:00
Tod Beardsley
f423306b6f
Various post-commit fixups
...
Edited modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb first landed
in #5150 , @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys
Edited modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb
first landed in #5192 , @joevennix's module for Safari CVE-2015-1126
Edited modules/auxiliary/gather/java_rmi_registry.rb first landed in
Edited modules/auxiliary/gather/ssllabs_scan.rb first landed in #5016 ,
add SSL Labs scanner
Edited modules/auxiliary/scanner/http/goahead_traversal.rb first landed
in #5101 , Add Directory Traversal for GoAhead Web Server
Edited modules/auxiliary/scanner/http/owa_iis_internal_ip.rb first
landed in #5158 , OWA internal IP disclosure scanner
Edited modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb
first landed in #5159 , WordPress Mobile Edition Plugin File Read Vuln
Edited modules/exploits/linux/http/multi_ncc_ping_exec.rb first landed
in #4924 , @m-1-k-3's DLink CVE-2015-1187 exploit
Edited modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb first
landed in #5131 , WordPress Slideshow Upload
Edited modules/exploits/windows/local/run_as.rb first landed in #4649 ,
improve post/windows/manage/run_as and as an exploit
(These results courtesy of a delightful git alias, here:
```
cleanup-prs = !"for i in `git status | grep modules | sed
s/#.*modules/modules/`; do echo -n \"Edited $i first landed in \" && git
log --oneline --first-parent $i | tail -1 | sed 's/.*Land //' && echo
''; done"
```
So that's kind of fun.
2015-05-06 11:39:15 -05:00
William Vu
b8c7161819
Fix up NameError'd payload_exe
2015-05-06 11:34:05 -05:00
William Vu
59ffe5d98f
Land #5306 , payload_exe NameError fix
2015-05-06 11:29:29 -05:00
wchen-r7
4b0f54f0aa
Land #5305 , CVE-2015-0336 Flash NetConnection Type Confusion
2015-05-06 11:26:22 -05:00
wchen-r7
97807e09ca
Lad #5125 , Group Policy startup exploit
2015-05-06 11:17:01 -05:00
wchen-r7
5b57e4e9ca
Add info about the waiting time
2015-05-06 11:15:11 -05:00
Brent Cook
0493f58834
Reenable metasm bind_tcp stager
2015-05-06 09:34:35 -05:00
Brent Cook
3c2e6bb698
rollback linux bind_tcp stager metasm port
...
The new metasm port of the linux bind_tcp stager doesn't yet generate valid
executables. While we're debugging the problem, this reverts the bind_tcp.rb
stager to use the static ASM again.
2015-05-06 09:26:04 -05:00
Tom Sellers
94d1905fd6
Added WPVDB reference
...
Added a link to the new WPVDB article 7540 that @FireFart provided.
2015-05-06 05:41:02 -05:00
Tom Sellers
c293066198
Leverage check_version_from_custom_file in PR #5292
...
Change the 'check' code to leverage check_version_from_custom_file added to wordpress/version.rb by @FireFart in PR #5292
2015-05-06 05:41:02 -05:00
Tom Sellers
18697d8d02
Fixed the following based on feedback from @FireFart ( Thanks! )
...
- Adjusted references section
- Corrected call to normalize_uri
- Removed unnecessary require for rex/zip
2015-05-06 05:41:02 -05:00
Tom Sellers
8cb18f8afe
Initial commit of code
2015-05-06 05:41:02 -05:00
Sam Roth
5cb8b9a20a
Fix #5304
2015-05-05 22:25:06 -04:00
Brent Cook
93c785560b
remove brocade_telnet scanner, extend telnet
...
Rather than duplicate the entire telnet scanner, add a pre-login hook that a
module can use to extend the behavior on connect. This also adds a local
pass-through print_error method like http has.
2015-05-05 21:19:46 -05:00
Mike
dc053aeb58
Spelling Fix
...
s/Brocde/Brocade/ as per bcook-r7
2015-05-05 21:16:24 -05:00
root
fc1c0028a8
moved array definition to avoid error
2015-05-05 21:16:23 -05:00
root
7949daf42b
brocade_enable_login msftidy success
2015-05-05 21:16:23 -05:00
root
6b5aaa5479
brocade enable command bruteforcer
2015-05-05 21:16:23 -05:00
jvazquez-r7
582919acac
Add module for CVE-2015-0336
2015-05-05 17:25:19 -05:00
Brent Cook
a0c806c213
Update java meterpreter and payload references to use metasploit-payloads
2015-05-05 15:01:00 -05:00
Darius Freamon
c988447c18
title enhancement, OSVDB ref
...
touch up title and add OSVDB reference
2015-05-05 13:21:36 -06:00
m-1-k-3
c8123c147f
upnp vs hnap
2015-05-05 20:57:05 +02:00
David Maloney
2ce0e61d98
Merge branch 'master' into feature/MSP-12358/ntds-dump-module
2015-05-05 09:47:59 -05:00
OJ
232117117b
Fix missing includes
...
The powershell one broke thanks to include hierarchy changes. The others
failed in the specs only for some reason.
2015-05-05 14:24:21 +10:00
OJ
146f41992f
Fix up payload sizes
2015-05-05 13:52:20 +10:00
OJ
852961f059
Tweaking of transport behaviour, removal of patch
2015-05-05 11:45:22 +10:00
OJ
cf62d1fd7c
Remove patch and old stageless stuff
2015-05-05 09:27:01 +10:00
OJ
b42f4f5cd2
Merge branch 'upstream/master' into multi-transport-support
...
Conflicts:
lib/msf/core/payload/windows/stageless_meterpreter.rb
lib/msf/core/payload/windows/x64/stageless_meterpreter.rb
lib/rex/post/meterpreter/client_core.rb
modules/payloads/stages/linux/x86/meterpreter.rb
modules/payloads/stages/windows/meterpreter.rb
modules/payloads/stages/windows/x64/meterpreter.rb
2015-05-05 07:53:54 +10:00
Brent Cook
05e4af8162
Land #5214 , initial meterpreter session recovery support
2015-05-04 16:25:27 -05:00
jvazquez-r7
b95be1b25f
Support information to include logon scripts
2015-05-04 15:49:19 -05:00
David Maloney
3c9c578a3d
ntdsutil method in place
...
ntdsutil method built out to make a copy
of ntds.dit on later version of Winbdows Server
MSP-12358
2015-05-04 15:35:36 -05:00
Darius Freamon
dc42a3ee1a
add OSVDB ref
...
add OSVDB ref
2015-05-04 14:27:44 -06:00
David Maloney
e0c64038a7
start new ddomain hashdump post module
...
module checks for all preconditions so far
including that Domain Services are running,
that we are Admin, that we have bypassed uac
and that it is a supported version of windows.
MSP-12358
2015-05-04 15:07:27 -05:00
Brent Cook
e6ea5511ca
update linux and windows meterpreters to use metasploit-payloads
2015-05-04 09:44:36 -05:00
OJ
c2dc4677fb
Prevent stagless from overwriting socket
...
Stageless payloads need to have the socket FD left along (ie. 0)
otherwise each of them will think that the socket is already open.
Instead we need to make sure it's left as 0 as per the configuration and
from there the stageless code will fire up a new socket based on the
transport in question.
2015-05-04 22:36:59 +10:00
OJ
e835f2b99c
Rejig transport config into module
...
Adjust a few other things along the way, including tidying of code,
removing of dead stuff.
2015-05-04 22:04:34 +10:00
m-1-k-3
c7e05448e7
various MIPS vs MIPSBE fixes
2015-05-04 12:55:21 +02:00
OJ
93bf995b32
Reverse tcp support for POSIX
...
Ported the stager and wired in the new work to make the configuration
function.
2015-05-04 20:11:26 +10:00
OJ
9300158c9a
Initial rework of POSIX stuff to handle new configuration
2015-05-04 18:58:55 +10:00
William Vu
67a23f2c74
Land #5296 , info hash product name fix
2015-05-03 14:36:25 -05:00
John Lightsey
4bfb9262e6
Add exploit module for MovableType CVE-2015-1592
...
This module targets the deserialization of untrusted Storable data in
MovableType before 5.2.12 and 6.0.7. The destructive attack will
function on most installations, but will leave the webapp corrupted.
The non-destructive attack will only function on servers that have the
Object::MultiType (uncommon) and DateTime (common) Perl modules
installed in addition to MovableType.
2015-05-03 14:18:01 -05:00
Darius Freamon
a5c10b7f10
Fix product name
...
Product name missing a letter in two locations
2015-05-03 13:11:22 -06:00
m-1-k-3
53043dcbbc
make msftidy happy
2015-05-03 18:14:51 +02:00
m-1-k-3
6fbce56a52
realtek upnp command injection
2015-05-03 18:09:22 +02:00
joev
db999d2c62
Remove ff 31-34 exploit from autopwn, requires interaction.
2015-05-03 10:42:21 -05:00
Balazs Bucsay
0b580acfb4
\t removed
2015-05-02 21:16:50 +02:00
Balazs Bucsay
a0539cd672
new x64 bsd shellcodes (bind/reverse) ipv4/6. ipv4 shells are smaller than
...
the existing one.
2015-05-02 20:52:09 +02:00
jvazquez-r7
1bc6822811
Delete Airties module
2015-05-22 11:57:45 -05:00
jvazquez-r7
70d0bb1b1a
Merge Airties target inside miniupnpd_soap_bof
2015-05-22 11:57:19 -05:00