8ade9b8aae
Land #7905 , WordPress content injection module
2017-02-09 15:49:50 +01:00
e1a1ea9d68
Fix grammar
2017-02-08 19:26:35 -06:00
cf395ea7b1
Make error checks more consistent
2017-02-08 18:00:44 -06:00
0d56676690
Add error check for listing posts
2017-02-08 17:13:12 -06:00
047a9b17cf
Completed version of openoffice_document_macro
2017-02-08 16:29:40 -06:00
cba5e266f8
Land #7916 , module for netgear password disclosure
2017-02-08 15:48:55 -05:00
e7b421e226
Update netgear_password_disclosure.rb
2017-02-08 13:40:11 -05:00
4ee05313d8
Update tested version numbers
2017-02-08 19:31:01 +03:00
766e7b013d
Once more, with feeling
2017-02-08 09:17:37 -06:00
a71b097e6b
Revert status iteration, since it doesn't work
...
Also.
2017-02-08 09:13:42 -06:00
fd935c8e3c
Update netgear_password_disclosure.rb
2017-02-08 09:14:39 -05:00
6b2a995a7d
Revert AutoPublish, since it doesn't work
...
Apparently.
2017-02-08 07:43:17 -06:00
df38a91fbd
Be nice and parse JSON for the error
2017-02-08 07:37:09 -06:00
2dfff95669
Fix msftidy warning
2017-02-08 08:28:23 -05:00
befe224c58
Use wordpress_and_online? before actions
2017-02-08 07:24:57 -06:00
46ab03f528
Add SearchTerm to filter listed posts
2017-02-08 06:10:46 -06:00
064420075f
Update diagnostics and print better header
2017-02-08 04:54:25 -06:00
6df55c9733
Gotta catch 'em (post statuses) all
2017-02-08 04:31:06 -06:00
7583d050b7
Add AutoPublish to publish updated posts
2017-02-08 04:01:42 -06:00
e480107bd5
Add PostCount (default 100) to list more posts
2017-02-08 03:52:20 -06:00
f3bcc9f23f
Take care of suhosin
2017-02-08 09:59:36 +01:00
028d4d6077
Make the payload a bit more random
2017-02-08 09:59:22 +01:00
13f4b0d7ae
Be more specific with invalid post ID
2017-02-08 02:18:52 -06:00
c16b7e42a6
Fix review stuff
2017-02-07 21:41:38 -05:00
46fbc9dd3f
Fix some formatting
2017-02-07 21:32:19 -05:00
6f4ff89218
Add WPVDB reference
2017-02-07 18:33:58 -06:00
cb03ca91e1
Make php_cgi_arg_injection work in certain environnement
...
This commit sets two more options to `0` in the payload:
- [cgi.force_redirect](https://secure.php.net/manual/en/ini.core.php#ini.cgi.force-redirect )
- [cgi.redirect_status_env](https://secure.php.net/manual/en/ini.core.php#ini.cgi.redirect-status-env )
The configuration directive `cgi.force_redirect` prevents anyone from calling PHP
directly with a URL like http://my.host/cgi-bin/php/secretdir/script.php .
Instead, PHP will only parse in this mode if it has gone through a web server redirect rule.
The string set in the configuration directive `cgi.redirect_status_env`
is the one that PHP will look for to know it's ok to continue its
execution. This might be use together with the previous configuration
option as a security measure.
Setting those variables to 0 is (as stated in the documentation) a
security issue, but it also make the exploit work on some Apache2 setup.
2017-02-07 18:59:27 +01:00
96f7b2e245
http_version now store the fngerprints
...
Currently, the `http_version` module doesn't store the fingerprints
into the database; this commit should fix this behaviour.
2017-02-07 18:36:36 +01:00
cefbee2df4
Add PoC for OpenOffice macro module
2017-02-07 10:12:23 -06:00
f4580a2616
Add token value check
...
Sometimes it wouldn't return creds if the token is 0. It usually works after running it another time.
2017-02-07 10:53:25 -05:00
c1f9b724cf
Maybe fix syntax error
2017-02-07 10:36:05 -05:00
d0f6d4ef45
Land #7920 , android/meterpreter_reverse_https
2017-02-07 20:42:47 +08:00
b4056a110b
Print diagnostics if no posts found/given
2017-02-07 04:37:05 -06:00
a9ea09a179
Land #7909 , Python process hiding for sessions -u
2017-02-07 02:28:24 -06:00
e1ade9caf8
Land #7910 , closed ports fix for TCP portscan
2017-02-07 02:23:15 -06:00
aac9381778
Update meterpreter_reverse_https.rb
2017-02-07 12:13:20 +04:00
00050abb73
Fix msftidy warnings
2017-02-06 22:06:50 -05:00
1f2a95c202
Use html parser instead of regex
2017-02-06 22:03:56 -05:00
115c60446e
Fix weird if loop in check
2017-02-06 17:30:49 -05:00
6ebdbc3f81
Fix some stuff from review
...
I'm going to change the HTML Regex to a parser a bit later, I don't have time right now
2017-02-06 17:29:39 -05:00
badca287dd
Land #7906 , Add Microsoft Word malicious macro document generator
2017-02-06 14:44:09 -06:00
f531366d89
Land #7790 an aux module to extract Meteocontrol Weblog admin password
2017-02-06 15:23:06 -05:00
9b4ca31432
Fix typo
2017-02-06 12:52:41 -05:00
52cf9c44df
Update netgear_password_disclosure.rb
2017-02-06 12:43:31 -05:00
16c6480629
Add response checks
...
I can't test this right now as I'm not at a computer that has metasploit installed, but I'll test it when I get a chance to.
2017-02-06 12:10:01 -05:00
f5450a718a
Add TARGETURI datastore option
2017-02-06 11:54:29 -05:00
99227aca1a
Fix things from review
2017-02-06 09:44:35 -05:00
0cec4be107
Android Stageless Meterpreter over HTTPS
...
Change to add functionality for stateless meterpreter over HTTPS
2017-02-06 14:59:43 +04:00
8af966a132
Add WordPress content injection module
2017-02-06 04:40:26 -06:00
fb7e5ff847
Fix more msftidy warnings
2017-02-05 14:00:05 -05:00
f08590982c
Fix some msftidy warnings
2017-02-05 13:58:01 -05:00
609ea3700a
Create netgear_password_disclosure.rb
2017-02-05 13:39:58 -05:00
db77061719
do not add closed ports to database
2017-02-04 16:24:40 +01:00
9e0cb9797b
python -c payload -> echo payload | python
2017-02-04 17:57:17 +08:00
d305f895ff
Fixed a typo space
2017-02-04 11:59:45 +05:30
36416c20cb
Updated check for extract fail case now + Minor edits
2017-02-04 03:00:31 +05:30
906fcfe355
OSSIM 5.0.0 version requires a authen token on action create
2017-02-03 23:45:33 +03:00
34b861403e
Minor updates
2017-02-04 01:44:18 +05:30
c73c189a61
Set DisablePayloadHandler default to true
2017-02-03 11:25:50 -06:00
83cb65d3a2
Don't spin CPU if an fopen fails
...
Because PHP is happy to continue on just fine in that case and the loop
below will run unbounded spewing warnings about reading from `false`.
2017-02-02 19:07:58 -06:00
3c7f78167a
Push up the preamble and modernize style
2017-02-02 17:57:03 -06:00
ccaa783a31
Add Microsoft Office Word Macro exploit
2017-02-02 17:44:55 -06:00
ff20cf911c
Move the preamble above all other code
2017-02-02 14:53:53 -06:00
23c2787d57
Land #7795 , Hardware Bridge API.
...
Initial bridge API that supports the HW rest protocol.
2017-02-02 08:47:59 -06:00
16de745437
Minor code cleanups/corrections.
2017-02-01 16:12:45 -06:00
423648e347
Minor edits
2017-02-01 03:53:14 +05:30
82d2777417
Minor update
2017-02-01 03:44:50 +05:30
59e31e26f2
Add Binom3 module
2017-02-01 03:35:35 +05:30
3c6fa12aca
Update firefox_smil_uaf to use BrowserExploitServer
2017-01-31 16:04:16 -06:00
2ff170a1fa
Land #7820 , Exploit for TrueOnline Billion 5200W-T
2017-01-31 11:33:56 -06:00
f167358540
Land #7821 , Command Injection Exploit for TrueOnline ZyXEL P660HN
2017-01-31 11:28:46 -06:00
b3521dfb69
Land #7822 , Command Injection Exploit for TrueOnline P660HN v2
2017-01-31 11:22:49 -06:00
c666ac93f5
Adding xff header
2017-01-31 14:37:22 +03:00
40108c2374
first commit
2017-01-31 14:15:46 +03:00
dd60fc3598
move cisco_webex_ext to exploits/windows/browser/
2017-01-27 16:59:20 -06:00
3c9b1be649
Land #7883 , Fix cisco_firepower_download to pass the username properly
2017-01-27 16:31:06 -06:00
4480ea7877
Land #7827 , Cisco Firepower Management Console LoginScanner
2017-01-27 16:26:40 -06:00
171cc7d54e
slight wording tweak
2017-01-27 16:26:23 -06:00
e6de951e3e
Fix cisco_firepower_download to pass the username properly
2017-01-27 16:25:34 -06:00
a4dd1fc846
Land #7805 , Add CVE-2016-6435 - Cisco Firepower Management Console Dir Traversal
2017-01-27 16:09:14 -06:00
38ea62f311
Land #7871 , Add Cisco WebEx Extension 1.0.1 Remote Code Execution
2017-01-27 15:37:27 -06:00
f846535d78
Land #7876 which adds an Advantech Webaccess credential gatherer
2017-01-26 19:37:36 -05:00
fd6a58a348
URI decode users
2017-01-26 18:30:17 -06:00
e47f38b3c9
Look at the right link to extract users
2017-01-26 18:20:06 -06:00
ba50f2f88b
Fix nil for empty pass
2017-01-26 17:51:20 -06:00
55b9c15d68
Pass should not be forced
2017-01-26 17:48:41 -06:00
4ee0a380d1
Update module description
2017-01-26 16:35:15 -06:00
72b654c9b1
Update description
2017-01-26 14:58:02 -06:00
94bc44b485
Add Advantech WebAccess Post Auth Credential Collector
2017-01-26 14:53:59 -06:00
781bc8420a
Add Advantech WebAccess LoginScanner module
2017-01-26 13:54:50 -06:00
94f9971300
add module doc and remove the word EXPLOIT from document title
2017-01-26 13:36:18 -06:00
d87cb4b085
nfi why i didnt set ssl by default
2017-01-25 21:02:34 -06:00
ad0e2c7d95
remove extraneous warning alerts
2017-01-25 18:53:54 -06:00
d2bc8c7f7e
msftidy complaints
2017-01-25 18:24:10 -06:00
10066e0c16
get your targets straight son
2017-01-25 18:21:58 -06:00
d4b18bb3b9
initial commit of webex rce mod
2017-01-25 18:03:19 -06:00
923184f5c5
Land #7870 Bump metasploit-payloads to 1.2.11 to incorporate:
...
https://github.com/rapid7/metasploit-payloads/pull/163
https://github.com/rapid7/metasploit-payloads/pull/166
2017-01-25 10:44:20 -06:00
1c6d7ee33e
additional changes for Nexpose XXE Arbitrary File Read
2017-01-25 10:29:58 -06:00
2f5845bdd7
Update cached size for payloads
2017-01-25 10:26:46 -06:00
9414b8ff4e
update payload sizes
2017-01-25 03:47:44 -06:00
Christian Mehlmauer
wchen-r7
William Vu
Spencer McIntyre
Carter
Mehmet Ince
jvoisin
Tim
sekritskwurl
William Webb
h00die
MatToufoutu
juushya
James Lee
Pearce Barry
Brent Cook
bwatters-r7
Louis Sato