Aaron Soto
c4bca03fea
Land #9908 , msfd_rce_remote and msfd_rce_browser
2018-04-27 18:54:17 -05:00
Aaron Soto
82fc4aba64
Land #9918 , XDebug Unauthenticated OS command execution
2018-04-27 17:08:58 -05:00
Brent Cook
79d8f5e86c
autofilter = false means skip, which is reverse of intuition
2018-04-26 17:20:55 -05:00
Jeffrey Martin
54aaf1f718
Land #9937 , enable autofilter on tp-link camera exploit
2018-04-26 16:08:09 -05:00
Brent Cook
4789cdc596
enable autofilter on tp-link camera exploit
2018-04-26 14:56:39 -05:00
Brent Cook
0fa0358993
Land #9853 , Update Linux sock_sendpage local exploit module
2018-04-26 14:30:51 -05:00
William Vu
873cbcee27
Fix #9876 , minor updates to Drupalgeddon 2
...
1. Tested versions are already listed in the module doc, and we've
tested more than just 7.57 and 8.4.5 now. Removing a source of potential
inconsistency in the future.
2. No problem with ivars anymore. No idea what happened, but maybe I was
just too tired to code. Removing cleanup method.
2018-04-25 18:09:54 -05:00
Brent Cook
f52e6a18a2
Land #9876 , Drupalgeddon 2
2018-04-25 15:49:53 -05:00
William Vu
b8eb7f2a86
Set target type instead of regexing names
...
We're no longer matching multiple targets like /In-Memory/ or /Dropper/,
so it makes sense to match on a specific value now.
Old matching in this commit: 1900aa2708
.
2018-04-25 11:53:26 -05:00
Brent Cook
2cd0228db2
Land #9900 , add base64 encoder for ruby
2018-04-25 04:06:50 -05:00
Brent Cook
4cba6d1df4
suggest a reason if we get no server response
2018-04-25 03:57:12 -05:00
William Vu
910e9337fb
Use print_good for patch level check, oops
2018-04-24 23:21:22 -05:00
William Vu
b7ac16038b
Correct comment about PHP CLI (it's not our last!)
2018-04-24 23:18:51 -05:00
William Vu
ec43801564
Add check for patch level in CHANGELOG.txt
...
Looks like 8.x has core/CHANGELOG.txt instead.
2018-04-24 23:12:33 -05:00
William Vu
2ff0e597a0
Add SA-CORE-2018-002 as an AKA ref
...
Makes sense to me. Even though it's technically the advisory.
2018-04-24 22:51:33 -05:00
William Vu
8bc1417c8c
Use PHP_FUNC as a fallback in case assert() fails
...
Additionally drop a file in a writable directory in case CWD fails.
2018-04-24 22:29:27 -05:00
William Vu
8ff4407ca6
Clarify version detection error message
...
This was supposed to imply that we couldn't configure the exploit for a
targetable version. Instead, it just read weirdly. I think it was
missing "to target" at the end. "Determine" is a much better word,
though, since we may be doing detection instead of mere configuration.
2018-04-24 20:51:51 -05:00
Robin Stenvi
c81ad8fec0
Changes after review
2018-04-24 18:33:27 +02:00
William Vu
cfaca5baa3
Restore a return lost in the refactor :(
...
Also spiff up comments.
2018-04-24 11:25:55 -05:00
William Vu
a0f16b4a66
Prefer print_warning for consistency
2018-04-24 11:17:19 -05:00
William Vu
7ef8b99480
Improve printing in ETERNALBLUE's verify_arch
...
Now shows the invalid arch instead of showing nothing.
2018-04-24 11:09:54 -05:00
William Vu
b507391f1b
Change back to vprint_status for the nth time
...
I really couldn't decide, especially once I got rid of CmdStager.
Also fully document the module options.
2018-04-24 04:23:52 -05:00
William Vu
c8b6482ab0
Rewrite PHP targets to work with 7.x and 8.x
...
Win some, lose some. php -r spawns a new (obvious) command. :/
Check method and version detection also rewritten. :)
2018-04-24 03:38:05 -05:00
Wei Chen
f9a804e7d8
Bring the PR up to date
2018-04-23 08:52:05 -05:00
Robin Stenvi
60c6f970c1
Added base64 encoder for Ruby
2018-04-21 10:54:26 +02:00
William Vu
8be58d315c
Stop being lazy about badchar analysis
...
Badchars apply to all targets.
2018-04-20 19:30:38 -05:00
William Vu
5be4526085
Merge remote-tracking branch 'upstream/master' into feature/drupal
2018-04-20 18:42:15 -05:00
bwatters-r7
1c92134606
Land #9756 , Add lastore-daemon D-Bus Privilege Escalation exploit
...
Merge branch 'land-9756' into upstream-master
2018-04-20 15:45:37 -05:00
bwatters-r7
f12f6d54a5
Land #9862 , Post-exploitation module for meterpreter (Windows) to send wireless probe requests
...
Merge branch 'land-9862' into upstream-master
2018-04-20 14:32:01 -05:00
bwatters-r7
37a844bef0
Land # 9247, Add ASUS infosvr Auth Bypass Command Execution exploit
...
Merge branch 'land-9247' into upstream-master
2018-04-20 11:24:47 -05:00
William Vu
fcfe927b7a
Add PHP dropper functionality and targets
2018-04-19 05:11:21 -05:00
William Vu
62aca93d8b
Cache version detection and print only once
...
Oops. This is the problem with overloading methods.
2018-04-19 04:59:07 -05:00
William Vu
2670d06f99
Add in-memory PHP execution using assert()
2018-04-19 02:18:56 -05:00
William Vu
7a2cc991ff
Refactor once more with feeling
...
Nested conditionals are the devil. Printing should be consistent now.
2018-04-18 23:59:14 -05:00
William Vu
3d116d721d
Add version detection and automatic targeting
...
I also refactored error handling. Should be cleaner now.
2018-04-18 21:40:22 -05:00
William Vu
86ffbc753e
Refactor clean URL handling and remove dead code
2018-04-18 19:56:42 -05:00
Tim W
1547a47026
Land #9784 , add osx high sierra APFS password disclosure post module
2018-04-18 14:27:22 +08:00
Tim W
72cd97d3e4
minor documentation and comment tweaks
2018-04-18 14:22:32 +08:00
William Vu
1900aa2708
Refactor module and address review comments
2018-04-17 19:05:45 -05:00
William Vu
d8508b8d7d
Add Drupal Drupalgeddon 2
2018-04-14 00:22:30 -05:00
Adam Cammack
2a6acfd1d0
Land #9823 , Private IP leak via WebRTC
2018-04-11 17:37:56 -05:00
Borja Merino
2d33320921
Added a post-exploitation module to send wireless probe requests
2018-04-11 16:43:33 +02:00
Brendan Coles
154951cd37
minor update
2018-04-11 01:45:41 +10:00
Dhiraj Mishra
8be159bdc7
Fixing space-tab mixed
2018-04-10 20:45:38 +05:30
Dhiraj Mishra
7cbba34c83
Parsing IP address only
...
Changed title name and description, however few things still needs to fix.
2018-04-10 20:32:52 +05:30
Brendan Coles
fc7040099c
Update Linux sock_sendpage local exploit module
2018-04-10 11:15:42 +00:00
Tim W
ee6f83c281
match newfs_apfs regex
2018-04-10 14:45:14 +08:00
Aaron Soto
be18930f12
Cleaned up output, only querying for %WINDIR% if necessary
2018-04-09 15:27:50 -05:00
Auxilus
c07f2f1a09
Update run_as.rb
2018-04-09 21:24:16 +05:30
Auxilus
c34b796f13
Remove temp file from dist after cmd execution
...
https://github.com/rapid7/metasploit-framework/issues/9830
2018-04-09 20:14:01 +05:30