William Vu
e114c85044
Land #5127 , x64 OS X prepend stubs 'n' stuff
2015-04-14 01:25:39 -05:00
William Vu
8d1126eaa5
Land #5129 , x64 BSD prepend stubs 'n' stuff
2015-04-14 01:24:50 -05:00
William Vu
e324819feb
Add Privileged to info hash
...
Also remove default payload. Was set for CMD.
2015-04-13 15:23:30 -05:00
Tod Beardsley
bd3b6514fa
Dubbed. Whump whump.
2015-04-13 10:52:32 -05:00
Tod Beardsley
d87483b28d
Squashed commit of the following:
...
commit 49f480af8b9d27e676c02006ae8873a119e1aae6
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Apr 13 10:42:13 2015 -0500
Fix funny punctuation on rootpipe exploit title
See #5119
commit 0b439671efd6dabcf1a69fd0b089c28badf5ccff
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Apr 13 10:37:39 2015 -0500
Fix vendor caps
Trusting the github repo README at
https://github.com/embedthis/goahead
See #5101
2015-04-13 10:46:47 -05:00
joev
2d3614f647
Implement x64 BSD exec and exe template.
...
- Fixes bug in CachedSize due to all options being set
- Adds new payload to payload_spec.
2015-04-12 12:17:25 -05:00
joev
ceadd1e6ec
Update osx x86 payload cached sizes to be accurate.
...
- Right now there is a bug in the payload_spec, which causes the payload's
datastore during the spec run to have things like 'PrependSetuid' => 'false',
where 'false' is a string, which means 'if (datastore['PrependSetuid'])'
branch will be taken, resulting in incorrect behavior.
2015-04-12 00:21:18 -05:00
joev
c132a3fb0a
Fix OSX prepends and implement x64 setreuid.
2015-04-11 20:04:21 -05:00
sinn3r
284ef5bbbb
Land #5112 , Nessus REST Login Module
2015-04-10 13:32:53 -05:00
joev
3313dac30f
Land #5119 , @wvu's addition of the OSX rootpipe privesc exploit.
...
orts
borts
2015-04-10 12:38:25 -05:00
sinn3r
4419c1c728
Land #5120 , Adobe Flash Player casi32 Integer Overflow
2015-04-10 12:18:11 -05:00
William Vu
e8e7a2a67a
Land #5122 , undefined "upload_path" fix
2015-04-10 11:30:50 -05:00
William Vu
fc814a17ae
Add admin check
...
Also break out version check.
2015-04-10 11:24:49 -05:00
William Vu
41885133d8
Refactor and clean
...
Finally breaking free of some stubborn old habits. :)
2015-04-10 11:22:27 -05:00
William Vu
a7601c1b9a
Use zsh to avoid dropping privs
...
Also add some configurable options.
2015-04-10 11:22:00 -05:00
William Vu
4cc6ac6eaa
Clarify vulnerable versions
2015-04-10 11:22:00 -05:00
William Vu
c4b7b32745
Add Rootpipe exploit
2015-04-10 11:22:00 -05:00
Jon Cave
b2b7da2dc5
Fix spelling of Microsoft in module name
2015-04-10 11:09:16 +01:00
Jon Cave
c6f062d49e
Ensure that local variable `upload_path` is defined
...
Merge `upload_payload` and `parse_upload_response` so that the
`upload_path` variable is defined for use in error messages in the event
of failure.
2015-04-10 10:58:20 +01:00
root
7810f3d9a3
Add previous nessus_xmlrpc_login file
2015-04-10 12:32:42 +05:00
root
bbbd4d3634
change name to keep both XML and REST modules
2015-04-10 12:20:43 +05:00
jvazquez-r7
91f5d0af5a
Add module for CVE-2014-0569
...
* Adobe flash, Integer overflow on casi32
2015-04-09 19:37:26 -05:00
root
b6e750d7eb
Nessus auxiliary scanner for updated REST API
2015-04-09 11:36:17 +05:00
William Vu
c9bf8f3140
Land #5105 , @joevennix's cable modem 0day
2015-04-08 16:09:46 -05:00
William Vu
831a59b10b
Fix whitespace
2015-04-08 16:09:28 -05:00
Tod Beardsley
52f1b95222
Add disclosure link
2015-04-08 16:07:33 -05:00
sinn3r
1bfda9e78f
Land #5101 , Add Directory Traversal for GoAhead Web Server
2015-04-08 15:30:23 -05:00
Brent Cook
e03f2df691
Land #5002 , RMI/JMX improvements
2015-04-08 15:23:29 -05:00
Tod Beardsley
7ed1655976
Adding module for R7-2015-01
...
Disclosure coming soon, will update this module with a pointer to the
correct reference.
2015-04-08 12:34:31 -05:00
Roberto Soares
dc14c770be
Changed the traversal variable to just one line
2015-04-08 02:26:59 -03:00
Roberto Soares
441042ed37
Removed the segments variable
2015-04-08 01:29:45 -03:00
Roberto Soares
d399d05383
Add Directory Traversal for GoAhead Web Server
2015-04-07 20:22:06 -03:00
OJ
9fd40870d0
Update http(s) generator functions
...
Methods now require a hash. I went with the hash because 1) that's what
we seem to use everywhere else, and 2) I couldn't get the new keyword
arguments working nicely with the block syntax (I'm clearly stupid).
2015-04-08 07:56:54 +10:00
OJ
8f58e08c13
Add support for stageless reverse_http payloads
...
This includes both x64 and x86.
2015-04-07 11:01:24 +10:00
OJ
38a77c930e
Land #5072 : Support and embed payload UUIDs
2015-04-07 10:10:36 +10:00
William Vu
7a2d3f5ebd
Land #5082 , firefox_proxy_prototype autopwn_info
2015-04-06 13:36:03 -05:00
William Vu
e1af495d21
Add extra release fixes
2015-04-06 13:08:40 -05:00
Tod Beardsley
b62011121b
Minor word choice fix on Solarwinds exploit
...
Removing the second person pronoun usage.
[See #5050 ]
2015-04-06 12:40:22 -05:00
Tod Beardsley
5be5b6097c
Minor grammar on #5030 , Adobe Flash
...
[See #5030 ]
2015-04-06 12:36:25 -05:00
Tod Beardsley
1e6d895975
Description fixes on #4784 , jboss exploit
...
Also, needed to run through msftidy.
[See #4784 ]
2015-04-06 12:34:49 -05:00
root
cd65e6f282
Add browser_autopwn info to firefox_proxy_prototype
2015-04-06 10:42:32 +05:00
HD Moore
78c73cc2a3
Update cached sizes with the new uri defaults
2015-04-05 22:11:12 -05:00
Jon Cave
7aceb9218e
Use bitwise OR to select both primary and backup DCs
...
SV_TYPE_DOMAIN_CTRL || SV_TYPE_DOMAIN_BAKCTRL returns
SV_TYPE_DOMAIN_CTRL rather than ORing the bits together.
2015-04-05 11:05:42 +01:00
HD Moore
c9696d3f6c
Merge in stageless/transport work, deconflict
2015-04-04 11:52:26 -07:00
William Vu
56dc7afea6
Land #5068 , @todb-r7's module author cleanup
2015-04-03 16:00:36 -05:00
jvazquez-r7
79b2a23dff
Land #5015 , @espreto file traversal scanner for RIPS
2015-04-03 15:35:58 -05:00
jvazquez-r7
ce6e5e12d8
Make depth an option
2015-04-03 15:33:27 -05:00
jvazquez-r7
70fad73092
Add metadata
2015-04-03 15:27:28 -05:00
jvazquez-r7
e3bbb7c297
Solve conflicts
2015-04-03 14:57:49 -05:00
jvazquez-r7
e729185804
Land #5051 , @nullbind's new options for mssql_enum_domain_accounts_sqli
2015-04-03 14:44:20 -05:00