jvazquez-r7
23ab702ec4
Land #5631 , @blincoln682F048A's module for Endian Firewall Proxy
...
* Exploit CVE-2015-5082
2015-09-04 16:28:32 -05:00
jvazquez-r7
2abfcd00b1
Use snake_case
2015-09-04 16:27:09 -05:00
jvazquez-r7
15aa5de991
Use Rex::MIME::Message
2015-09-04 16:26:53 -05:00
jvazquez-r7
adcd3c1e29
Use static max length
2015-09-04 16:18:55 -05:00
jvazquez-r7
1ebc25092f
Delete some comments
2015-09-04 16:18:15 -05:00
wchen-r7
da0752e8c2
use fail_with
2015-09-04 15:12:05 -05:00
wchen-r7
7ab506dc06
Use Msf::Post::Android::System#get_build_prop to get the android ver
...
Instead of grabbing the android version from the module, this
is done by the mixin.
2015-09-04 15:05:45 -05:00
Roberto Soares
cc405957db
Add some improvements
2015-09-04 16:02:30 -03:00
wchen-r7
5646f2e0c4
successful status should include last_attempted_at
2015-09-04 13:45:44 -05:00
wchen-r7
cf6d5fac2a
Use the latest cred API, no more report_auth_info
2015-09-04 13:43:15 -05:00
Roberto Soares
4531d17cab
Added the rest of the code
2015-09-04 15:37:42 -03:00
jvazquez-r7
eaf51a2113
Land #5722 , @vallejocc's busybox work
2015-09-04 13:36:44 -05:00
jvazquez-r7
5dd0cee36a
Add comment
2015-09-04 13:30:00 -05:00
Roberto Soares
b9ba12e42a
Added get_token method.
2015-09-04 15:27:28 -03:00
jvicente
2b2dec3531
Fixed typo direcotry.
2015-09-04 18:52:55 +02:00
jvazquez-r7
319bc2d750
Use downcase
2015-09-04 11:18:09 -05:00
Roberto Soares
6f4f8e34b4
Added method bolt_login.
2015-09-04 10:45:15 -03:00
wchen-r7
d55757350d
Use the latest credential API, no more report_auth_info
2015-09-04 03:04:14 -05:00
Roberto Soares
a195f5bb9e
Initial commit - Skeleton
2015-09-04 04:09:16 -03:00
jvazquez-r7
ef6df5bc26
Use get_target_arch
2015-09-03 16:30:46 -05:00
jvazquez-r7
2588439246
Add references for the win32k info leak
2015-09-03 15:35:41 -05:00
Brent Cook
e48bcb4e08
Land #5931 , tweak titles
2015-09-03 14:52:52 -05:00
James Lee
b2c401696b
Add certutil support.
...
Tested while landing #5736
2015-09-03 14:24:37 -05:00
James Lee
1e6a1f6d05
Revert "Fix spec like I shoulda done before landing #5736"
...
This reverts commit 956c8e550d
.
Conflicts:
spec/lib/rex/exploitation/cmdstager/certutil_spec.rb
2015-09-03 14:18:55 -05:00
James Lee
b4547711f3
Add certutil support.
...
Tested while landing #5736
2015-09-03 13:27:10 -05:00
jvazquez-r7
697a6cd335
Rescue the process execute
2015-09-03 13:03:36 -05:00
HD Moore
f0ef035a0b
Update the module titles to clarify what these do
2015-09-03 12:53:25 -05:00
HD Moore
630057e23f
Implement suggestions from the PR discussion
2015-09-03 12:42:51 -05:00
HD Moore
57c8038f07
Merge branch 'master' into land-5413
2015-09-03 12:38:19 -05:00
jvazquez-r7
80a1e32339
Set Manual Ranking
2015-09-03 12:24:45 -05:00
HD Moore
0f1530adc1
Merge branch 'master' into land-5412
2015-09-03 12:22:00 -05:00
HD Moore
6e4ae1238b
Land #5791 , show the VHOST in module output
2015-09-03 11:36:19 -05:00
HD Moore
b8eee4a9e4
Show the IP address if it doesn't match the VHOST
2015-09-03 11:35:38 -05:00
HD Moore
9b51352c62
Land #5639 , adds registry persistence
2015-09-03 11:26:38 -05:00
HD Moore
1b021464fe
Land #5919 , remove deprecated VMware modules & update resource script.
2015-09-03 10:23:48 -05:00
jvazquez-r7
dbe901915e
Improve version detection
2015-09-03 09:54:38 -05:00
jvazquez-r7
394b1155b2
Apply stager patch in master
2015-09-03 08:30:09 -05:00
Brent Cook
1440f31756
Land #5637 , resiliency improvements to TCP stagers
2015-09-02 22:50:12 -05:00
OJ
3fd9e0311c
Update payload sizes
2015-09-03 12:01:11 +10:00
jvazquez-r7
de25a6c23c
Add metadata
2015-09-02 18:32:45 -05:00
HD Moore
9f9bbce034
Land #5840 , add LLMNR & mDNS modules
2015-09-02 18:30:29 -05:00
HD Moore
0120e5c443
Cosmetic tweaks, don't report duplicate responses
2015-09-02 18:30:03 -05:00
jvazquez-r7
8f70ec8256
Fix Disclosure date
2015-09-02 18:21:36 -05:00
jvazquez-r7
b912e3ce65
Add exploit template
2015-09-02 17:28:35 -05:00
Jon Hart
42a2a86f32
Back out all changes to ms11_030_dnsapi
2015-09-02 13:53:10 -07:00
Jon Hart
6d1ab101ed
Back out all changes to llmnr_response
2015-09-02 13:52:38 -07:00
HD Moore
4090c2c8ea
Land #5880 , adds ScriptHost UAC bypass for Win7/2008
2015-09-02 14:14:18 -05:00
Meatballs
582cc795ac
Remove newlines
2015-09-02 19:42:04 +01:00
HD Moore
43d3e69fb2
Land #5917 , update local exploit checks
2015-09-02 12:55:45 -05:00
HD Moore
126fc9881e
Cleanup and tweaks
2015-09-02 12:48:53 -05:00
Jon Hart
3d04d53e3a
first pass at better output and report_service
2015-09-02 10:31:46 -07:00
JT
b89b6b653a
Update trace.rb
2015-09-03 01:26:45 +08:00
JT
73bf812dfd
Update trace.rb
...
removed the cookie
2015-09-03 00:35:23 +08:00
JT
5ecee6aaba
Update trace.rb
...
removed some spaces so that msftidy will be happy
2015-09-03 00:27:22 +08:00
JT
34e0819a6e
Modified the HTTP Trace Detection to XST Checker
...
This was suggested by HD Moore in https://github.com/rapid7/metasploit-framework/pull/5612
2015-09-03 00:19:08 +08:00
HD Moore
95b9208a63
Change recv to get_once to avoid indefinite hangs, cosmetic tweaks.
2015-09-02 10:30:19 -05:00
xistence
a81a9e0ef8
Added TIME_WAIT for GUI windows
2015-09-02 16:55:20 +07:00
Meatballs
8f25a006a8
Change to automatic target
2015-09-02 09:13:25 +01:00
Waqas Ali
8e993d7793
Remove deprecated vmware modules
2015-09-02 13:00:15 +05:00
wchen-r7
0c4b020089
Land #5913 , Add WP NextGEN Gallery Directory Traversal Vuln
2015-09-02 00:01:35 -05:00
wchen-r7
4275a65407
Update local exploit checks to follow the guidelines.
...
Please see wiki "How to write a check() method" to learn how
these checkcodes are determined.
2015-09-01 23:26:45 -05:00
HD Moore
347698e93f
Land #5915 , fix a warning with the regex
2015-09-01 23:08:01 -05:00
HD Moore
381297ba93
Fix the regex flags
2015-09-01 23:07:48 -05:00
Roberto Soares
626704079d
Changed output store_loot
2015-09-02 00:18:10 -03:00
Roberto Soares
96600a96ab
Changed html parse by @wchen-r7
2015-09-01 22:03:21 -03:00
Alexander Salmin
3c72467b7d
Fixes bug where "cert.rb:47: warning: flags ignored" happens due to some issuer patterns.
2015-09-02 01:02:46 +02:00
Brent Cook
56a1cfd9c8
updated cached payload sizes
2015-09-01 18:02:16 -05:00
Brent Cook
9dd14eb747
Merge branch 'upstream-master' into land-5899-android
2015-09-01 17:11:58 -05:00
Meatballs
27775fbe58
Restrict to 7 and 2k8
2015-09-01 22:23:37 +01:00
HD Moore
cd65478d29
Land #5826 , swap ExitFunction -> EXITFUNC
2015-09-01 13:58:12 -05:00
Roberto Soares
35661d0182
Add WP NextGEN Gallery Directory Traversal Vuln
2015-09-01 13:28:04 -03:00
Christian Mehlmauer
bfc24aea16
change exitfunc to thread
2015-09-01 10:52:25 +02:00
Christian Mehlmauer
115f409fef
change exitfunc to thread
2015-09-01 10:48:07 +02:00
Christian Mehlmauer
5398bf78eb
change exitfunc to thread
2015-09-01 10:46:54 +02:00
Christian Mehlmauer
3e613dc333
change exitfunc to thread
2015-09-01 10:43:45 +02:00
Christian Mehlmauer
648c034d17
change exitfunc to thread
2015-09-01 10:42:15 +02:00
James Lee
1b778d0650
Land #5898 , use gem version of php & python meterp
2015-08-31 16:16:36 -05:00
HD Moore
ff6fbfa738
Land #5895 , rework of ADSI modules
2015-08-31 14:10:41 -07:00
Brent Cook
d670a62000
Land #5822 , migrate obsolete payload compatibility options
2015-08-31 15:20:20 -05:00
Jon Hart
9a2696aed4
Add Reference
2015-08-31 12:03:17 -07:00
Jon Hart
c14cae1425
Make INTERNAL_PORT optional, allowing DELETE to work
2015-08-31 11:30:18 -07:00
Jon Hart
44813370d5
Better name, description and author
2015-08-31 10:42:50 -07:00
Jon Hart
8665134691
Add add/delete action. update logging. rename module again
2015-08-31 10:22:36 -07:00
Jon Hart
436910b25f
Clean up map description
2015-08-28 15:49:29 -07:00
Jon Hart
e6e05814d0
Use an OptAddress instead, revert back to client name
2015-08-28 15:43:04 -07:00
Jon Hart
66616eeb95
Remove unused
2015-08-28 15:38:23 -07:00
Jon Hart
35555f5f24
Make most everything configurable and provide useful output
2015-08-28 15:36:49 -07:00
Jon Hart
13dd8222ec
Expose lease duration as an option
2015-08-28 15:22:19 -07:00
Jon Hart
d57041136f
Use random port mapping description
2015-08-28 15:09:58 -07:00
Jon Hart
840be71683
Add support for specifying protocol
...
UDP is fun too. Are there others?
2015-08-28 14:53:41 -07:00
Jon Hart
45fde928fc
More minor style cleanup
2015-08-28 14:49:57 -07:00
Jon Hart
ba95a7d2ac
Convert to using HttpClient
2015-08-28 14:47:13 -07:00
Jon Hart
a0aaf93f27
Relocate module to more correct location
2015-08-28 14:20:33 -07:00
Jon Hart
45c2422981
First pass at style cleanup
2015-08-28 14:19:28 -07:00
Jon Hart
cba3650488
report_service for mdns/llmnr query
2015-08-28 14:04:52 -07:00
wchen-r7
0c7d2af6bc
Land #5750 , Add WP All In One Migration Export Module
2015-08-28 14:12:14 -05:00
wchen-r7
837b6a4f71
Update description
2015-08-28 14:11:51 -05:00
wchen-r7
d2e758ac8b
Better failure handling
2015-08-28 14:08:29 -05:00
wchen-r7
3d4cb06c67
Land #5807 , Added Module WP Mobile Pack Vuln
2015-08-28 13:43:00 -05:00
wchen-r7
9e7f6d6500
Typos
2015-08-28 13:42:37 -05:00
wchen-r7
9364982467
Land #5665 , Add osx rootpipe entitlements exploit for 10.10.3
2015-08-28 13:33:16 -05:00
jvazquez-r7
9c7f97d124
Fix methods name schema
2015-08-28 13:26:52 -05:00
wchen-r7
e45347e745
Explain why vulnerable
2015-08-28 13:26:01 -05:00
wchen-r7
423d52476d
Normal options should be all caps
2015-08-28 13:24:23 -05:00
jvazquez-r7
be7db10e7d
Fix busybox_write_file
2015-08-28 13:15:07 -05:00
jvazquez-r7
c4a3b4f18e
Add busy_box_file_exist?
2015-08-28 11:56:12 -05:00
wchen-r7
29e92aaabe
Land #5806 , WordPress Subscribe Comments File Read Vuln
2015-08-28 11:52:59 -05:00
wchen-r7
62e6b23b4c
Typo
2015-08-28 11:52:13 -05:00
jvazquez-r7
8faf6f9cd0
Fix require
2015-08-28 11:51:26 -05:00
jvazquez-r7
e62b117fda
Include mixin correctly
2015-08-28 11:50:17 -05:00
jvazquez-r7
132f5c6a20
Review jailbreak
2015-08-28 11:44:57 -05:00
jvazquez-r7
e7f486e43a
Review wget_exec
2015-08-28 11:24:41 -05:00
jvazquez-r7
edc9982c8b
Review smb_share_root
2015-08-28 11:18:49 -05:00
jvazquez-r7
c2639fc138
Review set_dns
2015-08-28 11:00:46 -05:00
jvazquez-r7
4523608bf7
Review set_dmz
2015-08-28 10:43:09 -05:00
Stuart Morgan
b59bc30160
Fixed stupid bracket error
2015-08-28 16:13:22 +01:00
jvazquez-r7
0e810aa8bc
Clean ping_net
2015-08-28 09:53:31 -05:00
Stuart Morgan
8bf815c4bb
rubocop
2015-08-28 15:39:02 +01:00
jvazquez-r7
42b342d615
Clean enum_hosts
2015-08-28 09:37:18 -05:00
jvazquez-r7
dfdb4fe044
Review enum_connections
2015-08-28 09:28:12 -05:00
jvazquez-r7
577656a78e
Change modules location
2015-08-28 09:17:23 -05:00
Stuart Morgan
b8b68983b0
Merge remote-tracking branch 'upstream/master' into adsi_group_enum_improvements
2015-08-28 15:11:27 +01:00
Stuart Morgan
f371a1c4fc
Added the ability to list AD groups by POST module
2015-08-28 15:10:48 +01:00
Stuart Morgan
8682ec77c5
Added group filtering to the enum_ad_users module
2015-08-28 15:10:27 +01:00
wchen-r7
e651f3f70e
Land #5886 , ensure disconnect in sid_brute.rb, method #do_sid_check
2015-08-27 17:53:55 -05:00
wchen-r7
11db9c2112
Land #5896 , Update ms15_004_tswbproxy to use a Reflective DLL
2015-08-27 17:11:26 -05:00
wchen-r7
e82bd10817
Add aux module to be able to open android meterpreter from a browser
2015-08-27 14:36:55 -05:00
Brent Cook
a8dd89cc0d
update cached payload sizes
2015-08-27 11:43:38 -05:00
Brent Cook
593f501571
finish move of php / python meterpreters to metasploit-payloads
2015-08-27 11:34:22 -05:00
Muhamad Fadzil Ramli
1b4f4fd225
remove url reference
2015-08-27 19:47:37 +08:00
HD Moore
a2d5511e39
Land #5379 , new post modules to load into powershell sessions
2015-08-26 17:11:40 -05:00
jvazquez-r7
da4b360202
Fix typo
2015-08-26 15:29:34 -05:00
jvazquez-r7
5d0ed797a3
Update DLL
2015-08-26 15:15:32 -05:00
jvazquez-r7
dd529013f6
Update ruby side
2015-08-26 15:12:09 -05:00
JT
ff868f9704
Update w3tw0rk_exec.rb
2015-08-26 23:51:09 +08:00
JT
3f6c04a445
Update w3tw0rk_exec.rb
2015-08-26 23:48:31 +08:00
JT
16341d34a2
Update w3tw0rk_exec.rb
2015-08-26 23:34:29 +08:00
JT
892f427664
Update w3tw0rk_exec.rb
...
removed w3tw0rk_login
2015-08-26 09:18:15 +08:00
JT
6edba2cdc8
Update w3tw0rk_exec.rb
2015-08-26 09:11:30 +08:00
Brent Cook
6c89d0997c
Land #5855 , android offline collection support
2015-08-25 17:44:51 -05:00
Brent Cook
ca8353e1aa
update to metasploit-payloads 1.0.9
2015-08-25 17:44:01 -05:00
JT
c77226c354
Update w3tw0rk_exec.rb
2015-08-26 01:28:07 +08:00
JT
25fb325410
w3tw0rk / Pitbul IRC Bot Remote Code Execution
2015-08-26 01:22:55 +08:00
jvazquez-r7
8785083722
Ensure disconnect
2015-08-24 12:36:15 -05:00
Brent Cook
5633c1431f
Land #5821 , add explicit 64-bit pointer support to enum_cred_store
2015-08-24 09:44:36 -05:00
Brent Cook
2860ecdfaf
Land #5876 , fixup format for storing ssh banners
2015-08-24 09:35:52 -05:00
Brent Cook
b1ef560264
Merge payload_inject 64-bit inject fix from @Meatballs1
2015-08-24 09:26:00 -05:00
Muhamad Fadzil Ramli
03b1ad7491
add reference info
2015-08-24 11:18:26 +08:00
Muhamad Fadzil Ramli
73cb1383d2
amend banner info for check
2015-08-24 10:55:43 +08:00
Meatballs
1c91b126f1
X64 compat for payload_inject
2015-08-23 22:03:57 +01:00
Meatballs
228087dced
Initial working scripthost bypass uac
2015-08-23 20:16:15 +01:00
Muhamad Fadzil Ramli
7587319602
run rubocop & msftidy
2015-08-23 23:32:30 +08:00
Muhamad Fadzil Ramli
a5daa5c9be
added module descriptions
2015-08-23 23:12:41 +08:00
Muhamad Fadzil Ramli
91a7531af8
konica minolta ftp server post auth cwd command exploit
2015-08-23 21:49:26 +08:00
jvicente
b37efd29b0
Modified module busybox_pingnet.rb to avoid sending an ash script but executing each ping command separately. Added some fixes. Modified spec file for busybox.rb.
2015-08-23 12:17:17 +02:00
wchen-r7
fb2adb2e51
Check blank bullprop, also better instructions for the user.
2015-08-23 02:20:51 -05:00
wchen-r7
0f3e96b457
Merge branch 'upstream-master' into pr5416
2015-08-22 22:10:56 -05:00
wchen-r7
b99f5bc672
Land #5874 , Consistency and API conformance changes to LES
2015-08-22 21:57:24 -05:00
HD Moore
1e6c53b430
Correct the storage of ssh banners in service.info
2015-08-22 01:21:15 -05:00
jvazquez-r7
1558fabdb2
Land #5844 , @joevennix updates apple_safari_webarchive_uxss to use the webarchive mixin
2015-08-21 17:27:56 -05:00
HD Moore
d264802ce0
Consistency and API conformance changes to LES
2015-08-21 12:38:58 -05:00
wchen-r7
4a91dfdcf5
Land #5873 , report_note for local_exploit_suggester
2015-08-20 17:52:33 -05:00
Mo Sadek
b20a283617
Added report_note to suggester
2015-08-20 13:57:16 -05:00
wchen-r7
dc1e7e02b6
Land #5853 , Firefox 35-36 RCE one-click exploi
2015-08-20 13:27:21 -05:00
wchen-r7
45c7e4760a
Support x64 payloads
2015-08-20 02:09:58 -05:00
jvazquez-r7
182c1bc7fe
Disconnect socket when login fails
2015-08-17 18:20:04 -05:00
Brent Cook
6b94513a37
Land #5860 , add tpwn OS X local kernel exploit ( https://github.com/kpwn/tpwn )
2015-08-17 17:41:04 -05:00
William Vu
26165ea93f
Add tpwn module
2015-08-17 17:11:11 -05:00
Brent Cook
b17d8f8d49
Land #5768 , update modules to use metasploit-credential
2015-08-17 17:08:58 -05:00
jvicente
a9ad7b7c6f
Modifications to use cmd_exec instead of session.shell_write.
...
Refactoring of common functions to a new Post mixin /lib/msf/core/post/linux/busybox.rb.
2015-08-17 18:24:22 +02:00
jvazquez-r7
a5bed0198a
Use each_char
2015-08-17 11:08:40 -05:00
jvazquez-r7
e7433b81bd
Reuse architecture check
2015-08-17 10:28:10 -05:00
Brent Cook
5dd015150c
Land #5748 , refactor google geolocate, add wlan_geolocate and send_sms to android meterpreter
2015-08-16 10:58:17 -05:00
benpturner
8800d89424
Updated to reflect HD's comments on indents and name of local script.
2015-08-16 10:47:20 +01:00
joev
98e2d074c3
Add disclosure date.
2015-08-15 20:09:41 -05:00
joev
a133e98ba5
Adds a ff 35-36 RCE vector based off the recent ff bug.
2015-08-15 20:02:00 -05:00
Brent Cook
9720e8e081
normalize osx to darwin so python meterp works
2015-08-15 19:49:55 -05:00
Brent Cook
422bba87d3
style fixes, moved google_geolocate to google/geolocate
2015-08-15 19:49:32 -05:00
HD Moore
42e08cbe07
Fix bad use of get_profile (now browser_profile)
2015-08-14 19:50:42 -05:00
jvazquez-r7
c02df6b39d
Land #5800 , @bperry's Symantec Endpoint Protection Manager RCE module
2015-08-14 17:03:48 -05:00
jvazquez-r7
b33abd72ce
Complete description
2015-08-14 17:03:21 -05:00
jvazquez-r7
4aa3be7ba2
Do ruby fixing and use FileDropper
2015-08-14 17:00:27 -05:00
jvazquez-r7
ddb7224160
Land #5847 , @todb-r7 on behalf of anonymous contributor, exploit for FF CVE-2015-4495
...
* To exfiltrate arbitrary files
* Tested successfully on linux
2015-08-14 14:57:28 -05:00
jvazquez-r7
a560496455
Do minor ruby style fixes
2015-08-14 14:50:03 -05:00
jvazquez-r7
82193f11e7
Minor js fixes
2015-08-14 14:45:48 -05:00
Brent Cook
0a4651a553
Land #5359 , add PuTTY session enumeration module
2015-08-14 13:20:05 -05:00
jvazquez-r7
b908f41b0f
Land #5838 , @bcook-r7's fixes for paylaod cached sizes
2015-08-14 12:39:58 -05:00
Tod Beardsley
e4cb6872f2
Add exploit for CVE-2015-4495, Firefox PDF.js
2015-08-14 12:07:15 -05:00
Brent Cook
6b1e911041
Instantiate payload modules so parameter validation occurs
...
Calling .new on payload modules does not perform parameter validation, leading
to a number cached sizes based on invalid parameters. Most notably,
normalization does not occur either, which makes all OptBool params default to
true.
2015-08-14 11:35:39 -05:00
Stuart Morgan
ee7c418ca8
Rubocop and msftidy-ied :-)
2015-08-14 17:19:07 +01:00
Stuart Morgan
02a58d459b
Merge remote-tracking branch 'upstream/master' into pageant_extension
2015-08-14 17:05:38 +01:00
Stuart Morgan
e2b6c11a3e
Update
2015-08-14 16:24:52 +01:00
joev
0615d908c4
Update description to explain quarantine effects.
2015-08-13 23:46:37 -05:00
joev
84144bf6cf
Update webarchive_uxss to use the webarchive mixin.
...
- Fixes extension installation to use a new window, not an iframe
- Steals the entire cookie file
- Removes cache poisoning scripts, which no longer seem to work
2015-08-13 23:41:27 -05:00
Spencer McIntyre
33f1324fa9
Land #5813 , @jakxx adds VideoCharge SEH file exploit
2015-08-13 18:01:25 -04:00
jakxx
e9d3289c23
EXITFUNC caps
2015-08-13 17:25:31 -04:00
jakxx
6e1c714b2b
Update to leverage auto-NOP generation
2015-08-13 17:24:18 -04:00
jakxx
361624161b
msftidy
2015-08-13 16:27:27 -04:00
jakxx
03eb2d71b2
Add watermark fileformat exploit
2015-08-13 16:26:17 -04:00
William Vu
f19186adda
Land #5841 , homm3_h3m default target change
2015-08-13 14:54:58 -05:00
Tod Beardsley
02c6ea31bb
Use the more recent HD version as default target
2015-08-13 14:42:21 -05:00
Christian Mehlmauer
80a22412d9
use EXITFUNC instead of ExitFunction
2015-08-13 21:22:32 +02:00
William Vu
605a14350f
Land #5833 , sshexec improvements
2015-08-13 14:16:22 -05:00
William Vu
3bd6c4cee4
Add a comma
2015-08-13 14:16:09 -05:00
Mo Sadek
677ec341dd
Land #5839 , pre-bloggery cleanup edits
2015-08-13 13:43:57 -05:00
William Vu
c94a185610
Land #5697 , Werkzeug debug RCE
2015-08-13 13:32:27 -05:00
William Vu
d54ee19ce9
Clean up module
2015-08-13 13:32:22 -05:00
Jon Hart
61e23ad23e
Switch back to ::Net::DNS::Packet.new
2015-08-13 11:29:56 -07:00
Jon Hart
9f2c62d4ce
Use query_name instead of datastore
2015-08-13 11:17:27 -07:00
Tod Beardsley
bb4116ed9d
Avoid msftidy.rb rule breaking on missing newline
2015-08-13 12:38:05 -05:00
Tod Beardsley
50041fad2a
Pre-Bloggery cleanup
...
Edited modules/auxiliary/gather/lansweeper_collector.rb first landed in
and minor description word choice changes.
Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
options. Also removed from the description the missing options of
'WhiteList' and 'RealList' -- those don't appear to be available
according to `show options` and `show advanced`, @wchen-r7.
Edited modules/post/multi/recon/local_exploit_suggester.rb first landed
in #5823 , mv local_exploit_{suggestor,suggester} for minor description
cleanup and axing the description of the SHOWDESCRIPTION option (it's
already described identically on the option itself).
2015-08-13 12:33:04 -05:00
Jon Hart
3a7cea51b4
Merge master and fix Net::DNS::RR merge conflicts
2015-08-13 08:53:25 -07:00
jakxx
e7566d6aee
Adding print_status line
2015-08-12 16:08:04 -04:00
Spencer McIntyre
28fbb7cdde
Update the description of the sshexec module
2015-08-12 16:05:09 -04:00
Spencer McIntyre
dfe2bbf1e9
Add a python target to the sshexec module
2015-08-12 15:46:47 -04:00
Christian Mehlmauer
979d7e6be3
improve module
2015-08-12 15:37:37 +02:00
jakxx
2b225b2e7e
Added changes per feedback
...
Updated to include and use seh mixin
changed offset and space for reliability
got rand_text buffer junk working
removed double spaces and stupid fillers in file data
2015-08-12 01:34:45 -04:00
William Vu
80f415074b
Land #5823 , mv local_exploit_{suggestor,suggester}
2015-08-11 13:52:55 -05:00
Mo Sadek
7f0d992914
Fixed name typo
2015-08-11 11:51:52 -05:00
jakxx
4c28cae5d1
updated to include recommendation from @zerosteiner
2015-08-10 18:38:23 -04:00
jvazquez-r7
203c231b74
Fix #5659 : Update CMD exploits payload compatibility options
2015-08-10 17:12:59 -05:00
jvazquez-r7
76f6312fab
Fix #3916 Support 64 bits targets on enum_cred_store
2015-08-10 15:16:12 -05:00
jvicente
5ff61ca5f3
Added modules to jailbreak and control remotely BusyBox based devices. It was added to a word list with default credentials typically used by commercial routers.
2015-08-10 18:29:41 +02:00
jvazquez-r7
a611fff7bf
Use Rex::ThreadSafe.select on CVE-2015-1793
2015-08-08 07:43:39 -07:00
jvazquez-r7
c8ba5bb90c
Land #5513 , @rcvalle's exploit for incomplete internal state distinction in JSSE
2015-08-08 07:41:53 -07:00
jvazquez-r7
2707b3b402
Use Rex::ThreadSafe.select
2015-08-08 07:40:19 -07:00
jvazquez-r7
a0eef3880a
Initialize version local variable
2015-08-08 07:35:37 -07:00
jvazquez-r7
bb74b6fecb
Fix data reading
2015-08-08 07:18:01 -07:00
jakxx
23f51bf265
specify junk data
2015-08-07 18:04:11 -04:00
jakxx
28ad0fccbd
Added VideoCharge Studio File Format Exploit
2015-08-07 15:54:32 -04:00
jvazquez-r7
6fe7672732
Improve Rex sockets usage
2015-08-07 00:11:58 -07:00
Josh Abraham
e96717950c
refactored
2015-08-06 08:18:26 -04:00
jvazquez-r7
67f661823a
Land #5614 , @cldrn's module to collect lansweeper credentials
2015-08-04 16:55:49 -05:00
jvazquez-r7
ed3f993b75
Do some style fixes
2015-08-04 16:41:15 -05:00
jvazquez-r7
0e3434ebad
Fix metadata
2015-08-04 16:28:50 -05:00
Roberto Soares
7bb4f9479f
Added new reference and removed empty line.
2015-08-04 03:58:57 -03:00
Roberto Soares
d9b6e9cc58
Changed res condition and some words.
2015-08-04 03:44:25 -03:00
Roberto Soares
19ceccd93a
Added JSON parse output.
2015-08-04 03:13:11 -03:00
Roberto Soares
f4679f5341
Added WP Mobile Pack Info Disclosure Vuln - Functional Module.
2015-08-04 02:21:26 -03:00
Roberto Soares
d221e9d961
Added more references.
2015-08-03 02:46:54 -03:00
Roberto Soares
e59e4828e4
Removed unnecessary DEPTH option.
2015-08-02 22:56:17 -03:00
Roberto Soares
514849bcdc
Added WP Subscribe Comments File Read Vuln - Functional.
2015-08-02 21:24:52 -03:00
Brandon Perry
74ed8cf0c9
actually that didn't work
2015-08-02 18:57:13 -05:00
Brandon Perry
06754c36a4
unless, not if not
2015-08-02 18:51:23 -05:00
Brandon Perry
527eaea6ec
single quotes and some error handling
2015-08-02 18:25:17 -05:00
Brandon Perry
a33724667c
small code cleanup
2015-08-02 16:36:41 -05:00
Brandon Perry
830aee8aa5
check if cookie is actually returned, and if not, fail
2015-08-02 15:22:40 -05:00
Brandon Perry
a534008ba6
add some status lines
2015-08-02 15:03:59 -05:00
Brandon Perry
fe20bc88ad
remove badchars
2015-08-02 11:37:06 -05:00
Brandon Perry
f7ceec36d0
set default RPORT and SSL
2015-08-02 08:59:36 -05:00
Brandon Perry
a33dff637d
exploit cve 2015-1489 to get SYSTEM
2015-08-02 08:31:03 -05:00
Brandon Perry
12ac6d81fa
add markus as the discoverer specifically
2015-08-02 08:17:12 -05:00
Brandon Perry
e70ec8c07b
no need to store res for the later requests
2015-08-01 18:00:35 -05:00
Brandon Perry
272d75e437
check res before calling get_cookies
2015-08-01 17:58:41 -05:00
Meatballs
6f31183904
Fix VSS Persistance to check integrity level
2015-08-01 23:13:05 +01:00
Brandon Perry
47e86000ee
randomize the file names
2015-08-01 16:50:06 -05:00
Brandon Perry
2bfc8e59be
remove printline
2015-08-01 16:43:31 -05:00
Brandon Perry
0067d25180
add the sepm auth bypass rce module
2015-08-01 16:40:03 -05:00
Meatballs
a6a8117e46
Revert "Land #5777 , fix #4558 vss_persistence"
...
This reverts commit ba4b2fbbea
, reversing
changes made to affc86bfd9
.
2015-08-01 22:35:24 +01:00
Meatballs
c197e5224d
Store loot
2015-08-01 20:52:25 +01:00
Meatballs
deb6f5638e
Update WinSCP Gather
...
* Refactor parsing to common library to support command line tool
* Look in APPDATA not just ProgramFiles
* Iterate over user APPDATA
2015-08-01 20:44:14 +01:00
h00die
eab9b3bf5b
interpolation fix on secret
2015-08-01 14:39:12 -04:00
Tod Beardsley
cebcf72a99
Add discoverer credit, blog ref, longer desc
2015-08-01 10:31:41 -05:00
h00die
ceb49a51a6
thanks @espreto for help
2015-08-01 11:11:37 -04:00
William Vu
fcb7981199
Add BIND TKEY DoS
2015-08-01 06:01:35 -05:00
wchen-r7
ba4b2fbbea
Land #5777 , fix #4558 vss_persistence
2015-07-31 16:46:01 -05:00
jvazquez-r7
1ec960d8f9
Make the time to write flush configurable
2015-07-31 16:43:43 -05:00
Brent Cook
affc86bfd9
Land #5779 , make cachedump / lsa_secrets work on 64-bit windows
2015-07-31 16:25:47 -05:00
wchen-r7
672d83eaae
Land #5789 , Heroes of Might and Magic III .h3m Map File Buffer Overflow
2015-07-31 15:43:43 -05:00
aakerblom
7c5e5f0f22
add crc32 forging for Heroes III demo target
2015-08-01 04:53:49 -07:00
aakerblom
7af83a112d
fix unreliable address
2015-08-01 04:52:50 -07:00
aakerblom
908d6f946f
added target Heroes III Demo 1.0.0.0
2015-07-31 18:19:37 -07:00
aakerblom
16042cd45b
fix variable names in comment
2015-07-31 18:16:15 -07:00
aakerblom
66c92aae5d
fix documentation
2015-07-31 17:12:50 -07:00
aakerblom
6fdd2f91ce
rescue only Errno::ENOENT
2015-07-31 13:54:29 -07:00
aakerblom
6671df6672
add documentation
2015-07-31 13:53:56 -07:00
aakerblom
013201bd99
remove unneeded require
2015-07-31 13:49:27 -07:00
wchen-r7
629afd86fc
Land #5788 , local exploit suggestor
...
Good luck getting Mr. Robot, Elliot.
2015-07-31 11:43:53 -05:00
William Vu
8e2e5d9bef
Land #5793 , s/OSVBD/OSVDB/
2015-07-31 10:20:45 -05:00
aakerblom
12a6bdb67b
Add Heroes of Might and Magic III .h3m map file Buffer Overflow module
2015-07-31 02:06:47 -07:00
aakerblom
d4c8d5884c
Fix a small typo
2015-07-31 11:47:46 -07:00
Roberto Soares
fdb2b008f9
Fix a small typo - OSVDB instead of OSVBD.
2015-07-31 02:23:19 -03:00
wchen-r7
34279776a6
Minor edit
2015-07-30 18:40:41 -05:00
wchen-r7
fc4fdba482
Merge branch 'suggestor' of https://github.com/MSadek-r7/metasploit-framework into pr5788
2015-07-30 18:31:49 -05:00
wchen-r7
08338b73b2
Add get_target_arch and get_target_os
...
We cannot use session.platform to fingerprint the target's platform
and arch, because it's not really meant to be used that way.
2015-07-30 18:26:41 -05:00
Greg Mikeska
3c394d673d
altered module to default
...
to replace RHOST with VHOST if it is defined.
MSP-11167
2015-07-30 16:25:15 -05:00
Mo Sadek
af55ef7352
Added session.present?
2015-07-30 10:10:42 -05:00
Mo Sadek
7aa78dfd4e
Revamped os, platform, arch detection. Added count for exploits being tried
2015-07-30 09:36:02 -05:00
Mo Sadek
1521c8f87e
Reworded to no suggestions available
2015-07-29 17:40:27 -05:00
Mo Sadek
66489202fc
Added error message if no exploits are found
2015-07-29 17:31:23 -05:00
Mo Sadek
b58c6248fe
Fixed ShowDescription bug
2015-07-29 16:52:06 -05:00
Mo Sadek
2cddfda0a0
wchen-r7's fixes, fixed indentation, removed newlines, added desc.
2015-07-29 16:13:50 -05:00
wchen-r7
54c5c6ea38
Another update
2015-07-29 14:31:35 -05:00
William Vu
61b2ca6675
Land #5781 , Msf::Format::Webarchive rename
2015-07-29 13:38:42 -05:00
Mo Sadek
c725f74d46
Add Local Exploit Suggestor
...
Resolve #5647
2015-07-29 13:19:51 -05:00
William Vu
55d395d237
Land #5785 , @todb-r7's sticky_keys fixes
2015-07-29 12:54:27 -05:00
Tod Beardsley
a342a9db10
Another sticky keys ref, from @carnal0wnage
2015-07-29 12:32:38 -05:00
Tod Beardsley
8043e5a88e
Add a reference to the sticky keys exploit
2015-07-29 12:31:43 -05:00
Tod Beardsley
ee66cadde2
Don't use bullet points in descriptions
...
They never render correctly in anything other than a text editor.
modules/post/windows/manage/sticky_keys.rb first landed in #5760 ,
Sticky Keys post module
2015-07-29 12:29:09 -05:00
William Vu
e6a932eadb
Land #5778 , final cmdstager generic payload fix
2015-07-29 11:48:01 -05:00
William Vu
ff9b975576
Land #5701 , @g0tmi1k's filezilla_server refactor
2015-07-29 11:13:22 -05:00
jvazquez-r7
e966545e08
Fix mask
2015-07-29 09:13:37 -05:00
g0tmi1k
38e952ba07
Python -> Ruby
2015-07-29 10:55:28 +01:00
William Vu
c46ce6c391
Land #5780 , password_prompt fix for Telnet scanner
2015-07-28 17:54:43 -05:00
Josh Abraham
0f4b2e4226
description update
2015-07-28 15:31:51 -04:00
Josh Abraham
27e5557b67
set port using rport instead of only 445
2015-07-28 15:29:23 -04:00
Josh Abraham
fafbc4db3f
GPP enumeration via an AUX module
2015-07-28 15:21:33 -04:00
kn0
2415072c17
Replaced 'and' with '&&'
2015-07-28 14:14:25 -05:00
kn0
ee5e5b1e71
Fixed NoMethodError for .match on nil
2015-07-28 09:03:54 -05:00
HD Moore
7681d73e01
Relocate Webarchive into the Exploit namespace, fixes #5717
2015-07-28 04:11:17 -07:00
Brent Cook
e53419a911
use password_prompt? not @password_prompt
2015-07-27 19:21:59 -05:00
jvazquez-r7
ab7ffb1a08
Fich cachedump
2015-07-27 17:26:53 -05:00
jvazquez-r7
704c8cadd9
Fix lsa_secrets
2015-07-27 16:19:01 -05:00
wchen-r7
768de00214
Automatically pass arch & platform from cmdstager
...
This allows the cmdstager mixin to automatically pass the arch
and platform information without changing the modules. This should
address the following tickets:
Fix #5727
Fix #5718
Fix #5761
2015-07-27 14:17:21 -05:00
jvazquez-r7
bf6975c01a
Fix #4558 by restoring the old wmicexec
2015-07-27 14:04:10 -05:00
Fabien
3fd18e4844
Update soap_addportmapping.rb
2015-07-26 21:57:49 +02:00
Fabien
1210183930
Update soap_addportmapping.rb
2015-07-26 21:41:47 +02:00
Fabien
8dbd51ae38
Update soap_addportmapping.rb
2015-07-26 20:59:43 +02:00
Fabien
fba81fc539
Create soap_addportmapping.rb
2015-07-26 20:59:04 +02:00
wchen-r7
2d0a26ea8b
Land #5774 , Fix URIPATH=/ and stack trace on missing ntdll version match
2015-07-25 17:54:49 -05:00
HD Moore
a7b5890dc5
Fix URIPATH=/ and stack trace on missing ntdll version match
2015-07-25 15:39:20 -07:00
h00die
4561241609
updates per @jvazquez-r7 comments
2015-07-24 20:34:40 -04:00
Brent Cook
347f48b0ec
Land #5762 , adjust PHP stager to work in and outside of eval()
2015-07-24 17:43:26 -05:00
Brent Cook
c30127cfe8
Land #5729 , add user-agent list, MeterpreterUserAgent derives from this
...
Later PRs will convert modules to use this. A random user agent might be nice
for meterpreter actually.
2015-07-24 17:39:30 -05:00
jvazquez-r7
e231664b97
Land #5746 , @pedrib's Fix sysaid rdslogs file upload on Linux
2015-07-24 16:15:13 -05:00
jvazquez-r7
2c9183fa56
Return check code
2015-07-24 16:14:43 -05:00
jvazquez-r7
18636e3b9b
Land #5739 , @wchen-r7 fixes #5738 updating L/URI HOST/PORT options
2015-07-24 15:45:31 -05:00
jvazquez-r7
a163606513
Delete unused SLEEP option
2015-07-24 15:29:56 -05:00
jvazquez-r7
1b1ac09d2a
Merge to solve conflicts
2015-07-24 15:24:29 -05:00
jvazquez-r7
ec7bf606c6
Land #5735 , @rcvalle's for CVE-2015-1793 OpenSSL mitm
2015-07-24 14:38:27 -05:00
jvazquez-r7
45b4334006
Use Rex::Socket::SslTcpServer
...
* Also add rex sockets managing
2015-07-24 11:16:09 -05:00
William Vu
eb8f5c0880
Land #5771 , moved vmessage nil fix
2015-07-24 11:03:45 -05:00
William Vu
10783d60cd
Land #5763 , generate_payload_exe merged opts fix
2015-07-24 10:56:29 -05:00
wchen-r7
866a99ed07
This is better
2015-07-23 20:51:21 -05:00
wchen-r7
f5387ab3f2
Fix #5766 , check res for send_request_raw
...
Fix #5766
2015-07-23 20:49:18 -05:00
wchen-r7
8bead5fde2
Modate update on using metasploit-credential
...
Update some more modules to usethe new cred API.
Also, make sure to always provide proof because that seems handy.
2015-07-23 18:07:19 -05:00
jvazquez-r7
218201b925
Land #5767 , @todb-r7's fix for ZDI reference
2015-07-23 17:28:53 -05:00
William Vu
4dd2c31b44
Land #5760 , Sticky Keys post module
2015-07-23 17:12:31 -05:00
William Vu
06ed7ba574
Add a comma
2015-07-23 17:12:17 -05:00
Tod Beardsley
e32b3c71f4
Fix ZDI ref on sandbox escape module
2015-07-23 17:11:19 -05:00
OJ
ebdbb179ce
Last of the style fixes
2015-07-24 08:09:25 +10:00
OJ
db7fadfc36
Fix indentation
2015-07-24 08:08:01 +10:00
OJ
616e1ddd68
Change enum to action, a couple of tidies
2015-07-24 08:01:58 +10:00
Samuel Huckins
a818dc4460
Land #5657 , misc fixes to domain_hashdump
2015-07-23 16:58:46 -05:00
OJ
e60f590f09
Add DisplaySwitch.exe support with WINDOWS+P
...
As per @mubix's request.
2015-07-24 07:20:31 +10:00
wchen-r7
91fc213ddf
More metasploit-credential update
2015-07-23 15:50:50 -05:00
William Vu
50c9293aab
Land #5758 , OS X DYLD_PRINT_TO_FILE privesc
2015-07-23 13:21:23 -05:00
William Vu
c1a9628332
Fix some fixes
...
So you can fix while you fix.
2015-07-23 12:59:20 -05:00
Tod Beardsley
6ededbd7a7
Un-ticking the output
2015-07-23 12:23:56 -05:00
Tod Beardsley
9d8dd2f8bd
FIxup pr #5758
2015-07-23 12:21:36 -05:00