wchen-r7
9364982467
Land #5665 , Add osx rootpipe entitlements exploit for 10.10.3
2015-08-28 13:33:16 -05:00
jvazquez-r7
9c7f97d124
Fix methods name schema
2015-08-28 13:26:52 -05:00
wchen-r7
e45347e745
Explain why vulnerable
2015-08-28 13:26:01 -05:00
wchen-r7
423d52476d
Normal options should be all caps
2015-08-28 13:24:23 -05:00
jvazquez-r7
be7db10e7d
Fix busybox_write_file
2015-08-28 13:15:07 -05:00
jvazquez-r7
c4a3b4f18e
Add busy_box_file_exist?
2015-08-28 11:56:12 -05:00
wchen-r7
29e92aaabe
Land #5806 , WordPress Subscribe Comments File Read Vuln
2015-08-28 11:52:59 -05:00
wchen-r7
62e6b23b4c
Typo
2015-08-28 11:52:13 -05:00
jvazquez-r7
8faf6f9cd0
Fix require
2015-08-28 11:51:26 -05:00
jvazquez-r7
e62b117fda
Include mixin correctly
2015-08-28 11:50:17 -05:00
jvazquez-r7
132f5c6a20
Review jailbreak
2015-08-28 11:44:57 -05:00
jvazquez-r7
e7f486e43a
Review wget_exec
2015-08-28 11:24:41 -05:00
jvazquez-r7
edc9982c8b
Review smb_share_root
2015-08-28 11:18:49 -05:00
jvazquez-r7
c2639fc138
Review set_dns
2015-08-28 11:00:46 -05:00
jvazquez-r7
4523608bf7
Review set_dmz
2015-08-28 10:43:09 -05:00
Stuart Morgan
b59bc30160
Fixed stupid bracket error
2015-08-28 16:13:22 +01:00
jvazquez-r7
0e810aa8bc
Clean ping_net
2015-08-28 09:53:31 -05:00
Stuart Morgan
8bf815c4bb
rubocop
2015-08-28 15:39:02 +01:00
jvazquez-r7
42b342d615
Clean enum_hosts
2015-08-28 09:37:18 -05:00
jvazquez-r7
dfdb4fe044
Review enum_connections
2015-08-28 09:28:12 -05:00
jvazquez-r7
577656a78e
Change modules location
2015-08-28 09:17:23 -05:00
Stuart Morgan
b8b68983b0
Merge remote-tracking branch 'upstream/master' into adsi_group_enum_improvements
2015-08-28 15:11:27 +01:00
Stuart Morgan
f371a1c4fc
Added the ability to list AD groups by POST module
2015-08-28 15:10:48 +01:00
Stuart Morgan
8682ec77c5
Added group filtering to the enum_ad_users module
2015-08-28 15:10:27 +01:00
wchen-r7
e651f3f70e
Land #5886 , ensure disconnect in sid_brute.rb, method #do_sid_check
2015-08-27 17:53:55 -05:00
wchen-r7
11db9c2112
Land #5896 , Update ms15_004_tswbproxy to use a Reflective DLL
2015-08-27 17:11:26 -05:00
wchen-r7
e82bd10817
Add aux module to be able to open android meterpreter from a browser
2015-08-27 14:36:55 -05:00
Brent Cook
a8dd89cc0d
update cached payload sizes
2015-08-27 11:43:38 -05:00
Brent Cook
593f501571
finish move of php / python meterpreters to metasploit-payloads
2015-08-27 11:34:22 -05:00
Muhamad Fadzil Ramli
1b4f4fd225
remove url reference
2015-08-27 19:47:37 +08:00
HD Moore
a2d5511e39
Land #5379 , new post modules to load into powershell sessions
2015-08-26 17:11:40 -05:00
jvazquez-r7
da4b360202
Fix typo
2015-08-26 15:29:34 -05:00
jvazquez-r7
5d0ed797a3
Update DLL
2015-08-26 15:15:32 -05:00
jvazquez-r7
dd529013f6
Update ruby side
2015-08-26 15:12:09 -05:00
JT
ff868f9704
Update w3tw0rk_exec.rb
2015-08-26 23:51:09 +08:00
JT
3f6c04a445
Update w3tw0rk_exec.rb
2015-08-26 23:48:31 +08:00
JT
16341d34a2
Update w3tw0rk_exec.rb
2015-08-26 23:34:29 +08:00
JT
892f427664
Update w3tw0rk_exec.rb
...
removed w3tw0rk_login
2015-08-26 09:18:15 +08:00
JT
6edba2cdc8
Update w3tw0rk_exec.rb
2015-08-26 09:11:30 +08:00
Brent Cook
6c89d0997c
Land #5855 , android offline collection support
2015-08-25 17:44:51 -05:00
Brent Cook
ca8353e1aa
update to metasploit-payloads 1.0.9
2015-08-25 17:44:01 -05:00
JT
c77226c354
Update w3tw0rk_exec.rb
2015-08-26 01:28:07 +08:00
JT
25fb325410
w3tw0rk / Pitbul IRC Bot Remote Code Execution
2015-08-26 01:22:55 +08:00
jvazquez-r7
8785083722
Ensure disconnect
2015-08-24 12:36:15 -05:00
Brent Cook
5633c1431f
Land #5821 , add explicit 64-bit pointer support to enum_cred_store
2015-08-24 09:44:36 -05:00
Brent Cook
2860ecdfaf
Land #5876 , fixup format for storing ssh banners
2015-08-24 09:35:52 -05:00
Brent Cook
b1ef560264
Merge payload_inject 64-bit inject fix from @Meatballs1
2015-08-24 09:26:00 -05:00
Muhamad Fadzil Ramli
03b1ad7491
add reference info
2015-08-24 11:18:26 +08:00
Muhamad Fadzil Ramli
73cb1383d2
amend banner info for check
2015-08-24 10:55:43 +08:00
Meatballs
1c91b126f1
X64 compat for payload_inject
2015-08-23 22:03:57 +01:00
Meatballs
228087dced
Initial working scripthost bypass uac
2015-08-23 20:16:15 +01:00
Muhamad Fadzil Ramli
7587319602
run rubocop & msftidy
2015-08-23 23:32:30 +08:00
Muhamad Fadzil Ramli
a5daa5c9be
added module descriptions
2015-08-23 23:12:41 +08:00
Muhamad Fadzil Ramli
91a7531af8
konica minolta ftp server post auth cwd command exploit
2015-08-23 21:49:26 +08:00
jvicente
b37efd29b0
Modified module busybox_pingnet.rb to avoid sending an ash script but executing each ping command separately. Added some fixes. Modified spec file for busybox.rb.
2015-08-23 12:17:17 +02:00
wchen-r7
fb2adb2e51
Check blank bullprop, also better instructions for the user.
2015-08-23 02:20:51 -05:00
wchen-r7
0f3e96b457
Merge branch 'upstream-master' into pr5416
2015-08-22 22:10:56 -05:00
wchen-r7
b99f5bc672
Land #5874 , Consistency and API conformance changes to LES
2015-08-22 21:57:24 -05:00
HD Moore
1e6c53b430
Correct the storage of ssh banners in service.info
2015-08-22 01:21:15 -05:00
jvazquez-r7
1558fabdb2
Land #5844 , @joevennix updates apple_safari_webarchive_uxss to use the webarchive mixin
2015-08-21 17:27:56 -05:00
HD Moore
d264802ce0
Consistency and API conformance changes to LES
2015-08-21 12:38:58 -05:00
wchen-r7
4a91dfdcf5
Land #5873 , report_note for local_exploit_suggester
2015-08-20 17:52:33 -05:00
Mo Sadek
b20a283617
Added report_note to suggester
2015-08-20 13:57:16 -05:00
wchen-r7
dc1e7e02b6
Land #5853 , Firefox 35-36 RCE one-click exploi
2015-08-20 13:27:21 -05:00
wchen-r7
45c7e4760a
Support x64 payloads
2015-08-20 02:09:58 -05:00
jvazquez-r7
182c1bc7fe
Disconnect socket when login fails
2015-08-17 18:20:04 -05:00
Brent Cook
6b94513a37
Land #5860 , add tpwn OS X local kernel exploit ( https://github.com/kpwn/tpwn )
2015-08-17 17:41:04 -05:00
William Vu
26165ea93f
Add tpwn module
2015-08-17 17:11:11 -05:00
Brent Cook
b17d8f8d49
Land #5768 , update modules to use metasploit-credential
2015-08-17 17:08:58 -05:00
jvicente
a9ad7b7c6f
Modifications to use cmd_exec instead of session.shell_write.
...
Refactoring of common functions to a new Post mixin /lib/msf/core/post/linux/busybox.rb.
2015-08-17 18:24:22 +02:00
jvazquez-r7
a5bed0198a
Use each_char
2015-08-17 11:08:40 -05:00
jvazquez-r7
e7433b81bd
Reuse architecture check
2015-08-17 10:28:10 -05:00
Brent Cook
5dd015150c
Land #5748 , refactor google geolocate, add wlan_geolocate and send_sms to android meterpreter
2015-08-16 10:58:17 -05:00
benpturner
8800d89424
Updated to reflect HD's comments on indents and name of local script.
2015-08-16 10:47:20 +01:00
joev
98e2d074c3
Add disclosure date.
2015-08-15 20:09:41 -05:00
joev
a133e98ba5
Adds a ff 35-36 RCE vector based off the recent ff bug.
2015-08-15 20:02:00 -05:00
Brent Cook
9720e8e081
normalize osx to darwin so python meterp works
2015-08-15 19:49:55 -05:00
Brent Cook
422bba87d3
style fixes, moved google_geolocate to google/geolocate
2015-08-15 19:49:32 -05:00
HD Moore
42e08cbe07
Fix bad use of get_profile (now browser_profile)
2015-08-14 19:50:42 -05:00
jvazquez-r7
c02df6b39d
Land #5800 , @bperry's Symantec Endpoint Protection Manager RCE module
2015-08-14 17:03:48 -05:00
jvazquez-r7
b33abd72ce
Complete description
2015-08-14 17:03:21 -05:00
jvazquez-r7
4aa3be7ba2
Do ruby fixing and use FileDropper
2015-08-14 17:00:27 -05:00
jvazquez-r7
ddb7224160
Land #5847 , @todb-r7 on behalf of anonymous contributor, exploit for FF CVE-2015-4495
...
* To exfiltrate arbitrary files
* Tested successfully on linux
2015-08-14 14:57:28 -05:00
jvazquez-r7
a560496455
Do minor ruby style fixes
2015-08-14 14:50:03 -05:00
jvazquez-r7
82193f11e7
Minor js fixes
2015-08-14 14:45:48 -05:00
Brent Cook
0a4651a553
Land #5359 , add PuTTY session enumeration module
2015-08-14 13:20:05 -05:00
jvazquez-r7
b908f41b0f
Land #5838 , @bcook-r7's fixes for paylaod cached sizes
2015-08-14 12:39:58 -05:00
Tod Beardsley
e4cb6872f2
Add exploit for CVE-2015-4495, Firefox PDF.js
2015-08-14 12:07:15 -05:00
Brent Cook
6b1e911041
Instantiate payload modules so parameter validation occurs
...
Calling .new on payload modules does not perform parameter validation, leading
to a number cached sizes based on invalid parameters. Most notably,
normalization does not occur either, which makes all OptBool params default to
true.
2015-08-14 11:35:39 -05:00
Stuart Morgan
ee7c418ca8
Rubocop and msftidy-ied :-)
2015-08-14 17:19:07 +01:00
Stuart Morgan
02a58d459b
Merge remote-tracking branch 'upstream/master' into pageant_extension
2015-08-14 17:05:38 +01:00
Stuart Morgan
e2b6c11a3e
Update
2015-08-14 16:24:52 +01:00
joev
0615d908c4
Update description to explain quarantine effects.
2015-08-13 23:46:37 -05:00
joev
84144bf6cf
Update webarchive_uxss to use the webarchive mixin.
...
- Fixes extension installation to use a new window, not an iframe
- Steals the entire cookie file
- Removes cache poisoning scripts, which no longer seem to work
2015-08-13 23:41:27 -05:00
Spencer McIntyre
33f1324fa9
Land #5813 , @jakxx adds VideoCharge SEH file exploit
2015-08-13 18:01:25 -04:00
jakxx
e9d3289c23
EXITFUNC caps
2015-08-13 17:25:31 -04:00
jakxx
6e1c714b2b
Update to leverage auto-NOP generation
2015-08-13 17:24:18 -04:00
jakxx
361624161b
msftidy
2015-08-13 16:27:27 -04:00
jakxx
03eb2d71b2
Add watermark fileformat exploit
2015-08-13 16:26:17 -04:00
William Vu
f19186adda
Land #5841 , homm3_h3m default target change
2015-08-13 14:54:58 -05:00
Tod Beardsley
02c6ea31bb
Use the more recent HD version as default target
2015-08-13 14:42:21 -05:00
Christian Mehlmauer
80a22412d9
use EXITFUNC instead of ExitFunction
2015-08-13 21:22:32 +02:00
William Vu
605a14350f
Land #5833 , sshexec improvements
2015-08-13 14:16:22 -05:00
William Vu
3bd6c4cee4
Add a comma
2015-08-13 14:16:09 -05:00
Mo Sadek
677ec341dd
Land #5839 , pre-bloggery cleanup edits
2015-08-13 13:43:57 -05:00
William Vu
c94a185610
Land #5697 , Werkzeug debug RCE
2015-08-13 13:32:27 -05:00
William Vu
d54ee19ce9
Clean up module
2015-08-13 13:32:22 -05:00
Jon Hart
61e23ad23e
Switch back to ::Net::DNS::Packet.new
2015-08-13 11:29:56 -07:00
Jon Hart
9f2c62d4ce
Use query_name instead of datastore
2015-08-13 11:17:27 -07:00
Tod Beardsley
bb4116ed9d
Avoid msftidy.rb rule breaking on missing newline
2015-08-13 12:38:05 -05:00
Tod Beardsley
50041fad2a
Pre-Bloggery cleanup
...
Edited modules/auxiliary/gather/lansweeper_collector.rb first landed in
and minor description word choice changes.
Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
options. Also removed from the description the missing options of
'WhiteList' and 'RealList' -- those don't appear to be available
according to `show options` and `show advanced`, @wchen-r7.
Edited modules/post/multi/recon/local_exploit_suggester.rb first landed
in #5823 , mv local_exploit_{suggestor,suggester} for minor description
cleanup and axing the description of the SHOWDESCRIPTION option (it's
already described identically on the option itself).
2015-08-13 12:33:04 -05:00
Jon Hart
3a7cea51b4
Merge master and fix Net::DNS::RR merge conflicts
2015-08-13 08:53:25 -07:00
jakxx
e7566d6aee
Adding print_status line
2015-08-12 16:08:04 -04:00
Spencer McIntyre
28fbb7cdde
Update the description of the sshexec module
2015-08-12 16:05:09 -04:00
Spencer McIntyre
dfe2bbf1e9
Add a python target to the sshexec module
2015-08-12 15:46:47 -04:00
Christian Mehlmauer
979d7e6be3
improve module
2015-08-12 15:37:37 +02:00
jakxx
2b225b2e7e
Added changes per feedback
...
Updated to include and use seh mixin
changed offset and space for reliability
got rand_text buffer junk working
removed double spaces and stupid fillers in file data
2015-08-12 01:34:45 -04:00
William Vu
80f415074b
Land #5823 , mv local_exploit_{suggestor,suggester}
2015-08-11 13:52:55 -05:00
Mo Sadek
7f0d992914
Fixed name typo
2015-08-11 11:51:52 -05:00
jakxx
4c28cae5d1
updated to include recommendation from @zerosteiner
2015-08-10 18:38:23 -04:00
jvazquez-r7
203c231b74
Fix #5659 : Update CMD exploits payload compatibility options
2015-08-10 17:12:59 -05:00
jvazquez-r7
76f6312fab
Fix #3916 Support 64 bits targets on enum_cred_store
2015-08-10 15:16:12 -05:00
jvicente
5ff61ca5f3
Added modules to jailbreak and control remotely BusyBox based devices. It was added to a word list with default credentials typically used by commercial routers.
2015-08-10 18:29:41 +02:00
jvazquez-r7
a611fff7bf
Use Rex::ThreadSafe.select on CVE-2015-1793
2015-08-08 07:43:39 -07:00
jvazquez-r7
c8ba5bb90c
Land #5513 , @rcvalle's exploit for incomplete internal state distinction in JSSE
2015-08-08 07:41:53 -07:00
jvazquez-r7
2707b3b402
Use Rex::ThreadSafe.select
2015-08-08 07:40:19 -07:00
jvazquez-r7
a0eef3880a
Initialize version local variable
2015-08-08 07:35:37 -07:00
jvazquez-r7
bb74b6fecb
Fix data reading
2015-08-08 07:18:01 -07:00
jakxx
23f51bf265
specify junk data
2015-08-07 18:04:11 -04:00
jakxx
28ad0fccbd
Added VideoCharge Studio File Format Exploit
2015-08-07 15:54:32 -04:00
jvazquez-r7
6fe7672732
Improve Rex sockets usage
2015-08-07 00:11:58 -07:00
Josh Abraham
e96717950c
refactored
2015-08-06 08:18:26 -04:00
jvazquez-r7
67f661823a
Land #5614 , @cldrn's module to collect lansweeper credentials
2015-08-04 16:55:49 -05:00
jvazquez-r7
ed3f993b75
Do some style fixes
2015-08-04 16:41:15 -05:00
jvazquez-r7
0e3434ebad
Fix metadata
2015-08-04 16:28:50 -05:00
Roberto Soares
7bb4f9479f
Added new reference and removed empty line.
2015-08-04 03:58:57 -03:00
Roberto Soares
d9b6e9cc58
Changed res condition and some words.
2015-08-04 03:44:25 -03:00
Roberto Soares
19ceccd93a
Added JSON parse output.
2015-08-04 03:13:11 -03:00
Roberto Soares
f4679f5341
Added WP Mobile Pack Info Disclosure Vuln - Functional Module.
2015-08-04 02:21:26 -03:00
Roberto Soares
d221e9d961
Added more references.
2015-08-03 02:46:54 -03:00
Roberto Soares
e59e4828e4
Removed unnecessary DEPTH option.
2015-08-02 22:56:17 -03:00
Roberto Soares
514849bcdc
Added WP Subscribe Comments File Read Vuln - Functional.
2015-08-02 21:24:52 -03:00
Brandon Perry
74ed8cf0c9
actually that didn't work
2015-08-02 18:57:13 -05:00
Brandon Perry
06754c36a4
unless, not if not
2015-08-02 18:51:23 -05:00
Brandon Perry
527eaea6ec
single quotes and some error handling
2015-08-02 18:25:17 -05:00
Brandon Perry
a33724667c
small code cleanup
2015-08-02 16:36:41 -05:00
Brandon Perry
830aee8aa5
check if cookie is actually returned, and if not, fail
2015-08-02 15:22:40 -05:00
Brandon Perry
a534008ba6
add some status lines
2015-08-02 15:03:59 -05:00
Brandon Perry
fe20bc88ad
remove badchars
2015-08-02 11:37:06 -05:00
Brandon Perry
f7ceec36d0
set default RPORT and SSL
2015-08-02 08:59:36 -05:00
Brandon Perry
a33dff637d
exploit cve 2015-1489 to get SYSTEM
2015-08-02 08:31:03 -05:00
Brandon Perry
12ac6d81fa
add markus as the discoverer specifically
2015-08-02 08:17:12 -05:00
Brandon Perry
e70ec8c07b
no need to store res for the later requests
2015-08-01 18:00:35 -05:00
Brandon Perry
272d75e437
check res before calling get_cookies
2015-08-01 17:58:41 -05:00
Meatballs
6f31183904
Fix VSS Persistance to check integrity level
2015-08-01 23:13:05 +01:00
Brandon Perry
47e86000ee
randomize the file names
2015-08-01 16:50:06 -05:00
Brandon Perry
2bfc8e59be
remove printline
2015-08-01 16:43:31 -05:00
Brandon Perry
0067d25180
add the sepm auth bypass rce module
2015-08-01 16:40:03 -05:00
Meatballs
a6a8117e46
Revert "Land #5777 , fix #4558 vss_persistence"
...
This reverts commit ba4b2fbbea
, reversing
changes made to affc86bfd9
.
2015-08-01 22:35:24 +01:00
Meatballs
c197e5224d
Store loot
2015-08-01 20:52:25 +01:00
Meatballs
deb6f5638e
Update WinSCP Gather
...
* Refactor parsing to common library to support command line tool
* Look in APPDATA not just ProgramFiles
* Iterate over user APPDATA
2015-08-01 20:44:14 +01:00
h00die
eab9b3bf5b
interpolation fix on secret
2015-08-01 14:39:12 -04:00
Tod Beardsley
cebcf72a99
Add discoverer credit, blog ref, longer desc
2015-08-01 10:31:41 -05:00
h00die
ceb49a51a6
thanks @espreto for help
2015-08-01 11:11:37 -04:00
William Vu
fcb7981199
Add BIND TKEY DoS
2015-08-01 06:01:35 -05:00
wchen-r7
ba4b2fbbea
Land #5777 , fix #4558 vss_persistence
2015-07-31 16:46:01 -05:00
jvazquez-r7
1ec960d8f9
Make the time to write flush configurable
2015-07-31 16:43:43 -05:00
Brent Cook
affc86bfd9
Land #5779 , make cachedump / lsa_secrets work on 64-bit windows
2015-07-31 16:25:47 -05:00
wchen-r7
672d83eaae
Land #5789 , Heroes of Might and Magic III .h3m Map File Buffer Overflow
2015-07-31 15:43:43 -05:00
aakerblom
7c5e5f0f22
add crc32 forging for Heroes III demo target
2015-08-01 04:53:49 -07:00
aakerblom
7af83a112d
fix unreliable address
2015-08-01 04:52:50 -07:00
aakerblom
908d6f946f
added target Heroes III Demo 1.0.0.0
2015-07-31 18:19:37 -07:00
aakerblom
16042cd45b
fix variable names in comment
2015-07-31 18:16:15 -07:00
aakerblom
66c92aae5d
fix documentation
2015-07-31 17:12:50 -07:00
aakerblom
6fdd2f91ce
rescue only Errno::ENOENT
2015-07-31 13:54:29 -07:00
aakerblom
6671df6672
add documentation
2015-07-31 13:53:56 -07:00
aakerblom
013201bd99
remove unneeded require
2015-07-31 13:49:27 -07:00
wchen-r7
629afd86fc
Land #5788 , local exploit suggestor
...
Good luck getting Mr. Robot, Elliot.
2015-07-31 11:43:53 -05:00
William Vu
8e2e5d9bef
Land #5793 , s/OSVBD/OSVDB/
2015-07-31 10:20:45 -05:00
aakerblom
12a6bdb67b
Add Heroes of Might and Magic III .h3m map file Buffer Overflow module
2015-07-31 02:06:47 -07:00
aakerblom
d4c8d5884c
Fix a small typo
2015-07-31 11:47:46 -07:00
Roberto Soares
fdb2b008f9
Fix a small typo - OSVDB instead of OSVBD.
2015-07-31 02:23:19 -03:00
wchen-r7
34279776a6
Minor edit
2015-07-30 18:40:41 -05:00
wchen-r7
fc4fdba482
Merge branch 'suggestor' of https://github.com/MSadek-r7/metasploit-framework into pr5788
2015-07-30 18:31:49 -05:00
wchen-r7
08338b73b2
Add get_target_arch and get_target_os
...
We cannot use session.platform to fingerprint the target's platform
and arch, because it's not really meant to be used that way.
2015-07-30 18:26:41 -05:00
Greg Mikeska
3c394d673d
altered module to default
...
to replace RHOST with VHOST if it is defined.
MSP-11167
2015-07-30 16:25:15 -05:00
Mo Sadek
af55ef7352
Added session.present?
2015-07-30 10:10:42 -05:00
Mo Sadek
7aa78dfd4e
Revamped os, platform, arch detection. Added count for exploits being tried
2015-07-30 09:36:02 -05:00
Mo Sadek
1521c8f87e
Reworded to no suggestions available
2015-07-29 17:40:27 -05:00
Mo Sadek
66489202fc
Added error message if no exploits are found
2015-07-29 17:31:23 -05:00
Mo Sadek
b58c6248fe
Fixed ShowDescription bug
2015-07-29 16:52:06 -05:00
Mo Sadek
2cddfda0a0
wchen-r7's fixes, fixed indentation, removed newlines, added desc.
2015-07-29 16:13:50 -05:00
wchen-r7
54c5c6ea38
Another update
2015-07-29 14:31:35 -05:00
William Vu
61b2ca6675
Land #5781 , Msf::Format::Webarchive rename
2015-07-29 13:38:42 -05:00
Mo Sadek
c725f74d46
Add Local Exploit Suggestor
...
Resolve #5647
2015-07-29 13:19:51 -05:00
William Vu
55d395d237
Land #5785 , @todb-r7's sticky_keys fixes
2015-07-29 12:54:27 -05:00
Tod Beardsley
a342a9db10
Another sticky keys ref, from @carnal0wnage
2015-07-29 12:32:38 -05:00
Tod Beardsley
8043e5a88e
Add a reference to the sticky keys exploit
2015-07-29 12:31:43 -05:00
Tod Beardsley
ee66cadde2
Don't use bullet points in descriptions
...
They never render correctly in anything other than a text editor.
modules/post/windows/manage/sticky_keys.rb first landed in #5760 ,
Sticky Keys post module
2015-07-29 12:29:09 -05:00
William Vu
e6a932eadb
Land #5778 , final cmdstager generic payload fix
2015-07-29 11:48:01 -05:00
William Vu
ff9b975576
Land #5701 , @g0tmi1k's filezilla_server refactor
2015-07-29 11:13:22 -05:00
jvazquez-r7
e966545e08
Fix mask
2015-07-29 09:13:37 -05:00
g0tmi1k
38e952ba07
Python -> Ruby
2015-07-29 10:55:28 +01:00
William Vu
c46ce6c391
Land #5780 , password_prompt fix for Telnet scanner
2015-07-28 17:54:43 -05:00
Josh Abraham
0f4b2e4226
description update
2015-07-28 15:31:51 -04:00
Josh Abraham
27e5557b67
set port using rport instead of only 445
2015-07-28 15:29:23 -04:00
Josh Abraham
fafbc4db3f
GPP enumeration via an AUX module
2015-07-28 15:21:33 -04:00
kn0
2415072c17
Replaced 'and' with '&&'
2015-07-28 14:14:25 -05:00
kn0
ee5e5b1e71
Fixed NoMethodError for .match on nil
2015-07-28 09:03:54 -05:00
HD Moore
7681d73e01
Relocate Webarchive into the Exploit namespace, fixes #5717
2015-07-28 04:11:17 -07:00
Brent Cook
e53419a911
use password_prompt? not @password_prompt
2015-07-27 19:21:59 -05:00
jvazquez-r7
ab7ffb1a08
Fich cachedump
2015-07-27 17:26:53 -05:00
jvazquez-r7
704c8cadd9
Fix lsa_secrets
2015-07-27 16:19:01 -05:00
wchen-r7
768de00214
Automatically pass arch & platform from cmdstager
...
This allows the cmdstager mixin to automatically pass the arch
and platform information without changing the modules. This should
address the following tickets:
Fix #5727
Fix #5718
Fix #5761
2015-07-27 14:17:21 -05:00
jvazquez-r7
bf6975c01a
Fix #4558 by restoring the old wmicexec
2015-07-27 14:04:10 -05:00
Fabien
3fd18e4844
Update soap_addportmapping.rb
2015-07-26 21:57:49 +02:00
Fabien
1210183930
Update soap_addportmapping.rb
2015-07-26 21:41:47 +02:00
Fabien
8dbd51ae38
Update soap_addportmapping.rb
2015-07-26 20:59:43 +02:00
Fabien
fba81fc539
Create soap_addportmapping.rb
2015-07-26 20:59:04 +02:00
wchen-r7
2d0a26ea8b
Land #5774 , Fix URIPATH=/ and stack trace on missing ntdll version match
2015-07-25 17:54:49 -05:00
HD Moore
a7b5890dc5
Fix URIPATH=/ and stack trace on missing ntdll version match
2015-07-25 15:39:20 -07:00
h00die
4561241609
updates per @jvazquez-r7 comments
2015-07-24 20:34:40 -04:00
Brent Cook
347f48b0ec
Land #5762 , adjust PHP stager to work in and outside of eval()
2015-07-24 17:43:26 -05:00
Brent Cook
c30127cfe8
Land #5729 , add user-agent list, MeterpreterUserAgent derives from this
...
Later PRs will convert modules to use this. A random user agent might be nice
for meterpreter actually.
2015-07-24 17:39:30 -05:00
jvazquez-r7
e231664b97
Land #5746 , @pedrib's Fix sysaid rdslogs file upload on Linux
2015-07-24 16:15:13 -05:00
jvazquez-r7
2c9183fa56
Return check code
2015-07-24 16:14:43 -05:00
jvazquez-r7
18636e3b9b
Land #5739 , @wchen-r7 fixes #5738 updating L/URI HOST/PORT options
2015-07-24 15:45:31 -05:00
jvazquez-r7
a163606513
Delete unused SLEEP option
2015-07-24 15:29:56 -05:00
jvazquez-r7
1b1ac09d2a
Merge to solve conflicts
2015-07-24 15:24:29 -05:00
jvazquez-r7
ec7bf606c6
Land #5735 , @rcvalle's for CVE-2015-1793 OpenSSL mitm
2015-07-24 14:38:27 -05:00
jvazquez-r7
45b4334006
Use Rex::Socket::SslTcpServer
...
* Also add rex sockets managing
2015-07-24 11:16:09 -05:00
William Vu
eb8f5c0880
Land #5771 , moved vmessage nil fix
2015-07-24 11:03:45 -05:00
William Vu
10783d60cd
Land #5763 , generate_payload_exe merged opts fix
2015-07-24 10:56:29 -05:00
wchen-r7
866a99ed07
This is better
2015-07-23 20:51:21 -05:00
wchen-r7
f5387ab3f2
Fix #5766 , check res for send_request_raw
...
Fix #5766
2015-07-23 20:49:18 -05:00
wchen-r7
8bead5fde2
Modate update on using metasploit-credential
...
Update some more modules to usethe new cred API.
Also, make sure to always provide proof because that seems handy.
2015-07-23 18:07:19 -05:00
jvazquez-r7
218201b925
Land #5767 , @todb-r7's fix for ZDI reference
2015-07-23 17:28:53 -05:00
William Vu
4dd2c31b44
Land #5760 , Sticky Keys post module
2015-07-23 17:12:31 -05:00
William Vu
06ed7ba574
Add a comma
2015-07-23 17:12:17 -05:00
Tod Beardsley
e32b3c71f4
Fix ZDI ref on sandbox escape module
2015-07-23 17:11:19 -05:00
OJ
ebdbb179ce
Last of the style fixes
2015-07-24 08:09:25 +10:00
OJ
db7fadfc36
Fix indentation
2015-07-24 08:08:01 +10:00
OJ
616e1ddd68
Change enum to action, a couple of tidies
2015-07-24 08:01:58 +10:00
Samuel Huckins
a818dc4460
Land #5657 , misc fixes to domain_hashdump
2015-07-23 16:58:46 -05:00
OJ
e60f590f09
Add DisplaySwitch.exe support with WINDOWS+P
...
As per @mubix's request.
2015-07-24 07:20:31 +10:00
wchen-r7
91fc213ddf
More metasploit-credential update
2015-07-23 15:50:50 -05:00
William Vu
50c9293aab
Land #5758 , OS X DYLD_PRINT_TO_FILE privesc
2015-07-23 13:21:23 -05:00
William Vu
c1a9628332
Fix some fixes
...
So you can fix while you fix.
2015-07-23 12:59:20 -05:00
Tod Beardsley
6ededbd7a7
Un-ticking the output
2015-07-23 12:23:56 -05:00
Tod Beardsley
9d8dd2f8bd
FIxup pr #5758
2015-07-23 12:21:36 -05:00
wchen-r7
6720a57659
Fix #5761 , pass the correct arch and platform for exe generation
...
Fix #5761
2015-07-23 01:34:44 -05:00
OJ
728e9b19ec
Update payload cached sizes
2015-07-23 15:15:13 +10:00
OJ
1dd765d6e6
Remove trailing spaces
2015-07-23 13:17:34 +10:00
OJ
0f2692f24f
Fix up silly mistake with `fail_with`
2015-07-23 13:14:35 +10:00
OJ
691b13ebd8
Add the sticky_keys module
2015-07-23 12:53:47 +10:00
Christian Sanders
50074c4617
Fix typo .blank to .blank?
2015-07-22 09:05:16 -05:00
wchen-r7
4561850055
Use metasploit-credential API instead of report_auth_info
2015-07-22 01:11:43 -05:00
joev
165cb195bf
Remove python dependency, add credit URL.
2015-07-21 22:48:23 -05:00
joev
3013ab4724
Add osx root privilege escalation.
2015-07-21 21:50:55 -05:00
OJ
121fe1adda
Land #5654 : Python Meterpreter Transport
2015-07-22 10:39:06 +10:00
rastating
d3f31fb56a
Fix msftidy results
2015-07-21 21:29:44 +01:00
rastating
55be2eff06
Replace return with fail_with
2015-07-21 21:25:42 +01:00
William Vu
928c82c96e
Land #5745 , undefined variable "rop" fix
2015-07-21 11:01:49 -05:00
James Lee
52e4f45ecd
Use the new thing in wlan_geolocate
2015-07-20 20:24:07 -05:00
James Lee
d6e12d431f
Style and whitespace
2015-07-20 19:40:25 -05:00
wchen-r7
6a9c934c54
Resolve conflict
2015-07-20 18:44:17 -05:00
wchen-r7
1e17ac4ec7
Use the cred API correctly
2015-07-20 18:40:48 -05:00
Tod Beardsley
cadb03bac0
Fix my own blasted typo, ty @wvu-r7
2015-07-20 17:14:34 -05:00
Tod Beardsley
2052b4ef56
Fixed the HT leak attribution a little
2015-07-20 16:36:47 -05:00
Tod Beardsley
f7c11d0852
More cleanups
...
Edited modules/exploits/multi/browser/adobe_flash_hacking_team_uaf.rb
first landed in #5678 , adobe_flash_hacking_team_uaf.rb
Edited
modules/exploits/multi/browser/adobe_flash_opaque_background_uaf.rb
first landed in #5698 , Adobe Flash CVE-2015-5122 opaqueBackground
Edited modules/exploits/multi/http/sysaid_auth_file_upload.rb first
landed in #5471 , @pedrib's module for SysAid CVE-2015-2994
Edited modules/exploits/multi/http/sysaid_rdslogs_file_upload.rb first
landed in #5473 Correct spelling of sysaid module
2015-07-20 16:29:49 -05:00
Tod Beardsley
f94fe3cefd
More correct URL, not just a bare wiki link
...
Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
2015-07-20 16:23:29 -05:00
Tod Beardsley
ab6204ca2e
Correct spelling of sysaid module
...
First landed in #5473 .
2015-07-20 16:21:50 -05:00
Tod Beardsley
4cacbcc4f7
Minor fixups on sysaid modules
...
Edited modules/auxiliary/admin/http/sysaid_file_download.rb first landed
in #5472 , @pedrib's module for SysAid CVE-2015-2996 and CVE-2015-2997
Edited modules/auxiliary/admin/http/sysaid_sql_creds.rb first landed in
2015-07-20 16:19:21 -05:00
rastating
c63fdad1f1
Add URL reference
2015-07-20 18:15:17 +01:00
rastating
f1a909c292
Add WP All In One Migration export module
2015-07-20 18:13:32 +01:00
Pedro Ribeiro
3fe165a265
Remove whitespace at the end
2015-07-18 20:18:34 +01:00
Pedro Ribeiro
70a2247941
Pick target is not needed...
2015-07-18 20:12:49 +01:00
Pedro Ribeiro
7483e77bba
Fix Linux target by trying again if exploit fails
2015-07-18 20:12:13 +01:00
wchen-r7
29defc979b
Fix #5740 , remove variable ROP for adobe_flashplayer_flash10o
2015-07-17 16:57:37 -05:00
wchen-r7
7113c801b1
Land #5732 , reliability update for adobe_flash_hacking_team_uaf
2015-07-17 16:43:39 -05:00
wchen-r7
837eb9ea38
Land #5742 , better quality coverage for adobe_flash_opaque_background_uaf
2015-07-17 16:25:14 -05:00
wchen-r7
f77f7d6916
Bump rank
2015-07-17 16:23:27 -05:00
wchen-r7
0bd1dc017e
Update coverage information
2015-07-17 16:23:00 -05:00
wchen-r7
115fb04be0
Land #5730 , port killav script as a post module
2015-07-17 13:47:58 -05:00
wchen-r7
425a9dc266
credit OJ
2015-07-17 13:47:17 -05:00
wchen-r7
663bcbe53b
Avoid checking these system process names
2015-07-17 13:46:02 -05:00
jvazquez-r7
454dd59da8
Add vuln discoverers
2015-07-17 13:37:30 -05:00
jvazquez-r7
29718ce4e1
Land #5474 , @pedrib's module for sysaid CVE-2015-2996 and CVE-2015-2998
...
* sysaid SQL database cred disclosure
2015-07-17 12:36:48 -05:00
jvazquez-r7
a54b58fc24
Fix port parsing and cleanup
2015-07-17 12:34:46 -05:00
jvazquez-r7
4e6b00fe31
Land #5473 , @pedrib's exploit for Sysaid CVE-2015-2994
...
* sysaid rdslogs arbitrary file upload
2015-07-17 12:10:40 -05:00
jvazquez-r7
00adbd7f64
Fix quotes
2015-07-17 12:09:54 -05:00
jvazquez-r7
57c4a3387b
Fix paths for windows and cleanup
2015-07-17 12:09:18 -05:00
jvazquez-r7
869ac87b64
Land #5472 , @pedrib's module for SysAid CVE-2015-2996 and CVE-2015-2997
...
* SysAid arbitrary file download
2015-07-17 11:46:00 -05:00
jvazquez-r7
9ac1688eb1
Do code cleanup
2015-07-17 11:45:28 -05:00
jvazquez-r7
46ffb97c1c
Land #5471 , @pedrib's module for SysAid CVE-2015-2994
...
* sysaid arbitrary file upload
2015-07-17 11:27:22 -05:00
jvazquez-r7
309a86ec57
Do code cleanup
2015-07-17 11:26:54 -05:00
jvazquez-r7
787c0e2c41
Land #5470 , @pedrib's module for SysAid CVE-2015-2993
...
* SysAid Help Desk Administrator Account Creation
2015-07-17 11:09:08 -05:00
jvazquez-r7
ca38fc5518
Update description
2015-07-17 11:08:28 -05:00
jvazquez-r7
255d8ed096
Improve adobe_flash_opaque_background_uaf
2015-07-16 14:56:32 -05:00
Ramon de C Valle
449c751521
Add missing info
2015-07-16 09:36:18 -07:00
wchen-r7
8d0e34dbc0
Resolve #5738 , make the LHOST option visible
...
Resolve #5738
2015-07-16 11:00:15 -05:00
OJ
e1b1db9f88
Fix stupid typo
2015-07-16 23:03:49 +10:00
Ramon de C Valle
5d6c15a43d
Add openssl_altchainsforgery_mitm_proxy.rb
...
This module exploits a logic error in OpenSSL by impersonating the
server and sending a specially-crafted chain of certificates, resulting
in certain checks on untrusted certificates to be bypassed on the
client, allowing it to use a valid leaf certificate as a CA certificate
to sign a fake certificate. The SSL/TLS session is then proxied to the
server allowing the session to continue normally and application data
transmitted between the peers to be saved. This module requires an
active man-in-the-middle attack.
2015-07-15 22:36:29 -07:00
OJ
986463e489
Fix killav post module, handle errors, better output
2015-07-16 11:35:01 +10:00
Marc-Andre Meloche
2735c035b5
fixed issues as requested.
...
fixed.
2015-07-15 20:36:19 -04:00
Marc-Andre Meloche
579fb5fb1f
Fixed
...
Fixed
2015-07-15 20:09:42 -04:00
Marc-Andre Meloche
c762e9e8d6
Fixed as requested.
...
I added the possibility to read from file, instead of modifying the module each time.
2015-07-15 20:02:18 -04:00
jvazquez-r7
b504f0be8e
Update adobe_flash_hacking_team_uaf
2015-07-15 18:18:04 -05:00
Marc-Andre Meloche
7520bc9a8a
Exported Killav into a post-exploitation module
...
I was unsure if this was the place to send the update.
2015-07-15 14:04:37 -04:00
William Vu
ea4a7d98b9
Land #5728 , Arch specification for psexec
2015-07-15 15:36:27 +00:00
jvazquez-r7
886ca47dfb
Land #5650 , @wchen-r7's browser autopwn 2
2015-07-15 10:21:44 -05:00
Christian Mehlmauer
b31c637c1b
Land #5533 , DSP-W110 cookie command injection
2015-07-15 11:22:33 +02:00
Christian Mehlmauer
21375edcb2
final cleanup
2015-07-15 11:21:39 +02:00
OJ
b6e25506d0
Add a common user agent list, use the shortest for Meterpreter
2015-07-15 13:03:47 +10:00
wchen-r7
4f8f640189
Rename autopwnv2 to just autopwn2
2015-07-14 17:38:51 -05:00
Brent Cook
a7d866bc83
specify the 'Arch' values that psexec supports
2015-07-14 15:45:52 -06:00
wchen-r7
8384be6466
Fix rand_text_alpha and bump max exploit count to 21
2015-07-14 01:02:01 -05:00
Brent Cook
a2bdd0bab9
Land #5541 , add more compat fixed-cmd 64-bit BSD payloads
...
Merge branch 'land-5541-bsd-shellcode' into upstream-master
2015-07-13 21:01:55 -05:00
h00die
57f62ffa76
changed URI to TARGETURI as per comments
2015-07-13 20:18:45 -04:00
Brent Cook
07d05828d0
Land #5688 , remove msfcli
2015-07-13 15:27:38 -05:00
William Vu
0a5119a4ac
Land #5702 , vprint_* optional parameter
2015-07-13 18:47:22 +00:00
William Vu
53bcee011b
Land #5709 , s/Filed/Failed/ typo fixes
2015-07-13 18:37:46 +00:00
William Vu
405261df4f
Land #5710 , php_wordpress_total_cache removal
...
Deprecated.
2015-07-13 18:33:12 +00:00
William Vu
3feef639b9
Land #5711 , php_wordpress_optimizepress removal
...
Deprecated.
2015-07-13 18:32:37 +00:00
William Vu
6e12cbf98f
Land #5712 , php_wordpress_lastpost removal
...
Deprecated.
2015-07-13 18:31:31 +00:00
William Vu
dd188b1943
Land #5713 , php_wordpress_infusionsoft removal
...
Deprecated.
2015-07-13 18:31:01 +00:00
William Vu
ecca1c29f2
Land #5714 , php_wordpress_foxypress removal
...
Deprecated.
2015-07-13 18:30:28 +00:00
wchen-r7
e4e9ac9d28
Remove cold_fusion_version, use coldfusion_version instead
...
Please use auxiliary/scanner/http/coldfusion_version instead.
2015-07-13 12:56:46 -05:00
wchen-r7
4960e64597
Remove php_wordpress_foxypress, use wp_foxypress_upload
...
Please use exploit/unix/webapp/wp_foxypress_upload instead.
2015-07-13 12:53:34 -05:00
wchen-r7
dfbeb24a8f
Remove php_wordpress_infusionsoft, use wp_infusionsoft_upload
...
Please use exploit/unix/webapp/wp_infusionsoft_upload instead.
2015-07-13 12:51:48 -05:00
wchen-r7
b80427aed2
Remove php_wordpress_lastpost, use wp_lastpost_exec instead.
...
Please use exploit/unix/webapp/wp_lastpost_exec instead
2015-07-13 12:49:27 -05:00
wchen-r7
90cc3f7891
Remove php_wordpress_optimizepress, use wp_optimizepress_upload
...
Please use exploit/unix/webapp/wp_optimizepress_upload instead.
2015-07-13 12:45:39 -05:00
wchen-r7
4177cdacd6
Remove php_wordpress_total_cache, please use wp_total_cache_exec
...
The time is up for exploit/unix/webapp/php_wordpress_total_cache,
please use exploit/unix/webapp/wp_total_cache_exec instead.
2015-07-13 12:41:29 -05:00
wchen-r7
884b779b36
Land #5593 , CVE-2015-1155 Safari file:// Redirection Sandbox Escape
2015-07-13 11:28:39 -05:00
Mo Sadek
6a5645d747
Changed "Filed" to "Failed" in multiple files
2015-07-13 11:21:20 -05:00
Mo Sadek
d1f23c54c7
Changed Filed to Failed on line 43 in java_rmi_registry.rb
2015-07-13 10:33:15 -05:00
wchen-r7
e638d85f30
Merge branch 'upstream-master' into bapv2
2015-07-12 02:01:09 -05:00
h00die
8819674522
updated per feedback from PR
2015-07-11 21:03:02 -04:00
g0tmi1k
d795b2f831
Module cleanup
2015-07-11 19:40:21 +01:00
g0tmi1k
14d0d456f4
Fix FileZilla perm loot bug
2015-07-11 19:11:59 +01:00
g0tmi1k
c92d0d9df6
Fix FileZilla Server
2015-07-11 18:14:55 +01:00
wchen-r7
f7ce6dcc9f
We agreed to Normal
2015-07-11 02:07:18 -05:00
wchen-r7
0ff7333090
Lower the ranking for CVE-2015-5122
...
As an initial release we forgot to lower it.
2015-07-11 02:05:56 -05:00
wchen-r7
1289ec8863
authors
2015-07-11 01:38:21 -05:00
wchen-r7
6eabe5d48c
Update description
2015-07-11 01:36:26 -05:00
wchen-r7
54fc712131
Update Win 8.1 checks
2015-07-11 01:33:23 -05:00
jvazquez-r7
6f0b9896e1
Update description
2015-07-11 00:56:18 -05:00
jvazquez-r7
115549ca75
Delete old check
2015-07-11 00:42:59 -05:00
jvazquez-r7
63005a3b92
Add module for flash CVE-2015-5122
...
* Just a fast port for the exploit leaked
* Just tested on win7sp1 / IE11
2015-07-11 00:28:55 -05:00
Brent Cook
7d55e86bdc
Land #5691 , bump to metasploit-payloads-1.0.6
2015-07-10 22:30:44 -05:00
Brent Cook
226137896e
updated cached payload sizes
2015-07-10 22:30:20 -05:00
h00die
bff92f2304
Initial add
2015-07-10 21:13:12 -04:00
jvazquez-r7
5a045677bc
Add waiting message
2015-07-10 18:48:46 -05:00
jvazquez-r7
8d52c265d9
Delete wfsdelay
2015-07-10 18:46:27 -05:00
jvazquez-r7
63e91fa50f
Add reference
2015-07-10 18:46:06 -05:00
jvazquez-r7
677cd97cc2
Update information
2015-07-10 18:39:11 -05:00
jvazquez-r7
6c6a778218
Modify arkeia_agent_exec title
2015-07-10 18:38:25 -05:00
jvazquez-r7
4995728459
Modify arkeia_agent_exec ranking
2015-07-10 18:37:24 -05:00
jvazquez-r7
858f63cdbf
Land #5693 , @xistence VNC Keyboard EXEC module
2015-07-10 18:35:44 -05:00
jvazquez-r7
1326a26be5
Do code cleanup
2015-07-10 18:35:13 -05:00
jvazquez-r7
917282a1f1
Fix ranking
2015-07-10 17:49:15 -05:00
jvazquez-r7
e063e26627
Land #5689 , @xistence's module for Western Digital Arkeia command injection
2015-07-10 17:11:35 -05:00
jvazquez-r7
bdd8b56336
fix comment
2015-07-10 16:28:20 -05:00
jvazquez-r7
95ae7d8cae
Fix length limitation
2015-07-10 16:24:49 -05:00
Mo Sadek
3347b90db7
Land #5676 , print_status with ms14_064
2015-07-10 14:40:49 -05:00
jvazquez-r7
29a497a616
Read header as 6 bytes
2015-07-10 14:25:57 -05:00
jvazquez-r7
bed3257a3f
Change default HTTP_DELAY
2015-07-10 12:50:26 -05:00
jvazquez-r7
c9d2ab58d3
Use HttpServer::HTML
...
* And make the exploit Aggressive
2015-07-10 12:48:21 -05:00
jvazquez-r7
e1192c75a9
Fix network communication on `communicate`
...
* Some protocol handling just to not read amounts of data blindly
2015-07-10 11:57:48 -05:00
Tod Beardsley
9206df077f
Land #5694 , R7-2015-08
2015-07-10 11:42:57 -05:00
jvazquez-r7
9ba515f185
Fix network communication on `check`
...
* Some protocol handling just to not read amounts of data blindly
2015-07-10 11:32:49 -05:00
HD Moore
728b338593
Give msftidy a cookie
2015-07-10 11:28:10 -05:00
HD Moore
cf4b18700d
Fix CVE reference
2015-07-10 11:14:59 -05:00
jvazquez-r7
c70be64517
Fix version check
2015-07-10 10:57:55 -05:00
jvazquez-r7
34a6984c1d
Fix variable name
2015-07-10 10:44:38 -05:00
jvazquez-r7
2c7cc83e38
Use single quotes
2015-07-10 10:34:47 -05:00
jvazquez-r7
f66cf91676
Fix metadata
2015-07-10 10:33:02 -05:00
xistence
b916a9d267
VNC Keyboard Exec
2015-07-10 14:08:32 +07:00
xistence
13a69e4011
X11 Keyboard Exec
2015-07-10 13:57:54 +07:00
xistence
52d41c8309
Western Digital Arkeia 'ARKFS_EXEC_CMD' <= v11.0.12 Remote Code Execution
2015-07-10 09:51:28 +07:00
wchen-r7
f59c99e2ff
Remove msfcli, please use msfconsole -x instead
...
msfcli is no longer supported, please use msfconsole.
Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
Michael Messner
d7beb1a685
feedback included
2015-07-09 08:31:11 +02:00
HD Moore
67666160e8
Add patched server detection
2015-07-08 13:47:59 -05:00
HD Moore
25e0f888dd
Initial commit of R7-2015-08 coverage
2015-07-08 13:42:11 -05:00
wchen-r7
a3ec56c4cb
Do it in on_request_exploit because it's too specific
2015-07-08 12:32:38 -05:00
wchen-r7
cefbdbb8d3
Avoid unreliable targets
...
If we can't garantee GreatRanking on specific targets, avoid them.
2015-07-08 12:12:53 -05:00
Brent Cook
c86d16ffb6
update payload sizes
2015-07-07 23:15:57 -05:00
Brent Cook
23abc288c8
Resolved conflicts with master
2015-07-07 22:34:30 -05:00
wchen-r7
6a33807d80
No Chrome for now
2015-07-07 15:56:58 -05:00
jvazquez-r7
f8b668e894
Update ranking and References
2015-07-07 15:43:02 -05:00
Tod Beardsley
116c3f0be1
Add CVE as a real ref, too
2015-07-07 14:46:44 -05:00
Tod Beardsley
3d630de353
Replace with a real CVE number
2015-07-07 14:44:12 -05:00
cldrn
d3902771b6
Fixes call to the credentials API and adds version info
2015-07-07 13:48:16 -05:00
wchen-r7
fdb715c9dd
Merge branch 'upstream-master' into bapv2
2015-07-07 13:45:39 -05:00
jvazquez-r7
829b08b2bf
Complete authors list
2015-07-07 12:49:54 -05:00
wchen-r7
49effdf3d1
Update description
2015-07-07 12:46:02 -05:00
wchen-r7
d885420aff
This changes the version requirement for adobe_flash_hacking_team_uaf.rb
...
Because it works for Win 8.1 + IE11 too
2015-07-07 12:42:56 -05:00
wchen-r7
d30688b116
Add more requirement info
2015-07-07 12:33:47 -05:00
jvazquez-r7
d9aacf2d41
Add module for hacking team flash exploit
2015-07-07 11:19:48 -05:00
wchen-r7
c37b60de7b
Do some print_status with ms14_064
2015-07-07 00:57:37 -05:00
wchen-r7
9a1500ee96
Change module name a little bit, makes it easier to find in GUI
2015-07-06 22:31:07 -05:00
wchen-r7
4a70e23f9a
Add ExploitReloadTimeout datastore option
...
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
2015-07-06 19:20:15 -05:00
Spencer McIntyre
e16cd08599
Update the payload CachedSize
2015-07-06 17:16:56 -04:00
Spencer McIntyre
2a89e248d7
Pymet fix send uuid logic for Python 3.x
2015-07-06 11:20:34 -04:00
Tod Beardsley
3d30cef58e
Land #5668 , I don't know how to avoif things
2015-07-06 09:24:18 -05:00
Michael Messner
5b6ceff339
mime message
2015-07-06 15:00:12 +02:00
Donny Maasland
a9edfa1b4b
Fix a small typo
2015-07-06 13:37:36 +02:00
joev
133e221dcd
Remove unnecessary steps.
2015-07-05 19:00:58 -05:00
joev
c993c70006
Remove sleep(), clean up WritableDir usage.
2015-07-05 18:59:00 -05:00
HD Moore
d2063c92e1
Refactor datastore names to match standards
2015-07-05 18:21:45 -05:00
joev
72a1e9ad99
Add module for rootpipe+entitlements exploit for 10.10.3.
2015-07-05 18:19:46 -05:00
joev
b577f79845
Fix some bugs in the safari file navigation module.
2015-07-05 16:46:18 -05:00
Ben Lincoln
6e9a477367
Removed reference URL for the report to the vendor, as it is no
...
longer valid.
2015-07-03 13:48:24 -07:00
Ben Lincoln
02ace9218b
Added handling for HTTP 401 (Authorization Required) response from target.
...
Added Exploit DB entries to references list.
Minor change to description text for clarity.
2015-07-03 13:36:44 -07:00
Spencer McIntyre
632bcda345
Land #5652 , improve LAPS filter to reduce empty results
2015-07-03 15:02:39 -04:00
Spencer McIntyre
29d45e3b18
Pymet patch in timeout info on generate_stage
2015-07-03 14:12:29 -04:00
HD Moore
43d47ad83e
Port BAPv2 to Auxiliary
2015-07-02 15:29:24 -05:00
David Maloney
e843db78dc
put rhost option back
...
it is needed for the wmic query that
creates the shadowcopy
MSP-12867
2015-07-02 14:46:40 -05:00
David Maloney
7b2b526ea1
deregister unwated options
...
deregister mixin options that we don't need
for this module
2015-07-02 14:33:21 -05:00
William Vu
8892cbdd10
Fix some minor things
2015-07-02 14:32:16 -05:00
David Maloney
cc51d1e8fd
use registry data for VSS grab
...
use the location data we got from the registry for copying
the NTDS.dit file correctly with the VSS method
2015-07-02 14:27:51 -05:00
David Maloney
89d283da09
check registry for ntds location
...
check the registry for the location of the ntds.dit
file
MSP-12867
2015-07-02 14:07:47 -05:00
Tod Beardsley
95f19e6f1f
Minor description edits for clarity
...
Edited modules/exploits/multi/browser/adobe_flash_nellymoser_bof.rb
first landed in #5642 , Adobe Flash CVE-2015-3113 Nellymoser Audio
Decoding BOF
Edited modules/post/windows/gather/credentials/enum_laps.rb first landed
in #5590 , @Meatballs1 adds MS LAPS Enum post mod
Edited modules/post/windows/gather/enum_ad_bitlocker.rb first landed in
Keys from AD
2015-07-02 13:51:37 -05:00
HD Moore
87e6325737
Revert BAPv2 changes to framework/libraries/handlers
2015-07-02 12:10:21 -05:00
David Maloney
42daf4d38b
fix up ordering of pre-checks
...
i hate early returns, but we need to bail out early
if some of these checks fail
MSP-12867
2015-07-02 11:52:02 -05:00
Josh Abraham
99c29052c7
Merge branch 'smb_enumuser_domain_storage' of github.com:jabra-/metasploit-framework into smb_enumuser_domain_storage
2015-07-02 08:24:04 -04:00
Josh Abraham
dfa71a2b44
update to store creds using the new method
2015-07-02 08:22:21 -04:00
Donny Maasland
e355e56539
Add check
2015-07-02 10:54:44 +02:00
Meatballs
8a3873d730
Tweak filter to reduce empty results
2015-07-02 09:53:08 +01:00
wchen-r7
2957924c78
Merge branch 'upstream-master' into bapv2
2015-07-02 01:46:31 -05:00
wchen-r7
49d3b275b2
Land #5648 , Update CVE-2015-3043 info
2015-07-02 01:36:26 -05:00
Spencer McIntyre
a37ac1b089
Land #5590 , @Meatballs1 adds MS LAPS Enum post mod
2015-07-01 21:19:15 -04:00
Daniel Jensen
3f5721f5be
Fixed identified issues.
2015-07-02 13:06:03 +12:00
jvazquez-r7
3b9ba189f7
Add CVE-2015-3043 information
2015-07-01 19:56:35 -05:00
wchen-r7
8051a99f4a
Merge branch 'upstream-master' into bapv2
2015-07-01 18:45:42 -05:00
wchen-r7
32d5e7f3de
Land #5642 , Adobe Flash CVE-2015-3113 Nellymoser Audio Decoding BOF
2015-07-01 18:44:38 -05:00
wchen-r7
93c74efb97
Add Ubuntu as a tested target
2015-07-01 18:43:22 -05:00
Mo Sadek
1c5abec97a
Land #5632 , mozilla_reduceright nil fix
2015-07-01 15:56:31 -05:00
jvazquez-r7
ee118aa89d
Fix description
2015-07-01 13:30:22 -05:00
jvazquez-r7
1de94a6865
Add module for CVE-2015-3113
2015-07-01 13:13:57 -05:00
Ben Lincoln
db721dff8e
Cleaned up double-negative logic.
...
Decreased default HTTPClientTimeout to 5 seconds.
2015-07-01 09:34:11 -07:00
Ben Lincoln
6ceb734972
Replaced standard option TIMEOUT with advanced option
...
HTTPClientTimeout per void-in's request.
Added handling for HTTP 404 response condition from server.
2015-07-01 09:04:15 -07:00
Donny Maasland
56c3102603
That's what you get for making edits on github.com..
2015-07-01 17:51:57 +02:00
Donny Maasland
4847fb9830
Add a neater powershell command
2015-07-01 17:47:47 +02:00
Donny Maasland
822a46fee6
Merge branch 'master' of github:dmaasland/metasploit-framework
2015-07-01 17:47:33 +02:00
Donny Maasland
4f72df3202
Create a neater powershell command
2015-07-01 17:47:08 +02:00
Donny Maasland
ffe710af2d
Update registry_persistence.rb
...
Omg spaces
2015-07-01 17:21:12 +02:00
Donny Maasland
26e3ec0a5f
Add a switch for creating a cleanup rc file
2015-07-01 17:06:16 +02:00
Donny Maasland
20708ebc82
Add a check to prevent accidental deletion of existing registry keys
2015-07-01 16:45:03 +02:00
Donny Maasland
2e48bae71c
fixes
2015-07-01 16:15:13 +02:00