Commit Graph

18761 Commits (caf848ddf4d432851ceacd34511ebad8f156d3a4)

Author SHA1 Message Date
wchen-r7 9364982467
Land #5665, Add osx rootpipe entitlements exploit for 10.10.3 2015-08-28 13:33:16 -05:00
jvazquez-r7 9c7f97d124
Fix methods name schema 2015-08-28 13:26:52 -05:00
wchen-r7 e45347e745 Explain why vulnerable 2015-08-28 13:26:01 -05:00
wchen-r7 423d52476d Normal options should be all caps 2015-08-28 13:24:23 -05:00
jvazquez-r7 be7db10e7d
Fix busybox_write_file 2015-08-28 13:15:07 -05:00
jvazquez-r7 c4a3b4f18e
Add busy_box_file_exist? 2015-08-28 11:56:12 -05:00
wchen-r7 29e92aaabe
Land #5806, WordPress Subscribe Comments File Read Vuln 2015-08-28 11:52:59 -05:00
wchen-r7 62e6b23b4c Typo 2015-08-28 11:52:13 -05:00
jvazquez-r7 8faf6f9cd0
Fix require 2015-08-28 11:51:26 -05:00
jvazquez-r7 e62b117fda
Include mixin correctly 2015-08-28 11:50:17 -05:00
jvazquez-r7 132f5c6a20
Review jailbreak 2015-08-28 11:44:57 -05:00
jvazquez-r7 e7f486e43a
Review wget_exec 2015-08-28 11:24:41 -05:00
jvazquez-r7 edc9982c8b
Review smb_share_root 2015-08-28 11:18:49 -05:00
jvazquez-r7 c2639fc138
Review set_dns 2015-08-28 11:00:46 -05:00
jvazquez-r7 4523608bf7
Review set_dmz 2015-08-28 10:43:09 -05:00
Stuart Morgan b59bc30160 Fixed stupid bracket error 2015-08-28 16:13:22 +01:00
jvazquez-r7 0e810aa8bc
Clean ping_net 2015-08-28 09:53:31 -05:00
Stuart Morgan 8bf815c4bb rubocop 2015-08-28 15:39:02 +01:00
jvazquez-r7 42b342d615
Clean enum_hosts 2015-08-28 09:37:18 -05:00
jvazquez-r7 dfdb4fe044
Review enum_connections 2015-08-28 09:28:12 -05:00
jvazquez-r7 577656a78e
Change modules location 2015-08-28 09:17:23 -05:00
Stuart Morgan b8b68983b0 Merge remote-tracking branch 'upstream/master' into adsi_group_enum_improvements 2015-08-28 15:11:27 +01:00
Stuart Morgan f371a1c4fc Added the ability to list AD groups by POST module 2015-08-28 15:10:48 +01:00
Stuart Morgan 8682ec77c5 Added group filtering to the enum_ad_users module 2015-08-28 15:10:27 +01:00
wchen-r7 e651f3f70e
Land #5886, ensure disconnect in sid_brute.rb, method #do_sid_check 2015-08-27 17:53:55 -05:00
wchen-r7 11db9c2112
Land #5896, Update ms15_004_tswbproxy to use a Reflective DLL 2015-08-27 17:11:26 -05:00
wchen-r7 e82bd10817 Add aux module to be able to open android meterpreter from a browser 2015-08-27 14:36:55 -05:00
Brent Cook a8dd89cc0d update cached payload sizes 2015-08-27 11:43:38 -05:00
Brent Cook 593f501571 finish move of php / python meterpreters to metasploit-payloads 2015-08-27 11:34:22 -05:00
Muhamad Fadzil Ramli 1b4f4fd225
remove url reference 2015-08-27 19:47:37 +08:00
HD Moore a2d5511e39
Land #5379, new post modules to load into powershell sessions 2015-08-26 17:11:40 -05:00
jvazquez-r7 da4b360202
Fix typo 2015-08-26 15:29:34 -05:00
jvazquez-r7 5d0ed797a3
Update DLL 2015-08-26 15:15:32 -05:00
jvazquez-r7 dd529013f6
Update ruby side 2015-08-26 15:12:09 -05:00
JT ff868f9704 Update w3tw0rk_exec.rb 2015-08-26 23:51:09 +08:00
JT 3f6c04a445 Update w3tw0rk_exec.rb 2015-08-26 23:48:31 +08:00
JT 16341d34a2 Update w3tw0rk_exec.rb 2015-08-26 23:34:29 +08:00
JT 892f427664 Update w3tw0rk_exec.rb
removed w3tw0rk_login
2015-08-26 09:18:15 +08:00
JT 6edba2cdc8 Update w3tw0rk_exec.rb 2015-08-26 09:11:30 +08:00
Brent Cook 6c89d0997c
Land #5855, android offline collection support 2015-08-25 17:44:51 -05:00
Brent Cook ca8353e1aa update to metasploit-payloads 1.0.9 2015-08-25 17:44:01 -05:00
JT c77226c354 Update w3tw0rk_exec.rb 2015-08-26 01:28:07 +08:00
JT 25fb325410 w3tw0rk / Pitbul IRC Bot Remote Code Execution 2015-08-26 01:22:55 +08:00
jvazquez-r7 8785083722
Ensure disconnect 2015-08-24 12:36:15 -05:00
Brent Cook 5633c1431f
Land #5821, add explicit 64-bit pointer support to enum_cred_store 2015-08-24 09:44:36 -05:00
Brent Cook 2860ecdfaf
Land #5876, fixup format for storing ssh banners 2015-08-24 09:35:52 -05:00
Brent Cook b1ef560264
Merge payload_inject 64-bit inject fix from @Meatballs1 2015-08-24 09:26:00 -05:00
Muhamad Fadzil Ramli 03b1ad7491
add reference info 2015-08-24 11:18:26 +08:00
Muhamad Fadzil Ramli 73cb1383d2
amend banner info for check 2015-08-24 10:55:43 +08:00
Meatballs 1c91b126f1
X64 compat for payload_inject 2015-08-23 22:03:57 +01:00
Meatballs 228087dced
Initial working scripthost bypass uac 2015-08-23 20:16:15 +01:00
Muhamad Fadzil Ramli 7587319602
run rubocop & msftidy 2015-08-23 23:32:30 +08:00
Muhamad Fadzil Ramli a5daa5c9be
added module descriptions 2015-08-23 23:12:41 +08:00
Muhamad Fadzil Ramli 91a7531af8
konica minolta ftp server post auth cwd command exploit 2015-08-23 21:49:26 +08:00
jvicente b37efd29b0 Modified module busybox_pingnet.rb to avoid sending an ash script but executing each ping command separately. Added some fixes. Modified spec file for busybox.rb. 2015-08-23 12:17:17 +02:00
wchen-r7 fb2adb2e51 Check blank bullprop, also better instructions for the user. 2015-08-23 02:20:51 -05:00
wchen-r7 0f3e96b457
Merge branch 'upstream-master' into pr5416 2015-08-22 22:10:56 -05:00
wchen-r7 b99f5bc672
Land #5874, Consistency and API conformance changes to LES 2015-08-22 21:57:24 -05:00
HD Moore 1e6c53b430 Correct the storage of ssh banners in service.info 2015-08-22 01:21:15 -05:00
jvazquez-r7 1558fabdb2
Land #5844, @joevennix updates apple_safari_webarchive_uxss to use the webarchive mixin 2015-08-21 17:27:56 -05:00
HD Moore d264802ce0 Consistency and API conformance changes to LES 2015-08-21 12:38:58 -05:00
wchen-r7 4a91dfdcf5
Land #5873, report_note for local_exploit_suggester 2015-08-20 17:52:33 -05:00
Mo Sadek b20a283617 Added report_note to suggester 2015-08-20 13:57:16 -05:00
wchen-r7 dc1e7e02b6
Land #5853, Firefox 35-36 RCE one-click exploi 2015-08-20 13:27:21 -05:00
wchen-r7 45c7e4760a Support x64 payloads 2015-08-20 02:09:58 -05:00
jvazquez-r7 182c1bc7fe
Disconnect socket when login fails 2015-08-17 18:20:04 -05:00
Brent Cook 6b94513a37
Land #5860, add tpwn OS X local kernel exploit (https://github.com/kpwn/tpwn) 2015-08-17 17:41:04 -05:00
William Vu 26165ea93f Add tpwn module 2015-08-17 17:11:11 -05:00
Brent Cook b17d8f8d49
Land #5768, update modules to use metasploit-credential 2015-08-17 17:08:58 -05:00
jvicente a9ad7b7c6f Modifications to use cmd_exec instead of session.shell_write.
Refactoring of common functions to a new Post mixin /lib/msf/core/post/linux/busybox.rb.
2015-08-17 18:24:22 +02:00
jvazquez-r7 a5bed0198a
Use each_char 2015-08-17 11:08:40 -05:00
jvazquez-r7 e7433b81bd
Reuse architecture check 2015-08-17 10:28:10 -05:00
Brent Cook 5dd015150c
Land #5748, refactor google geolocate, add wlan_geolocate and send_sms to android meterpreter 2015-08-16 10:58:17 -05:00
benpturner 8800d89424 Updated to reflect HD's comments on indents and name of local script. 2015-08-16 10:47:20 +01:00
joev 98e2d074c3 Add disclosure date. 2015-08-15 20:09:41 -05:00
joev a133e98ba5 Adds a ff 35-36 RCE vector based off the recent ff bug. 2015-08-15 20:02:00 -05:00
Brent Cook 9720e8e081 normalize osx to darwin so python meterp works 2015-08-15 19:49:55 -05:00
Brent Cook 422bba87d3 style fixes, moved google_geolocate to google/geolocate 2015-08-15 19:49:32 -05:00
HD Moore 42e08cbe07 Fix bad use of get_profile (now browser_profile) 2015-08-14 19:50:42 -05:00
jvazquez-r7 c02df6b39d
Land #5800, @bperry's Symantec Endpoint Protection Manager RCE module 2015-08-14 17:03:48 -05:00
jvazquez-r7 b33abd72ce
Complete description 2015-08-14 17:03:21 -05:00
jvazquez-r7 4aa3be7ba2
Do ruby fixing and use FileDropper 2015-08-14 17:00:27 -05:00
jvazquez-r7 ddb7224160
Land #5847, @todb-r7 on behalf of anonymous contributor, exploit for FF CVE-2015-4495
* To exfiltrate arbitrary files
* Tested successfully on linux
2015-08-14 14:57:28 -05:00
jvazquez-r7 a560496455 Do minor ruby style fixes 2015-08-14 14:50:03 -05:00
jvazquez-r7 82193f11e7 Minor js fixes 2015-08-14 14:45:48 -05:00
Brent Cook 0a4651a553
Land #5359, add PuTTY session enumeration module 2015-08-14 13:20:05 -05:00
jvazquez-r7 b908f41b0f
Land #5838, @bcook-r7's fixes for paylaod cached sizes 2015-08-14 12:39:58 -05:00
Tod Beardsley e4cb6872f2
Add exploit for CVE-2015-4495, Firefox PDF.js 2015-08-14 12:07:15 -05:00
Brent Cook 6b1e911041 Instantiate payload modules so parameter validation occurs
Calling .new on payload modules does not perform parameter validation, leading
to a number cached sizes based on invalid parameters. Most notably,
normalization does not occur either, which makes all OptBool params default to
true.
2015-08-14 11:35:39 -05:00
Stuart Morgan ee7c418ca8 Rubocop and msftidy-ied :-) 2015-08-14 17:19:07 +01:00
Stuart Morgan 02a58d459b Merge remote-tracking branch 'upstream/master' into pageant_extension 2015-08-14 17:05:38 +01:00
Stuart Morgan e2b6c11a3e Update 2015-08-14 16:24:52 +01:00
joev 0615d908c4 Update description to explain quarantine effects. 2015-08-13 23:46:37 -05:00
joev 84144bf6cf Update webarchive_uxss to use the webarchive mixin.
- Fixes extension installation to use a new window, not an iframe
- Steals the entire cookie file
- Removes cache poisoning scripts, which no longer seem to work
2015-08-13 23:41:27 -05:00
Spencer McIntyre 33f1324fa9
Land #5813, @jakxx adds VideoCharge SEH file exploit 2015-08-13 18:01:25 -04:00
jakxx e9d3289c23 EXITFUNC caps 2015-08-13 17:25:31 -04:00
jakxx 6e1c714b2b Update to leverage auto-NOP generation 2015-08-13 17:24:18 -04:00
jakxx 361624161b msftidy 2015-08-13 16:27:27 -04:00
jakxx 03eb2d71b2 Add watermark fileformat exploit 2015-08-13 16:26:17 -04:00
William Vu f19186adda
Land #5841, homm3_h3m default target change 2015-08-13 14:54:58 -05:00
Tod Beardsley 02c6ea31bb
Use the more recent HD version as default target 2015-08-13 14:42:21 -05:00
Christian Mehlmauer 80a22412d9 use EXITFUNC instead of ExitFunction 2015-08-13 21:22:32 +02:00
William Vu 605a14350f
Land #5833, sshexec improvements 2015-08-13 14:16:22 -05:00
William Vu 3bd6c4cee4 Add a comma 2015-08-13 14:16:09 -05:00
Mo Sadek 677ec341dd
Land #5839, pre-bloggery cleanup edits 2015-08-13 13:43:57 -05:00
William Vu c94a185610
Land #5697, Werkzeug debug RCE 2015-08-13 13:32:27 -05:00
William Vu d54ee19ce9 Clean up module 2015-08-13 13:32:22 -05:00
Jon Hart 61e23ad23e
Switch back to ::Net::DNS::Packet.new 2015-08-13 11:29:56 -07:00
Jon Hart 9f2c62d4ce
Use query_name instead of datastore 2015-08-13 11:17:27 -07:00
Tod Beardsley bb4116ed9d
Avoid msftidy.rb rule breaking on missing newline 2015-08-13 12:38:05 -05:00
Tod Beardsley 50041fad2a
Pre-Bloggery cleanup
Edited modules/auxiliary/gather/lansweeper_collector.rb first landed in
and minor description word choice changes.

Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
options. Also removed from the description the missing options of
'WhiteList' and 'RealList' -- those don't appear to be available
according to `show options` and `show advanced`, @wchen-r7.

Edited modules/post/multi/recon/local_exploit_suggester.rb first landed
in #5823, mv local_exploit_{suggestor,suggester} for minor description
cleanup and axing the description of the SHOWDESCRIPTION option (it's
already described identically on the option itself).
2015-08-13 12:33:04 -05:00
Jon Hart 3a7cea51b4
Merge master and fix Net::DNS::RR merge conflicts 2015-08-13 08:53:25 -07:00
jakxx e7566d6aee Adding print_status line 2015-08-12 16:08:04 -04:00
Spencer McIntyre 28fbb7cdde Update the description of the sshexec module 2015-08-12 16:05:09 -04:00
Spencer McIntyre dfe2bbf1e9 Add a python target to the sshexec module 2015-08-12 15:46:47 -04:00
Christian Mehlmauer 979d7e6be3
improve module 2015-08-12 15:37:37 +02:00
jakxx 2b225b2e7e Added changes per feedback
Updated to include and use seh mixin
changed offset and space for reliability
got rand_text buffer junk working
removed double spaces and stupid fillers in file data
2015-08-12 01:34:45 -04:00
William Vu 80f415074b
Land #5823, mv local_exploit_{suggestor,suggester} 2015-08-11 13:52:55 -05:00
Mo Sadek 7f0d992914 Fixed name typo 2015-08-11 11:51:52 -05:00
jakxx 4c28cae5d1 updated to include recommendation from @zerosteiner 2015-08-10 18:38:23 -04:00
jvazquez-r7 203c231b74
Fix #5659: Update CMD exploits payload compatibility options 2015-08-10 17:12:59 -05:00
jvazquez-r7 76f6312fab Fix #3916 Support 64 bits targets on enum_cred_store 2015-08-10 15:16:12 -05:00
jvicente 5ff61ca5f3 Added modules to jailbreak and control remotely BusyBox based devices. It was added to a word list with default credentials typically used by commercial routers. 2015-08-10 18:29:41 +02:00
jvazquez-r7 a611fff7bf
Use Rex::ThreadSafe.select on CVE-2015-1793 2015-08-08 07:43:39 -07:00
jvazquez-r7 c8ba5bb90c
Land #5513, @rcvalle's exploit for incomplete internal state distinction in JSSE 2015-08-08 07:41:53 -07:00
jvazquez-r7 2707b3b402
Use Rex::ThreadSafe.select 2015-08-08 07:40:19 -07:00
jvazquez-r7 a0eef3880a
Initialize version local variable 2015-08-08 07:35:37 -07:00
jvazquez-r7 bb74b6fecb
Fix data reading 2015-08-08 07:18:01 -07:00
jakxx 23f51bf265 specify junk data 2015-08-07 18:04:11 -04:00
jakxx 28ad0fccbd Added VideoCharge Studio File Format Exploit 2015-08-07 15:54:32 -04:00
jvazquez-r7 6fe7672732
Improve Rex sockets usage 2015-08-07 00:11:58 -07:00
Josh Abraham e96717950c refactored 2015-08-06 08:18:26 -04:00
jvazquez-r7 67f661823a
Land #5614, @cldrn's module to collect lansweeper credentials 2015-08-04 16:55:49 -05:00
jvazquez-r7 ed3f993b75
Do some style fixes 2015-08-04 16:41:15 -05:00
jvazquez-r7 0e3434ebad
Fix metadata 2015-08-04 16:28:50 -05:00
Roberto Soares 7bb4f9479f Added new reference and removed empty line. 2015-08-04 03:58:57 -03:00
Roberto Soares d9b6e9cc58 Changed res condition and some words. 2015-08-04 03:44:25 -03:00
Roberto Soares 19ceccd93a Added JSON parse output. 2015-08-04 03:13:11 -03:00
Roberto Soares f4679f5341 Added WP Mobile Pack Info Disclosure Vuln - Functional Module. 2015-08-04 02:21:26 -03:00
Roberto Soares d221e9d961 Added more references. 2015-08-03 02:46:54 -03:00
Roberto Soares e59e4828e4 Removed unnecessary DEPTH option. 2015-08-02 22:56:17 -03:00
Roberto Soares 514849bcdc Added WP Subscribe Comments File Read Vuln - Functional. 2015-08-02 21:24:52 -03:00
Brandon Perry 74ed8cf0c9 actually that didn't work 2015-08-02 18:57:13 -05:00
Brandon Perry 06754c36a4 unless, not if not 2015-08-02 18:51:23 -05:00
Brandon Perry 527eaea6ec single quotes and some error handling 2015-08-02 18:25:17 -05:00
Brandon Perry a33724667c small code cleanup 2015-08-02 16:36:41 -05:00
Brandon Perry 830aee8aa5 check if cookie is actually returned, and if not, fail 2015-08-02 15:22:40 -05:00
Brandon Perry a534008ba6 add some status lines 2015-08-02 15:03:59 -05:00
Brandon Perry fe20bc88ad remove badchars 2015-08-02 11:37:06 -05:00
Brandon Perry f7ceec36d0 set default RPORT and SSL 2015-08-02 08:59:36 -05:00
Brandon Perry a33dff637d exploit cve 2015-1489 to get SYSTEM 2015-08-02 08:31:03 -05:00
Brandon Perry 12ac6d81fa add markus as the discoverer specifically 2015-08-02 08:17:12 -05:00
Brandon Perry e70ec8c07b no need to store res for the later requests 2015-08-01 18:00:35 -05:00
Brandon Perry 272d75e437 check res before calling get_cookies 2015-08-01 17:58:41 -05:00
Meatballs 6f31183904
Fix VSS Persistance to check integrity level 2015-08-01 23:13:05 +01:00
Brandon Perry 47e86000ee randomize the file names 2015-08-01 16:50:06 -05:00
Brandon Perry 2bfc8e59be remove printline 2015-08-01 16:43:31 -05:00
Brandon Perry 0067d25180 add the sepm auth bypass rce module 2015-08-01 16:40:03 -05:00
Meatballs a6a8117e46 Revert "Land #5777, fix #4558 vss_persistence"
This reverts commit ba4b2fbbea, reversing
changes made to affc86bfd9.
2015-08-01 22:35:24 +01:00
Meatballs c197e5224d
Store loot 2015-08-01 20:52:25 +01:00
Meatballs deb6f5638e
Update WinSCP Gather
* Refactor parsing to common library to support command line tool
* Look in APPDATA not just ProgramFiles
* Iterate over user APPDATA
2015-08-01 20:44:14 +01:00
h00die eab9b3bf5b interpolation fix on secret 2015-08-01 14:39:12 -04:00
Tod Beardsley cebcf72a99
Add discoverer credit, blog ref, longer desc 2015-08-01 10:31:41 -05:00
h00die ceb49a51a6 thanks @espreto for help 2015-08-01 11:11:37 -04:00
William Vu fcb7981199 Add BIND TKEY DoS 2015-08-01 06:01:35 -05:00
wchen-r7 ba4b2fbbea
Land #5777, fix #4558 vss_persistence 2015-07-31 16:46:01 -05:00
jvazquez-r7 1ec960d8f9
Make the time to write flush configurable 2015-07-31 16:43:43 -05:00
Brent Cook affc86bfd9
Land #5779, make cachedump / lsa_secrets work on 64-bit windows 2015-07-31 16:25:47 -05:00
wchen-r7 672d83eaae
Land #5789, Heroes of Might and Magic III .h3m Map File Buffer Overflow 2015-07-31 15:43:43 -05:00
aakerblom 7c5e5f0f22 add crc32 forging for Heroes III demo target 2015-08-01 04:53:49 -07:00
aakerblom 7af83a112d fix unreliable address 2015-08-01 04:52:50 -07:00
aakerblom 908d6f946f added target Heroes III Demo 1.0.0.0 2015-07-31 18:19:37 -07:00
aakerblom 16042cd45b fix variable names in comment 2015-07-31 18:16:15 -07:00
aakerblom 66c92aae5d fix documentation 2015-07-31 17:12:50 -07:00
aakerblom 6fdd2f91ce rescue only Errno::ENOENT 2015-07-31 13:54:29 -07:00
aakerblom 6671df6672 add documentation 2015-07-31 13:53:56 -07:00
aakerblom 013201bd99 remove unneeded require 2015-07-31 13:49:27 -07:00
wchen-r7 629afd86fc
Land #5788, local exploit suggestor
Good luck getting Mr. Robot, Elliot.
2015-07-31 11:43:53 -05:00
William Vu 8e2e5d9bef
Land #5793, s/OSVBD/OSVDB/ 2015-07-31 10:20:45 -05:00
aakerblom 12a6bdb67b Add Heroes of Might and Magic III .h3m map file Buffer Overflow module 2015-07-31 02:06:47 -07:00
aakerblom d4c8d5884c Fix a small typo 2015-07-31 11:47:46 -07:00
Roberto Soares fdb2b008f9 Fix a small typo - OSVDB instead of OSVBD. 2015-07-31 02:23:19 -03:00
wchen-r7 34279776a6 Minor edit 2015-07-30 18:40:41 -05:00
wchen-r7 fc4fdba482 Merge branch 'suggestor' of https://github.com/MSadek-r7/metasploit-framework into pr5788 2015-07-30 18:31:49 -05:00
wchen-r7 08338b73b2 Add get_target_arch and get_target_os
We cannot use session.platform to fingerprint the target's platform
and arch, because it's not really meant to be used that way.
2015-07-30 18:26:41 -05:00
Greg Mikeska 3c394d673d
altered module to default
to replace RHOST with VHOST if it is defined.
MSP-11167
2015-07-30 16:25:15 -05:00
Mo Sadek af55ef7352 Added session.present? 2015-07-30 10:10:42 -05:00
Mo Sadek 7aa78dfd4e Revamped os, platform, arch detection. Added count for exploits being tried 2015-07-30 09:36:02 -05:00
Mo Sadek 1521c8f87e Reworded to no suggestions available 2015-07-29 17:40:27 -05:00
Mo Sadek 66489202fc Added error message if no exploits are found 2015-07-29 17:31:23 -05:00
Mo Sadek b58c6248fe Fixed ShowDescription bug 2015-07-29 16:52:06 -05:00
Mo Sadek 2cddfda0a0 wchen-r7's fixes, fixed indentation, removed newlines, added desc. 2015-07-29 16:13:50 -05:00
wchen-r7 54c5c6ea38 Another update 2015-07-29 14:31:35 -05:00
William Vu 61b2ca6675
Land #5781, Msf::Format::Webarchive rename 2015-07-29 13:38:42 -05:00
Mo Sadek c725f74d46 Add Local Exploit Suggestor
Resolve #5647
2015-07-29 13:19:51 -05:00
William Vu 55d395d237
Land #5785, @todb-r7's sticky_keys fixes 2015-07-29 12:54:27 -05:00
Tod Beardsley a342a9db10
Another sticky keys ref, from @carnal0wnage 2015-07-29 12:32:38 -05:00
Tod Beardsley 8043e5a88e
Add a reference to the sticky keys exploit 2015-07-29 12:31:43 -05:00
Tod Beardsley ee66cadde2
Don't use bullet points in descriptions
They never render correctly in anything other than a text editor.

modules/post/windows/manage/sticky_keys.rb first landed in #5760,
Sticky Keys post module
2015-07-29 12:29:09 -05:00
William Vu e6a932eadb
Land #5778, final cmdstager generic payload fix 2015-07-29 11:48:01 -05:00
William Vu ff9b975576
Land #5701, @g0tmi1k's filezilla_server refactor 2015-07-29 11:13:22 -05:00
jvazquez-r7 e966545e08
Fix mask 2015-07-29 09:13:37 -05:00
g0tmi1k 38e952ba07 Python -> Ruby 2015-07-29 10:55:28 +01:00
William Vu c46ce6c391
Land #5780, password_prompt fix for Telnet scanner 2015-07-28 17:54:43 -05:00
Josh Abraham 0f4b2e4226 description update 2015-07-28 15:31:51 -04:00
Josh Abraham 27e5557b67 set port using rport instead of only 445 2015-07-28 15:29:23 -04:00
Josh Abraham fafbc4db3f GPP enumeration via an AUX module 2015-07-28 15:21:33 -04:00
kn0 2415072c17 Replaced 'and' with '&&' 2015-07-28 14:14:25 -05:00
kn0 ee5e5b1e71 Fixed NoMethodError for .match on nil 2015-07-28 09:03:54 -05:00
HD Moore 7681d73e01 Relocate Webarchive into the Exploit namespace, fixes #5717 2015-07-28 04:11:17 -07:00
Brent Cook e53419a911 use password_prompt? not @password_prompt 2015-07-27 19:21:59 -05:00
jvazquez-r7 ab7ffb1a08
Fich cachedump 2015-07-27 17:26:53 -05:00
jvazquez-r7 704c8cadd9
Fix lsa_secrets 2015-07-27 16:19:01 -05:00
wchen-r7 768de00214 Automatically pass arch & platform from cmdstager
This allows the cmdstager mixin to automatically pass the arch
and platform information without changing the modules. This should
address the following tickets:

Fix #5727
Fix #5718
Fix #5761
2015-07-27 14:17:21 -05:00
jvazquez-r7 bf6975c01a
Fix #4558 by restoring the old wmicexec 2015-07-27 14:04:10 -05:00
Fabien 3fd18e4844 Update soap_addportmapping.rb 2015-07-26 21:57:49 +02:00
Fabien 1210183930 Update soap_addportmapping.rb 2015-07-26 21:41:47 +02:00
Fabien 8dbd51ae38 Update soap_addportmapping.rb 2015-07-26 20:59:43 +02:00
Fabien fba81fc539 Create soap_addportmapping.rb 2015-07-26 20:59:04 +02:00
wchen-r7 2d0a26ea8b
Land #5774, Fix URIPATH=/ and stack trace on missing ntdll version match 2015-07-25 17:54:49 -05:00
HD Moore a7b5890dc5 Fix URIPATH=/ and stack trace on missing ntdll version match 2015-07-25 15:39:20 -07:00
h00die 4561241609 updates per @jvazquez-r7 comments 2015-07-24 20:34:40 -04:00
Brent Cook 347f48b0ec
Land #5762, adjust PHP stager to work in and outside of eval() 2015-07-24 17:43:26 -05:00
Brent Cook c30127cfe8
Land #5729, add user-agent list, MeterpreterUserAgent derives from this
Later PRs will convert modules to use this. A random user agent might be nice
for meterpreter actually.
2015-07-24 17:39:30 -05:00
jvazquez-r7 e231664b97
Land #5746, @pedrib's Fix sysaid rdslogs file upload on Linux 2015-07-24 16:15:13 -05:00
jvazquez-r7 2c9183fa56
Return check code 2015-07-24 16:14:43 -05:00
jvazquez-r7 18636e3b9b
Land #5739, @wchen-r7 fixes #5738 updating L/URI HOST/PORT options 2015-07-24 15:45:31 -05:00
jvazquez-r7 a163606513
Delete unused SLEEP option 2015-07-24 15:29:56 -05:00
jvazquez-r7 1b1ac09d2a Merge to solve conflicts 2015-07-24 15:24:29 -05:00
jvazquez-r7 ec7bf606c6
Land #5735, @rcvalle's for CVE-2015-1793 OpenSSL mitm 2015-07-24 14:38:27 -05:00
jvazquez-r7 45b4334006
Use Rex::Socket::SslTcpServer
* Also add rex sockets managing
2015-07-24 11:16:09 -05:00
William Vu eb8f5c0880
Land #5771, moved vmessage nil fix 2015-07-24 11:03:45 -05:00
William Vu 10783d60cd
Land #5763, generate_payload_exe merged opts fix 2015-07-24 10:56:29 -05:00
wchen-r7 866a99ed07 This is better 2015-07-23 20:51:21 -05:00
wchen-r7 f5387ab3f2 Fix #5766, check res for send_request_raw
Fix #5766
2015-07-23 20:49:18 -05:00
wchen-r7 8bead5fde2 Modate update on using metasploit-credential
Update some more modules to usethe new cred API.
Also, make sure to always provide proof because that seems handy.
2015-07-23 18:07:19 -05:00
jvazquez-r7 218201b925
Land #5767, @todb-r7's fix for ZDI reference 2015-07-23 17:28:53 -05:00
William Vu 4dd2c31b44
Land #5760, Sticky Keys post module 2015-07-23 17:12:31 -05:00
William Vu 06ed7ba574 Add a comma 2015-07-23 17:12:17 -05:00
Tod Beardsley e32b3c71f4
Fix ZDI ref on sandbox escape module 2015-07-23 17:11:19 -05:00
OJ ebdbb179ce Last of the style fixes 2015-07-24 08:09:25 +10:00
OJ db7fadfc36 Fix indentation 2015-07-24 08:08:01 +10:00
OJ 616e1ddd68 Change enum to action, a couple of tidies 2015-07-24 08:01:58 +10:00
Samuel Huckins a818dc4460
Land #5657, misc fixes to domain_hashdump 2015-07-23 16:58:46 -05:00
OJ e60f590f09 Add DisplaySwitch.exe support with WINDOWS+P
As per @mubix's request.
2015-07-24 07:20:31 +10:00
wchen-r7 91fc213ddf More metasploit-credential update 2015-07-23 15:50:50 -05:00
William Vu 50c9293aab
Land #5758, OS X DYLD_PRINT_TO_FILE privesc 2015-07-23 13:21:23 -05:00
William Vu c1a9628332 Fix some fixes
So you can fix while you fix.
2015-07-23 12:59:20 -05:00
Tod Beardsley 6ededbd7a7
Un-ticking the output 2015-07-23 12:23:56 -05:00
Tod Beardsley 9d8dd2f8bd
FIxup pr #5758 2015-07-23 12:21:36 -05:00
wchen-r7 6720a57659 Fix #5761, pass the correct arch and platform for exe generation
Fix #5761
2015-07-23 01:34:44 -05:00
OJ 728e9b19ec Update payload cached sizes 2015-07-23 15:15:13 +10:00
OJ 1dd765d6e6 Remove trailing spaces 2015-07-23 13:17:34 +10:00
OJ 0f2692f24f Fix up silly mistake with `fail_with` 2015-07-23 13:14:35 +10:00
OJ 691b13ebd8 Add the sticky_keys module 2015-07-23 12:53:47 +10:00
Christian Sanders 50074c4617 Fix typo .blank to .blank? 2015-07-22 09:05:16 -05:00
wchen-r7 4561850055 Use metasploit-credential API instead of report_auth_info 2015-07-22 01:11:43 -05:00
joev 165cb195bf Remove python dependency, add credit URL. 2015-07-21 22:48:23 -05:00
joev 3013ab4724 Add osx root privilege escalation. 2015-07-21 21:50:55 -05:00
OJ 121fe1adda
Land #5654 : Python Meterpreter Transport 2015-07-22 10:39:06 +10:00
rastating d3f31fb56a Fix msftidy results 2015-07-21 21:29:44 +01:00
rastating 55be2eff06 Replace return with fail_with 2015-07-21 21:25:42 +01:00
William Vu 928c82c96e
Land #5745, undefined variable "rop" fix 2015-07-21 11:01:49 -05:00
James Lee 52e4f45ecd
Use the new thing in wlan_geolocate 2015-07-20 20:24:07 -05:00
James Lee d6e12d431f
Style and whitespace 2015-07-20 19:40:25 -05:00
wchen-r7 6a9c934c54 Resolve conflict 2015-07-20 18:44:17 -05:00
wchen-r7 1e17ac4ec7 Use the cred API correctly 2015-07-20 18:40:48 -05:00
Tod Beardsley cadb03bac0
Fix my own blasted typo, ty @wvu-r7 2015-07-20 17:14:34 -05:00
Tod Beardsley 2052b4ef56
Fixed the HT leak attribution a little 2015-07-20 16:36:47 -05:00
Tod Beardsley f7c11d0852
More cleanups
Edited modules/exploits/multi/browser/adobe_flash_hacking_team_uaf.rb
first landed in #5678, adobe_flash_hacking_team_uaf.rb

Edited
modules/exploits/multi/browser/adobe_flash_opaque_background_uaf.rb
first landed in #5698, Adobe Flash CVE-2015-5122 opaqueBackground

Edited modules/exploits/multi/http/sysaid_auth_file_upload.rb first
landed in #5471, @pedrib's module for SysAid CVE-2015-2994

Edited modules/exploits/multi/http/sysaid_rdslogs_file_upload.rb first
landed in #5473 Correct spelling of sysaid module
2015-07-20 16:29:49 -05:00
Tod Beardsley f94fe3cefd
More correct URL, not just a bare wiki link
Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
2015-07-20 16:23:29 -05:00
Tod Beardsley ab6204ca2e
Correct spelling of sysaid module
First landed in #5473.
2015-07-20 16:21:50 -05:00
Tod Beardsley 4cacbcc4f7
Minor fixups on sysaid modules
Edited modules/auxiliary/admin/http/sysaid_file_download.rb first landed
in #5472, @pedrib's module for SysAid CVE-2015-2996 and CVE-2015-2997

Edited modules/auxiliary/admin/http/sysaid_sql_creds.rb first landed in
2015-07-20 16:19:21 -05:00
rastating c63fdad1f1 Add URL reference 2015-07-20 18:15:17 +01:00
rastating f1a909c292 Add WP All In One Migration export module 2015-07-20 18:13:32 +01:00
Pedro Ribeiro 3fe165a265 Remove whitespace at the end 2015-07-18 20:18:34 +01:00
Pedro Ribeiro 70a2247941 Pick target is not needed... 2015-07-18 20:12:49 +01:00
Pedro Ribeiro 7483e77bba Fix Linux target by trying again if exploit fails 2015-07-18 20:12:13 +01:00
wchen-r7 29defc979b Fix #5740, remove variable ROP for adobe_flashplayer_flash10o 2015-07-17 16:57:37 -05:00
wchen-r7 7113c801b1
Land #5732, reliability update for adobe_flash_hacking_team_uaf 2015-07-17 16:43:39 -05:00
wchen-r7 837eb9ea38
Land #5742, better quality coverage for adobe_flash_opaque_background_uaf 2015-07-17 16:25:14 -05:00
wchen-r7 f77f7d6916 Bump rank 2015-07-17 16:23:27 -05:00
wchen-r7 0bd1dc017e Update coverage information 2015-07-17 16:23:00 -05:00
wchen-r7 115fb04be0
Land #5730, port killav script as a post module 2015-07-17 13:47:58 -05:00
wchen-r7 425a9dc266 credit OJ 2015-07-17 13:47:17 -05:00
wchen-r7 663bcbe53b Avoid checking these system process names 2015-07-17 13:46:02 -05:00
jvazquez-r7 454dd59da8
Add vuln discoverers 2015-07-17 13:37:30 -05:00
jvazquez-r7 29718ce4e1
Land #5474, @pedrib's module for sysaid CVE-2015-2996 and CVE-2015-2998
* sysaid SQL database cred disclosure
2015-07-17 12:36:48 -05:00
jvazquez-r7 a54b58fc24
Fix port parsing and cleanup 2015-07-17 12:34:46 -05:00
jvazquez-r7 4e6b00fe31
Land #5473, @pedrib's exploit for Sysaid CVE-2015-2994
* sysaid rdslogs arbitrary file upload
2015-07-17 12:10:40 -05:00
jvazquez-r7 00adbd7f64 Fix quotes 2015-07-17 12:09:54 -05:00
jvazquez-r7 57c4a3387b
Fix paths for windows and cleanup 2015-07-17 12:09:18 -05:00
jvazquez-r7 869ac87b64
Land #5472, @pedrib's module for SysAid CVE-2015-2996 and CVE-2015-2997
* SysAid arbitrary file download
2015-07-17 11:46:00 -05:00
jvazquez-r7 9ac1688eb1
Do code cleanup 2015-07-17 11:45:28 -05:00
jvazquez-r7 46ffb97c1c
Land #5471, @pedrib's module for SysAid CVE-2015-2994
* sysaid arbitrary file upload
2015-07-17 11:27:22 -05:00
jvazquez-r7 309a86ec57
Do code cleanup 2015-07-17 11:26:54 -05:00
jvazquez-r7 787c0e2c41
Land #5470, @pedrib's module for SysAid CVE-2015-2993
* SysAid Help Desk Administrator Account Creation
2015-07-17 11:09:08 -05:00
jvazquez-r7 ca38fc5518
Update description 2015-07-17 11:08:28 -05:00
jvazquez-r7 255d8ed096
Improve adobe_flash_opaque_background_uaf 2015-07-16 14:56:32 -05:00
Ramon de C Valle 449c751521 Add missing info 2015-07-16 09:36:18 -07:00
wchen-r7 8d0e34dbc0 Resolve #5738, make the LHOST option visible
Resolve #5738
2015-07-16 11:00:15 -05:00
OJ e1b1db9f88 Fix stupid typo 2015-07-16 23:03:49 +10:00
Ramon de C Valle 5d6c15a43d Add openssl_altchainsforgery_mitm_proxy.rb
This module exploits a logic error in OpenSSL by impersonating the
server and sending a specially-crafted chain of certificates, resulting
in certain checks on untrusted certificates to be bypassed on the
client, allowing it to use a valid leaf certificate as a CA certificate
to sign a fake certificate. The SSL/TLS session is then proxied to the
server allowing the session to continue normally and application data
transmitted between the peers to be saved. This module requires an
active man-in-the-middle attack.
2015-07-15 22:36:29 -07:00
OJ 986463e489 Fix killav post module, handle errors, better output 2015-07-16 11:35:01 +10:00
Marc-Andre Meloche 2735c035b5 fixed issues as requested.
fixed.
2015-07-15 20:36:19 -04:00
Marc-Andre Meloche 579fb5fb1f Fixed
Fixed
2015-07-15 20:09:42 -04:00
Marc-Andre Meloche c762e9e8d6 Fixed as requested.
I added the possibility to read from file, instead of modifying the module each time.
2015-07-15 20:02:18 -04:00
jvazquez-r7 b504f0be8e
Update adobe_flash_hacking_team_uaf 2015-07-15 18:18:04 -05:00
Marc-Andre Meloche 7520bc9a8a Exported Killav into a post-exploitation module
I was unsure if this was the place to send the update.
2015-07-15 14:04:37 -04:00
William Vu ea4a7d98b9
Land #5728, Arch specification for psexec 2015-07-15 15:36:27 +00:00
jvazquez-r7 886ca47dfb
Land #5650, @wchen-r7's browser autopwn 2 2015-07-15 10:21:44 -05:00
Christian Mehlmauer b31c637c1b
Land #5533, DSP-W110 cookie command injection 2015-07-15 11:22:33 +02:00
Christian Mehlmauer 21375edcb2
final cleanup 2015-07-15 11:21:39 +02:00
OJ b6e25506d0 Add a common user agent list, use the shortest for Meterpreter 2015-07-15 13:03:47 +10:00
wchen-r7 4f8f640189 Rename autopwnv2 to just autopwn2 2015-07-14 17:38:51 -05:00
Brent Cook a7d866bc83 specify the 'Arch' values that psexec supports 2015-07-14 15:45:52 -06:00
wchen-r7 8384be6466 Fix rand_text_alpha and bump max exploit count to 21 2015-07-14 01:02:01 -05:00
Brent Cook a2bdd0bab9
Land #5541, add more compat fixed-cmd 64-bit BSD payloads
Merge branch 'land-5541-bsd-shellcode' into upstream-master
2015-07-13 21:01:55 -05:00
h00die 57f62ffa76 changed URI to TARGETURI as per comments 2015-07-13 20:18:45 -04:00
Brent Cook 07d05828d0
Land #5688, remove msfcli 2015-07-13 15:27:38 -05:00
William Vu 0a5119a4ac
Land #5702, vprint_* optional parameter 2015-07-13 18:47:22 +00:00
William Vu 53bcee011b
Land #5709, s/Filed/Failed/ typo fixes 2015-07-13 18:37:46 +00:00
William Vu 405261df4f
Land #5710, php_wordpress_total_cache removal
Deprecated.
2015-07-13 18:33:12 +00:00
William Vu 3feef639b9
Land #5711, php_wordpress_optimizepress removal
Deprecated.
2015-07-13 18:32:37 +00:00
William Vu 6e12cbf98f
Land #5712, php_wordpress_lastpost removal
Deprecated.
2015-07-13 18:31:31 +00:00
William Vu dd188b1943
Land #5713, php_wordpress_infusionsoft removal
Deprecated.
2015-07-13 18:31:01 +00:00
William Vu ecca1c29f2
Land #5714, php_wordpress_foxypress removal
Deprecated.
2015-07-13 18:30:28 +00:00
wchen-r7 e4e9ac9d28 Remove cold_fusion_version, use coldfusion_version instead
Please use auxiliary/scanner/http/coldfusion_version instead.
2015-07-13 12:56:46 -05:00
wchen-r7 4960e64597 Remove php_wordpress_foxypress, use wp_foxypress_upload
Please use exploit/unix/webapp/wp_foxypress_upload instead.
2015-07-13 12:53:34 -05:00
wchen-r7 dfbeb24a8f Remove php_wordpress_infusionsoft, use wp_infusionsoft_upload
Please use exploit/unix/webapp/wp_infusionsoft_upload instead.
2015-07-13 12:51:48 -05:00
wchen-r7 b80427aed2 Remove php_wordpress_lastpost, use wp_lastpost_exec instead.
Please use exploit/unix/webapp/wp_lastpost_exec instead
2015-07-13 12:49:27 -05:00
wchen-r7 90cc3f7891 Remove php_wordpress_optimizepress, use wp_optimizepress_upload
Please use exploit/unix/webapp/wp_optimizepress_upload instead.
2015-07-13 12:45:39 -05:00
wchen-r7 4177cdacd6 Remove php_wordpress_total_cache, please use wp_total_cache_exec
The time is up for exploit/unix/webapp/php_wordpress_total_cache,
please use exploit/unix/webapp/wp_total_cache_exec instead.
2015-07-13 12:41:29 -05:00
wchen-r7 884b779b36
Land #5593, CVE-2015-1155 Safari file:// Redirection Sandbox Escape 2015-07-13 11:28:39 -05:00
Mo Sadek 6a5645d747 Changed "Filed" to "Failed" in multiple files 2015-07-13 11:21:20 -05:00
Mo Sadek d1f23c54c7 Changed Filed to Failed on line 43 in java_rmi_registry.rb 2015-07-13 10:33:15 -05:00
wchen-r7 e638d85f30
Merge branch 'upstream-master' into bapv2 2015-07-12 02:01:09 -05:00
h00die 8819674522 updated per feedback from PR 2015-07-11 21:03:02 -04:00
g0tmi1k d795b2f831 Module cleanup 2015-07-11 19:40:21 +01:00
g0tmi1k 14d0d456f4 Fix FileZilla perm loot bug 2015-07-11 19:11:59 +01:00
g0tmi1k c92d0d9df6 Fix FileZilla Server 2015-07-11 18:14:55 +01:00
wchen-r7 f7ce6dcc9f We agreed to Normal 2015-07-11 02:07:18 -05:00
wchen-r7 0ff7333090 Lower the ranking for CVE-2015-5122
As an initial release we forgot to lower it.
2015-07-11 02:05:56 -05:00
wchen-r7 1289ec8863 authors 2015-07-11 01:38:21 -05:00
wchen-r7 6eabe5d48c Update description 2015-07-11 01:36:26 -05:00
wchen-r7 54fc712131 Update Win 8.1 checks 2015-07-11 01:33:23 -05:00
jvazquez-r7 6f0b9896e1
Update description 2015-07-11 00:56:18 -05:00
jvazquez-r7 115549ca75
Delete old check 2015-07-11 00:42:59 -05:00
jvazquez-r7 63005a3b92
Add module for flash CVE-2015-5122
* Just a fast port for the exploit leaked
* Just tested on win7sp1 / IE11
2015-07-11 00:28:55 -05:00
Brent Cook 7d55e86bdc
Land #5691, bump to metasploit-payloads-1.0.6 2015-07-10 22:30:44 -05:00
Brent Cook 226137896e updated cached payload sizes 2015-07-10 22:30:20 -05:00
h00die bff92f2304 Initial add 2015-07-10 21:13:12 -04:00
jvazquez-r7 5a045677bc
Add waiting message 2015-07-10 18:48:46 -05:00
jvazquez-r7 8d52c265d9
Delete wfsdelay 2015-07-10 18:46:27 -05:00
jvazquez-r7 63e91fa50f
Add reference 2015-07-10 18:46:06 -05:00
jvazquez-r7 677cd97cc2
Update information 2015-07-10 18:39:11 -05:00
jvazquez-r7 6c6a778218
Modify arkeia_agent_exec title 2015-07-10 18:38:25 -05:00
jvazquez-r7 4995728459
Modify arkeia_agent_exec ranking 2015-07-10 18:37:24 -05:00
jvazquez-r7 858f63cdbf
Land #5693, @xistence VNC Keyboard EXEC module 2015-07-10 18:35:44 -05:00
jvazquez-r7 1326a26be5
Do code cleanup 2015-07-10 18:35:13 -05:00
jvazquez-r7 917282a1f1
Fix ranking 2015-07-10 17:49:15 -05:00
jvazquez-r7 e063e26627
Land #5689, @xistence's module for Western Digital Arkeia command injection 2015-07-10 17:11:35 -05:00
jvazquez-r7 bdd8b56336
fix comment 2015-07-10 16:28:20 -05:00
jvazquez-r7 95ae7d8cae
Fix length limitation 2015-07-10 16:24:49 -05:00
Mo Sadek 3347b90db7 Land #5676, print_status with ms14_064 2015-07-10 14:40:49 -05:00
jvazquez-r7 29a497a616
Read header as 6 bytes 2015-07-10 14:25:57 -05:00
jvazquez-r7 bed3257a3f
Change default HTTP_DELAY 2015-07-10 12:50:26 -05:00
jvazquez-r7 c9d2ab58d3
Use HttpServer::HTML
* And make the exploit Aggressive
2015-07-10 12:48:21 -05:00
jvazquez-r7 e1192c75a9
Fix network communication on `communicate`
* Some protocol handling just to not read amounts of data blindly
2015-07-10 11:57:48 -05:00
Tod Beardsley 9206df077f
Land #5694, R7-2015-08 2015-07-10 11:42:57 -05:00
jvazquez-r7 9ba515f185
Fix network communication on `check`
* Some protocol handling just to not read amounts of data blindly
2015-07-10 11:32:49 -05:00
HD Moore 728b338593 Give msftidy a cookie 2015-07-10 11:28:10 -05:00
HD Moore cf4b18700d Fix CVE reference 2015-07-10 11:14:59 -05:00
jvazquez-r7 c70be64517
Fix version check 2015-07-10 10:57:55 -05:00
jvazquez-r7 34a6984c1d
Fix variable name 2015-07-10 10:44:38 -05:00
jvazquez-r7 2c7cc83e38
Use single quotes 2015-07-10 10:34:47 -05:00
jvazquez-r7 f66cf91676
Fix metadata 2015-07-10 10:33:02 -05:00
xistence b916a9d267 VNC Keyboard Exec 2015-07-10 14:08:32 +07:00
xistence 13a69e4011 X11 Keyboard Exec 2015-07-10 13:57:54 +07:00
xistence 52d41c8309 Western Digital Arkeia 'ARKFS_EXEC_CMD' <= v11.0.12 Remote Code Execution 2015-07-10 09:51:28 +07:00
wchen-r7 f59c99e2ff Remove msfcli, please use msfconsole -x instead
msfcli is no longer supported, please use msfconsole.

Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
Michael Messner d7beb1a685 feedback included 2015-07-09 08:31:11 +02:00
HD Moore 67666160e8 Add patched server detection 2015-07-08 13:47:59 -05:00
HD Moore 25e0f888dd Initial commit of R7-2015-08 coverage 2015-07-08 13:42:11 -05:00
wchen-r7 a3ec56c4cb Do it in on_request_exploit because it's too specific 2015-07-08 12:32:38 -05:00
wchen-r7 cefbdbb8d3 Avoid unreliable targets
If we can't garantee GreatRanking on specific targets, avoid them.
2015-07-08 12:12:53 -05:00
Brent Cook c86d16ffb6 update payload sizes 2015-07-07 23:15:57 -05:00
Brent Cook 23abc288c8 Resolved conflicts with master 2015-07-07 22:34:30 -05:00
wchen-r7 6a33807d80 No Chrome for now 2015-07-07 15:56:58 -05:00
jvazquez-r7 f8b668e894
Update ranking and References 2015-07-07 15:43:02 -05:00
Tod Beardsley 116c3f0be1
Add CVE as a real ref, too 2015-07-07 14:46:44 -05:00
Tod Beardsley 3d630de353
Replace with a real CVE number 2015-07-07 14:44:12 -05:00
cldrn d3902771b6 Fixes call to the credentials API and adds version info 2015-07-07 13:48:16 -05:00
wchen-r7 fdb715c9dd
Merge branch 'upstream-master' into bapv2 2015-07-07 13:45:39 -05:00
jvazquez-r7 829b08b2bf
Complete authors list 2015-07-07 12:49:54 -05:00
wchen-r7 49effdf3d1 Update description 2015-07-07 12:46:02 -05:00
wchen-r7 d885420aff This changes the version requirement for adobe_flash_hacking_team_uaf.rb
Because it works for Win 8.1 + IE11 too
2015-07-07 12:42:56 -05:00
wchen-r7 d30688b116 Add more requirement info 2015-07-07 12:33:47 -05:00
jvazquez-r7 d9aacf2d41
Add module for hacking team flash exploit 2015-07-07 11:19:48 -05:00
wchen-r7 c37b60de7b Do some print_status with ms14_064 2015-07-07 00:57:37 -05:00
wchen-r7 9a1500ee96 Change module name a little bit, makes it easier to find in GUI 2015-07-06 22:31:07 -05:00
wchen-r7 4a70e23f9a Add ExploitReloadTimeout datastore option
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
2015-07-06 19:20:15 -05:00
Spencer McIntyre e16cd08599 Update the payload CachedSize 2015-07-06 17:16:56 -04:00
Spencer McIntyre 2a89e248d7 Pymet fix send uuid logic for Python 3.x 2015-07-06 11:20:34 -04:00
Tod Beardsley 3d30cef58e
Land #5668, I don't know how to avoif things 2015-07-06 09:24:18 -05:00
Michael Messner 5b6ceff339 mime message 2015-07-06 15:00:12 +02:00
Donny Maasland a9edfa1b4b Fix a small typo 2015-07-06 13:37:36 +02:00
joev 133e221dcd Remove unnecessary steps. 2015-07-05 19:00:58 -05:00
joev c993c70006 Remove sleep(), clean up WritableDir usage. 2015-07-05 18:59:00 -05:00
HD Moore d2063c92e1 Refactor datastore names to match standards 2015-07-05 18:21:45 -05:00
joev 72a1e9ad99 Add module for rootpipe+entitlements exploit for 10.10.3. 2015-07-05 18:19:46 -05:00
joev b577f79845 Fix some bugs in the safari file navigation module. 2015-07-05 16:46:18 -05:00
Ben Lincoln 6e9a477367 Removed reference URL for the report to the vendor, as it is no
longer valid.
2015-07-03 13:48:24 -07:00
Ben Lincoln 02ace9218b Added handling for HTTP 401 (Authorization Required) response from target.
Added Exploit DB entries to references list.

Minor change to description text for clarity.
2015-07-03 13:36:44 -07:00
Spencer McIntyre 632bcda345
Land #5652, improve LAPS filter to reduce empty results 2015-07-03 15:02:39 -04:00
Spencer McIntyre 29d45e3b18 Pymet patch in timeout info on generate_stage 2015-07-03 14:12:29 -04:00
HD Moore 43d47ad83e Port BAPv2 to Auxiliary 2015-07-02 15:29:24 -05:00
David Maloney e843db78dc
put rhost option back
it is needed for the wmic query that
creates the shadowcopy

MSP-12867
2015-07-02 14:46:40 -05:00
David Maloney 7b2b526ea1
deregister unwated options
deregister mixin options that we don't need
for this module
2015-07-02 14:33:21 -05:00
William Vu 8892cbdd10 Fix some minor things 2015-07-02 14:32:16 -05:00
David Maloney cc51d1e8fd
use registry data for VSS grab
use the location data we got from the registry for copying
the NTDS.dit file correctly with the VSS method
2015-07-02 14:27:51 -05:00
David Maloney 89d283da09
check registry for ntds location
check the registry for the location of the ntds.dit
file

MSP-12867
2015-07-02 14:07:47 -05:00
Tod Beardsley 95f19e6f1f
Minor description edits for clarity
Edited modules/exploits/multi/browser/adobe_flash_nellymoser_bof.rb
first landed in #5642, Adobe Flash CVE-2015-3113 Nellymoser Audio
Decoding BOF

Edited modules/post/windows/gather/credentials/enum_laps.rb first landed
in #5590, @Meatballs1 adds MS LAPS Enum post mod

Edited modules/post/windows/gather/enum_ad_bitlocker.rb first landed in
Keys from AD
2015-07-02 13:51:37 -05:00
HD Moore 87e6325737 Revert BAPv2 changes to framework/libraries/handlers 2015-07-02 12:10:21 -05:00
David Maloney 42daf4d38b
fix up ordering of pre-checks
i hate early returns, but we need to bail out early
if some of these checks fail

MSP-12867
2015-07-02 11:52:02 -05:00
Josh Abraham 99c29052c7 Merge branch 'smb_enumuser_domain_storage' of github.com:jabra-/metasploit-framework into smb_enumuser_domain_storage 2015-07-02 08:24:04 -04:00
Josh Abraham dfa71a2b44 update to store creds using the new method 2015-07-02 08:22:21 -04:00
Donny Maasland e355e56539 Add check 2015-07-02 10:54:44 +02:00
Meatballs 8a3873d730
Tweak filter to reduce empty results 2015-07-02 09:53:08 +01:00
wchen-r7 2957924c78
Merge branch 'upstream-master' into bapv2 2015-07-02 01:46:31 -05:00
wchen-r7 49d3b275b2
Land #5648, Update CVE-2015-3043 info 2015-07-02 01:36:26 -05:00
Spencer McIntyre a37ac1b089
Land #5590, @Meatballs1 adds MS LAPS Enum post mod 2015-07-01 21:19:15 -04:00
Daniel Jensen 3f5721f5be Fixed identified issues. 2015-07-02 13:06:03 +12:00
jvazquez-r7 3b9ba189f7
Add CVE-2015-3043 information 2015-07-01 19:56:35 -05:00
wchen-r7 8051a99f4a
Merge branch 'upstream-master' into bapv2 2015-07-01 18:45:42 -05:00
wchen-r7 32d5e7f3de
Land #5642, Adobe Flash CVE-2015-3113 Nellymoser Audio Decoding BOF 2015-07-01 18:44:38 -05:00
wchen-r7 93c74efb97 Add Ubuntu as a tested target 2015-07-01 18:43:22 -05:00
Mo Sadek 1c5abec97a
Land #5632, mozilla_reduceright nil fix 2015-07-01 15:56:31 -05:00
jvazquez-r7 ee118aa89d
Fix description 2015-07-01 13:30:22 -05:00
jvazquez-r7 1de94a6865
Add module for CVE-2015-3113 2015-07-01 13:13:57 -05:00
Ben Lincoln db721dff8e Cleaned up double-negative logic.
Decreased default HTTPClientTimeout to 5 seconds.
2015-07-01 09:34:11 -07:00
Ben Lincoln 6ceb734972 Replaced standard option TIMEOUT with advanced option
HTTPClientTimeout per void-in's request.

Added handling for HTTP 404 response condition from server.
2015-07-01 09:04:15 -07:00
Donny Maasland 56c3102603 That's what you get for making edits on github.com.. 2015-07-01 17:51:57 +02:00
Donny Maasland 4847fb9830 Add a neater powershell command 2015-07-01 17:47:47 +02:00
Donny Maasland 822a46fee6 Merge branch 'master' of github:dmaasland/metasploit-framework 2015-07-01 17:47:33 +02:00
Donny Maasland 4f72df3202 Create a neater powershell command 2015-07-01 17:47:08 +02:00
Donny Maasland ffe710af2d Update registry_persistence.rb
Omg spaces
2015-07-01 17:21:12 +02:00
Donny Maasland 26e3ec0a5f Add a switch for creating a cleanup rc file 2015-07-01 17:06:16 +02:00
Donny Maasland 20708ebc82 Add a check to prevent accidental deletion of existing registry keys 2015-07-01 16:45:03 +02:00
Donny Maasland 2e48bae71c fixes 2015-07-01 16:15:13 +02:00