Commit Graph

44004 Commits (cd114c90e0f84e12dd1d154280ff24610032167d)

Author SHA1 Message Date
Brent Cook 970fe2956e
Land #9115, add python/shell_bind_tcp back 2017-10-23 16:38:33 -05:00
mumbai 19859f834d re-add payload 2017-10-23 10:20:19 -04:00
h00die cd35ae4661
Land #9106 negear dgn1000 unauth rce module 2017-10-22 22:18:53 -04:00
h00die 210f6f80b7 netgear1000dng cleanup 2017-10-22 22:17:40 -04:00
Austin eff94be951 Update netgear_dgn1000_setup_unauth_exec.rb 2017-10-22 16:55:40 -04:00
Austin e9fdb5bd94 Create netgear_dgn1000_unauth_setup_exec.md 2017-10-22 16:54:06 -04:00
Austin 6f37bbb1d6 fix EDB 2017-10-22 16:11:19 -04:00
Tim ca4feb5136 fix session upgrading 2017-10-23 01:26:45 +08:00
Austin c7e35f885b add disc date 2017-10-21 20:13:25 -04:00
Austin e0831c1053 hopefully fix header..? 2017-10-21 18:38:32 -04:00
Austin 8239d28323 fix header 2017-10-21 09:07:18 -04:00
Austin 40e508f2ad correct mistake 2017-10-20 22:26:54 -04:00
Austin ac21567743 Fix requested changes 2017-10-20 22:17:04 -04:00
mumbai 8b8bebd782 remove payload 2017-10-20 20:27:15 -04:00
mumbai b255ddf8d6 New NETGEAR module 2017-10-20 20:25:11 -04:00
Jon Hart 9658776adf
Land #9079, adding @h00die's gopher scanner 2017-10-20 17:16:08 -07:00
mumbai 2f371c9784 Netgear MODULE UNAUTH 2017-10-20 20:15:36 -04:00
mumbai 2e376a1b6a Merge remote-tracking branch 'upstream/master' into netgear_dgn1000_unauth_setup_exec 2017-10-20 20:13:29 -04:00
h00die f250e15b6e
Land #9105 rename psh to polycom for name collision 2017-10-20 20:10:57 -04:00
h00die fd028338e1 move psh to polycom so no more powershell name collision 2017-10-20 20:08:11 -04:00
h00die 5a6da487ab
Land #9043 two exploit modules for unitrends backup 2017-10-20 20:00:35 -04:00
h00die 5abdfe3e59 ueb9 style cleanup 2017-10-20 19:59:24 -04:00
h00die c517ded3ae Merge pull request #7 from jhart-r7/pr/9079-gopher
Gopher improvements
2017-10-20 19:25:03 -04:00
caleBot c26779ef54 fixed msftidy issues 2017-10-20 14:39:39 -06:00
caleBot 8f622a5003 Update ueb9_bpserverd.rb 2017-10-20 14:35:03 -06:00
caleBot cce7bf3e19 Update ueb9_bpserverd.rb 2017-10-20 14:33:46 -06:00
Brent Cook d715f53604 add MinRID to complement MaxRID, allowing continuing or starting from a higher value
from @lvarela-r7
2017-10-20 15:32:25 -05:00
caleBot 85152b5f1e added check function 2017-10-20 14:28:52 -06:00
caleBot e9ad5a7dca Update ueb9_api_storage.rb 2017-10-20 14:05:15 -06:00
caleBot 16b6248943 Update ueb9_bpserverd.rb 2017-10-20 13:58:12 -06:00
caleBot 5c0bcd8f0a Update ueb9_bpserverd.rb 2017-10-20 13:56:25 -06:00
caleBot abc749e1e8 Update ueb9_api_storage.rb 2017-10-20 13:48:29 -06:00
caleBot 8febde8291 Update ueb9_api_storage.rb 2017-10-20 12:23:53 -06:00
caleBot e8de6a46d5 Update ueb9_bpserverd.md 2017-10-20 12:21:17 -06:00
Jon Hart f938a1029b
Make note about stopping container after 2017-10-20 10:30:12 -07:00
Jon Hart e82cb4577d
Show module selection + config 2017-10-20 10:12:46 -07:00
Jon Hart a8b4d4e4a2
Link to gopher container 2017-10-20 10:04:09 -07:00
Metasploit 884b68fa60
Bump version of framework to 4.16.13 2017-10-20 10:02:23 -07:00
Jon Hart 811bae7361
Add docker go(pher) example 2017-10-20 09:59:25 -07:00
Jon Hart 664e774a33
style/rubocop cleanup 2017-10-20 09:44:07 -07:00
William Vu c795cef69f
Land #9099, disconnect option for send_request_cgi 2017-10-20 10:50:56 -05:00
Brent Cook 1319175dd8
Land #9102, Fix nil bug in setting PromptChar without Prompt 2017-10-20 08:36:53 -05:00
William Vu 8e5deac3f4 Fix nil bug in setting PromptChar without Prompt 2017-10-20 00:38:01 -05:00
William Vu e9416775d9
Land #9100, typo fix for MS07-017 exploit 2017-10-19 22:55:31 -05:00
RageLtMan a3912e4913 Provide disconnect option to send_request_cgi
The HTTP client mixin provides a #send_request_cgi method which
forcibly disconnects the client after receiving a response. This
terminates certain types of resulting sessions which depend on the
connection from the client to maintain a subprocess housing the
shell invocation.

Provide a disconnect boolean option to #send_request_cgi which
is checked in the disconnect(c) call after receiving the response.

Testing:
  Locally tested on in-house exploit module written for disclosure
report.

TODO:
  Discuss possibility of implementing fully asynchronous methods
like #send_request_cgi_async which won't bother getting a response
for cases such as the module mentioned above which is a command
injection via unfiltered POST var.
2017-10-19 21:22:31 -04:00
Kent Gruber 7cd532c384 Change targetr to target to fix small typo bug on one failure
The target object seems to have a typo where it is referred to as
“targetr” which I’d guess isn’t exactly what we’d like to do in this
case. So, I’ve changed that to “target” in order to work.

So, I’ve simply fixed that small typo.
2017-10-19 19:55:58 -04:00
Brent Cook 54d64cdcc5
Land #9064, add aggregator >= 1.0.0 with cryptTLV packet format 2017-10-19 14:51:50 -05:00
mumbai 04a24e531b New module 2017-10-18 21:37:26 -04:00
Jeffrey Martin 5458b58a74
restrict aggregator on arm for now 2017-10-18 13:21:02 -05:00
mumbai 2f98f2bc2a Merge remote-tracking branch 'upstream/master' 2017-10-17 21:16:47 -04:00