231510051c
Fix uri_str for exploit
2017-05-11 16:30:10 -05:00
e414bdb876
don't try to guess intent for specified default targets, leave auto-auto targeting to unspecified modules
2017-05-11 15:19:11 -05:00
30c48deeab
msftidy and misc. fixups for Quest BoF module
2017-05-11 08:07:39 -05:00
e8aed42ecd
Land #8223 , Quest Privilege Manager pmmasterd Buffer Overflow
2017-05-11 00:44:19 -05:00
18d95b6625
Land #8346 , Templatize shims for external modules
2017-05-10 18:15:54 -05:00
fede672a81
further revise templates
2017-05-08 14:26:24 -05:00
b794bfe5db
Land #8335 , rank fixes for the msftidy god
2017-05-07 21:20:33 -05:00
88bef00f61
Add more ranks, remove module warnings
...
../vmware_mount.rb
Rank = Excellent
Exploit uses check code for target availability,
the vulnerability does not require user action,
and the exploit uses privilege escalation to run
arbitrary executables
../movabletype_upgrade_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability
../uptime_file_upload_2.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability
../zpanel_information_disclosure_rce.rb
Rank = ExcellentRanking
Exploit allows remote code execution,
implements version check for pChart
../spip_connect_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability
../wp_optimizepress_upload.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability
../wing_ftp_admin_exec.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability
../novell_mdm_lfi.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability
../run_as.rb
Rank = ExcellentRanking
Exploit utilizes command injection,
checks system type, and does not require user action
2017-05-07 15:41:26 -04:00
ab245b5042
added note to description
2017-05-07 13:56:50 +01:00
4f12a1e271
added note to description
2017-05-07 13:54:28 +01:00
05bf16e91e
Land #8331 , Adding module CryptoLog Remote Code Execution
2017-05-05 18:24:14 -05:00
720a02f5e2
Addressing Spaces at EOL issue reported by Travis
2017-05-05 11:05:17 +03:00
58d2e818b1
Merging multiple sqli area as a func
2017-05-05 10:49:05 +03:00
81bcf2ca70
updating all LHOST to use the new opt type
2017-05-04 12:57:50 -05:00
64452de06d
Fix msf/core and self.class msftidy warnings
...
Also fixed rex requires.
2017-05-03 15:44:51 -05:00
d04e7cba10
Rename the module as well as title
2017-05-03 19:18:46 +03:00
ae8035a30f
Fixing typo and using shorter sqli payload
2017-05-03 16:45:17 +03:00
db2a2ed289
Removing space at eof and self.class from register_options
2017-05-03 01:31:13 +03:00
77acbb8200
Adding cryptolog rce
2017-05-03 01:05:40 +03:00
494711ee65
Land #8307 , Add lib for writing Python modules
2017-05-02 15:53:13 -05:00
037fdf854e
move common json-rpc bits to a library
2017-04-26 18:08:08 -05:00
a60e5789ed
update mettle->meterpreter references in modules
2017-04-26 17:55:10 -05:00
bbee7f86b5
Land #8263 , Mercurial SSH exec module
2017-04-26 01:38:01 -05:00
f60807113b
Clean up module
2017-04-26 01:37:49 -05:00
e333cb65e5
Restore require 'msf/core'
2017-04-24 17:09:02 -05:00
d3aba846b9
Make minor changes
2017-04-24 23:35:36 +02:00
8e4c093a22
added version numbers
2017-04-22 09:45:55 -04:00
714ada2b66
Inline execute_cmd function
2017-04-21 15:32:15 +02:00
8218f024e0
Add WiPG-1000 Command Injection module
2017-04-20 16:32:23 +02:00
f5430e5c47
Revert Msf::Exploit::Remote::Tcp
2017-04-18 19:27:35 -04:00
9a870a623d
Make use of Msf::Exploit::Remote::Tcp
2017-04-18 19:17:48 -04:00
03e3065706
Fix MSF tidy issues
2017-04-18 18:56:42 -04:00
32f0b57091
Fix new line issues
2017-04-18 18:52:53 -04:00
bfca4da9b0
Add mercurial ssh exec
2017-04-18 16:33:23 -04:00
1fcc1f7417
Trailing comma. Why isn't this Lua?
2017-04-18 14:27:44 -05:00
4ec71f9272
Add a reference to the original PR
...
This was the source of first public disclosure, so may as well include
it.
2017-04-18 14:20:25 -05:00
92e7183a74
Small typo fix
...
Running msfconsole would generate an Ubuntu crash report (?). This seems to be the culprit.
2017-04-17 11:14:51 -06:00
e21504b22d
huawei_hg532n_cmdinject: Use send_request_cgi() 'vars_get' key
...
Instead of rolling our own GET parameters implementation.
Thanks @wvu-r7!
2017-04-17 09:11:50 +02:00
7daec53106
huawei_hg532n_cmdinject: Improve overall documentation
...
- Add section on compiling custom binaries for the device
- Add documentation for Huawei's wget flavor (thanks @h00die)
- Abridge the module's info hash contents (thanks @wwebb-r7)
- Abridge the module's comments; reference documentation (@h00die)
2017-04-17 08:00:51 +02:00
8a302463ab
huawei_hg532n_cmdinject: Use minimum permissions for staged binary
...
Use u+rwx permissions only, instead of full 777, while staging the
wget binary to target. As suggested by @wvu-r7 and @busterb.
2017-04-17 03:27:57 +02:00
7ca7528cba
huawei_hg532n_cmdinject: Spelling fixes suggested by @wvu-r7
2017-04-17 03:23:20 +02:00
7b8e5e5016
Add Huawei HG532n command injection exploit
2017-04-15 21:01:47 +02:00
5e42dde6b6
msftidy clean up
2017-04-12 16:25:21 +01:00
374d7809b5
last fixes and tests
2017-04-11 09:48:57 +01:00
9a0789f839
Exploit for pmmasterd Buffer Overflow (CVE-2017-6553)
2017-04-05 17:59:54 +01:00
64c06a512e
Land #8020 , ntfs-3g local privilege escalation
2017-04-04 09:48:15 -05:00
4c0539d129
Land #8178 , Add support for non-Ruby modules
2017-04-02 21:02:37 -05:00
0092818893
Land #8169 add exploit rank where missing
2017-04-02 20:59:25 -04:00
151ed16c02
Re-ranking files
...
../exec_shellcode.rb
Rank Great -> Excellent
../cfme_manageiq_evm_upload_exec.rb
Rank Great -> Excellent
../hp_smhstart.rb
Rank Average -> Normal
2017-04-02 18:33:46 -04:00
e80b8cb373
move sploit.c out to data folder
2017-03-31 20:51:33 -04:00
6910cb04dd
Add first exploit written in Python
2017-03-31 17:07:55 -05:00
1ce7bf3938
Land #8126 , Add SolarWind LEM Default SSH Pass/RCE
2017-03-31 11:21:32 -05:00
c445a1a85a
Wrap ssh.loop with begin/rescue
2017-03-31 11:16:10 -05:00
5e31a32771
Add missing ranks
...
../exec_shellcode.rb
Rank = Great
This exploit is missing autodetection and version checks,
but should be ranked Great due to high number of possible targets
../cfme_manageiq_evm_upload_exec.rb
Rank = Great
This exploit implements a check to assess target availability,
and the vulnerability does not require any user action
../dlink_dcs_930l_authenticated_remote_command_execution
Rank = Excellent
Exploit utilizes command injection
../efw_chpasswd_exec
Rank = Excellent
Exploit utilizes command injection
../foreman_openstack_satellite_code_exec
Rank = Excellent
Exploit utilizes code injection
../nginx_chunked_size
Rank = Great
Exploit has explicit targets with nginx version auto-detection
../tp_link_sc2020n_authenticated_telnet_injection
Rank = Excellent
See dlink_dcs_930l_authenticated_remote_command_execution,
exploit uses OS Command Injection
../hp_smhstart
Rank = Average
Must be specific user to exploit, no autodetection,
specific versions only
2017-03-31 02:39:44 -04:00
9db2e9fbcd
Land #8146 , Add Default Secret & Deserialization Exploit for Github Enterprise
2017-03-24 14:38:47 -05:00
e04f01ed6b
Land #7778 , RCE on Netgear WNR2000v5
2017-03-23 15:34:16 -05:00
3b062eb8d4
Update version info
2017-03-23 13:46:09 -05:00
fdb52a6823
Avoid checking res.code to determine RCE success
...
Because it's not accurate
2017-03-23 13:39:45 -05:00
39682d6385
Fix grammar
2017-03-23 13:23:30 -05:00
ee21377d23
Credit Brent & Adam
2017-03-23 11:22:49 -05:00
196a0b6ac4
Add Default Secret & Deserialization Exploit for Github Enterprise
2017-03-23 10:40:31 -05:00
d37966f1bb
Remove old file
2017-03-23 12:53:08 +03:00
8a43a05c25
Change name of the module
2017-03-23 12:49:31 +03:00
a93aef8b7a
Land #8086 , Add Module Logsign Remote Code Execution
2017-03-22 11:33:49 -05:00
7bcd53d87d
Land #8079 , exploit and aux for dnaLims
2017-03-20 11:08:05 -04:00
fd5345a869
updates per pr
2017-03-20 10:40:43 -04:00
fe5167bf26
changes to file per pr
2017-03-20 10:16:42 -04:00
84e4b8d596
land #8115 which adds a CVE reference to IMSVA
2017-03-18 09:51:52 -04:00
6aa42dcf08
Add solarwinds default ssh user rce
2017-03-17 21:54:35 +03:00
f706c4d7f6
Removing prefix
2017-03-16 00:49:55 +03:00
60186f6046
Adding CVE number
2017-03-16 00:31:21 +03:00
01ea5262b8
Land #8070 , msftidy vars_get fixes
2017-03-14 12:05:24 -05:00
5c436f2867
Appease msftidy in tr064_ntpserver_cmdinject
...
Also s/"/'/g.
2017-03-14 11:52:21 -05:00
5d6a159ba9
Use query instead of uri in mvpower_dvr_shell_exec
...
I should have caught this in #7987 , @bcoles, but I forgot. Apologies.
This commit finishes what @itsmeroy2012 attempted to do in #8070 .
2017-03-14 11:51:55 -05:00
79331191be
msftidy error updated 2.5
2017-03-14 22:02:59 +05:30
67fc43a0a1
msftidy error updated 2.4
2017-03-14 21:33:53 +05:30
fe4e2306b4
Reverting one step
2017-03-13 22:22:24 +05:30
fe4f20c0cc
Land #7968 , NETGEAR R7000 exploit
2017-03-10 16:02:30 -06:00
1c54e0ba94
msftidy error updated 2.2
2017-03-10 23:59:38 +05:30
6d8789a56e
Updated msftidy error 2.1
2017-03-10 23:03:37 +05:30
c0f17cf6b8
msftidy error updated 2.0
2017-03-10 22:16:27 +05:30
f6bac3ae31
Add iso link to md file and change CheckCode code
2017-03-10 13:00:49 +03:00
0ab3ad86ee
change dnalims_file_retrieve module type
2017-03-09 10:06:31 -05:00
95a01b9f5e
add dnaLIMS exploits
2017-03-09 09:46:18 -05:00
081ca17ebf
Specify default resource in start_service
...
This eliminates the need to override resource_uri. Depends on #8078 .
2017-03-09 03:00:51 -06:00
c52b0cba5e
msftidy error on master updated
2017-03-08 20:58:01 +05:30
0f899fdb0b
Convert ARCH_CMD to CmdStager
2017-03-08 07:35:37 -06:00
7976966ce9
Issue 7923 - msftidy errors on master
2017-03-08 03:12:41 +05:30
14ed60e44d
Fix msftidy warning
2017-03-05 02:06:43 -05:00
62bcc95b7f
Update model check
2017-03-05 01:53:34 -05:00
a49c0a6824
removed trailing line
2017-03-03 11:03:25 -05:00
6a83220131
cleaned up travis errors
2017-03-03 10:49:00 -05:00
0943eb24a9
DC/OS Marathon UI Exploit
2017-03-03 09:56:14 -05:00
e0a46c2c06
Create netgear_dnslookup_cmd_exec.rb
2017-03-02 17:51:24 -05:00
fb5e090f15
fixes from jvoisin
2017-02-28 20:09:26 -05:00
e5636d6ce1
Adding logsign rce module and doc
2017-02-28 21:04:37 +03:00
e3e607a552
reword description
2017-02-26 15:24:22 -05:00
0c353841ab
forgot add fixes for travis
2017-02-25 23:25:36 -05:00
a8609f5c66
ntfs-3g lpe
2017-02-25 23:09:22 -05:00
f18b533226
change platform time to unix (although it is linux in reality but whatevs)
2017-02-24 22:58:24 +00:00
5d3a4cce67
Use all caps for module option names
2017-02-23 16:30:01 +11:00
25b3cc685a
Update netgear_r7000_cgibin_exec.rb
2017-02-22 11:36:52 -05:00
47fec5626e
Style update
2017-02-22 07:56:17 +00:00
e491f01c70
Add MVPower DVR Shell Unauthenticated Command Execution module
2017-02-22 05:15:57 +00:00
48f6740fee
Land #7969 , Add Module Trend Micro IMSVA Remote Code Execution
2017-02-21 17:29:04 -06:00
a9b9a58d4d
Land #7893 , Add Module AlienVault OSSIM/USM Remote Code Execution
2017-02-21 13:35:56 -06:00
e99ba0ea86
Msftidy stuff
2017-02-18 00:34:49 -05:00
189d5dc005
Thanks netgear
2017-02-18 00:15:45 -05:00
52350292cf
Fix msftidy warning
2017-02-17 18:41:11 -05:00
63d1de9acd
Updates from review
...
Also testing some things, line 84 and 85 mostly
2017-02-17 18:29:46 -05:00
811f6d4d58
Update netgear_r7000_cgibin_exec.rb
2017-02-16 08:38:06 -05:00
90224af813
Fix msftidy warning
2017-02-15 22:39:16 -05:00
81d63c8cc7
Create netgear_r7000_cgibin_exec.rb
2017-02-15 22:33:48 -05:00
4ee05313d8
Update tested version numbers
2017-02-08 19:31:01 +03:00
906fcfe355
OSSIM 5.0.0 version requires a authen token on action create
2017-02-03 23:45:33 +03:00
2ff170a1fa
Land #7820 , Exploit for TrueOnline Billion 5200W-T
2017-01-31 11:33:56 -06:00
f167358540
Land #7821 , Command Injection Exploit for TrueOnline ZyXEL P660HN
2017-01-31 11:28:46 -06:00
b3521dfb69
Land #7822 , Command Injection Exploit for TrueOnline P660HN v2
2017-01-31 11:22:49 -06:00
c666ac93f5
Adding xff header
2017-01-31 14:37:22 +03:00
40108c2374
first commit
2017-01-31 14:15:46 +03:00
0aceb0b1cb
Fix whitespace, thanks msftidy!
2017-01-30 10:16:42 +00:00
5fd31e621e
Add CVE number
2017-01-30 10:03:46 +00:00
ff2b8dcf99
Revert "Land #7605 , Mysql privilege escalation, CVE-2016-6664" - premature merge
...
This reverts commit 92a1c1ece49b16cdf602
2017-01-22 19:16:33 -06:00
92a1c1ece4
Land #7605 , Mysql privilege escalation, CVE-2016-6664
2017-01-22 17:17:28 -06:00
836da6177f
Cipher::Cipher is deprecated
2017-01-22 10:20:03 -06:00
c2c352c2ac
Adding Trend Micro IMSVA module
2017-01-18 11:34:16 +03:00
2dca53e19a
Add full disclosure link
2017-01-17 11:09:44 +00:00
1160a47b55
Add full disclosure link
2017-01-17 11:09:29 +00:00
c2cd26a6e1
Add full disclosure link
2017-01-17 11:09:11 +00:00
7fafade128
fix msftidy stuff v2
2017-01-12 18:06:13 +00:00
ba8dfbd9f1
fix msftidy stuff
2017-01-12 18:05:54 +00:00
f88e68da25
fix msftidy stuff
2017-01-12 18:04:58 +00:00
2274e38925
fix msftidy stuff
2017-01-12 18:03:12 +00:00
b863db9d02
add billion sploit
2017-01-12 17:51:24 +00:00
2827a7ea1a
add 660v2 sploit
2017-01-12 17:50:57 +00:00
af2516d074
add 660v1 sploit
2017-01-12 17:49:28 +00:00
c0880985bc
fix duplicate entry for platform
2017-01-10 01:17:44 +00:00
74cea5dd04
Use Linux payloads instead of cmd/unix/interact
...
As of now, cmd/unix/interact causes msfconsole to freeze, so
we can't use this.
2017-01-09 11:11:17 -06:00
e331066d6d
Add CVE-2016-6433 Cisco Firepower Management Console UserAdd Exploit
2017-01-06 17:05:25 -06:00
13bca2ebc7
add httpusername and password for auto auth
2017-01-06 16:33:51 +00:00
19319f15d4
Land #7626 , Eir D1000 modem exploit
2017-01-04 17:02:39 -06:00
d95a3ff2ac
made changes suggested
2017-01-04 23:02:10 +00:00
b0e79076fe
Switch to wget CmdStager and tune timing
...
We don't want to trample the device with requests.
2017-01-04 16:42:53 -06:00
94d76cfb06
Merge remote-tracking branch 'upstream/master' into tr-069-ntpserver-command-injection
2017-01-03 17:04:04 -06:00
fe0a3c8669
Update themoon exploit to use wget command stager
2017-01-03 15:50:57 -06:00
a9a83bc21c
fix for uninitialized constant in Net::SSH on OS X
2017-01-03 06:16:07 -05:00
3c2486b9f5
initial version of CVE-2016-7456 exploit
2017-01-03 03:39:22 -05:00
589084896a
initial version of CVE-2016-7456 exploit
2017-01-03 03:36:49 -05:00
9d3e90e8e5
cleanup
2017-01-02 17:32:38 +00:00
4c29d23c8a
further cleaning
2016-12-31 17:02:34 +00:00
956602cbfe
add final wnr2000 sploits
2016-12-31 16:49:05 +00:00
9d0ada9b83
Land #7749 , make drb_remote_codeexec great again
2016-12-28 06:11:48 -06:00
cfca4b121c
Clean up module
2016-12-28 06:10:46 -06:00
afd8315e1d
Remove apache_continuum_cmd_exec CmdStager flavor
...
It is inferred from the platform, and we don't want to override it
needlessly. :bourne is what worked during testing, but it won't always
work. Now we can override the flavor with CMDSTAGER::FLAVOR.
2016-12-27 16:24:16 -06:00
870e8046b5
add sploits
2016-12-27 21:12:35 +00:00
679ebf31bd
Minor fix to make dRuby great again
2016-12-23 15:12:22 +01:00
d69acd116d
Make dRuby great again
2016-12-22 15:37:16 +01:00
a4f681ae35
Add quoted hex encoding
2016-12-06 09:05:35 -06:00
d549c2793f
Fix module filename to be TR-064
2016-12-02 08:49:21 -06:00
9e4e9ae614
Add a reference to the TR-064 spec
2016-12-02 08:48:09 -06:00
ddac5600e3
Reference TR-064, not TR-069
2016-12-02 08:45:15 -06:00
1d6ee7192a
Land #7427 , new options for nagios_xi_chained_rce
2016-11-30 17:11:02 -06:00
3e8cdd1f36
Polish up USER_ID and API_TOKEN options
2016-11-30 17:10:52 -06:00
43cd788350
Switch back to echo as cmdstager flavor
2016-11-30 10:18:09 -06:00
b75fbd454a
Add missing peer in vprint_error
2016-11-30 07:59:41 -06:00
657d52951b
Linemax 63, switch to printf
2016-11-30 07:51:36 -06:00
08b9684c1a
Add a FORCE_EXPLOIT option for @FireFart
2016-11-29 16:37:13 -06:00
57d156a5e2
Revert "XML encode the command passed"
...
This reverts commit 9952c0ac6f
2016-11-29 16:24:26 -06:00
b7904fe0cc
Oh silly delimiters and lack thereof
2016-11-29 15:53:05 -06:00
9952c0ac6f
XML encode the command passed
2016-11-29 15:49:55 -06:00
851aae3f15
Oops, wrong module
...
This reverts commit d55d2099c5
2016-11-29 15:15:18 -06:00
d55d2099c5
Just one platform thanks
2016-11-29 15:08:45 -06:00
4d6b2dfb46
Use CmdStager instead
...
Oh, and this is totally untested as of this commit.
2016-11-29 15:03:38 -06:00
8de17981c3
Get rid of the WiFi key stealer
2016-11-29 14:48:04 -06:00
75bcf82a09
Never set DefaultPaylod, reverse target options
2016-11-29 14:43:10 -06:00
f55f578f8c
Title, desc, authors, refs
2016-11-29 14:39:38 -06:00
d691b86443
First commit of Kenzo's original exploit
...
This is a work in progress, and is merely the copy-paste
of the original PoC exploit from:
https://devicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/
2016-11-29 09:13:52 -06:00
6f70323460
Minor misspelling mistakes and corrected the check of the mysqld process
2016-11-25 19:03:23 +00:00
1119dc4abe
Targets set to automatic
...
removed targets and set only automatic
the targets weren't used so there's no funcionallity loss
2016-11-25 17:35:28 +00:00
59f3c9e769
Land #7579 , rename netfilter_priv_esc to rename netfilter_priv_esc_ipv4
2016-11-21 17:59:29 -06:00
8869ebfe9b
Fix incorrect disclosure date for OpenNMS exploit
...
Disclosure date was Nov 2015, not Nov 2014
2016-11-21 16:44:36 +00:00
6c6221445c
Land #7543 , Create exploit for CVE-2016-6563 / Dlink DIR HNAP Login
2016-11-21 09:59:50 -06:00
005d34991b
update architecture
2016-11-20 19:09:33 -06:00
f313389be4
Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch
2016-11-20 19:08:56 -06:00
acfd214195
Mysql privilege escalation
...
Documentation, compiled binary and final implementation.
Completed the documentation, added the missing compiled binary and a
final and tested implementation of the module.
2016-11-19 11:24:29 +00:00
cfd31e32c6
renaming per @bwatters-r7 comment in #7491
2016-11-18 13:52:09 -05:00
4596785217
Land #7450 , PowerShellEmpire Arbitrary File Upload
2016-11-17 17:47:15 -06:00
18bafaa2e7
Land #7531 , Fix drb_remote_codeexec and create targets
2016-11-16 12:58:22 -06:00
b56b6a49ac
Land #7328 , Extend lsa_transname_heap exploit to MIPS
2016-11-15 07:37:19 -06:00
c458d662ed
report correct credential status as successful
2016-11-14 12:27:22 -06:00
4ae90cbbef
Land #7191 , Add exploit for CVE-2016-6267 - Trend Micro Smart Protection Server authenticated RCE.
2016-11-14 12:06:02 -06:00
908713ce68
remove whitespace at end of module name
2016-11-14 08:35:34 +00:00
9eb9d612ca
Minor typo fixups.
2016-11-11 16:54:16 -06:00
1dae206fde
Land #7379 , Linux Kernel BPF Priv Esc (CVE-2016-4557)
2016-11-11 16:50:20 -06:00
50f578ba79
Add full disclosure link
2016-11-08 22:15:19 +00:00
95bd950133
Point to proper link on github
2016-11-07 17:59:29 +00:00
f268c28415
Create dlink_hnap_login_bof.rb
2016-11-07 17:45:37 +00:00
da356e7d62
Remove Compat hash to allow more payloads
2016-11-04 13:57:05 -05:00
f0c89ffb56
Refactor module and use FileDropper
2016-11-04 13:57:05 -05:00
6d7cf81429
Update references
2016-11-04 13:57:05 -05:00
009d6a45aa
Update description
2016-11-04 13:57:05 -05:00
bf7936adf5
Add instance_eval and syscall targets
2016-11-04 13:57:05 -05:00
dae1f26313
Land #7521 , Modernize TLS protocol configuration for SMTP / SQL Server
2016-11-03 12:56:50 -05:00
eca4b73aab
Land #7499 , check method for pkexec exploit
2016-11-03 10:59:06 -05:00
1c746c0f93
Prefer CheckCode::Detected
2016-11-03 11:14:48 +01:00
2cdff0f414
Fix check method
2016-11-03 11:14:48 +01:00
31b593ac67
Land #7402 , Add Linux local privilege escalation via overlayfs
2016-11-01 12:46:40 -05:00
f8912486df
fix typos
2016-11-01 05:43:03 -05:00
3c56f1e1f7
Remove commented x64 arch from sock_sendpage
2016-11-01 01:29:11 +10:00
45d6012f2d
fix check method
2016-10-30 14:57:42 -04:00
57eabda5dc
Merge upstream/master
2016-10-29 13:54:31 +10:00
c7b775ac1c
Fix detection following @bwatters-r7 recommendations. Remove safesync exploit that shouldn't be here.
2016-10-28 18:03:56 +00:00
1d617ae389
Implement first pass of architecture/platform refactor
2016-10-28 07:16:05 +10:00
23ab4f1fc1
Remove one last tab
2016-10-27 12:32:40 +02:00
d9f07183bd
Please h00die ;)
2016-10-27 12:18:33 +02:00
2ac54f5028
Add a check for the linux pkexec module
2016-10-27 10:28:13 +02:00
684feb6b50
moved STAGE0 and STAGE1 into datastore
2016-10-18 11:47:38 -04:00
e806466fe3
correct carriage return and link issue
2016-10-17 10:31:39 -04:00
7e68f7d2a4
EmpirePowerShell Arbitrary File Upload (Skywalker)
2016-10-17 10:03:07 -04:00
0d1fe20ae5
revamped
2016-10-15 20:57:31 -04:00
5e7d546fa2
Land #7094 , OpenNMS Java Object Deserialization RCE Module
2016-10-14 13:19:11 -05:00
cfddc734a8
Land #7286 , WiFi pineapple preconfig command injection module
2016-10-14 12:57:42 -05:00
e05a325786
Land #7285 , WiFi pineapple command injection via authentication bypass
2016-10-14 12:57:05 -05:00
12493d5c06
moved c code to external sources
2016-10-13 20:37:03 -04:00
9d2355d128
removed debug line
2016-10-10 10:23:51 -04:00
2ad82ff8e3
more nagios versatility
2016-10-10 10:21:49 -04:00
7b84e961ed
Minor output correction.
2016-10-09 19:01:06 -05:00
7e6facd87f
added wrong file
2016-10-09 09:49:58 -04:00
2c4a069e32
prepend fork fix
2016-10-09 09:40:44 -04:00
2dfebe586e
working cve-2014-0038
2016-10-08 23:58:09 -04:00
27cf5c65c4
working module
2016-10-04 23:21:53 -04:00
75bea08e0e
changing branches
2016-10-04 21:08:12 -04:00
e6daef62b4
egypt
2016-10-03 20:24:59 -04:00
7b0a8784aa
additional doc updates
2016-09-29 19:02:16 -04:00
bac4a25b2c
compile or nill
2016-09-29 06:15:17 -04:00
4fac5271ae
slight cleanup
2016-09-29 05:51:13 -04:00
c036c258a9
cve-2016-4557
2016-09-29 05:23:12 -04:00
2272e15ca2
Remove some anti-patterns, in the same spirit than #7372
2016-09-29 00:15:01 +02:00
988471b860
Land #7372 , useless use of cat fix
...
Obligatory: modules/exploits/linux/local/kloxo_lxsuexec.rb.
2016-09-28 16:37:11 -05:00
3033c16da6
Add missing rank
2016-09-28 16:37:04 -05:00
b46073b34a
Replace `cat` with Ruby's `read_file`
...
Thanks to wvu-r7 for the comment
2016-09-28 23:22:19 +02:00
45ee59581b
Fix inverted logic in Docker exploit
...
Positive condition should be tested first, imo. Confusing otherwise. My
bad, though.
Credit to @fslavin-r7.
2016-09-28 15:36:09 -05:00
dbb2abeda1
Remove the `cat $FILE | grep $PATTERN` anti-pattern
...
The `kloxo_lxsuexec.rb` and `netfilter_pvi_esc.rb` exploits
were using the infamous `cat+grep` anti-pattern, this commit
replaces it with `cat` and Ruby's `.include?` method.
2016-09-28 13:41:25 +02:00
6382fffc75
Land #7326 , Linux Kernel Netfilter Privesc
2016-09-26 12:38:50 -05:00
23e5556a4c
binary drops work!
2016-09-24 21:31:00 -04:00
7646771dec
refactored for live compile or drop binary
2016-09-22 20:07:07 -04:00
88cef32ea4
Land #7339 , SSH module fixes from net:ssh updates
2016-09-22 00:27:32 -05:00
04f8f7a0ea
Land #7266 , Add Kaltura Remote PHP Code Execution
2016-09-21 17:14:49 -05:00
2d3c167b78
Grammar changes again.
2016-09-20 23:51:12 +03:00
0f16393220
Yet another grammar changes
2016-09-20 19:48:40 +03:00
William Vu
Brent Cook
William Webb
Adam Cammack
Bryan Chu
m0t
Jeffrey Martin
Mehmet Ince
darkbushido
Brent Cook
wchen-r7
Matthias Brun
h00die
Jonathan Claudius
Tod Beardsley
Nate Caroe
Ahmed S. Darwish
bwatters-r7
dmohanty-r7
Pearce Barry
itsmeroy2012
flakey-biscuits
=
Carter
wolfthefallen
Pedro Ribeiro
Brendan Coles
phroxvs
joernchen of Phenoelit
x2020
Prateep Bandharangshi
OJ
Alex Flores
Quentin Kaiser
Julien (jvoisin) Voisin
jvoisin