jvazquez-r7
558103b25d
Do code cleanup
2015-04-24 11:30:08 -05:00
jvazquez-r7
896d6e8cb7
Fix title
2015-04-24 11:09:39 -05:00
jvazquez-r7
1825b45ac3
Land #5242 , @espreto's module for GI-Media Library Plugin Directory Traversal
2015-04-24 11:08:52 -05:00
jvazquez-r7
7af6f31c3a
Fix message
2015-04-24 11:08:00 -05:00
jvazquez-r7
5ca6fe3cb0
Do code cleanup
2015-04-24 11:07:13 -05:00
Brent Cook
f457f36cdd
Land #5213 , improvements to MS15-035 DoS
2015-04-24 10:54:48 -05:00
jvazquez-r7
7a3949ed52
Land #5230 , @espreto's exploit for WordPress InBoundio Marketing File Upload
...
* OSVDB 119890
2015-04-24 10:49:52 -05:00
jvazquez-r7
8a8d9a26f4
Do code cleanup
2015-04-24 10:47:46 -05:00
jvazquez-r7
b5223912cb
Fix check method
2015-04-24 10:41:41 -05:00
Roberto Soares
c9b4a272e3
Changed fail_with output.
2015-04-24 12:16:23 -03:00
kaospunk
bb0b2eee37
Fix missing . in SRV query
...
This update adds a missing . to the end of the
_ldap._tcp SRV record so that it properly forms
the DNS query.
2015-04-24 10:42:31 -04:00
benpturner
2ccf818c7b
msftidy
2015-04-24 11:16:31 +01:00
Roberto Soares
e14c6af194
Removed double 'Calling payload'.
2015-04-24 06:26:04 -03:00
benpturner
00d8958cc8
New payloads for reverse_tcp for powershell
2015-04-24 10:25:37 +01:00
Roberto Soares
01efc97c4a
Add WordPress WPshop eCommerce File Upload.
2015-04-24 06:21:49 -03:00
Roberto Soares
e51897d64e
Filepath option
2015-04-24 04:35:59 -03:00
Roberto Soares
7b0b59b5f6
Add WordPress GI-Media Library Plugin File Read.
2015-04-24 04:24:16 -03:00
benpturner
9e137c6403
ref
2015-04-23 23:28:33 +01:00
benpturner
468166408e
ref
2015-04-23 23:28:21 +01:00
benpturner
3711b2579c
new powershell session
2015-04-23 23:13:12 +01:00
benpturner
0f7442dec2
new powershell session
2015-04-23 23:12:58 +01:00
benpturner
b642ddb989
interact powershell session
2015-04-23 23:12:38 +01:00
benpturner
b6abd9dc8e
updates to rex
2015-04-23 22:14:11 +01:00
benpturner
a3710752c6
updates to rex
2015-04-23 22:14:00 +01:00
benpturner
5b604d07dd
updates
2015-04-23 22:13:46 +01:00
benpturner
3e693c95df
update bind_tcp settings
2015-04-23 14:43:08 +01:00
benpturner
94d99cd833
use Rex::Powershell::Command
2015-04-23 14:42:45 +01:00
benpturner
e7b84ea40e
rhost mandatory
2015-04-23 10:17:13 +01:00
benpturner
4ad3394e82
make rhost mandatory
2015-04-23 10:09:50 +01:00
Roberto Soares
5bf4c9187a
Removed double "Calling payload..."
2015-04-23 03:41:34 -03:00
Roberto Soares
844f768eee
Add WordPress InBoundio Marketing File Upload
2015-04-23 03:32:17 -03:00
OJ
19a6ae68ff
Update bind_tcp sizes to dynamic
...
This is required due to the fact that we can now turn on/off the
closing of the listen socket.
2015-04-23 09:53:18 +10:00
m-1-k-3
f5b0a7e082
include rop gadget description
2015-04-23 00:11:02 +02:00
benpturner
711061a49b
updates
2015-04-22 21:03:13 +01:00
benpturner
5a648ef79b
updates to script
2015-04-22 20:45:43 +01:00
Brandon Perry
e9f8b25987
Update wordpress_contus_video_gallery_sqli.rb
...
Update to use the Wordpress mixin
2015-04-22 14:43:55 -05:00
Brandon Perry
26d208f089
Update wordpress_contus_video_gallery_sqli.rb
...
remove 'uri'
2015-04-22 14:42:03 -05:00
benpturner
99156f1247
reverse payload
2015-04-22 20:41:45 +01:00
benpturner
4ae3c5925d
bind payload
2015-04-22 20:41:35 +01:00
m-1-k-3
1ec0e09a43
msftidy
2015-04-22 10:32:47 +02:00
m-1-k-3
58099d0469
airties login bof module
2015-04-22 10:21:58 +02:00
Brent Cook
3963289519
Land #4888 , @h00die's brocade credential bruteforcer
2015-04-21 18:27:03 -05:00
Mike
3a1778ef7c
Spelling Fix
...
s/Brocde/Brocade/ as per bcook-r7
2015-04-21 17:57:36 -04:00
jvazquez-r7
3db0e12b67
Modify autopwn comment
2015-04-21 14:19:15 -05:00
jvazquez-r7
3f40342ac5
Fix sock_sendpage
2015-04-21 14:17:19 -05:00
jvazquez-r7
ab94f15a60
Take care of modules using the 'DEBUG' option
2015-04-21 12:13:40 -05:00
jvazquez-r7
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
Brent Cook
073850c5ad
Land #5158 , OWA internal IP disclosure scanner
2015-04-21 11:10:39 -05:00
Brent Cook
5296c6507d
Land #5157 , OWA login scanner auth timing logs
2015-04-21 11:06:08 -05:00
wchen-r7
a44da8e6d7
URL refs
2015-04-21 09:29:08 -05:00
OJ
86957d9b07
Merge branch 'upstream/master' into connection-recovery
2015-04-21 20:01:59 +10:00
wchen-r7
a3b0f2e424
Land #5175 , Update mcafee_vse_hashdump description
2015-04-20 21:49:24 -05:00
Brent Cook
9a49538c1a
Land #5016 , add SSL Labs scanner
2015-04-20 21:34:16 -05:00
Brent Cook
752c3243f6
wrap print* functions in report_* wrappers
...
Preserve the semantics in the code, but don't call functions like 'print_error'
unless there is an actual error running the module. Fix spelling of 'Overall'.
2015-04-20 21:13:43 -05:00
wchen-r7
ff32d6cee3
Improve MS15-034 DOS
2015-04-20 20:36:08 -05:00
jvazquez-r7
c6c7560aed
Land #4846 , @joevennix's android 4.3 uxss module
2015-04-20 18:43:24 -05:00
jvazquez-r7
9b240e1d8f
Use parenthesis
2015-04-20 18:42:34 -05:00
William Vu
3fbd4e2fe6
Land #5172 , x64 BSD shell_{bind,reverse}_tcp
2015-04-20 15:37:29 -05:00
William Vu
79ca0a56f9
Land #4171 , Steam protocol support
2015-04-20 15:35:06 -05:00
jvazquez-r7
f762873a31
Land #5192 , @joevennix's module for Safari CVE-2015-1126
...
* Module to profit cross domain vulnerability on safari
2015-04-20 15:19:54 -05:00
jvazquez-r7
e2eaff6b3a
Don't modify datastore options
2015-04-20 15:16:21 -05:00
jvazquez-r7
88c52ae7ae
Delete second stop_service, the mixin should had done the job
2015-04-20 15:13:11 -05:00
jvazquez-r7
dc0549d2dd
Use #wait
2015-04-20 15:06:01 -05:00
jvazquez-r7
c1234e05e2
Delete parenthesis from condition
2015-04-20 14:56:37 -05:00
jvazquez-r7
0283ac05e5
Do minor style fixes
2015-04-20 14:54:39 -05:00
jvazquez-r7
69b8edda4a
Use single quotes
2015-04-20 14:53:38 -05:00
jvazquez-r7
16daa935dd
Do minor code cleanup
2015-04-20 13:08:51 -05:00
jvazquez-r7
4f59abe842
Land #5203 , @Meatballs1 fixes #5199 by using the correct namespace
...
* Fixes web_delivery
2015-04-20 11:20:48 -05:00
benpturner
d9d8451b9f
Updated tools/msftidy.rb issues
2015-04-20 16:03:34 +01:00
Meatballs
eb1c01417a
Bogus :
2015-04-20 11:00:26 +01:00
Meatballs
aa4f913800
Resolves #5199
...
Fix Powershell namespace in web_delivery module
2015-04-20 09:37:42 +01:00
Christian Mehlmauer
a60fe4af8e
Land #5201 , Change module wording to conform with other WP modules
2015-04-20 10:07:05 +02:00
aushack
1a32cf7fc0
Change module wording to conform with other WP modules.
2015-04-20 16:48:35 +10:00
Brandon Perry
b622aae97f
Update wordpress_contus_video_gallery_sqli.rb
2015-04-19 18:24:12 -05:00
Meatballs
ac1f03b1de
Use fail_with if unknown exception
2015-04-20 00:11:23 +01:00
Brandon Perry
c393f7c398
add contus video gallery scanner
2015-04-19 17:58:08 -05:00
Meatballs
1cc08a56a8
Additional tidyup
2015-04-19 23:55:55 +01:00
Meatballs
b0d50dc2be
Create our own Rex connection to the endpoint
...
Ensure powershell process closes when module completes
Add a windows cmd interact payload
2015-04-19 23:41:28 +01:00
Christian Mehlmauer
ed9175d73f
Land #5167 , WordPress CP Multi-View Calendar SQLI Scanner
2015-04-19 23:36:23 +02:00
Brandon Perry
8c0bcd2e03
Update wordpress_cp_calendar_sqli.rb
...
Use the new WPVDB
2015-04-19 16:32:57 -05:00
Christian Mehlmauer
a5583debdc
Land #5131 , WordPress Slideshow Upload
2015-04-19 23:12:26 +02:00
Meatballs
8bd0da580d
Move script out of module
2015-04-19 21:12:44 +01:00
Meatballs
9fd3d3aa8c
Move to exploit module
2015-04-19 20:58:20 +01:00
benpturner
1ee850246a
Interactive powershell post module that allows a user to gain an
...
interactive powershell prompt from a compromised session. It opens a TCP
listener for Powershell and automatically creates the handler. You can
also pass this other powershell files in the LOAD_MODULE option to go
ahead and download using the download cradle once the session is
established.
2015-04-19 20:51:41 +01:00
joev
2010e966b3
Add non-httponly cookie theft module for ios/osx safari.
2015-04-19 11:32:37 -05:00
Roberto Soares
c1a1143377
Remove line in description and output line in fail_with
2015-04-18 15:38:42 -03:00
OJ
19f8a76475
Porting bind_tcp for posix to metasm
...
And supporting SO_REUSEADDR and stageless meterp
2015-04-18 19:19:40 +10:00
wchen-r7
43e9244b4c
Fix #5134 , Put store_loot back
...
Fix #5134
store_loot was used at one point, but we ended up removing it.
Turns out store_loot is handy in some cases so we're brining it back.
2015-04-17 16:33:51 -05:00
Michael Messner
b991dec0f9
Dlink UPnP SOAP-Header Injection
2015-04-17 22:54:32 +02:00
wchen-r7
4f903a604c
Fix #5103 , Revert unwanted URI encoding
...
Fix #5103 . By default, Httpclient will encode the URI but
we don't necessarily want that. These modules originally
didn't use URI encoding when they were written so we should
just keep them that way.
2015-04-17 13:59:49 -05:00
karllll
e3ce4eb88e
Update mcafee_vse_hashdump.rb
2015-04-17 09:47:02 -04:00
OJ
97912882ca
Adjustments for POSIX meterpreter patching
2015-04-17 19:53:05 +10:00
Christian Mehlmauer
bba0927c7e
Land #5163 , WordPress Reflex Gallery Plugin File Upload
2015-04-17 11:26:34 +02:00
Christian Mehlmauer
6653c9e33d
Land #5162 , WordPress Dukapress File Read Vulnerability
2015-04-17 11:20:55 +02:00
Christian Mehlmauer
6c77b64dae
wrong method name
2015-04-17 11:20:14 +02:00
Christian Mehlmauer
aef464fc2e
Land #5159 , WordPress Mobile Edition Plugin File Read Vuln
2015-04-17 11:13:00 +02:00
OJ
0a8b29dd86
Merge branch 'upstream/master' into connection-recovery
...
Conflicts:
lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb
2015-04-17 14:40:21 +10:00
wchen-r7
3927024f79
Land #5154 , CVE-2015-0556 (Flash copyPixelsToByteArray int overflow)
...
sage aborts
2015-04-16 21:21:09 -05:00
William Vu
3422501d91
Land #5174 , deprecated module cleanup
2015-04-16 17:43:28 -05:00
Christian Mehlmauer
153344a1dd
fix Unkown typo
2015-04-16 23:59:28 +02:00
Christian Mehlmauer
2b9fd93729
remove deprecated modules
2015-04-16 22:49:22 +02:00
Roberto Soares
33cf2f1578
Added Faliure:: symbol to fail_with
2015-04-16 17:40:25 -03:00
Roberto Soares
ed588e335b
Changed the print_error output.
2015-04-16 17:32:59 -03:00
Roberto Soares
bf3bdcffb4
Changed the deph value to 7.
2015-04-16 17:30:28 -03:00
Roberto Soares
dd474757fe
Changed the print_error output.
2015-04-16 17:26:44 -03:00
Roberto Soares
f50cedeafd
Changed the depth value to 7.
2015-04-16 17:22:49 -03:00
Roberto Soares
2138325129
Add Failure:: symbol to fail_with
2015-04-16 17:15:24 -03:00
karllll
cb2e8f4949
Update mcafee_vse_hashdump description
...
The description of this module has been added upon to include cracking details.
2015-04-16 16:09:43 -04:00
Christian Mehlmauer
352e170624
more failure reasons
2015-04-16 22:04:11 +02:00
Christian Mehlmauer
8c5890d506
more fixes
2015-04-16 21:56:42 +02:00
Christian Mehlmauer
8c12361bda
remove fail_with defs
2015-04-16 21:49:31 +02:00
Christian Mehlmauer
ba6548db75
be consistent about naming
2015-04-16 21:44:56 +02:00
Christian Mehlmauer
b4b8ac0849
moar fail_with's
2015-04-16 21:26:37 +02:00
Christian Mehlmauer
a193ae42b0
moar fail_with's
2015-04-16 21:25:05 +02:00
Christian Mehlmauer
4dc402fd3c
moar fail_with's
2015-04-16 21:16:52 +02:00
Christian Mehlmauer
0e186fa617
first fail_with fixes
2015-04-16 21:08:33 +02:00
William Vu
f0d6735332
Land #5165 , version number correction
2015-04-16 12:10:12 -05:00
William Vu
26f2b350d2
Land #5168 , more fail_with fixes
2015-04-16 12:04:55 -05:00
William Vu
1455d4e94d
Fix AUTH_TIME
2015-04-16 11:39:33 -05:00
William Vu
7c572777e1
Fix whitespace
2015-04-16 11:34:50 -05:00
William Vu
7a9167b235
Fix comments
2015-04-16 11:34:47 -05:00
Nate Power
9bcc988266
Update owa_login
2015-04-16 11:23:04 -05:00
sinn3r
904339f0d7
Fix #5130 , Correct use of fail_with in wp_worktheflow_upload.rb
2015-04-16 10:32:50 -05:00
sinn3r
5c98270f4d
Fix #5137 - Correct use of fail_with
2015-04-16 09:57:02 -05:00
Brandon Perry
75b88f199a
Create wordpress_cp_calendar_sqli.rb
2015-04-16 09:53:00 -05:00
Christian Mehlmauer
418d8586a5
Land #5137 (again), WordPress N-Media Website File Upload
2015-04-16 16:24:41 +02:00
Christian Mehlmauer
7f79acb996
Land #5137 , WordPress N-Media Website File Upload
2015-04-16 16:17:20 +02:00
Roberto Soares
517ad54617
Fix the correct version in check.
2015-04-16 10:56:43 -03:00
Roberto Soares
95310dbe4f
Fix 'if' condition.
2015-04-16 10:51:36 -03:00
Roberto Soares
626a9f0508
Fix the correct version in check.
2015-04-16 10:46:08 -03:00
Roberto Soares
ecc67b1a57
Fix loot name
2015-04-16 10:42:20 -03:00
Roberto Soares
d898af5513
Add check version and removed HttpClient
2015-04-16 10:40:35 -03:00
Roberto Soares
6ef074cd28
Fix the correct version in check
2015-04-16 10:34:34 -03:00
Roberto Soares
768294710b
Add check and removed HttpClient
2015-04-16 10:22:10 -03:00
Christian Mehlmauer
d9f4c7548f
Land #5136 , WordPress Creative Contact Form upload
2015-04-16 15:17:14 +02:00
Christian Mehlmauer
84c74b8d42
use correct version number
2015-04-16 15:01:54 +02:00
Roberto Soares
ee8dc49a25
Fix wrong version in check.
2015-04-16 09:45:18 -03:00
Roberto Soares
e16cc6fa82
Fix the correct version in check.
2015-04-16 09:38:42 -03:00
Roberto Soares
890561bff3
Rewriting the condition 'if' for only one line
2015-04-16 09:23:56 -03:00
Roberto Soares
b90ff36ef4
Rewriting the condition 'if' for only one line
2015-04-16 09:15:17 -03:00
Christian Mehlmauer
7dde7f6f7c
Land #5130 , WordPress WorkTheFlow Upload
2015-04-16 14:06:37 +02:00
Roberto Soares
dc7f161339
Add author, EDB, OSVDB and WPVDB.
2015-04-16 08:56:33 -03:00
Roberto Soares
1112a3b0ae
Add WordPress Reflex Gallery Plugin File Upload
2015-04-16 08:40:51 -03:00
Roberto Soares
21e964e699
Add Author and references..
2015-04-16 07:20:48 -03:00
Roberto Soares
f6f4bd0746
Add WordPress Dukapress File Read Vulnerability
2015-04-16 07:17:46 -03:00
Roberto Soares
4aa4f83372
Removed timeout 2.
2015-04-16 05:37:11 -03:00
Roberto Soares
39556c10c7
Rewrote check method.
2015-04-16 05:36:20 -03:00
Roberto Soares
ace316a54f
Added WPVDB and EDB references.
2015-04-16 05:29:21 -03:00
Roberto Soares
10c218319a
Rewrote response condition.
2015-04-16 05:26:48 -03:00
Roberto Soares
5cb9b1a44c
Removed timeout 2.
2015-04-16 05:21:59 -03:00
Roberto Soares
0e1b173d15
Renamed USER/PASSWORD to WP_USER/WP_PASSWORD.
2015-04-16 05:11:56 -03:00
Roberto Soares
13ded8abe7
Added WPVDB.
2015-04-16 05:08:45 -03:00
Roberto Soares
64923ffdc2
Fixed plugin name in check method
2015-04-16 05:06:36 -03:00
Roberto Soares
c8e1185a04
Included Wordpress mixin.
2015-04-16 05:02:39 -03:00
Roberto Soares
e9212c4d6b
wordpress_url_admin_ajax intead of wordpress_url_backend
2015-04-16 04:53:05 -03:00
Roberto Soares
81d898fd7e
Rewrote check code.
2015-04-16 04:51:40 -03:00
Roberto Soares
aeb0484889
Removed timeout 2.
2015-04-16 04:48:00 -03:00
Roberto Soares
e6e9c173e3
Rewrote res conditions.
2015-04-16 04:43:34 -03:00
Roberto Soares
d11db4edc7
Rewrote check code.
2015-04-16 04:37:30 -03:00
Roberto Soares
f13d31c7c2
Added WPVDB.
2015-04-16 04:31:23 -03:00
Roberto Soares
cccda4e851
Removed unnecessary line.
2015-04-16 04:27:15 -03:00
William Vu
42ff0decc7
Land #4722 , timing options for snmp_login
2015-04-16 02:25:29 -05:00
William Vu
88062a578d
Clean up PR
2015-04-16 02:25:06 -05:00
Roberto Soares
d3a6de761d
Removed timeout 2.
2015-04-16 04:09:02 -03:00
William Vu
01625e3bba
Land #5148 , DRY BSD/OS X shellcode
...
Also fix a semi-regression in the Rootpipe exploit.
2015-04-16 02:08:18 -05:00
William Vu
13da15e434
Add default PAYLOAD again
...
PrependSetreuid doesn't work with generic/shell_reverse_tcp.
2015-04-16 02:07:02 -05:00
Roberto Soares
1249f29ee8
Add JSON::ParserError exception handler.
2015-04-16 04:03:54 -03:00
William Vu
bec6270f07
Fix regex
2015-04-15 23:47:03 -05:00
William Vu
86c5e96d19
Land #5146 , enum_system cleanup
2015-04-15 22:02:32 -05:00
William Vu
001253a8da
Clean up module some more
2015-04-15 22:02:04 -05:00
William Vu
0a4ab99aa5
Land #5149 , couchdb_enum cleanup
2015-04-15 21:50:30 -05:00
William Vu
4410f8da6e
Clean up module some more
2015-04-15 21:48:19 -05:00
Brent Cook
30d60975ba
Land #5144 , add missing report_note in apache_range_dos
2015-04-15 21:47:18 -05:00
William Vu
01ae7002cf
Fix EOF whitespace
2015-04-15 21:27:53 -05:00
William Vu
20d4d1ce3f
Move report_goods before the return
2015-04-15 21:22:41 -05:00
joev
9b6aea12e1
Oops, missed a comma.
2015-04-15 19:26:53 -05:00
Roberto Soares
0031f09d60
Add author, EDB, WPVDB and fix loot.
2015-04-15 20:03:36 -03:00
jvazquez-r7
c1753672bf
Delete file_contents initialization
2015-04-15 17:58:32 -05:00
Roberto Soares
0f1cf1d1b1
Add Module WP Mobile Edition Plugin File Read Vuln
2015-04-15 19:45:08 -03:00
William Vu
66b7179a97
Rename module to owa_iis_internal_ip
2015-04-15 17:10:01 -05:00
William Vu
a109dae033
Fix EOL whitespace
2015-04-15 16:58:59 -05:00
William Vu
cc422eeeea
Fix splat
2015-04-15 16:58:18 -05:00
Nate Power
34ce4edacb
Add exchange_iis_internal_ip
2015-04-15 16:55:19 -05:00
sinn3r
7cc80c418b
Correct a bad spelling in ms15_034_ulonglongadd.rb
2015-04-15 15:32:55 -05:00
joev
4a18714191
Update authors and license to original osx x86 module.
2015-04-15 14:34:26 -05:00
joev
a01d98d1f5
Implement shell_bind and shell_reverse payloads for bsd x64.
2015-04-15 14:33:27 -05:00
jvazquez-r7
3ca7d6aae5
Land #5150 , @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys
...
* `check` to test, `run` to DoS
2015-04-15 14:29:18 -05:00
jvazquez-r7
28fac60c81
Add module for CVE-2015-0556
2015-04-15 14:08:16 -05:00
sinn3r
76d36a46dc
Missing a checkcode
2015-04-15 14:04:18 -05:00
sinn3r
8a542b841c
Don't check Server header
2015-04-15 13:33:09 -05:00
sinn3r
90ed6ee0b6
No "vhost"
2015-04-15 13:32:11 -05:00
sinn3r
3aa8e6908d
Converted to a DOS module
2015-04-15 13:13:16 -05:00
sinn3r
19ab71aa43
Final update i swear
2015-04-15 10:20:15 -05:00
sinn3r
7a77dbc9f0
Update description
2015-04-15 10:15:40 -05:00
jvazquez-r7
ef6bf54e2f
Fix metadata
2015-04-15 09:22:59 -05:00
jvazquez-r7
1da6b32df7
Land #4924 , @m-1-k-3's DLink CVE-2015-1187 exploit
...
* ncc service ping.cpp command injection
2015-04-15 09:17:10 -05:00
jvazquez-r7
6019bbe0d2
Add ranking comment
2015-04-15 09:12:03 -05:00
jvazquez-r7
ad465c4d5b
Do code cleanup
2015-04-15 09:10:18 -05:00
sinn3r
2206ae48a1
Match the PR title
2015-04-15 01:50:59 -05:00
sinn3r
63048a7385
Newline
...
-_-
2015-04-15 01:38:09 -05:00
sinn3r
6f874b81ff
Add MS15-034 check (CVE-2015-1635)
2015-04-15 01:37:43 -05:00
Roberto Soares
1d6300991c
Clean the code of the module couchdb_enum.
2015-04-15 02:58:51 -03:00
joev
0d19b5d4c3
Fix require order issue.
2015-04-14 23:23:02 -05:00
joev
e56590e1e3
DRY up common code between BSD / OSX.
2015-04-14 23:08:57 -05:00
Roberto Soares
c6e8ffb7e3
Fix some "mistakes" following the style guide
2015-04-15 00:35:14 -03:00
Roberto Soares
9250869ace
Fix typo
2015-04-14 20:19:38 -03:00
Roberto Soares
6aad8b3a70
Changed the conditions if/elsif to case statements
2015-04-14 20:05:52 -03:00
William Vu
3cdc84bf27
Fix missing type in report_note
2015-04-14 14:02:20 -05:00
sinn3r
aca93cc86e
Add missing Rank
2015-04-14 13:33:37 -05:00
William Vu
e114c85044
Land #5127 , x64 OS X prepend stubs 'n' stuff
2015-04-14 01:25:39 -05:00
William Vu
8d1126eaa5
Land #5129 , x64 BSD prepend stubs 'n' stuff
2015-04-14 01:24:50 -05:00
Roberto Soares
a09e643a71
Add author, URL, WPVDB and disclosure date.
2015-04-13 22:54:05 -03:00
Roberto Soares
271a81778e
Add Module WP N-Media Website Contact Form Upload
2015-04-13 22:48:34 -03:00
Roberto Soares
7f10fb5bf0
Fix disclosure date
2015-04-13 18:53:20 -03:00
Roberto Soares
e94ca0bdd1
Add EDB, OSVDB and author.
2015-04-13 18:42:17 -03:00
Roberto Soares
d5d975c450
Add Module WordPress Creative Contact Form Upload
2015-04-13 18:38:43 -03:00
William Vu
e324819feb
Add Privileged to info hash
...
Also remove default payload. Was set for CMD.
2015-04-13 15:23:30 -05:00
Tod Beardsley
bd3b6514fa
Dubbed. Whump whump.
2015-04-13 10:52:32 -05:00
Tod Beardsley
d87483b28d
Squashed commit of the following:
...
commit 49f480af8b9d27e676c02006ae8873a119e1aae6
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Apr 13 10:42:13 2015 -0500
Fix funny punctuation on rootpipe exploit title
See #5119
commit 0b439671efd6dabcf1a69fd0b089c28badf5ccff
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Apr 13 10:37:39 2015 -0500
Fix vendor caps
Trusting the github repo README at
https://github.com/embedthis/goahead
See #5101
2015-04-13 10:46:47 -05:00
Roberto Soares
7b57496501
Fix typo and add email addr.
2015-04-13 04:12:32 -03:00
Roberto Soares
abee3f17c4
Add author, CVE and EDB references
2015-04-13 04:08:34 -03:00
Roberto Soares
58c4042321
Add Module WP Slideshow Gallery Shell Upload
2015-04-13 03:56:59 -03:00
Roberto Soares
2d1f8c510e
Add author and references
2015-04-12 21:21:49 -03:00
Roberto Soares
9f06cee53d
Add Module WordPress WorkTheFlow Shell Upload
2015-04-12 21:09:44 -03:00
joev
2d3614f647
Implement x64 BSD exec and exe template.
...
- Fixes bug in CachedSize due to all options being set
- Adds new payload to payload_spec.
2015-04-12 12:17:25 -05:00
joev
ceadd1e6ec
Update osx x86 payload cached sizes to be accurate.
...
- Right now there is a bug in the payload_spec, which causes the payload's
datastore during the spec run to have things like 'PrependSetuid' => 'false',
where 'false' is a string, which means 'if (datastore['PrependSetuid'])'
branch will be taken, resulting in incorrect behavior.
2015-04-12 00:21:18 -05:00
joev
c132a3fb0a
Fix OSX prepends and implement x64 setreuid.
2015-04-11 20:04:21 -05:00
jvazquez-r7
656abac13c
Use keyword arguments
2015-04-10 18:03:45 -05:00
jvazquez-r7
1720d4cd83
Introduce get_file_contents
2015-04-10 17:34:00 -05:00
jvazquez-r7
ca6a5cad17
support changing files
2015-04-10 16:53:12 -05:00
sinn3r
284ef5bbbb
Land #5112 , Nessus REST Login Module
2015-04-10 13:32:53 -05:00
jvazquez-r7
b2e17a61a9
Fix disclosure date
2015-04-10 13:09:24 -05:00
jvazquez-r7
ab944b1897
Add module to exploit dangerous group policy startup scripts
2015-04-10 13:01:50 -05:00
joev
3313dac30f
Land #5119 , @wvu's addition of the OSX rootpipe privesc exploit.
...
orts
borts
2015-04-10 12:38:25 -05:00
sinn3r
4419c1c728
Land #5120 , Adobe Flash Player casi32 Integer Overflow
2015-04-10 12:18:11 -05:00
William Vu
e8e7a2a67a
Land #5122 , undefined "upload_path" fix
2015-04-10 11:30:50 -05:00
William Vu
fc814a17ae
Add admin check
...
Also break out version check.
2015-04-10 11:24:49 -05:00
William Vu
41885133d8
Refactor and clean
...
Finally breaking free of some stubborn old habits. :)
2015-04-10 11:22:27 -05:00
William Vu
a7601c1b9a
Use zsh to avoid dropping privs
...
Also add some configurable options.
2015-04-10 11:22:00 -05:00
William Vu
4cc6ac6eaa
Clarify vulnerable versions
2015-04-10 11:22:00 -05:00
William Vu
c4b7b32745
Add Rootpipe exploit
2015-04-10 11:22:00 -05:00
Jon Cave
b2b7da2dc5
Fix spelling of Microsoft in module name
2015-04-10 11:09:16 +01:00
Jon Cave
c6f062d49e
Ensure that local variable `upload_path` is defined
...
Merge `upload_payload` and `parse_upload_response` so that the
`upload_path` variable is defined for use in error messages in the event
of failure.
2015-04-10 10:58:20 +01:00
OJ
91202e2447
Port of reverse_tcp payload to metasm
2015-04-10 17:46:27 +10:00
root
7810f3d9a3
Add previous nessus_xmlrpc_login file
2015-04-10 12:32:42 +05:00
root
bbbd4d3634
change name to keep both XML and REST modules
2015-04-10 12:20:43 +05:00
OJ
fadb13b8ef
Porting block api, exitfunk, bind to metasm
...
Also add the flag which lets the bind stager leave the listen socket
open.
2015-04-10 16:23:03 +10:00
jvazquez-r7
91f5d0af5a
Add module for CVE-2014-0569
...
* Adobe flash, Integer overflow on casi32
2015-04-09 19:37:26 -05:00
Pedro Ribeiro
4808d61af3
Add OSVDB id and full disclosure URL
2015-04-09 16:32:22 +01:00
OJ
809409d8c4
Lots of changes to support moving timeouts to common spots
...
Session expiry, comms timeout, retry total/wait are all now part of all
of the meterpreter payloads as these are going to be used for
maintaining access with resiliency and will aim for consistency across
the payload types.
2015-04-09 17:57:43 +10:00
root
b6e750d7eb
Nessus auxiliary scanner for updated REST API
2015-04-09 11:36:17 +05:00
OJ
bc5fd4b813
A few adjustments to make bind_tcp keep listen sockets open
2015-04-09 08:46:35 +10:00
William Vu
c9bf8f3140
Land #5105 , @joevennix's cable modem 0day
2015-04-08 16:09:46 -05:00
William Vu
831a59b10b
Fix whitespace
2015-04-08 16:09:28 -05:00
Tod Beardsley
52f1b95222
Add disclosure link
2015-04-08 16:07:33 -05:00
sinn3r
1bfda9e78f
Land #5101 , Add Directory Traversal for GoAhead Web Server
2015-04-08 15:30:23 -05:00
Brent Cook
e03f2df691
Land #5002 , RMI/JMX improvements
2015-04-08 15:23:29 -05:00
Tod Beardsley
7ed1655976
Adding module for R7-2015-01
...
Disclosure coming soon, will update this module with a pointer to the
correct reference.
2015-04-08 12:34:31 -05:00
sinn3r
5f389cf3c2
Add ManageEngine Desktop Central Login Utility
2015-04-08 02:05:56 -05:00
HD Moore
e7a4ee637a
Port windows reverse_tcp|bind_tcp to Metasm, add error handling
...
Conflicts:
lib/msf/core/payload/windows/bind_tcp.rb
modules/payloads/stagers/windows/bind_tcp.rb
Cherry-picked form @hmoore-r7's repo.
2015-04-08 16:21:10 +10:00
OJ
9ebcb27929
Merge branch 'upstream/master' into connection-recovery
2015-04-08 15:48:21 +10:00
Roberto Soares
dc14c770be
Changed the traversal variable to just one line
2015-04-08 02:26:59 -03:00
OJ
a9804dff62
Initial work to support fault-tolerant connectivity
...
This code adjusts the bind_tcp stager for x86 so that the listener
socket isn't close for meterpreter payloads. This means that meterpreter
can make an educated guess as to whether or not the payload was a bind
or tcp payload, and from there can attempt to establish communications
in the same way as before should something break along the way.
Some simple adjustments to the x64 meterpreter stage as well, but more
to come here.
2015-04-08 14:41:32 +10:00
Roberto Soares
441042ed37
Removed the segments variable
2015-04-08 01:29:45 -03:00
Roberto Soares
d399d05383
Add Directory Traversal for GoAhead Web Server
2015-04-07 20:22:06 -03:00
Zach Grace
42e82cc644
Rubocop fixes
2015-04-07 18:21:08 -05:00
Zach Grace
7275d5745f
Fixes, refactoring and adding JBoss AS default creds scanning
2015-04-07 17:40:25 -05:00
OJ
9fd40870d0
Update http(s) generator functions
...
Methods now require a hash. I went with the hash because 1) that's what
we seem to use everywhere else, and 2) I couldn't get the new keyword
arguments working nicely with the block syntax (I'm clearly stupid).
2015-04-08 07:56:54 +10:00
Pedro Ribeiro
cf8b92b747
Create zcm_file_upload.rb
2015-04-07 16:05:51 +01:00
OJ
8f58e08c13
Add support for stageless reverse_http payloads
...
This includes both x64 and x86.
2015-04-07 11:01:24 +10:00
OJ
38a77c930e
Land #5072 : Support and embed payload UUIDs
2015-04-07 10:10:36 +10:00
William Vu
7a2d3f5ebd
Land #5082 , firefox_proxy_prototype autopwn_info
2015-04-06 13:36:03 -05:00
William Vu
e1af495d21
Add extra release fixes
2015-04-06 13:08:40 -05:00
Tod Beardsley
b62011121b
Minor word choice fix on Solarwinds exploit
...
Removing the second person pronoun usage.
[See #5050 ]
2015-04-06 12:40:22 -05:00
Tod Beardsley
5be5b6097c
Minor grammar on #5030 , Adobe Flash
...
[See #5030 ]
2015-04-06 12:36:25 -05:00
Tod Beardsley
1e6d895975
Description fixes on #4784 , jboss exploit
...
Also, needed to run through msftidy.
[See #4784 ]
2015-04-06 12:34:49 -05:00
root
cd65e6f282
Add browser_autopwn info to firefox_proxy_prototype
2015-04-06 10:42:32 +05:00
HD Moore
78c73cc2a3
Update cached sizes with the new uri defaults
2015-04-05 22:11:12 -05:00
Jon Cave
7aceb9218e
Use bitwise OR to select both primary and backup DCs
...
SV_TYPE_DOMAIN_CTRL || SV_TYPE_DOMAIN_BAKCTRL returns
SV_TYPE_DOMAIN_CTRL rather than ORing the bits together.
2015-04-05 11:05:42 +01:00
HD Moore
c9696d3f6c
Merge in stageless/transport work, deconflict
2015-04-04 11:52:26 -07:00
William Vu
56dc7afea6
Land #5068 , @todb-r7's module author cleanup
2015-04-03 16:00:36 -05:00
jvazquez-r7
79b2a23dff
Land #5015 , @espreto file traversal scanner for RIPS
2015-04-03 15:35:58 -05:00
jvazquez-r7
ce6e5e12d8
Make depth an option
2015-04-03 15:33:27 -05:00
jvazquez-r7
70fad73092
Add metadata
2015-04-03 15:27:28 -05:00
jvazquez-r7
e3bbb7c297
Solve conflicts
2015-04-03 14:57:49 -05:00
jvazquez-r7
e729185804
Land #5051 , @nullbind's new options for mssql_enum_domain_accounts_sqli
2015-04-03 14:44:20 -05:00
jvazquez-r7
fe9fbfd157
Make calculations easier
2015-04-03 14:43:01 -05:00
jvazquez-r7
6c36a82f78
Land #5059 , @void-in's documentation clean up
2015-04-03 14:16:34 -05:00
jvazquez-r7
828301a6cc
Land #5050 , @wchen-r7's exploit for Solarwinds Firewall Security Manager
...
* CVE-2015-2284
2015-04-03 13:45:30 -05:00
jvazquez-r7
7c9b19c6f8
Do minor cleanup
2015-04-03 11:53:50 -05:00
root
452ebcf9ad
travis
2015-04-03 16:29:35 +05:00
root
be829e77ba
cravis error solve
2015-04-03 16:25:18 +05:00
root
4bd40fed7f
yard doc and comment corrections for auxiliary
2015-04-03 16:12:23 +05:00
Denis Kolegov
c9e8f9cbea
Add BigIP HTTP VS scanner and fix connection errors
2015-04-03 02:30:03 -04:00
Brent Cook
16cb334325
Land #5065 : OJ fix missed merges for uri_checksum and others
2015-04-02 22:53:29 -05:00
OJ
fd043d4842
Fix up build and missing uri_checksum stuff
...
Somehow this made it into a merge when it shouldn't have. This fix moves
the URI checksum module to where it needs to be and updates all the
references where required. This will result in a class with the dynamic
transport branch, but I can fix that after.
2015-04-03 13:42:25 +10:00
scriptjunkie
0f7c644fff
Land #4784 , JBoss Seam 2 upload exec exploit
2015-04-02 22:32:35 -05:00
OJ
5b5dc3ef59
Merge branch 'upstream/master' into stageless-x64
...
Merge required adjustment of the proxy datastore names that were changed.
2015-04-03 08:53:09 +10:00
Tod Beardsley
3ff91d74ca
More cleanup, mostly abysssec
...
[See #5012 ]
2015-04-02 16:16:38 -05:00
Tod Beardsley
11057e5b3b
Fix up the last couple from Tenable, missed last
...
[See #5012 ]
2015-04-02 15:27:46 -05:00
Tod Beardsley
4bbec88882
Various other one-off nonhuman author credits
...
[See #5012 ]
2015-04-02 15:25:47 -05:00
Tod Beardsley
6d5bcb93a8
Normalize the SecurityXploded Team credits
...
[See #5012 ]
2015-04-02 15:15:37 -05:00
Tod Beardsley
6532fad579
Remove credits to Alligator Security Team
...
All but one of these modules credits both a team name and individual
team members. We should just be crediting team members. The domain
persists in all the other credits.
The one that didn't was credited to dflah_ specifically, so merely
changed the author name.
Longer description, if needed, wrapped at 72 characters.
[See #5012 ]
2015-04-02 15:12:22 -05:00
HD Moore
db5293eeee
Lands #5054 , adds a module for the Ceragon mateidu SSH issue
2015-04-01 14:32:56 -05:00
Tod Beardsley
b17727d244
Switching to privileged => false
2015-04-01 14:35:45 -05:00
sinn3r
a592f645f0
Land #5039 , Webdorado gallery wd 1.2.5 unauthenticated SQLi scanner
2015-04-01 14:34:58 -05:00
Tod Beardsley
0825534d2c
Fix reference
2015-04-01 14:16:45 -05:00
Tod Beardsley
8ec71e9daf
Add a module for R7-2015-05
2015-04-01 14:05:41 -05:00
jvazquez-r7
02a5730d92
Use calculate_interface_hash
2015-04-01 12:09:42 -05:00
sinn3r
0b14a18ad2
This is final
2015-04-01 12:00:49 -05:00
jvazquez-r7
f954ff78c0
Fix typo
2015-04-01 10:51:54 -05:00
nullbind
91aeef0a8a
added startrid and endrid
2015-04-01 10:09:13 -05:00
sinn3r
0ee858cd65
Some useful messages
2015-04-01 01:41:31 -05:00
sinn3r
8ad07cdc0f
This should be on the right track
2015-04-01 01:27:50 -05:00
OJ
24171a1a08
Land #5045 : Convert stageless proxy to new format
2015-04-01 12:06:57 +10:00
sinn3r
6795c90eac
Some progress
2015-03-31 20:46:34 -05:00
sinn3r
97305629cb
Add Solarwinds FSM module
...
starter
2015-03-31 16:21:52 -05:00
HD Moore
34ff94e0da
Fix the proxy user/pass options
2015-03-31 15:49:43 -05:00
HD Moore
df15892958
Convert stageless proxy settings to the new format
2015-03-31 15:46:15 -05:00
HD Moore
a39ba05383
Functional Payload UUID embedding via PayloadUUIDSeed
2015-03-31 15:44:18 -05:00
David Maloney
63da27ece0
add missing HKLM root to regkey
...
the chevkm windows psot module had HKLM
missing from the front of one of it's reg key
paths. This was missed in Rails 3 due to the
error being swallowed unexpectedly. in rails 4
we actually see this cause a stack trace
MSP-12384
2015-03-31 14:17:18 -05:00
Tod Beardsley
d1318d1b48
Fixups for release
2015-03-31 11:02:12 -05:00
OJ
633b46874d
Merge branch 'upstream/master'
2015-03-31 14:53:48 +10:00
Brandon Perry
e73286cfa5
update stale references
2015-03-30 17:17:48 -05:00
OJ
253e5d7dff
Include correct module, remove specified encoder type
2015-03-31 07:23:51 +10:00
sinn3r
613f4777ce
Land #5024 , add joomla_ecommercewd_sqli_scanner.rb
2015-03-30 12:45:09 -05:00
sinn3r
8ea1ffc6ff
Land #5030 , CVE-2015-0313 Flash Exploit
2015-03-30 11:31:53 -05:00
jvazquez-r7
ee404713f1
Land #5014 , @wchen-r7's module for MS14-052
...
* As auxiliary module to gather info about existent local files
2015-03-30 11:02:56 -05:00
jvazquez-r7
8ff54ff98d
Add msb reference
2015-03-30 10:58:08 -05:00
sinn3r
9af1e76bf7
Obfuscate js
2015-03-30 10:52:01 -05:00
sinn3r
c7fa01c5ae
Rename file
2015-03-30 10:39:33 -05:00
OJ
c28cc66398
Add x64 bind_tcp and reverse_ipv6_tcp
...
Also fix up a couple of modules to use Metasploit4 instead of
Metasploit3.
2015-03-30 18:59:30 +10:00
Denis Kolegov
9d78aa96d9
Add output of API errors to console
2015-03-30 02:42:09 -04:00
OJ
26792975eb
Refactor of code to reduce duplication
...
Add mixin for the stageless http preparation
2015-03-30 13:18:56 +10:00
OJ
f8851551c5
Add initial x64 stageless meterrpeter module
2015-03-30 11:23:51 +10:00
OJ
ce8f6d72e1
More work on x64 stageless
...
Testing with HD's new changes that allow for generation of larger x64
payloads
2015-03-30 09:51:04 +10:00
h00die
28b9e89963
removed duplicate "uses" from description
2015-03-29 19:40:31 -04:00
OJ
17dc2b184d
Merging upstream/master
2015-03-30 09:12:20 +10:00
Meatballs
c430e5fab1
@m7x forgot to put a reference in
2015-03-29 02:13:31 +01:00
Brandon Perry
de2bf0181c
add first pass at gallerywd sqli scanner
2015-03-28 16:15:51 -05:00
Brandon Perry
9f0483248c
add TARGETURI datastore option
2015-03-28 15:46:41 -05:00
Meatballs
2ed9489f38
Delete load line
2015-03-28 20:31:35 +00:00
Meatballs
99f79e8533
Use incognito token stealing rather than process migration if we have
...
the privileges required for successful impersonation.
2015-03-28 20:31:35 +00:00
Meatballs
f83f4ae764
Move hashdump to gather
2015-03-28 20:31:35 +00:00
Meatballs
e2af15a0df
Refactor MSSQL Post
2015-03-28 20:31:35 +00:00
root
1558190a9d
Add module mssql_local_hashdump
2015-03-28 20:31:35 +00:00
Brandon Perry
6ede476423
Update joomla_ecommercewd_sqli_scanner.rb
2015-03-28 08:38:12 -05:00
William Vu
ef8c0aac69
Land #5020 , spelling fixes for some modules
2015-03-28 00:36:04 -05:00
Brandon Perry
0dbd8544b4
Update joomla_ecommercewd_sqli_scanner.rb
2015-03-27 21:20:59 -05:00
Brandon Perry
31be47d5bc
Create joomla_ecommercewd_sqli_scanner.rb
2015-03-27 20:25:33 -05:00
jvazquez-r7
f84a46df63
Add module for CVE-2015-0313
2015-03-27 18:51:13 -05:00
sinn3r
9cfafdd8b8
Land #4649 , improve post/windows/manage/run_as and as an exploit
2015-03-27 17:31:30 -05:00
C-P
4f4bf9debb
paylod vs payload
2015-03-27 11:55:15 -07:00
C-P
0a8fe781d1
paylod vs payload
2015-03-27 11:54:14 -07:00
C-P
5ba614a325
payloda vs payload
2015-03-27 11:53:20 -07:00
C-P
2d81460583
Explot vs Exploit
2015-03-27 11:37:11 -07:00
C-P
f129347b51
Filed vs Failed fix
2015-03-27 11:28:50 -07:00
C-P
48484c1f09
Filed vs Failed fix
2015-03-27 11:27:36 -07:00
Denis Kolegov
45f8738cfe
Fix stdout errors
2015-03-27 07:53:59 -04:00
Denis Kolegov
3515a0a71f
Initial commit for supporting SSL Labs API
2015-03-27 07:34:11 -04:00
Roberto Soares
3e104fd8e6
Add Directory Traversal for RIPS Scanner
2015-03-27 05:08:43 -03:00
sinn3r
f996c5a888
Update description
2015-03-27 02:31:36 -05:00
sinn3r
67dc46791d
Limit the module to IE 8 and IE9
2015-03-27 02:30:04 -05:00
sinn3r
f88d9651b6
I don't think it's worth putting the js in ie_addons.js
2015-03-27 02:26:50 -05:00
sinn3r
bd2763292a
Properly credit Soroush Dalili
2015-03-26 23:36:16 -05:00
sinn3r
560f31c34d
Minor changes
2015-03-26 23:29:44 -05:00
sinn3r
68624dd56e
Final for ie_files_disclosure.rb
2015-03-26 22:49:22 -05:00
sinn3r
b0b17775c2
First working version
2015-03-26 21:53:26 -05:00
Brent Cook
e0568e95c2
Land #4978 @zerosteiner adds reverse https for python meterpreter
2015-03-26 19:16:46 -05:00
sinn3r
955c0557e0
Land #4988 , Relative URL for ms14_064_ole_code_execution
2015-03-26 13:36:37 -05:00
m-1-k-3
d81a246660
target_uri
2015-03-26 12:16:20 +01:00
m-1-k-3
b7f469b747
feedback
2015-03-26 07:39:36 +01:00
Spencer McIntyre
10e8cefd6d
Pymet dont validate ssl certs for 2.7.9/3.4.3
2015-03-25 19:49:42 -04:00
sinn3r
68cb766681
Land #5007 , Ruby 1.9+ syntax
2015-03-25 16:11:53 -05:00
William Vu
632879ceb6
Land #5001 , wp_easycart_privilege_escalation CVE
2015-03-25 13:54:44 -05:00
jvazquez-r7
d84c48cb7d
Use newer hash syntax
2015-03-25 13:39:34 -05:00
jvazquez-r7
72a0909e9b
Land #4992 , @wchen-r7's support for multiple ActiveX controls on BrowserExploitServerMerge
2015-03-25 13:30:36 -05:00
jvazquez-r7
0540e25db2
Calculate the java/rmi/registry/RegistryImpl_Stub hash dinamically
2015-03-25 11:29:07 -05:00
dnkolegov
5d80ef9325
Fix minor issues
2015-03-25 02:53:36 -04:00
dnkolegov
040a1af9c5
Delete useless ecnryption cookie detection, fix minor issues
2015-03-25 02:34:33 -04:00
jvazquez-r7
356e8c727c
Add specs for Msf::Java::Rmi::Client::Jmx::Server
2015-03-24 18:56:58 -05:00
rastating
7a0fe05803
Add CVE-ID to module references
2015-03-24 22:30:43 +00:00
Christian Mehlmauer
7bf00f8f47
Land #4789 , @rastating WPLMS wordpress module
2015-03-24 20:46:38 +01:00
jvazquez-r7
39e87f927a
Make code consistent
2015-03-24 11:44:26 -05:00
Tod Beardsley
49a6057f74
Grammaring harder
2015-03-24 11:10:36 -05:00
William Vu
7c456f2ad8
Land #4993 , ams_xfr "payload_exe" NameError fix
2015-03-24 00:51:49 -05:00
sinn3r
8255e7a2dc
Fix #4987 - undef payload_exe for ams_xfr
...
Fix #4987
2015-03-24 00:42:22 -05:00
William Vu
3dac6377d0
Fix #4983 , bad copy pasta'd deprecation year
2015-03-24 00:34:54 -05:00
William Vu
fadac30f00
Fix deprecated year
2015-03-24 00:34:38 -05:00
William Vu
6353154865
Land #4983 , renamed WordPress modules
2015-03-23 23:49:40 -05:00
William Vu
e338b77389
Readd and deprecate renamed WordPress modules
2015-03-23 23:48:56 -05:00
sinn3r
db243a8225
x360_video_player_set_text_bof actually uses SetText for ActiveX
2015-03-23 23:36:20 -05:00
sinn3r
3248f02c2c
These exploits use :activex, so I update the usage for them
2015-03-23 19:34:24 -05:00
jvazquez-r7
04341bfc78
Support JMX_ROLE again
2015-03-23 17:32:26 -05:00
Brent Cook
1869977921
Land #4962 : OJ adjusts MSF to new metsrv needs
...
bump meterpreter bins to 0.0.17
2015-03-23 17:18:06 -05:00
jvazquez-r7
d8d4c23d60
JMX code refactoring
2015-03-23 17:06:51 -05:00
OJ
24d74b26e3
Beginning work for stageless x64 meterpreter
2015-03-24 06:50:06 +10:00
jvazquez-r7
962bb670de
Remove old JMX mixin
2015-03-23 15:48:10 -05:00
andygoblins
89e27d98ab
Use relative URL to GET payload for WinXP
...
Relative URLs are simpler, and allow the exploit to work on attack machines in NAT environments. Example: attack machine is NATed and does not have a DNS hostname. SRVHOST must be 0.0.0.0 but the victim cannot access the attacker from Rex::Socket.source_address
2015-03-23 14:40:06 -05:00
Tod Beardsley
21a97c0926
Add exploit for R7-2015-04, Firefox Proxy RCE
2015-03-23 13:44:41 -05:00