William Vu
9a64ecc9b0
Create a pure-Exim, one-shot HTTP client
2017-05-10 15:17:20 -05:00
William Vu
0ce475dea3
Add WordPress 4.6 PHPMailer exploit
2017-05-10 15:17:20 -05:00
James Lee
d00685a802
Don't run a DoS during wmap scans
2017-05-10 14:41:24 -05:00
Brendan Coles
42c7d64b28
Update style
2017-05-10 06:37:09 +00:00
Brent Cook
faf01ed5ef
Land #8353 , add aux scanner for Intel AMT digest bypass
2017-05-09 18:45:21 -05:00
James Lee
72388a957f
Land #8355 , IIS ScStoragePathFromUrl
...
See #8162
2017-05-09 11:06:01 -05:00
Christian Mehlmauer
2b4ace9960
convert to "screaming snake"
2017-05-09 09:30:45 +02:00
Brent Cook
cf487cc90c
reverse_ncat_ssl is stable
2017-05-08 17:43:34 -05:00
Brendan Coles
32dafb06af
Replace NoTarget with NotVulnerable
2017-05-08 22:29:44 +00:00
Christian Mehlmauer
f70b402dd9
add comment
2017-05-09 00:17:00 +02:00
Brent Cook
86365c89d1
Land #8352 , style updates for lotus_domino_hashes
2017-05-08 17:11:44 -05:00
Christian Mehlmauer
806963359f
fix fail with condition
2017-05-08 23:47:48 +02:00
Christian Mehlmauer
f62ac6327d
add @rwhitcroft
2017-05-08 23:20:12 +02:00
Christian Mehlmauer
26373798fa
change rank
2017-05-08 23:07:12 +02:00
Christian Mehlmauer
962a31f879
change minimum length
2017-05-08 23:01:17 +02:00
Christian Mehlmauer
7dccb17834
auto extract values and implement brute forcing
2017-05-08 22:47:29 +02:00
Brent Cook
841f63ad20
make office_word_hta backward compat with older Rubies
2017-05-08 15:10:48 -05:00
Christian Mehlmauer
406a7f1ae2
Merge remote-tracking branch 'dmchell/dmchell-cve-2017-7269' into iis2
2017-05-08 21:51:51 +02:00
Brent Cook
fede672a81
further revise templates
2017-05-08 14:26:24 -05:00
HD Moore
f7ff840ef0
Add missing return, thanks bperry!
2017-05-08 14:08:59 -05:00
HD Moore
9392e48b72
Add a scanner for Intel AMT auth bypass (CVE-2017-5689)
2017-05-08 13:24:00 -05:00
Jeffrey Martin
a1efa30fa2
comments adjustments & enum better
2017-05-08 11:57:06 -05:00
William Vu
b794bfe5db
Land #8335 , rank fixes for the msftidy god
2017-05-07 21:20:33 -05:00
Bryan Chu
88bef00f61
Add more ranks, remove module warnings
...
../vmware_mount.rb
Rank = Excellent
Exploit uses check code for target availability,
the vulnerability does not require user action,
and the exploit uses privilege escalation to run
arbitrary executables
../movabletype_upgrade_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability
../uptime_file_upload_2.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability
../zpanel_information_disclosure_rce.rb
Rank = ExcellentRanking
Exploit allows remote code execution,
implements version check for pChart
../spip_connect_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability
../wp_optimizepress_upload.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability
../wing_ftp_admin_exec.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability
../novell_mdm_lfi.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability
../run_as.rb
Rank = ExcellentRanking
Exploit utilizes command injection,
checks system type, and does not require user action
2017-05-07 15:41:26 -04:00
Pearce Barry
af3f1fbc37
Land #8332 , Canprobe Module
2017-05-07 12:20:27 -05:00
Pearce Barry
c05e7b3b58
Minor corrections and a tweak to appease msftidy.
2017-05-07 11:55:20 -05:00
Pearce Barry
e3d3fa8e45
Tweak internal description formatting.
2017-05-07 11:31:36 -05:00
Pearce Barry
b965bdcdae
Appease msftidy and Travis.
2017-05-07 11:19:32 -05:00
m0t
ab245b5042
added note to description
2017-05-07 13:56:50 +01:00
m0t
4f12a1e271
added note to description
2017-05-07 13:54:28 +01:00
Brendan Coles
635a7a42e6
Update style lotus_domino_hashes
2017-05-07 16:37:48 +10:00
Jeffrey Martin
05bf16e91e
Land #8331 , Adding module CryptoLog Remote Code Execution
2017-05-05 18:24:14 -05:00
Jeffrey Martin
e2fe70d531
convert store_valid_credential to named params
2017-05-05 18:23:15 -05:00
Mehmet Ince
720a02f5e2
Addressing Spaces at EOL issue reported by Travis
2017-05-05 11:05:17 +03:00
Brendan Coles
0eacf64324
Add Serviio Media Server checkStreamUrl Command Execution
2017-05-05 07:54:00 +00:00
Mehmet Ince
58d2e818b1
Merging multiple sqli area as a func
2017-05-05 10:49:05 +03:00
Jeffrey Martin
63b6ab5355
simplify valid credential storage
2017-05-04 22:51:40 -05:00
darkbushido
81bcf2ca70
updating all LHOST to use the new opt type
2017-05-04 12:57:50 -05:00
Brent Cook
97095ab311
Land #8338 , Fix msf/core and self.class msftidy warnings
2017-05-03 21:55:52 -05:00
Brent Cook
2d93c8e2d6
merge, don't overwrite
2017-05-03 18:17:58 -05:00
Brent Cook
0798923901
set the correct schema for linux meterpreter reverse_tcp stages
2017-05-03 16:12:45 -05:00
William Vu
64452de06d
Fix msf/core and self.class msftidy warnings
...
Also fixed rex requires.
2017-05-03 15:44:51 -05:00
Mehmet Ince
d04e7cba10
Rename the module as well as title
2017-05-03 19:18:46 +03:00
Mehmet Ince
ae8035a30f
Fixing typo and using shorter sqli payload
2017-05-03 16:45:17 +03:00
Joe Testa
cf74cb81a7
Removed unnecessary 'msf/core' include.
2017-05-03 09:02:05 -04:00
Craig Smith
9877aa9ef9
Added documentation and cleand up how STOPID worked
2017-05-02 18:57:32 -07:00
Mehmet Ince
db2a2ed289
Removing space at eof and self.class from register_options
2017-05-03 01:31:13 +03:00
Mehmet Ince
77acbb8200
Adding cryptolog rce
2017-05-03 01:05:40 +03:00
Craig Smith
3519adbaef
A basic CAN fuzzer. It probes the data regions of different CAN IDs.
...
The default is to use a set value but can iterate the full range. It can
also add padding if necessary. Not checks on returns or results of fuzzing.
2017-05-02 14:19:29 -07:00
Adam Cammack
494711ee65
Land #8307 , Add lib for writing Python modules
2017-05-02 15:53:13 -05:00
Yorick Koster
6870a48c48
Code suggestion from @jvoisin
2017-05-02 16:41:06 +02:00
Joe Testa
012081eed2
Added support for ANY queries. Silently ignore unsupported queries instead of spamming stdout.
2017-05-01 17:28:56 -04:00
William Vu
03e4ee91c2
Correct Ghostscript 9.2.1 to 9.21 as per advisory
2017-05-01 16:23:14 -05:00
William Vu
41ef1a4e90
Land #8325 , cmd/unix/reverse_ncat_ssl payload
2017-05-01 14:54:52 -05:00
C_Sto
772a16f4cd
fix style
2017-05-02 00:55:57 +08:00
C_Sto
9e06c3f07e
fix argument arrangement
2017-05-02 00:39:00 +08:00
C_Sto
5a2afbc364
Tidy payload
2017-05-01 21:38:34 +08:00
Yorick Koster
006ed42248
Added fix information
...
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/0002
09.html
2017-05-01 09:01:14 +02:00
C_Sto
cfa204b8e8
add reverse ncat ssl
2017-05-01 06:57:28 +08:00
reanar
0b62a6478a
Modification for Travis (remove require msf/core, and self.class in register)
2017-04-30 17:05:11 +02:00
reanar
3f348150c6
Modification of description
2017-04-30 16:38:39 +02:00
reanar
52ec448511
Add WordPress Directory Traversal DoS Module
2017-04-30 15:03:48 +02:00
Yorick Koster
673dbdc4b9
Code review feedback from h00die
2017-04-29 20:37:39 +02:00
Yorick Koster
fcf14212b4
Fixed disclosure date
2017-04-29 16:25:25 +02:00
Yorick Koster
f9e7715adb
Fixed formatting
2017-04-29 16:07:45 +02:00
Yorick Koster
1569d2cf8e
MediaWiki SyntaxHighlight extension exploit module
...
This module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create & execute a PHP file in the document root. The USERNAME & PASSWORD options are only needed if the Wiki is configured as private.
2017-04-29 14:29:56 +02:00
Brandon Knight
c4b3ba0d14
Actually removing msf/core this time... ><
...
Helps to actually remove the bits that were failing. Now with even more
removal of msf/core!
2017-04-28 21:42:06 -04:00
Brandon Knight
ff263812fc
Fix msftidy warnings
...
Remove explicitly loading msf/core and self.class from the register_
functions.
2017-04-28 21:26:53 -04:00
HD Moore
afc804fa03
Quick Ghostscript module based on the public PoC
2017-04-28 09:56:52 -05:00
Brandon Knight
f8fb03682a
Fix issue in ps_wmi_exec and powershell staging
...
The staging function in the post/windows/powershell class was broken
in a previous commit as the definition for env_variable was removed and
env_prefix alone is now used. This caused an error to be thrown when
attempting to stage the payload. This changes the reference from
env_variable to env_prefix.
Additionally, the ps_wmi_exec module created a powershell script to be
run that was intended to be used with the EncodedCommand command line
option; however the script itself was never actually encoded. This
change passes the compressed script to the encode_script function to
resolve that issue.
2017-04-28 03:31:56 -04:00
itsmeroy2012
cd73bd137a
Making use of while loop and solving StagerRetryWait issue
2017-04-27 11:50:13 +05:30
William Vu
1a402ed1d8
Add arch to smb_ms17_010 DOUBLEPULSAR detection
2017-04-26 20:59:13 -05:00
Brent Cook
037fdf854e
move common json-rpc bits to a library
2017-04-26 18:08:08 -05:00
Brent Cook
480a0b4273
update payload sizes
2017-04-26 18:02:14 -05:00
Brent Cook
a60e5789ed
update mettle->meterpreter references in modules
2017-04-26 17:55:10 -05:00
Brent Cook
078ba66e5f
remove unneeded msf/core requires
2017-04-26 17:17:20 -05:00
Brent Cook
353191992f
move mettle payloads to meterpreter, add reverse_http/s stageless
2017-04-26 17:06:34 -05:00
Brent Cook
f8792956ee
fix one module for testing
2017-04-26 16:21:13 -05:00
Daniel Teixeira
a3a4ba7605
Buffer Overflow on Dup Scout Enterprise v9.5.14
2017-04-26 15:19:00 +01:00
Spencer McIntyre
da6c03d13f
Fix function names to always be snake_case
2017-04-26 09:30:29 -04:00
William Vu
bbee7f86b5
Land #8263 , Mercurial SSH exec module
2017-04-26 01:38:01 -05:00
William Vu
f60807113b
Clean up module
2017-04-26 01:37:49 -05:00
Spencer McIntyre
a3bcd20b26
Minor cleanups for multi-platform railgun
2017-04-25 17:45:07 -04:00
William Vu
5476f6066c
Land #8271 , DOUBLEPULSAR detection for MS17-010
2017-04-25 16:31:39 -05:00
Craig Smith
4019a14865
The local HWBridge now does not print out status for each URI request per default. This can be enabled by setting verbose to true.
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
Craig Smith
5537348e28
Addes Statistics support from the API. When typing status in a hardware bridge it will also print packet statistics.
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
wchen-r7
320898697a
Land #8266 , Add Buffer Overflow Exploit on Disk Sorter Enterprise
2017-04-24 17:17:30 -05:00
wchen-r7
1d86905fca
Land #8288 , Minor changes to WiPG-1000 module
2017-04-24 17:09:25 -05:00
wchen-r7
e333cb65e5
Restore require 'msf/core'
2017-04-24 17:09:02 -05:00
wchen-r7
c573628e10
Fix header
2017-04-24 17:01:35 -05:00
wchen-r7
e775f9ccbd
Land #8259 , Add post module to upload and execute a file
2017-04-24 17:00:55 -05:00
Matthias Brun
d3aba846b9
Make minor changes
2017-04-24 23:35:36 +02:00
wchen-r7
5bbb4d755a
Land #8254 , Add CVE-2017-0199 - Office Word HTA Module
2017-04-24 16:05:00 -05:00
wchen-r7
6029a9ee2b
Use a built-in HTA server and update doc
2017-04-24 16:04:27 -05:00
zerosum0x0
55f01d3fc7
made the plugin less spammy with more vprintf
2017-04-24 13:33:05 -06:00
zerosum0x0
453ca6e3bf
added OS printing on vulnerable systems
2017-04-24 13:20:44 -06:00
Daniel Teixeira
47898717c9
Minor documentation improvements
...
Space after ,
2017-04-24 14:47:25 +01:00
itsmeroy2012
bd2379784e
Improved error handling for the python reverse_tcp payload
...
Handling all kinds of errors
Removing 'e'
Updating payload cached sizes
Updating payload cached sizes 2.0
Adding option to set retry time
2017-04-23 20:43:57 +05:30
zerosum0x0
a69aba0eab
added XOR Key calculation
2017-04-22 23:54:30 -06:00
h00die
8e4c093a22
added version numbers
2017-04-22 09:45:55 -04:00
Spencer McIntyre
ffe6d35b4d
Add a module to dump network passwords from gnome
2017-04-21 16:17:18 -04:00
zerosum0x0
8a77bf7b60
removed wrong comments
2017-04-21 08:27:13 -06:00
Matthias Brun
714ada2b66
Inline execute_cmd function
2017-04-21 15:32:15 +02:00
zerosum0x0
9fab64c60e
added references
2017-04-20 15:22:37 -06:00
zerosum0x0
dd12afd717
added DoublePulsar detection
2017-04-20 15:03:29 -06:00
Matthias Brun
8218f024e0
Add WiPG-1000 Command Injection module
2017-04-20 16:32:23 +02:00
Koen Riepe
55ab800f13
Minor code fixes.
2017-04-19 14:41:11 +02:00
DanielRTeixeira
f1c51447c1
Add files via upload
...
Buffer Overflow on Disk Sorter Enterprise
2017-04-19 10:57:41 +01:00
Jonathan Claudius
f5430e5c47
Revert Msf::Exploit::Remote::Tcp
2017-04-18 19:27:35 -04:00
Jonathan Claudius
9a870a623d
Make use of Msf::Exploit::Remote::Tcp
2017-04-18 19:17:48 -04:00
Jonathan Claudius
03e3065706
Fix MSF tidy issues
2017-04-18 18:56:42 -04:00
Jonathan Claudius
32f0b57091
Fix new line issues
2017-04-18 18:52:53 -04:00
James Lee
bdeeb8ee1d
Add a check
2017-04-18 16:32:06 -05:00
William Vu
3b38d0d900
Land #8262 , PR ref for huawei_hg532n_cmdinject
2017-04-18 16:29:13 -05:00
Jonathan Claudius
bfca4da9b0
Add mercurial ssh exec
2017-04-18 16:33:23 -04:00
Tod Beardsley
1fcc1f7417
Trailing comma. Why isn't this Lua?
2017-04-18 14:27:44 -05:00
wchen-r7
0428e12b10
Land #8216 , Add CVE-2016-7552/CVE-2016-7547 exploit
2017-04-18 14:26:55 -05:00
Tod Beardsley
4ec71f9272
Add a reference to the original PR
...
This was the source of first public disclosure, so may as well include
it.
2017-04-18 14:20:25 -05:00
James Lee
84dd5cd01a
Add a simple upload exec module
2017-04-17 19:34:21 -05:00
Nate Caroe
92e7183a74
Small typo fix
...
Running msfconsole would generate an Ubuntu crash report (?). This seems to be the culprit.
2017-04-17 11:14:51 -06:00
William Vu
942959f7e8
Land #8255 , fixes for smb_ms17_010
2017-04-17 11:38:34 -05:00
Brent Cook
7b936b0012
Land #8184 , convert IPMI protocol and modules to bindata
2017-04-17 07:40:15 -05:00
Brent Cook
6f70efcfa1
add module documentation
2017-04-17 07:39:43 -05:00
William Vu
b1c7f1302b
Fix report_vuln and prefer vprint_error
2017-04-17 02:48:56 -05:00
Ahmed S. Darwish
e21504b22d
huawei_hg532n_cmdinject: Use send_request_cgi() 'vars_get' key
...
Instead of rolling our own GET parameters implementation.
Thanks @wvu-r7!
2017-04-17 09:11:50 +02:00
nixawk
3d082814cb
Fix default options
2017-04-17 01:09:48 -05:00
Ahmed S. Darwish
7daec53106
huawei_hg532n_cmdinject: Improve overall documentation
...
- Add section on compiling custom binaries for the device
- Add documentation for Huawei's wget flavor (thanks @h00die)
- Abridge the module's info hash contents (thanks @wwebb-r7)
- Abridge the module's comments; reference documentation (@h00die)
2017-04-17 08:00:51 +02:00
Ahmed S. Darwish
8a302463ab
huawei_hg532n_cmdinject: Use minimum permissions for staged binary
...
Use u+rwx permissions only, instead of full 777, while staging the
wget binary to target. As suggested by @wvu-r7 and @busterb.
2017-04-17 03:27:57 +02:00
Ahmed S. Darwish
7ca7528cba
huawei_hg532n_cmdinject: Spelling fixes suggested by @wvu-r7
2017-04-17 03:23:20 +02:00
Ahmed S. Darwish
7b8e5e5016
Add Huawei HG532n command injection exploit
2017-04-15 21:01:47 +02:00
Brent Cook
7950087804
Merge branch 'upstream-master' into land-8237-
2017-04-14 21:53:26 -05:00
nixawk
fb001180c4
Fix generate_uri
2017-04-14 21:52:31 -05:00
nixawk
590816156f
rename exp module
2017-04-14 21:32:48 -05:00
nixawk
1952529a87
Format Code
2017-04-14 21:30:26 -05:00
Brent Cook
a9857eb1c2
Land #8099 , Aux module to launch instances in AWS
2017-04-14 14:12:10 -05:00
Brent Cook
42122d2835
Land #8238 , move SMB2 support back into smb_login, add simpler permissions checks
2017-04-14 14:06:46 -05:00
nixawk
8ab0b448fd
CVE-2017-0199 exploit module
2017-04-14 13:22:59 -05:00
Brent Cook
eb61241673
Land #8228 , New mainframe privesc payload for z/OS
2017-04-14 13:19:41 -05:00
dmohanty-r7
d75f852d01
Land #8167 , Add MS17-010 auxiliary detection module
2017-04-14 13:00:16 -05:00
David Maloney
91fb3ce6b8
collapse SMB2 support into smb_login
...
converge the SMB and SMB loginscanners so that
there is only one SMB loginscanner that supports both
MS-2636
2017-04-13 15:22:03 -05:00
David Maloney
adeb4d10d7
smb2 login scanner admin check now working
...
we can now check for admin privs in the smb2
login scanner
MS-2636
2017-04-13 14:40:32 -05:00
William Webb
48560d29f3
remove keyscan_extract and modify calling modules
2017-04-13 10:42:28 -05:00
m0t
5e42dde6b6
msftidy clean up
2017-04-12 16:25:21 +01:00
Koen Riepe
9f289bdf52
Fixed error messages and some syntax.
2017-04-12 13:48:11 +02:00
William Webb
c21d78b23b
Land #8186 , Convert DNS Fuzzer to use bindata
2017-04-11 23:27:08 -05:00
bigendiansmalls
fa8011fd07
New mainframe privesc payload for z/OS
...
This module performs a privilege escaltion on mainframe systems
runing z/OS and using RACF for their security manager. A user
with any non-privileged credentials and the ability to write to
an apf authorized library can use this payload to add "root level"
privileges (e.g. SPECIAL / BPX.SUPERUSER) to their profile.
2017-04-11 15:04:44 -05:00
William Webb
c867b7e228
Land #8204 , Add Cambian ePMP SNMP Configuration download
2017-04-11 10:59:13 -05:00
mr_me
3c2dc68e9c
improved description, no point repeating the same thing\!
2017-04-11 09:55:11 -05:00
mr_me
c359e15de6
updated the print statement
2017-04-11 09:31:17 -05:00
mr_me
84ac9d905c
improved the description of the module
2017-04-11 09:24:43 -05:00
m0t
374d7809b5
last fixes and tests
2017-04-11 09:48:57 +01:00
William Vu
288e384164
Land #8189 , irssi password post gather module
2017-04-10 23:34:54 -05:00
Jonathan Claudius
96927b449c
Rework module to grab entire irssi configs
2017-04-11 00:02:40 -04:00
Jonathan Claudius
6a1531da34
Fix loot name attributes
2017-04-10 23:52:31 -04:00
Jonathan Claudius
d92f94e077
Fix grammar issue
2017-04-10 23:44:18 -04:00
Jonathan Claudius
d9e96a8b4f
Consolidate loot into single file
2017-04-10 23:42:50 -04:00
Jonathan Claudius
7f6bbb6ff2
Fix trailing space issue
2017-04-10 21:38:30 -04:00
Jonathan Claudius
9432a3543f
Extend irssi post mod to grab network passwords
2017-04-10 15:35:26 -04:00
mr_me
b1d127e689
satisfied travis
2017-04-10 14:11:18 -05:00
Jonathan Claudius
47d74819a5
Update regex per reviewer request
2017-04-10 14:45:10 -04:00
Jonathan Claudius
d816092c56
Fix missing new line
2017-04-10 14:41:25 -04:00
mr_me
0f07875a2d
added CVE-2016-7552/CVE-2016-7547 exploit
2017-04-10 13:32:58 -05:00
William Vu
06ca406d18
Fix weird whitespace
2017-04-09 22:23:58 -05:00
zerosum0x0
f7c8bd2464
add rescue for ::Rex::Proto::SMB::Exceptions::LoginError
2017-04-07 15:37:56 -06:00
juushya
3c189f0cb0
Adding Cambium SNMP Loot module
2017-04-07 01:32:45 +05:30
Christian Mehlmauer
74dc7e478f
update piwik module
2017-04-05 20:19:07 +02:00
m0t
9a0789f839
Exploit for pmmasterd Buffer Overflow (CVE-2017-6553)
2017-04-05 17:59:54 +01:00
bwatters-r7
dd5a91f153
Land #8008 , Added archmigrate module for windows sessions
2017-04-05 08:55:27 -05:00
Koen Riepe
08b2a97293
Changed styling to be more in line with rubocop.
2017-04-05 10:05:56 +02:00
Jonathan Claudius
b8af7c1db0
Add irssi password post gather module
2017-04-05 00:56:24 -04:00
bwatters-r7
64c06a512e
Land #8020 , ntfs-3g local privilege escalation
2017-04-04 09:48:15 -05:00
Brent Cook
891e7e465e
convert DNS fuzzer to bindata
2017-04-04 03:03:32 -05:00
Brent Cook
46c7e822c8
convert IPMI protocol and modules to bindata
2017-04-04 02:44:17 -05:00
Christian Mehlmauer
30c4a665f4
update iis exploit
2017-04-03 20:06:16 +02:00
Brent Cook
98ffa4d380
Land #7652 , add varnish cache CLI authentication scanner module
2017-04-02 21:52:45 -05:00
Brent Cook
4c0539d129
Land #8178 , Add support for non-Ruby modules
2017-04-02 21:02:37 -05:00
h00die
a34c01ebd2
Land #8137 shodan honeyscore module
2017-04-02 21:37:36 -04:00
h00die
0092818893
Land #8169 add exploit rank where missing
2017-04-02 20:59:25 -04:00
Bryan Chu
151ed16c02
Re-ranking files
...
../exec_shellcode.rb
Rank Great -> Excellent
../cfme_manageiq_evm_upload_exec.rb
Rank Great -> Excellent
../hp_smhstart.rb
Rank Average -> Normal
2017-04-02 18:33:46 -04:00
zerosum0x0
26fc6bc920
added report_vuln()
2017-04-01 21:48:19 -06:00
h00die
e80b8cb373
move sploit.c out to data folder
2017-03-31 20:51:33 -04:00
William Webb
035f37cf42
Land #8144 , Add Moxa Device Discovery Scanner Module
2017-03-31 19:11:27 -05:00
William Webb
f870f94fa9
Land #8163 , Add Cambium ePMP Arbitrary Command Execution
2017-03-31 19:06:19 -05:00
Adam Cammack
6910cb04dd
Add first exploit written in Python
2017-03-31 17:07:55 -05:00
h00die
823c1a6286
added more verifieds
2017-03-31 16:52:20 -04:00
h00die
23ac9214ea
land #8010 post gather module for tomcat creds
2017-03-31 16:15:55 -04:00
h00die
34a152dc76
handle no sysinfo from ssh_login
2017-03-31 16:15:16 -04:00
Pearce Barry
ab4d86fd21
Land #8168 , change description of alpha encoders
2017-03-31 11:37:12 -05:00
dmohanty-r7
1ce7bf3938
Land #8126 , Add SolarWind LEM Default SSH Pass/RCE
2017-03-31 11:21:32 -05:00
dmohanty-r7
c445a1a85a
Wrap ssh.loop with begin/rescue
2017-03-31 11:16:10 -05:00
Koen Riepe
22b2215d2e
Fixed a typo causing bot to fail.
2017-03-31 16:40:21 +02:00
Koen Riepe
3a674b731c
Added error handling, added documentation and fixed some style issues.
2017-03-31 16:35:25 +02:00
Koen Riepe
628827cda9
Added some documentation and gracefull error handeling.
2017-03-31 12:45:30 +02:00
Koen Riepe
df2a9a4af3
Added documentation file and implemented fixes for output and linux parsing.
2017-03-31 11:19:12 +02:00
Bryan Chu
5e31a32771
Add missing ranks
...
../exec_shellcode.rb
Rank = Great
This exploit is missing autodetection and version checks,
but should be ranked Great due to high number of possible targets
../cfme_manageiq_evm_upload_exec.rb
Rank = Great
This exploit implements a check to assess target availability,
and the vulnerability does not require any user action
../dlink_dcs_930l_authenticated_remote_command_execution
Rank = Excellent
Exploit utilizes command injection
../efw_chpasswd_exec
Rank = Excellent
Exploit utilizes command injection
../foreman_openstack_satellite_code_exec
Rank = Excellent
Exploit utilizes code injection
../nginx_chunked_size
Rank = Great
Exploit has explicit targets with nginx version auto-detection
../tp_link_sc2020n_authenticated_telnet_injection
Rank = Excellent
See dlink_dcs_930l_authenticated_remote_command_execution,
exploit uses OS Command Injection
../hp_smhstart
Rank = Average
Must be specific user to exploit, no autodetection,
specific versions only
2017-03-31 02:39:44 -04:00
Christian Mehlmauer
0a398a59c5
change description
2017-03-30 20:06:23 +02:00
bwatters-r7
6bcb9b523b
Land #8165 , Fix x86 mettle shellcode
2017-03-30 11:45:11 -05:00
zerosum0x0
4bd50b0ad2
Merge branch 'ms17-010' of github.com:RiskSense-Ops/metasploit-framework into ms17-010
2017-03-30 10:10:08 -06:00
zerosum0x0
a125566fc7
removed unnecessary arguments
2017-03-30 10:09:31 -06:00
Pearce Barry
a13d6a7810
Land #8166 , Add new SMB LoginScanner using RubySMB for SMB1/SMB2 Support
2017-03-30 11:08:17 -05:00
Pearce Barry
ac83ff7e48
Land #8155 , Style fixes for HWBridge RF and a couple small bug fixes
2017-03-29 20:37:13 -05:00
zerosum0x0
ef7de6d49e
added MSB to description, moved a print statement
2017-03-29 17:43:49 -06:00
Carter
4bdbdc0e00
Fix response parsing
2017-03-29 18:21:12 -05:00
zerosum0x0
68f5c0e663
removed a print statement
2017-03-29 16:24:59 -06:00
zerosum0x0
7e6b8b02b8
replaced magic constant with setup_count
2017-03-29 15:37:28 -06:00
zerosum0x0
9923c39799
removed superfluous status
2017-03-29 15:32:29 -06:00
zerosum0x0
f0a1e12a7e
small typos
2017-03-29 15:30:35 -06:00
bwatters-r7
691811af5a
Land #7994 , Add Windows Gather DynaZIP Saved Password Extraction post module
2017-03-29 16:04:09 -05:00
zerosum0x0
ffa376c514
added MS17-010 auxiliary detection module
2017-03-29 14:33:02 -06:00
David Maloney
a571bcdba4
update module description
2017-03-29 13:58:36 -05:00
David Maloney
418e371e35
add SMB2 login scanner and module
...
add smb2_login module backed by an smb2
LoginScanner class. This is a temporary alternative
to smb_login until ruby_smb catches up more on feature parity
MS-2557
2017-03-29 11:36:33 -05:00
Adam Cammack
2758010355
Fix x86 mettle shellcode
2017-03-28 17:59:13 -05:00
dmchell
8b3fe0ac06
Merge branch 'dmchell-cve-2017-7269' into iis_6_sc-dev
2017-03-28 19:33:37 +01:00
dmchell
697d3978af
Update iis_webdav_scstoragepathfromurl.rb
2017-03-28 19:14:32 +01:00
Carter
d7bed334b0
Add Metasploit header
2017-03-28 12:07:57 -05:00
Carter
ebbed949c2
Get rid of double header
2017-03-28 12:05:44 -05:00
Carter
d1c269e5e8
Update iis_webdav_scstoragepathfromurl.rb
2017-03-28 11:54:52 -05:00
Carter
4972b510d1
Use HttpClient instead of Tcp
2017-03-28 11:37:40 -05:00
Carter
c203fa71d1
Create iis_webdav_scstoragepathfromurl.rb
2017-03-28 11:34:11 -05:00
dmchell
ffdd5fb471
Update iis_webdav_scstoragepathfromurl.rb
...
converted to Msf::Exploit::Remote::HttpClient
2017-03-28 17:16:35 +01:00
dmchell
ed90971489
Update iis_webdav_scstoragepathfromurl.rb
2017-03-28 16:16:51 +01:00
dmchell
1552cc4cac
Update iis_webdav_scstoragepathfromurl.rb
2017-03-28 16:11:44 +01:00
dmchell
b301a8d0c0
Update iis_webdav_scstoragepathfromurl.rb
2017-03-28 16:07:12 +01:00
dmchell
20a9b88eb6
Update and rename iis_webdav_ScStoragePathFromUrl.rb to iis_webdav_scstoragepathfromurl.rb
2017-03-28 15:53:18 +01:00
dmchell
f7cecaf31e
Update and rename cve-2017-7269.rb to iis_webdav_ScStoragePathFromUrl.rb
2017-03-28 15:47:20 +01:00
dmchell
9e8ec532a2
Create cve-2017-7269.rb
...
Exploit for cve-2017-7269.rb
2017-03-28 15:33:20 +01:00
juushya
30896d1fab
Add Cambium ePMP Arbitrary Command Execution Module
2017-03-28 00:17:36 +05:30
William Webb
66a585ab41
Land #8050 , Add Cambium ePMP System Hash Dumper
2017-03-27 12:08:53 -05:00
William Webb
935c59306b
Land #7897 , Add Cambium ePMP 1000 Device Configuration file dumper
2017-03-27 12:05:11 -05:00
William Webb
d705949b37
Land #7784 , Cambium ePMP 1000 Login Scanner
2017-03-27 12:01:56 -05:00
Pearce Barry
31c03840bb
Style fixes for HWBridge RF and a couple small bug fixes
...
I should have tweaked these earlier, my bad.
2017-03-26 13:45:19 -05:00
juushya
dd7cf39678
updated references
2017-03-25 12:31:08 +05:30
juushya
63d88c159a
updated references
2017-03-25 12:27:38 +05:30
juushya
fd5e25bcc2
restored version check
2017-03-25 12:08:00 +05:30
Javier Godinez
68e4b8a855
Updated user data param to load aggregator
2017-03-24 22:58:04 -07:00
Carter
82ebbfb9a7
Fix msftidy warnings
2017-03-24 23:12:48 -04:00
Carter
3e2173d4f9
Add key length check and remove mixin
...
Also add a reference to the original honeyscore website
2017-03-24 22:33:09 -04:00
Carter
581d523d5b
Fix things from review
2017-03-24 21:22:23 -04:00
Pearce Barry
9db2e9fbcd
Land #8146 , Add Default Secret & Deserialization Exploit for Github Enterprise
2017-03-24 14:38:47 -05:00
dmohanty-r7
92c0748447
Land #8102 , Add a plugin to notify new sessions via SMS
2017-03-24 11:17:59 -05:00
William Webb
e04f01ed6b
Land #7778 , RCE on Netgear WNR2000v5
2017-03-23 15:34:16 -05:00
wchen-r7
3b062eb8d4
Update version info
2017-03-23 13:46:09 -05:00
wchen-r7
fdb52a6823
Avoid checking res.code to determine RCE success
...
Because it's not accurate
2017-03-23 13:39:45 -05:00
wchen-r7
39682d6385
Fix grammar
2017-03-23 13:23:30 -05:00
wchen-r7
ee21377d23
Credit Brent & Adam
2017-03-23 11:22:49 -05:00
wchen-r7
196a0b6ac4
Add Default Secret & Deserialization Exploit for Github Enterprise
2017-03-23 10:40:31 -05:00
Mehmet Ince
d37966f1bb
Remove old file
2017-03-23 12:53:08 +03:00
Mehmet Ince
8a43a05c25
Change name of the module
2017-03-23 12:49:31 +03:00
Carter
8dd0f953b0
remove unnecessary require
2017-03-22 19:48:24 -04:00
Carter
420df11c44
Change up the way shodan is reached
2017-03-22 19:39:45 -04:00