Commit Graph

22239 Commits (e1ca78e6c62b1366954aa4d31fdea17066fd7406)

Author SHA1 Message Date
William Vu 9a64ecc9b0 Create a pure-Exim, one-shot HTTP client 2017-05-10 15:17:20 -05:00
William Vu 0ce475dea3 Add WordPress 4.6 PHPMailer exploit 2017-05-10 15:17:20 -05:00
James Lee d00685a802
Don't run a DoS during wmap scans 2017-05-10 14:41:24 -05:00
Brendan Coles 42c7d64b28 Update style 2017-05-10 06:37:09 +00:00
Brent Cook faf01ed5ef
Land #8353, add aux scanner for Intel AMT digest bypass 2017-05-09 18:45:21 -05:00
James Lee 72388a957f
Land #8355, IIS ScStoragePathFromUrl
See #8162
2017-05-09 11:06:01 -05:00
Christian Mehlmauer 2b4ace9960
convert to "screaming snake" 2017-05-09 09:30:45 +02:00
Brent Cook cf487cc90c reverse_ncat_ssl is stable 2017-05-08 17:43:34 -05:00
Brendan Coles 32dafb06af Replace NoTarget with NotVulnerable 2017-05-08 22:29:44 +00:00
Christian Mehlmauer f70b402dd9
add comment 2017-05-09 00:17:00 +02:00
Brent Cook 86365c89d1
Land #8352, style updates for lotus_domino_hashes 2017-05-08 17:11:44 -05:00
Christian Mehlmauer 806963359f
fix fail with condition 2017-05-08 23:47:48 +02:00
Christian Mehlmauer f62ac6327d
add @rwhitcroft 2017-05-08 23:20:12 +02:00
Christian Mehlmauer 26373798fa
change rank 2017-05-08 23:07:12 +02:00
Christian Mehlmauer 962a31f879
change minimum length 2017-05-08 23:01:17 +02:00
Christian Mehlmauer 7dccb17834
auto extract values and implement brute forcing 2017-05-08 22:47:29 +02:00
Brent Cook 841f63ad20 make office_word_hta backward compat with older Rubies 2017-05-08 15:10:48 -05:00
Christian Mehlmauer 406a7f1ae2
Merge remote-tracking branch 'dmchell/dmchell-cve-2017-7269' into iis2 2017-05-08 21:51:51 +02:00
Brent Cook fede672a81 further revise templates 2017-05-08 14:26:24 -05:00
HD Moore f7ff840ef0 Add missing return, thanks bperry! 2017-05-08 14:08:59 -05:00
HD Moore 9392e48b72 Add a scanner for Intel AMT auth bypass (CVE-2017-5689) 2017-05-08 13:24:00 -05:00
Jeffrey Martin a1efa30fa2
comments adjustments & enum better 2017-05-08 11:57:06 -05:00
William Vu b794bfe5db
Land #8335, rank fixes for the msftidy god 2017-05-07 21:20:33 -05:00
Bryan Chu 88bef00f61 Add more ranks, remove module warnings
../vmware_mount.rb
Rank = Excellent
Exploit uses check code for target availability,
the vulnerability does not require user action,
and the exploit uses privilege escalation to run
arbitrary executables

../movabletype_upgrade_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../uptime_file_upload_2.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../zpanel_information_disclosure_rce.rb
Rank = ExcellentRanking
Exploit allows remote code execution,
implements version check for pChart

../spip_connect_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../wp_optimizepress_upload.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../wing_ftp_admin_exec.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../novell_mdm_lfi.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../run_as.rb
Rank = ExcellentRanking
Exploit utilizes command injection,
checks system type, and does not require user action
2017-05-07 15:41:26 -04:00
Pearce Barry af3f1fbc37
Land #8332, Canprobe Module 2017-05-07 12:20:27 -05:00
Pearce Barry c05e7b3b58
Minor corrections and a tweak to appease msftidy. 2017-05-07 11:55:20 -05:00
Pearce Barry e3d3fa8e45
Tweak internal description formatting. 2017-05-07 11:31:36 -05:00
Pearce Barry b965bdcdae
Appease msftidy and Travis. 2017-05-07 11:19:32 -05:00
m0t ab245b5042 added note to description 2017-05-07 13:56:50 +01:00
m0t 4f12a1e271 added note to description 2017-05-07 13:54:28 +01:00
Brendan Coles 635a7a42e6 Update style lotus_domino_hashes 2017-05-07 16:37:48 +10:00
Jeffrey Martin 05bf16e91e
Land #8331, Adding module CryptoLog Remote Code Execution 2017-05-05 18:24:14 -05:00
Jeffrey Martin e2fe70d531
convert store_valid_credential to named params 2017-05-05 18:23:15 -05:00
Mehmet Ince 720a02f5e2
Addressing Spaces at EOL issue reported by Travis 2017-05-05 11:05:17 +03:00
Brendan Coles 0eacf64324 Add Serviio Media Server checkStreamUrl Command Execution 2017-05-05 07:54:00 +00:00
Mehmet Ince 58d2e818b1
Merging multiple sqli area as a func 2017-05-05 10:49:05 +03:00
Jeffrey Martin 63b6ab5355
simplify valid credential storage 2017-05-04 22:51:40 -05:00
darkbushido 81bcf2ca70 updating all LHOST to use the new opt type 2017-05-04 12:57:50 -05:00
Brent Cook 97095ab311
Land #8338, Fix msf/core and self.class msftidy warnings 2017-05-03 21:55:52 -05:00
Brent Cook 2d93c8e2d6 merge, don't overwrite 2017-05-03 18:17:58 -05:00
Brent Cook 0798923901 set the correct schema for linux meterpreter reverse_tcp stages 2017-05-03 16:12:45 -05:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings
Also fixed rex requires.
2017-05-03 15:44:51 -05:00
Mehmet Ince d04e7cba10
Rename the module as well as title 2017-05-03 19:18:46 +03:00
Mehmet Ince ae8035a30f
Fixing typo and using shorter sqli payload 2017-05-03 16:45:17 +03:00
Joe Testa cf74cb81a7 Removed unnecessary 'msf/core' include. 2017-05-03 09:02:05 -04:00
Craig Smith 9877aa9ef9 Added documentation and cleand up how STOPID worked 2017-05-02 18:57:32 -07:00
Mehmet Ince db2a2ed289
Removing space at eof and self.class from register_options 2017-05-03 01:31:13 +03:00
Mehmet Ince 77acbb8200
Adding cryptolog rce 2017-05-03 01:05:40 +03:00
Craig Smith 3519adbaef A basic CAN fuzzer. It probes the data regions of different CAN IDs.
The default is to use a set value but can iterate the full range.  It can
also add padding if necessary.  Not checks on returns or results of fuzzing.
2017-05-02 14:19:29 -07:00
Adam Cammack 494711ee65
Land #8307, Add lib for writing Python modules 2017-05-02 15:53:13 -05:00
Yorick Koster 6870a48c48 Code suggestion from @jvoisin 2017-05-02 16:41:06 +02:00
Joe Testa 012081eed2 Added support for ANY queries. Silently ignore unsupported queries instead of spamming stdout. 2017-05-01 17:28:56 -04:00
William Vu 03e4ee91c2
Correct Ghostscript 9.2.1 to 9.21 as per advisory 2017-05-01 16:23:14 -05:00
William Vu 41ef1a4e90
Land #8325, cmd/unix/reverse_ncat_ssl payload 2017-05-01 14:54:52 -05:00
C_Sto 772a16f4cd fix style 2017-05-02 00:55:57 +08:00
C_Sto 9e06c3f07e fix argument arrangement 2017-05-02 00:39:00 +08:00
C_Sto 5a2afbc364 Tidy payload 2017-05-01 21:38:34 +08:00
Yorick Koster 006ed42248 Added fix information
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/0002
09.html
2017-05-01 09:01:14 +02:00
C_Sto cfa204b8e8 add reverse ncat ssl 2017-05-01 06:57:28 +08:00
reanar 0b62a6478a Modification for Travis (remove require msf/core, and self.class in register) 2017-04-30 17:05:11 +02:00
reanar 3f348150c6 Modification of description 2017-04-30 16:38:39 +02:00
reanar 52ec448511 Add WordPress Directory Traversal DoS Module 2017-04-30 15:03:48 +02:00
Yorick Koster 673dbdc4b9 Code review feedback from h00die 2017-04-29 20:37:39 +02:00
Yorick Koster fcf14212b4 Fixed disclosure date 2017-04-29 16:25:25 +02:00
Yorick Koster f9e7715adb Fixed formatting 2017-04-29 16:07:45 +02:00
Yorick Koster 1569d2cf8e MediaWiki SyntaxHighlight extension exploit module
This module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create & execute a PHP file in the document root. The USERNAME & PASSWORD options are only needed if the Wiki is configured as private.
2017-04-29 14:29:56 +02:00
Brandon Knight c4b3ba0d14 Actually removing msf/core this time... ><
Helps to actually remove the bits that were failing. Now with even more
removal of msf/core!
2017-04-28 21:42:06 -04:00
Brandon Knight ff263812fc Fix msftidy warnings
Remove explicitly loading msf/core and self.class from the register_
functions.
2017-04-28 21:26:53 -04:00
HD Moore afc804fa03 Quick Ghostscript module based on the public PoC 2017-04-28 09:56:52 -05:00
Brandon Knight f8fb03682a Fix issue in ps_wmi_exec and powershell staging
The staging function in the post/windows/powershell class was broken
in a previous commit as the definition for env_variable was removed and
env_prefix alone is now used. This caused an error to be thrown when
attempting to stage the payload. This changes the reference from
env_variable to env_prefix.

Additionally, the ps_wmi_exec module created a powershell script to be
run that was intended to be used with the EncodedCommand command line
option; however the script itself was never actually encoded. This
change passes the compressed script to the encode_script function to
resolve that issue.
2017-04-28 03:31:56 -04:00
itsmeroy2012 cd73bd137a Making use of while loop and solving StagerRetryWait issue 2017-04-27 11:50:13 +05:30
William Vu 1a402ed1d8 Add arch to smb_ms17_010 DOUBLEPULSAR detection 2017-04-26 20:59:13 -05:00
Brent Cook 037fdf854e move common json-rpc bits to a library 2017-04-26 18:08:08 -05:00
Brent Cook 480a0b4273 update payload sizes 2017-04-26 18:02:14 -05:00
Brent Cook a60e5789ed update mettle->meterpreter references in modules 2017-04-26 17:55:10 -05:00
Brent Cook 078ba66e5f remove unneeded msf/core requires 2017-04-26 17:17:20 -05:00
Brent Cook 353191992f move mettle payloads to meterpreter, add reverse_http/s stageless 2017-04-26 17:06:34 -05:00
Brent Cook f8792956ee fix one module for testing 2017-04-26 16:21:13 -05:00
Daniel Teixeira a3a4ba7605 Buffer Overflow on Dup Scout Enterprise v9.5.14 2017-04-26 15:19:00 +01:00
Spencer McIntyre da6c03d13f Fix function names to always be snake_case 2017-04-26 09:30:29 -04:00
William Vu bbee7f86b5
Land #8263, Mercurial SSH exec module 2017-04-26 01:38:01 -05:00
William Vu f60807113b Clean up module 2017-04-26 01:37:49 -05:00
Spencer McIntyre a3bcd20b26 Minor cleanups for multi-platform railgun 2017-04-25 17:45:07 -04:00
William Vu 5476f6066c
Land #8271, DOUBLEPULSAR detection for MS17-010 2017-04-25 16:31:39 -05:00
Craig Smith 4019a14865 The local HWBridge now does not print out status for each URI request per default. This can be enabled by setting verbose to true.
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
Craig Smith 5537348e28 Addes Statistics support from the API. When typing status in a hardware bridge it will also print packet statistics.
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
wchen-r7 320898697a
Land #8266, Add Buffer Overflow Exploit on Disk Sorter Enterprise 2017-04-24 17:17:30 -05:00
wchen-r7 1d86905fca
Land #8288, Minor changes to WiPG-1000 module 2017-04-24 17:09:25 -05:00
wchen-r7 e333cb65e5 Restore require 'msf/core' 2017-04-24 17:09:02 -05:00
wchen-r7 c573628e10 Fix header 2017-04-24 17:01:35 -05:00
wchen-r7 e775f9ccbd
Land #8259, Add post module to upload and execute a file 2017-04-24 17:00:55 -05:00
Matthias Brun d3aba846b9 Make minor changes 2017-04-24 23:35:36 +02:00
wchen-r7 5bbb4d755a
Land #8254, Add CVE-2017-0199 - Office Word HTA Module 2017-04-24 16:05:00 -05:00
wchen-r7 6029a9ee2b Use a built-in HTA server and update doc 2017-04-24 16:04:27 -05:00
zerosum0x0 55f01d3fc7 made the plugin less spammy with more vprintf 2017-04-24 13:33:05 -06:00
zerosum0x0 453ca6e3bf added OS printing on vulnerable systems 2017-04-24 13:20:44 -06:00
Daniel Teixeira 47898717c9 Minor documentation improvements
Space after ,
2017-04-24 14:47:25 +01:00
itsmeroy2012 bd2379784e Improved error handling for the python reverse_tcp payload
Handling all kinds of errors

Removing 'e'

Updating payload cached sizes

Updating payload cached sizes 2.0

Adding option to set retry time
2017-04-23 20:43:57 +05:30
zerosum0x0 a69aba0eab added XOR Key calculation 2017-04-22 23:54:30 -06:00
h00die 8e4c093a22 added version numbers 2017-04-22 09:45:55 -04:00
Spencer McIntyre ffe6d35b4d Add a module to dump network passwords from gnome 2017-04-21 16:17:18 -04:00
zerosum0x0 8a77bf7b60 removed wrong comments 2017-04-21 08:27:13 -06:00
Matthias Brun 714ada2b66 Inline execute_cmd function 2017-04-21 15:32:15 +02:00
zerosum0x0 9fab64c60e added references 2017-04-20 15:22:37 -06:00
zerosum0x0 dd12afd717
added DoublePulsar detection 2017-04-20 15:03:29 -06:00
Matthias Brun 8218f024e0 Add WiPG-1000 Command Injection module 2017-04-20 16:32:23 +02:00
Koen Riepe 55ab800f13
Minor code fixes. 2017-04-19 14:41:11 +02:00
DanielRTeixeira f1c51447c1 Add files via upload
Buffer Overflow on Disk Sorter Enterprise
2017-04-19 10:57:41 +01:00
Jonathan Claudius f5430e5c47
Revert Msf::Exploit::Remote::Tcp 2017-04-18 19:27:35 -04:00
Jonathan Claudius 9a870a623d
Make use of Msf::Exploit::Remote::Tcp 2017-04-18 19:17:48 -04:00
Jonathan Claudius 03e3065706
Fix MSF tidy issues 2017-04-18 18:56:42 -04:00
Jonathan Claudius 32f0b57091
Fix new line issues 2017-04-18 18:52:53 -04:00
James Lee bdeeb8ee1d
Add a check 2017-04-18 16:32:06 -05:00
William Vu 3b38d0d900
Land #8262, PR ref for huawei_hg532n_cmdinject 2017-04-18 16:29:13 -05:00
Jonathan Claudius bfca4da9b0
Add mercurial ssh exec 2017-04-18 16:33:23 -04:00
Tod Beardsley 1fcc1f7417
Trailing comma. Why isn't this Lua? 2017-04-18 14:27:44 -05:00
wchen-r7 0428e12b10
Land #8216, Add CVE-2016-7552/CVE-2016-7547 exploit 2017-04-18 14:26:55 -05:00
Tod Beardsley 4ec71f9272
Add a reference to the original PR
This was the source of first public disclosure, so may as well include
it.
2017-04-18 14:20:25 -05:00
James Lee 84dd5cd01a
Add a simple upload exec module 2017-04-17 19:34:21 -05:00
Nate Caroe 92e7183a74 Small typo fix
Running msfconsole would generate an Ubuntu crash report (?). This seems to be the culprit.
2017-04-17 11:14:51 -06:00
William Vu 942959f7e8
Land #8255, fixes for smb_ms17_010 2017-04-17 11:38:34 -05:00
Brent Cook 7b936b0012
Land #8184, convert IPMI protocol and modules to bindata 2017-04-17 07:40:15 -05:00
Brent Cook 6f70efcfa1 add module documentation 2017-04-17 07:39:43 -05:00
William Vu b1c7f1302b Fix report_vuln and prefer vprint_error 2017-04-17 02:48:56 -05:00
Ahmed S. Darwish e21504b22d huawei_hg532n_cmdinject: Use send_request_cgi() 'vars_get' key
Instead of rolling our own GET parameters implementation.

Thanks @wvu-r7!
2017-04-17 09:11:50 +02:00
nixawk 3d082814cb Fix default options 2017-04-17 01:09:48 -05:00
Ahmed S. Darwish 7daec53106 huawei_hg532n_cmdinject: Improve overall documentation
- Add section on compiling custom binaries for the device
- Add documentation for Huawei's wget flavor (thanks @h00die)
- Abridge the module's info hash contents (thanks @wwebb-r7)
- Abridge the module's comments; reference documentation (@h00die)
2017-04-17 08:00:51 +02:00
Ahmed S. Darwish 8a302463ab huawei_hg532n_cmdinject: Use minimum permissions for staged binary
Use u+rwx permissions only, instead of full 777, while staging the
wget binary to target. As suggested by @wvu-r7 and @busterb.
2017-04-17 03:27:57 +02:00
Ahmed S. Darwish 7ca7528cba huawei_hg532n_cmdinject: Spelling fixes suggested by @wvu-r7 2017-04-17 03:23:20 +02:00
Ahmed S. Darwish 7b8e5e5016 Add Huawei HG532n command injection exploit 2017-04-15 21:01:47 +02:00
Brent Cook 7950087804 Merge branch 'upstream-master' into land-8237- 2017-04-14 21:53:26 -05:00
nixawk fb001180c4 Fix generate_uri 2017-04-14 21:52:31 -05:00
nixawk 590816156f rename exp module 2017-04-14 21:32:48 -05:00
nixawk 1952529a87 Format Code 2017-04-14 21:30:26 -05:00
Brent Cook a9857eb1c2
Land #8099, Aux module to launch instances in AWS 2017-04-14 14:12:10 -05:00
Brent Cook 42122d2835
Land #8238, move SMB2 support back into smb_login, add simpler permissions checks 2017-04-14 14:06:46 -05:00
nixawk 8ab0b448fd CVE-2017-0199 exploit module 2017-04-14 13:22:59 -05:00
Brent Cook eb61241673
Land #8228, New mainframe privesc payload for z/OS 2017-04-14 13:19:41 -05:00
dmohanty-r7 d75f852d01
Land #8167, Add MS17-010 auxiliary detection module 2017-04-14 13:00:16 -05:00
David Maloney 91fb3ce6b8
collapse SMB2 support into smb_login
converge the SMB and SMB loginscanners so that
there is only one SMB loginscanner that supports both

MS-2636
2017-04-13 15:22:03 -05:00
David Maloney adeb4d10d7
smb2 login scanner admin check now working
we can now check for admin privs in the smb2
login scanner

MS-2636
2017-04-13 14:40:32 -05:00
William Webb 48560d29f3
remove keyscan_extract and modify calling modules 2017-04-13 10:42:28 -05:00
m0t 5e42dde6b6 msftidy clean up 2017-04-12 16:25:21 +01:00
Koen Riepe 9f289bdf52
Fixed error messages and some syntax. 2017-04-12 13:48:11 +02:00
William Webb c21d78b23b
Land #8186, Convert DNS Fuzzer to use bindata 2017-04-11 23:27:08 -05:00
bigendiansmalls fa8011fd07 New mainframe privesc payload for z/OS
This module performs a privilege escaltion on mainframe systems
runing z/OS and using RACF for their security manager.  A user
with any non-privileged credentials and the ability to write to
an apf authorized library can use this payload to add "root level"
privileges (e.g. SPECIAL / BPX.SUPERUSER) to their profile.
2017-04-11 15:04:44 -05:00
William Webb c867b7e228
Land #8204, Add Cambian ePMP SNMP Configuration download 2017-04-11 10:59:13 -05:00
mr_me 3c2dc68e9c improved description, no point repeating the same thing\! 2017-04-11 09:55:11 -05:00
mr_me c359e15de6 updated the print statement 2017-04-11 09:31:17 -05:00
mr_me 84ac9d905c improved the description of the module 2017-04-11 09:24:43 -05:00
m0t 374d7809b5 last fixes and tests 2017-04-11 09:48:57 +01:00
William Vu 288e384164
Land #8189, irssi password post gather module 2017-04-10 23:34:54 -05:00
Jonathan Claudius 96927b449c
Rework module to grab entire irssi configs 2017-04-11 00:02:40 -04:00
Jonathan Claudius 6a1531da34
Fix loot name attributes 2017-04-10 23:52:31 -04:00
Jonathan Claudius d92f94e077
Fix grammar issue 2017-04-10 23:44:18 -04:00
Jonathan Claudius d9e96a8b4f
Consolidate loot into single file 2017-04-10 23:42:50 -04:00
Jonathan Claudius 7f6bbb6ff2
Fix trailing space issue 2017-04-10 21:38:30 -04:00
Jonathan Claudius 9432a3543f
Extend irssi post mod to grab network passwords 2017-04-10 15:35:26 -04:00
mr_me b1d127e689 satisfied travis 2017-04-10 14:11:18 -05:00
Jonathan Claudius 47d74819a5
Update regex per reviewer request 2017-04-10 14:45:10 -04:00
Jonathan Claudius d816092c56
Fix missing new line 2017-04-10 14:41:25 -04:00
mr_me 0f07875a2d added CVE-2016-7552/CVE-2016-7547 exploit 2017-04-10 13:32:58 -05:00
William Vu 06ca406d18 Fix weird whitespace 2017-04-09 22:23:58 -05:00
zerosum0x0 f7c8bd2464 add rescue for ::Rex::Proto::SMB::Exceptions::LoginError 2017-04-07 15:37:56 -06:00
juushya 3c189f0cb0 Adding Cambium SNMP Loot module 2017-04-07 01:32:45 +05:30
Christian Mehlmauer 74dc7e478f
update piwik module 2017-04-05 20:19:07 +02:00
m0t 9a0789f839 Exploit for pmmasterd Buffer Overflow (CVE-2017-6553) 2017-04-05 17:59:54 +01:00
bwatters-r7 dd5a91f153
Land #8008, Added archmigrate module for windows sessions 2017-04-05 08:55:27 -05:00
Koen Riepe 08b2a97293
Changed styling to be more in line with rubocop. 2017-04-05 10:05:56 +02:00
Jonathan Claudius b8af7c1db0
Add irssi password post gather module 2017-04-05 00:56:24 -04:00
bwatters-r7 64c06a512e
Land #8020, ntfs-3g local privilege escalation 2017-04-04 09:48:15 -05:00
Brent Cook 891e7e465e convert DNS fuzzer to bindata 2017-04-04 03:03:32 -05:00
Brent Cook 46c7e822c8 convert IPMI protocol and modules to bindata 2017-04-04 02:44:17 -05:00
Christian Mehlmauer 30c4a665f4
update iis exploit 2017-04-03 20:06:16 +02:00
Brent Cook 98ffa4d380
Land #7652, add varnish cache CLI authentication scanner module 2017-04-02 21:52:45 -05:00
Brent Cook 4c0539d129
Land #8178, Add support for non-Ruby modules 2017-04-02 21:02:37 -05:00
h00die a34c01ebd2
Land #8137 shodan honeyscore module 2017-04-02 21:37:36 -04:00
h00die 0092818893
Land #8169 add exploit rank where missing 2017-04-02 20:59:25 -04:00
Bryan Chu 151ed16c02 Re-ranking files
../exec_shellcode.rb
Rank Great -> Excellent

../cfme_manageiq_evm_upload_exec.rb
Rank Great -> Excellent

../hp_smhstart.rb
Rank Average -> Normal
2017-04-02 18:33:46 -04:00
zerosum0x0 26fc6bc920 added report_vuln() 2017-04-01 21:48:19 -06:00
h00die e80b8cb373 move sploit.c out to data folder 2017-03-31 20:51:33 -04:00
William Webb 035f37cf42
Land #8144, Add Moxa Device Discovery Scanner Module 2017-03-31 19:11:27 -05:00
William Webb f870f94fa9
Land #8163, Add Cambium ePMP Arbitrary Command Execution 2017-03-31 19:06:19 -05:00
Adam Cammack 6910cb04dd
Add first exploit written in Python 2017-03-31 17:07:55 -05:00
h00die 823c1a6286 added more verifieds 2017-03-31 16:52:20 -04:00
h00die 23ac9214ea
land #8010 post gather module for tomcat creds 2017-03-31 16:15:55 -04:00
h00die 34a152dc76 handle no sysinfo from ssh_login 2017-03-31 16:15:16 -04:00
Pearce Barry ab4d86fd21
Land #8168, change description of alpha encoders 2017-03-31 11:37:12 -05:00
dmohanty-r7 1ce7bf3938
Land #8126, Add SolarWind LEM Default SSH Pass/RCE 2017-03-31 11:21:32 -05:00
dmohanty-r7 c445a1a85a
Wrap ssh.loop with begin/rescue 2017-03-31 11:16:10 -05:00
Koen Riepe 22b2215d2e
Fixed a typo causing bot to fail. 2017-03-31 16:40:21 +02:00
Koen Riepe 3a674b731c
Added error handling, added documentation and fixed some style issues. 2017-03-31 16:35:25 +02:00
Koen Riepe 628827cda9
Added some documentation and gracefull error handeling. 2017-03-31 12:45:30 +02:00
Koen Riepe df2a9a4af3
Added documentation file and implemented fixes for output and linux parsing. 2017-03-31 11:19:12 +02:00
Bryan Chu 5e31a32771 Add missing ranks
../exec_shellcode.rb
Rank = Great
This exploit is missing autodetection and version checks,
but should be ranked Great due to high number of possible targets

../cfme_manageiq_evm_upload_exec.rb
Rank = Great
This exploit implements a check to assess target availability,
and the vulnerability does not require any user action

../dlink_dcs_930l_authenticated_remote_command_execution
Rank = Excellent
Exploit utilizes command injection

../efw_chpasswd_exec
Rank = Excellent
Exploit utilizes command injection

../foreman_openstack_satellite_code_exec
Rank = Excellent
Exploit utilizes code injection

../nginx_chunked_size
Rank = Great
Exploit has explicit targets with nginx version auto-detection

../tp_link_sc2020n_authenticated_telnet_injection
Rank = Excellent
See dlink_dcs_930l_authenticated_remote_command_execution,
exploit uses OS Command Injection

../hp_smhstart
Rank = Average
Must be specific user to exploit, no autodetection,
specific versions only
2017-03-31 02:39:44 -04:00
Christian Mehlmauer 0a398a59c5
change description 2017-03-30 20:06:23 +02:00
bwatters-r7 6bcb9b523b
Land #8165, Fix x86 mettle shellcode 2017-03-30 11:45:11 -05:00
zerosum0x0 4bd50b0ad2 Merge branch 'ms17-010' of github.com:RiskSense-Ops/metasploit-framework into ms17-010 2017-03-30 10:10:08 -06:00
zerosum0x0 a125566fc7
removed unnecessary arguments 2017-03-30 10:09:31 -06:00
Pearce Barry a13d6a7810
Land #8166, Add new SMB LoginScanner using RubySMB for SMB1/SMB2 Support 2017-03-30 11:08:17 -05:00
Pearce Barry ac83ff7e48
Land #8155, Style fixes for HWBridge RF and a couple small bug fixes 2017-03-29 20:37:13 -05:00
zerosum0x0 ef7de6d49e added MSB to description, moved a print statement 2017-03-29 17:43:49 -06:00
Carter 4bdbdc0e00 Fix response parsing 2017-03-29 18:21:12 -05:00
zerosum0x0 68f5c0e663
removed a print statement 2017-03-29 16:24:59 -06:00
zerosum0x0 7e6b8b02b8
replaced magic constant with setup_count 2017-03-29 15:37:28 -06:00
zerosum0x0 9923c39799
removed superfluous status 2017-03-29 15:32:29 -06:00
zerosum0x0 f0a1e12a7e
small typos 2017-03-29 15:30:35 -06:00
bwatters-r7 691811af5a
Land #7994, Add Windows Gather DynaZIP Saved Password Extraction post module 2017-03-29 16:04:09 -05:00
zerosum0x0 ffa376c514
added MS17-010 auxiliary detection module 2017-03-29 14:33:02 -06:00
David Maloney a571bcdba4
update module description 2017-03-29 13:58:36 -05:00
David Maloney 418e371e35
add SMB2 login scanner and module
add smb2_login module backed by an smb2
LoginScanner class. This is a temporary alternative
to smb_login until ruby_smb catches up more on feature parity

MS-2557
2017-03-29 11:36:33 -05:00
Adam Cammack 2758010355
Fix x86 mettle shellcode 2017-03-28 17:59:13 -05:00
dmchell 8b3fe0ac06 Merge branch 'dmchell-cve-2017-7269' into iis_6_sc-dev 2017-03-28 19:33:37 +01:00
dmchell 697d3978af Update iis_webdav_scstoragepathfromurl.rb 2017-03-28 19:14:32 +01:00
Carter d7bed334b0 Add Metasploit header 2017-03-28 12:07:57 -05:00
Carter ebbed949c2 Get rid of double header 2017-03-28 12:05:44 -05:00
Carter d1c269e5e8 Update iis_webdav_scstoragepathfromurl.rb 2017-03-28 11:54:52 -05:00
Carter 4972b510d1 Use HttpClient instead of Tcp 2017-03-28 11:37:40 -05:00
Carter c203fa71d1 Create iis_webdav_scstoragepathfromurl.rb 2017-03-28 11:34:11 -05:00
dmchell ffdd5fb471 Update iis_webdav_scstoragepathfromurl.rb
converted to Msf::Exploit::Remote::HttpClient
2017-03-28 17:16:35 +01:00
dmchell ed90971489 Update iis_webdav_scstoragepathfromurl.rb 2017-03-28 16:16:51 +01:00
dmchell 1552cc4cac Update iis_webdav_scstoragepathfromurl.rb 2017-03-28 16:11:44 +01:00
dmchell b301a8d0c0 Update iis_webdav_scstoragepathfromurl.rb 2017-03-28 16:07:12 +01:00
dmchell 20a9b88eb6 Update and rename iis_webdav_ScStoragePathFromUrl.rb to iis_webdav_scstoragepathfromurl.rb 2017-03-28 15:53:18 +01:00
dmchell f7cecaf31e Update and rename cve-2017-7269.rb to iis_webdav_ScStoragePathFromUrl.rb 2017-03-28 15:47:20 +01:00
dmchell 9e8ec532a2 Create cve-2017-7269.rb
Exploit for cve-2017-7269.rb
2017-03-28 15:33:20 +01:00
juushya 30896d1fab Add Cambium ePMP Arbitrary Command Execution Module 2017-03-28 00:17:36 +05:30
William Webb 66a585ab41
Land #8050, Add Cambium ePMP System Hash Dumper 2017-03-27 12:08:53 -05:00
William Webb 935c59306b
Land #7897, Add Cambium ePMP 1000 Device Configuration file dumper 2017-03-27 12:05:11 -05:00
William Webb d705949b37
Land #7784, Cambium ePMP 1000 Login Scanner 2017-03-27 12:01:56 -05:00
Pearce Barry 31c03840bb
Style fixes for HWBridge RF and a couple small bug fixes
I should have tweaked these earlier, my bad.
2017-03-26 13:45:19 -05:00
juushya dd7cf39678 updated references 2017-03-25 12:31:08 +05:30
juushya 63d88c159a updated references 2017-03-25 12:27:38 +05:30
juushya fd5e25bcc2 restored version check 2017-03-25 12:08:00 +05:30
Javier Godinez 68e4b8a855 Updated user data param to load aggregator 2017-03-24 22:58:04 -07:00
Carter 82ebbfb9a7 Fix msftidy warnings 2017-03-24 23:12:48 -04:00
Carter 3e2173d4f9 Add key length check and remove mixin
Also add a reference to the original honeyscore website
2017-03-24 22:33:09 -04:00
Carter 581d523d5b Fix things from review 2017-03-24 21:22:23 -04:00
Pearce Barry 9db2e9fbcd
Land #8146, Add Default Secret & Deserialization Exploit for Github Enterprise 2017-03-24 14:38:47 -05:00
dmohanty-r7 92c0748447
Land #8102, Add a plugin to notify new sessions via SMS 2017-03-24 11:17:59 -05:00
William Webb e04f01ed6b
Land #7778, RCE on Netgear WNR2000v5 2017-03-23 15:34:16 -05:00
wchen-r7 3b062eb8d4 Update version info 2017-03-23 13:46:09 -05:00
wchen-r7 fdb52a6823 Avoid checking res.code to determine RCE success
Because it's not accurate
2017-03-23 13:39:45 -05:00
wchen-r7 39682d6385 Fix grammar 2017-03-23 13:23:30 -05:00
wchen-r7 ee21377d23 Credit Brent & Adam 2017-03-23 11:22:49 -05:00
wchen-r7 196a0b6ac4 Add Default Secret & Deserialization Exploit for Github Enterprise 2017-03-23 10:40:31 -05:00
Mehmet Ince d37966f1bb
Remove old file 2017-03-23 12:53:08 +03:00
Mehmet Ince 8a43a05c25
Change name of the module 2017-03-23 12:49:31 +03:00
Carter 8dd0f953b0 remove unnecessary require 2017-03-22 19:48:24 -04:00
Carter 420df11c44 Change up the way shodan is reached 2017-03-22 19:39:45 -04:00