Yorick Koster
6870a48c48
Code suggestion from @jvoisin
2017-05-02 16:41:06 +02:00
Joe Testa
012081eed2
Added support for ANY queries. Silently ignore unsupported queries instead of spamming stdout.
2017-05-01 17:28:56 -04:00
William Vu
03e4ee91c2
Correct Ghostscript 9.2.1 to 9.21 as per advisory
2017-05-01 16:23:14 -05:00
William Vu
41ef1a4e90
Land #8325 , cmd/unix/reverse_ncat_ssl payload
2017-05-01 14:54:52 -05:00
C_Sto
772a16f4cd
fix style
2017-05-02 00:55:57 +08:00
C_Sto
9e06c3f07e
fix argument arrangement
2017-05-02 00:39:00 +08:00
C_Sto
5a2afbc364
Tidy payload
2017-05-01 21:38:34 +08:00
Yorick Koster
006ed42248
Added fix information
...
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/0002
09.html
2017-05-01 09:01:14 +02:00
C_Sto
cfa204b8e8
add reverse ncat ssl
2017-05-01 06:57:28 +08:00
reanar
0b62a6478a
Modification for Travis (remove require msf/core, and self.class in register)
2017-04-30 17:05:11 +02:00
reanar
3f348150c6
Modification of description
2017-04-30 16:38:39 +02:00
reanar
52ec448511
Add WordPress Directory Traversal DoS Module
2017-04-30 15:03:48 +02:00
Yorick Koster
673dbdc4b9
Code review feedback from h00die
2017-04-29 20:37:39 +02:00
Yorick Koster
fcf14212b4
Fixed disclosure date
2017-04-29 16:25:25 +02:00
Yorick Koster
f9e7715adb
Fixed formatting
2017-04-29 16:07:45 +02:00
Yorick Koster
1569d2cf8e
MediaWiki SyntaxHighlight extension exploit module
...
This module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create & execute a PHP file in the document root. The USERNAME & PASSWORD options are only needed if the Wiki is configured as private.
2017-04-29 14:29:56 +02:00
Brandon Knight
c4b3ba0d14
Actually removing msf/core this time... ><
...
Helps to actually remove the bits that were failing. Now with even more
removal of msf/core!
2017-04-28 21:42:06 -04:00
Brandon Knight
ff263812fc
Fix msftidy warnings
...
Remove explicitly loading msf/core and self.class from the register_
functions.
2017-04-28 21:26:53 -04:00
HD Moore
afc804fa03
Quick Ghostscript module based on the public PoC
2017-04-28 09:56:52 -05:00
Brandon Knight
f8fb03682a
Fix issue in ps_wmi_exec and powershell staging
...
The staging function in the post/windows/powershell class was broken
in a previous commit as the definition for env_variable was removed and
env_prefix alone is now used. This caused an error to be thrown when
attempting to stage the payload. This changes the reference from
env_variable to env_prefix.
Additionally, the ps_wmi_exec module created a powershell script to be
run that was intended to be used with the EncodedCommand command line
option; however the script itself was never actually encoded. This
change passes the compressed script to the encode_script function to
resolve that issue.
2017-04-28 03:31:56 -04:00
itsmeroy2012
cd73bd137a
Making use of while loop and solving StagerRetryWait issue
2017-04-27 11:50:13 +05:30
William Vu
1a402ed1d8
Add arch to smb_ms17_010 DOUBLEPULSAR detection
2017-04-26 20:59:13 -05:00
Brent Cook
037fdf854e
move common json-rpc bits to a library
2017-04-26 18:08:08 -05:00
Brent Cook
480a0b4273
update payload sizes
2017-04-26 18:02:14 -05:00
Brent Cook
a60e5789ed
update mettle->meterpreter references in modules
2017-04-26 17:55:10 -05:00
Brent Cook
078ba66e5f
remove unneeded msf/core requires
2017-04-26 17:17:20 -05:00
Brent Cook
353191992f
move mettle payloads to meterpreter, add reverse_http/s stageless
2017-04-26 17:06:34 -05:00
Brent Cook
f8792956ee
fix one module for testing
2017-04-26 16:21:13 -05:00
Daniel Teixeira
a3a4ba7605
Buffer Overflow on Dup Scout Enterprise v9.5.14
2017-04-26 15:19:00 +01:00
Spencer McIntyre
da6c03d13f
Fix function names to always be snake_case
2017-04-26 09:30:29 -04:00
William Vu
bbee7f86b5
Land #8263 , Mercurial SSH exec module
2017-04-26 01:38:01 -05:00
William Vu
f60807113b
Clean up module
2017-04-26 01:37:49 -05:00
Spencer McIntyre
a3bcd20b26
Minor cleanups for multi-platform railgun
2017-04-25 17:45:07 -04:00
William Vu
5476f6066c
Land #8271 , DOUBLEPULSAR detection for MS17-010
2017-04-25 16:31:39 -05:00
Craig Smith
4019a14865
The local HWBridge now does not print out status for each URI request per default. This can be enabled by setting verbose to true.
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
Craig Smith
5537348e28
Addes Statistics support from the API. When typing status in a hardware bridge it will also print packet statistics.
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
wchen-r7
320898697a
Land #8266 , Add Buffer Overflow Exploit on Disk Sorter Enterprise
2017-04-24 17:17:30 -05:00
wchen-r7
1d86905fca
Land #8288 , Minor changes to WiPG-1000 module
2017-04-24 17:09:25 -05:00
wchen-r7
e333cb65e5
Restore require 'msf/core'
2017-04-24 17:09:02 -05:00
wchen-r7
c573628e10
Fix header
2017-04-24 17:01:35 -05:00
wchen-r7
e775f9ccbd
Land #8259 , Add post module to upload and execute a file
2017-04-24 17:00:55 -05:00
Matthias Brun
d3aba846b9
Make minor changes
2017-04-24 23:35:36 +02:00
wchen-r7
5bbb4d755a
Land #8254 , Add CVE-2017-0199 - Office Word HTA Module
2017-04-24 16:05:00 -05:00
wchen-r7
6029a9ee2b
Use a built-in HTA server and update doc
2017-04-24 16:04:27 -05:00
zerosum0x0
55f01d3fc7
made the plugin less spammy with more vprintf
2017-04-24 13:33:05 -06:00
zerosum0x0
453ca6e3bf
added OS printing on vulnerable systems
2017-04-24 13:20:44 -06:00
Daniel Teixeira
47898717c9
Minor documentation improvements
...
Space after ,
2017-04-24 14:47:25 +01:00
itsmeroy2012
bd2379784e
Improved error handling for the python reverse_tcp payload
...
Handling all kinds of errors
Removing 'e'
Updating payload cached sizes
Updating payload cached sizes 2.0
Adding option to set retry time
2017-04-23 20:43:57 +05:30
zerosum0x0
a69aba0eab
added XOR Key calculation
2017-04-22 23:54:30 -06:00
h00die
8e4c093a22
added version numbers
2017-04-22 09:45:55 -04:00
Spencer McIntyre
ffe6d35b4d
Add a module to dump network passwords from gnome
2017-04-21 16:17:18 -04:00
zerosum0x0
8a77bf7b60
removed wrong comments
2017-04-21 08:27:13 -06:00
Matthias Brun
714ada2b66
Inline execute_cmd function
2017-04-21 15:32:15 +02:00
zerosum0x0
9fab64c60e
added references
2017-04-20 15:22:37 -06:00
zerosum0x0
dd12afd717
added DoublePulsar detection
2017-04-20 15:03:29 -06:00
Matthias Brun
8218f024e0
Add WiPG-1000 Command Injection module
2017-04-20 16:32:23 +02:00
Koen Riepe
55ab800f13
Minor code fixes.
2017-04-19 14:41:11 +02:00
DanielRTeixeira
f1c51447c1
Add files via upload
...
Buffer Overflow on Disk Sorter Enterprise
2017-04-19 10:57:41 +01:00
Jonathan Claudius
f5430e5c47
Revert Msf::Exploit::Remote::Tcp
2017-04-18 19:27:35 -04:00
Jonathan Claudius
9a870a623d
Make use of Msf::Exploit::Remote::Tcp
2017-04-18 19:17:48 -04:00
Jonathan Claudius
03e3065706
Fix MSF tidy issues
2017-04-18 18:56:42 -04:00
Jonathan Claudius
32f0b57091
Fix new line issues
2017-04-18 18:52:53 -04:00
James Lee
bdeeb8ee1d
Add a check
2017-04-18 16:32:06 -05:00
William Vu
3b38d0d900
Land #8262 , PR ref for huawei_hg532n_cmdinject
2017-04-18 16:29:13 -05:00
Jonathan Claudius
bfca4da9b0
Add mercurial ssh exec
2017-04-18 16:33:23 -04:00
Tod Beardsley
1fcc1f7417
Trailing comma. Why isn't this Lua?
2017-04-18 14:27:44 -05:00
wchen-r7
0428e12b10
Land #8216 , Add CVE-2016-7552/CVE-2016-7547 exploit
2017-04-18 14:26:55 -05:00
Tod Beardsley
4ec71f9272
Add a reference to the original PR
...
This was the source of first public disclosure, so may as well include
it.
2017-04-18 14:20:25 -05:00
James Lee
84dd5cd01a
Add a simple upload exec module
2017-04-17 19:34:21 -05:00
Nate Caroe
92e7183a74
Small typo fix
...
Running msfconsole would generate an Ubuntu crash report (?). This seems to be the culprit.
2017-04-17 11:14:51 -06:00
William Vu
942959f7e8
Land #8255 , fixes for smb_ms17_010
2017-04-17 11:38:34 -05:00
Brent Cook
7b936b0012
Land #8184 , convert IPMI protocol and modules to bindata
2017-04-17 07:40:15 -05:00
Brent Cook
6f70efcfa1
add module documentation
2017-04-17 07:39:43 -05:00
William Vu
b1c7f1302b
Fix report_vuln and prefer vprint_error
2017-04-17 02:48:56 -05:00
Ahmed S. Darwish
e21504b22d
huawei_hg532n_cmdinject: Use send_request_cgi() 'vars_get' key
...
Instead of rolling our own GET parameters implementation.
Thanks @wvu-r7!
2017-04-17 09:11:50 +02:00
nixawk
3d082814cb
Fix default options
2017-04-17 01:09:48 -05:00
Ahmed S. Darwish
7daec53106
huawei_hg532n_cmdinject: Improve overall documentation
...
- Add section on compiling custom binaries for the device
- Add documentation for Huawei's wget flavor (thanks @h00die)
- Abridge the module's info hash contents (thanks @wwebb-r7)
- Abridge the module's comments; reference documentation (@h00die)
2017-04-17 08:00:51 +02:00
Ahmed S. Darwish
8a302463ab
huawei_hg532n_cmdinject: Use minimum permissions for staged binary
...
Use u+rwx permissions only, instead of full 777, while staging the
wget binary to target. As suggested by @wvu-r7 and @busterb.
2017-04-17 03:27:57 +02:00
Ahmed S. Darwish
7ca7528cba
huawei_hg532n_cmdinject: Spelling fixes suggested by @wvu-r7
2017-04-17 03:23:20 +02:00
Ahmed S. Darwish
7b8e5e5016
Add Huawei HG532n command injection exploit
2017-04-15 21:01:47 +02:00
Brent Cook
7950087804
Merge branch 'upstream-master' into land-8237-
2017-04-14 21:53:26 -05:00
nixawk
fb001180c4
Fix generate_uri
2017-04-14 21:52:31 -05:00
nixawk
590816156f
rename exp module
2017-04-14 21:32:48 -05:00
nixawk
1952529a87
Format Code
2017-04-14 21:30:26 -05:00
Brent Cook
a9857eb1c2
Land #8099 , Aux module to launch instances in AWS
2017-04-14 14:12:10 -05:00
Brent Cook
42122d2835
Land #8238 , move SMB2 support back into smb_login, add simpler permissions checks
2017-04-14 14:06:46 -05:00
nixawk
8ab0b448fd
CVE-2017-0199 exploit module
2017-04-14 13:22:59 -05:00
Brent Cook
eb61241673
Land #8228 , New mainframe privesc payload for z/OS
2017-04-14 13:19:41 -05:00
dmohanty-r7
d75f852d01
Land #8167 , Add MS17-010 auxiliary detection module
2017-04-14 13:00:16 -05:00
David Maloney
91fb3ce6b8
collapse SMB2 support into smb_login
...
converge the SMB and SMB loginscanners so that
there is only one SMB loginscanner that supports both
MS-2636
2017-04-13 15:22:03 -05:00
David Maloney
adeb4d10d7
smb2 login scanner admin check now working
...
we can now check for admin privs in the smb2
login scanner
MS-2636
2017-04-13 14:40:32 -05:00
William Webb
48560d29f3
remove keyscan_extract and modify calling modules
2017-04-13 10:42:28 -05:00
m0t
5e42dde6b6
msftidy clean up
2017-04-12 16:25:21 +01:00
Koen Riepe
9f289bdf52
Fixed error messages and some syntax.
2017-04-12 13:48:11 +02:00
William Webb
c21d78b23b
Land #8186 , Convert DNS Fuzzer to use bindata
2017-04-11 23:27:08 -05:00
bigendiansmalls
fa8011fd07
New mainframe privesc payload for z/OS
...
This module performs a privilege escaltion on mainframe systems
runing z/OS and using RACF for their security manager. A user
with any non-privileged credentials and the ability to write to
an apf authorized library can use this payload to add "root level"
privileges (e.g. SPECIAL / BPX.SUPERUSER) to their profile.
2017-04-11 15:04:44 -05:00
William Webb
c867b7e228
Land #8204 , Add Cambian ePMP SNMP Configuration download
2017-04-11 10:59:13 -05:00
mr_me
3c2dc68e9c
improved description, no point repeating the same thing\!
2017-04-11 09:55:11 -05:00
mr_me
c359e15de6
updated the print statement
2017-04-11 09:31:17 -05:00
mr_me
84ac9d905c
improved the description of the module
2017-04-11 09:24:43 -05:00
m0t
374d7809b5
last fixes and tests
2017-04-11 09:48:57 +01:00
William Vu
288e384164
Land #8189 , irssi password post gather module
2017-04-10 23:34:54 -05:00
Jonathan Claudius
96927b449c
Rework module to grab entire irssi configs
2017-04-11 00:02:40 -04:00
Jonathan Claudius
6a1531da34
Fix loot name attributes
2017-04-10 23:52:31 -04:00
Jonathan Claudius
d92f94e077
Fix grammar issue
2017-04-10 23:44:18 -04:00
Jonathan Claudius
d9e96a8b4f
Consolidate loot into single file
2017-04-10 23:42:50 -04:00
Jonathan Claudius
7f6bbb6ff2
Fix trailing space issue
2017-04-10 21:38:30 -04:00
Jonathan Claudius
9432a3543f
Extend irssi post mod to grab network passwords
2017-04-10 15:35:26 -04:00
mr_me
b1d127e689
satisfied travis
2017-04-10 14:11:18 -05:00
Jonathan Claudius
47d74819a5
Update regex per reviewer request
2017-04-10 14:45:10 -04:00
Jonathan Claudius
d816092c56
Fix missing new line
2017-04-10 14:41:25 -04:00
mr_me
0f07875a2d
added CVE-2016-7552/CVE-2016-7547 exploit
2017-04-10 13:32:58 -05:00
William Vu
06ca406d18
Fix weird whitespace
2017-04-09 22:23:58 -05:00
zerosum0x0
f7c8bd2464
add rescue for ::Rex::Proto::SMB::Exceptions::LoginError
2017-04-07 15:37:56 -06:00
juushya
3c189f0cb0
Adding Cambium SNMP Loot module
2017-04-07 01:32:45 +05:30
Christian Mehlmauer
74dc7e478f
update piwik module
2017-04-05 20:19:07 +02:00
m0t
9a0789f839
Exploit for pmmasterd Buffer Overflow (CVE-2017-6553)
2017-04-05 17:59:54 +01:00
bwatters-r7
dd5a91f153
Land #8008 , Added archmigrate module for windows sessions
2017-04-05 08:55:27 -05:00
Koen Riepe
08b2a97293
Changed styling to be more in line with rubocop.
2017-04-05 10:05:56 +02:00
Jonathan Claudius
b8af7c1db0
Add irssi password post gather module
2017-04-05 00:56:24 -04:00
bwatters-r7
64c06a512e
Land #8020 , ntfs-3g local privilege escalation
2017-04-04 09:48:15 -05:00
Brent Cook
891e7e465e
convert DNS fuzzer to bindata
2017-04-04 03:03:32 -05:00
Brent Cook
46c7e822c8
convert IPMI protocol and modules to bindata
2017-04-04 02:44:17 -05:00
Christian Mehlmauer
30c4a665f4
update iis exploit
2017-04-03 20:06:16 +02:00
Brent Cook
98ffa4d380
Land #7652 , add varnish cache CLI authentication scanner module
2017-04-02 21:52:45 -05:00
Brent Cook
4c0539d129
Land #8178 , Add support for non-Ruby modules
2017-04-02 21:02:37 -05:00
h00die
a34c01ebd2
Land #8137 shodan honeyscore module
2017-04-02 21:37:36 -04:00
h00die
0092818893
Land #8169 add exploit rank where missing
2017-04-02 20:59:25 -04:00
Bryan Chu
151ed16c02
Re-ranking files
...
../exec_shellcode.rb
Rank Great -> Excellent
../cfme_manageiq_evm_upload_exec.rb
Rank Great -> Excellent
../hp_smhstart.rb
Rank Average -> Normal
2017-04-02 18:33:46 -04:00
zerosum0x0
26fc6bc920
added report_vuln()
2017-04-01 21:48:19 -06:00
h00die
e80b8cb373
move sploit.c out to data folder
2017-03-31 20:51:33 -04:00
William Webb
035f37cf42
Land #8144 , Add Moxa Device Discovery Scanner Module
2017-03-31 19:11:27 -05:00
William Webb
f870f94fa9
Land #8163 , Add Cambium ePMP Arbitrary Command Execution
2017-03-31 19:06:19 -05:00
Adam Cammack
6910cb04dd
Add first exploit written in Python
2017-03-31 17:07:55 -05:00
h00die
823c1a6286
added more verifieds
2017-03-31 16:52:20 -04:00
h00die
23ac9214ea
land #8010 post gather module for tomcat creds
2017-03-31 16:15:55 -04:00
h00die
34a152dc76
handle no sysinfo from ssh_login
2017-03-31 16:15:16 -04:00
Pearce Barry
ab4d86fd21
Land #8168 , change description of alpha encoders
2017-03-31 11:37:12 -05:00
dmohanty-r7
1ce7bf3938
Land #8126 , Add SolarWind LEM Default SSH Pass/RCE
2017-03-31 11:21:32 -05:00
dmohanty-r7
c445a1a85a
Wrap ssh.loop with begin/rescue
2017-03-31 11:16:10 -05:00
Koen Riepe
22b2215d2e
Fixed a typo causing bot to fail.
2017-03-31 16:40:21 +02:00
Koen Riepe
3a674b731c
Added error handling, added documentation and fixed some style issues.
2017-03-31 16:35:25 +02:00
Koen Riepe
628827cda9
Added some documentation and gracefull error handeling.
2017-03-31 12:45:30 +02:00
Koen Riepe
df2a9a4af3
Added documentation file and implemented fixes for output and linux parsing.
2017-03-31 11:19:12 +02:00
Bryan Chu
5e31a32771
Add missing ranks
...
../exec_shellcode.rb
Rank = Great
This exploit is missing autodetection and version checks,
but should be ranked Great due to high number of possible targets
../cfme_manageiq_evm_upload_exec.rb
Rank = Great
This exploit implements a check to assess target availability,
and the vulnerability does not require any user action
../dlink_dcs_930l_authenticated_remote_command_execution
Rank = Excellent
Exploit utilizes command injection
../efw_chpasswd_exec
Rank = Excellent
Exploit utilizes command injection
../foreman_openstack_satellite_code_exec
Rank = Excellent
Exploit utilizes code injection
../nginx_chunked_size
Rank = Great
Exploit has explicit targets with nginx version auto-detection
../tp_link_sc2020n_authenticated_telnet_injection
Rank = Excellent
See dlink_dcs_930l_authenticated_remote_command_execution,
exploit uses OS Command Injection
../hp_smhstart
Rank = Average
Must be specific user to exploit, no autodetection,
specific versions only
2017-03-31 02:39:44 -04:00
Christian Mehlmauer
0a398a59c5
change description
2017-03-30 20:06:23 +02:00
bwatters-r7
6bcb9b523b
Land #8165 , Fix x86 mettle shellcode
2017-03-30 11:45:11 -05:00
zerosum0x0
4bd50b0ad2
Merge branch 'ms17-010' of github.com:RiskSense-Ops/metasploit-framework into ms17-010
2017-03-30 10:10:08 -06:00
zerosum0x0
a125566fc7
removed unnecessary arguments
2017-03-30 10:09:31 -06:00
Pearce Barry
a13d6a7810
Land #8166 , Add new SMB LoginScanner using RubySMB for SMB1/SMB2 Support
2017-03-30 11:08:17 -05:00
Pearce Barry
ac83ff7e48
Land #8155 , Style fixes for HWBridge RF and a couple small bug fixes
2017-03-29 20:37:13 -05:00
zerosum0x0
ef7de6d49e
added MSB to description, moved a print statement
2017-03-29 17:43:49 -06:00
Carter
4bdbdc0e00
Fix response parsing
2017-03-29 18:21:12 -05:00
zerosum0x0
68f5c0e663
removed a print statement
2017-03-29 16:24:59 -06:00
zerosum0x0
7e6b8b02b8
replaced magic constant with setup_count
2017-03-29 15:37:28 -06:00
zerosum0x0
9923c39799
removed superfluous status
2017-03-29 15:32:29 -06:00
zerosum0x0
f0a1e12a7e
small typos
2017-03-29 15:30:35 -06:00
bwatters-r7
691811af5a
Land #7994 , Add Windows Gather DynaZIP Saved Password Extraction post module
2017-03-29 16:04:09 -05:00
zerosum0x0
ffa376c514
added MS17-010 auxiliary detection module
2017-03-29 14:33:02 -06:00
David Maloney
a571bcdba4
update module description
2017-03-29 13:58:36 -05:00
David Maloney
418e371e35
add SMB2 login scanner and module
...
add smb2_login module backed by an smb2
LoginScanner class. This is a temporary alternative
to smb_login until ruby_smb catches up more on feature parity
MS-2557
2017-03-29 11:36:33 -05:00
Adam Cammack
2758010355
Fix x86 mettle shellcode
2017-03-28 17:59:13 -05:00
dmchell
8b3fe0ac06
Merge branch 'dmchell-cve-2017-7269' into iis_6_sc-dev
2017-03-28 19:33:37 +01:00
dmchell
697d3978af
Update iis_webdav_scstoragepathfromurl.rb
2017-03-28 19:14:32 +01:00
Carter
d7bed334b0
Add Metasploit header
2017-03-28 12:07:57 -05:00
Carter
ebbed949c2
Get rid of double header
2017-03-28 12:05:44 -05:00
Carter
d1c269e5e8
Update iis_webdav_scstoragepathfromurl.rb
2017-03-28 11:54:52 -05:00
Carter
4972b510d1
Use HttpClient instead of Tcp
2017-03-28 11:37:40 -05:00
Carter
c203fa71d1
Create iis_webdav_scstoragepathfromurl.rb
2017-03-28 11:34:11 -05:00
dmchell
ffdd5fb471
Update iis_webdav_scstoragepathfromurl.rb
...
converted to Msf::Exploit::Remote::HttpClient
2017-03-28 17:16:35 +01:00
dmchell
ed90971489
Update iis_webdav_scstoragepathfromurl.rb
2017-03-28 16:16:51 +01:00
dmchell
1552cc4cac
Update iis_webdav_scstoragepathfromurl.rb
2017-03-28 16:11:44 +01:00
dmchell
b301a8d0c0
Update iis_webdav_scstoragepathfromurl.rb
2017-03-28 16:07:12 +01:00
dmchell
20a9b88eb6
Update and rename iis_webdav_ScStoragePathFromUrl.rb to iis_webdav_scstoragepathfromurl.rb
2017-03-28 15:53:18 +01:00
dmchell
f7cecaf31e
Update and rename cve-2017-7269.rb to iis_webdav_ScStoragePathFromUrl.rb
2017-03-28 15:47:20 +01:00
dmchell
9e8ec532a2
Create cve-2017-7269.rb
...
Exploit for cve-2017-7269.rb
2017-03-28 15:33:20 +01:00
juushya
30896d1fab
Add Cambium ePMP Arbitrary Command Execution Module
2017-03-28 00:17:36 +05:30
William Webb
66a585ab41
Land #8050 , Add Cambium ePMP System Hash Dumper
2017-03-27 12:08:53 -05:00
William Webb
935c59306b
Land #7897 , Add Cambium ePMP 1000 Device Configuration file dumper
2017-03-27 12:05:11 -05:00
William Webb
d705949b37
Land #7784 , Cambium ePMP 1000 Login Scanner
2017-03-27 12:01:56 -05:00
Pearce Barry
31c03840bb
Style fixes for HWBridge RF and a couple small bug fixes
...
I should have tweaked these earlier, my bad.
2017-03-26 13:45:19 -05:00
juushya
dd7cf39678
updated references
2017-03-25 12:31:08 +05:30
juushya
63d88c159a
updated references
2017-03-25 12:27:38 +05:30
juushya
fd5e25bcc2
restored version check
2017-03-25 12:08:00 +05:30
Javier Godinez
68e4b8a855
Updated user data param to load aggregator
2017-03-24 22:58:04 -07:00
Carter
82ebbfb9a7
Fix msftidy warnings
2017-03-24 23:12:48 -04:00
Carter
3e2173d4f9
Add key length check and remove mixin
...
Also add a reference to the original honeyscore website
2017-03-24 22:33:09 -04:00
Carter
581d523d5b
Fix things from review
2017-03-24 21:22:23 -04:00
Pearce Barry
9db2e9fbcd
Land #8146 , Add Default Secret & Deserialization Exploit for Github Enterprise
2017-03-24 14:38:47 -05:00
dmohanty-r7
92c0748447
Land #8102 , Add a plugin to notify new sessions via SMS
2017-03-24 11:17:59 -05:00
William Webb
e04f01ed6b
Land #7778 , RCE on Netgear WNR2000v5
2017-03-23 15:34:16 -05:00
wchen-r7
3b062eb8d4
Update version info
2017-03-23 13:46:09 -05:00
wchen-r7
fdb52a6823
Avoid checking res.code to determine RCE success
...
Because it's not accurate
2017-03-23 13:39:45 -05:00
wchen-r7
39682d6385
Fix grammar
2017-03-23 13:23:30 -05:00
wchen-r7
ee21377d23
Credit Brent & Adam
2017-03-23 11:22:49 -05:00
wchen-r7
196a0b6ac4
Add Default Secret & Deserialization Exploit for Github Enterprise
2017-03-23 10:40:31 -05:00
Mehmet Ince
d37966f1bb
Remove old file
2017-03-23 12:53:08 +03:00
Mehmet Ince
8a43a05c25
Change name of the module
2017-03-23 12:49:31 +03:00
Carter
8dd0f953b0
remove unnecessary require
2017-03-22 19:48:24 -04:00
Carter
420df11c44
Change up the way shodan is reached
2017-03-22 19:39:45 -04:00
bwatters-r7
a93aef8b7a
Land #8086 , Add Module Logsign Remote Code Execution
2017-03-22 11:33:49 -05:00
Patrick DeSantis
2200c9faee
Create moxa_discover.rb
2017-03-22 10:49:26 -04:00
Carter
fa61d67761
Fix score comparison
2017-03-21 19:17:20 -04:00
Brent Cook
3af0f814c3
Land #8138 , fix mettle UAF and add initial http/https transport support
2017-03-21 16:51:09 -05:00
William Vu
1a8e8402ae
Land #8113 , SysGauge SMTP server validation sploit
2017-03-21 16:45:42 -05:00
Brent Cook
9542087642
bump mettle to 0.1.8
2017-03-21 16:45:25 -05:00
wchen-r7
d10b3da6ec
Land #8132 , Support Python 2 & 3 for web_delivery
2017-03-21 13:48:27 -05:00
wchen-r7
6b3cfe0a98
Support both Python 2 and Python 3 in one line
...
Tested on:
* Python 2.7.13 on Windows
* Python 3.5.3 on Windows
2017-03-21 13:47:07 -05:00
Carter
fef8ec10bc
Fix author formatting
2017-03-21 13:23:41 -04:00
Carter
d7640713df
Add more checks and formatting
2017-03-21 13:23:06 -04:00
Carter
1f68a3bda6
Rename honeypot.rb to shodan_honeyscore.rb
2017-03-21 13:10:31 -04:00
James Lee
2e096be869
Remove debugging output
2017-03-21 11:26:02 -05:00
Carter
79c7b84f08
Create honeypot.rb
2017-03-21 11:15:12 -04:00
bwatters-r7
be41df6de0
Land #8036 , Fix run_as_psh with domain accounts
2017-03-21 09:05:50 -05:00
Pearce Barry
f397624a69
Land #7935 , HWBridge RF transceiver extension
2017-03-21 06:12:32 -05:00
Brent Cook
aa5e9cd702
Land #8058 , Allow the http_payload stager to sleep before retry
2017-03-21 00:07:10 -05:00
Pearce Barry
c4279a837a
Minor formatting/spelling/verbiage changes.
2017-03-20 17:37:12 -05:00
Craig Smith
2fde287424
Initial patch for rftransceiver (RfCat / YardstickOne)
2017-03-20 17:36:16 -05:00
Pearce Barry
2acd941b16
Merge branch 'master' into dtc_fix
2017-03-20 14:10:01 -05:00
Craig Smith
0be6b8c905
Fixes #8022
...
Adds detection for ELM327 chips reporting CAN ERROR when vehicle is off.
Addes some enhanced UDS Error codes.
Cleaned up reporting from getvinfo if the vehicle is off or not connected.
2017-03-20 13:49:39 -05:00
Pearce Barry
06ebb22a8f
Land #8065 , Zigbee Hardware Bridge Extension
2017-03-20 10:44:15 -05:00
Swiftb0y
ffe77c484e
fixed spacing
2017-03-20 16:37:35 +01:00
Swiftb0y
e51063aa56
added the python3 syntax to the web_delivery script
2017-03-20 16:08:08 +01:00
h00die
7bcd53d87d
Land #8079 , exploit and aux for dnaLims
2017-03-20 11:08:05 -04:00
h00die
fd5345a869
updates per pr
2017-03-20 10:40:43 -04:00
h00die
fe5167bf26
changes to file per pr
2017-03-20 10:16:42 -04:00
William Vu
f9ecefe465
Land #8031 , nil fixes for HWBridge
2017-03-19 22:37:28 -05:00
Brent Cook
aa1e76f28e
Land #8128 , ensure there is a response before deferencing
2017-03-19 22:17:31 -05:00
Brent Cook
e2c6f959f4
Land #8129 , s/colom/colon/g
2017-03-19 22:14:38 -05:00
Javier Godinez
534ca8c5cb
fix: URL encoding userdata
2017-03-18 21:52:49 -07:00
Javier Godinez
26d344a0ef
Initial checkin of launch instances module
2017-03-18 21:52:49 -07:00
Carter
ae883d7f02
Update multi_meterpreter_inject.rb
2017-03-19 00:27:28 -04:00
Carter
661bf6e492
Update multi_meterpreter_inject.rb
2017-03-19 00:27:03 -04:00
Carter
93a6614ab3
Update multi_meterpreter_inject.rb
2017-03-19 00:25:46 -04:00
h00die
f88a522bf5
fix #8121
2017-03-18 14:50:24 -04:00
h00die
06e6a973ce
land #7944 a scanner for Carlo Gavazzi energy meters
2017-03-18 10:35:43 -04:00
h00die
84e4b8d596
land #8115 which adds a CVE reference to IMSVA
2017-03-18 09:51:52 -04:00
alpiste
1d0024ee3c
tools/modules/update_payload_cached_sizes.rb update
2017-03-17 20:58:41 -03:00
Pearce Barry
d55b680394
Land #8088 , Add some binaries to enum_protections
2017-03-17 17:14:59 -05:00
Mehmet Ince
6aa42dcf08
Add solarwinds default ssh user rce
2017-03-17 21:54:35 +03:00
William Webb
1180bd6ed7
Land #8037 , priv_migrate improvements
2017-03-17 13:19:51 -05:00
Brent Cook
52cea93ea2
Merge remote-tracking branch 'upstream/master' into land-8118-
2017-03-17 12:39:30 -05:00
Brent Cook
e67c83e92c
Land #8119 , Updated rails_secret_deserialization to add '.' cookie regex
2017-03-17 12:34:25 -05:00
Brent Cook
ea4ca7ecc5
Land #8116 , Handle ::Errno::ECONNRESET in telnet_version
2017-03-17 12:32:02 -05:00
Pearce Barry
095a110e65
Code and doc tweaks (minor).
...
Only one behavior change in the scan loop of zstumbler.rb to, when doing a scan across all the channels, keep it from retrying channel 11 again one last time just before it exits.
2017-03-16 21:43:36 -05:00
William Vu
db6bc6c784
Land #8100 , msfcrawler improvements
...
Does anyone use this anymore??
2017-03-16 21:31:23 -05:00
Chris Higgins
7a12e446a0
Updated documentation and fixed module header. Whoops, copy/paste fail.
2017-03-16 21:28:24 -05:00
bwatters-r7
ab75794cd4
Land #8071 , Add API to send an MMS message to mobile devices
2017-03-16 11:57:34 -05:00
Craig Smith
78586f0dc9
Fixed an extra space at the EOL
2017-03-16 09:22:01 -07:00
Dallas Kaman
80c33fc27f
adding '-' to rails deserialization regex for cookie matching
2017-03-16 10:54:32 -05:00
Thomas Reburn
59c7de671e
Updated rails_secret_deserialization to add '.' regex for cookie matching.
2017-03-16 10:45:43 -05:00
Chris Higgins
f4bb1d6a37
Updated based on @wvu's comments
2017-03-15 19:15:12 -05:00
bwatters-r7
91a4657c36
Bumped the metasploit-payloads version and cache sizes with PR#8043
2017-03-15 19:02:21 -05:00
bwatters-r7
b2a7d18584
Update cached payload sizes
2017-03-15 18:43:48 -05:00
Mehmet Ince
f706c4d7f6
Removing prefix
2017-03-16 00:49:55 +03:00
wchen-r7
a1d7748d82
Fix #8061 , Handle ::Errno::ECONNRESET in telnet_version
...
Fix #8061
2017-03-15 16:33:37 -05:00
Mehmet Ince
60186f6046
Adding CVE number
2017-03-16 00:31:21 +03:00
wchen-r7
d4ee254057
Land #8076 , Add Easy File Sharing FTP Server Version 3.6 traversal
2017-03-15 16:17:13 -05:00
wchen-r7
8afe6a9061
Update easy_file_sharing_ftp and add documentation
2017-03-15 16:14:41 -05:00
William Vu
a0ba3f17e7
Land #8110 , process migration by name fix
2017-03-15 15:52:54 -05:00
William Vu
456ddcebc0
Remove nil values that are default already
...
There are four lights!
2017-03-15 15:51:22 -05:00
Brent Cook
8995629037
Land #7061 , allow chaining the service stub with other encoders
2017-03-15 13:56:09 -05:00
Brent Cook
b65919e7b1
Land #7956 , Add QNAP NAS/NVR administrator hash disclosure
2017-03-15 11:12:59 -05:00
William Vu
0a71e4a903
Update check with Exploit::CheckCode::Appears
2017-03-15 05:13:30 -05:00
William Vu
86d2217f4d
Fix whitespace and clarify options
2017-03-15 04:27:30 -05:00
William Vu
a0bff5c8c3
Bump RETRIES to 10
...
3 was a bit too low. I was using 10 and had more success with it.
2017-03-15 03:18:09 -05:00
Chris Higgins
b3fbbbee34
Spelling is hard
2017-03-14 23:34:00 -05:00
Chris Higgins
cc4f18e6c5
Add sysgauge_client_bof module and documentation
2017-03-14 23:29:19 -05:00
William Webb
e96013cd0f
Land #7781 , IBM Websphere Java Deserialization RCE
2017-03-14 17:21:18 -05:00
wchen-r7
cf8b4a78fa
Bring branch up to date with upstream-master
2017-03-14 16:48:33 -05:00
Rich Whitcroft
04f11b0bf7
fix migrate by process name
2017-03-14 17:27:46 -04:00
wchen-r7
1736332638
Land #8103 , Add CVE-2017-5638, Struts2 Content-Type OGNL injection
2017-03-14 16:10:49 -05:00
wchen-r7
9201f5039d
Use vprint for check because of rules
2017-03-14 15:02:54 -05:00
James Lee
f429b80c4e
Forgot to rm this when i combined
2017-03-14 12:18:11 -05:00
William Vu
01ea5262b8
Land #8070 , msftidy vars_get fixes
2017-03-14 12:05:24 -05:00
William Vu
5c436f2867
Appease msftidy in tr064_ntpserver_cmdinject
...
Also s/"/'/g.
2017-03-14 11:52:21 -05:00
William Vu
5d6a159ba9
Use query instead of uri in mvpower_dvr_shell_exec
...
I should have caught this in #7987 , @bcoles, but I forgot. Apologies.
This commit finishes what @itsmeroy2012 attempted to do in #8070 .
2017-03-14 11:51:55 -05:00
itsmeroy2012
79331191be
msftidy error updated 2.5
2017-03-14 22:02:59 +05:30
itsmeroy2012
67fc43a0a1
msftidy error updated 2.4
2017-03-14 21:33:53 +05:30
James Lee
53c9caa013
Allow native payloads
2017-03-13 20:10:02 -05:00
James Lee
2053b77b01
ARCH_CMD works
2017-03-13 18:37:50 -05:00
wchen-r7
bb4d6e17c8
Resolve #8026 , Add a plugin to notify new sessions via SMS
...
This plugin will notify you of a new session via SMS.
It also changes the SMS text format to MIME.
Resolve #8026
2017-03-13 16:13:59 -05:00
itsmeroy2012
fe4e2306b4
Reverting one step
2017-03-13 22:22:24 +05:30
Jon P
665adec298
Patching storedb function (adding host/port/ssl for correct report_web_page)
2017-03-13 17:37:47 +01:00
wizard32
78ff7a8865
Module renamed
...
Renamed from websphere_java_deserialize.rb to ibm_websphere_java_deserialize.rb
2017-03-13 08:22:24 +02:00
William Vu
9f76b4d99c
Change default RPORT to 443 with SSL
...
I never really tested port 80, so I wonder why I didn't change this.
Turns out 80 isn't even the vuln service. Welp. Hat tip @bcoles.
2017-03-12 21:03:31 -05:00
William Vu
e7c920db44
Remove DEBEUG/print_debeug :(
2017-03-12 21:01:48 -05:00
William Vu
d57b772ac9
Bump default RETRIES to 3
2017-03-12 21:00:38 -05:00
William Vu
8638f9ec7e
Update freesshd_authbypass to use CmdStager fully
2017-03-11 19:59:39 -06:00
Pearce Barry
4e32c80e8e
Use the Msf::Exploit::CmdStager mixin. Fixes #8092 .
2017-03-11 17:44:05 -06:00
William Vu
fe4f20c0cc
Land #7968 , NETGEAR R7000 exploit
2017-03-10 16:02:30 -06:00
dmohanty-r7
25bfa88c46
Land #7877 , Add mDNS query spoofing service
2017-03-10 15:44:57 -06:00
itsmeroy2012
1c54e0ba94
msftidy error updated 2.2
2017-03-10 23:59:38 +05:30
itsmeroy2012
6d8789a56e
Updated msftidy error 2.1
2017-03-10 23:03:37 +05:30
itsmeroy2012
c0f17cf6b8
msftidy error updated 2.0
2017-03-10 22:16:27 +05:30
jvoisin
84b9449137
Add some binaries to enum_protections
...
- gradm2 for grsec
- aa-status for apparmor
- getenforce for setlinux
2017-03-10 14:16:58 +01:00
Mehmet Ince
f6bac3ae31
Add iso link to md file and change CheckCode code
2017-03-10 13:00:49 +03:00
James Lee
e7b65587b4
Move to a more descriptive name
2017-03-09 14:19:06 -06:00
James Lee
e07d5332de
Don't step on the payload accessor
2017-03-09 13:54:00 -06:00
James Lee
d92ffe2d51
Grab the os.name when checking
2017-03-09 13:52:58 -06:00