039e8f5899
Use rubyntlm for HTTP Negotiate auth
2016-06-22 10:15:22 -05:00
c2a063c8ae
Start using rubyntlm for ssp auth
2016-06-22 10:15:16 -05:00
1e053c110a
Merge branch 'master' into feature/rex-cleanup/first-gems
2016-06-22 09:20:44 -05:00
df1a9bee13
Move ps1, Use Env var, Fix license, New Cleanup
...
MS16-032 ps1 moved to external file. This ps1 will now detect windir
to find cmd.exe. The module now also detects windir to find
powershell.exe. The license is now BSD_LICENSE, and the required
copyright has been moved to the ps1. The previous optional cleanup stage
is now standard. The optional 'W_PATH' assignment is corrected to
select the user's variable unless 'W_PATH' is nil.
2016-06-22 09:25:48 -04:00
3842753ce4
Added JCL header data to mainframe payload module
...
Currently any existing and future JCL payload has to have a 'job card'
basically data that defines the job to z/OS. It has information about
the job's owner, place it will run, output creation, etc. All JCL
shares the same job card format. As such, creating a shared payload
method that allows this text to be imported into any JCL payload.
Additionally, that job card is now parameterized, allowing the
exploit/payload user to edit these job card values-as this may be needed
in order to run the job sucessfully on any given system.
This PR sets up the mf module - next PRs will update the existing
payloads to use this module.
2016-06-21 22:06:44 -05:00
f85e7972d1
Land #6999 , Msf::Util::EXE.to_zip
2016-06-21 17:00:04 -05:00
9cb57d78d7
updated check and docs that 14.2 may not be vuln
2016-06-21 16:48:09 -04:00
81f30ca962
Land #6966 , Microsoft Office Trusted Locations Enumeration
2016-06-21 21:45:39 +01:00
69e2d05a5d
rip out old rex code and replace with gems
...
rex-text, rex-random_identifier, rex-powershell, rex-zip, and rex-registry
are now being pulled in as gems instead of part of the spgehtti code that is lib/rex
2016-06-21 13:56:36 -05:00
b9d0bcc193
Add MS16-032 Local Priv Esc Exploit to tree
...
This module will use the powershell port of ms16-032 created by
@FuzzySec. All payloads are pushed to a compress powershell script in a
plain text file on the disk to execute.
2016-06-21 14:56:12 -04:00
15a3d739c0
fix per wchen
2016-06-20 17:57:10 -04:00
129b449355
Add Msf::Util::EXE.to_zip
...
This adds a new method in Msf::Util::EXE to be able to create a
zip file with an array of binary data.
2016-06-20 13:36:59 -05:00
718f36f1af
Land #6955 , DarkComet C2 Arbitrary File Download
2016-06-20 13:15:16 -05:00
3f9d0630ce
Merge remote-tracking branch 'upstream/pr/6955' into land-6955
2016-06-20 13:14:37 -05:00
e692e32dae
Land #6955 , DarkComet C2 Arbitrary File Download Exploit
2016-06-20 12:03:38 -05:00
c816af1e4d
Merge remote-tracking branch 'upstream/pr/6955' into land-6955
2016-06-20 12:00:19 -05:00
5a92dc205e
Land #6997 , Avoid exception on missing key in enum_chrome
2016-06-20 11:56:03 -05:00
2b85b210e9
Fix #6984 , Undefined method 'winver' in ms10_092_schelevator
...
Fix #6984
2016-06-20 10:37:41 -05:00
95517b4a45
Avoid exception on missing key in prefs.
2016-06-20 09:26:10 -05:00
bbaa3ad9f9
Land #6996 : Fix unused session types
2016-06-20 16:21:11 +10:00
6cb2a6970e
Fix unused SessionType in two modules
...
Pretty sure it should be "shell."
2016-06-19 23:41:34 -05:00
856a4c7684
Reference BadTunnel (appropriate for the nat module)
2016-06-19 20:50:12 -05:00
6fe7698b13
follow redirect automatically
2016-06-19 20:24:54 -04:00
a84614f2c0
Whitespace only
2016-06-19 18:44:32 -05:00
ce7c6496dd
Rework to clarify that this a brute force spoof, unrelated to BadTunnel
2016-06-19 13:36:39 -05:00
3f25c27e34
2 void-in fixes of 3
2016-06-19 14:35:27 -04:00
ddfd015310
functionalized calendar call, updated docs
2016-06-19 08:53:22 -04:00
6507e520c7
Cleanups, addition of a 'direct' module
2016-06-18 15:37:54 -05:00
d8f6be0a3f
Silly typo [cosmetic]
2016-06-18 14:34:49 -05:00
1db10eec39
slight documentation update
2016-06-18 13:27:46 -04:00
3feff7533b
tiki calendar
2016-06-18 13:11:11 -04:00
b4af7eb039
Remove useless include
2016-06-18 01:31:55 -05:00
3aff0050ee
Whitespace
2016-06-18 01:24:45 -05:00
01a951d5aa
Add references & credit
2016-06-18 01:23:49 -05:00
5405b0f3db
clarified attack failure error message
2016-06-18 04:31:58 +02:00
34130592f1
Update .mailmap
2016-06-17 19:01:13 -05:00
c02a05f913
Removed code that was already commented out
2016-06-17 15:47:15 -05:00
1225a93179
Moved ClamAV scanner to scanning module
...
s
2016-06-17 15:40:33 -05:00
ba72d3fd92
Land #6988 , Update banners to metasploit.com, not .pro
2016-06-17 15:29:30 -05:00
c130495968
Updated logging, but still probably wrong.
2016-06-17 13:31:24 -05:00
813777a8e4
Cleaned up the code a little after trying to fix ip printing issues.
2016-06-17 13:09:03 -05:00
fee54b4a5a
Changed the module to support scanning
2016-06-17 13:03:28 -05:00
98ad2489db
Land #6970 , #make_fast_nops for HUGE nop chunks
2016-06-17 12:56:26 -05:00
0af2fa7164
Add a module for the 'BadTunnel' vulnerability
2016-06-17 03:06:04 -05:00
9ea0b8f944
Land #6934 , Adds exploit for op5 configuration command execution
2016-06-16 14:36:10 -05:00
856baf5f32
Merge pull request #4 from wvu-r7/pr/6934
...
Add setsid to persist the shell
2016-06-16 14:28:43 -04:00
ea988eaa72
Add setsid to persist the shell
...
Prevents the watchdog from killing our session.
2016-06-16 11:31:35 -05:00
674470c5de
Merge pull request #1 from Meatballs1/trusted_locations
...
Trusted locations cleanup
2016-06-16 10:18:00 +01:00
6ea9d7a6f7
Land #6978 , addition of karaf to wordlists
2016-06-15 22:57:53 -05:00
050b604e77
Fixed the syntax error
2016-06-15 21:45:52 -05:00
James Lee
David Maloney
khr0x40sh
Bigendian Smalls
William Vu
h00die
Meatballs
wchen-r7
William Webb
Pearce Barry
OJ
HD Moore
samvartaka
Brendan Watters
Brent Cook
h00die
Vincent Yiu