infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
36,888 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

19352 Commits (eb6cff77bca72b396b67309d15fc747574126c69)

Author SHA1 Message Date
William Vu 06a2bb53bd Clean up module 2015-12-18 15:29:15 -06:00
Christian Mehlmauer fb6ede80c9
add joomla reference 2015-12-18 18:27:48 +01:00
wchen-r7 485196af4e Remove modules/exploits/multi/http/uptime_file_upload.rb 
Please use exploit/multi/http/uptime_file_upload_1 for exploiting
post2file.php on an older version of uptime.

If you are exploiting uptime that is patched against
exploit/multi/http/uptime_file_upload_1, then you may want to try
exploit/multi/http/uptime_file_upload_2.
 2015-12-17 23:01:57 -06:00
wchen-r7 5f5b3ec6a1 Add MS15-134 Microsoft Windows Media Center MCL Information Disclosure 
CVE-2015-6127
 2015-12-17 22:41:58 -06:00
Jon Hart a8bb750db7
Address style/usability concerns in Android CVE-2012-6301 module 2015-12-17 13:45:32 -08:00
Brent Cook 0c0219d7b7
Land #6357, cleanup redis rdbcompression options 2015-12-17 10:45:11 -06:00
Jon Hart f3ac8a2cc0
Land #6360, @pyllyukko's reference cleanup for ipmi_dumphashes 2015-12-16 22:03:40 -08:00
wchen-r7 06f1949e2c
Land #6355, Joomla HTTP Header Unauthenticated Remote Code Execution 
CVE-2015-8562
 2015-12-16 17:55:51 -06:00
Christian Mehlmauer 8c43ecbfaf
add random terminator and clarify target 2015-12-17 00:08:52 +01:00
Gregory Mikeska 2106a47441
Merge branch 'pr/6357' into upstream-master 2015-12-16 16:02:48 -06:00
Christian Mehlmauer 08d0ffd709
implement @wvu-r7 's feedback 2015-12-16 22:44:01 +01:00
Christian Mehlmauer 76438dfb2f
implement @wchen-r7 's suggestions 2015-12-16 20:31:43 +01:00
Jon Hart 865e2a7c18
Only test/reset rdbcompression if told to and redis is configured that way 2015-12-16 11:20:13 -08:00
Jon Hart f616ee14a8
Dont abort if compression can't be disabled 2015-12-16 11:11:00 -08:00
Jon Hart 12764660b2
Remove compression bits from description; remove unnecessary module options; require DISABLE_RDBCOMPRESSION 2015-12-16 11:07:27 -08:00
Christian Mehlmauer b43d580276
try to detect joomla version 2015-12-16 16:16:59 +01:00
Christian Mehlmauer 30f90f35e9
also check for debian version number 2015-12-16 15:19:33 +01:00
Christian Mehlmauer 67eba0d708
update description 2015-12-16 14:46:00 +01:00
Christian Mehlmauer fa3fb1affc
better ubuntu version check 2015-12-16 14:18:44 +01:00
Christian Mehlmauer 60181feb51
more ubuntu checks 2015-12-16 14:02:26 +01:00
Christian Mehlmauer 934c6282a5
check for nil 2015-12-16 13:52:06 +01:00
Christian Mehlmauer 2661cc5899
check ubuntu specific version 2015-12-16 13:49:07 +01:00
Christian Mehlmauer 675dff3b6f
use Gem::Version for version compare 2015-12-16 13:04:15 +01:00
pyllyukko d110c6cc73
Added few references to ipmi_dumphashes 2015-12-16 13:36:37 +02:00
Christian Mehlmauer 01b943ec93
fix check method 2015-12-16 07:26:25 +01:00
Christian Mehlmauer 595645bcd7
update description 2015-12-16 07:03:01 +01:00
Christian Mehlmauer d80a7e662f
some formatting 2015-12-16 06:57:06 +01:00
Christian Mehlmauer c2795d58cb
use target_uri.path 2015-12-16 06:55:23 +01:00
Christian Mehlmauer 2e54cd2ca7
update description 2015-12-16 06:42:41 +01:00
nixawk 342ce05ff7 add a DISABLE_RDBCOMPRESSION option for redis file_upload 2015-12-16 04:28:52 +00:00
Christian Mehlmauer d4ade7a1fd
update check method 2015-12-16 00:18:39 +01:00
Stuart Morgan 2c29298485 undoing this, put in a separate module 2015-12-15 23:16:21 +00:00
Stuart Morgan 5dd8cb7648 proper type conversions 2015-12-15 23:13:02 +00:00
Stuart Morgan fef9a84548 rubocop 2015-12-15 23:12:14 +00:00
Stuart Morgan a2b30ff16e msftidy 2015-12-15 23:11:40 +00:00
Stuart Morgan 281966023c Final version 2015-12-15 23:10:06 +00:00
Stuart Morgan 7fa453b7ff Added module 2015-12-15 22:31:00 +00:00
Stuart Morgan 059de62400 Editing an existing module rather than adding a new one 2015-12-15 21:36:39 +00:00
Stuart Morgan 4a66b487de Based on putty enum module 2015-12-15 21:28:13 +00:00
Christian Mehlmauer c603430228
fix version check 2015-12-15 18:26:21 +01:00
wchen-r7 b9b280954b Add a check for joomla 2015-12-15 11:03:36 -06:00
Christian Mehlmauer e4309790f5
renamed module because X-FORWARDED-FOR header is also working 2015-12-15 17:37:45 +01:00
Christian Mehlmauer 84d5067abe
add joomla RCE module 2015-12-15 17:20:49 +01:00
wchen-r7 ab3fe64b6e Add method peer for jenkins_java_deserialize.rb 2015-12-15 01:18:27 -06:00
Jon Hart b78f7b4d55
Land #6319, @all3g's module for abusing redis to achieve file uploads 2015-12-14 18:00:44 -08:00
Jon Hart e448bc3e27
If saving fails, print_error and mention permissions 2015-12-14 10:47:05 -08:00
Jon Hart 19acd366d6 Rename redis file upload module; remove the 'auth' part 2015-12-14 10:40:28 -08:00
Tod Beardsley 30c805d9c7
Land #6344, R7-2015-22 / CVE-2015-8249 2015-12-14 12:30:51 -06:00
Tod Beardsley b25aae3602
Add refs to module 
See rapid7#6344.
 2015-12-14 12:05:46 -06:00
Brent Cook c00f05faba
Land #6346, jenkins_java_deserialize check reliability fixes 2015-12-14 11:44:33 -06:00
William Vu b085989923
Land #6266, rsync creds scraper 2015-12-14 11:37:30 -06:00
wchen-r7 bd8aea2618 Fix check for jenkins_java_deserialize.rb 
This fixes the following:

* nil return value checks
* handle missing X-Jenkins-CLI-Port scenario more properly
* proper HTTP path normalization
 2015-12-14 11:25:59 -06:00
wchen-r7 5ffc80dc20 Add ManageEngine ConnectionId Arbitrary File Upload Vulnerability 2015-12-14 10:51:59 -06:00
Spencer McIntyre 4e492a1b0c
Add an additional grammar change to the listener option 2015-12-13 12:04:20 -05:00
radekk 90a523fb0a Typos inside parameters description. 2015-12-12 22:48:20 +01:00
Vex Woo dee23e4bda Merge pull request #3 from jhart-r7/pr/fixup-6319 
Cleanup redis unauth_file_upload, move redis stuff to mixin
 2015-12-12 03:32:05 +00:00
dmohanty-r7 eb4611642d Add Jenkins CLI Java serialization exploit module 
CVE-2015-8103
 2015-12-11 14:57:10 -06:00
Jon Hart 9ef46140c0
Improve output when success 2015-12-11 10:10:44 -08:00
Jon Hart 32a64c3d8e
Make auth easier, work automatically and on older redis versions 
Also, improve check
 2015-12-11 10:04:47 -08:00
Jon Hart ac47c87af4
Move Password option to redis mixin 2015-12-11 08:53:11 -08:00
Jon Hart 38d0b0a0f2
Wire in @all3g's redis auth code 2015-12-11 08:42:59 -08:00
Jon Hart 555e52e416
Document the redis upload process more 2015-12-10 09:35:46 -08:00
Jon Hart 48a27170c2
Document process better, delete correct key 2015-12-10 09:13:13 -08:00
Jon Hart d2f54af23f
Reset the dir and dbfilename back to their original settings 2015-12-10 08:56:24 -08:00
Jon Hart 21ab4e96e5
First pass at redis mixin 2015-12-10 08:29:59 -08:00
karllll a5c6e260f2 Update hp_vsa_login_bof.rb 
Updated reference URL to latest location
 2015-12-10 10:56:39 -05:00
William Vu 563be5c207
Land #6322, another Perl IRC bot exploit 2015-12-10 09:43:07 -06:00
William Vu a945350821
Land #6307, Perl IRC bot exploit 2015-12-10 09:42:35 -06:00
nixawk 0d8fc78257 make code more clear 2015-12-10 15:13:50 +00:00
nixawk 42013c18ba add a password option - AUTH_KEY 2015-12-10 08:24:47 +00:00
nixawk 28bc5b4d4f move it from exploit to auxiliary 2015-12-10 08:23:38 +00:00
Jon Hart 4cc7853ad8
Don't run_host unless check returns vulnerable; report_service 2015-12-09 18:33:40 -08:00
Jon Hart 624e5aeffa
First pass at converting redis module to aux; style cleanup 2015-12-09 17:59:48 -08:00
wchen-r7 11c1eb6c78 Raise Msf::NoCompatiblePayloadError if generate_payload_exe fails 
Most exploits don't check nil for generate_payload_exe, they just
assume they will always have a payload. If the method returns nil,
it ends up making debugging more difficult. Instead of checking nil
one by one, we just raise.
 2015-12-08 21:13:23 -06:00
Jon Hart 39da306b1d
Land #6057, @danilbaz's module for dumping Bitlocker master key (FVEK) 2015-12-08 18:16:39 -08:00
wchen-r7 080ec26afb
Land #4489, Update SMB admin modules to use Scanner & fixes 2015-12-08 14:49:26 -06:00
Jon Hart ed8076f361
Merge branch 'master' into pr/6197 2015-12-08 12:08:15 -08:00
Jon Hart 2177b979fd
Update SessionTypes command to describe why shell is not listed 2015-12-08 12:06:47 -08:00
Jon Hart 3890961155
Correct SEP client exclusion enumeration 2015-12-08 10:16:25 -08:00
wchen-r7 7378e7b128 Do elog() when print_error() 2015-12-08 11:06:59 -06:00
BAZIN-HSC be5f648969 manage-bde.exe path test if in System32 or sysnative 2015-12-08 16:14:13 +01:00
wchen-r7 53acfd7ce3
Land #6303, Add phpFileManager 0.9.8 Remote Code Execution 2015-12-07 21:13:48 -06:00
wchen-r7 ea3c7cb35b Minor edits 2015-12-07 21:13:14 -06:00
William Vu db788d1b7c
Land #6238, CmdStager BOURNE_{PATH,FILE} options 2015-12-07 12:34:42 -06:00
JT b36834f4bc Update legend_bot_exec.rb 2015-12-07 10:38:36 +08:00
JT 2244f2aa43 Add Legend Perl IRC Bot Remote Code Execution 2015-12-07 10:30:28 +08:00
JT 26c8fd8faa Update xdh_x_exec.rb 2015-12-07 08:25:19 +08:00
JT 9ee5498090 Update xdh_x_exec.rb 
satisfying msftidy's request
 2015-12-06 20:21:18 +08:00
JT 10a8e98e41 Update xdh_x_exec.rb 2015-12-06 20:11:49 +08:00
JT 14afbc6800 Update xdh_x_exec.rb 
updated description and new author.
 2015-12-06 20:10:19 +08:00
nixawk 20f6cbe5ba upload file to redis server (unauthentication) 2015-12-06 06:11:11 +00:00
Stuart Morgan ca023b6499 Simplified do_report() to comply with msftidy 2015-12-05 23:27:28 +00:00
Stuart Morgan 4f1f755c1d msftidy 2015-12-05 22:49:40 +00:00
Stuart Morgan 4469e9b5ef Finalised module 2015-12-05 22:45:08 +00:00
Stuart Morgan bd1bf4aa72 Initial test, fixed noteswq 2015-12-05 21:19:34 +00:00
Stuart Morgan 09c58e4097 Massive rework of the storage/notes/reporting 2015-12-05 21:18:29 +00:00
Jon Hart f6417df9ba
Update enum_av_excluded to work properly under wow64 2015-12-04 17:13:43 -08:00
wchen-r7 66ba204c11
Land #6308, change youtube url 2015-12-04 16:31:00 -06:00
wchen-r7 14b1b3a1f0
Land #6299, Stageless HTTP(S) Python Meterpreter 2015-12-04 16:16:54 -06:00
wchen-r7 644c1347cd Update payload sizes 2015-12-04 16:14:37 -06:00
Jon Hart ad60a4118e
Put admin and client exclusions in different tables 2015-12-04 13:01:28 -08:00
Jon Hart c92365090f
Simpler 2015-12-04 12:38:25 -08:00
Jon Hart e7d2eb6ad9
Wire in support for showing process and file extension exclusions 2015-12-04 12:35:42 -08:00
Jon Hart 78a303974f
Handle empty exclusions better 2015-12-04 12:19:17 -08:00
Jon Hart 81ee01a93e
Simplify exclusion extraction and printing 2015-12-04 11:42:03 -08:00
Jon Hart 1968a76863
Simplify AV enumeration code 2015-12-04 10:27:14 -08:00
Christian Mehlmauer fc9d818837
change youtube url 2015-12-04 10:15:56 +01:00
JT faac44f257 Update xdh_x_exec.rb 2015-12-04 12:39:19 +08:00
JT f52e6ce65c Update xdh_x_exec.rb 2015-12-04 11:17:16 +08:00
JT 4955357015 Update xdh_x_exec.rb 2015-12-04 11:06:06 +08:00
JT 4e43a90187 Add Xdh / fBot IRC Bot Remote Code Execution 2015-12-04 10:40:37 +08:00
jvazquez-r7 340fe5640f
Land #6255, @wchen-r7's module for Atlassian HipChat JIRA plugin 2015-12-03 20:01:06 -06:00
jvazquez-r7 a972b33825
Fix typo 2015-12-03 20:00:37 -06:00
Jon Hart 28ee056c32
Make enumeration of each individual AV optional 2015-12-03 16:07:49 -08:00
Jon Hart c007fffbce
Style cleanup 2015-12-03 15:55:12 -08:00
wchen-r7 f8c11b9cd1 Move to multi 2015-12-03 17:49:21 -06:00
JT 3bbc413935 Update phpfilemanager_rce.rb 2015-12-04 06:20:43 +08:00
wchen-r7 67edf88c39 Doc 2015-12-03 14:25:01 -06:00
wchen-r7 f33e63c16f Support Win/Linx/Java payloads for Win/Linux platforms 2015-12-03 14:02:32 -06:00
r3naissance db5c69226e
Add Usernames to Creds Database with owa_login.rb 2015-12-03 09:31:36 -07:00
JT 28ca899914 Update phpfilemanager_rce.rb 2015-12-03 18:07:25 +08:00
wchen-r7 83824b2902 First commit to support Windows for jira_hipchat_template 
In Java
 2015-12-03 02:39:55 -06:00
JT d63bb4768f Update phpfilemanager_rce.rb 2015-12-03 14:09:02 +08:00
JT 374b630601 Update phpfilemanager_rce.rb 2015-12-03 13:57:19 +08:00
JT 56b810cb18 Update phpfilemanager_rce.rb 2015-12-03 12:44:41 +08:00
JT 5414f33804 Update phpfilemanager_rce.rb 2015-12-03 12:43:47 +08:00
JT ab77ab509a Update phpfilemanager_rce.rb 2015-12-03 12:35:49 +08:00
JT 869caf789f Update phpfilemanager_rce.rb 2015-12-03 12:34:17 +08:00
JT a2d51d48cd Add phpFileManager 0.9.8 Remote Code Execution 2015-12-03 12:11:31 +08:00
Jon Hart fdbd3cfc11
Fix minor style problems, call check() from run_host 2015-12-02 15:46:35 -08:00
wchen-r7 09cd63a70c
Land #6302, Limesurvey File Download aux mod 2015-12-02 15:43:56 -06:00
wchen-r7 93a4fd0ee4 Minor edits 2015-12-02 15:43:11 -06:00
Christian Mehlmauer 581ea89f7f
fix nil error 2015-12-02 11:19:08 +01:00
Christian Mehlmauer f06e4f3dbd
make this module work with other languages too 2015-12-02 11:14:10 +01:00
Christian Mehlmauer 1a4b91e33e
unzip backup file 2015-12-02 11:01:56 +01:00
Rory McNamara 15dd18dc4b use single quotes, remove explicit nil 2015-12-02 09:36:07 +00:00
jvazquez-r7 0f24ca7d13
Land #6280, @wchen-r7's module for Oracle Beehive processEvaluation Vulnerability 2015-12-01 21:38:09 -06:00
jvazquez-r7 d269be22e7
Land #6223, @wchen-r7's module for Oracle Beehive prepareAudioToPlay exploit 2015-12-01 21:36:18 -06:00
wchen-r7 9697ce5033 Specify arch & platform for generate_payload_exe 
If not specified, generic payloads will fail.
 2015-12-01 18:46:52 -06:00
wchen-r7 0e21265ecc Fix cookie parsing, typo, and unused var 2015-12-01 17:39:40 -06:00
Jon Hart 366b92a79e
Store rsync creds as creds, not loot 2015-12-01 15:30:39 -08:00
Christian Mehlmauer 217374d1c0
add limesurvey file download 2015-12-02 00:06:13 +01:00
jvazquez-r7 bb3a3ae8eb
Land #6176, @ganzm's fix for 64 bits windows loadlibrary payload 2015-12-01 13:18:41 -06:00
Spencer McIntyre 3b3b569d8e Fix payload CacheSize for current pymet 2015-12-01 13:00:15 -05:00
jvazquez-r7 bfe81db9a5
Update cached size 2015-12-01 11:45:45 -06:00
jvazquez-r7 2348cb7374
Update loadlibrary for 64 bits 2015-12-01 11:41:37 -06:00
James Lee 385378f338 Add reference to Rapid7 advisory 2015-12-01 11:37:27 -06:00
James Lee 98a0ddebda
Land #6298, Advantech shellshock module 2015-12-01 11:37:09 -06:00
HD Moore 9dbf7cb86c Remove the SSL option (not needed) 2015-12-01 11:34:03 -06:00
HD Moore 758e7c7b58 Rename 2015-12-01 11:33:45 -06:00