Commit Graph

2119 Commits (edf7c4147897e7833584c9ff5d12b12235339699)

Author SHA1 Message Date
h00die cfd31e32c6 renaming per @bwatters-r7 comment in #7491 2016-11-18 13:52:09 -05:00
Brian Patterson abddeb5cd2 Land 7473, add censys search module 2016-11-17 13:44:00 -06:00
Brent Cook b6f097c035
Correct a few misspellings 2016-11-15 08:08:20 -06:00
Brent Cook b56b6a49ac
Land #7328, Extend lsa_transname_heap exploit to MIPS 2016-11-15 07:37:19 -06:00
Brent Cook 312f33afa3 minor formatting updates 2016-11-15 07:36:54 -06:00
Pearce Barry 1dae206fde
Land #7379, Linux Kernel BPF Priv Esc (CVE-2016-4557) 2016-11-11 16:50:20 -06:00
dmohanty-r7 2b5517f597
Land #7506, Add gather AWS keys post module 2016-11-11 13:56:12 -06:00
dmohanty-r7 3ae021faba
Update aws gather key docs 2016-11-11 13:50:24 -06:00
h00die 1cb68c6f28
Land #7515, docs for enum_ie
Adds markdown docs for postwindows/gather/enum_ie. Thanks @daniel-wer

Fixes #7146
2016-11-01 20:11:32 -04:00
Brendan 05e2aad837
Land #7497, Add Kerberos domain user enumeration module 2016-11-01 14:34:47 -05:00
William Webb 31b593ac67
Land #7402, Add Linux local privilege escalation via overlayfs 2016-11-01 12:46:40 -05:00
Daniel Werner 1760cc9877 Add an IE7+ run to the post/windows/gather/enum_ie KB. 2016-10-31 20:30:22 +01:00
Daniel Werner a487d9e92a Add KB for post/windows/gather/enum_ie. 2016-10-31 16:19:06 +01:00
Jan Mitchell 97b7819a08 Adding documentation for lsatransnames_heap 2016-10-31 14:47:19 +00:00
Catatonic Prime c38281706d h00die's suggested changes 2016-10-30 23:22:09 +00:00
Catatonic Prime efc65dbb0c Language 2016-10-30 04:59:40 +00:00
Catatonic Prime 48e585b66c Removing sample documentation lines. 2016-10-30 04:58:02 +00:00
Catatonic Prime 1ddd31029e Adding documentation for ektron_xslt_exec_ws exploit module. 2016-10-30 04:52:36 +00:00
Spencer McIntyre f9041bc89a Address pull request feedback for module docs 2016-10-29 18:50:16 -04:00
Spencer McIntyre 89376102db Add documentation for jenkins_script_console 2016-10-29 16:50:47 -04:00
Pearce Barry 0b23365881
Minor addition to the telpho10_credential_dump docs. 2016-10-28 17:52:49 -05:00
Pearce Barry 5c12d55c84
Land #7484, Add Telpho10 Credentials Dump Exploit 2016-10-28 17:41:46 -05:00
Pearce Barry 991a3fe448
Markdown docs added. 2016-10-28 17:38:00 -05:00
Jon Hart 74baffd463
Rename doc 2016-10-28 15:31:12 -07:00
Jon Hart 96c204d1ea
Add aws_keys docs; correct description 2016-10-28 15:27:47 -07:00
dmohanty-r7 d918e25bde
Land #7439, Add Ghostscript support to ImageMagick Exploit 2016-10-28 17:07:13 -05:00
dmohanty-r7 d6785a437e
Add module docs for imagemagick_delegate 2016-10-28 17:02:09 -05:00
attackdebris c2af2ab214 Move kerberos_enumusers module to aux/gather & add documentation 2016-10-27 19:11:22 +01:00
nixawk 98afd0f18d add censys_search doc 2016-10-25 22:40:25 -05:00
Jon Hart a61e6bc11b Correct formatting. really. 2016-10-25 15:58:46 -05:00
Jon Hart 252b604999 Correct formatting 2016-10-25 15:58:46 -05:00
Jon Hart b7dba76089 Add module documentation for udp_amplifcation 2016-10-25 15:58:46 -05:00
Pearce Barry 9a0307b0c0
Land #7369, Panda Antivirus Priv Esc 2016-10-21 13:20:41 -05:00
h00die 40054a6c01 docs table 2016-10-20 20:54:35 -04:00
h00die 12e4fe1c5c updated dlls and docs 2016-10-20 20:45:50 -04:00
h00die 0d1fe20ae5 revamped 2016-10-15 20:57:31 -04:00
Brent Cook dd1e8ff964
fix a few typos in KB 2016-10-14 13:01:51 -05:00
Brent Cook cfddc734a8
Land #7286, WiFi pineapple preconfig command injection module 2016-10-14 12:57:42 -05:00
Brent Cook e05a325786
Land #7285, WiFi pineapple command injection via authentication bypass 2016-10-14 12:57:05 -05:00
Brent Cook 1c9914acb1 add module doc 2016-10-14 12:46:19 -05:00
Brent Cook d36940260f add module doc 2016-10-14 12:44:17 -05:00
Thao Doan 9111d8598c
Land #7440, Add docs for Chrome User Data Enum 2016-10-14 10:39:53 -07:00
Brent Cook 9fbe1ddd9d
Land #7384, CVE-2016-6415 - Cisco IKE Information Disclosure 2016-10-14 08:41:34 -05:00
Daniel Werner 8adcb96435 Add KB for post/windows/gather/enum_chrome. 2016-10-13 23:23:21 +02:00
nixawk 884a8b29e7 add doc for auxiliary/scanner/ike/cisco_ike_benigncertain.rb 2016-10-12 03:33:22 -05:00
mr_me 2a308f76b1 Update rails_dynamic_render_code_exec.md 2016-10-10 22:43:24 -05:00
mr_me f2252bb179 fixed a few things, thanks @h00die 2016-10-10 22:30:01 -05:00
h00die 2ad82ff8e3 more nagios versatility 2016-10-10 10:21:49 -04:00
Pearce Barry d1a11f46e8
Land #7418, Linux recvmmsg Priv Esc (CVE-2014-0038) 2016-10-09 18:37:52 -05:00
h00die f9060b0ac7 fixed doc numbering 2016-10-09 00:02:18 -04:00
h00die 2dfebe586e working cve-2014-0038 2016-10-08 23:58:09 -04:00
Brent Cook b77a910205
Land #7355, allwinner post to local exploit conversion 2016-10-08 21:38:54 -05:00
Brent Cook e074669406
Land #7296, Added a SCADA module for detecting Profinet devices, e.g. Siemens controllers 2016-10-08 21:34:40 -05:00
Brent Cook 7e2e98f96c
Land #7413, Add KB for post/firefox/gather/passwords 2016-10-08 21:31:27 -05:00
Brent Cook bd24e7eba0 more cleanups and print output on auto-run 2016-10-08 21:14:26 -05:00
Brent Cook df597a7bb7 add module documentation 2016-10-08 20:17:54 -05:00
Daniel Werner 86465710e2 Add KB for post/firefox/gather/passwords. 2016-10-08 01:19:26 +02:00
h00die 27cf5c65c4 working module 2016-10-04 23:21:53 -04:00
Jon Hart cf20ccaccd
Add kb for aws_ec2_instance_metadata 2016-09-30 07:02:33 -07:00
h00die 7b0a8784aa additional doc updates 2016-09-29 19:02:16 -04:00
h00die c036c258a9 cve-2016-4557 2016-09-29 05:23:12 -04:00
h00die 7a108e2102 updated docs w/ error codes on failed attempts 2016-09-27 20:26:04 -04:00
h00die 35a2b3e59d working panda 2016-09-27 20:15:17 -04:00
William Vu b87911bd0b
Land #7340, auxiliary/server/socks4a docs 2016-09-26 17:34:45 -05:00
Brendan b9de73e803
Land #7334, Add aux module to exploit WINDOWS based (java) Colorado
FTP server directory traversal
2016-09-26 14:15:23 -05:00
Pearce Barry 6382fffc75
Land #7326, Linux Kernel Netfilter Privesc 2016-09-26 12:38:50 -05:00
h00die 23e5556a4c binary drops work! 2016-09-24 21:31:00 -04:00
Brent Cook 6f4c9435be Add module documentation 2016-09-24 05:48:18 -04:00
h00die cba297644e post to local conversion 2016-09-22 22:08:24 -04:00
h00die 3dff41c833 documentation update 2016-09-22 21:06:31 -04:00
Brendan 04f8f7a0ea
Land #7266, Add Kaltura Remote PHP Code Execution 2016-09-21 17:14:49 -05:00
Oliver Rumbelow d1bf7d94bc auxilary/server/socks4a documentation 2016-09-20 20:08:16 +01:00
Mehmet Ince fb00d1c556
Another minor grammer changes 2016-09-20 19:23:28 +03:00
Brendan 513d8a8163 Edit fail 2016-09-20 10:51:12 -05:00
Brendan e1155fed77 Minor changes to grammar 2016-09-20 10:34:03 -05:00
Mehmet Ince 385428684f
Move module and docs under the exploit/linux/http folder 2016-09-20 12:45:23 +03:00
Mehmet Ince 0a58ada1da
Add missing steps and cite original wiki URL 2016-09-20 01:38:46 +03:00
Oliver Rumbelow e05cac15c6 auxilary/server/socks4a documentation 2016-09-19 21:37:35 +01:00
h00die 9c922d111f colorado ftp 2016-09-18 20:03:16 -04:00
h00die 4f85a1171f reexploit and other docs and edits added 2016-09-18 08:51:27 -04:00
Mehmet Ince d70cbf4ba7
Add documentation includes how to install Kaltura 2016-09-17 23:12:47 +03:00
h00die 1b7f706c6b added doc note 2016-09-16 01:57:36 -04:00
h00die 2e42e0f091 first commit 2016-09-16 01:54:49 -04:00
William Vu 030e09c9c6
Land #7322, drupal_drupageddon module docs 2016-09-16 00:40:18 -05:00
h00die a9502bfe9e drupageddon docs 2016-09-15 13:29:06 -04:00
William Webb fcf7a98993
Land #7311, add module documentation for post/linux/gather/checkvm and post/linux/gather/hashdump 2016-09-14 20:45:26 -05:00
William Webb 373655c41d
Land #7314, Module documentation for exagrid_privkey 2016-09-14 20:41:25 -05:00
Jon Hart 18fa897644
Add initial at_persistence documentation 2016-09-14 16:06:15 -07:00
William Webb 01327f0265
Land #7245, NetBSD mail.local privilege escalation module 2016-09-14 16:07:12 -05:00
h00die 8f85a94664 remove example line 2016-09-14 09:29:19 -04:00
h00die 10dc30fe2a remove example line 2016-09-14 09:27:22 -04:00
h00die 117790caac adding docs 2016-09-14 01:13:13 -04:00
h00die b9c876d6d7 fix numbering 2016-09-14 00:53:30 -04:00
h00die 2d925e5bdd adding docs 2016-09-14 00:48:01 -04:00
Tijl Deneut 8df8f7dda0 Initial commit of profinet_siemens.rb 2016-09-11 09:15:41 +02:00
scriptjunkie a0e05d4c4c
Land #7287, mdaemon cred dumper 2016-09-10 08:43:07 -05:00
Brent Cook f35fdfcd5f
Added documentation for auxiliary/scanner/http/owa_ews_login 2016-09-09 11:50:25 -05:00
Agora Security 1c598cd15d SMTP Type
Change SMPT for SMTP
2016-09-09 01:36:08 -05:00
AgoraSecurity dcd3b6c092 Add space 2016-08-31 19:58:24 -05:00
AgoraSecurity a046c206f6 Improve doc
Better format and more info
2016-08-31 19:57:27 -05:00
AgoraSecurity 7852ef7d0e Remove HTML tags 2016-08-31 11:05:38 -05:00
AgoraSecurity 31fc64034c Update mdaemon_cred_collector.md 2016-08-31 09:51:37 -05:00
AgoraSecurity d1a7ea132b mdaemon_cred_collector Doc 2016-08-31 09:50:56 -05:00
h00die 82da4b5072 forgot to save docs 2016-08-26 20:02:20 -04:00
h00die 5dff01625d working code 2016-08-25 21:32:25 -04:00
William Vu 1a22ac05df Update module doc for smb_login 2016-08-23 23:14:19 -05:00
David Maloney 95b82219a3
Land #7233, ssh over L# pivot
this lands egypt's fix for using Net::SSH over L# pivots
2016-08-23 14:12:54 -05:00
James Lee 8d2bdb2a71
Quote commands 2016-08-22 14:39:51 -05:00
wchen-r7 0b73786e10 avoid bad filter 2016-08-22 11:47:39 -05:00
Jay Turla 1065b4cfe2 Linked the zip file 2016-08-23 00:33:04 +08:00
h00die f2e2cb6a5e cant transfer file 2016-08-21 19:42:29 -04:00
Jay Turla 139d431230 eliminate space 2016-08-20 04:17:22 +08:00
Jay Turla 51a2354fea Add KB for multi/http/caidao_php_backdoor_exec 2016-08-20 04:12:31 +08:00
William Vu 2b6576b038
Land #7012, Linux service persistence module 2016-08-17 22:45:35 -05:00
William Vu c64d91457f
Land #7003, cron/crontab persistence module 2016-08-17 22:45:16 -05:00
William Vu 2fa4c7073b
Land #6995, SSH key persistence module 2016-08-17 22:44:57 -05:00
wchen-r7 8654baf3dd
Land #6880, add a module for netcore/netdis udp 53413 backdoor 2016-08-08 15:43:34 -05:00
wchen-r7 89417304b0 Fix format for netcore_udp_53413_backdoor.md 2016-08-08 15:42:46 -05:00
William Webb a48487578c
Land #7165, Add documentation for juniper_backdoor, brocade_enable_login, and werkzeug_debug_rce 2016-08-01 15:46:20 -05:00
Brent Cook abf435d6c2
Land #6960, Auth bypass for Polycom HDX video endpoints 2016-08-01 14:02:50 -05:00
Brent Cook 5309f2e4fb endpoints, not end points 2016-08-01 14:02:17 -05:00
Brent Cook 50c918f889 update documentation with verification 2016-08-01 13:59:00 -05:00
h00die 38138e66d2 adding docs for #4888 #5697 #6731 2016-07-29 23:11:57 -04:00
h00die b2a521475a adding sparse docs 2016-07-29 22:02:11 -04:00
Vex Woo be65f2c4d3 add module doc 2016-07-26 20:26:22 -05:00
Brendan 4720d77c3a
Land #6965, centreon useralias exec 2016-07-26 15:02:36 -07:00
Brendan c21971cb4e Added some info on problems encountered during testing. 2016-07-26 14:59:18 -07:00
wchen-r7 df15eebdf8
Land #7106, multiple keylog_recorder improvements 2016-07-25 14:54:06 -05:00
Josh Hale 128887bfb1 Update module doc to reflect change in migration failure operation 2016-07-22 13:07:55 -05:00
thao doan 2008190f40 Add docs for MSSQL local auth bypass module 2016-07-21 11:09:24 -07:00
h00die 5a9f2423c4 forgot python 2016-07-20 14:16:57 -04:00
h00die 56b1565955 updated docs for step by step install of software 2016-07-20 12:48:28 -04:00
Josh Hale 722133491d Wording change in advanced options and doc 2016-07-16 22:57:36 -05:00
Josh Hale b8edbec125 Minor change to module doc 2016-07-16 22:47:47 -05:00
Josh Hale ba9a59cfe6 Add module documentation 2016-07-16 22:40:17 -05:00
thao doan 9862a2fc25 Land #7080, Updated docs and made enhancements for Netgear soap password extractor 2016-07-13 14:30:46 -07:00
thao doan 78bfced8dd Land #7091, Add docs for Windows Meterpreter reverse HTTPS 2016-07-13 14:21:05 -07:00
Brent Cook fcdb32795d
Land #6777, Linux Xen 4.2.0 DoS 2016-07-13 00:40:42 -05:00
Brent Cook 7b5e3a880d added module docs and some output tweaks for consistency with other modules 2016-07-13 00:38:46 -05:00
wchen-r7 f6751f3c90 Fix typos 2016-07-12 10:56:41 -05:00
wchen-r7 6ab0dbc321 fix header 2016-07-11 15:34:14 -05:00
wchen-r7 2c7ffcc3a8 Update windows/meterpreter/reverse_tcp doc about sleep control 2016-07-11 15:32:49 -05:00
wchen-r7 8817de793a Add module documentation for windows/meterpreter/reverse_https 2016-07-11 15:18:18 -05:00
William Webb 202969fae9
Land #7081, Add module documentation for linux/x86/meterpreter/reverse_tcp 2016-07-08 15:51:27 -05:00
wchen-r7 d0e1c67c18
Land #7026, Add Action Pack render exploit CVE-2016-2098 2016-07-07 16:16:37 -05:00
wchen-r7 201750a31b Add documentation for rails_actionpack_inline_exec 2016-07-07 16:15:51 -05:00
wchen-r7 deecb24967 Update doc 2016-07-07 11:43:03 -05:00
wchen-r7 54fa43030d Add module documentation for linux/x86/meterpreter/reverse_tcp 2016-07-07 11:39:28 -05:00
h00die 47cf6d5edf better docs, extract more data 2016-07-06 21:28:57 -04:00
wchen-r7 fee361dae0
Land #7075, Add ms16-016 local privilege escalation 2016-07-06 12:01:01 -05:00
Spencer McIntyre bd566da5ca
Minor grammar changes and versions note 2016-07-06 11:10:05 -04:00
wchen-r7 4ec69236d2 Add module documentation for python/meterpreter/reverse_tcp 2016-07-05 23:56:11 -05:00
William Webb d923a5d42d typos in mod docs 2016-07-05 22:52:35 -05:00
William Webb 899ea558e3 added module doc for ms16_016_webdav 2016-07-05 22:12:35 -05:00
Brent Cook 54dfcee665
Land #7055, add netgear_soap_password_extractor docs 2016-07-04 23:59:10 -05:00
h00die 844c13dc17 added new vuln device to netgear list, plus docs 2016-07-01 18:32:30 -04:00
Brendan 70a79bb0e8
Land #7014, Nagios remote root shell exploit 2016-07-01 08:17:38 -07:00
William Vu d42d9f8557 Add module docs to appease the Thao god 2016-07-01 01:17:27 -05:00
Tod Beardsley afbeb2b668
Land #7023, fixes for swagger exploit
Thanks @sdavis-r7!

See #7015 as well.
2016-06-30 10:54:34 -04:00
wchen-r7 70a7415185 Change description 2016-06-28 11:24:38 -05:00
Scott Lee Davis c2b4e22b46 updated with discovered changes from k kali & documentation update changes requested. 2016-06-27 01:53:20 -04:00
wchen-r7 1e7202cf9b Add module documentation for auxiliary/admin/netbios/netbios_spoof 2016-06-25 12:20:08 -05:00
h00die 1c20122648 fedora compatibility, added naming options 2016-06-25 08:43:55 -04:00
Scott Davis 5e1b7d8c0f even more clean up. 2016-06-23 14:59:11 -07:00
Scott Davis 63d8787101 added back (new) usage examples for nodejs,java,ruby,php. 2016-06-23 14:56:46 -07:00
Tod Beardsley ff741fbc35
Rename for docs 2016-06-23 14:53:49 -05:00
Tod Beardsley 92522138c5
Remove the RC files 2016-06-23 14:52:23 -05:00
Scott Lee Davis fbd0bc4308 updated as per @egypt & @todb-r7 recommendations. 2016-06-23 11:41:54 -04:00
Scott Davis 47e4321424 CVE-2016-5641 2016-06-23 06:09:37 -07:00
h00die a3b08418b9 fixed markdown 2016-06-22 20:32:51 -04:00
h00die f3b0fc320d fix up markdown 2016-06-22 20:27:52 -04:00
h00die 35e3fb3e2f fixed markdown 2016-06-22 20:15:29 -04:00
h00die bc293e2a8b fixed bad markup 2016-06-22 20:10:25 -04:00
h00die 18a3bf5f62 service persistence 2016-06-22 19:22:18 -04:00
wchen-r7 048741660c
Land #6980, Add ClamAV Remote Command Transmitter 2016-06-22 15:50:45 -05:00
wchen-r7 a1b1b31f98 Update clamav_control.md 2016-06-22 15:49:23 -05:00
wchen-r7 f5e6eccce2 Add clamav_control.md doc 2016-06-22 15:43:31 -05:00
wchen-r7 de5152401a
Land #6992, Add tiki calendar exec exploit 2016-06-22 11:18:14 -05:00
wchen-r7 8697d3d6fb Update tiki_calendar_exec module and documentation 2016-06-22 11:17:45 -05:00
h00die 9cb57d78d7 updated check and docs that 14.2 may not be vuln 2016-06-21 16:48:09 -04:00
h00die 4b8f572976 cron persistence 2016-06-20 21:45:04 -04:00
h00die c4a58fbc6c doc variable name change 2016-06-19 22:47:17 -04:00
h00die 6905a29b10 sshkey persistence 2016-06-19 22:40:03 -04:00
h00die 6fe7698b13 follow redirect automatically 2016-06-19 20:24:54 -04:00
h00die ddfd015310 functionalized calendar call, updated docs 2016-06-19 08:53:22 -04:00
h00die 1db10eec39 slight documentation update 2016-06-18 13:27:46 -04:00
h00die 3feff7533b tiki calendar 2016-06-18 13:11:11 -04:00
Brendan Watters 9ea0b8f944
Land #6934, Adds exploit for op5 configuration command execution 2016-06-16 14:36:10 -05:00
h00die cfb034fa95 fixes all previously identified issues 2016-06-15 20:58:04 -04:00
wchen-r7 1d27538545 Missing a word 2016-06-14 14:15:28 -05:00
wchen-r7 a7c778b852 Update magento_unserialize.md 2016-06-14 11:15:25 -05:00
h00die bd6eecf7b0 centreon useralias first add 2016-06-11 20:57:18 -04:00
wchen-r7 7143095b4b
Land #6947, add auxiliary/scanner/jenkins/jenkins_udp_broadcast_enum 2016-06-09 14:21:55 -05:00
wchen-r7 312342b0fd Add module documentation for jenkins_udp_broadcast_enum 2016-06-09 14:20:48 -05:00
wchen-r7 7cdadca79b
Land #6945, Add struts_dmi_rest_exec exploit 2016-06-08 23:16:46 -05:00
wchen-r7 dff60d96c8 Add mod doc for struts_dmi_rest_exec and update struts_dmi_exec.md 2016-06-08 23:15:44 -05:00
wchen-r7 036ba8057a Add module doc for symantec_brightmail_ldapcreds 2016-06-07 19:39:55 -05:00
Brendan Watters c4aa99fdac
Land #6925, ipfire proxy exec 2016-06-07 10:24:59 -05:00
Brendan Watters 7e84c808b2 Merge remote-tracking branch 'upstream/pr/6924' into dev 2016-06-07 09:24:25 -05:00
wchen-r7 b59d10d9c4
Land #6929, Add HP Data Protector Encrypted Comms exploit 2016-06-06 22:45:53 -05:00
wchen-r7 d8d6ab3ae8 Add hp_dataprotector_encrypted_comms.md 2016-06-06 22:45:17 -05:00
Brent Cook 09e721c4eb
See #6885, merge tiny whitespace fix 2016-06-03 08:00:24 -05:00
Brent Cook d5c2a8e3c8 whitespace 2016-06-03 07:59:48 -05:00
Brent Cook d371fd0798
Land #6885, add aux control module for PhoenixContact PLCs 2016-06-03 07:50:39 -05:00
Brent Cook ba9a693435 condense a little more 2016-06-03 07:50:13 -05:00
Brent Cook 064d6b3f51 wording and formatting updates 2016-06-03 07:42:54 -05:00
wchen-r7 1dad9bf7fa Correct module doc path for magento_unserialize.md 2016-06-02 17:12:39 -05:00
wchen-r7 184802d7d1 Add documentation for magento_unserialize 2016-06-02 17:10:26 -05:00
h00die 68d647edf1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework into op5 2016-06-01 18:05:18 -04:00
h00die 52d5028548 op5 config exec 2016-06-01 15:07:31 -04:00
h00die 3163af603d md fix 2016-05-30 10:25:49 -04:00
h00die 057947d7e8 ipfire proxy exec 2016-05-30 10:24:17 -04:00
h00die 9b5e3010ef doc/module cleanup 2016-05-30 06:33:48 -04:00
h00die df55f9a57c first add of ipfire shellshock 2016-05-29 20:40:12 -04:00
Tijl Deneut 2c4b387eb2 Update phoenix_command.md 2016-05-28 15:35:00 +02:00
Tijl Deneut 2afcda9d49 Did some more rubocopy work and
added module documentation
2016-05-28 15:32:18 +02:00
Brent Cook 928a706135
Land #6890, Allwinner CPU kernel module local privilege escalation 2016-05-23 22:00:52 -05:00
Brent Cook 2f8562fba4 added documentation and minor style tweaks 2016-05-23 21:59:44 -05:00
Brent Cook cf0176e68b
Land #6867, Add Dell SonicWALL Scrutinizer 11.0.1 MethodDetail SQL Injection 2016-05-16 19:00:10 -05:00
Brent Cook 21d74a64fe
Land #6874, Improve exploit for CVE-2016-0854 2016-05-14 11:08:17 -05:00
Brent Cook 2e3e4f0069
Land #6296, Added a multi-platform post module to generate TCP & UDP egress traffic 2016-05-14 00:03:00 -05:00
Brent Cook 3542d907f7 simplify description, move the bulk of documentation to documentation/ 2016-05-14 00:01:51 -05:00
wchen-r7 9114e01ed9 update doc 2016-05-13 23:31:38 -05:00
Brent Cook d398419971
Land #6832, Check LHOST value before running shell_to_meterpreter, add docs 2016-05-13 22:50:22 -05:00
Brent Cook a940481f62
Land #6834, Authorized FTP JCL exploit for z/OS 2016-05-13 21:29:45 -05:00
wchen-r7 3b5db26ff5 Fix #6872, change upload action for CVE-2016-0854 exploit
This patch includes the following changes:

* Instead of the uploadFile action, this patch uses uploadImageCommon
  to be able to support both Advantech WebAccess builds: 2014 and
  2015.
* It uses an explicit check instead of the passive version check.
* It cleans up the malicious file after getting a session.
* Added module documentation to explain the differences between
  different builds of Advantech WebAccess 8.0s, and 8.1.

Fix #6872
2016-05-13 19:47:18 -05:00
Bigendian Smalls 2d5cf6cfe4 Authorized FTP JCL exploit for z/OS
This exploit module allows a user with credentials to execute JCL on a
vulnerable mainframe system running z/OS and an appropriately configured
FTP server.
2016-05-12 14:46:31 -05:00
wchen-r7 756673fcd7 Fix another typo 2016-05-12 00:13:53 -05:00
wchen-r7 9d128cfd9f Add Dell SonicWALL Scrutinizer 11.0.1 MethodDetail SQL Injection 2016-05-11 22:27:18 -05:00
thao doan 08416c600f Grammatical and style fixes for priv_migrate 2016-05-04 11:14:29 -07:00
thao doan d617ca59f3 Land #6844, Add documentation for struts_dmi_exec 2016-05-02 14:31:34 -07:00
wchen-r7 027855def4 Add module documentation for struts_dmi_exec 2016-05-02 15:43:34 -05:00
Josh Hale 3aca699d09 Add priv_migrate.md 2016-04-30 19:02:45 -05:00
wchen-r7 2f66442f1d Fix #5191, bad LHOST format causes shell_to_meterpreter to backtrace
When using shell_to_meterpreter via a pivot, the LHOST input's format
might be invalid. This is kind of a design limitation, so first we
check the input, and there is a module doc to go with it to explain
a workaround.

Fix #5191
2016-04-28 23:03:54 -05:00
Josh Hale ffdd3b1c92 Finish up autoroute.md 2016-04-17 18:23:30 -05:00
Josh Hale fb7194c125 Work on autoroute.md 2016-04-17 00:04:42 -05:00
wchen-r7 880697d00a Add documentation for make_csv_orgchart 2016-04-07 17:17:57 -05:00
wchen-r7 c072028f0e Add documentation for post/windows/gather/ad_to_sqlite 2016-04-07 16:43:55 -05:00
wchen-r7 76c6f8c19d Move module_doc_template 2016-03-24 17:07:19 -05:00
tdoan-r7 925cc3b56f Adding docs for Lester https://issues.corp.rapid7.com/browse/MS-1193 2016-03-24 16:51:02 -05:00
tdoan-r7 0852973b18 Minor edits for the following:
https://issues.corp.rapid7.com/browse/MS-1197
https://issues.corp.rapid7.com/browse/MS-1198
https://issues.corp.rapid7.com/browse/MS-1199
https://issues.corp.rapid7.com/browse/MS-1200
https://issues.corp.rapid7.com/browse/MS-1201
2016-03-24 12:13:03 -05:00
tdoan-r7 7e5fced46b MS-1196 Minor edits to the kb for the web_delivery module 2016-03-22 12:26:55 -05:00
tdoan-r7 4c42a74d48 MS-1195 minor grammatical edits to psexec kb 2016-03-21 14:18:16 -05:00
wchen-r7 12b456e452 Add module documentation for android/meterpreter/reverse_tcp 2016-03-08 16:55:04 -06:00
wchen-r7 f831d58c1c Support tables 2016-03-08 12:19:27 -06:00
wchen-r7 698f425821 Auto <hr> 2016-03-08 11:25:15 -06:00
wchen-r7 ee63464b8c Update doc 2016-03-07 15:41:54 -06:00
wchen-r7 26b64a0702 Add correct doc for tomcat_mgr_login 2016-03-07 15:41:03 -06:00
wchen-r7 d859194e4e Update doc 2016-03-07 12:29:32 -06:00
wchen-r7 1bfbbe918c Add documentation for post/windows/gather/hashdump 2016-03-07 12:17:21 -06:00
wchen-r7 03eb568af7 Add --- to make sections to stand out more 2016-03-05 15:17:19 -06:00
wchen-r7 b82b1b0a47 Update windows/meterpreter/reverse_tcp doc 2016-03-05 15:14:05 -06:00
wchen-r7 1b39d5f593 Add work in progress: windows/meterpreter/reverse_tcp.md 2016-03-05 00:43:08 -06:00
wchen-r7 f4866fd5f0 Update template and web_delivery doc 2016-03-03 01:27:14 -06:00
wchen-r7 11964c5c1a Add remote exploit demo and web_delivery doc 2016-03-02 19:52:11 -06:00
wchen-r7 eede7c9193 Link to WbemExec writeup 2016-03-02 11:05:33 -06:00
wchen-r7 e615e1072e Update information about SMBv1 2016-03-02 10:51:45 -06:00
wchen-r7 c8e1396cb4 Add documentation for smb_login 2016-03-01 22:03:16 -06:00
wchen-r7 d4c433e29f Update psexec.md 2016-03-01 19:29:25 -06:00
wchen-r7 876a5b55f9 Update psexec.md 2016-03-01 19:06:40 -06:00
wchen-r7 f27d24fd60 Add module documentation for psexec 2016-03-01 18:52:47 -06:00
wchen-r7 99d593e9a0 missing an of 2016-03-01 15:11:29 -06:00
wchen-r7 552f2a148b Add documentation for ms08_067_netapi 2016-03-01 15:09:30 -06:00
wchen-r7 fd8e3e719d real demo 2016-02-26 14:43:53 -06:00
wchen-r7 250ce6fb17 lets be clear 2016-02-26 14:30:12 -06:00
wchen-r7 4c58b67e37 Update browser_autopwn2.md 2016-02-24 19:09:35 -06:00
wchen-r7 3125c99e45 Remove this fake doc 2016-02-24 15:17:18 -06:00
wchen-r7 3f3b76bc86 Add example md for BAP2 2016-02-18 15:39:38 -06:00
wchen-r7 509a1e8de1 Add manual for demo purposes 2016-02-16 23:18:29 -06:00