Brent Cook
86850e7062
Land #11217 , fix syntax and logic errors in badpdf module
2019-01-10 12:52:08 -06:00
sinn3r
74330f87dc
Land #11223 - ueb priv esc suggestion
...
ueb priv esc suggestion.
2019-01-10 10:35:28 -06:00
phra
dc2d3c5774
feat: add juicy potato post module, fixes #11229
2019-01-10 17:20:43 +01:00
Jacob Robles
2f939481e7
Land #11206 , add coldfusion ckeditor file upload
2019-01-10 07:27:38 -06:00
Jacob Robles
b81f59e7b1
Fix targets and syntax changes
2019-01-10 06:39:45 -06:00
h00die
799a79b715
ueb priv esc suggestion
2019-01-09 20:28:53 -05:00
Luis Rosa
4bfb90ce06
new PCOM module to send admin commands
2019-01-09 20:27:15 +00:00
William Vu
913c80c352
Land #11106 , Allen-Bradley legacy protocol DoS
2019-01-09 12:12:02 -06:00
William Vu
0f156140fe
Clean up module
2019-01-09 12:11:50 -06:00
Jacob Robles
307cc8c107
fix comment
2019-01-09 11:12:51 -06:00
Clément Notin
cf1b4b43cb
auxiliary/fileformat/badpdf: fix syntax and logic error in options handling
2019-01-09 14:30:24 +01:00
Jacob Robles
0c984fa232
Fix messages /successfuly/successfully
2019-01-09 06:32:22 -06:00
Jacob Robles
16b8cf7059
Land #11148 , Adding Module MailCleaner RCE
2019-01-08 14:10:31 -06:00
Jacob Robles
a0acfa79d7
Target payloads
2019-01-08 13:27:26 -06:00
Jacob Robles
c2da3dbbd3
Land #11052 , Add gather chrome cookies post module
2019-01-08 07:32:16 -06:00
Jacob Robles
a95384e288
Additional support and code cleanup
2019-01-08 06:57:56 -06:00
William Vu
f96514528b
Land #10648 , auth bypass for couchdb_enum
2019-01-07 12:53:11 -06:00
William Vu
3a726554e9
Fix review comments
2019-01-07 12:51:52 -06:00
Qazeer
a63c057c3a
Integrate bcoles' comments (filename generation, conditional block improvement, etc.)
2019-01-06 22:50:46 +01:00
Qazeer
c03466d2f2
Fixed date format issue and added Bugtraq ID
2019-01-06 14:34:40 +01:00
Qazeer
4644ad8966
Add CVE-2018-15961 Adobe ColdFusion CKEditor unrestricted file upload
2019-01-06 04:55:20 +01:00
Brent Cook
e990bb31df
Land #11182 , bump mettle, change debug and background options
2019-01-03 02:57:19 -06:00
Alex
811605a9b8
Cleanup headless Chrome process for meterpreter sessions
2018-12-30 18:05:41 +11:00
Brendan Coles
5957315167
Land #11141 , Ensure Byte XORi Encoder uses cacheflush()
2018-12-29 10:20:07 +00:00
Brendan Coles
005b2664b8
Land #11140 , Ensure MIPS Long XOR Encoder uses cacheflush()
2018-12-29 10:14:47 +00:00
bwatters
9e109c7e7c
Update cache size
2018-12-28 16:08:15 -06:00
Shelby Pace
29e7c49332
Land #10444 , add Consul rexec RCE module
2018-12-28 09:14:28 -06:00
Shelby Pace
fb8f06b2f5
Land #10443 , add Consul service RCE module
2018-12-28 08:33:56 -06:00
Mehmet İnce
4e8ad22a7a
Adding CVE number
2018-12-26 13:15:36 +03:00
Green-m
69e7956adf
Land #11174 , Fix platform bug when upgrade shell.
...
The platform on windows powershell should be 'win', rather than
'windows', this bug leads to failure when upgrade powershell session
to meterpreter.
2018-12-26 11:31:39 +08:00
Mehmet İnce
fa542b9691
Adding platform and arch to top level
2018-12-25 15:56:25 +03:00
L
ee7120d63a
fixed post/multi/manage/shell_to_meterpreter
2018-12-25 15:00:39 +08:00
Quentin Kaiser
18c844623a
Remove extra spaces.
2018-12-24 13:48:07 +01:00
Quentin Kaiser
e10792f4e6
Remove extra space.
2018-12-24 13:30:03 +01:00
Tim W
58aebb6dec
fix #11133 , sleep to avoid the second stage being read too early
2018-12-24 19:26:10 +08:00
Brendan Coles
98dc59728e
Add blueman set_dhcp_handler D-Bus Privilege Escalation
2018-12-24 08:03:55 +00:00
Brent Cook
b9742802aa
Land #11137 , Clean up linux/local/vmware_alsa_config exploit module
2018-12-21 17:04:11 -06:00
Garvit Dewan
81f4ed6db3
Add references and remove reserved function calls
2018-12-22 00:30:37 +05:30
Garvit Dewan
5838ad87fb
Check if directory and file exist and report accordingly
2018-12-21 19:36:01 +05:30
Jacob Robles
4bc871c499
Add CmdStager to erlang_cookie_rce
2018-12-21 07:33:37 -06:00
Garvit Dewan
ba9c7039f7
Add psreadline_history module
2018-12-21 18:18:21 +05:30
Brent Cook
c959c98161
add original public research author
2018-12-21 02:54:35 -06:00
Brent Cook
a7e8afe760
update references, remove unused metadata, use more straightforward string operations
2018-12-21 02:54:35 -06:00
Brent Cook
0dab74a71f
tweak description
2018-12-21 02:54:35 -06:00
Brent Cook
46acd7a206
simplify
2018-12-21 02:54:35 -06:00
Brent Cook
2f35695327
update web link
2018-12-21 02:54:35 -06:00
Brent Cook
ac51fbd122
style fixes
2018-12-21 02:54:35 -06:00
Brent Cook
dc6ae6f058
initial import, CVE-2016-4117 OSX exploit
2018-12-21 02:54:35 -06:00
Brent Cook
b83c6ad496
Land #11149 , fix a PTY leak in Python Meterpreter
2018-12-20 17:30:42 -06:00
Quentin Kaiser
bf2de42077
Now supports all version of Consul.
2018-12-20 18:56:07 +01:00
Quentin Kaiser
2919b970cd
Implement execution checks with a timeout limit so we don't leave zombie checks running in background.
2018-12-20 18:41:35 +01:00
Quentin Kaiser
ba5c40db77
No need for CVE field.
2018-12-20 18:18:53 +01:00
Mehmet İnce
9481ad04f2
Adding support for ARCH_CMD and updating docs
2018-12-20 12:12:01 +03:00
William Vu
5af05ad976
Land #11143 , nc -j fix for cups_root_file_read
2018-12-19 22:37:00 -06:00
Jeffrey Martin
bf4bb0a5b9
bump metasploit-payloads gem
...
Update metasploit-payloads gem to 1.3.57 to pick up
fix for Python Meterpreter PTY Leak from rapid7/metasploit-payloads#319
2018-12-19 18:19:24 -06:00
Mehmet İnce
68ceb08957
Fixing minor issues such as err codes
2018-12-19 22:17:34 +03:00
asoto-r7
d601837e03
Land #10401 , java_jmx_server scanner for Java JMX MBean servers
2018-12-19 13:12:03 -06:00
asoto-r7
50b7d93a18
java_jmx_scanner: Incorporate @bcoles suggestions
2018-12-19 12:56:53 -06:00
Wei Chen
f7eb3452be
Land #11083 , set user agent in Windows reverse_http(s) stagers
2018-12-19 11:38:12 -06:00
Mehmet İnce
e5c8c18ded
Adding Mailcleaner exec
2018-12-19 17:35:40 +03:00
Jacob Robles
6921b79890
Land #11089 , Erlang cookie rce exploit module
2018-12-19 08:02:40 -06:00
Jacob Robles
3838be0a03
Windows Hide Chrome Window
2018-12-19 05:58:11 -06:00
William Vu
1b8b3bbb95
Update nc -j check in cups_root_file_read
2018-12-18 17:38:33 -06:00
asoto-r7
51ce96a2b4
Merge branch 'jmx_scanner' of https://github.com/sgorbaty/metasploit-framework into sgorbaty-jmx_scanner
2018-12-18 16:05:03 -06:00
asoto-r7
60f3cfbb79
ysoserial: Cleaned up ysoserial payload in `hp_imc_java_deserialize`
2018-12-18 15:17:51 -06:00
Milton-Valencia
bb758f9a61
I didn't forget msftidy I swear
2018-12-18 14:55:12 -06:00
Milton-Valencia
8a2a605a99
added targets
2018-12-18 14:50:57 -06:00
Jacob Robles
0464f941a7
Add Windows Support
2018-12-18 14:17:10 -06:00
Quentin Kaiser
ef8601aa71
Bail early if we receive an unexpected response.
2018-12-18 19:42:26 +01:00
Quentin Kaiser
4ee7bdee6c
Merge branch 'consul_service_exec' of github.com:QKaiser/metasploit-framework into consul_service_exec
2018-12-18 19:33:51 +01:00
Quentin Kaiser
b3563b1bc2
Cleaner version of check function thanks to @bcoles.
2018-12-18 19:33:30 +01:00
Brendan Coles
5e134d7d8d
Update modules/exploits/multi/misc/consul_service_exec.rb
...
Co-Authored-By: QKaiser <QKaiser@users.noreply.github.com>
2018-12-18 19:27:19 +01:00
Brendan Coles
5192c081ee
Update modules/exploits/multi/misc/consul_service_exec.rb
...
Co-Authored-By: QKaiser <QKaiser@users.noreply.github.com>
2018-12-18 19:27:08 +01:00
Quentin Kaiser
6ad40deac3
print_status will never throw a JSON::ParseError exception.
2018-12-18 19:15:13 +01:00
jdiog0
b2b410cbbe
DoS Exploitation of Allen-Bradley legacy protocol (PCCC)
2018-12-18 16:49:53 +00:00
Pedro Ribeiro
1e88ce9a3d
Edit the comments to -84
2018-12-18 16:33:44 +00:00
Pedro Ribeiro
05218654f4
adjust the offset to -84
2018-12-18 16:30:47 +00:00
Pedro Ribeiro
af418ec7f7
Fix mipsle byte_xori too
2018-12-18 16:05:23 +00:00
Quentin Kaiser
a52ffbcead
Missing disclosure date.
2018-12-18 17:03:09 +01:00
Quentin Kaiser
a3d020a7e2
Add support for authorization with X-Consul-Token ACL header.
2018-12-18 16:56:03 +01:00
Quentin Kaiser
1839144978
Cleaner to define this as a Hash, then call .to_json on it.
2018-12-18 16:53:49 +01:00
Pedro Ribeiro
d40d6c4e3d
Update longxor.rb
...
Suffers from the same problem as the mipsbe version
2018-12-18 15:48:29 +00:00
Pedro Ribeiro
34c9555717
Fix byte_xori encoder
...
The byte_xori encoder for mipsbe does not work correctly. At the end of the decoding, it should invoke cacheflush() with the correct parameters:
int cacheflush(char *addr, int nbytes, int cache)
I think this is because the encoder is based of the longxori encoder, which itself is pretty old (2008), and before kernel 2.6.11, cacheflush() did not need any parameters (from the cacheflush man page):
BUGS
Linux kernels older than version 2.6.11 ignore the addr and nbytes arguments, making this function fairly expensive. Therefore, the whole cache is always flushed.
This commit fixes that by setting up the parameters correctly. As an unfortunate side effect this increases the shellcode by 16 bytes, but it is absolutely necessary for it to work properly.
Note that this bug is not present when testing the encoder output on an emulator like qemu; emulators do not need to flush the caches to work properly.
2018-12-18 15:37:47 +00:00
Quentin Kaiser
177ae2f927
fail_with is not allowed in check method. Use vprint_error and return a CheckCode instead. Cleaner response check in check function. Usage of CheckCode instead of Exploit::CheckCode.
2018-12-18 16:33:53 +01:00
Quentin Kaiser
0feadf636b
Define in RPORT and SSL in register_options rather than DefaultOptions. Support for echo and printf command stager flavors + support for curl and wget command stager flavors (hence reactivation of SRVHOST, SRVPORT, URIPATH and SSLCert).
2018-12-18 16:29:36 +01:00
Quentin Kaiser
0acdcd98f2
Merge branch 'master' into consul_service_exec
2018-12-18 16:27:08 +01:00
Quentin Kaiser
f487f978c2
Merge branch 'consul_exec' of github.com:QKaiser/metasploit-framework into consul_exec
2018-12-18 16:09:18 +01:00
Quentin Kaiser
08541cd7b9
Merge branch 'master' into consul_exec
2018-12-18 16:07:08 +01:00
Quentin Kaiser
a1e1e4a4f4
Remove useless comment.
2018-12-18 16:05:50 +01:00
Quentin Kaiser
b80e5715d4
Add support for authorization with X-Consul-Token ACL header.
2018-12-18 16:02:39 +01:00
Quentin Kaiser
551f8c5e92
Support for echo and printf command stager flavors + support for curl and wget command stager flavors (hence reactivation of SRVHOST, SRVPORT, URIPATH and SSLCert).
2018-12-18 15:48:58 +01:00
Quentin Kaiser
f290221a66
Cleaner response check in check function. Usage of CheckCode instead of Exploit::CheckCode.
2018-12-18 15:36:52 +01:00
Quentin Kaiser
aeec5cf23e
Cleaner to define this as a Hash, then call .to_json on it. Better support of agent definition in check function.
2018-12-18 15:31:30 +01:00
Quentin Kaiser
e51530688b
fail_with is not allowed in check method. Use vprint_error and return a CheckCode instead.
2018-12-18 15:09:04 +01:00
Quentin Kaiser
4682cf5796
Define in register_options rather than DefaultOptions.
2018-12-18 15:04:28 +01:00
Pedro Ribeiro
86cbddf46d
fix spacing
2018-12-18 13:35:16 +00:00
Pedro Ribeiro
fff850a07e
Make longxor encoder great again
...
The longxor encoder for mipsbe does not work correctly. At the end of the decoding, it should invoke cacheflush() with the correct parameters:
int cacheflush(char *addr, int nbytes, int cache)
The encoder previously did not setup the arguments, as it even said so in the comments:
; addiu $4, $16, -4 ; not checked by Linux
; li $5,40 ; not checked by Linux
; li $6,3 ; $6 is set above
I think this is because the encoder is pretty old (2008), and before kernel 2.6.11, cacheflush() did not need any parameters (from the cacheflush man page):
BUGS
Linux kernels older than version 2.6.11 ignore the addr and nbytes arguments, making this function fairly expensive. Therefore, the
whole cache is always flushed.
This commit fixes that by setting up the parameters correctly. As an unfortunate side effect this increases the shellcode by 16 bytes, but it is absolutely necessary for it to work properly.
Note that this bug is not present when testing the encoder output on an emulator like qemu; emulators do not need to flush the caches to work properly.
As an added bonus I have also made it compatible with toupper() restrictions, which is common in web server exploits too. This did not add any extra bytes to the encoder.
2018-12-18 12:30:55 +00:00
Brent Cook
fc2d217c0a
Land #11135 , strip comments from source code before uploading it to the target
2018-12-17 21:23:29 -06:00
Brent Cook
333d44186b
Land #11138 , add reverse_tcp mixin for vax payload
2018-12-17 21:17:40 -06:00
bwatters
bf13693d37
Land #11101 , temp fix for x64/xor stage encoder
...
Merge branch 'land-11101' into upstream-master
2018-12-17 14:14:55 -06:00
LouDnl
2a69fffa6b
fix for ReverseTcp error
...
Update vax shell_reverse_tcp.rb to fix ReverseTcp NameError
Error:
/opt/metasploit-framework/embedded/framework/modules/payloads/singles/bsd/vax/shell_reverse_tcp.rb:24:in `initialize': uninitialized constant Msf::Handler::ReverseTcp (NameError)
After adding this line the error dissapeared for me and I was able to run msfconsole again.
2018-12-17 19:28:07 +01:00
Shelby Pace
2fc501d260
Land #11112 , Fix bpf_priv_esc exploit module
2018-12-17 10:00:50 -06:00
Jacob Robles
7839add2fd
Land #11123 , Add module windows persistent service
2018-12-17 09:07:21 -06:00
Jacob Robles
88b7b7df4a
Fix additional path space issues
2018-12-17 07:00:23 -06:00
Brendan Coles
d973a58052
Clean up linux/local/vmware_alsa_config
2018-12-17 08:01:34 +00:00
Green-m
0aa6e5a640
Handle path with spaces correctly.
2018-12-17 10:25:06 +08:00
Brendan Coles
fcb512878c
Add strip_comments method to Linux local exploits
2018-12-16 14:11:54 +00:00
Wei Chen
5bf28887d2
Land #11127 , Fix TARGETURI support in struts2_namespace_ognl
2018-12-15 09:33:48 -06:00
Brendan Coles
b8e134b95d
Update version check
2018-12-15 05:39:50 +00:00
Francesco Soncina
6237740116
lint: remove spaces
2018-12-15 01:02:13 +01:00
epi
cb3ea8dfed
Remove binding.pry from bind payload.
...
In response to
https://github.com/rapid7/metasploit-framework/pull/11039#discussion_r241890477 .
2018-12-14 16:32:19 -06:00
asoto-r7
cd2dbf0edf
ysoserial: Modified `hp_imc_java_deserialize` to use the library
2018-12-14 16:13:17 -06:00
Jacob Robles
8adfef5730
Remove Version, Fix Whitespace
2018-12-14 13:19:49 -06:00
Jacob Robles
e67eaa94c9
Move code to ERB template
2018-12-14 13:13:32 -06:00
William Vu
38bdee19e8
Fix TARGETURI support in struts2_namespace_ognl
2018-12-14 13:08:50 -06:00
Auxilus
6c9fafb9d5
Delete unused variable
...
I suppose the variable 'f' was for Name in 06720ee18b/modules/exploits/linux/smtp/haraka.py (L70)
I'm not sure, should it be 'f' at 06720ee18b/modules/exploits/linux/smtp/haraka.py (L70)
or just the way it is atm?
2018-12-14 22:27:11 +05:30
Jacob Robles
556d182231
Remove code that was replaced
2018-12-14 09:15:01 -06:00
Jacob Robles
a057b72bd9
Use argument
2018-12-14 09:14:27 -06:00
Jacob Robles
dfa84aa1af
Use exploit default exception handling
2018-12-14 09:12:32 -06:00
Jacob Robles
5fd7b82f7a
Remove unused parameter
2018-12-14 09:10:29 -06:00
Brent Cook
673cfe6889
Land #11119 , Add WEBUI_PORT to hp_van_sdn_cmd_inject exploit
2018-12-13 16:15:53 -06:00
Jacob Robles
58aa16d06b
Work around snprintf
2018-12-13 14:29:54 -06:00
bwatters-r7
f00118851a
Revert "Land #10886 , Bypassuac computerdefault"
...
This reverts commit 14b2cdc120
, reversing
changes made to a79b936e09
.
2018-12-13 13:56:16 -06:00
Wei Chen
cc7cb7302e
Land #10944 , Add macOS Safari exploit from pwn2own2018
2018-12-13 13:50:19 -06:00
Jacob Robles
92feeea0ca
Minor syntax change
2018-12-13 13:46:40 -06:00
William Vu
cb5648a1c7
Add WEBUI_PORT to hp_van_sdn_cmd_inject exploit
2018-12-13 12:22:36 -06:00
Milton-Valencia
3f1aa425b4
msftidy....lol
2018-12-13 11:03:41 -06:00
Milton-Valencia
2e26ceac8f
added comments
2018-12-13 10:55:09 -06:00
bwatters-r7
89e4e8bdea
Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master
2018-12-13 09:30:10 -06:00
William Vu
8b79634338
Update a few stragglers
...
And since eaton_xpert_backdoor was copied from my fortinet_backdoor
module, update the error handling there, too.
2018-12-12 15:47:18 -06:00
William Vu
e69f006992
Remove CommandShell mixin in exploits
...
This was cargo culting. Exploits use handler instead of start_session.
2018-12-12 15:43:13 -06:00
William Vu
6e77ae7e3e
Update my SSH scanner modules
...
Especially with proper error handling for Net::SSH::CommandStream.
2018-12-12 15:36:54 -06:00
Stephen Haywood
7cffbac65b
Update additional scanner modules.
2018-12-12 15:32:31 -06:00
Stephen Haywood
fa2164ebb9
Update to match coding style.
2018-12-12 15:32:31 -06:00
Stephen Haywood
eceb47a9da
Move CREATE_SESSION option to advanced option CreateSession
2018-12-12 15:32:31 -06:00
Stephen Haywood
8a7187ad79
Add CREATE_SESSION option to CommanShell
...
Register the CREATE_SESSION option in command_shell_options so it
can be used with all modules that use start_session.
Modify ssh_login.rb, ssh_login_pubkey.rb, and telnet_login.rb to
use the new CREATE_SESSION option.
When CREATE_SESSION is set to true (default) a new session is
created with each successful login. When set to false a new session
is not created but the successful login is still registered in the
credentials database.
2018-12-12 15:32:31 -06:00
Stephen Haywood
904f342848
Option to not create shell on login.
2018-12-12 15:32:30 -06:00
Wei Chen
8ffd9e47b0
Up to date PR10429
2018-12-12 13:30:58 -06:00
Wei Chen
96c281daef
Add send_not_found and module documentation for webdav_delivery
2018-12-12 13:26:46 -06:00
Brendan Coles
68d451711b
Fix bpf_priv_esc module
2018-12-12 17:23:12 +00:00
Jacob Robles
ea724dec46
Merge in upstream/master
2018-12-12 11:00:31 -06:00
William Vu
aa0c206b4b
Land #11107 , double negative logic cleanup
2018-12-11 20:29:53 -06:00
Shelby Pace
ae089ce573
Land #10960 , add wp duplicator code inject module
2018-12-11 12:02:07 -06:00
Shelby Pace
b82e3469a2
renamed module and doc
2018-12-11 11:59:19 -06:00
Julien Legras
7e953e34b9
Added the clean_up function
2018-12-11 18:13:46 +01:00
bwatters
b109321b44
Kill `unless not`
2018-12-11 10:16:16 -06:00
bwatters
ac88c604fd
Remove copy/pasta'd funtion that was never called
2018-12-11 10:02:36 -06:00
Jacob Robles
1ab69c221c
Land #11040 , Add CyberLink LabelPrint Local BOF
2018-12-11 08:19:51 -06:00
Jacob Robles
165f082160
Fix syntax, minor edits
2018-12-11 07:55:20 -06:00
Francesco Soncina
ff2d048530
fixes: update x86/xor_dynamic for #11100
2018-12-10 22:45:45 +01:00
Francesco Soncina
a94e52ca31
fixes: updates x64/xor_dynamic for #11100
2018-12-10 22:42:31 +01:00
William Vu
3f18ffa224
Land #10318 , Oracle function-based index privesc
2018-12-10 11:32:39 -06:00
William Vu
d0f1f72426
Clean up module
2018-12-10 11:21:16 -06:00
Brent Cook
bc6356a2cd
Land #11090 , update code and style for exploit/linux/local/glibc_origin_expansion_priv_esc
2018-12-10 09:59:03 -06:00
Milton-Valencia
565f2e3e38
wait wrong
2018-12-09 19:23:54 -06:00
Milton-Valencia
ee2ed46143
added date based on man page
2018-12-09 19:17:22 -06:00
Milton-Valencia
f6bfbddb8d
twks
2018-12-09 15:59:58 -06:00
Milton-Valencia
2beddf1012
req changes
2018-12-09 15:01:09 -06:00
Brendan Coles
237d3c86c4
Code cleanup and update style
2018-12-09 07:26:51 +00:00
Milton-Valencia
39229125b7
tweak
2018-12-09 00:22:49 -06:00
Milton-Valencia
02f3d4688f
changes
2018-12-09 00:10:54 -06:00
Milton-Valencia
69ed80f685
varys -> varies
2018-12-08 22:51:52 -06:00
Milton-Valencia
fcad3f0c8f
erlang cookie rce exploit module
2018-12-08 22:36:56 -06:00
Brendan Coles
a9c0a5d53d
Use ::File::binread for exploit_data file read
2018-12-09 04:09:56 +00:00
Alex
c5015c62b8
Simplify Chrome Gather Cookies
...
Module now uses Chrome itself as a websocket client, reading websockets
via js. It no longer downloads and executes `websocat`.
2018-12-09 09:52:45 +11:00
Brent Cook
d3fc707c98
Land #11080 , update mettle payloads
2018-12-08 09:51:37 -06:00
Brent Cook
3768f79568
Land #11085 , add lkrg_installed? checks to various modules
2018-12-08 09:19:33 -06:00
Brent Cook
733c2f637d
Land #11081 , Add Msf::Post::Linux::Kernel.lkrg_installed? method
2018-12-08 09:14:57 -06:00
Brendan Coles
d8ab6a552b
Add lkrg_installed? checks
2018-12-08 13:37:12 +00:00
Brent Cook
2e5e392085
Land #11079 , add kernel configuration checks to local exploits
2018-12-08 06:58:48 -06:00
Brent Cook
0ce05f0c07
update payload sizes
2018-12-08 06:24:02 -06:00
Brent Cook
df76521100
Land #11066 , add rpc output locking, fix logging
2018-12-07 13:49:10 -06:00
Brent Cook
7f4d97ef46
don't embed status characters in messages, use correct logging instead
2018-12-07 13:29:56 -06:00
Brendan Coles
80d83720df
Add Msf::Post::Linux::Kernel.lkrg_installed? method
2018-12-07 14:42:16 +00:00
Brendan Coles
275c043cfd
Add kernel_config checks
2018-12-07 03:28:17 +00:00
Brent Cook
0345c8f66c
update mettle payloads
...
This is a large update to mettle payloads including:
* Adds globbing support to the `ls` command (https://github.com/rapid7/mettle/pull/139 )
* Fixes crashes on iOS platforms when cryptTLV is enabled (https://github.com/rapid7/mettle/pull/142 )
* Fixes display of the OS version on macOS and iOS (https://github.com/rapid7/mettle/pull/143 )
* Fixes the local port handling for pivoted client network connections (https://github.com/rapid7/mettle/pull/144 )
* Fixes an unaligned memory access in TLV packet handling, needed for some CPUs (https://github.com/rapid7/mettle/pull/145 )
* Fixes some compatibility issues building on Solaris (https://github.com/rapid7/mettle/pull/147 )
* Updated libpcap, mbedtls, and libcurl to the latest versions (https://github.com/rapid7/mettle/pull/146 )
2018-12-06 21:16:41 -06:00
Brent Cook
7d8458d8d4
Land #11076 , Prevent storing empty config files as loot
2018-12-06 20:30:08 -06:00
epi
c3a40d3752
Remove trailing whitespace at EOL.
2018-12-06 20:18:21 -06:00
Brent Cook
71f84fe6a7
Land #11060 , Add checks to post/linux/gather/enum_protections
2018-12-06 20:17:50 -06:00
epi
392ad18dba
Implement reverse_ipv6 shellcode via metasm in lib.
...
Per the linked request
https://github.com/rapid7/metasploit-framework/pull/11039#issuecomment-443915955
Rewrote previous version of payload module to make use of metasm for
more reusable shellcode.
2018-12-06 20:10:07 -06:00
epi
f728b46a80
WIP on add-linux-x64-ipv6-bind-shell: 87fa3af6b9
Implement shellcode via metasm in lib.
2018-12-06 16:23:20 -06:00
Tod Beardsley
140833215f
Add CVE as issued by DWF
...
See discussion on #10987 .
Now that I said that out loud, I realize that the original PR for this
module is a really funny PR number.
2018-12-06 14:59:05 -06:00
Brendan Coles
eecc5d60e0
Prevent storing empty config files as loot
2018-12-06 13:06:50 +00:00
Berk Dusunur
f94559a36a
Update nuuo_nvrmini_upgrade_rce.rb
2018-12-06 07:09:44 +03:00
Berk Dusunur
9d7389b448
Update nuuo_nvrmini_upgrade_rce.rb
2018-12-06 07:04:24 +03:00
Berk Dusunur
cbe3f0eec9
Update nuuo_nvrmini_upgrade_rce.rb
2018-12-06 06:36:29 +03:00
Berk Dusunur
4880dcbda8
Update nuuo_nvrmini_upgrade_rce.rb
2018-12-06 06:34:13 +03:00
Berk Dusunur
ca558d4b14
Update nuuo_nvrmini_upgrade_rce.rb
2018-12-06 06:26:34 +03:00
Berk Dusunur
c72065987b
Update nuuo_nvrmini_upgrade_rce.rb
2018-12-06 06:19:16 +03:00
Berk Dusunur
3ac5096e1a
Create nuuo_nvrmini_upgrade_rce.rb
2018-12-06 05:51:10 +03:00
Christopher Lee
b0560c1ec8
Centralize logging sync, fix minor logging issues
2018-12-05 12:42:44 -06:00
epi
87fa3af6b9
Implement shellcode via metasm in lib.
...
Per the linked request
https://github.com/rapid7/metasploit-framework/pull/11039#issuecomment-443915955
Rewrote previous payload module to make use of metasm for more reusable
shellcode.
2018-12-05 06:14:31 -06:00
Julien Legras
224e782772
Cleaned the create_wp_config_file function
2018-12-05 10:56:22 +01:00
Julien Legras
2774c17ca1
Replaced print_error and return with a fail_with
2018-12-05 10:11:09 +01:00
Thomas Gregory
1bc024eaa7
Update cyberlink_lpp_bof.rb
...
Update includes all suggestions and new targets (Win8.1 x64 and Win10 x64)
2018-12-05 14:53:10 +07:00
Julien Legras
2735c71bda
Fixed typos, removed not working cleaning
2018-12-04 18:42:54 +01:00
Brent Cook
55a9a12670
Land #10964 , add initial golang modules for enumerating owa/o365
2018-12-04 10:33:37 -06:00
Brendan Coles
40906e0b36
Add checks to post/linux/gather/enum_protections
2018-12-04 11:57:24 +00:00
Julien Legras
b58342843b
Refactored check
2018-12-04 12:03:49 +01:00
asoto-r7
c27c149a4d
Land #10947 , HPE Intelligent Management Center Java Deserialization RCE
2018-12-03 17:07:31 -06:00
asoto-r7
0f82b207c4
hp_imc_java_deserialize: Repro steps for JSONSS ysoserial payload sections
2018-12-03 17:03:04 -06:00
asoto-r7
3f930ff141
hp_imc_java_deserialize: Default WfsDelay to 10 seconds to increase reliability
2018-12-03 16:36:37 -06:00
Brent Cook
ffb57387b4
Land #11049 , Add Emacs movemail local exploit
2018-12-03 12:43:56 -06:00
William Vu
4242de3468
Refactor check method
2018-12-03 12:22:40 -06:00
bwatters-r7
df9c3da47e
Land #10842 , Add Windows Post Module to roll back Windows Defender signatures
...
Merge branch 'land-10842' into upstream-master
2018-12-03 10:57:38 -06:00
Christopher Lee
b11bcd92a4
Broken into 3 modules, addressed review comments
2018-12-03 10:25:21 -06:00
Jeffrey Martin
ab1bea1b22
Land #10798 , Cisco device manager update
2018-12-03 01:39:19 -06:00
Brendan Coles
58dde9ff33
Apply suggestions from code review
...
Co-Authored-By: defaultnamehere <defaultnamehere@users.noreply.github.com>
2018-12-03 18:39:07 +11:00
Alex
d0aca05c69
Add post/chrome/gather/cookies module
2018-12-03 16:07:50 +11:00
William Vu
d1220bc170
Add Emacs movemail local exploit
2018-12-01 12:05:08 -06:00
epi
8cece2cf54
Add Linux x86_64 IPv6 Inline Bind Shell
...
Implements inline x86_64 Linux bourne bind shell over IPv6.
2018-12-01 07:39:38 -06:00
bwatters-r7
a801d741c9
Remove old module
2018-11-30 17:28:54 -06:00
bwatters-r7
70031b6721
Shut up msftidy and document updates
2018-11-30 16:41:40 -06:00
bwatters-r7
3c992b7af1
Updated documentation and added options in the module to update or roll back
...
definitions
2018-11-30 16:25:33 -06:00
bwatters-r7
a41b9a77d8
Change the module name, fix cleanup, add documentation
2018-11-30 15:20:34 -06:00
Christopher Lee
5b926bcbcf
Addressed feedback
2018-11-30 13:18:02 -06:00
Christopher Lee
6225c04b99
Address review feedback, fix bugs
2018-11-30 11:36:39 -06:00
Moshe Kaplan
bd41895fc4
Removed "randomizer"
2018-11-30 09:44:14 -05:00
Brendan Coles
1eeb1005db
Update modules/auxiliary/admin/oracle/oracle_index_privesc.rb
...
Use print_error for errors and print the error details,
Co-Authored-By: moshekaplan <me@moshekaplan.com>
2018-11-30 09:39:57 -05:00
Julien Legras
6874dddc55
Fix space at EOL and sed replace
2018-11-30 15:26:14 +01:00
Julien Legras
a4ee221333
Fixed the timeout for web requests
2018-11-30 14:47:41 +01:00
Jacob Robles
8047bf2b09
Add authenticating... message
2018-11-30 07:24:35 -06:00
Jacob Robles
b31afb4e3d
Spaces at EOL fixes
2018-11-29 17:29:05 -06:00
Jacob Robles
fcbc0cddba
Land #11035 , improve fingerprinting for Cisco ASA VPN scanner
2018-11-29 16:41:22 -06:00
Jacob Robles
dec08a0b43
Land #10954 , apache spark unauth rce module
2018-11-29 13:56:21 -06:00
Jacob Robles
88ca775fd3
Land #10952 , WP GDPR Compliance plugin exploit
2018-11-29 13:31:31 -06:00
Julien Legras
160015d3a7
Check the HTTP response first
2018-11-29 18:54:07 +01:00
Julien Legras
984354194f
Check the HTTP response first
2018-11-29 18:49:41 +01:00
bwatters-r7
1304f93f1f
Add more checks and a cleanup function
2018-11-29 10:39:46 -06:00
Jacob Robles
01af176679
Change delay implementation
2018-11-29 10:05:47 -06:00
Jacob Robles
ed6c2896e3
Remove duplicate check
2018-11-29 10:04:51 -06:00
Jacob Robles
8508824cc2
Modify check logic
2018-11-29 10:04:05 -06:00
Julien Legras
2b61c4e118
Fixes for PR
2018-11-29 15:02:03 +01:00
Thomas Gregory
a4c3b8edc7
Add CyberLink LabelPrint < 2.5 - Local Buffer Overflow (SEH Unicode)
...
Add CyberLink LabelPrint < 2.5 - Local Buffer Overflow (SEH Unicode)
2018-11-29 20:20:05 +07:00
Jacob Robles
3de07f1bff
Add Notes metadata and warning
2018-11-29 06:35:37 -06:00
Jacob Robles
bfaa6cb416
Add module suggestion
2018-11-29 06:23:45 -06:00
epi
5058afb615
Fixed lport and scopeid offsets.
...
Offsets for scopeid and lport were incorrect in the previous commit.
Updated offsets to the correct values. Confirmed by viewing the connect
syscall values with strace.
2018-11-29 05:42:54 -06:00
epi
947f5ffbf3
Add Linux x86_64 IPv6 Inline Reverse Shell
...
Implements inline x86_64 Linux reverse bourne shell over IPv6.
2018-11-28 21:58:12 -06:00
Green-m
4888ec0c29
Delete unused variable.
2018-11-29 10:48:25 +08:00
Jacob Robles
6845f44a2e
Logic...
2018-11-28 20:26:27 -06:00
Jacob Robles
2864c30965
Fix fail_with issue
2018-11-28 20:18:03 -06:00
Jacob Robles
e142f5716e
Update documentation
2018-11-28 19:08:01 -06:00
Jacob Robles
1af7cf2b3b
Update print statements
2018-11-28 18:03:55 -06:00
Jacob Robles
c4959da77f
Email validation and user registration
2018-11-28 17:56:55 -06:00
Jacob Robles
9c0c9b3ba9
Use warnings when changing config options
2018-11-28 17:44:02 -06:00
Jacob Robles
43cef24f6b
Fix version check
2018-11-28 17:43:33 -06:00
Brent Cook
bff261616c
improve fingerprinting for Cisco ASA VPN scanner
2018-11-28 14:30:17 -06:00
asoto-r7
504237c77a
Land #10877 , ibm-mq-login username/password checker
2018-11-28 11:36:53 -06:00
asoto-r7
84f0a59fe6
ibm_mq_login: Added support for WebSphere 9 via the PASSWORD option
2018-11-28 11:08:37 -06:00
Green-m
ca0a2684f5
Randomize payload main class.
2018-11-28 11:26:51 +08:00