Touhid M Shaikh
fefaa45a50
playsms_CVE-2017-9101
...
playsms_CVE-2017-9101
2018-05-07 18:53:07 +05:30
Jacob Robles
222b1fb27c
Land #9944 , playsms_filename_exec.rb
2018-05-07 07:43:16 -05:00
Jacob Robles
601411fe7b
store credentials
2018-05-07 07:26:28 -05:00
Jacob Robles
4b8ceab522
Fix indentation, update documentation
2018-05-07 07:22:53 -05:00
Brendan Coles
5ae9b0185d
Add AF_PACKET chocobo_root Privilege Escalation exploit
2018-05-07 07:11:07 +00:00
Brent Cook
a4ecd43a8f
remove unused constants
2018-05-07 00:24:38 -05:00
Jacob Robles
534d05ff44
simpleclient versions option
2018-05-07 00:24:38 -05:00
Jacob Robles
ff202a5f5b
Simpleclient/SMB2 support
2018-05-07 00:24:38 -05:00
HD Moore
2a211d99af
Nuke base_directory after all, FileDropper does not like our path
2018-05-06 22:58:06 -05:00
HD Moore
a9f9d61f1e
Use the target_directory, not base
2018-05-06 22:56:59 -05:00
HD Moore
cd48507aab
Use FileDropper, switch to earlier target directory
2018-05-06 22:56:36 -05:00
HD Moore
1f7b13bea8
Additional module cleanup
2018-05-06 22:50:13 -05:00
HD Moore
3d172df0c4
MD5 of TID and cleanup if statement
2018-05-06 22:24:36 -05:00
HD Moore
68f2e08400
Swap to positive logic
2018-05-06 22:22:47 -05:00
HD Moore
9712215e66
Add Bugtraq ID
2018-05-06 22:21:13 -05:00
HD Moore
5d57e9db34
Remove unnecessary RHOST definition
2018-05-06 22:20:51 -05:00
Auxilus
a612c4cc65
Update wireless_ap.rb
2018-05-06 17:37:12 +05:30
Auxilus
6bd31d7921
Update wireless_ap.rb
2018-05-06 17:33:20 +05:30
Auxilus
f32fda6757
Update wireless_ap.rb
2018-05-06 16:52:18 +05:30
Tim W
3e949733e2
fix wpa_supplicant parsing
2018-05-06 19:11:35 +08:00
HD Moore
8141e949fc
Note the runtimes
2018-05-05 18:34:11 -05:00
HD Moore
e775a97ae2
Adds panos_readsessionvars exploit module
2018-05-05 15:41:17 -05:00
Tim W
5f01b6abc9
Land #9977 , fix crash during x64 linux reverse_tcp stager retry
2018-05-05 17:13:00 +08:00
Brendan Coles
3aa7441e10
Update tested versions
2018-05-05 09:11:31 +00:00
Tim W
4216d06ffb
fix #9963 , update x64 linux reverse_tcp stager cached size
2018-05-05 16:30:45 +08:00
Brendan Coles
24af15b6e7
Update kernel version and system arch detection
2018-05-05 07:16:53 +00:00
Auxilus
40b6b97dbf
Update enum_network.rb
2018-05-05 10:56:55 +05:30
Auxilus
ec55a631ef
Check if the data is nil before pasisng to store_loot
...
when I ran this module for linux/aarch64/meterpreter_reverse_tcp for payload running in termux, it was obvious that without root the commands will return error, It still created empty files in `.msf4/loot`
```
msf5 post(linux/gather/enum_network) > run
[*] Running module against localhost.localdomain
[*] Module running as /system/bin/sh: /usr/bin/whoami: not found
[+] Info:
[+]
[+] Linux localhost 3.10.84-perf+ #1 SMP PREEMPT Tue Oct 24 01:07:25 CST 2017 aarch64 Android
[*] Collecting data...
[+] /system/bin/sh: /sbin/route: not found
[-] Failed to open file: /etc/ssh/sshd_config: core_channel_open: Operation failed: 1
[-] unable to get data for Network config
[+] Network config stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_735775.txt
[-] unable to get data for Route table
[+] Route table stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_599334.txt
[-] unable to get data for Firewall config
[+] Firewall config stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_790893.txt
[-] unable to get data for DNS config
[+] DNS config stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_867340.txt
[-] unable to get data for SSHD config
[+] SSHD config stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_900906.txt [-] unable to get data for Host file
[+] Host file stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_179877.txt
[-] unable to get data for Active connections
[+] Active connections stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_656035.txt [-] unable to get data for Wireless information
[+] Wireless information stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_168144.txt
[-] unable to get data for Listening ports
[+] Listening ports stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_999548.txt [-] unable to get data for If-Up/If-Down
[+] If-Up/If-Down stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_860869.txt
[*] Post module execution completed
msf5 post(linux/gather/enum_network) >
```
2018-05-05 10:52:08 +05:30
Brendan Coles
cb29b4cf7a
Update Local Exploit Suggester - Fix #9974
2018-05-05 04:41:58 +00:00
Aaron Soto
2cd0d3d90a
Rudamentary SOCKS5 functionality, CONNECT, IPv4, non-DNS only
2018-05-04 14:44:03 -05:00
Touhid M Shaikh
71d6841471
updated
...
indentation and fix CVE
2018-05-04 21:33:07 +05:30
Touhid M Shaikh
aa69fc9e77
updated
...
print_status to vprint_status
2018-05-04 21:13:26 +05:30
Touhid M Shaikh
e824f0f8b0
updated
...
added CVE, URL and done randomizing content
2018-05-04 21:00:04 +05:30
William Vu
88f09dc302
Update a few stragglers in Drupalgeddon 2
...
1. I added a missed header and YARD to the Drupal mixin.
2. I decided to match discovered versions more liberally.
2018-05-03 18:35:25 -05:00
William Vu
728d7bc065
Fix #9876 , second round of Drupalgeddon 2 updates
...
Thanks to a reviewer for noticing my drupal_unpatched? method was
tri-state because of an unrefactored return. Oops! :)
2018-05-03 17:38:32 -05:00
bwatters-r7
ce5be387c4
Land #8795 , Added CVE-2016-0040 Windows Privilege Escalation
...
Merge branch 'land-8795' into upstream-master
2018-05-03 16:33:53 -05:00
bwatters-r7
96b892a546
Make Rubocop happy
2018-05-03 11:30:05 -05:00
Brendan Coles
3a688451b6
Add Reliable Datagram Sockets (RDS) Privilege Escalation
2018-05-03 12:51:21 +00:00
Tim W
50300426ca
fix feedback from code review
2018-05-03 18:28:14 +08:00
Borja Merino
916dfa56fe
Add author name to the wlan_probe_request post-exploitation module
2018-05-03 11:41:09 +02:00
Auxilus
98d81476f7
Fix get_password for pwds with `"`, `=` etc
2018-05-02 19:09:36 +05:30
Auxilus
fa727f5394
Update wireless_ap.rb
2018-05-02 18:22:00 +05:30
Jacob Robles
d6cf32fad8
Land #9821 , osCommerce 2.3.4.1 - Remote Code Execution
2018-05-02 07:29:15 -05:00
Jacob Robles
fc2c42f725
Land #9960 , fix continuation warnings in payloads
2018-05-02 06:28:17 -05:00
Auxilus
773e06b3ca
Update wireless_ap.rb
2018-05-02 01:28:15 +05:30
Auxilus
2817ff25cb
Update wireless_ap.rb
2018-05-02 00:00:34 +05:30
Auxilus
614de11a9c
Update wireless_ap.rb
2018-05-02 00:00:05 +05:30
Auxilus
9b00a5cffb
store loot
2018-05-01 23:10:29 +05:30
Auxilus
29467c2e37
Stylize the output
2018-05-01 22:58:17 +05:30
Jacob Robles
4a56ecf3ae
psexec native upload argument
2018-05-01 09:33:17 -05:00
Brent Cook
34f8a9a5ee
fix continuation warnings in payloads
2018-05-01 04:57:42 -05:00
Jeffrey Martin
28173222a8
Land #9881 , cleanup psexec code
2018-04-30 18:39:36 -05:00
Brent Cook
e29a53b7cb
Land #9951 , Update linux/gather/enum_protections module
2018-04-30 16:52:30 -05:00
Brent Cook
f3fa9af098
fixup osx sizes
2018-04-30 15:21:23 -05:00
Brent Cook
7e31c2cf76
Land #9942 , IPv6 channel fixes for Python and Linux/macOS Meterpreters
2018-04-30 15:14:12 -05:00
Auxilus
bc0cad43bc
Update wireless_ap.rb
2018-04-30 19:19:12 +05:30
Auxilus
ca7afae730
Add wireless_ap post module for Android
...
This module displays all the saved wireless AP creds in the target device
2018-04-30 19:02:30 +05:30
Lars Sorenson
2ca05ee7c1
Remove explicit EDB url in favor of MSF autogenerated one
...
Use more appropriate Failwith errors for connection issues
Remove an unnecessary `to_s` call
Use the cookie kwarg for send_request_cgi over explicitly setting a header
2018-04-29 22:24:49 -04:00
Brendan Coles
3351a59efb
Update linux/gather/enum_protections
2018-04-29 06:52:47 +00:00
Chris Long
9ae0acd489
Removing debug statement
2018-04-28 15:56:56 -07:00
Chris Long
c7caac627b
Replacing Import with Fiddle, adding fork compatibility for High Sierra
2018-04-28 15:53:23 -07:00
Brendan Coles
f7504dd9d5
Add AF_PACKET packet_set_ring Privilege Escalation exploit
2018-04-28 01:40:17 +00:00
Aaron Soto
c4bca03fea
Land #9908 , msfd_rce_remote and msfd_rce_browser
2018-04-27 18:54:17 -05:00
Aaron Soto
82fc4aba64
Land #9918 , XDebug Unauthenticated OS command execution
2018-04-27 17:08:58 -05:00
Touhid M Shaikh
ce099aea76
playsms_filename_exec.rb
...
PlaySMS sendfromfile.php Authenticated "Filename" Field Code Execution
2018-04-28 01:15:52 +05:30
Brent Cook
8fd7448e48
bump payloads, ipv6 channel fixes
2018-04-27 14:18:54 -05:00
Auxilus
d29bc920c1
print o/p to new line
2018-04-27 20:58:25 +05:30
Auxilus
912970ad3b
change vprint to print for printing o/p in psexec_command
2018-04-27 20:47:21 +05:30
Auxilus
0374de5e0d
change vprint to print for printing o/p
2018-04-27 10:49:04 +05:30
Auxilus
25cf8d175a
report command execution o/p
2018-04-27 08:43:30 +05:30
Brent Cook
79d8f5e86c
autofilter = false means skip, which is reverse of intuition
2018-04-26 17:20:55 -05:00
Jeffrey Martin
54aaf1f718
Land #9937 , enable autofilter on tp-link camera exploit
2018-04-26 16:08:09 -05:00
Brent Cook
4789cdc596
enable autofilter on tp-link camera exploit
2018-04-26 14:56:39 -05:00
Brent Cook
0fa0358993
Land #9853 , Update Linux sock_sendpage local exploit module
2018-04-26 14:30:51 -05:00
William Vu
873cbcee27
Fix #9876 , minor updates to Drupalgeddon 2
...
1. Tested versions are already listed in the module doc, and we've
tested more than just 7.57 and 8.4.5 now. Removing a source of potential
inconsistency in the future.
2. No problem with ivars anymore. No idea what happened, but maybe I was
just too tired to code. Removing cleanup method.
2018-04-25 18:09:54 -05:00
Brent Cook
f52e6a18a2
Land #9876 , Drupalgeddon 2
2018-04-25 15:49:53 -05:00
William Vu
b8eb7f2a86
Set target type instead of regexing names
...
We're no longer matching multiple targets like /In-Memory/ or /Dropper/,
so it makes sense to match on a specific value now.
Old matching in this commit: 1900aa2708
.
2018-04-25 11:53:26 -05:00
Brent Cook
2cd0228db2
Land #9900 , add base64 encoder for ruby
2018-04-25 04:06:50 -05:00
Brent Cook
4cba6d1df4
suggest a reason if we get no server response
2018-04-25 03:57:12 -05:00
William Vu
910e9337fb
Use print_good for patch level check, oops
2018-04-24 23:21:22 -05:00
William Vu
b7ac16038b
Correct comment about PHP CLI (it's not our last!)
2018-04-24 23:18:51 -05:00
William Vu
ec43801564
Add check for patch level in CHANGELOG.txt
...
Looks like 8.x has core/CHANGELOG.txt instead.
2018-04-24 23:12:33 -05:00
William Vu
2ff0e597a0
Add SA-CORE-2018-002 as an AKA ref
...
Makes sense to me. Even though it's technically the advisory.
2018-04-24 22:51:33 -05:00
Auxilus
382a7f8aa3
Merge https://github.com/rapid7/metasploit-framework into psexec_cleanup
2018-04-25 09:09:48 +05:30
William Vu
8bc1417c8c
Use PHP_FUNC as a fallback in case assert() fails
...
Additionally drop a file in a writable directory in case CWD fails.
2018-04-24 22:29:27 -05:00
Auxilus
cbfdaf23a0
updated for requested changes
2018-04-25 08:56:54 +05:30
William Vu
8ff4407ca6
Clarify version detection error message
...
This was supposed to imply that we couldn't configure the exploit for a
targetable version. Instead, it just read weirdly. I think it was
missing "to target" at the end. "Determine" is a much better word,
though, since we may be doing detection instead of mere configuration.
2018-04-24 20:51:51 -05:00
Auxilus
e7ac2cd155
move report_auth to psexec module
2018-04-24 23:00:55 +05:30
Robin Stenvi
c81ad8fec0
Changes after review
2018-04-24 18:33:27 +02:00
William Vu
cfaca5baa3
Restore a return lost in the refactor :(
...
Also spiff up comments.
2018-04-24 11:25:55 -05:00
Auxilus
3353102dc1
fix opt dependencies
2018-04-24 21:55:09 +05:30
William Vu
a0f16b4a66
Prefer print_warning for consistency
2018-04-24 11:17:19 -05:00
William Vu
7ef8b99480
Improve printing in ETERNALBLUE's verify_arch
...
Now shows the invalid arch instead of showing nothing.
2018-04-24 11:09:54 -05:00
William Vu
b507391f1b
Change back to vprint_status for the nth time
...
I really couldn't decide, especially once I got rid of CmdStager.
Also fully document the module options.
2018-04-24 04:23:52 -05:00
William Vu
c8b6482ab0
Rewrite PHP targets to work with 7.x and 8.x
...
Win some, lose some. php -r spawns a new (obvious) command. :/
Check method and version detection also rewritten. :)
2018-04-24 03:38:05 -05:00
Brendan Coles
ef5272cdc6
Update tested versions
2018-04-23 20:28:24 +00:00
Brendan Coles
00583caadf
Add Libuser roothelper Privilege Escalation exploit
2018-04-23 17:49:11 +00:00
Wei Chen
f9a804e7d8
Bring the PR up to date
2018-04-23 08:52:05 -05:00
Robin Stenvi
60c6f970c1
Added base64 encoder for Ruby
2018-04-21 10:54:26 +02:00
William Vu
8be58d315c
Stop being lazy about badchar analysis
...
Badchars apply to all targets.
2018-04-20 19:30:38 -05:00
William Vu
5be4526085
Merge remote-tracking branch 'upstream/master' into feature/drupal
2018-04-20 18:42:15 -05:00
bwatters-r7
1c92134606
Land #9756 , Add lastore-daemon D-Bus Privilege Escalation exploit
...
Merge branch 'land-9756' into upstream-master
2018-04-20 15:45:37 -05:00
bwatters-r7
f12f6d54a5
Land #9862 , Post-exploitation module for meterpreter (Windows) to send wireless probe requests
...
Merge branch 'land-9862' into upstream-master
2018-04-20 14:32:01 -05:00
bwatters-r7
37a844bef0
Land # 9247, Add ASUS infosvr Auth Bypass Command Execution exploit
...
Merge branch 'land-9247' into upstream-master
2018-04-20 11:24:47 -05:00
William Vu
fcfe927b7a
Add PHP dropper functionality and targets
2018-04-19 05:11:21 -05:00
William Vu
62aca93d8b
Cache version detection and print only once
...
Oops. This is the problem with overloading methods.
2018-04-19 04:59:07 -05:00
William Vu
2670d06f99
Add in-memory PHP execution using assert()
2018-04-19 02:18:56 -05:00
William Vu
7a2cc991ff
Refactor once more with feeling
...
Nested conditionals are the devil. Printing should be consistent now.
2018-04-18 23:59:14 -05:00
William Vu
3d116d721d
Add version detection and automatic targeting
...
I also refactored error handling. Should be cleaner now.
2018-04-18 21:40:22 -05:00
William Vu
86ffbc753e
Refactor clean URL handling and remove dead code
2018-04-18 19:56:42 -05:00
Tim W
1547a47026
Land #9784 , add osx high sierra APFS password disclosure post module
2018-04-18 14:27:22 +08:00
Tim W
72cd97d3e4
minor documentation and comment tweaks
2018-04-18 14:22:32 +08:00
William Vu
1900aa2708
Refactor module and address review comments
2018-04-17 19:05:45 -05:00
Auxilus
f0b9ea635a
cleanup psexec code
2018-04-16 09:04:36 +05:30
Lars Sorenson
143fdde1f8
Flipped Safe and Appears in check
2018-04-15 12:10:10 -04:00
Lars Sorenson
60ac89c336
Restructure some logic to make the flow more intuitive
2018-04-14 15:03:12 -04:00
Lars Sorenson
36c1bf5453
Remove a missed tab
2018-04-14 10:30:49 -04:00
Lars Sorenson
083f6936fd
Update for @bcoles review
...
Refactor version checking to use Gem::Version
Change the title of the exploit to fit convention
Change print statements used in check to vprint
Change fail_with Failure for connection issues to be Unknown instead
of NoAccess
Add CVE reference
Refactor how some nil checking is done for response for
send_request_cgi
Text-wrap description to 80 chars
Remove unnecessary string interpolation for cookie in payload
delivery
Change how the payload cradle is escaped and encoded; switch to HTTP
POST for stealth
Remove nil check that is redundant and also typo'd to
2018-04-14 10:24:05 -04:00
Lars Sorenson
486ab7c776
Update for msftidy and contribution guidelines
2018-04-14 09:20:13 -04:00
Lars Sorenson
27ded57cda
Add MSF module for EDB 6768
2018-04-14 08:51:51 -04:00
William Vu
d8508b8d7d
Add Drupal Drupalgeddon 2
2018-04-14 00:22:30 -05:00
Chris Long
b282db3c6a
Fixing broken imports for keylog_recorder.rb and improving control chars
2018-04-12 02:08:53 -07:00
Adam Cammack
2a6acfd1d0
Land #9823 , Private IP leak via WebRTC
2018-04-11 17:37:56 -05:00
Borja Merino
2d33320921
Added a post-exploitation module to send wireless probe requests
2018-04-11 16:43:33 +02:00
Brendan Coles
154951cd37
minor update
2018-04-11 01:45:41 +10:00
Dhiraj Mishra
8be159bdc7
Fixing space-tab mixed
2018-04-10 20:45:38 +05:30
Dhiraj Mishra
7cbba34c83
Parsing IP address only
...
Changed title name and description, however few things still needs to fix.
2018-04-10 20:32:52 +05:30
Brendan Coles
fc7040099c
Update Linux sock_sendpage local exploit module
2018-04-10 11:15:42 +00:00
Tim W
ee6f83c281
match newfs_apfs regex
2018-04-10 14:45:14 +08:00
Aaron Soto
be18930f12
Cleaned up output, only querying for %WINDIR% if necessary
2018-04-09 15:27:50 -05:00
Auxilus
c07f2f1a09
Update run_as.rb
2018-04-09 21:24:16 +05:30
Auxilus
c34b796f13
Remove temp file from dist after cmd execution
...
https://github.com/rapid7/metasploit-framework/issues/9830
2018-04-09 20:14:01 +05:30
h00die
a473dd04a8
Land #9813 , Add etcd library and version scanner
2018-04-08 07:05:31 -04:00
gushmazuko
bd672ae148
Description changed
2018-04-08 12:00:14 +02:00
gushmazuko
1e439b623b
Description changed
2018-04-08 11:46:01 +02:00
Brent Cook
b55eb9b8f2
bump payloads, add Python UDP channel support
...
This pulls in Python UDP channel support from
https://github.com/rapid7/metasploit-payloads/pull/276
2018-04-07 14:21:30 -05:00
thecarterb
3f40f43609
Make final output more readable
2018-04-07 11:05:47 -04:00
Dhiraj Mishra
201cdfb189
Handling execption by MSFTIDY
2018-04-06 22:54:21 +05:30
Daniel Teixeira
37c578e16d
Update oscommerce_installer_unauth_code_exec.rb
2018-04-06 17:10:53 +01:00
Dhiraj Mishra
4e6afd49ed
Update browser_getprivateip.rb
2018-04-06 21:10:29 +05:30
Daniel Teixeira
dee01189ca
Update oscommerce_installer_unauth_code_exec.rb
2018-04-06 15:41:21 +01:00
Daniel Teixeira
50c3f53e03
Update oscommerce_installer_unauth_code_exec.rb
2018-04-06 14:39:45 +01:00
Daniel Teixeira
0c829a5c6b
Update oscommerce_installer_unauth_code_exec.rb
2018-04-06 14:35:33 +01:00
Daniel Teixeira
cbdb3a35b2
Update oscommerce_installer_unauth_code_exec.rb
2018-04-06 14:14:11 +01:00
Cantoni Matteo
c8544c3bc0
Add 'phpMyAdmin Authenticated Remote Code Execution' aux module - CVE-2016-5734
2018-04-06 14:57:07 +02:00
Dhiraj Mishra
f6cfcefbae
Some tweaks suggested by bcoles.
2018-04-06 17:44:43 +05:30
Daniel Teixeira
6698f1b64b
Update oscommerce_installer_unauth_code_exec.rb
2018-04-06 13:05:40 +01:00
Daniel Teixeira
806c72ebcb
Update and rename oscommerce.rb to oscommerce_installer_unauth_code_exec.rb
2018-04-06 11:29:29 +01:00
Daniel Teixeira
3efd17a801
Rename osCommerce.rb to oscommerce.rb
2018-04-06 10:46:00 +01:00
Daniel Teixeira
0d254b4e5c
Update osCommerce.rb
2018-04-06 10:40:28 +01:00
Dhiraj Mishra
582eb2e61c
Create browser_getprivateip.rb
2018-04-06 14:42:57 +05:30
Daniel Teixeira
b5681cb954
osCommerce Module
2018-04-05 20:28:14 +01:00
Brent Cook
81c78a51c2
Land #9794 , Added support for regional dialects
2018-04-05 12:56:07 -05:00
Spencer McIntyre
0a3bcf570c
Add the scanner/smb/impacket/dcomexec module
2018-04-04 17:34:41 -04:00
Jon Hart
63aabc00f1
etcd rubocop style
2018-04-04 11:01:38 -07:00
Jon Hart
a8c76638d3
Rename
2018-04-04 10:54:20 -07:00
Jon Hart
518e17118a
Add DisclosureDate
2018-04-04 10:52:47 -07:00
Jon Hart
a6c31aceb2
Refactor common etc capabilities; add separate version scanner
2018-04-04 10:48:27 -07:00
Chris Higgins
1fa40bfe3b
Land #8539 , ProcessMaker Plugin Upload exploit
2018-04-03 20:52:17 -05:00
bwatters-r7
0faf2f4e04
Land # 8007, Added NTDSgrab module to metasploit.
...
Merge branch 'land-8007' into upstream-master
2018-04-03 15:56:37 -05:00
bwatters-r7
d9039d43ef
Land #9734 , Remove unwanted 'pop RAX' from windows/x64/reverse_(win)http
2018-04-03 14:23:41 -05:00
bwatters-r7
e17be05e6a
Land #9595 , Add post module RID Hijacking on Windows
2018-04-03 14:12:34 -05:00
Brent Cook
8f7d9f3ac8
rename module
2018-04-03 13:44:55 -05:00
Brent Cook
19eef59f23
add disclosure date, fix target
2018-04-03 13:39:11 -05:00
Brent Cook
cd7831a2a3
An unforgettable luncheon
2018-04-03 13:39:11 -05:00
cbrnrd
0806c0725f
Fix some bugs with command exits
...
Also fix a bug in check()
2018-04-03 10:35:49 -04:00
Brendan Coles
dfb3a421fe
Remove require statement
2018-04-03 12:56:06 +00:00
Brent Cook
8c2138f13b
Land #9742 , QNX exploit improvements
2018-04-03 07:50:29 -05:00
Tim W
9f174e7323
msftidy
2018-04-03 16:10:41 +08:00
Tim W
7c3e5da450
add more credits/references
2018-04-03 14:59:00 +08:00
Tim W
c5039251a2
add CVE-2016-4655
...
rebase
2018-04-03 14:58:57 +08:00
Tim W
d465226d89
add loader
2018-04-03 14:44:54 +08:00
Tim W
cd1f4e1373
webkit apple safari trident exploit
2018-04-03 14:44:54 +08:00
Brendan Coles
d860d7af5b
require 'rex/tar'
2018-04-03 06:34:30 +00:00
Brent Cook
bd3c00dfd0
Land #9726 , add simple Rex::Tar wrapper for consistency with other archive types
2018-04-02 23:35:22 -05:00
Brent Cook
226ef160ff
Land #9748 , Convert the smbloris DoS into an external module
...
Help reliability and performance. This some Ruby-specific external module
tooling as a result as well.
2018-04-02 23:25:10 -05:00
Brent Cook
b445583a14
Land #9774 , use correct whitespace when patching python meterpreter
2018-04-02 23:07:36 -05:00
r4wd3r
d6dc0a2d4f
Adjust rid_hijack.rb code style with rubocop recommendations.
2018-04-03 04:57:41 +02:00
gushmazuko
11389a6d53
Fixed errors 2
2018-04-02 17:33:53 +02:00
gushmazuko
1327c0bb7e
Fixed errors
2018-04-02 17:21:16 +02:00
Brent Cook
fa34f3e0a4
Land #9718 , Add get_user_spns 'kerberoasting' module
2018-04-02 10:04:44 -05:00
cbrnrd
c401872af6
Fix some logic flaws and other review things
...
Also make the output more reliable
2018-03-30 19:20:20 -07:00
cbrnrd
76af9d5a15
Add apfs_encrypted_volume_passwd.rb
2018-03-29 23:47:45 -07:00
William Vu
e3e12ad924
Land #9782 , CheckCode::Safe for ms_ndproxy
2018-03-29 17:07:33 -05:00
Brent Cook
3a54f0d5f8
Land #9776 , if data is nil, stop reading the heartbleed socket
2018-03-29 11:23:08 -05:00
Brendan Coles
3aac041dcf
Return CheckCode::Safe for unsupported x64 systems
2018-03-29 12:03:33 +00:00
gushmazuko
922ed8c284
Slui File Handler Hijack LPE
...
Slui File Handler Hijack LPE
2018-03-29 00:15:03 +02:00
gushmazuko
69d9321e6b
Slui File Handler Hijack LPE
...
Slui File Handler Hijack LPE - MSF Module
UAC Bypass | Local Privilege Escalation Via Slui Hijack
2018-03-28 20:44:16 +02:00
Jon Hart
a1e83ce835
Land #9760 , @h00die's etcd scanner
2018-03-28 10:41:22 -07:00
Jon Hart
5cdfadd0df
Fix more style issues
2018-03-28 09:43:30 -07:00
Jon Hart
7767505678
Fix some style issues
2018-03-28 09:43:22 -07:00
Jacob Robles
a1fff486bc
Land #9666 , Add 2017-8917 RCE for Joomla 3.7.0
2018-03-28 11:08:38 -05:00
Jacob Robles
0fa63ae7b3
Update documentation and module
...
Included Super User in the documentation.
Implemented changes h00die suggested.
Modified sqli to generate strings used in regex.
2018-03-28 10:57:28 -05:00
h00die
c97743925f
jhart suggestions
2018-03-27 18:46:31 -04:00
Jeffrey Martin
288bd28d3a
if data is nil stop reading the heartbleed socket
2018-03-27 15:51:14 -05:00
Wei Chen
94fd599756
Land #9684 , Adding ManageEngine Application Manager RCE
...
Land #9684
2018-03-27 15:17:20 -05:00
William Vu
1f31bcd26f
Update telpho10_credential_dump
2018-03-27 14:57:57 -05:00
Wei Chen
0a0bef0c4f
Land #9633 , Exodus Wallet Remote Code Execution
...
Land #9633
2018-03-27 14:51:15 -05:00
Jeffrey Martin
7a76593e1c
update payload size cause whitespace is more exact
2018-03-27 14:38:17 -05:00
Wei Chen
8c88c53e5d
Land #9670 , Gitstack v2.3.10 RCE
...
Land #9670
2018-03-27 13:00:47 -05:00
Jacob Robles
26463b33a2
Land #9636 , Improve post module persistence_exe
2018-03-26 17:48:53 -05:00
Jacob Robles
57b048fbf7
Remove requires, changed in-place modification
2018-03-26 17:46:18 -05:00
William Vu
c19fc4c18f
Land #9423 , PSH for jenkins_xstream_deserialize
2018-03-26 17:09:16 -05:00
William Vu
862a3ff74d
Land #9618 , pipe auditing improvements
2018-03-26 17:01:48 -05:00
h00die
327b2176c0
change and
2018-03-26 17:35:58 -04:00
Andrew Morris
217dea60fc
Update blog link to up-to-date blog post
2018-03-26 15:43:10 -04:00
h00die
e462cb49a2
updated docs
2018-03-25 14:53:30 -04:00
h00die
d739a9a057
working etcd scanner
2018-03-25 13:54:55 -04:00
h00die
80c4d59560
Land #9702 exploit for clipbucket
2018-03-24 19:59:17 -04:00
h00die
0028e2c5ba
documentation update
2018-03-24 19:25:59 -04:00
Brendan Coles
9bb6e72020
Add lastore-daemon D-Bus Privilege Escalation exploit
2018-03-24 23:16:42 +00:00
Brendan Coles
fdd2af2d2a
Update tested versions
2018-03-24 00:23:12 +00:00
Adam Cammack
5ece14b064
Convert SMBLoris to an external module
2018-03-23 14:55:18 -05:00
Touhid M Shaikh
230c0a295f
Delete playsms_uploadcsv_exec.rb
2018-03-23 12:29:07 +05:30
William Vu
09cb4a52df
Update smb_ms17_010 scanner with PipeAuditor mixin
2018-03-22 15:37:45 -05:00
William Vu
e4c026fffd
Update pipe_auditor module with PipeAuditor mixin
2018-03-22 15:37:45 -05:00
Brendan Coles
9d28549e84
Update qnx_qconn_exec
2018-03-22 06:25:44 +00:00
Jacob Robles
8d0e3ada74
Change option names and module type
2018-03-21 06:49:50 -05:00
Jacob Robles
fc9005df8a
Add External License Support
2018-03-21 06:26:25 -05:00
Jacob Robles
8d12118d1f
Add get_user_spns external module and documentation
2018-03-21 06:26:15 -05:00
Touhid M Shaikh
a506efe0b6
playsms_uploadcsv_exec.rb
...
PlaySMS 1.4 Remote Code Execution using Phonebook import Function in import.php
2018-03-21 14:13:52 +05:30
Jacob Robles
ca7caae622
Change External Module Type Names
...
Change the a couple of external module type names
to be consistent with the template files.
2018-03-20 10:19:57 -05:00
Summus6
b865d4fee2
Fix CachedSize for windows/x64/reverse_(win)http(s) payloads
2018-03-20 11:27:43 +01:00
Brendan Coles
ac9f506b45
Update tested versions
2018-03-20 02:49:56 +00:00
Mehmet İnce
53eabfc1df
Update documentation and add check before exploit
2018-03-19 23:27:18 +03:00
Touhid M Shaikh
f012916742
Delete playsms_uploadcsv_exec.rb
2018-03-18 13:57:53 +05:30
Touhid M Shaikh
0e0fcdf727
PlaySMS 1.4 RCE
...
PlaySMS 1.4 Remote Code Execution using Phonebook import Function in import.php
2018-03-18 13:46:30 +05:30
Jeffrey Martin
4801021aba
Land #9613 , add bind_named_pipe x86
2018-03-17 15:53:06 -05:00
Brent Cook
44d5022380
Land #9529 , Add module for HP iLO CVE-2017-12542 authentication bypass
2018-03-16 16:50:54 -05:00
Brent Cook
d1722d507b
handle reset from the target on exploit
2018-03-16 16:46:50 -05:00
Brent Cook
65ae1e33e1
Land #9694 , move ssh platforms to lib
2018-03-16 12:49:57 -05:00
Jacob Robles
1b2f1ced02
Land #8422 , Typo3 News Module Sql Injection exploit
2018-03-15 10:55:04 -05:00
Jacob Robles
ba0d990273
Documentation added and Error Checks
2018-03-15 10:46:08 -05:00
Jacob Robles
9e23997c3d
Added Error Handling
2018-03-14 08:16:17 -05:00
Jacob Robles
1d51cf6d24
Implement Suggested Changes
2018-03-14 06:15:49 -05:00
Mehmet İnce
b55a750fa9
Fix typo and couple tiny nitpicks
2018-03-14 11:51:21 +03:00
Jacob Robles
64a51c1bd7
Save Credentials and IP
2018-03-13 08:47:08 -05:00
Mehmet İnce
889c914b3d
Updating documentation and minor code changes
2018-03-13 12:05:27 +03:00
Touhid M Shaikh
ea3378753b
syntax error fixed on 70 line
...
improve check payload was uploaded or not condition using AND condition on line 121
2018-03-13 14:15:03 +05:30
Tim W
39e2cddf70
update python payload cached size
2018-03-13 15:30:54 +08:00
Mehmet İnce
ec10a82c56
Make the rubocop happy
2018-03-13 09:44:13 +03:00
h00die
97dbc1273a
copy pasta
2018-03-12 20:14:08 -04:00
Mehmet İnce
2fd9b0b77b
Fixing rubocop errors
2018-03-13 01:40:01 +03:00
Brent Cook
1587b5b682
Land #9686 , add ipv6 to slowloris, rhost to non-scanner modules
2018-03-12 16:13:21 -05:00
Auxilus
ef515d256d
msftidy fixes
2018-03-13 00:34:25 +05:30
Auxilus
2c52498d4a
Update smb_ms17_010.rb
2018-03-13 00:28:37 +05:30
Auxilus
6e9a4916f5
scanner update
2018-03-13 00:23:18 +05:30
Ege Balcı
2950c84660
Better code.
...
Added check function.
Smaller & cleaner code.
2018-03-12 20:33:46 +03:00
Touhid M Shaikh
5e30982184
check fucktion and some words fixed
...
all changes done which is bcoles suggested
2018-03-12 21:03:34 +05:30
Brent Cook
d86dcbc237
Land #9632 , owa_login and auth_brute enhancements
2018-03-12 10:31:20 -05:00