6d9bf83ded
Small fixes for the recent WP MailPoet module
...
Correct casing in the title
Anchor the use of ::File
Force body.to_s since it can be nil in corner cases
2014-07-05 13:17:23 -05:00
98a82bd145
Land #3486 , @brandonprry's exploit for CVE-2014-4511 gitlist RCE
2014-07-04 16:41:04 -05:00
59881323b9
Clean code
2014-07-04 16:40:16 -05:00
a33a6dc79d
add bash to requiredcmd
2014-07-03 16:52:52 -05:00
806f26424c
&& not and
2014-07-03 16:50:21 -05:00
6fb2fc85a0
address @jvasquez-r7 review points
2014-07-03 16:43:01 -05:00
2efa3d6bc0
Land #3487 , @FireFart's exploit for WordPress MailPoet file upload
2014-07-03 14:34:58 -05:00
f1b7a9f421
Land #3488 - loot storage into the enum_services post module
2014-07-03 14:18:16 -05:00
79c433e7ea
Land #3480 - Oracle Event Processing FileUploadServlet Arbitrary File Upload
2014-07-03 14:09:12 -05:00
c207d14d1f
Update description
2014-07-03 14:08:31 -05:00
97a6b298a8
Use print_warning
2014-07-03 13:38:20 -05:00
dcba357ec3
implement feedback
2014-07-03 20:27:08 +02:00
2c999d3099
Better describe the problem
2014-07-03 13:06:19 -05:00
9aa3c75234
Do something for the shut-everything-up event handling practice
2014-07-03 13:04:56 -05:00
8a513058f6
Fix comments
2014-07-03 12:59:10 -05:00
ebeb9880a6
Favor "unless" over "if" for negative conditions
...
Please refer to https://github.com/bbatsov/ruby-style-guide
2014-07-03 12:55:13 -05:00
1d828a951f
string interpolation is preferred over concatenation
...
Please refer to https://github.com/bbatsov/ruby-style-guide
2014-07-03 12:46:56 -05:00
b781b87d74
Avoid unnecessary "if not"
2014-07-03 12:44:17 -05:00
86a31b1896
Update gitlist_exec.rb
2014-07-03 12:40:37 -05:00
aeb4fff796
Added FileDropper
2014-07-03 19:25:31 +02:00
51695c4932
Land #2484 , @zeroSteiner's refactoring for CmdStager
2014-07-03 11:33:46 -05:00
b15297eee0
Land #3490 , @Meatballs1 tns listener verbose output
2014-07-03 16:20:38 +02:00
5e0211016d
Merge to solve conflicts
2014-07-03 09:16:04 -05:00
071f236946
Changed check method
2014-07-02 22:31:02 +02:00
a58ff816c5
Changed check method
2014-07-02 22:29:00 +02:00
90df0f1bb5
Land #3489 - Add verbosity to Jenkins Enum
2014-07-02 14:40:25 -05:00
ecba95644d
Land #3473 - skype post module to extract password hash
2014-07-02 14:34:10 -05:00
e5b441314c
removed wrong edit ...
2014-07-02 21:33:49 +02:00
8f55af5f9d
UPnP check included
2014-07-02 21:28:39 +02:00
ac2e84bfd6
check included
2014-07-02 21:24:50 +02:00
c6675a2900
Add verbosity to Jenkins Enum
2014-07-02 13:25:18 -04:00
9981a60b27
Add loot storage into the enum_service post module
2014-07-02 17:56:16 +01:00
83abf4b523
Add loot storage into the enum_service post module
2014-07-02 17:48:48 +01:00
40175d3526
added check method
2014-07-02 11:07:58 +02:00
54a28a103c
Updated description
2014-07-02 10:49:28 +02:00
1ff549f9c1
Replaced Tab
2014-07-02 10:35:30 +02:00
09131fec28
Added wysija file upload exploit
2014-07-02 10:24:27 +02:00
21f6e7bf6c
Change description
2014-07-01 10:44:21 -05:00
449fde5e7c
Description update
2014-07-01 10:26:52 -05:00
c43006f820
Update cogent module description, fix msftidy warnings
2014-07-01 10:06:33 -05:00
d341fc20a8
switch to use file? instead of stat
2014-07-01 00:58:17 -04:00
db6524106e
one more typo, last one I swear
2014-06-30 22:33:19 -05:00
d7dfa67e94
typo
2014-06-30 20:15:25 -05:00
acedf5e847
Update gitlist_exec.rb
...
Fix EDB ref and no twitter handles.
2014-06-30 20:12:08 -05:00
ecc1b08994
Create gitlist_exec.rb
...
This adds a metasploit module for CVE-2014-4511
2014-06-30 20:10:24 -05:00
bf9c64d3ee
Land #3483 , @hmoore-r7's title change for ipmi_cipher_zero
2014-06-30 17:31:12 -05:00
cf720a88e8
Be verbose about error codes
2014-06-30 19:10:03 +01:00
f8ef6c50b4
Land #3470 , Cerberus SFTP User Enumeration
2014-06-30 19:01:15 +01:00
94c5a0b603
More verbose around connection errors
2014-06-30 18:56:30 +01:00
183d601aae
Small tidyup
2014-06-30 18:17:49 +01:00
004afa6e0c
Clean commit of Cerberus FTP User Enumeration Module
2014-06-30 17:53:46 +01:00
72d8d8a40c
RAKP defines auth, not cipher-0 bypass, see below.
...
Dan Farmer noted that the RAKP reference in the title was not correct
and that RAKP is a separate issue and protocol implementation than
the use of Cipher Zero to perform an authentication bypass.
Cosmetic only change
2014-06-30 00:52:40 -05:00
1acd5e76cb
Add check code for event processing 12
2014-06-29 15:47:57 -05:00
a94396867c
Add module for ZDI-14-106, Oracle Event Processing
2014-06-29 15:44:20 -05:00
faa9c11450
Dont deregister an option that is in use
2014-06-28 18:22:17 -04:00
748589f56a
Make cmdstager flavor explicit or from info
...
Every module that uses cmdstager either passes the flavor
as an option to the execute_cmdstager function or relies
on the module / target info now.
2014-06-28 17:40:49 -04:00
bd49d3b17b
Explicitly use the echo stager and deregister options
...
Certain modules will only work with the echo cmd stager so
specify that one as a parameter to execute_cmdstager and
remove the datastore options to change it.
2014-06-28 16:21:08 -04:00
42ac3a32fe
Multi-fy two new linux/http/dlink exploits
2014-06-27 08:40:27 -04:00
41d721a861
Update two modules to use the new unified cmdstager
2014-06-27 08:34:57 -04:00
952c935730
Use a semi-intelligent OptEnum for CMDSTAGER::FLAVOR
2014-06-27 08:34:57 -04:00
219153c887
Raise NotImplementedError and let :flavor be guessed
2014-06-27 08:34:56 -04:00
4d4c5e5d6e
Update two modules to use the new cmd stager
2014-06-27 08:34:56 -04:00
45248dcdec
Add YARD documentation for methods
2014-06-27 08:34:56 -04:00
870fa96bd4
Allow quotes in CmdStagerFlavor metadata
2014-06-27 08:34:56 -04:00
91e2e63f42
Add CmdStagerFlavor to metadata
2014-06-27 08:34:55 -04:00
dd7b2fc541
Use constants
2014-06-27 08:34:55 -04:00
9e413670e5
Include the CMDStager
2014-06-27 08:34:55 -04:00
d47994e009
Update modules to use the new generic CMDstager mixin
2014-06-27 08:34:55 -04:00
8bf36e5915
AutoDetection should work
2014-06-27 08:34:55 -04:00
778f34bab6
Allow targets and modules to define compatible stagers
2014-06-27 08:34:55 -04:00
7ced5927d8
Use One CMDStagermixin
2014-06-27 08:34:55 -04:00
2a442aac1f
No long needs to extend bourne, and specify a flavor.
2014-06-27 08:34:55 -04:00
1a392e2292
Multi-fy the hyperic_hq_script_console exploit.
2014-06-27 08:34:55 -04:00
80bdf750e9
Multi-fy the new printf stager and add to sshexec.
2014-06-27 08:34:55 -04:00
ae25c300e5
Initial attempt to unify the command stagers.
2014-06-27 08:34:55 -04:00
a60dfdaacb
Land #3471 - HP AutoPass License Server File Upload
2014-06-26 14:34:32 -05:00
ce5d3b12e7
Land #3403 - MS13-097 Registry Symlink IE Sandbox Escape
2014-06-26 13:48:28 -05:00
0b6f7e4483
Land #3404 - MS14-009 .NET Deployment Service IE Sandbox Escape
2014-06-26 11:45:47 -05:00
6075c795e9
Land #3467 - failure message for nil payload
2014-06-26 11:12:37 -05:00
9b35b0e13a
Revert "Land #3446 -- Meterpreter bins gem switch" due to build failures
...
This reverts commit bba8bd3498002234993f
2014-06-25 13:24:07 -05:00
920bd1132e
replace manual packing with rex version
2014-06-25 00:16:28 -04:00
3ed7050b67
Lands 3420 after wrapping most lines at 80
2014-06-24 17:37:43 -05:00
3fe162a8b1
wraps most lines at 80
2014-06-24 17:36:10 -05:00
bba8bd3498
Land #3446 -- Meterpreter bins gem switch
2014-06-25 03:00:11 +10:00
002234993f
SMB lib fixes, unattend.xml cred gathering
2014-06-23 20:08:42 -05:00
615aeb66a5
Dont use or
2014-06-23 23:11:04 +01:00
752007848b
Tidy up code
...
Dont rescue Exception
Remove eol spaces
Dont use and
More verbose path
2014-06-23 23:08:33 +01:00
2772d84a18
Major rework of this module, please see the diff
2014-06-23 16:13:42 -05:00
86869f0a81
remove extra parenthesis
2014-06-23 17:10:31 -04:00
8e37aea7c2
remove use of Q in packing and unpacking
2014-06-23 16:52:53 -04:00
a7d00f8144
simplify SHA1 code
2014-06-23 15:39:06 -04:00
77620193a1
remove character restriction on aes.final call
2014-06-23 15:37:19 -04:00
2d0b4b96ee
remove verbose exit if no salt found
2014-06-23 15:34:07 -04:00
275d8826bd
skype post module to extract password hash
2014-06-23 15:16:50 -04:00
a0aca251f5
Land #3472 , releae fixes
2014-06-23 11:41:35 -05:00
0219c4974a
Release fixups, word choice, refs, etc.
2014-06-23 11:17:00 -05:00
267642aa4b
Fix description
2014-06-23 09:20:47 -05:00
cc3c06440f
Add module for ZDI-14-195, HP AutoPass License Traversal
2014-06-23 09:19:56 -05:00
40d1ec551e
Add WEP, PSK, and MGT
2014-06-21 23:15:20 -05:00
61f4c769eb
Land #3461 , Chromecast factory reset module
2014-06-21 17:43:31 -04:00
79bf80e6bf
Add generic error handling
...
Just in case a factory reset happens to fail.
2014-06-21 15:35:03 -05:00
469fae7058
Land #3465 , @hmoore-r7's module for SMC IPMI Port 49152 file exposure vulnerability
2014-06-20 17:22:28 -05:00
252d917bbb
Fix msftidy and favor && over and
2014-06-20 17:21:10 -05:00
e8b914a62f
Download rankings for reliable exploit, but depending on a specific version without autodetection
2014-06-20 14:33:02 -05:00
191c871e9b
[SeeRM #8815 ] Dont try to exploit when generate_payload_exe fails
2014-06-20 14:07:49 -05:00
f0d04fe77e
Do some randomizations
2014-06-20 11:38:10 -05:00
f26f8ae5db
Change module filename
2014-06-20 11:27:49 -05:00
33eaf643aa
Fix usage of :concat_operator operator
2014-06-20 11:27:23 -05:00
5542f846d6
Merge to solve conflicts
2014-06-20 11:24:08 -05:00
4203e75777
Land #3408 , @m-1-k-3's exploit for D-Link hedwig.cgi OSVDB 95950
2014-06-20 10:27:32 -05:00
f74594c324
Order metadata
2014-06-20 10:26:50 -05:00
a081beacc2
Use Gem::Version for string versions comparison
2014-06-20 09:44:29 -05:00
5d6b582adc
Update modules to use new path.
2014-06-19 18:44:19 -05:00
45dc197827
Lands 3454, exploits/linux/ids/alienvault_centerd_soap_exec
2014-06-19 15:58:33 -05:00
d28ced5b7b
change module filename
2014-06-19 15:56:55 -05:00
a0386f0797
Fix cmd_concat_operator
2014-06-19 15:52:55 -05:00
fa5fc724eb
Fix the disclosure date
2014-06-19 15:36:17 -05:00
f7fd17106a
Add the final cari.net URL
2014-06-19 15:33:06 -05:00
86f523f00c
concator handling
2014-06-18 18:15:58 +02:00
075eec39e1
Add Chromecast factory reset module
2014-06-18 10:04:17 -05:00
45ea59050c
Fix the if cleanup
2014-06-17 23:40:00 -05:00
288430d813
wraps some long lines
2014-06-17 22:30:28 -05:00
c685e0d06e
Land #3444 , chromecast wifi enumeration
2014-06-17 22:09:58 -04:00
5879ca3340
Merge branch 'upstream/master' into meatballs x64_injection
2014-06-18 10:24:33 +10:00
bab1e30557
Land #3460 , Ericom AccessNow Server BOF exploit
2014-06-17 19:10:34 -05:00
9af9d2f5c2
slight cleanup
2014-06-17 19:08:31 -05:00
1133332702
Finish module
2014-06-17 15:01:35 -05:00
1394ad1431
Break my double quote habit
...
Doesn't it feel better? C doesn't love me anymore.
2014-06-17 14:22:55 -05:00
8f8af0e93a
Add draft version
2014-06-17 14:21:49 -05:00
03fa858089
Added newline at EOF
2014-06-17 21:05:00 +02:00
8e1949f3c8
Added newline at EOF
2014-06-17 21:03:18 +02:00
8376b4aa2b
Map constants to readable values
...
Thanks, @zeroSteiner and @kernelsmith. :)
2014-06-17 13:10:08 -05:00
b710014ece
Land #3435 -- Rocket Servergraph ZDI-14-161/162
2014-06-17 18:06:03 +10:00
508998263b
removed wrong module file
2014-06-17 08:57:46 +02:00
6f45eb13c7
moved module file
2014-06-17 08:56:07 +02:00
a5eed71d50
renamed and other module removed
2014-06-17 08:50:09 +02:00
e908b7bc25
renamed and other module removed
2014-06-17 08:49:46 +02:00
f464c5ee97
dlink msearch commmand injection
2014-06-16 22:12:15 +02:00
d44d409ff2
Land #3407 , @julianvilas's exploit for Java JDWP RCE
2014-06-16 13:38:51 -05:00
6a780987d5
Do minor cleanup
2014-06-16 13:37:44 -05:00
f7b892e55b
Add module for AlienVault's ZDI-14-202
2014-06-16 12:10:30 -05:00
19da7d551e
Kill newline (race @wvu-r7 on this)
...
See PR #3453
2014-06-16 11:46:08 -05:00
2aa26fa290
Minor spacing and word choice fixups
2014-06-16 11:40:21 -05:00
461fba97d7
Update forgotten call to js() in webview exploit.
2014-06-15 23:43:05 -05:00
5fe8814af6
Land #3330 adding admin check to smb_login
2014-06-15 14:42:26 -05:00
caa1e10370
Add feature for disabling Java Security Manager
2014-06-15 20:35:19 +02:00
12ec785bdb
clean up, echo stager, concator handling
2014-06-14 17:37:09 +02:00
8eb21ded97
clean up
2014-06-14 17:02:55 +02:00
9b43749916
Land #3418 - android adobe reader addjisf pdf exploit
...
Merge branch 'landing-3418' into upstream-master
2014-06-14 11:25:29 +01:00
2fe7593559
Land #3433 , @TecR0c's exploit for Easy File Management Web Server
2014-06-13 09:54:12 -05:00
HD Moore
jvazquez-r7
Brandon Perry
sinn3r
Christian Mehlmauer
Michael Messner
Rob Fuller
Your Name
Meatballs
attackdebris
Spencer McIntyre
Chris Doughty
Joshua Smith
OJ
William Vu
Tod Beardsley
joev
scriptjunkie
Julian Vilas
Tim Wright