rastating
4dce589bbe
Add WordPress Holding Pattern file upload module
2015-02-14 12:54:03 +00:00
jvazquez-r7
0372b08d83
Fix mixin usage on modules
2015-02-13 17:17:59 -06:00
sinn3r
b197b98ab9
Land #4759 , fix ms09_067_excel_featheader
2015-02-13 13:25:15 -06:00
jvazquez-r7
3ae3d56caa
Land #4745 , fixes #4711 , BrowserAutoPwn failing due to getpeername
2015-02-12 16:51:09 -06:00
jvazquez-r7
92422c7b9a
Save the output file on local_directory
2015-02-12 16:16:21 -06:00
Christian Mehlmauer
55f57e0b9b
Land #4746 , WordPress photo-gallery exploit
2015-02-12 22:24:12 +01:00
Christian Mehlmauer
bce7211f86
added url and randomize upload directory
2015-02-12 22:16:37 +01:00
sinn3r
05d2703a98
Explain why obfuscation is disabled
2015-02-12 14:00:01 -06:00
William Vu
9b10cd5655
Land #4755 , @todb-r7's release fixes
2015-02-12 13:16:08 -06:00
Tod Beardsley
c156ed62a9
on, not of.
2015-02-12 12:56:53 -06:00
Tod Beardsley
e35f603888
Comma fascism
2015-02-12 12:49:45 -06:00
Tod Beardsley
d89eda65fa
Moar fixes, thanks @wvu-r7
...
See #4755
2015-02-12 12:46:38 -06:00
Tod Beardsley
e78d08e20d
Fix up titles, descriptions
2015-02-12 12:11:40 -06:00
sinn3r
50c72125a4
::Errno::EINVAL, disable obfuscation, revoke ms14-064
2015-02-12 11:54:01 -06:00
jvazquez-r7
155651e187
Make filename shorter
2015-02-12 11:45:51 -06:00
jvazquez-r7
95bfe7a7de
Do minor cleanup
2015-02-12 11:45:51 -06:00
rastating
30f310321d
Added CVE reference
2015-02-12 11:45:51 -06:00
rastating
38ad960640
Add Maarch LetterBox file upload module
2015-02-12 11:45:51 -06:00
William Vu
309159d876
Land #4753 , updated ms14_070_tcpip_ioctl info
2015-02-12 09:57:29 -06:00
Spencer McIntyre
8ab469d3bd
Update ms14-070 module information and references
2015-02-12 09:51:01 -05:00
William Vu
b894050bba
Fix local/pxeexploit datastore
2015-02-11 12:19:56 -06:00
Brent Cook
f99ef5c0f5
fix msftidy warnings about towelroot module
2015-02-11 11:17:44 -06:00
rastating
cb1efa3edd
Improved error handling, tidied up some code
2015-02-11 10:16:18 +00:00
rastating
80a086d5f6
Add WordPress Photo Gallery upload module
2015-02-11 01:03:51 +00:00
sinn3r
d23c9b552f
Trade MS12-004 for MS13-090 against Windows XP BrowserAutoPwn
2015-02-10 18:58:56 -06:00
jvazquez-r7
29c68ef1ec
End fixing namespaces
2015-02-10 11:55:14 -06:00
jvazquez-r7
1f4fdb5d18
Update from master
2015-02-10 10:47:17 -06:00
jvazquez-r7
5687028f09
Land #4671 , @earthquake's exploit for achat buffer overflow
2015-02-09 17:50:09 -06:00
jvazquez-r7
6165d623ff
Change module filename
2015-02-09 17:39:55 -06:00
jvazquez-r7
eb0741d7a7
Modify reference
2015-02-09 17:39:18 -06:00
jvazquez-r7
86f3bcad11
Do minor cleanup
2015-02-09 17:33:05 -06:00
Balazs Bucsay
ac6879cfe1
proper payload encoding from now on
2015-02-09 23:36:35 +01:00
Balazs Bucsay
c7880ab4e1
hex strings related explanations
2015-02-09 23:21:38 +01:00
Balazs Bucsay
9891026d30
sleep changed to Rex::sleep
2015-02-09 22:33:41 +01:00
jvazquez-r7
81cad064ea
Land #4724 , @wchen-r7's AllowWin32SEH's change on alpha encoders
2015-02-09 11:01:00 -06:00
Brent Cook
af405eeb7d
Land #4287 , @timwr's exploit form CVS-2014-3153
2015-02-09 10:33:14 -06:00
jvazquez-r7
831a1494ac
Keep default behavior for modules forcing Msf::Encoder::Type::AlphanumUpper
2015-02-08 18:29:25 -06:00
jvazquez-r7
3e7e9ae99b
Keep default behavior for modules forcing Msf::Encoder::Type::AlphanumMixed
2015-02-08 18:22:11 -06:00
Christian Mehlmauer
6d46182c2f
Land #4570 , @rastating 's module for wp-easycart
2015-02-07 23:42:23 +01:00
Christian Mehlmauer
f2b834cebe
remove check because the vuln is unpatched
2015-02-07 23:38:44 +01:00
Christian Mehlmauer
d2421a2d75
wrong version
2015-02-07 23:34:19 +01:00
Christian Mehlmauer
56d2bc5adb
correct version number
2015-02-07 23:22:43 +01:00
rastating
345d5c5c08
Update version numbers to reflect latest release
2015-02-07 19:09:16 +00:00
jvazquez-r7
87775c6ee4
Fix description
2015-02-06 23:55:27 -06:00
jvazquez-r7
76387eebe0
Use File.open
2015-02-06 21:35:07 -06:00
jvazquez-r7
1ea4a326c1
Land #4656 , @nanomebia's fixes for sugarcrm_unserialize_exec
2015-02-06 16:42:01 -06:00
jvazquez-r7
e511f72ab4
Delete final check
...
* A session is the best proof of success
2015-02-06 16:34:34 -06:00
jvazquez-r7
f6933ed02c
Add module for EDB-35948
2015-02-06 11:05:29 -06:00
Tod Beardsley
036cb77dd0
Land #4709 , fixed up some datastore mangling
2015-02-05 21:22:38 -06:00
Spencer McIntyre
4e0a62cb3a
Land #4664 , MS14-070 Server 2003 tcpip.sys priv esc
2015-02-05 18:49:15 -05:00
Spencer McIntyre
a359fe9acc
Minor fixup on the ms14-070 module description
2015-02-05 18:41:58 -05:00
Spencer McIntyre
dc13446536
Forgot to comment ret instruction
2015-02-05 14:09:01 -05:00
Spencer McIntyre
5a39ba32f6
Make the ret instruction for token stealing optional
2015-02-05 14:00:38 -05:00
Spencer McIntyre
dabc163076
Modify the shellcode stub to save the process
2015-02-05 13:54:52 -05:00
Tod Beardsley
c633c710bc
Mostly caps/grammar/spelling, GoodRanking on MBAM
2015-02-05 12:36:47 -06:00
William Vu
b43522a2b8
Fix scadapro_cmdexe datastore
2015-02-05 02:54:03 -06:00
William Vu
a12d1244b9
Fix zenworks_helplauncher_exec datastore
2015-02-05 02:53:47 -06:00
William Vu
148ffaf55f
Fix real_arcade_installerdlg datastore
2015-02-05 02:53:38 -06:00
William Vu
a7156cf4a8
Fix zabbix_script_exec datastore
2015-02-05 02:53:22 -06:00
Spencer McIntyre
aebf5056ac
Dont compare a string to an integer
2015-02-04 16:55:43 -05:00
Tod Beardsley
47d4acd91d
Land #4605 , Malwarebytes fake update exploit
2015-02-04 10:28:17 -06:00
jvazquez-r7
fbf32669c6
Use single quote
2015-02-04 09:47:27 -06:00
julianvilas
de09559cc8
Change HTTP requests to succeed when going through HTTP proxies
2015-02-04 15:32:14 +01:00
jvazquez-r7
c366e7777d
Delete ternary operators
2015-02-03 17:43:00 -06:00
jvazquez-r7
c0e1440572
Land #4685 , @FireFart's module for Wordpress Platform Theme RCE
2015-02-03 17:35:59 -06:00
jvazquez-r7
28f303d431
Decrease timeout
2015-02-03 17:33:29 -06:00
jvazquez-r7
34717d166d
Fix typo
2015-02-03 17:12:54 -06:00
jvazquez-r7
a1c157a4db
Land #4609 , @h0ng10's module for Wordpress Pixabay Images PHP Code Upload
2015-02-03 17:01:32 -06:00
jvazquez-r7
eebee7c066
Do better session creation handling
2015-02-03 17:00:37 -06:00
jvazquez-r7
4ca4fd1be2
Allow to provide the traversal depth
2015-02-03 16:38:40 -06:00
jvazquez-r7
e62a5a4fff
Make the calling payload code easier
2015-02-03 16:23:04 -06:00
jvazquez-r7
61cdb5dfc9
Change filename
2015-02-03 16:13:10 -06:00
jvazquez-r7
82be43ea58
Do minor cleanup
2015-02-03 16:07:27 -06:00
jvazquez-r7
82eeec0946
Delete comments
2015-02-03 15:25:52 -06:00
jvazquez-r7
52616a069a
Add support for NTLMSSP
2015-02-03 15:25:02 -06:00
Tod Beardsley
b5794db973
Spelling
2015-02-03 14:10:47 -06:00
Tod Beardsley
edd5ec3b0d
Refactor and rename of @sgabe's module
...
Renamed because it's not just MBAM, and having malwarebytes in the name
is more memorable anyway.
This refactor's @sgabe's original module to prefer if/else over
unless/else, clearly labelling variables, and wrapping up discrete
functionality into specific methods, and adds an OSVDB and the original
discoverer's URL.
2015-02-03 14:08:25 -06:00
William Vu
d5c61c01f5
Land #4694 , uninit Rex::OLE fix
2015-02-02 05:33:40 -06:00
sinn3r
9112e70187
Fix #4693 - Uninit Rex::OLE in MS14-064 exploits
...
Fix #4693
2015-02-02 00:20:34 -06:00
jvazquez-r7
d211488e5d
Add Initial version
2015-02-01 19:47:58 -06:00
Christian Mehlmauer
2c956c0a0f
add wordpress platform theme rce
2015-01-31 22:02:44 +01:00
Julian Vilas
f983c8171e
Modify description to match both Struts 1.x and 2.x versions
2015-01-30 12:35:38 +01:00
Julian Vilas
1a11ae4021
Add new references about Struts 1
2015-01-29 23:27:52 +01:00
Balazs Bucsay
64ab11c6ba
Add Achat Beta v0.150 RCE for Win7/XPSP3
2015-01-29 23:20:31 +01:00
Julian Vilas
4cc5844baf
Add Struts 1 support
2015-01-29 23:12:34 +01:00
Jay Smith
6c529f8f6b
Addressed feedback from @OJ and @zeroSteiner
2015-01-29 11:57:03 -05:00
Nanomebia
d04fd3b978
Fixing Indentation
...
Small indentation fix
2015-01-29 13:03:19 +08:00
Jay Smith
064ca2d02e
Updated version checking
2015-01-28 18:25:30 -05:00
sinn3r
0f88d0ad75
Change print_* to vprint_*
...
According to our wiki doc, all print_* should be vprint_* for check()
2015-01-28 15:44:14 -06:00
James Lee
51764eb207
Add a check() for mssql_payload
2015-01-28 13:44:16 -06:00
Jay Smith
37c08128dc
Add in MS14-070 Priv Escalation for Windows 2003
2015-01-28 13:24:39 -05:00
Nanomebia
af90c6482b
Sanity Changes
...
Reverted failure behaviour on line 70
Removed a space that prevented line 98 from working as intended
2015-01-28 18:40:43 +08:00
Nanomebia
27c412341f
Syntax Changes
...
Cleaned up this statement a tiny bit
2015-01-28 18:34:19 +08:00
Nanomebia
fc3094ec9b
Syntax changes
...
Fixed some more syntax - failures
2015-01-28 18:30:21 +08:00
Nanomebia
321eb452c5
Syntax Fixes
...
Fixed some or's to || - and's to &&.
Fixed failure if statement (fails using fail_with())
Fixed nested else (now and elsif)
Changed final execute logic - checks for success rather than failure.
2015-01-28 18:08:15 +08:00
Nanomebia
fefc3d088c
Cookie fix and success display
...
Added handling for if the server doesn't correctly assign a cookie using
Set-Cookie by changing the regex and doing an additional check. Also
fixed the success display - changed the if statement to match others in
this module and fixed the text output based on server response.
2015-01-28 17:11:05 +08:00
sinn3r
bb9c961847
Change description a bit
2015-01-27 12:14:55 -06:00
sinn3r
2dedaee9ca
Working version after the upgrade
2015-01-27 12:02:36 -06:00
sinn3r
9e3388df34
Use BES for MS13-037 and default to ntdll
2015-01-27 00:18:36 -06:00
Tod Beardsley
bae19405a7
Various grammar, spelling, word choice fixes
2015-01-26 11:00:07 -06:00
sinn3r
f5916eba6d
Move modules/exploits/windows/misc/psh_web_delivery.rb
...
This module was scheduled to be removed on 10/23/2014.
Please use exploit/multi/script/web_delivery instead.
2015-01-26 00:28:40 -06:00
sinn3r
bbcc2eb07d
Move modules/exploits/windows/misc/pxecploit.rb
...
This module was scheduled to be removed on 10/31/2014.
Please use exploits/windows/local/pxeexploit instead.
2015-01-26 00:25:02 -06:00
sgabe
dbe5dd77e3
Enforce update to real versions
2015-01-25 10:53:14 +01:00
Gabor Seljan
2680e76e26
Remove wrong references
2015-01-25 00:17:30 +01:00
Hans-Martin Münch (h0ng10)
419fa93897
Add OSVDB and WPScan references
2015-01-23 09:27:42 +01:00
Hans-Martin Münch (h0ng10)
dfbbc79e0d
make retries a datastore option
2015-01-23 09:23:09 +01:00
Hans-Martin Münch (h0ng10)
11bf58e548
Use metasploit methods
2015-01-23 08:48:52 +01:00
jvazquez-r7
d8aa282482
Delete some double quotes
2015-01-22 18:21:25 -06:00
jvazquez-r7
4c72b096b6
Switch variable from file_name to operation
2015-01-22 18:20:11 -06:00
jvazquez-r7
b003d8f750
Do final cleanup
2015-01-22 18:17:14 -06:00
jvazquez-r7
911485f536
Use easier key name
2015-01-22 18:11:48 -06:00
jvazquez-r7
eff49b5fd3
Delete files with Rex::Java::Serialization
2015-01-22 17:59:43 -06:00
jvazquez-r7
37bf66b994
Install instaget with Rex::Java::Serialization
2015-01-22 16:54:49 -06:00
jvazquez-r7
20d7fe631e
Auto detect platform without raw streams
2015-01-22 15:15:08 -06:00
jvazquez-r7
ad276f0d52
Retrieve version with Rex::Java::Serialization instead of binary streams
2015-01-22 14:52:19 -06:00
jvazquez-r7
b61538e980
Land #4291 , @headlesszeke's module for ARRIS VAP2500 command execution
2015-01-21 20:52:31 -06:00
jvazquez-r7
33195caff2
Mark compatible payloads
2015-01-21 20:52:04 -06:00
jvazquez-r7
500d7159f1
Use PAYLOAD instead of CMD
2015-01-21 20:49:05 -06:00
jvazquez-r7
f37ac39b4c
Split exploit cmd vs exploit session
2015-01-21 20:46:37 -06:00
jvazquez-r7
e1d1ff17fd
Change failure code
2015-01-21 20:38:33 -06:00
jvazquez-r7
169052af5c
Use cookie option
2015-01-21 20:37:38 -06:00
jvazquez-r7
c866caac43
Randomize MLet name
2015-01-21 00:36:34 -06:00
jvazquez-r7
37ed1b1e62
Delete default values for datastore options
2015-01-21 00:14:46 -06:00
jvazquez-r7
a996efc807
Refactor exploit code
2015-01-21 00:07:00 -06:00
jvazquez-r7
2de2e657f0
Refactor get_mbean_server
2015-01-20 23:44:33 -06:00
jvazquez-r7
d90f856c00
Delete sock_server variable
2015-01-20 20:51:20 -06:00
jvazquez-r7
b792c0a5bf
Create exploit_mbean_server method
2015-01-20 20:44:10 -06:00
jvazquez-r7
0b2d65749b
Do better argument handling on Msf::Jmx::Mbean::ServerConnection
2015-01-20 18:46:09 -06:00
jvazquez-r7
b97c0fe398
Add Msf::Jmx::Util#extract_unicast_ref
2015-01-20 17:46:42 -06:00
jvazquez-r7
f7aaad1cf1
Delete some extraneous commas
2015-01-19 17:25:45 -06:00
jvazquez-r7
dbc77a2857
Land #4517 , @pedrib's exploit for ManageEngine Multiple Products Authenticated File Upload
...
* CVE-2014-5301
2015-01-19 17:23:39 -06:00
jvazquez-r7
6403098fbc
Avoid sleep(), survey instead
2015-01-19 17:22:04 -06:00
jvazquez-r7
a6e351ef5d
Delete unnecessary request
2015-01-19 17:14:23 -06:00
jvazquez-r7
ed26a2fd77
Avoid modify datastore options
2015-01-19 17:11:31 -06:00
jvazquez-r7
3c0efe4a7e
Do minor style changes
2015-01-19 15:36:05 -06:00
rastating
9d3397901b
Correct version numbers and code tidy up
2015-01-19 20:59:46 +00:00
jvazquez-r7
ddda0b2f4b
Beautify metadata
2015-01-19 14:59:31 -06:00
Hans-Martin Münch (h0ng10)
5813c639d1
Initial commit
2015-01-19 17:23:48 +01:00
sgabe
affc661524
Add module for CVE-2014-4936
2015-01-18 17:18:05 +01:00
jvazquez-r7
3a3e37ba6c
Refactor extract_mbean_server
2015-01-18 01:20:13 -06:00
jvazquez-r7
4247747fc5
Refactor extract_object
2015-01-18 01:13:00 -06:00
Brent Cook
a2a1a90678
Land #4316 , Meatballs1 streamlines payload execution for exploits/windows/local/wmi
...
also fixes a typo bug in WMIC
2015-01-16 11:16:22 -06:00
jvazquez-r7
d9c6c56779
Refactor extract_rmi_connection_stub
2015-01-15 23:15:30 -06:00
jvazquez-r7
2d2f26a0e3
Change method names for stream builders
2015-01-15 23:01:27 -06:00
jvazquez-r7
00117fc963
Do first and ugly refactoring
2015-01-15 21:18:03 -06:00
jvazquez-r7
4d35131f59
Provide description and authentication support
2015-01-15 17:57:35 -06:00
jvazquez-r7
2cd15d0155
Delete comments
2015-01-15 16:43:03 -06:00
jvazquez-r7
cab4787172
Add initial JMX module
2015-01-15 16:41:37 -06:00
Brent Cook
c1e604f201
Land #4562 : wchen-r7's CVE addition
2015-01-15 14:34:37 -06:00
Brent Cook
47cd5a3e59
Land #4562 , wchen-r7's Win8 NtApphelpCacheControl privilege escalation
2015-01-15 13:52:07 -06:00
sinn3r
09eaf80a90
Add CVE
2015-01-15 13:22:00 -06:00
sgabe
68dc3ce876
Minor code formatting
2015-01-15 19:33:08 +01:00
sinn3r
57904773e7
Configurable resource
2015-01-15 10:28:03 -06:00
Gabor Seljan
ef0be946b1
Use HttpServer instead of TcpServer
2015-01-15 10:39:17 +01:00
Pedro Ribeiro
3768cf0a69
Change version to int and add proper timestamp
2015-01-14 22:59:11 +00:00
jvazquez-r7
621cada2ac
Undo build_gc_call_data refactoring
2015-01-14 16:47:28 -06:00
sgabe
da0fce1ea8
Add module for CVE-2014-2206
2015-01-14 22:04:30 +01:00
rastating
8a89b3be28
Cleanup of various bits of code
2015-01-13 22:20:40 +00:00
Jon Hart
ac4eb3bb90
Land #4578 , @dlanner's fix for rails_secret_deserialization
2015-01-13 09:37:28 -08:00
David Lanner
c5cfc11d84
fix cookie regex by removing a space
2015-01-12 23:13:18 -05:00
rastating
8246f4e0bb
Add ability to use both WP and EC attack vectors
2015-01-12 23:30:59 +00:00
rastating
e6f6acece9
Add a date hash to the post data
2015-01-12 21:21:50 +00:00
sinn3r
7876401419
Land #4476 - Lexmark MarkVision Enterprise Arbitrary File Upload
2015-01-12 10:44:23 -06:00
sinn3r
34bbc5be90
print error message about limitation
2015-01-11 20:12:40 -06:00
rastating
ea37e2e198
Add WP EasyCart file upload exploit module
2015-01-10 21:05:02 +00:00
sinn3r
46d1616994
Hello ARCH_X86_64
2015-01-10 06:16:22 -06:00
sinn3r
3c8be9e36d
Just x86
2015-01-09 19:12:51 -06:00
sinn3r
74e8e057dd
Use RDL
2015-01-09 19:02:08 -06:00
Christian Mehlmauer
d4d1a53533
fix invalid url
2015-01-09 21:57:52 +01:00
Christian Mehlmauer
fd2307680d
Land #4550 , wp-symposium file upload
2015-01-09 21:55:02 +01:00
jvazquez-r7
d65ed54e0c
Check STARTUP_FOLDER option
2015-01-09 12:21:01 -06:00
jvazquez-r7
2c633e403e
Do code cleanup
2015-01-09 12:07:59 -06:00
jvazquez-r7
d52e9d4e21
Fix metadata again
2015-01-09 11:20:00 -06:00
jvazquez-r7
9dbf163fe7
Do minor style fixes
2015-01-09 11:17:16 -06:00
jvazquez-r7
8f09e0c20c
Fix metadata by copying the mysql_mof data
2015-01-09 11:15:32 -06:00
jvazquez-r7
da6496fee1
Test landing #2156 into up to date branch
2015-01-09 11:04:47 -06:00
sinn3r
ee5c249c89
Add EDB reference
2015-01-09 00:19:12 -06:00
sinn3r
75de792558
Add a basic check
2015-01-09 00:03:39 -06:00
sinn3r
4911127fe2
Match the title and change the description a little bit
2015-01-08 21:48:01 -06:00
sinn3r
b7b3ae4d2a
A little randomness
2015-01-08 21:25:55 -06:00
Jon Hart
e4547eb474
Land #4537 , @wchen-r7's fix for #4098
2015-01-08 17:57:16 -08:00
Jon Hart
f13e56aef8
Handle bracketed and unbracketed results, add more useful logging
2015-01-08 17:51:31 -08:00
Jon Hart
14db112c32
Add logging to show executed Java and result
2015-01-08 16:53:12 -08:00
sinn3r
b65013c5c5
Another update
2015-01-08 18:39:04 -06:00
sinn3r
b2ff5425bc
Some changes
2015-01-08 18:33:30 -06:00
sinn3r
53e6f42d99
This works
2015-01-08 17:57:14 -06:00
Pedro Ribeiro
c76aec60b0
Add OSVDB id and full disclosure URL
2015-01-08 23:29:38 +00:00
sinn3r
7ed6b3117a
Update
2015-01-08 17:18:14 -06:00
Brent Cook
fb5170e8b3
Land #2766 , Meatballs1's refactoring of ExtAPI services
...
- Many code duplications are eliminated from modules in favor of shared
implementations in the framework.
- Paths are properly quoted in shell operations and duplicate operations are
squashed.
- Various subtle bugs in error handling are fixed.
- Error handling is simpler.
- Windows services API is revised and modules are updated to use it.
- various API docs added
- railgun API constants are organized and readable now.
2015-01-08 16:54:01 -06:00
sinn3r
50ecfbf64c
Land #4553 - Update bypass UAC to work on 7, 8, 8.1, and 2012
2015-01-08 16:19:55 -06:00
jvazquez-r7
fa5cd928a1
Refactor exploit to use the mixin
2015-01-08 16:04:56 -06:00
rastating
82e6183136
Add Msf::Exploit::FileDropper mixin
2015-01-08 21:07:00 +00:00
rastating
93dc90d9d3
Tidied up some code with existing mixins
2015-01-08 20:53:56 +00:00
jvazquez-r7
873ade3b8a
Refactor exploit module
2015-01-08 14:52:55 -06:00
sinn3r
0e6c7181b1
"Stash" it
2015-01-08 14:13:14 -06:00
Meatballs
a9fee9c022
Fall back to runas if UAC disabled
2015-01-08 11:07:57 +00:00
William Vu
ea793802cc
Land #4528 , mantisbt_php_exec improvements
2015-01-08 04:50:00 -06:00
OJ
844460dd87
Update bypass UAC to work on 8.1 and 2012
...
This commit contains a bunch of work that comes from Meatballs1 and
Lesage, and updates the bypassuac_inject module so that it works on
Windows 8.x and Windows 2012. Almost zero of the code in this module
can be attributed to me. Most of it comes from Ben's work.
I did do some code tidying, adjustment of style, etc. but other than
that it's all down to other people.
2015-01-08 15:39:19 +10:00
rastating
7b92c6c2df
Add WP Symposium Shell Upload module
2015-01-07 22:02:39 +00:00
Meatballs
0b0ac1455a
Merge remote-tracking branch 'upstream/master' into extapi_service_post
...
Conflicts:
test/modules/post/test/services.rb
2015-01-07 20:53:34 +00:00
sinn3r
ef97d15158
Fix msftidy and make sure all print_*s in check() are vprint_*s
2015-01-07 12:12:25 -06:00
James Lee
3e80efb5a8
Land #4521 , Pandora FMS upload
2015-01-07 11:13:57 -06:00
James Lee
1ccef7dc3c
Shorter timeout so we get shell sooner
...
The request to execute our payload will never return, so waiting for the
default timeout (20 seconds) is pointless.
2015-01-07 11:11:33 -06:00
sinn3r
4c240e8959
Fix #4098 - False negative check for script_mvel_rce
...
Fix #4098 , thanks @arnaudsoullie
2015-01-07 10:40:58 -06:00
sinn3r
c60b6969bc
Oh so that's it
2015-01-07 10:39:46 -06:00
James Lee
efe83a4f31
Whitespace
2015-01-07 10:19:17 -06:00
Christian Mehlmauer
09bd0465cf
fix regex
2015-01-07 11:54:55 +01:00
rcnunez
b3def856fd
Applied changes recommended by jlee-r7
...
used Rex::ConnectionError
refactor begin/rescue blocks
removed ::URI::InvalidURIError
changed @peer with peer
used Exploit::CheckCode:Appears instead of Exploit::CheckCode::Vulnerable
2015-01-07 18:38:19 +08:00
Christian Mehlmauer
eaad4e0bea
fix check method
2015-01-07 11:01:08 +01:00
Christian Mehlmauer
862af074e9
fix bug
2015-01-07 09:10:50 +01:00
Christian Mehlmauer
d007b72ab3
favor include? over =~
2015-01-07 07:33:16 +01:00
Christian Mehlmauer
4277c20a83
use include?
2015-01-07 06:51:28 +01:00
Christian Mehlmauer
39e33739ea
support for anonymous login
2015-01-07 00:08:04 +01:00
Christian Mehlmauer
bf0bdd00df
added some links, use the res variable
2015-01-06 23:25:11 +01:00
sinn3r
2ed05869b8
Make Msf::Exploit::PDF follow the Ruby method naming convention
...
Just changing method names.
It will actually also fix #4520
2015-01-06 12:42:06 -06:00
Christian Mehlmauer
f9f2bc07ac
some improvements to the mantis module
2015-01-06 11:33:45 +01:00
William Vu
f2710f6ba7
Land #4443 , BulletProof FTP client exploit
2015-01-06 02:10:42 -06:00
William Vu
482cfb8d59
Clean up some stuff
2015-01-06 02:10:25 -06:00
Meatballs
dd5c638ab0
Merge remote-tracking branch 'upstream/master' into extapi_service_post
2015-01-05 22:18:44 +00:00
sinn3r
44dfa746eb
Resolve #4513 - Change #inspect to #to_s
...
Resolve #4513
2015-01-05 11:50:51 -06:00
rcnunez
547b7f2752
Syntax and File Upload BugFix
...
Fix unexpected ) in line 118
Fix file cleanup missing _
Fix more robust version check script
Fix file upload
2015-01-05 19:23:22 +08:00
Pedro Ribeiro
c9b76a806a
Create manageengine_auth_upload.rb
2015-01-04 17:05:53 +00:00
Tim
c959d42a29
minor tweak
2015-01-03 10:15:52 +00:00
sinn3r
d45cdd61aa
Resolve #4507 - respond_to? + send = evil
...
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.
Resolve #4507
2015-01-02 13:29:17 -06:00
sinn3r
3c755a6dfa
Template
2015-01-02 11:31:28 -06:00
Tod Beardsley
c1718fa490
Land #4440 , git client exploit from @jhart-r7
...
Also fixes #4435 and makes progress against #4445 .
2015-01-01 13:18:43 -06:00
Tod Beardsley
d7564f47cc
Move Mercurial option to advanced, update ref url
...
See #4440
2015-01-01 13:08:36 -06:00
Tod Beardsley
914c724abe
Rename module
...
See rapid7#4440
2015-01-01 13:03:17 -06:00
Jon Hart
65977c9762
Add some more useful URLs
2014-12-31 10:54:04 -08:00
Tod Beardsley
264d3f9faa
Minor grammar fixes on modules
2014-12-31 11:45:14 -06:00
Spencer McIntyre
6d966dbbcf
Land #4203 , @jvazquez-r7's cleanup for java_rmi_server
2014-12-31 11:25:19 -05:00
sinn3r
48919eadb6
Land #4444 - i-FTP BoF
2014-12-30 12:38:28 -06:00
Christian Mehlmauer
96fe693c54
update drupal regex
2014-12-30 09:12:39 +01:00
jvazquez-r7
d2af956b16
Do minor cleanups
2014-12-29 10:39:51 -06:00
jvazquez-r7
9f98fd4d87
Info leak webapp ROOT so we can cleanup
2014-12-27 08:47:51 -06:00
jvazquez-r7
5afd2d7f4b
Add module for ZDI-14-410
2014-12-26 20:40:28 -06:00
jvazquez-r7
655cfdd416
Land #4321 , @wchen-r7's fixes #4246 ms01_026_dbldecode undef method
2014-12-26 12:48:29 -06:00
Jon Hart
51049152b6
Use Rex::Text.rand_mail_address for more realistic fake commit
2014-12-26 10:39:52 -08:00
jvazquez-r7
c1b0385a4b
Land #4460 , @Meatballs1's ssl cert validation bypass on powershell web delivery
2014-12-26 12:07:45 -06:00
jvazquez-r7
2bed52dcd5
Land #4459 , @bcoles's ProjectSend Arbitrary File Upload module
2014-12-26 11:28:42 -06:00
jvazquez-r7
b5b0be9001
Do minor cleanup
2014-12-26 11:24:02 -06:00
jvazquez-r7
121c0406e9
Beautify restart_command creation
2014-12-24 15:52:15 -06:00
jvazquez-r7
43ec8871bc
Do minor c code cleanup
2014-12-24 15:45:38 -06:00
jvazquez-r7
92113a61ce
Check payload
2014-12-24 15:43:49 -06:00
jvazquez-r7
36ac0e6279
Clean get_restart_commands
2014-12-24 14:55:18 -06:00
jvazquez-r7
92b3505119
Clean exploit method
2014-12-24 14:49:19 -06:00
jvazquez-r7
9c4d892f5e
Use single quotes when possible
2014-12-24 14:37:39 -06:00
jvazquez-r7
bbbb917728
Do style cleaning on metadata
2014-12-24 14:35:35 -06:00
jvazquez-r7
af24e03879
Update from upstream
2014-12-24 14:25:25 -06:00
Gabor Seljan
0b85a81b01
Use REXML to generate exploit file
2014-12-24 19:23:28 +01:00