Commit Graph

23005 Commits (fd1681edd9dfb041871ace9d69220d12d0089843)

Author SHA1 Message Date
Brent Cook 51a18b68fe
Land #9211, handle 2016 DC's with hashdump gracefully 2017-11-29 17:26:33 -06:00
Tim W 58897bf2fc msftidy 2017-11-29 16:36:50 +08:00
Tim W 7f1f7281f1 add local exploit for osx root login with no password 2017-11-29 16:06:02 +08:00
bwatters-r7 244acc48b6
Land #9212, pfsense group member exec module 2017-11-27 11:27:29 -06:00
Brent Cook 2c6cfabbc3
Land #8948, allow configuring payload HTTP headers for domain fronting 2017-11-25 10:08:22 -06:00
Brent Cook 8645a518b3 add mettle support for custom headers 2017-11-24 20:27:34 -06:00
vipzen 0d79a3a3e2 Add support to Windows .NET Server 2017-11-23 08:35:55 -02:00
Adam Cammack 778e69f929
Land #9229, Randomize slowloris HTTP headers 2017-11-22 14:42:24 -06:00
attackdebris ae43883e2b Fix mongodb_login typo 2017-11-22 08:03:12 -05:00
Jon Hart 879db5cf38
Land #9050, @mpizala's improvements to the docker_daemon_tcp module 2017-11-21 17:13:24 -08:00
Matthew Kienow 785e5944d6
Enhanced slowloris HTTP headers and minor cleanup 2017-11-21 18:19:20 -05:00
Matthew Kienow b6c81e6da0
Reimplement slowloris as external module 2017-11-21 16:21:01 -05:00
Daniel Teixeira db2bd22d86
Update slow_loris.rb 2017-11-21 15:49:45 -05:00
Matthew Kienow e07fe77a69
Close sockets to resolve file handle error 2017-11-21 15:49:45 -05:00
Daniel Teixeira 52f56527d8
Update slow_loris.rb 2017-11-21 15:49:45 -05:00
Daniel Teixeira 74becb69e8
Update slow_loris.rb 2017-11-21 15:49:45 -05:00
Daniel Teixeira b7bc68c843
Update slow_loris.rb 2017-11-21 15:49:44 -05:00
Daniel Teixeira 53123d92e2
Update slow_loris.rb 2017-11-21 15:49:44 -05:00
Daniel Teixeira 21a6d0bd6e
Update slow_loris.rb 2017-11-21 15:49:44 -05:00
Daniel Teixeira 60878215e0
Update slow_loris.rb 2017-11-21 15:49:43 -05:00
Daniel Teixeira 9457359b11
Update slow_loris.rb 2017-11-21 15:49:43 -05:00
Daniel Teixeira 29017b8926
Update slow_loris.rb 2017-11-21 15:49:43 -05:00
Daniel Teixeira f79b41edde
Slow Loris 2017-11-21 15:48:11 -05:00
Brent Cook a7932ffe0e fix sizes 2017-11-21 14:31:14 -06:00
Brent Cook 4050985649
update payloads 2017-11-21 13:53:33 -06:00
Brent Cook 1fd7f7c8bc prefix MeterpreterUserAgent and PayloadProxy* with Http for consistency,
this also adds aliases where needed
2017-11-21 13:47:19 -06:00
h00die dd8238d146 rubocop got a donut 2017-11-20 20:08:28 -05:00
Adam Cammack dd57138423
Make external module read loop more robust
Changes from a "hope we get at most one message at a time" model to
something beginning to resemble a state machine. Also logs error output
and fails the MSF module when the external module fails.
2017-11-20 16:52:05 -06:00
h00die 579d012fa2 spelling 2017-11-19 08:36:27 -05:00
h00die b7f7afb3be version detect, 2.2.6 handling 2017-11-19 08:28:07 -05:00
h00die f8891952c6 pfsense group member exec module 2017-11-15 21:00:58 -05:00
Adam Cammack c740f4369c
Land #9197, Cleanup Mako Server exploit 2017-11-15 15:01:31 -06:00
Adam Cammack 4219959c6d
Bump ranking to Excellent 2017-11-15 15:00:47 -06:00
bwatters-r7 83c228f3b8
Make rubocop less mad 2017-11-15 14:06:36 -06:00
bwatters-r7 33a07beb30
Fix whitespace issues 2017-11-15 12:26:49 -06:00
bwatters-r7 53a068d13f Add error handling for failed hashdumps 2017-11-15 11:08:35 -06:00
David Maloney 8b9e091e70 remove humorous typo 2017-11-15 11:08:25 -06:00
David Maloney 7162765b57 load extapi in domain_hashdump
domain hashdump always needs to load extapi to work
2017-11-15 11:08:17 -06:00
David Maloney ad98c9c156 fix Windows server 2016 support for domain_hashdump
The domain hashdump psot module should now work
against Server 2016 DCs.
2017-11-15 11:08:06 -06:00
Martin Pizala 33e5508bcb
bypass user namespaces 2017-11-15 15:14:58 +01:00
William Vu f3e2f4d500
Land #9167, D-Link DIR-850L exploit 2017-11-10 18:15:39 -06:00
William Vu 3936d3baa1 Clean up module 2017-11-10 18:15:22 -06:00
Martin Pizala 971ec80fc1
Keep the python target 2017-11-10 23:11:27 +01:00
Steven Patterson df2b62dc27
Add Mako Server CMD injection Linux support, update docs, move to multi 2017-11-10 16:28:39 -05:00
William Vu ea260e87b7 Remove headers, since we didn't send them before
http was an invalid key for setting headers, and we still got a shell.
These headers also don't seem relevant to the PUT request.
2017-11-09 11:06:50 -06:00
William Vu 7213e6cc49 Fix #9133, makoserver_cmd_exec cleanup 2017-11-09 10:52:03 -06:00
h00die 52888871e3
Land #8747 RCE for Geutebrueck GCore on Windows 2017-11-08 20:22:54 -05:00
h00die 7ad151e68b gcore formatting update 2017-11-08 20:21:40 -05:00
Adam Cammack 39916ef61a
Land #9133, Command injection in Mako Server examples 2017-11-08 15:11:01 -06:00
William Vu b7c604f941
Land #9189, s/patrick/aushack/g 2017-11-08 10:27:03 -06:00