Brent Cook
51a18b68fe
Land #9211 , handle 2016 DC's with hashdump gracefully
2017-11-29 17:26:33 -06:00
Tim W
58897bf2fc
msftidy
2017-11-29 16:36:50 +08:00
Tim W
7f1f7281f1
add local exploit for osx root login with no password
2017-11-29 16:06:02 +08:00
bwatters-r7
244acc48b6
Land #9212 , pfsense group member exec module
2017-11-27 11:27:29 -06:00
Brent Cook
2c6cfabbc3
Land #8948 , allow configuring payload HTTP headers for domain fronting
2017-11-25 10:08:22 -06:00
Brent Cook
8645a518b3
add mettle support for custom headers
2017-11-24 20:27:34 -06:00
vipzen
0d79a3a3e2
Add support to Windows .NET Server
2017-11-23 08:35:55 -02:00
Adam Cammack
778e69f929
Land #9229 , Randomize slowloris HTTP headers
2017-11-22 14:42:24 -06:00
attackdebris
ae43883e2b
Fix mongodb_login typo
2017-11-22 08:03:12 -05:00
Jon Hart
879db5cf38
Land #9050 , @mpizala's improvements to the docker_daemon_tcp module
2017-11-21 17:13:24 -08:00
Matthew Kienow
785e5944d6
Enhanced slowloris HTTP headers and minor cleanup
2017-11-21 18:19:20 -05:00
Matthew Kienow
b6c81e6da0
Reimplement slowloris as external module
2017-11-21 16:21:01 -05:00
Daniel Teixeira
db2bd22d86
Update slow_loris.rb
2017-11-21 15:49:45 -05:00
Matthew Kienow
e07fe77a69
Close sockets to resolve file handle error
2017-11-21 15:49:45 -05:00
Daniel Teixeira
52f56527d8
Update slow_loris.rb
2017-11-21 15:49:45 -05:00
Daniel Teixeira
74becb69e8
Update slow_loris.rb
2017-11-21 15:49:45 -05:00
Daniel Teixeira
b7bc68c843
Update slow_loris.rb
2017-11-21 15:49:44 -05:00
Daniel Teixeira
53123d92e2
Update slow_loris.rb
2017-11-21 15:49:44 -05:00
Daniel Teixeira
21a6d0bd6e
Update slow_loris.rb
2017-11-21 15:49:44 -05:00
Daniel Teixeira
60878215e0
Update slow_loris.rb
2017-11-21 15:49:43 -05:00
Daniel Teixeira
9457359b11
Update slow_loris.rb
2017-11-21 15:49:43 -05:00
Daniel Teixeira
29017b8926
Update slow_loris.rb
2017-11-21 15:49:43 -05:00
Daniel Teixeira
f79b41edde
Slow Loris
2017-11-21 15:48:11 -05:00
Brent Cook
a7932ffe0e
fix sizes
2017-11-21 14:31:14 -06:00
Brent Cook
4050985649
update payloads
2017-11-21 13:53:33 -06:00
Brent Cook
1fd7f7c8bc
prefix MeterpreterUserAgent and PayloadProxy* with Http for consistency,
...
this also adds aliases where needed
2017-11-21 13:47:19 -06:00
h00die
dd8238d146
rubocop got a donut
2017-11-20 20:08:28 -05:00
Adam Cammack
dd57138423
Make external module read loop more robust
...
Changes from a "hope we get at most one message at a time" model to
something beginning to resemble a state machine. Also logs error output
and fails the MSF module when the external module fails.
2017-11-20 16:52:05 -06:00
h00die
579d012fa2
spelling
2017-11-19 08:36:27 -05:00
h00die
b7f7afb3be
version detect, 2.2.6 handling
2017-11-19 08:28:07 -05:00
h00die
f8891952c6
pfsense group member exec module
2017-11-15 21:00:58 -05:00
Adam Cammack
c740f4369c
Land #9197 , Cleanup Mako Server exploit
2017-11-15 15:01:31 -06:00
Adam Cammack
4219959c6d
Bump ranking to Excellent
2017-11-15 15:00:47 -06:00
bwatters-r7
83c228f3b8
Make rubocop less mad
2017-11-15 14:06:36 -06:00
bwatters-r7
33a07beb30
Fix whitespace issues
2017-11-15 12:26:49 -06:00
bwatters-r7
53a068d13f
Add error handling for failed hashdumps
2017-11-15 11:08:35 -06:00
David Maloney
8b9e091e70
remove humorous typo
2017-11-15 11:08:25 -06:00
David Maloney
7162765b57
load extapi in domain_hashdump
...
domain hashdump always needs to load extapi to work
2017-11-15 11:08:17 -06:00
David Maloney
ad98c9c156
fix Windows server 2016 support for domain_hashdump
...
The domain hashdump psot module should now work
against Server 2016 DCs.
2017-11-15 11:08:06 -06:00
Martin Pizala
33e5508bcb
bypass user namespaces
2017-11-15 15:14:58 +01:00
William Vu
f3e2f4d500
Land #9167 , D-Link DIR-850L exploit
2017-11-10 18:15:39 -06:00
William Vu
3936d3baa1
Clean up module
2017-11-10 18:15:22 -06:00
Martin Pizala
971ec80fc1
Keep the python target
2017-11-10 23:11:27 +01:00
Steven Patterson
df2b62dc27
Add Mako Server CMD injection Linux support, update docs, move to multi
2017-11-10 16:28:39 -05:00
William Vu
ea260e87b7
Remove headers, since we didn't send them before
...
http was an invalid key for setting headers, and we still got a shell.
These headers also don't seem relevant to the PUT request.
2017-11-09 11:06:50 -06:00
William Vu
7213e6cc49
Fix #9133 , makoserver_cmd_exec cleanup
2017-11-09 10:52:03 -06:00
h00die
52888871e3
Land #8747 RCE for Geutebrueck GCore on Windows
2017-11-08 20:22:54 -05:00
h00die
7ad151e68b
gcore formatting update
2017-11-08 20:21:40 -05:00
Adam Cammack
39916ef61a
Land #9133 , Command injection in Mako Server examples
2017-11-08 15:11:01 -06:00
William Vu
b7c604f941
Land #9189 , s/patrick/aushack/g
2017-11-08 10:27:03 -06:00