wchen-r7
53e9bd7f51
This line does nothing
2016-01-22 18:55:45 -06:00
wchen-r7
0f9cf812b7
Bring wordpress_xmlrpc_login back, make wordpress_multicall as new
2016-01-22 18:54:20 -06:00
William Vu
1b386fa7f1
Add targets to avoid ARCH_ALL payload confusion
2016-01-22 16:45:10 -06:00
Christian Mehlmauer
51eb79adc7
first try in changing class names
2016-01-22 23:36:37 +01:00
wchen-r7
a3cafc3bae
Update PHP meterpreter size
2016-01-22 15:14:18 -06:00
wchen-r7
91db2597c7
normalize URIs
2016-01-22 11:27:26 -06:00
wchen-r7
b02c762b93
Grab zeroSteiner's module/jenkins-cmd branch
2016-01-22 10:17:32 -06:00
Lutz Wolf
99de466a4d
Bugfix: specify scripting language
2016-01-22 15:00:10 +01:00
Christian Mehlmauer
484d57614a
remove re-registered ssl options
2016-01-22 09:54:52 +01:00
Brent Cook
dc6dd55fe4
Shrink the size of ms08_067 so that it again works with bind_tcp
...
In #6283 , we discovered that ms08_067 was busted with reverse_tcp. The
solution was to bump the amount of space needed to help with encoding.
However, we flew a little too close to the sun, and introduced a
regression with bind_tcp on Windows XP SP2 EN where the payload stages
but does not run.
This shrinks the payload just enough to make bind_tcp work again, but
reverse_tcp also continues to work as expected.
2016-01-21 19:37:09 -06:00
wchen-r7
216986f7af
Do API documentation, rspec, and other small changes
2016-01-21 17:22:14 -06:00
wchen-r7
d515e4db64
Unwanted comment
2016-01-21 00:55:08 -06:00
wchen-r7
bda76c7340
Update lastpass_creds module
2016-01-21 00:53:16 -06:00
KINGSABRI
a8feb8cad5
make passwords faster for reading huge wordlest files
2016-01-21 03:32:50 +03:00
KINGSABRI
4cb19c75a6
Enhance the module and add version check
2016-01-21 03:19:31 +03:00
wchen-r7
fcaef76215
Do a version check
...
This attack is not suitable for newer versions due to the
mitigation in place.
2016-01-20 17:14:44 -06:00
rastating
a7cd5991ac
Add encoding of the upload path into the module
2016-01-17 22:44:41 +00:00
rastating
5660c1238b
Fix problem causing upload to fail on versions 1.2 and 1.3 of theme
2016-01-17 18:44:00 +00:00
Martin Vigo
348ae586a7
Handle vault parsing exceptions
2016-01-15 14:54:59 -08:00
kfr-ma
3d04f405b4
Update telisca_ips_lock_control.rb
...
commit the changes mad by sinn3r and replace headers on lock and unlock
2016-01-15 15:05:24 +00:00
wchen-r7
477dc64e1e
Rename module
2016-01-14 19:45:00 -06:00
wchen-r7
eb6cff77bc
Update the code to today's standards
...
Mainly making sure it is following the Ruby style guide, and
avoid unrecommended coding practices.
2016-01-14 19:38:59 -06:00
OJ
e7e63d92be
Land #6467 : fix missing requires in payloads
...
Fixes #6460
2016-01-15 07:42:14 +10:00
William Vu
fec75c1daa
Land #6457 , FileDropper for axis2_deployer
2016-01-14 15:10:05 -06:00
Brent Cook
28cf943bcb
Fix a couple of missing requires in payloads.
...
This pops up occasionally. This fixes a couple of anecdotal reports of missing
requires that cause the loader to fail, depending on the directory sort order.
It also fixes the problem as reported in #6460
2016-01-14 13:17:26 -06:00
Brent Cook
8479d01029
Land #6450 , add TLS support to MSSQL
2016-01-14 12:17:40 -06:00
Brent Cook
37178cda06
Land #6449 , properly handle HttpServer resource collisions
2016-01-14 12:15:18 -06:00
William Vu
7e1446d8fa
Land #6400 , iis_webdav_upload_asp improvements
2016-01-14 12:12:33 -06:00
kfr-ma
46f06516ad
Update /telisca_ips_lock_abuse
...
cleaning the code
2016-01-14 11:13:10 +00:00
Rory McNamara
0216d027f9
Use OptEnum instead of OptString
2016-01-14 09:06:45 +00:00
Fakhir Karim Reda
c18253d313
deleted: modules/auxiliary/scanner/http/symantec_brightmail_ldapcreds.rb
2016-01-14 00:03:25 +00:00
Fakhir Karim Reda
60ef1eae90
adding modules/auxiliary/voip/telisca_ips_lock_abuse.rb
2016-01-14 00:00:04 +00:00
Fakhir Karim Reda
1e37ff9701
Merge branch 'master' of github:kfr-ma/metasploit-framework into test_telisca_ipslock
...
merge
2016-01-13 23:20:50 +00:00
Fakhir Karim Reda
01b8302db1
delte modules/auxiliary/scanner/voice/telisca_ips_lock_abuse.rb
2016-01-13 23:19:35 +00:00
Fakhir Karim Reda
1b9563b82a
rm modules/auxiliary/voip/telisca_ips_lock_abuse
2016-01-13 23:09:35 +00:00
Fakhir Karim Reda
c68d2a8e0a
replace telisca_ips_lock_abuse.rb
2016-01-13 22:59:18 +00:00
Fakhir Karim Reda
457e569f3b
replacing telisca-ips-lock
2016-01-13 22:50:58 +00:00
Karim Reda Fakhir
8b03b719e8
Adding auxialiary modules :
...
+ symantec_brightmail_ldapcreds.rb
+ telisca_ips_lock_abuse.rb
2016-01-13 15:19:07 +00:00
Rory McNamara
564b4807a2
Add METHOD to simple_backdoors_exec
2016-01-13 14:42:11 +00:00
Rory McNamara
889a5d40a1
Add VAR to simple_backdoors_exec
2016-01-13 13:46:26 +00:00
wchen-r7
315d079ae8
Land #6402 , Add Post Module for Windows Priv Based Meterpreter Migration
...
We are also replacing smart_migrate with this.
2016-01-13 01:21:32 -06:00
wchen-r7
6deb57dca3
Deprecate post/windows/manage/smart_migrate and other things
...
This includes:
* Give credit to thelightcosine in priv_migrate
* Deprecate smart_migrate
* Update InitialAutoRunScript for winrm_script_exec
2016-01-12 23:14:13 -06:00
wchen-r7
514199e88f
Register early so the cleanup can actually rm the file
2016-01-12 15:22:03 -06:00
Meatballs
7128c408c8
Land #6375 , Active Directory Managed Groups Enumeration
2016-01-12 11:21:31 +00:00
Meatballs
4ba2d56f49
Just search on DN for samaccountname
2016-01-12 11:20:20 +00:00
Martin Vigo
3bee2fff70
Use native method dir
2016-01-08 16:06:24 -08:00
James Lee
88ef3076e4
Land #6441 , x86/BMP polyglot encoder
2016-01-08 17:09:24 -06:00
wchen-r7
78bc394f80
Fix #6268 , Use FileDropper for axis2_deployer
...
Fix #6268
2016-01-08 17:09:09 -06:00
David Maloney
5e6620f2cf
add yard doc and lexical sorting
...
lexical sort methods and add missing YARD docs
2016-01-08 14:36:21 -06:00
David Maloney
536378e023
move datastore kill check to kill method
...
move the datastore check for datatstore['KILL']
into the actual kill method for sake of DRYness
2016-01-08 14:31:42 -06:00
David Maloney
9716b97e1c
split up the migration efforts
...
move admin and suer migrations into
seperate methods for enhanced readability
and maintainability
2016-01-08 14:26:39 -06:00
David Maloney
ad50f9a047
move default targets to constants
...
cleanup the way the target lists get populated
to use constants and be a little cleaner and dryer
2016-01-08 14:03:30 -06:00
Martin Vigo
8c6bdd532b
Use ? for SQL queries
2016-01-07 22:50:23 -08:00
Martin Vigo
b46095f3d6
Remove custom method checking file exists
2016-01-07 22:21:10 -08:00
Martin Vigo
e7701b6d5f
Fix incoherent method to always return a list
2016-01-07 22:17:04 -08:00
Jonathan Harms
5266860cec
Squashed more commits back into 1
2016-01-07 17:53:49 -06:00
wchen-r7
6a2b4c2530
Fix #6445 , Unexpected HttpServer terminations
...
Fix #6445
Problem:
When an HttpServer instance is trying to register a resource that
is already taken, it causes all HttpServers to terminate, which
is not a desired behavior.
Root Cause:
It appears the Msf::Exploit::Remote::TcpServer#stop_service method
is causing the problem. When the service is being detected as an
HttpServer, the #stop method used actually causes all servers to
stop, not just for a specific one. This stopping route was
introduced in 04772c8946
, when Juan
noticed that the java_rmi_server exploit could not be run again
after the first time.
Solution:
Special case the stopping routine on the module's level, and not
universal.
2016-01-07 16:55:41 -06:00
Spencer McIntyre
24290dc169
Address x86/Bmp polyglot encoder feedback
2016-01-07 10:23:32 -05:00
joev
22a0d970da
Don't delete the payload after running.
2016-01-07 02:26:01 -06:00
joev
fb99c61089
Remove print_status statement.
2016-01-07 01:17:49 -06:00
joev
210f065427
Add a background option for the echo cmdstager.
2016-01-07 01:16:08 -06:00
Josh
4e99c873c8
Fix issue when target_pid == current_pid
2016-01-06 19:58:07 -06:00
Josh
60c506d7fb
Replace error handling methods
2016-01-06 18:53:54 -06:00
Tyler Bennett
c245e64239
added peer to each print statement and rex table
2016-01-06 13:22:30 -05:00
wchen-r7
6e65d1d871
Land #6411 , chinese caidao asp/aspx/php backdoor bruteforce
2016-01-06 12:03:17 -06:00
wchen-r7
bdda8650a2
Do not support username, because the backdoor doesn't use one
2016-01-06 02:02:11 -06:00
Spencer McIntyre
cca0ba3efe
Add an x86/Bitmap polyglot encoder
2016-01-05 23:17:34 -05:00
Jon Hart
d626d7f0c9
Land #6416 , @all3g's rewrite/improvements to redis_server
2016-01-05 19:02:26 -08:00
Jon Hart
90ea88e5ba
Make command used configurable
2016-01-05 16:23:10 -08:00
Jon Hart
3ccdd12ecb
Put peer first in all prints
2016-01-05 16:09:50 -08:00
Jon Hart
1d997234cb
Remove unnecessary degistering of RHOST
2016-01-05 16:08:18 -08:00
g0tmi1k
d7061e8110
OCD fixes
2016-01-05 23:28:56 +00:00
Tyler Bennett
aa2922e6c3
added in verbose mode for ddns and fixed report_email_creds issue
2016-01-05 14:54:48 -05:00
wchen-r7
6cfaf93337
Land #6433 , Add D-Link DCS-931L File Upload
2016-01-05 13:16:11 -06:00
wchen-r7
7259d2a65c
Use unless instead of if !
2016-01-05 13:05:01 -06:00
nixawk
8a76bbafff
Add peer to vprint_error
2016-01-06 01:51:23 +08:00
Jon Hart
eef154420b
This is a scanner, so vprint things that occur frequently
2016-01-05 09:06:36 -08:00
Jon Hart
63324bd77d
Rescue correct exceptions
2016-01-05 09:05:32 -08:00
Jon Hart
1b48556456
Use cleaner hash syntax
2016-01-05 09:05:32 -08:00
nixawk
9714923824
ensure disconnect / remove self.class from register_options
2016-01-06 00:54:54 +08:00
William Vu
9f1ceb4b3b
Land #6426 , enable_rdp typo fix
2016-01-05 10:17:25 -06:00
William Vu
6cb9ad0d72
Land #6435 , unaligned def/end fix
2016-01-05 09:59:25 -06:00
nixawk
c3158497c0
rebuild / add check_setup / send_request
2016-01-05 15:10:26 +08:00
nixawk
cbbbd9a7e7
end is not aligned with def
2016-01-05 14:07:43 +08:00
nixawk
20cd156047
replace auxiliary/scanner/misc/redis_server with auxiliary/scanner/redis/redis_server
2016-01-05 13:14:40 +08:00
Brendan Coles
7907c93047
Add D-Link DCS-931L File Upload module
2016-01-05 04:15:38 +00:00
William Vu
3990c021c2
Land #6318 , updates for ssh_identify_pubkeys
2016-01-04 13:27:38 -06:00
William Vu
6f01df3f79
Clean up module
2016-01-04 13:26:03 -06:00
William Vu
58c047200d
Land #6305 , creds update for owa_login
2016-01-04 10:52:39 -06:00
Vincent Yiu
30a866a85b
Update enable_rdp.rb
...
Fixed some typos.
2016-01-04 09:52:57 +00:00
joev
00dc6364b5
Add support for native target in addjsif exploit.
2016-01-03 01:07:36 -06:00
joev
0436375c6f
Change require to module level.
2016-01-02 23:06:23 -06:00
joev
3a14620dba
Update linemax to match max packet size.
2016-01-02 23:00:46 -06:00
joev
d64048cd48
Rename to match gdb_server_exec module.
2016-01-02 22:45:27 -06:00
joev
dcd36b74db
Last mile polish and tweaks.
2016-01-02 22:41:38 -06:00
joev
22aae81006
Rename to exec_payload.
2016-01-02 14:13:54 -06:00
joev
6575f4fe4a
Use the cmdstager mixin.
2016-01-02 14:09:56 -06:00
joev
a88471dc8d
Add ADB client and module for obtaining shell.
2016-01-02 01:13:53 -06:00
nixawk
a6914df3e3
rename LOGIN_URL to TARGETURI
2015-12-31 22:21:34 +08:00
nixawk
370351ca88
chinese caidao asp/aspx/php backdoor bruteforce
2015-12-31 15:17:01 +08:00
Kyle Gray
47f9880690
Land #6395 , grammar fixes for recovery_files.rb
...
Improves grammar and details within the description of /post/windows/gather/forensics/recovery_files.rb
2015-12-28 15:57:41 -06:00
William Vu
cf0e982e83
Land #6386 , VNC creds module fix
2015-12-28 02:32:26 -06:00
William Vu
6b9c74eec7
Prefer gsub and nix the return
2015-12-28 02:31:47 -06:00
Josh
0de69a9d40
Add post Windows privilege based migrate
2015-12-27 19:26:21 -06:00
Brendan Coles
47261c27d4
Add EasyCafe Server Remote File Access module
2015-12-27 12:00:50 +00:00
g0tmi1k
9120a6aa76
iis_webdav_upload_asp: Add COPY and a few other tricks
2015-12-26 16:01:46 +00:00
Brent Cook
e23b5c5435
Land #6179 , add NTP initial crypto nak spoofing module
2015-12-24 15:46:18 -06:00
Brent Cook
04f755dd51
Land #6367 , MS15-134 Microsoft Windows Media Center MCL Information Disclosure
2015-12-24 15:24:42 -06:00
Jon Hart
283cf5b869
Update msftidy to catch more potential URL vs PACKETSTORM warnings
...
Fix the affected modules
2015-12-24 09:12:24 -08:00
Jon Hart
27a6aa0be1
Fix current msftidy warnings about PACKETSTORM vs URL
2015-12-24 09:05:02 -08:00
Jon Hart
efdb6a8885
Land #6392 , @wchen-r7's 'def peer' cleanup, fixing #6362
2015-12-24 08:53:32 -08:00
wchen-r7
e191bf8ac3
Update description, and fix a typo
2015-12-24 10:35:05 -06:00
Jon Hart
f8943f4821
Remove peer; defined in lib/msf/core/post/common.rb
2015-12-24 07:57:16 -08:00
Jon Hart
3535cf3d18
Remove peer; included via HttpClient in lib/msf/core/exploit/mssql_sqli.rb
2015-12-24 07:51:12 -08:00
Jon Hart
0f2f2a3d08
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/mysql.rb
2015-12-24 07:46:55 -08:00
Jon Hart
cb752a4bcf
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/mysql.rb
2015-12-24 07:46:23 -08:00
Jon Hart
c55f61d2d7
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/smtp.rb
2015-12-24 07:44:36 -08:00
karllll
431c6001a8
Fix recovery_files.rb Description grammar errors
2015-12-24 10:10:39 -05:00
Brent Cook
e4f9594646
Land #6331 , ensure generic payloads raise correct exceptions on failure
2015-12-23 15:43:12 -06:00
Brent Cook
7444f24721
update whitespace / syntax for java_calendar_deserialize
2015-12-23 15:42:27 -06:00
Jon Hart
e3eafff7c9
Land #6237 , @jww519's aux module for Android CVE-2012-6301
2015-12-23 13:27:09 -08:00
Brent Cook
6eda702b25
Land #6292 , add reverse_tcp command shell for Z/OS (MVS)
2015-12-23 14:11:37 -06:00
wchen-r7
cea3bc27b9
Fix #6362 , avoid overriding def peer repeatedly
...
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
Brent Cook
493700be3a
remove duplicate key warning from Ruby 2.2.x
...
This gets rid of the warning:
modules/exploits/multi/http/uptime_file_upload_2.rb:283: warning: duplicated key at line 284 ignored: "newuser"
2015-12-23 10:39:35 -06:00
Christian Mehlmauer
424e7b6bfe
Land #6384 , more joomla rce references
2015-12-22 22:54:58 +01:00
JT
18398afb56
Update joomla_http_header_rce.rb
2015-12-23 05:48:26 +08:00
JT
cc40c61848
Update joomla_http_header_rce.rb
2015-12-23 05:38:57 +08:00
wchen-r7
21b628aa02
Land #6387 , update exploits/multi/http/joomla_http_header_rce
...
Use the new Joomla mixin
2015-12-22 15:01:55 -06:00
wchen-r7
9063ee44f4
Land #6381 , Fix post/multi/manage/shell_to_meterprete uname
2015-12-22 14:44:28 -06:00
Christian Mehlmauer
f6eaff5d96
use the new and shiny joomla mixin
2015-12-22 21:36:42 +01:00
Christian Mehlmauer
57b850c7af
Land #6373 , joomla mixin
2015-12-22 21:10:46 +01:00
g0tmi1k
2f71730484
Gather VNC null byte fix + formatting
2015-12-22 17:30:37 +00:00
JT
314e902098
Add original exploit discoverer and exploit-db ref
...
Adding Gary @ Sec-1 ltd for the original exploit and two exploit-db references. Marc-Alexandre Montpas modified Gary's exploit that uses "User-Agent" header. Marc-Alexandre Montpas used "X-FORWARDED-FOR" header to avoid default logged to access.log
2015-12-22 22:44:59 +08:00
Rory McNamara
45b9230efb
Redirect python stderr to stdout, darwin python platform
2015-12-22 11:32:31 +00:00
Tim
be9197fc97
quick fix for issues #6359
2015-12-22 03:26:31 +00:00
Tim
f9d74143c3
fix typo
2015-12-22 03:25:34 +00:00
Louis Sato
3034cd22df
Land #6372 , fix psexec nil bug + missing return
2015-12-21 10:59:10 -06:00
William Vu
f129c0363e
Fix broken logic
...
Forgot to set retval when I removed the ensure.
2015-12-21 10:52:03 -06:00
Stuart Morgan
e8c8c54cb0
Use a regex with a negative lookbehind to cope with CNs that contain commas
2015-12-21 11:44:37 +00:00
Stuart Morgan
b0fca769d7
capitalisation
2015-12-21 10:39:30 +00:00
Stuart Morgan
9493b333df
rubocop
2015-12-20 21:22:03 +00:00
Stuart Morgan
c394caad27
actually made the securitygroups only option do something
2015-12-20 21:19:24 +00:00
Stuart Morgan
07caaf352b
made comment match purpose
2015-12-20 21:18:21 +00:00
Stuart Morgan
c0a93433af
msftidy
2015-12-20 21:16:42 +00:00
Stuart Morgan
89728fd8fe
Working version
2015-12-20 21:16:17 +00:00
Stuart Morgan
ae09549057
New module, strating with managedby_groups
2015-12-20 20:17:06 +00:00
Martin Vigo
2ddac42be7
Perform Rubocop cleanup
2015-12-19 23:33:32 -08:00
Martin Vigo
2fc940cc3e
Decrypt Chrome and Opera cookies and msdftify code
2015-12-19 22:19:20 -08:00
Martin Vigo
ab630166bb
Decrypt Chrome and Opera cookies and msdftify code
2015-12-19 21:40:30 -08:00
wchen-r7
08bddab568
File name should be the same as the datastore option
2015-12-18 21:22:55 -06:00
wchen-r7
7d8ecf2341
Add Joomla mixin
2015-12-18 21:14:04 -06:00
Louis Sato
726578b189
Land #6370 , add joomla reference
2015-12-18 17:05:07 -06:00
Louis Sato
56636f3337
Land #6368 , remove uptime_file_upload.rb
2015-12-18 17:02:04 -06:00
William Vu
afe4861195
Fix nil bug and missing return
2015-12-18 15:54:51 -06:00
William Vu
ef90ffa7b5
Fix #6356 , requote NTDS.DIT path
2015-12-18 15:41:48 -06:00
William Vu
6afcc13774
Requote file path
2015-12-18 15:41:38 -06:00
William Vu
309deb52f5
Land #6356 , NTDS.DIT location finder
2015-12-18 15:33:00 -06:00
William Vu
06a2bb53bd
Clean up module
2015-12-18 15:29:15 -06:00
Christian Mehlmauer
fb6ede80c9
add joomla reference
2015-12-18 18:27:48 +01:00
wchen-r7
485196af4e
Remove modules/exploits/multi/http/uptime_file_upload.rb
...
Please use exploit/multi/http/uptime_file_upload_1 for exploiting
post2file.php on an older version of uptime.
If you are exploiting uptime that is patched against
exploit/multi/http/uptime_file_upload_1, then you may want to try
exploit/multi/http/uptime_file_upload_2.
2015-12-17 23:01:57 -06:00
wchen-r7
5f5b3ec6a1
Add MS15-134 Microsoft Windows Media Center MCL Information Disclosure
...
CVE-2015-6127
2015-12-17 22:41:58 -06:00
Martin Vigo
ccb13a2ca6
Add full IE support and bug fixes
2015-12-17 20:29:50 -08:00
Jon Hart
a8bb750db7
Address style/usability concerns in Android CVE-2012-6301 module
2015-12-17 13:45:32 -08:00
Brent Cook
0c0219d7b7
Land #6357 , cleanup redis rdbcompression options
2015-12-17 10:45:11 -06:00
Jon Hart
f3ac8a2cc0
Land #6360 , @pyllyukko's reference cleanup for ipmi_dumphashes
2015-12-16 22:03:40 -08:00
wchen-r7
06f1949e2c
Land #6355 , Joomla HTTP Header Unauthenticated Remote Code Execution
...
CVE-2015-8562
2015-12-16 17:55:51 -06:00
Christian Mehlmauer
8c43ecbfaf
add random terminator and clarify target
2015-12-17 00:08:52 +01:00
Gregory Mikeska
2106a47441
Merge branch 'pr/6357' into upstream-master
2015-12-16 16:02:48 -06:00
Christian Mehlmauer
08d0ffd709
implement @wvu-r7 's feedback
2015-12-16 22:44:01 +01:00
Christian Mehlmauer
76438dfb2f
implement @wchen-r7 's suggestions
2015-12-16 20:31:43 +01:00
Jon Hart
865e2a7c18
Only test/reset rdbcompression if told to and redis is configured that way
2015-12-16 11:20:13 -08:00
Jon Hart
f616ee14a8
Dont abort if compression can't be disabled
2015-12-16 11:11:00 -08:00
Jon Hart
12764660b2
Remove compression bits from description; remove unnecessary module options; require DISABLE_RDBCOMPRESSION
2015-12-16 11:07:27 -08:00
Christian Mehlmauer
b43d580276
try to detect joomla version
2015-12-16 16:16:59 +01:00
Christian Mehlmauer
30f90f35e9
also check for debian version number
2015-12-16 15:19:33 +01:00
Christian Mehlmauer
67eba0d708
update description
2015-12-16 14:46:00 +01:00
Christian Mehlmauer
fa3fb1affc
better ubuntu version check
2015-12-16 14:18:44 +01:00
Christian Mehlmauer
60181feb51
more ubuntu checks
2015-12-16 14:02:26 +01:00
Christian Mehlmauer
934c6282a5
check for nil
2015-12-16 13:52:06 +01:00
Christian Mehlmauer
2661cc5899
check ubuntu specific version
2015-12-16 13:49:07 +01:00
Christian Mehlmauer
675dff3b6f
use Gem::Version for version compare
2015-12-16 13:04:15 +01:00
pyllyukko
d110c6cc73
Added few references to ipmi_dumphashes
2015-12-16 13:36:37 +02:00
Christian Mehlmauer
01b943ec93
fix check method
2015-12-16 07:26:25 +01:00
Christian Mehlmauer
595645bcd7
update description
2015-12-16 07:03:01 +01:00
Christian Mehlmauer
d80a7e662f
some formatting
2015-12-16 06:57:06 +01:00
Christian Mehlmauer
c2795d58cb
use target_uri.path
2015-12-16 06:55:23 +01:00
Christian Mehlmauer
2e54cd2ca7
update description
2015-12-16 06:42:41 +01:00
nixawk
342ce05ff7
add a DISABLE_RDBCOMPRESSION option for redis file_upload
2015-12-16 04:28:52 +00:00
Christian Mehlmauer
d4ade7a1fd
update check method
2015-12-16 00:18:39 +01:00
Stuart Morgan
2c29298485
undoing this, put in a separate module
2015-12-15 23:16:21 +00:00
Stuart Morgan
5dd8cb7648
proper type conversions
2015-12-15 23:13:02 +00:00
Stuart Morgan
fef9a84548
rubocop
2015-12-15 23:12:14 +00:00
Stuart Morgan
a2b30ff16e
msftidy
2015-12-15 23:11:40 +00:00
Stuart Morgan
281966023c
Final version
2015-12-15 23:10:06 +00:00
Stuart Morgan
7fa453b7ff
Added module
2015-12-15 22:31:00 +00:00
Tyler Bennett
5bb8dbcafc
added peer to users table
2015-12-15 16:45:45 -05:00
Stuart Morgan
059de62400
Editing an existing module rather than adding a new one
2015-12-15 21:36:39 +00:00
Tyler Bennett
797bd9e04d
added peer to each table and added each users groups to the users table
2015-12-15 16:31:25 -05:00
Stuart Morgan
4a66b487de
Based on putty enum module
2015-12-15 21:28:13 +00:00
Christian Mehlmauer
c603430228
fix version check
2015-12-15 18:26:21 +01:00
wchen-r7
b9b280954b
Add a check for joomla
2015-12-15 11:03:36 -06:00
Christian Mehlmauer
e4309790f5
renamed module because X-FORWARDED-FOR header is also working
2015-12-15 17:37:45 +01:00
Christian Mehlmauer
84d5067abe
add joomla RCE module
2015-12-15 17:20:49 +01:00
wchen-r7
ab3fe64b6e
Add method peer for jenkins_java_deserialize.rb
2015-12-15 01:18:27 -06:00
Jon Hart
b78f7b4d55
Land #6319 , @all3g's module for abusing redis to achieve file uploads
2015-12-14 18:00:44 -08:00
Tyler Bennett
bda6c940cf
fixed issues with printing of tables and cleaned up output a bit removed unecessary prints
2015-12-14 16:23:18 -05:00
Jon Hart
e448bc3e27
If saving fails, print_error and mention permissions
2015-12-14 10:47:05 -08:00
Jon Hart
19acd366d6
Rename redis file upload module; remove the 'auth' part
2015-12-14 10:40:28 -08:00
Tod Beardsley
30c805d9c7
Land #6344 , R7-2015-22 / CVE-2015-8249
2015-12-14 12:30:51 -06:00
Tod Beardsley
b25aae3602
Add refs to module
...
See rapid7#6344.
2015-12-14 12:05:46 -06:00
Brent Cook
c00f05faba
Land #6346 , jenkins_java_deserialize check reliability fixes
2015-12-14 11:44:33 -06:00
William Vu
b085989923
Land #6266 , rsync creds scraper
2015-12-14 11:37:30 -06:00
wchen-r7
bd8aea2618
Fix check for jenkins_java_deserialize.rb
...
This fixes the following:
* nil return value checks
* handle missing X-Jenkins-CLI-Port scenario more properly
* proper HTTP path normalization
2015-12-14 11:25:59 -06:00
wchen-r7
5ffc80dc20
Add ManageEngine ConnectionId Arbitrary File Upload Vulnerability
2015-12-14 10:51:59 -06:00
Spencer McIntyre
4e492a1b0c
Add an additional grammar change to the listener option
2015-12-13 12:04:20 -05:00
radekk
90a523fb0a
Typos inside parameters description.
2015-12-12 22:48:20 +01:00
Vex Woo
dee23e4bda
Merge pull request #3 from jhart-r7/pr/fixup-6319
...
Cleanup redis unauth_file_upload, move redis stuff to mixin
2015-12-12 03:32:05 +00:00
dmohanty-r7
eb4611642d
Add Jenkins CLI Java serialization exploit module
...
CVE-2015-8103
2015-12-11 14:57:10 -06:00
Jon Hart
9ef46140c0
Improve output when success
2015-12-11 10:10:44 -08:00
Jon Hart
32a64c3d8e
Make auth easier, work automatically and on older redis versions
...
Also, improve check
2015-12-11 10:04:47 -08:00
Jon Hart
ac47c87af4
Move Password option to redis mixin
2015-12-11 08:53:11 -08:00
Jon Hart
38d0b0a0f2
Wire in @all3g's redis auth code
2015-12-11 08:42:59 -08:00
Tyler Bennett
c000e590d4
verified table values are correctly typed as Strs, but it still fails to print the tables
2015-12-10 15:51:59 -05:00
Jon Hart
555e52e416
Document the redis upload process more
2015-12-10 09:35:46 -08:00
Jon Hart
48a27170c2
Document process better, delete correct key
2015-12-10 09:13:13 -08:00
Jon Hart
d2f54af23f
Reset the dir and dbfilename back to their original settings
2015-12-10 08:56:24 -08:00
Jon Hart
21ab4e96e5
First pass at redis mixin
2015-12-10 08:29:59 -08:00
karllll
a5c6e260f2
Update hp_vsa_login_bof.rb
...
Updated reference URL to latest location
2015-12-10 10:56:39 -05:00
William Vu
563be5c207
Land #6322 , another Perl IRC bot exploit
2015-12-10 09:43:07 -06:00
William Vu
a945350821
Land #6307 , Perl IRC bot exploit
2015-12-10 09:42:35 -06:00
nixawk
0d8fc78257
make code more clear
2015-12-10 15:13:50 +00:00
nixawk
42013c18ba
add a password option - AUTH_KEY
2015-12-10 08:24:47 +00:00
nixawk
28bc5b4d4f
move it from exploit to auxiliary
2015-12-10 08:23:38 +00:00
Jon Hart
4cc7853ad8
Don't run_host unless check returns vulnerable; report_service
2015-12-09 18:33:40 -08:00
Jon Hart
624e5aeffa
First pass at converting redis module to aux; style cleanup
2015-12-09 17:59:48 -08:00
Tyler Bennett
c2ef7be217
cleaned up regex isseus and added the appropriate rex tables. Having issues with printing them due to type errors, but Im working on it
2015-12-09 17:49:38 -05:00
wchen-r7
11c1eb6c78
Raise Msf::NoCompatiblePayloadError if generate_payload_exe fails
...
Most exploits don't check nil for generate_payload_exe, they just
assume they will always have a payload. If the method returns nil,
it ends up making debugging more difficult. Instead of checking nil
one by one, we just raise.
2015-12-08 21:13:23 -06:00
Jon Hart
39da306b1d
Land #6057 , @danilbaz's module for dumping Bitlocker master key (FVEK)
2015-12-08 18:16:39 -08:00
Tyler Bennett
e574c844de
added rex table for channels func, has an issues with TypeError no implicit conversion of String into Integer upon building the table
2015-12-08 18:19:30 -05:00
Tyler Bennett
48cd350711
updated authors list with contributors
2015-12-08 16:29:00 -05:00
Tyler Bennett
92d56cd050
cleaned up uncessary Rex Tables working on the rest of them for users, groups and channels
2015-12-08 16:24:47 -05:00
wchen-r7
080ec26afb
Land #4489 , Update SMB admin modules to use Scanner & fixes
2015-12-08 14:49:26 -06:00
Jon Hart
ed8076f361
Merge branch 'master' into pr/6197
2015-12-08 12:08:15 -08:00
Jon Hart
2177b979fd
Update SessionTypes command to describe why shell is not listed
2015-12-08 12:06:47 -08:00
Jon Hart
3890961155
Correct SEP client exclusion enumeration
2015-12-08 10:16:25 -08:00
wchen-r7
7378e7b128
Do elog() when print_error()
2015-12-08 11:06:59 -06:00
BAZIN-HSC
be5f648969
manage-bde.exe path test if in System32 or sysnative
2015-12-08 16:14:13 +01:00
wchen-r7
53acfd7ce3
Land #6303 , Add phpFileManager 0.9.8 Remote Code Execution
2015-12-07 21:13:48 -06:00
wchen-r7
ea3c7cb35b
Minor edits
2015-12-07 21:13:14 -06:00
Tyler Bennett
75e31c252e
added rex table for nas settings, still working on users and hashes rex table
2015-12-07 14:48:28 -05:00