1
mirror of https://github.com/rapid7/metasploit-framework synced 2024-10-29 18:07:27 +01:00
Commit Graph

19697 Commits

Author SHA1 Message Date
wchen-r7
53e9bd7f51 This line does nothing 2016-01-22 18:55:45 -06:00
wchen-r7
0f9cf812b7 Bring wordpress_xmlrpc_login back, make wordpress_multicall as new 2016-01-22 18:54:20 -06:00
William Vu
1b386fa7f1 Add targets to avoid ARCH_ALL payload confusion 2016-01-22 16:45:10 -06:00
Christian Mehlmauer
51eb79adc7 first try in changing class names 2016-01-22 23:36:37 +01:00
wchen-r7
a3cafc3bae Update PHP meterpreter size 2016-01-22 15:14:18 -06:00
wchen-r7
91db2597c7 normalize URIs 2016-01-22 11:27:26 -06:00
wchen-r7
b02c762b93 Grab zeroSteiner's module/jenkins-cmd branch 2016-01-22 10:17:32 -06:00
Lutz Wolf
99de466a4d Bugfix: specify scripting language 2016-01-22 15:00:10 +01:00
Christian Mehlmauer
484d57614a
remove re-registered ssl options 2016-01-22 09:54:52 +01:00
Brent Cook
dc6dd55fe4 Shrink the size of ms08_067 so that it again works with bind_tcp
In #6283, we discovered that ms08_067 was busted with reverse_tcp. The
solution was to bump the amount of space needed to help with encoding.
However, we flew a little too close to the sun, and introduced a
regression with bind_tcp on Windows XP SP2 EN where the payload stages
but does not run.

This shrinks the payload just enough to make bind_tcp work again, but
reverse_tcp also continues to work as expected.
2016-01-21 19:37:09 -06:00
wchen-r7
216986f7af Do API documentation, rspec, and other small changes 2016-01-21 17:22:14 -06:00
wchen-r7
d515e4db64 Unwanted comment 2016-01-21 00:55:08 -06:00
wchen-r7
bda76c7340 Update lastpass_creds module 2016-01-21 00:53:16 -06:00
KINGSABRI
a8feb8cad5 make passwords faster for reading huge wordlest files 2016-01-21 03:32:50 +03:00
KINGSABRI
4cb19c75a6 Enhance the module and add version check 2016-01-21 03:19:31 +03:00
wchen-r7
fcaef76215 Do a version check
This attack is not suitable for newer versions due to the
mitigation in place.
2016-01-20 17:14:44 -06:00
rastating
a7cd5991ac Add encoding of the upload path into the module 2016-01-17 22:44:41 +00:00
rastating
5660c1238b Fix problem causing upload to fail on versions 1.2 and 1.3 of theme 2016-01-17 18:44:00 +00:00
Martin Vigo
348ae586a7 Handle vault parsing exceptions 2016-01-15 14:54:59 -08:00
kfr-ma
3d04f405b4 Update telisca_ips_lock_control.rb
commit the changes mad by sinn3r and replace headers on lock and unlock
2016-01-15 15:05:24 +00:00
wchen-r7
477dc64e1e Rename module 2016-01-14 19:45:00 -06:00
wchen-r7
eb6cff77bc Update the code to today's standards
Mainly making sure it is following the Ruby style guide, and
avoid unrecommended coding practices.
2016-01-14 19:38:59 -06:00
OJ
e7e63d92be
Land #6467 : fix missing requires in payloads
Fixes #6460
2016-01-15 07:42:14 +10:00
William Vu
fec75c1daa
Land #6457, FileDropper for axis2_deployer 2016-01-14 15:10:05 -06:00
Brent Cook
28cf943bcb Fix a couple of missing requires in payloads.
This pops up occasionally. This fixes a couple of anecdotal reports of missing
requires that cause the loader to fail, depending on the directory sort order.

It also fixes the problem as reported in #6460
2016-01-14 13:17:26 -06:00
Brent Cook
8479d01029
Land #6450, add TLS support to MSSQL 2016-01-14 12:17:40 -06:00
Brent Cook
37178cda06
Land #6449, properly handle HttpServer resource collisions 2016-01-14 12:15:18 -06:00
William Vu
7e1446d8fa
Land #6400, iis_webdav_upload_asp improvements 2016-01-14 12:12:33 -06:00
kfr-ma
46f06516ad Update /telisca_ips_lock_abuse
cleaning the code
2016-01-14 11:13:10 +00:00
Rory McNamara
0216d027f9 Use OptEnum instead of OptString 2016-01-14 09:06:45 +00:00
Fakhir Karim Reda
c18253d313 deleted: modules/auxiliary/scanner/http/symantec_brightmail_ldapcreds.rb 2016-01-14 00:03:25 +00:00
Fakhir Karim Reda
60ef1eae90 adding modules/auxiliary/voip/telisca_ips_lock_abuse.rb 2016-01-14 00:00:04 +00:00
Fakhir Karim Reda
1e37ff9701 Merge branch 'master' of github:kfr-ma/metasploit-framework into test_telisca_ipslock
merge
2016-01-13 23:20:50 +00:00
Fakhir Karim Reda
01b8302db1 delte modules/auxiliary/scanner/voice/telisca_ips_lock_abuse.rb 2016-01-13 23:19:35 +00:00
Fakhir Karim Reda
1b9563b82a rm modules/auxiliary/voip/telisca_ips_lock_abuse 2016-01-13 23:09:35 +00:00
Fakhir Karim Reda
c68d2a8e0a replace telisca_ips_lock_abuse.rb 2016-01-13 22:59:18 +00:00
Fakhir Karim Reda
457e569f3b replacing telisca-ips-lock 2016-01-13 22:50:58 +00:00
Karim Reda Fakhir
8b03b719e8 Adding auxialiary modules :
+ symantec_brightmail_ldapcreds.rb
+ telisca_ips_lock_abuse.rb
2016-01-13 15:19:07 +00:00
Rory McNamara
564b4807a2 Add METHOD to simple_backdoors_exec 2016-01-13 14:42:11 +00:00
Rory McNamara
889a5d40a1 Add VAR to simple_backdoors_exec 2016-01-13 13:46:26 +00:00
wchen-r7
315d079ae8
Land #6402, Add Post Module for Windows Priv Based Meterpreter Migration
We are also replacing smart_migrate with this.
2016-01-13 01:21:32 -06:00
wchen-r7
6deb57dca3 Deprecate post/windows/manage/smart_migrate and other things
This includes:

* Give credit to thelightcosine in priv_migrate
* Deprecate smart_migrate
* Update InitialAutoRunScript for winrm_script_exec
2016-01-12 23:14:13 -06:00
wchen-r7
514199e88f Register early so the cleanup can actually rm the file 2016-01-12 15:22:03 -06:00
Meatballs
7128c408c8
Land #6375, Active Directory Managed Groups Enumeration 2016-01-12 11:21:31 +00:00
Meatballs
4ba2d56f49
Just search on DN for samaccountname 2016-01-12 11:20:20 +00:00
Martin Vigo
3bee2fff70 Use native method dir 2016-01-08 16:06:24 -08:00
James Lee
88ef3076e4
Land #6441, x86/BMP polyglot encoder 2016-01-08 17:09:24 -06:00
wchen-r7
78bc394f80 Fix #6268, Use FileDropper for axis2_deployer
Fix #6268
2016-01-08 17:09:09 -06:00
David Maloney
5e6620f2cf
add yard doc and lexical sorting
lexical sort methods and add missing YARD docs
2016-01-08 14:36:21 -06:00
David Maloney
536378e023
move datastore kill check to kill method
move the datastore check for datatstore['KILL']
into the actual kill method for sake of DRYness
2016-01-08 14:31:42 -06:00
David Maloney
9716b97e1c
split up the migration efforts
move admin and suer migrations into
seperate methods for enhanced readability
and maintainability
2016-01-08 14:26:39 -06:00
David Maloney
ad50f9a047
move default targets to constants
cleanup the way the target lists get populated
to use constants and be a little cleaner and dryer
2016-01-08 14:03:30 -06:00
Martin Vigo
8c6bdd532b Use ? for SQL queries 2016-01-07 22:50:23 -08:00
Martin Vigo
b46095f3d6 Remove custom method checking file exists 2016-01-07 22:21:10 -08:00
Martin Vigo
e7701b6d5f Fix incoherent method to always return a list 2016-01-07 22:17:04 -08:00
Jonathan Harms
5266860cec Squashed more commits back into 1 2016-01-07 17:53:49 -06:00
wchen-r7
6a2b4c2530 Fix #6445, Unexpected HttpServer terminations
Fix #6445

Problem:
When an HttpServer instance is trying to register a resource that
is already taken, it causes all HttpServers to terminate, which
is not a desired behavior.

Root Cause:
It appears the Msf::Exploit::Remote::TcpServer#stop_service method
is causing the problem. When the service is being detected as an
HttpServer, the #stop method used actually causes all servers to
stop, not just for a specific one. This stopping route was
introduced in 04772c8946, when Juan
noticed that the java_rmi_server exploit could not be run again
after the first time.

Solution:
Special case the stopping routine on the module's level, and not
universal.
2016-01-07 16:55:41 -06:00
Spencer McIntyre
24290dc169 Address x86/Bmp polyglot encoder feedback 2016-01-07 10:23:32 -05:00
joev
22a0d970da Don't delete the payload after running. 2016-01-07 02:26:01 -06:00
joev
fb99c61089 Remove print_status statement. 2016-01-07 01:17:49 -06:00
joev
210f065427 Add a background option for the echo cmdstager. 2016-01-07 01:16:08 -06:00
Josh
4e99c873c8 Fix issue when target_pid == current_pid 2016-01-06 19:58:07 -06:00
Josh
60c506d7fb Replace error handling methods 2016-01-06 18:53:54 -06:00
Tyler Bennett
c245e64239 added peer to each print statement and rex table 2016-01-06 13:22:30 -05:00
wchen-r7
6e65d1d871
Land #6411, chinese caidao asp/aspx/php backdoor bruteforce 2016-01-06 12:03:17 -06:00
wchen-r7
bdda8650a2 Do not support username, because the backdoor doesn't use one 2016-01-06 02:02:11 -06:00
Spencer McIntyre
cca0ba3efe Add an x86/Bitmap polyglot encoder 2016-01-05 23:17:34 -05:00
Jon Hart
d626d7f0c9
Land #6416, @all3g's rewrite/improvements to redis_server 2016-01-05 19:02:26 -08:00
Jon Hart
90ea88e5ba
Make command used configurable 2016-01-05 16:23:10 -08:00
Jon Hart
3ccdd12ecb
Put peer first in all prints 2016-01-05 16:09:50 -08:00
Jon Hart
1d997234cb
Remove unnecessary degistering of RHOST 2016-01-05 16:08:18 -08:00
g0tmi1k
d7061e8110 OCD fixes 2016-01-05 23:28:56 +00:00
Tyler Bennett
aa2922e6c3 added in verbose mode for ddns and fixed report_email_creds issue 2016-01-05 14:54:48 -05:00
wchen-r7
6cfaf93337
Land #6433, Add D-Link DCS-931L File Upload 2016-01-05 13:16:11 -06:00
wchen-r7
7259d2a65c Use unless instead of if ! 2016-01-05 13:05:01 -06:00
nixawk
8a76bbafff Add peer to vprint_error 2016-01-06 01:51:23 +08:00
Jon Hart
eef154420b This is a scanner, so vprint things that occur frequently 2016-01-05 09:06:36 -08:00
Jon Hart
63324bd77d Rescue correct exceptions 2016-01-05 09:05:32 -08:00
Jon Hart
1b48556456 Use cleaner hash syntax 2016-01-05 09:05:32 -08:00
nixawk
9714923824 ensure disconnect / remove self.class from register_options 2016-01-06 00:54:54 +08:00
William Vu
9f1ceb4b3b
Land #6426, enable_rdp typo fix 2016-01-05 10:17:25 -06:00
William Vu
6cb9ad0d72
Land #6435, unaligned def/end fix 2016-01-05 09:59:25 -06:00
nixawk
c3158497c0 rebuild / add check_setup / send_request 2016-01-05 15:10:26 +08:00
nixawk
cbbbd9a7e7 end is not aligned with def 2016-01-05 14:07:43 +08:00
nixawk
20cd156047 replace auxiliary/scanner/misc/redis_server with auxiliary/scanner/redis/redis_server 2016-01-05 13:14:40 +08:00
Brendan Coles
7907c93047 Add D-Link DCS-931L File Upload module 2016-01-05 04:15:38 +00:00
William Vu
3990c021c2
Land #6318, updates for ssh_identify_pubkeys 2016-01-04 13:27:38 -06:00
William Vu
6f01df3f79 Clean up module 2016-01-04 13:26:03 -06:00
William Vu
58c047200d
Land #6305, creds update for owa_login 2016-01-04 10:52:39 -06:00
Vincent Yiu
30a866a85b Update enable_rdp.rb
Fixed some typos.
2016-01-04 09:52:57 +00:00
joev
00dc6364b5 Add support for native target in addjsif exploit. 2016-01-03 01:07:36 -06:00
joev
0436375c6f Change require to module level. 2016-01-02 23:06:23 -06:00
joev
3a14620dba Update linemax to match max packet size. 2016-01-02 23:00:46 -06:00
joev
d64048cd48 Rename to match gdb_server_exec module. 2016-01-02 22:45:27 -06:00
joev
dcd36b74db Last mile polish and tweaks. 2016-01-02 22:41:38 -06:00
joev
22aae81006 Rename to exec_payload. 2016-01-02 14:13:54 -06:00
joev
6575f4fe4a Use the cmdstager mixin. 2016-01-02 14:09:56 -06:00
joev
a88471dc8d Add ADB client and module for obtaining shell. 2016-01-02 01:13:53 -06:00
nixawk
a6914df3e3 rename LOGIN_URL to TARGETURI 2015-12-31 22:21:34 +08:00
nixawk
370351ca88 chinese caidao asp/aspx/php backdoor bruteforce 2015-12-31 15:17:01 +08:00
Kyle Gray
47f9880690
Land #6395, grammar fixes for recovery_files.rb
Improves grammar and details within the description of /post/windows/gather/forensics/recovery_files.rb
2015-12-28 15:57:41 -06:00
William Vu
cf0e982e83
Land #6386, VNC creds module fix 2015-12-28 02:32:26 -06:00
William Vu
6b9c74eec7 Prefer gsub and nix the return 2015-12-28 02:31:47 -06:00
Josh
0de69a9d40 Add post Windows privilege based migrate 2015-12-27 19:26:21 -06:00
Brendan Coles
47261c27d4 Add EasyCafe Server Remote File Access module 2015-12-27 12:00:50 +00:00
g0tmi1k
9120a6aa76 iis_webdav_upload_asp: Add COPY and a few other tricks 2015-12-26 16:01:46 +00:00
Brent Cook
e23b5c5435
Land #6179, add NTP initial crypto nak spoofing module 2015-12-24 15:46:18 -06:00
Brent Cook
04f755dd51
Land #6367, MS15-134 Microsoft Windows Media Center MCL Information Disclosure 2015-12-24 15:24:42 -06:00
Jon Hart
283cf5b869
Update msftidy to catch more potential URL vs PACKETSTORM warnings
Fix the affected modules
2015-12-24 09:12:24 -08:00
Jon Hart
27a6aa0be1
Fix current msftidy warnings about PACKETSTORM vs URL 2015-12-24 09:05:02 -08:00
Jon Hart
efdb6a8885
Land #6392, @wchen-r7's 'def peer' cleanup, fixing #6362 2015-12-24 08:53:32 -08:00
wchen-r7
e191bf8ac3 Update description, and fix a typo 2015-12-24 10:35:05 -06:00
Jon Hart
f8943f4821
Remove peer; defined in lib/msf/core/post/common.rb 2015-12-24 07:57:16 -08:00
Jon Hart
3535cf3d18
Remove peer; included via HttpClient in lib/msf/core/exploit/mssql_sqli.rb 2015-12-24 07:51:12 -08:00
Jon Hart
0f2f2a3d08
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/mysql.rb 2015-12-24 07:46:55 -08:00
Jon Hart
cb752a4bcf
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/mysql.rb 2015-12-24 07:46:23 -08:00
Jon Hart
c55f61d2d7
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/smtp.rb 2015-12-24 07:44:36 -08:00
karllll
431c6001a8 Fix recovery_files.rb Description grammar errors 2015-12-24 10:10:39 -05:00
Brent Cook
e4f9594646
Land #6331, ensure generic payloads raise correct exceptions on failure 2015-12-23 15:43:12 -06:00
Brent Cook
7444f24721 update whitespace / syntax for java_calendar_deserialize 2015-12-23 15:42:27 -06:00
Jon Hart
e3eafff7c9
Land #6237, @jww519's aux module for Android CVE-2012-6301 2015-12-23 13:27:09 -08:00
Brent Cook
6eda702b25
Land #6292, add reverse_tcp command shell for Z/OS (MVS) 2015-12-23 14:11:37 -06:00
wchen-r7
cea3bc27b9 Fix #6362, avoid overriding def peer repeatedly
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
Brent Cook
493700be3a remove duplicate key warning from Ruby 2.2.x
This gets rid of the warning:

modules/exploits/multi/http/uptime_file_upload_2.rb:283: warning: duplicated key at line 284 ignored: "newuser"
2015-12-23 10:39:35 -06:00
Christian Mehlmauer
424e7b6bfe
Land #6384, more joomla rce references 2015-12-22 22:54:58 +01:00
JT
18398afb56 Update joomla_http_header_rce.rb 2015-12-23 05:48:26 +08:00
JT
cc40c61848 Update joomla_http_header_rce.rb 2015-12-23 05:38:57 +08:00
wchen-r7
21b628aa02
Land #6387, update exploits/multi/http/joomla_http_header_rce
Use the new Joomla mixin
2015-12-22 15:01:55 -06:00
wchen-r7
9063ee44f4
Land #6381, Fix post/multi/manage/shell_to_meterprete uname 2015-12-22 14:44:28 -06:00
Christian Mehlmauer
f6eaff5d96
use the new and shiny joomla mixin 2015-12-22 21:36:42 +01:00
Christian Mehlmauer
57b850c7af
Land #6373, joomla mixin 2015-12-22 21:10:46 +01:00
g0tmi1k
2f71730484 Gather VNC null byte fix + formatting 2015-12-22 17:30:37 +00:00
JT
314e902098 Add original exploit discoverer and exploit-db ref
Adding Gary @ Sec-1 ltd for the original exploit and two exploit-db references. Marc-Alexandre Montpas modified Gary's exploit that uses "User-Agent" header. Marc-Alexandre Montpas used "X-FORWARDED-FOR" header to avoid default logged to access.log
2015-12-22 22:44:59 +08:00
Rory McNamara
45b9230efb Redirect python stderr to stdout, darwin python platform 2015-12-22 11:32:31 +00:00
Tim
be9197fc97 quick fix for issues #6359 2015-12-22 03:26:31 +00:00
Tim
f9d74143c3 fix typo 2015-12-22 03:25:34 +00:00
Louis Sato
3034cd22df
Land #6372, fix psexec nil bug + missing return 2015-12-21 10:59:10 -06:00
William Vu
f129c0363e Fix broken logic
Forgot to set retval when I removed the ensure.
2015-12-21 10:52:03 -06:00
Stuart Morgan
e8c8c54cb0 Use a regex with a negative lookbehind to cope with CNs that contain commas 2015-12-21 11:44:37 +00:00
Stuart Morgan
b0fca769d7 capitalisation 2015-12-21 10:39:30 +00:00
Stuart Morgan
9493b333df rubocop 2015-12-20 21:22:03 +00:00
Stuart Morgan
c394caad27 actually made the securitygroups only option do something 2015-12-20 21:19:24 +00:00
Stuart Morgan
07caaf352b made comment match purpose 2015-12-20 21:18:21 +00:00
Stuart Morgan
c0a93433af msftidy 2015-12-20 21:16:42 +00:00
Stuart Morgan
89728fd8fe Working version 2015-12-20 21:16:17 +00:00
Stuart Morgan
ae09549057 New module, strating with managedby_groups 2015-12-20 20:17:06 +00:00
Martin Vigo
2ddac42be7 Perform Rubocop cleanup 2015-12-19 23:33:32 -08:00
Martin Vigo
2fc940cc3e Decrypt Chrome and Opera cookies and msdftify code 2015-12-19 22:19:20 -08:00
Martin Vigo
ab630166bb Decrypt Chrome and Opera cookies and msdftify code 2015-12-19 21:40:30 -08:00
wchen-r7
08bddab568 File name should be the same as the datastore option 2015-12-18 21:22:55 -06:00
wchen-r7
7d8ecf2341 Add Joomla mixin 2015-12-18 21:14:04 -06:00
Louis Sato
726578b189
Land #6370, add joomla reference 2015-12-18 17:05:07 -06:00
Louis Sato
56636f3337
Land #6368, remove uptime_file_upload.rb 2015-12-18 17:02:04 -06:00
William Vu
afe4861195 Fix nil bug and missing return 2015-12-18 15:54:51 -06:00
William Vu
ef90ffa7b5
Fix #6356, requote NTDS.DIT path 2015-12-18 15:41:48 -06:00
William Vu
6afcc13774 Requote file path 2015-12-18 15:41:38 -06:00
William Vu
309deb52f5
Land #6356, NTDS.DIT location finder 2015-12-18 15:33:00 -06:00
William Vu
06a2bb53bd Clean up module 2015-12-18 15:29:15 -06:00
Christian Mehlmauer
fb6ede80c9
add joomla reference 2015-12-18 18:27:48 +01:00
wchen-r7
485196af4e Remove modules/exploits/multi/http/uptime_file_upload.rb
Please use exploit/multi/http/uptime_file_upload_1 for exploiting
post2file.php on an older version of uptime.

If you are exploiting uptime that is patched against
exploit/multi/http/uptime_file_upload_1, then you may want to try
exploit/multi/http/uptime_file_upload_2.
2015-12-17 23:01:57 -06:00
wchen-r7
5f5b3ec6a1 Add MS15-134 Microsoft Windows Media Center MCL Information Disclosure
CVE-2015-6127
2015-12-17 22:41:58 -06:00
Martin Vigo
ccb13a2ca6 Add full IE support and bug fixes 2015-12-17 20:29:50 -08:00
Jon Hart
a8bb750db7
Address style/usability concerns in Android CVE-2012-6301 module 2015-12-17 13:45:32 -08:00
Brent Cook
0c0219d7b7
Land #6357, cleanup redis rdbcompression options 2015-12-17 10:45:11 -06:00
Jon Hart
f3ac8a2cc0
Land #6360, @pyllyukko's reference cleanup for ipmi_dumphashes 2015-12-16 22:03:40 -08:00
wchen-r7
06f1949e2c
Land #6355, Joomla HTTP Header Unauthenticated Remote Code Execution
CVE-2015-8562
2015-12-16 17:55:51 -06:00
Christian Mehlmauer
8c43ecbfaf
add random terminator and clarify target 2015-12-17 00:08:52 +01:00
Gregory Mikeska
2106a47441
Merge branch 'pr/6357' into upstream-master 2015-12-16 16:02:48 -06:00
Christian Mehlmauer
08d0ffd709
implement @wvu-r7 's feedback 2015-12-16 22:44:01 +01:00
Christian Mehlmauer
76438dfb2f
implement @wchen-r7 's suggestions 2015-12-16 20:31:43 +01:00
Jon Hart
865e2a7c18
Only test/reset rdbcompression if told to and redis is configured that way 2015-12-16 11:20:13 -08:00
Jon Hart
f616ee14a8
Dont abort if compression can't be disabled 2015-12-16 11:11:00 -08:00
Jon Hart
12764660b2
Remove compression bits from description; remove unnecessary module options; require DISABLE_RDBCOMPRESSION 2015-12-16 11:07:27 -08:00
Christian Mehlmauer
b43d580276
try to detect joomla version 2015-12-16 16:16:59 +01:00
Christian Mehlmauer
30f90f35e9
also check for debian version number 2015-12-16 15:19:33 +01:00
Christian Mehlmauer
67eba0d708
update description 2015-12-16 14:46:00 +01:00
Christian Mehlmauer
fa3fb1affc
better ubuntu version check 2015-12-16 14:18:44 +01:00
Christian Mehlmauer
60181feb51
more ubuntu checks 2015-12-16 14:02:26 +01:00
Christian Mehlmauer
934c6282a5
check for nil 2015-12-16 13:52:06 +01:00
Christian Mehlmauer
2661cc5899
check ubuntu specific version 2015-12-16 13:49:07 +01:00
Christian Mehlmauer
675dff3b6f
use Gem::Version for version compare 2015-12-16 13:04:15 +01:00
pyllyukko
d110c6cc73
Added few references to ipmi_dumphashes 2015-12-16 13:36:37 +02:00
Christian Mehlmauer
01b943ec93
fix check method 2015-12-16 07:26:25 +01:00
Christian Mehlmauer
595645bcd7
update description 2015-12-16 07:03:01 +01:00
Christian Mehlmauer
d80a7e662f
some formatting 2015-12-16 06:57:06 +01:00
Christian Mehlmauer
c2795d58cb
use target_uri.path 2015-12-16 06:55:23 +01:00
Christian Mehlmauer
2e54cd2ca7
update description 2015-12-16 06:42:41 +01:00
nixawk
342ce05ff7 add a DISABLE_RDBCOMPRESSION option for redis file_upload 2015-12-16 04:28:52 +00:00
Christian Mehlmauer
d4ade7a1fd
update check method 2015-12-16 00:18:39 +01:00
Stuart Morgan
2c29298485 undoing this, put in a separate module 2015-12-15 23:16:21 +00:00
Stuart Morgan
5dd8cb7648 proper type conversions 2015-12-15 23:13:02 +00:00
Stuart Morgan
fef9a84548 rubocop 2015-12-15 23:12:14 +00:00
Stuart Morgan
a2b30ff16e msftidy 2015-12-15 23:11:40 +00:00
Stuart Morgan
281966023c Final version 2015-12-15 23:10:06 +00:00
Stuart Morgan
7fa453b7ff Added module 2015-12-15 22:31:00 +00:00
Tyler Bennett
5bb8dbcafc added peer to users table 2015-12-15 16:45:45 -05:00
Stuart Morgan
059de62400 Editing an existing module rather than adding a new one 2015-12-15 21:36:39 +00:00
Tyler Bennett
797bd9e04d added peer to each table and added each users groups to the users table 2015-12-15 16:31:25 -05:00
Stuart Morgan
4a66b487de Based on putty enum module 2015-12-15 21:28:13 +00:00
Christian Mehlmauer
c603430228
fix version check 2015-12-15 18:26:21 +01:00
wchen-r7
b9b280954b Add a check for joomla 2015-12-15 11:03:36 -06:00
Christian Mehlmauer
e4309790f5
renamed module because X-FORWARDED-FOR header is also working 2015-12-15 17:37:45 +01:00
Christian Mehlmauer
84d5067abe
add joomla RCE module 2015-12-15 17:20:49 +01:00
wchen-r7
ab3fe64b6e Add method peer for jenkins_java_deserialize.rb 2015-12-15 01:18:27 -06:00
Jon Hart
b78f7b4d55
Land #6319, @all3g's module for abusing redis to achieve file uploads 2015-12-14 18:00:44 -08:00
Tyler Bennett
bda6c940cf fixed issues with printing of tables and cleaned up output a bit removed unecessary prints 2015-12-14 16:23:18 -05:00
Jon Hart
e448bc3e27
If saving fails, print_error and mention permissions 2015-12-14 10:47:05 -08:00
Jon Hart
19acd366d6 Rename redis file upload module; remove the 'auth' part 2015-12-14 10:40:28 -08:00
Tod Beardsley
30c805d9c7
Land #6344, R7-2015-22 / CVE-2015-8249 2015-12-14 12:30:51 -06:00
Tod Beardsley
b25aae3602
Add refs to module
See rapid7#6344.
2015-12-14 12:05:46 -06:00
Brent Cook
c00f05faba
Land #6346, jenkins_java_deserialize check reliability fixes 2015-12-14 11:44:33 -06:00
William Vu
b085989923
Land #6266, rsync creds scraper 2015-12-14 11:37:30 -06:00
wchen-r7
bd8aea2618 Fix check for jenkins_java_deserialize.rb
This fixes the following:

* nil return value checks
* handle missing X-Jenkins-CLI-Port scenario more properly
* proper HTTP path normalization
2015-12-14 11:25:59 -06:00
wchen-r7
5ffc80dc20 Add ManageEngine ConnectionId Arbitrary File Upload Vulnerability 2015-12-14 10:51:59 -06:00
Spencer McIntyre
4e492a1b0c
Add an additional grammar change to the listener option 2015-12-13 12:04:20 -05:00
radekk
90a523fb0a Typos inside parameters description. 2015-12-12 22:48:20 +01:00
Vex Woo
dee23e4bda Merge pull request #3 from jhart-r7/pr/fixup-6319
Cleanup redis unauth_file_upload, move redis stuff to mixin
2015-12-12 03:32:05 +00:00
dmohanty-r7
eb4611642d Add Jenkins CLI Java serialization exploit module
CVE-2015-8103
2015-12-11 14:57:10 -06:00
Jon Hart
9ef46140c0
Improve output when success 2015-12-11 10:10:44 -08:00
Jon Hart
32a64c3d8e
Make auth easier, work automatically and on older redis versions
Also, improve check
2015-12-11 10:04:47 -08:00
Jon Hart
ac47c87af4
Move Password option to redis mixin 2015-12-11 08:53:11 -08:00
Jon Hart
38d0b0a0f2
Wire in @all3g's redis auth code 2015-12-11 08:42:59 -08:00
Tyler Bennett
c000e590d4 verified table values are correctly typed as Strs, but it still fails to print the tables 2015-12-10 15:51:59 -05:00
Jon Hart
555e52e416
Document the redis upload process more 2015-12-10 09:35:46 -08:00
Jon Hart
48a27170c2
Document process better, delete correct key 2015-12-10 09:13:13 -08:00
Jon Hart
d2f54af23f
Reset the dir and dbfilename back to their original settings 2015-12-10 08:56:24 -08:00
Jon Hart
21ab4e96e5
First pass at redis mixin 2015-12-10 08:29:59 -08:00
karllll
a5c6e260f2 Update hp_vsa_login_bof.rb
Updated reference URL to latest location
2015-12-10 10:56:39 -05:00
William Vu
563be5c207
Land #6322, another Perl IRC bot exploit 2015-12-10 09:43:07 -06:00
William Vu
a945350821
Land #6307, Perl IRC bot exploit 2015-12-10 09:42:35 -06:00
nixawk
0d8fc78257 make code more clear 2015-12-10 15:13:50 +00:00
nixawk
42013c18ba add a password option - AUTH_KEY 2015-12-10 08:24:47 +00:00
nixawk
28bc5b4d4f move it from exploit to auxiliary 2015-12-10 08:23:38 +00:00
Jon Hart
4cc7853ad8
Don't run_host unless check returns vulnerable; report_service 2015-12-09 18:33:40 -08:00
Jon Hart
624e5aeffa
First pass at converting redis module to aux; style cleanup 2015-12-09 17:59:48 -08:00
Tyler Bennett
c2ef7be217 cleaned up regex isseus and added the appropriate rex tables. Having issues with printing them due to type errors, but Im working on it 2015-12-09 17:49:38 -05:00
wchen-r7
11c1eb6c78 Raise Msf::NoCompatiblePayloadError if generate_payload_exe fails
Most exploits don't check nil for generate_payload_exe, they just
assume they will always have a payload. If the method returns nil,
it ends up making debugging more difficult. Instead of checking nil
one by one, we just raise.
2015-12-08 21:13:23 -06:00
Jon Hart
39da306b1d
Land #6057, @danilbaz's module for dumping Bitlocker master key (FVEK) 2015-12-08 18:16:39 -08:00
Tyler Bennett
e574c844de added rex table for channels func, has an issues with TypeError no implicit conversion of String into Integer upon building the table 2015-12-08 18:19:30 -05:00
Tyler Bennett
48cd350711 updated authors list with contributors 2015-12-08 16:29:00 -05:00
Tyler Bennett
92d56cd050 cleaned up uncessary Rex Tables working on the rest of them for users, groups and channels 2015-12-08 16:24:47 -05:00
wchen-r7
080ec26afb
Land #4489, Update SMB admin modules to use Scanner & fixes 2015-12-08 14:49:26 -06:00
Jon Hart
ed8076f361
Merge branch 'master' into pr/6197 2015-12-08 12:08:15 -08:00
Jon Hart
2177b979fd
Update SessionTypes command to describe why shell is not listed 2015-12-08 12:06:47 -08:00
Jon Hart
3890961155
Correct SEP client exclusion enumeration 2015-12-08 10:16:25 -08:00
wchen-r7
7378e7b128 Do elog() when print_error() 2015-12-08 11:06:59 -06:00
BAZIN-HSC
be5f648969 manage-bde.exe path test if in System32 or sysnative 2015-12-08 16:14:13 +01:00
wchen-r7
53acfd7ce3
Land #6303, Add phpFileManager 0.9.8 Remote Code Execution 2015-12-07 21:13:48 -06:00
wchen-r7
ea3c7cb35b Minor edits 2015-12-07 21:13:14 -06:00
Tyler Bennett
75e31c252e added rex table for nas settings, still working on users and hashes rex table 2015-12-07 14:48:28 -05:00