1
mirror of https://github.com/rapid7/metasploit-framework synced 2024-10-29 18:07:27 +01:00
Commit Graph

19697 Commits

Author SHA1 Message Date
David Maloney
9716b97e1c
split up the migration efforts
move admin and suer migrations into
seperate methods for enhanced readability
and maintainability
2016-01-08 14:26:39 -06:00
David Maloney
ad50f9a047
move default targets to constants
cleanup the way the target lists get populated
to use constants and be a little cleaner and dryer
2016-01-08 14:03:30 -06:00
Martin Vigo
8c6bdd532b Use ? for SQL queries 2016-01-07 22:50:23 -08:00
Martin Vigo
b46095f3d6 Remove custom method checking file exists 2016-01-07 22:21:10 -08:00
Martin Vigo
e7701b6d5f Fix incoherent method to always return a list 2016-01-07 22:17:04 -08:00
Jonathan Harms
5266860cec Squashed more commits back into 1 2016-01-07 17:53:49 -06:00
wchen-r7
6a2b4c2530 Fix #6445, Unexpected HttpServer terminations
Fix #6445

Problem:
When an HttpServer instance is trying to register a resource that
is already taken, it causes all HttpServers to terminate, which
is not a desired behavior.

Root Cause:
It appears the Msf::Exploit::Remote::TcpServer#stop_service method
is causing the problem. When the service is being detected as an
HttpServer, the #stop method used actually causes all servers to
stop, not just for a specific one. This stopping route was
introduced in 04772c8946, when Juan
noticed that the java_rmi_server exploit could not be run again
after the first time.

Solution:
Special case the stopping routine on the module's level, and not
universal.
2016-01-07 16:55:41 -06:00
Spencer McIntyre
24290dc169 Address x86/Bmp polyglot encoder feedback 2016-01-07 10:23:32 -05:00
joev
22a0d970da Don't delete the payload after running. 2016-01-07 02:26:01 -06:00
joev
fb99c61089 Remove print_status statement. 2016-01-07 01:17:49 -06:00
joev
210f065427 Add a background option for the echo cmdstager. 2016-01-07 01:16:08 -06:00
Josh
4e99c873c8 Fix issue when target_pid == current_pid 2016-01-06 19:58:07 -06:00
Josh
60c506d7fb Replace error handling methods 2016-01-06 18:53:54 -06:00
Tyler Bennett
c245e64239 added peer to each print statement and rex table 2016-01-06 13:22:30 -05:00
wchen-r7
6e65d1d871
Land #6411, chinese caidao asp/aspx/php backdoor bruteforce 2016-01-06 12:03:17 -06:00
wchen-r7
bdda8650a2 Do not support username, because the backdoor doesn't use one 2016-01-06 02:02:11 -06:00
Spencer McIntyre
cca0ba3efe Add an x86/Bitmap polyglot encoder 2016-01-05 23:17:34 -05:00
Jon Hart
d626d7f0c9
Land #6416, @all3g's rewrite/improvements to redis_server 2016-01-05 19:02:26 -08:00
Jon Hart
90ea88e5ba
Make command used configurable 2016-01-05 16:23:10 -08:00
Jon Hart
3ccdd12ecb
Put peer first in all prints 2016-01-05 16:09:50 -08:00
Jon Hart
1d997234cb
Remove unnecessary degistering of RHOST 2016-01-05 16:08:18 -08:00
g0tmi1k
d7061e8110 OCD fixes 2016-01-05 23:28:56 +00:00
Tyler Bennett
aa2922e6c3 added in verbose mode for ddns and fixed report_email_creds issue 2016-01-05 14:54:48 -05:00
wchen-r7
6cfaf93337
Land #6433, Add D-Link DCS-931L File Upload 2016-01-05 13:16:11 -06:00
wchen-r7
7259d2a65c Use unless instead of if ! 2016-01-05 13:05:01 -06:00
nixawk
8a76bbafff Add peer to vprint_error 2016-01-06 01:51:23 +08:00
Jon Hart
eef154420b This is a scanner, so vprint things that occur frequently 2016-01-05 09:06:36 -08:00
Jon Hart
63324bd77d Rescue correct exceptions 2016-01-05 09:05:32 -08:00
Jon Hart
1b48556456 Use cleaner hash syntax 2016-01-05 09:05:32 -08:00
nixawk
9714923824 ensure disconnect / remove self.class from register_options 2016-01-06 00:54:54 +08:00
William Vu
9f1ceb4b3b
Land #6426, enable_rdp typo fix 2016-01-05 10:17:25 -06:00
William Vu
6cb9ad0d72
Land #6435, unaligned def/end fix 2016-01-05 09:59:25 -06:00
nixawk
c3158497c0 rebuild / add check_setup / send_request 2016-01-05 15:10:26 +08:00
nixawk
cbbbd9a7e7 end is not aligned with def 2016-01-05 14:07:43 +08:00
nixawk
20cd156047 replace auxiliary/scanner/misc/redis_server with auxiliary/scanner/redis/redis_server 2016-01-05 13:14:40 +08:00
Brendan Coles
7907c93047 Add D-Link DCS-931L File Upload module 2016-01-05 04:15:38 +00:00
William Vu
3990c021c2
Land #6318, updates for ssh_identify_pubkeys 2016-01-04 13:27:38 -06:00
William Vu
6f01df3f79 Clean up module 2016-01-04 13:26:03 -06:00
William Vu
58c047200d
Land #6305, creds update for owa_login 2016-01-04 10:52:39 -06:00
Vincent Yiu
30a866a85b Update enable_rdp.rb
Fixed some typos.
2016-01-04 09:52:57 +00:00
joev
00dc6364b5 Add support for native target in addjsif exploit. 2016-01-03 01:07:36 -06:00
joev
0436375c6f Change require to module level. 2016-01-02 23:06:23 -06:00
joev
3a14620dba Update linemax to match max packet size. 2016-01-02 23:00:46 -06:00
joev
d64048cd48 Rename to match gdb_server_exec module. 2016-01-02 22:45:27 -06:00
joev
dcd36b74db Last mile polish and tweaks. 2016-01-02 22:41:38 -06:00
joev
22aae81006 Rename to exec_payload. 2016-01-02 14:13:54 -06:00
joev
6575f4fe4a Use the cmdstager mixin. 2016-01-02 14:09:56 -06:00
joev
a88471dc8d Add ADB client and module for obtaining shell. 2016-01-02 01:13:53 -06:00
nixawk
a6914df3e3 rename LOGIN_URL to TARGETURI 2015-12-31 22:21:34 +08:00
nixawk
370351ca88 chinese caidao asp/aspx/php backdoor bruteforce 2015-12-31 15:17:01 +08:00
Kyle Gray
47f9880690
Land #6395, grammar fixes for recovery_files.rb
Improves grammar and details within the description of /post/windows/gather/forensics/recovery_files.rb
2015-12-28 15:57:41 -06:00
William Vu
cf0e982e83
Land #6386, VNC creds module fix 2015-12-28 02:32:26 -06:00
William Vu
6b9c74eec7 Prefer gsub and nix the return 2015-12-28 02:31:47 -06:00
Josh
0de69a9d40 Add post Windows privilege based migrate 2015-12-27 19:26:21 -06:00
Brendan Coles
47261c27d4 Add EasyCafe Server Remote File Access module 2015-12-27 12:00:50 +00:00
g0tmi1k
9120a6aa76 iis_webdav_upload_asp: Add COPY and a few other tricks 2015-12-26 16:01:46 +00:00
Brent Cook
e23b5c5435
Land #6179, add NTP initial crypto nak spoofing module 2015-12-24 15:46:18 -06:00
Brent Cook
04f755dd51
Land #6367, MS15-134 Microsoft Windows Media Center MCL Information Disclosure 2015-12-24 15:24:42 -06:00
Jon Hart
283cf5b869
Update msftidy to catch more potential URL vs PACKETSTORM warnings
Fix the affected modules
2015-12-24 09:12:24 -08:00
Jon Hart
27a6aa0be1
Fix current msftidy warnings about PACKETSTORM vs URL 2015-12-24 09:05:02 -08:00
Jon Hart
efdb6a8885
Land #6392, @wchen-r7's 'def peer' cleanup, fixing #6362 2015-12-24 08:53:32 -08:00
wchen-r7
e191bf8ac3 Update description, and fix a typo 2015-12-24 10:35:05 -06:00
Jon Hart
f8943f4821
Remove peer; defined in lib/msf/core/post/common.rb 2015-12-24 07:57:16 -08:00
Jon Hart
3535cf3d18
Remove peer; included via HttpClient in lib/msf/core/exploit/mssql_sqli.rb 2015-12-24 07:51:12 -08:00
Jon Hart
0f2f2a3d08
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/mysql.rb 2015-12-24 07:46:55 -08:00
Jon Hart
cb752a4bcf
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/mysql.rb 2015-12-24 07:46:23 -08:00
Jon Hart
c55f61d2d7
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/smtp.rb 2015-12-24 07:44:36 -08:00
karllll
431c6001a8 Fix recovery_files.rb Description grammar errors 2015-12-24 10:10:39 -05:00
Brent Cook
e4f9594646
Land #6331, ensure generic payloads raise correct exceptions on failure 2015-12-23 15:43:12 -06:00
Brent Cook
7444f24721 update whitespace / syntax for java_calendar_deserialize 2015-12-23 15:42:27 -06:00
Jon Hart
e3eafff7c9
Land #6237, @jww519's aux module for Android CVE-2012-6301 2015-12-23 13:27:09 -08:00
Brent Cook
6eda702b25
Land #6292, add reverse_tcp command shell for Z/OS (MVS) 2015-12-23 14:11:37 -06:00
wchen-r7
cea3bc27b9 Fix #6362, avoid overriding def peer repeatedly
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
Brent Cook
493700be3a remove duplicate key warning from Ruby 2.2.x
This gets rid of the warning:

modules/exploits/multi/http/uptime_file_upload_2.rb:283: warning: duplicated key at line 284 ignored: "newuser"
2015-12-23 10:39:35 -06:00
Christian Mehlmauer
424e7b6bfe
Land #6384, more joomla rce references 2015-12-22 22:54:58 +01:00
JT
18398afb56 Update joomla_http_header_rce.rb 2015-12-23 05:48:26 +08:00
JT
cc40c61848 Update joomla_http_header_rce.rb 2015-12-23 05:38:57 +08:00
wchen-r7
21b628aa02
Land #6387, update exploits/multi/http/joomla_http_header_rce
Use the new Joomla mixin
2015-12-22 15:01:55 -06:00
wchen-r7
9063ee44f4
Land #6381, Fix post/multi/manage/shell_to_meterprete uname 2015-12-22 14:44:28 -06:00
Christian Mehlmauer
f6eaff5d96
use the new and shiny joomla mixin 2015-12-22 21:36:42 +01:00
Christian Mehlmauer
57b850c7af
Land #6373, joomla mixin 2015-12-22 21:10:46 +01:00
g0tmi1k
2f71730484 Gather VNC null byte fix + formatting 2015-12-22 17:30:37 +00:00
JT
314e902098 Add original exploit discoverer and exploit-db ref
Adding Gary @ Sec-1 ltd for the original exploit and two exploit-db references. Marc-Alexandre Montpas modified Gary's exploit that uses "User-Agent" header. Marc-Alexandre Montpas used "X-FORWARDED-FOR" header to avoid default logged to access.log
2015-12-22 22:44:59 +08:00
Rory McNamara
45b9230efb Redirect python stderr to stdout, darwin python platform 2015-12-22 11:32:31 +00:00
Tim
be9197fc97 quick fix for issues #6359 2015-12-22 03:26:31 +00:00
Tim
f9d74143c3 fix typo 2015-12-22 03:25:34 +00:00
Louis Sato
3034cd22df
Land #6372, fix psexec nil bug + missing return 2015-12-21 10:59:10 -06:00
William Vu
f129c0363e Fix broken logic
Forgot to set retval when I removed the ensure.
2015-12-21 10:52:03 -06:00
Stuart Morgan
e8c8c54cb0 Use a regex with a negative lookbehind to cope with CNs that contain commas 2015-12-21 11:44:37 +00:00
Stuart Morgan
b0fca769d7 capitalisation 2015-12-21 10:39:30 +00:00
Stuart Morgan
9493b333df rubocop 2015-12-20 21:22:03 +00:00
Stuart Morgan
c394caad27 actually made the securitygroups only option do something 2015-12-20 21:19:24 +00:00
Stuart Morgan
07caaf352b made comment match purpose 2015-12-20 21:18:21 +00:00
Stuart Morgan
c0a93433af msftidy 2015-12-20 21:16:42 +00:00
Stuart Morgan
89728fd8fe Working version 2015-12-20 21:16:17 +00:00
Stuart Morgan
ae09549057 New module, strating with managedby_groups 2015-12-20 20:17:06 +00:00
Martin Vigo
2ddac42be7 Perform Rubocop cleanup 2015-12-19 23:33:32 -08:00
Martin Vigo
2fc940cc3e Decrypt Chrome and Opera cookies and msdftify code 2015-12-19 22:19:20 -08:00
Martin Vigo
ab630166bb Decrypt Chrome and Opera cookies and msdftify code 2015-12-19 21:40:30 -08:00
wchen-r7
08bddab568 File name should be the same as the datastore option 2015-12-18 21:22:55 -06:00
wchen-r7
7d8ecf2341 Add Joomla mixin 2015-12-18 21:14:04 -06:00
Louis Sato
726578b189
Land #6370, add joomla reference 2015-12-18 17:05:07 -06:00
Louis Sato
56636f3337
Land #6368, remove uptime_file_upload.rb 2015-12-18 17:02:04 -06:00
William Vu
afe4861195 Fix nil bug and missing return 2015-12-18 15:54:51 -06:00
William Vu
ef90ffa7b5
Fix #6356, requote NTDS.DIT path 2015-12-18 15:41:48 -06:00
William Vu
6afcc13774 Requote file path 2015-12-18 15:41:38 -06:00
William Vu
309deb52f5
Land #6356, NTDS.DIT location finder 2015-12-18 15:33:00 -06:00
William Vu
06a2bb53bd Clean up module 2015-12-18 15:29:15 -06:00
Christian Mehlmauer
fb6ede80c9
add joomla reference 2015-12-18 18:27:48 +01:00
wchen-r7
485196af4e Remove modules/exploits/multi/http/uptime_file_upload.rb
Please use exploit/multi/http/uptime_file_upload_1 for exploiting
post2file.php on an older version of uptime.

If you are exploiting uptime that is patched against
exploit/multi/http/uptime_file_upload_1, then you may want to try
exploit/multi/http/uptime_file_upload_2.
2015-12-17 23:01:57 -06:00
wchen-r7
5f5b3ec6a1 Add MS15-134 Microsoft Windows Media Center MCL Information Disclosure
CVE-2015-6127
2015-12-17 22:41:58 -06:00
Martin Vigo
ccb13a2ca6 Add full IE support and bug fixes 2015-12-17 20:29:50 -08:00
Jon Hart
a8bb750db7
Address style/usability concerns in Android CVE-2012-6301 module 2015-12-17 13:45:32 -08:00
Brent Cook
0c0219d7b7
Land #6357, cleanup redis rdbcompression options 2015-12-17 10:45:11 -06:00
Jon Hart
f3ac8a2cc0
Land #6360, @pyllyukko's reference cleanup for ipmi_dumphashes 2015-12-16 22:03:40 -08:00
wchen-r7
06f1949e2c
Land #6355, Joomla HTTP Header Unauthenticated Remote Code Execution
CVE-2015-8562
2015-12-16 17:55:51 -06:00
Christian Mehlmauer
8c43ecbfaf
add random terminator and clarify target 2015-12-17 00:08:52 +01:00
Gregory Mikeska
2106a47441
Merge branch 'pr/6357' into upstream-master 2015-12-16 16:02:48 -06:00
Christian Mehlmauer
08d0ffd709
implement @wvu-r7 's feedback 2015-12-16 22:44:01 +01:00
Christian Mehlmauer
76438dfb2f
implement @wchen-r7 's suggestions 2015-12-16 20:31:43 +01:00
Jon Hart
865e2a7c18
Only test/reset rdbcompression if told to and redis is configured that way 2015-12-16 11:20:13 -08:00
Jon Hart
f616ee14a8
Dont abort if compression can't be disabled 2015-12-16 11:11:00 -08:00
Jon Hart
12764660b2
Remove compression bits from description; remove unnecessary module options; require DISABLE_RDBCOMPRESSION 2015-12-16 11:07:27 -08:00
Christian Mehlmauer
b43d580276
try to detect joomla version 2015-12-16 16:16:59 +01:00
Christian Mehlmauer
30f90f35e9
also check for debian version number 2015-12-16 15:19:33 +01:00
Christian Mehlmauer
67eba0d708
update description 2015-12-16 14:46:00 +01:00
Christian Mehlmauer
fa3fb1affc
better ubuntu version check 2015-12-16 14:18:44 +01:00
Christian Mehlmauer
60181feb51
more ubuntu checks 2015-12-16 14:02:26 +01:00
Christian Mehlmauer
934c6282a5
check for nil 2015-12-16 13:52:06 +01:00
Christian Mehlmauer
2661cc5899
check ubuntu specific version 2015-12-16 13:49:07 +01:00
Christian Mehlmauer
675dff3b6f
use Gem::Version for version compare 2015-12-16 13:04:15 +01:00
pyllyukko
d110c6cc73
Added few references to ipmi_dumphashes 2015-12-16 13:36:37 +02:00
Christian Mehlmauer
01b943ec93
fix check method 2015-12-16 07:26:25 +01:00
Christian Mehlmauer
595645bcd7
update description 2015-12-16 07:03:01 +01:00
Christian Mehlmauer
d80a7e662f
some formatting 2015-12-16 06:57:06 +01:00
Christian Mehlmauer
c2795d58cb
use target_uri.path 2015-12-16 06:55:23 +01:00
Christian Mehlmauer
2e54cd2ca7
update description 2015-12-16 06:42:41 +01:00
nixawk
342ce05ff7 add a DISABLE_RDBCOMPRESSION option for redis file_upload 2015-12-16 04:28:52 +00:00
Christian Mehlmauer
d4ade7a1fd
update check method 2015-12-16 00:18:39 +01:00
Stuart Morgan
2c29298485 undoing this, put in a separate module 2015-12-15 23:16:21 +00:00
Stuart Morgan
5dd8cb7648 proper type conversions 2015-12-15 23:13:02 +00:00
Stuart Morgan
fef9a84548 rubocop 2015-12-15 23:12:14 +00:00
Stuart Morgan
a2b30ff16e msftidy 2015-12-15 23:11:40 +00:00
Stuart Morgan
281966023c Final version 2015-12-15 23:10:06 +00:00
Stuart Morgan
7fa453b7ff Added module 2015-12-15 22:31:00 +00:00
Tyler Bennett
5bb8dbcafc added peer to users table 2015-12-15 16:45:45 -05:00
Stuart Morgan
059de62400 Editing an existing module rather than adding a new one 2015-12-15 21:36:39 +00:00
Tyler Bennett
797bd9e04d added peer to each table and added each users groups to the users table 2015-12-15 16:31:25 -05:00
Stuart Morgan
4a66b487de Based on putty enum module 2015-12-15 21:28:13 +00:00
Christian Mehlmauer
c603430228
fix version check 2015-12-15 18:26:21 +01:00
wchen-r7
b9b280954b Add a check for joomla 2015-12-15 11:03:36 -06:00
Christian Mehlmauer
e4309790f5
renamed module because X-FORWARDED-FOR header is also working 2015-12-15 17:37:45 +01:00
Christian Mehlmauer
84d5067abe
add joomla RCE module 2015-12-15 17:20:49 +01:00
wchen-r7
ab3fe64b6e Add method peer for jenkins_java_deserialize.rb 2015-12-15 01:18:27 -06:00
Jon Hart
b78f7b4d55
Land #6319, @all3g's module for abusing redis to achieve file uploads 2015-12-14 18:00:44 -08:00
Tyler Bennett
bda6c940cf fixed issues with printing of tables and cleaned up output a bit removed unecessary prints 2015-12-14 16:23:18 -05:00
Jon Hart
e448bc3e27
If saving fails, print_error and mention permissions 2015-12-14 10:47:05 -08:00
Jon Hart
19acd366d6 Rename redis file upload module; remove the 'auth' part 2015-12-14 10:40:28 -08:00
Tod Beardsley
30c805d9c7
Land #6344, R7-2015-22 / CVE-2015-8249 2015-12-14 12:30:51 -06:00
Tod Beardsley
b25aae3602
Add refs to module
See rapid7#6344.
2015-12-14 12:05:46 -06:00
Brent Cook
c00f05faba
Land #6346, jenkins_java_deserialize check reliability fixes 2015-12-14 11:44:33 -06:00
William Vu
b085989923
Land #6266, rsync creds scraper 2015-12-14 11:37:30 -06:00
wchen-r7
bd8aea2618 Fix check for jenkins_java_deserialize.rb
This fixes the following:

* nil return value checks
* handle missing X-Jenkins-CLI-Port scenario more properly
* proper HTTP path normalization
2015-12-14 11:25:59 -06:00
wchen-r7
5ffc80dc20 Add ManageEngine ConnectionId Arbitrary File Upload Vulnerability 2015-12-14 10:51:59 -06:00
Spencer McIntyre
4e492a1b0c
Add an additional grammar change to the listener option 2015-12-13 12:04:20 -05:00
radekk
90a523fb0a Typos inside parameters description. 2015-12-12 22:48:20 +01:00
Vex Woo
dee23e4bda Merge pull request #3 from jhart-r7/pr/fixup-6319
Cleanup redis unauth_file_upload, move redis stuff to mixin
2015-12-12 03:32:05 +00:00
dmohanty-r7
eb4611642d Add Jenkins CLI Java serialization exploit module
CVE-2015-8103
2015-12-11 14:57:10 -06:00
Jon Hart
9ef46140c0
Improve output when success 2015-12-11 10:10:44 -08:00
Jon Hart
32a64c3d8e
Make auth easier, work automatically and on older redis versions
Also, improve check
2015-12-11 10:04:47 -08:00
Jon Hart
ac47c87af4
Move Password option to redis mixin 2015-12-11 08:53:11 -08:00
Jon Hart
38d0b0a0f2
Wire in @all3g's redis auth code 2015-12-11 08:42:59 -08:00
Tyler Bennett
c000e590d4 verified table values are correctly typed as Strs, but it still fails to print the tables 2015-12-10 15:51:59 -05:00
Jon Hart
555e52e416
Document the redis upload process more 2015-12-10 09:35:46 -08:00
Jon Hart
48a27170c2
Document process better, delete correct key 2015-12-10 09:13:13 -08:00
Jon Hart
d2f54af23f
Reset the dir and dbfilename back to their original settings 2015-12-10 08:56:24 -08:00
Jon Hart
21ab4e96e5
First pass at redis mixin 2015-12-10 08:29:59 -08:00
karllll
a5c6e260f2 Update hp_vsa_login_bof.rb
Updated reference URL to latest location
2015-12-10 10:56:39 -05:00
William Vu
563be5c207
Land #6322, another Perl IRC bot exploit 2015-12-10 09:43:07 -06:00
William Vu
a945350821
Land #6307, Perl IRC bot exploit 2015-12-10 09:42:35 -06:00
nixawk
0d8fc78257 make code more clear 2015-12-10 15:13:50 +00:00
nixawk
42013c18ba add a password option - AUTH_KEY 2015-12-10 08:24:47 +00:00
nixawk
28bc5b4d4f move it from exploit to auxiliary 2015-12-10 08:23:38 +00:00
Jon Hart
4cc7853ad8
Don't run_host unless check returns vulnerable; report_service 2015-12-09 18:33:40 -08:00
Jon Hart
624e5aeffa
First pass at converting redis module to aux; style cleanup 2015-12-09 17:59:48 -08:00
Tyler Bennett
c2ef7be217 cleaned up regex isseus and added the appropriate rex tables. Having issues with printing them due to type errors, but Im working on it 2015-12-09 17:49:38 -05:00
wchen-r7
11c1eb6c78 Raise Msf::NoCompatiblePayloadError if generate_payload_exe fails
Most exploits don't check nil for generate_payload_exe, they just
assume they will always have a payload. If the method returns nil,
it ends up making debugging more difficult. Instead of checking nil
one by one, we just raise.
2015-12-08 21:13:23 -06:00
Jon Hart
39da306b1d
Land #6057, @danilbaz's module for dumping Bitlocker master key (FVEK) 2015-12-08 18:16:39 -08:00
Tyler Bennett
e574c844de added rex table for channels func, has an issues with TypeError no implicit conversion of String into Integer upon building the table 2015-12-08 18:19:30 -05:00
Tyler Bennett
48cd350711 updated authors list with contributors 2015-12-08 16:29:00 -05:00
Tyler Bennett
92d56cd050 cleaned up uncessary Rex Tables working on the rest of them for users, groups and channels 2015-12-08 16:24:47 -05:00
wchen-r7
080ec26afb
Land #4489, Update SMB admin modules to use Scanner & fixes 2015-12-08 14:49:26 -06:00
Jon Hart
ed8076f361
Merge branch 'master' into pr/6197 2015-12-08 12:08:15 -08:00
Jon Hart
2177b979fd
Update SessionTypes command to describe why shell is not listed 2015-12-08 12:06:47 -08:00
Jon Hart
3890961155
Correct SEP client exclusion enumeration 2015-12-08 10:16:25 -08:00
wchen-r7
7378e7b128 Do elog() when print_error() 2015-12-08 11:06:59 -06:00
BAZIN-HSC
be5f648969 manage-bde.exe path test if in System32 or sysnative 2015-12-08 16:14:13 +01:00
wchen-r7
53acfd7ce3
Land #6303, Add phpFileManager 0.9.8 Remote Code Execution 2015-12-07 21:13:48 -06:00
wchen-r7
ea3c7cb35b Minor edits 2015-12-07 21:13:14 -06:00
Tyler Bennett
75e31c252e added rex table for nas settings, still working on users and hashes rex table 2015-12-07 14:48:28 -05:00
William Vu
db788d1b7c
Land #6238, CmdStager BOURNE_{PATH,FILE} options 2015-12-07 12:34:42 -06:00
Tyler Bennett
3d892bd1d6 added rex table for grab_email func instead of printing out values 2015-12-07 10:37:36 -05:00
Tyler Bennett
069a50e1b8 Revert "fixed ddns_creds import issue, by using rhost and commenting why it needs to be used"
Reverting to hopefully force a fix for issue #3968
2015-12-07 09:41:46 -05:00
JT
b36834f4bc Update legend_bot_exec.rb 2015-12-07 10:38:36 +08:00
JT
2244f2aa43 Add Legend Perl IRC Bot Remote Code Execution 2015-12-07 10:30:28 +08:00
JT
26c8fd8faa Update xdh_x_exec.rb 2015-12-07 08:25:19 +08:00
JT
9ee5498090 Update xdh_x_exec.rb
satisfying msftidy's request
2015-12-06 20:21:18 +08:00
JT
10a8e98e41 Update xdh_x_exec.rb 2015-12-06 20:11:49 +08:00
JT
14afbc6800 Update xdh_x_exec.rb
updated description and new author.
2015-12-06 20:10:19 +08:00
nixawk
20f6cbe5ba upload file to redis server (unauthentication) 2015-12-06 06:11:11 +00:00
Stuart Morgan
ca023b6499 Simplified do_report() to comply with msftidy 2015-12-05 23:27:28 +00:00
Stuart Morgan
4f1f755c1d msftidy 2015-12-05 22:49:40 +00:00
Stuart Morgan
4469e9b5ef Finalised module 2015-12-05 22:45:08 +00:00
Stuart Morgan
bd1bf4aa72 Initial test, fixed noteswq 2015-12-05 21:19:34 +00:00
Stuart Morgan
09c58e4097 Massive rework of the storage/notes/reporting 2015-12-05 21:18:29 +00:00
Jon Hart
f6417df9ba
Update enum_av_excluded to work properly under wow64 2015-12-04 17:13:43 -08:00
wchen-r7
66ba204c11
Land #6308, change youtube url 2015-12-04 16:31:00 -06:00
wchen-r7
14b1b3a1f0
Land #6299, Stageless HTTP(S) Python Meterpreter 2015-12-04 16:16:54 -06:00
wchen-r7
644c1347cd Update payload sizes 2015-12-04 16:14:37 -06:00
Jon Hart
ad60a4118e
Put admin and client exclusions in different tables 2015-12-04 13:01:28 -08:00
Jon Hart
c92365090f
Simpler 2015-12-04 12:38:25 -08:00
Jon Hart
e7d2eb6ad9
Wire in support for showing process and file extension exclusions 2015-12-04 12:35:42 -08:00
Tyler Bennett
385e5a9fe1 fixed more rubocop issues with the rex table for ddns 2015-12-04 15:28:01 -05:00
Jon Hart
78a303974f
Handle empty exclusions better 2015-12-04 12:19:17 -08:00
Tyler Bennett
4e0ab9b68f fixed ddns_creds import issue, by using rhost and commenting why it needs to be used 2015-12-04 15:10:02 -05:00
Tyler Bennett
6ce54f15ee added rex table for ddns func 2015-12-04 14:46:26 -05:00
Jon Hart
81ee01a93e
Simplify exclusion extraction and printing 2015-12-04 11:42:03 -08:00
Tyler Bennett
16e4d6a727 fixedd more rubocop errors, still needs work 2015-12-04 14:08:18 -05:00
Jon Hart
1968a76863
Simplify AV enumeration code 2015-12-04 10:27:14 -08:00
Christian Mehlmauer
fc9d818837
change youtube url 2015-12-04 10:15:56 +01:00
Martin Vigo
b4ade1989a Add IE support for stored passwords 2015-12-04 00:13:42 -08:00
JT
faac44f257 Update xdh_x_exec.rb 2015-12-04 12:39:19 +08:00
JT
f52e6ce65c Update xdh_x_exec.rb 2015-12-04 11:17:16 +08:00
JT
4955357015 Update xdh_x_exec.rb 2015-12-04 11:06:06 +08:00
JT
4e43a90187 Add Xdh / fBot IRC Bot Remote Code Execution 2015-12-04 10:40:37 +08:00
jvazquez-r7
340fe5640f
Land #6255, @wchen-r7's module for Atlassian HipChat JIRA plugin 2015-12-03 20:01:06 -06:00
jvazquez-r7
a972b33825
Fix typo 2015-12-03 20:00:37 -06:00
Jon Hart
28ee056c32
Make enumeration of each individual AV optional 2015-12-03 16:07:49 -08:00
Jon Hart
c007fffbce
Style cleanup 2015-12-03 15:55:12 -08:00
wchen-r7
f8c11b9cd1 Move to multi 2015-12-03 17:49:21 -06:00
Jon Hart
72f7efd042
Lots of style cleanup 2015-12-03 15:39:27 -08:00
Jon Hart
4b30a56f15
Add a few missing connects 2015-12-03 15:22:27 -08:00
Jon Hart
7346c528cd
Fix indentation 2015-12-03 15:21:06 -08:00
Jon Hart
6c31946995
Slightly simplify regex 2015-12-03 15:19:35 -08:00
Jon Hart
98096ab71c
Remove useless assignment 2015-12-03 15:16:54 -08:00
Jon Hart
504f6874f2
Convert to actions 2015-12-03 15:15:48 -08:00
Jon Hart
93cd3446db
Minor cleanup of some print_ lines 2015-12-03 15:01:27 -08:00
Jon Hart
753eddbbd6
Correct true/false for optional options, default values 2015-12-03 14:53:27 -08:00
JT
3bbc413935 Update phpfilemanager_rce.rb 2015-12-04 06:20:43 +08:00
Tyler Bennett
9d71ff6b9d cleaned up a few misc prints and added in logic if mailport is empty 2015-12-03 15:51:49 -05:00
Tyler Bennett
3d617efa88 added code to parse mailport from config 2015-12-03 15:36:08 -05:00
wchen-r7
67edf88c39 Doc 2015-12-03 14:25:01 -06:00
wchen-r7
f33e63c16f Support Win/Linx/Java payloads for Win/Linux platforms 2015-12-03 14:02:32 -06:00
Tyler Bennett
0d89dde4a6 changed sock.get to sock.get_once and fixed booleans hopefully. Still cleaning things up but its getting closer 2015-12-03 12:51:48 -05:00
r3naissance
db5c69226e
Add Usernames to Creds Database with owa_login.rb 2015-12-03 09:31:36 -07:00
JT
28ca899914 Update phpfilemanager_rce.rb 2015-12-03 18:07:25 +08:00
wchen-r7
83824b2902 First commit to support Windows for jira_hipchat_template
In Java
2015-12-03 02:39:55 -06:00
JT
d63bb4768f Update phpfilemanager_rce.rb 2015-12-03 14:09:02 +08:00
JT
374b630601 Update phpfilemanager_rce.rb 2015-12-03 13:57:19 +08:00
JT
56b810cb18 Update phpfilemanager_rce.rb 2015-12-03 12:44:41 +08:00
JT
5414f33804 Update phpfilemanager_rce.rb 2015-12-03 12:43:47 +08:00
JT
ab77ab509a Update phpfilemanager_rce.rb 2015-12-03 12:35:49 +08:00
JT
869caf789f Update phpfilemanager_rce.rb 2015-12-03 12:34:17 +08:00
JT
a2d51d48cd Add phpFileManager 0.9.8 Remote Code Execution 2015-12-03 12:11:31 +08:00
Jon Hart
fdbd3cfc11
Fix minor style problems, call check() from run_host 2015-12-02 15:46:35 -08:00
wchen-r7
09cd63a70c
Land #6302, Limesurvey File Download aux mod 2015-12-02 15:43:56 -06:00
wchen-r7
93a4fd0ee4 Minor edits 2015-12-02 15:43:11 -06:00
Tyler Bennett
a8887e6b77 firts iteration of moving each payload to its own function and setting optional vars, cleaning up rubocop warnings as well 2015-12-02 16:33:09 -05:00
Tyler Bennett
ca496a376f set username as a requirement and added note about randomly assinged password for user if not set 2015-12-02 14:16:36 -05:00
Christian Mehlmauer
581ea89f7f
fix nil error 2015-12-02 11:19:08 +01:00
Christian Mehlmauer
f06e4f3dbd
make this module work with other languages too 2015-12-02 11:14:10 +01:00
Christian Mehlmauer
1a4b91e33e
unzip backup file 2015-12-02 11:01:56 +01:00
Rory McNamara
15dd18dc4b use single quotes, remove explicit nil 2015-12-02 09:36:07 +00:00
jvazquez-r7
0f24ca7d13
Land #6280, @wchen-r7's module for Oracle Beehive processEvaluation Vulnerability 2015-12-01 21:38:09 -06:00
jvazquez-r7
d269be22e7
Land #6223, @wchen-r7's module for Oracle Beehive prepareAudioToPlay exploit 2015-12-01 21:36:18 -06:00
wchen-r7
9697ce5033 Specify arch & platform for generate_payload_exe
If not specified, generic payloads will fail.
2015-12-01 18:46:52 -06:00
wchen-r7
0e21265ecc Fix cookie parsing, typo, and unused var 2015-12-01 17:39:40 -06:00
Jon Hart
366b92a79e
Store rsync creds as creds, not loot 2015-12-01 15:30:39 -08:00
Christian Mehlmauer
217374d1c0
add limesurvey file download 2015-12-02 00:06:13 +01:00
jvazquez-r7
bb3a3ae8eb
Land #6176, @ganzm's fix for 64 bits windows loadlibrary payload 2015-12-01 13:18:41 -06:00
Spencer McIntyre
3b3b569d8e Fix payload CacheSize for current pymet 2015-12-01 13:00:15 -05:00
jvazquez-r7
bfe81db9a5
Update cached size 2015-12-01 11:45:45 -06:00
jvazquez-r7
2348cb7374
Update loadlibrary for 64 bits 2015-12-01 11:41:37 -06:00
James Lee
385378f338 Add reference to Rapid7 advisory 2015-12-01 11:37:27 -06:00
James Lee
98a0ddebda
Land #6298, Advantech shellshock module 2015-12-01 11:37:09 -06:00
HD Moore
9dbf7cb86c Remove the SSL option (not needed) 2015-12-01 11:34:03 -06:00
HD Moore
758e7c7b58 Rename 2015-12-01 11:33:45 -06:00
HD Moore
ea2174fc95 Typo and switch from raw -> encoded 2015-12-01 10:59:12 -06:00
HD Moore
16d0d53150 Update Shellshock modules, add Advantech coverage 2015-12-01 10:40:46 -06:00
wchen-r7
ea363dd495 priv to true 2015-12-01 10:23:36 -06:00
wchen-r7
2621753417 priv to true 2015-12-01 10:21:56 -06:00
wchen-r7
d5d4a4acdc Register the correct jsp to cleanup 2015-12-01 10:21:15 -06:00
Tyler Bennett
36f48dc945 cleaned up required opts, only left needed vars to run the rest are optional based on user preference 2015-12-01 11:02:14 -05:00
Tyler Bennett
5e9a0ab3ff removed version var in initialize method 2015-12-01 10:57:16 -05:00
Tyler Bennett
cb60b41d5d added in fixes and missing typos, randomized the password for the user 2015-12-01 10:43:58 -05:00
Kyle Gray
bd8177bf6c
Merge remote-tracking branch 'origin/pr/6284'
Land #6284, fix for false negatives found in #6281

@wvu found some false negatives while testing a server for #6281
2015-11-30 16:09:42 -06:00
Spencer McIntyre
fba9715a56 Add stageless python meterpreter http & https payloads 2015-11-28 17:41:55 -05:00
Andrew Smith
59bd88ff70 msftidy 2015-11-27 16:45:52 -05:00
Andrew Smith
9c016343c7 Update to logic and reliability
Included support for Windows Defender

Rewrote logic to support hosts with multiple AV products installed
2015-11-27 16:41:40 -05:00
Bigendian Smalls
d2bfc4d8e0
Added reverse shell payload for Mainframe
This is the first and probably most useful shellcode for mainframe
platform.  Standard reverse shell works just like any other platform
reverse shell.
2015-11-26 17:07:03 -06:00