David Maloney
9716b97e1c
split up the migration efforts
...
move admin and suer migrations into
seperate methods for enhanced readability
and maintainability
2016-01-08 14:26:39 -06:00
David Maloney
ad50f9a047
move default targets to constants
...
cleanup the way the target lists get populated
to use constants and be a little cleaner and dryer
2016-01-08 14:03:30 -06:00
Martin Vigo
8c6bdd532b
Use ? for SQL queries
2016-01-07 22:50:23 -08:00
Martin Vigo
b46095f3d6
Remove custom method checking file exists
2016-01-07 22:21:10 -08:00
Martin Vigo
e7701b6d5f
Fix incoherent method to always return a list
2016-01-07 22:17:04 -08:00
Jonathan Harms
5266860cec
Squashed more commits back into 1
2016-01-07 17:53:49 -06:00
wchen-r7
6a2b4c2530
Fix #6445 , Unexpected HttpServer terminations
...
Fix #6445
Problem:
When an HttpServer instance is trying to register a resource that
is already taken, it causes all HttpServers to terminate, which
is not a desired behavior.
Root Cause:
It appears the Msf::Exploit::Remote::TcpServer#stop_service method
is causing the problem. When the service is being detected as an
HttpServer, the #stop method used actually causes all servers to
stop, not just for a specific one. This stopping route was
introduced in 04772c8946
, when Juan
noticed that the java_rmi_server exploit could not be run again
after the first time.
Solution:
Special case the stopping routine on the module's level, and not
universal.
2016-01-07 16:55:41 -06:00
Spencer McIntyre
24290dc169
Address x86/Bmp polyglot encoder feedback
2016-01-07 10:23:32 -05:00
joev
22a0d970da
Don't delete the payload after running.
2016-01-07 02:26:01 -06:00
joev
fb99c61089
Remove print_status statement.
2016-01-07 01:17:49 -06:00
joev
210f065427
Add a background option for the echo cmdstager.
2016-01-07 01:16:08 -06:00
Josh
4e99c873c8
Fix issue when target_pid == current_pid
2016-01-06 19:58:07 -06:00
Josh
60c506d7fb
Replace error handling methods
2016-01-06 18:53:54 -06:00
Tyler Bennett
c245e64239
added peer to each print statement and rex table
2016-01-06 13:22:30 -05:00
wchen-r7
6e65d1d871
Land #6411 , chinese caidao asp/aspx/php backdoor bruteforce
2016-01-06 12:03:17 -06:00
wchen-r7
bdda8650a2
Do not support username, because the backdoor doesn't use one
2016-01-06 02:02:11 -06:00
Spencer McIntyre
cca0ba3efe
Add an x86/Bitmap polyglot encoder
2016-01-05 23:17:34 -05:00
Jon Hart
d626d7f0c9
Land #6416 , @all3g's rewrite/improvements to redis_server
2016-01-05 19:02:26 -08:00
Jon Hart
90ea88e5ba
Make command used configurable
2016-01-05 16:23:10 -08:00
Jon Hart
3ccdd12ecb
Put peer first in all prints
2016-01-05 16:09:50 -08:00
Jon Hart
1d997234cb
Remove unnecessary degistering of RHOST
2016-01-05 16:08:18 -08:00
g0tmi1k
d7061e8110
OCD fixes
2016-01-05 23:28:56 +00:00
Tyler Bennett
aa2922e6c3
added in verbose mode for ddns and fixed report_email_creds issue
2016-01-05 14:54:48 -05:00
wchen-r7
6cfaf93337
Land #6433 , Add D-Link DCS-931L File Upload
2016-01-05 13:16:11 -06:00
wchen-r7
7259d2a65c
Use unless instead of if !
2016-01-05 13:05:01 -06:00
nixawk
8a76bbafff
Add peer to vprint_error
2016-01-06 01:51:23 +08:00
Jon Hart
eef154420b
This is a scanner, so vprint things that occur frequently
2016-01-05 09:06:36 -08:00
Jon Hart
63324bd77d
Rescue correct exceptions
2016-01-05 09:05:32 -08:00
Jon Hart
1b48556456
Use cleaner hash syntax
2016-01-05 09:05:32 -08:00
nixawk
9714923824
ensure disconnect / remove self.class from register_options
2016-01-06 00:54:54 +08:00
William Vu
9f1ceb4b3b
Land #6426 , enable_rdp typo fix
2016-01-05 10:17:25 -06:00
William Vu
6cb9ad0d72
Land #6435 , unaligned def/end fix
2016-01-05 09:59:25 -06:00
nixawk
c3158497c0
rebuild / add check_setup / send_request
2016-01-05 15:10:26 +08:00
nixawk
cbbbd9a7e7
end is not aligned with def
2016-01-05 14:07:43 +08:00
nixawk
20cd156047
replace auxiliary/scanner/misc/redis_server with auxiliary/scanner/redis/redis_server
2016-01-05 13:14:40 +08:00
Brendan Coles
7907c93047
Add D-Link DCS-931L File Upload module
2016-01-05 04:15:38 +00:00
William Vu
3990c021c2
Land #6318 , updates for ssh_identify_pubkeys
2016-01-04 13:27:38 -06:00
William Vu
6f01df3f79
Clean up module
2016-01-04 13:26:03 -06:00
William Vu
58c047200d
Land #6305 , creds update for owa_login
2016-01-04 10:52:39 -06:00
Vincent Yiu
30a866a85b
Update enable_rdp.rb
...
Fixed some typos.
2016-01-04 09:52:57 +00:00
joev
00dc6364b5
Add support for native target in addjsif exploit.
2016-01-03 01:07:36 -06:00
joev
0436375c6f
Change require to module level.
2016-01-02 23:06:23 -06:00
joev
3a14620dba
Update linemax to match max packet size.
2016-01-02 23:00:46 -06:00
joev
d64048cd48
Rename to match gdb_server_exec module.
2016-01-02 22:45:27 -06:00
joev
dcd36b74db
Last mile polish and tweaks.
2016-01-02 22:41:38 -06:00
joev
22aae81006
Rename to exec_payload.
2016-01-02 14:13:54 -06:00
joev
6575f4fe4a
Use the cmdstager mixin.
2016-01-02 14:09:56 -06:00
joev
a88471dc8d
Add ADB client and module for obtaining shell.
2016-01-02 01:13:53 -06:00
nixawk
a6914df3e3
rename LOGIN_URL to TARGETURI
2015-12-31 22:21:34 +08:00
nixawk
370351ca88
chinese caidao asp/aspx/php backdoor bruteforce
2015-12-31 15:17:01 +08:00
Kyle Gray
47f9880690
Land #6395 , grammar fixes for recovery_files.rb
...
Improves grammar and details within the description of /post/windows/gather/forensics/recovery_files.rb
2015-12-28 15:57:41 -06:00
William Vu
cf0e982e83
Land #6386 , VNC creds module fix
2015-12-28 02:32:26 -06:00
William Vu
6b9c74eec7
Prefer gsub and nix the return
2015-12-28 02:31:47 -06:00
Josh
0de69a9d40
Add post Windows privilege based migrate
2015-12-27 19:26:21 -06:00
Brendan Coles
47261c27d4
Add EasyCafe Server Remote File Access module
2015-12-27 12:00:50 +00:00
g0tmi1k
9120a6aa76
iis_webdav_upload_asp: Add COPY and a few other tricks
2015-12-26 16:01:46 +00:00
Brent Cook
e23b5c5435
Land #6179 , add NTP initial crypto nak spoofing module
2015-12-24 15:46:18 -06:00
Brent Cook
04f755dd51
Land #6367 , MS15-134 Microsoft Windows Media Center MCL Information Disclosure
2015-12-24 15:24:42 -06:00
Jon Hart
283cf5b869
Update msftidy to catch more potential URL vs PACKETSTORM warnings
...
Fix the affected modules
2015-12-24 09:12:24 -08:00
Jon Hart
27a6aa0be1
Fix current msftidy warnings about PACKETSTORM vs URL
2015-12-24 09:05:02 -08:00
Jon Hart
efdb6a8885
Land #6392 , @wchen-r7's 'def peer' cleanup, fixing #6362
2015-12-24 08:53:32 -08:00
wchen-r7
e191bf8ac3
Update description, and fix a typo
2015-12-24 10:35:05 -06:00
Jon Hart
f8943f4821
Remove peer; defined in lib/msf/core/post/common.rb
2015-12-24 07:57:16 -08:00
Jon Hart
3535cf3d18
Remove peer; included via HttpClient in lib/msf/core/exploit/mssql_sqli.rb
2015-12-24 07:51:12 -08:00
Jon Hart
0f2f2a3d08
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/mysql.rb
2015-12-24 07:46:55 -08:00
Jon Hart
cb752a4bcf
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/mysql.rb
2015-12-24 07:46:23 -08:00
Jon Hart
c55f61d2d7
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/smtp.rb
2015-12-24 07:44:36 -08:00
karllll
431c6001a8
Fix recovery_files.rb Description grammar errors
2015-12-24 10:10:39 -05:00
Brent Cook
e4f9594646
Land #6331 , ensure generic payloads raise correct exceptions on failure
2015-12-23 15:43:12 -06:00
Brent Cook
7444f24721
update whitespace / syntax for java_calendar_deserialize
2015-12-23 15:42:27 -06:00
Jon Hart
e3eafff7c9
Land #6237 , @jww519's aux module for Android CVE-2012-6301
2015-12-23 13:27:09 -08:00
Brent Cook
6eda702b25
Land #6292 , add reverse_tcp command shell for Z/OS (MVS)
2015-12-23 14:11:37 -06:00
wchen-r7
cea3bc27b9
Fix #6362 , avoid overriding def peer repeatedly
...
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
Brent Cook
493700be3a
remove duplicate key warning from Ruby 2.2.x
...
This gets rid of the warning:
modules/exploits/multi/http/uptime_file_upload_2.rb:283: warning: duplicated key at line 284 ignored: "newuser"
2015-12-23 10:39:35 -06:00
Christian Mehlmauer
424e7b6bfe
Land #6384 , more joomla rce references
2015-12-22 22:54:58 +01:00
JT
18398afb56
Update joomla_http_header_rce.rb
2015-12-23 05:48:26 +08:00
JT
cc40c61848
Update joomla_http_header_rce.rb
2015-12-23 05:38:57 +08:00
wchen-r7
21b628aa02
Land #6387 , update exploits/multi/http/joomla_http_header_rce
...
Use the new Joomla mixin
2015-12-22 15:01:55 -06:00
wchen-r7
9063ee44f4
Land #6381 , Fix post/multi/manage/shell_to_meterprete uname
2015-12-22 14:44:28 -06:00
Christian Mehlmauer
f6eaff5d96
use the new and shiny joomla mixin
2015-12-22 21:36:42 +01:00
Christian Mehlmauer
57b850c7af
Land #6373 , joomla mixin
2015-12-22 21:10:46 +01:00
g0tmi1k
2f71730484
Gather VNC null byte fix + formatting
2015-12-22 17:30:37 +00:00
JT
314e902098
Add original exploit discoverer and exploit-db ref
...
Adding Gary @ Sec-1 ltd for the original exploit and two exploit-db references. Marc-Alexandre Montpas modified Gary's exploit that uses "User-Agent" header. Marc-Alexandre Montpas used "X-FORWARDED-FOR" header to avoid default logged to access.log
2015-12-22 22:44:59 +08:00
Rory McNamara
45b9230efb
Redirect python stderr to stdout, darwin python platform
2015-12-22 11:32:31 +00:00
Tim
be9197fc97
quick fix for issues #6359
2015-12-22 03:26:31 +00:00
Tim
f9d74143c3
fix typo
2015-12-22 03:25:34 +00:00
Louis Sato
3034cd22df
Land #6372 , fix psexec nil bug + missing return
2015-12-21 10:59:10 -06:00
William Vu
f129c0363e
Fix broken logic
...
Forgot to set retval when I removed the ensure.
2015-12-21 10:52:03 -06:00
Stuart Morgan
e8c8c54cb0
Use a regex with a negative lookbehind to cope with CNs that contain commas
2015-12-21 11:44:37 +00:00
Stuart Morgan
b0fca769d7
capitalisation
2015-12-21 10:39:30 +00:00
Stuart Morgan
9493b333df
rubocop
2015-12-20 21:22:03 +00:00
Stuart Morgan
c394caad27
actually made the securitygroups only option do something
2015-12-20 21:19:24 +00:00
Stuart Morgan
07caaf352b
made comment match purpose
2015-12-20 21:18:21 +00:00
Stuart Morgan
c0a93433af
msftidy
2015-12-20 21:16:42 +00:00
Stuart Morgan
89728fd8fe
Working version
2015-12-20 21:16:17 +00:00
Stuart Morgan
ae09549057
New module, strating with managedby_groups
2015-12-20 20:17:06 +00:00
Martin Vigo
2ddac42be7
Perform Rubocop cleanup
2015-12-19 23:33:32 -08:00
Martin Vigo
2fc940cc3e
Decrypt Chrome and Opera cookies and msdftify code
2015-12-19 22:19:20 -08:00
Martin Vigo
ab630166bb
Decrypt Chrome and Opera cookies and msdftify code
2015-12-19 21:40:30 -08:00
wchen-r7
08bddab568
File name should be the same as the datastore option
2015-12-18 21:22:55 -06:00
wchen-r7
7d8ecf2341
Add Joomla mixin
2015-12-18 21:14:04 -06:00
Louis Sato
726578b189
Land #6370 , add joomla reference
2015-12-18 17:05:07 -06:00
Louis Sato
56636f3337
Land #6368 , remove uptime_file_upload.rb
2015-12-18 17:02:04 -06:00
William Vu
afe4861195
Fix nil bug and missing return
2015-12-18 15:54:51 -06:00
William Vu
ef90ffa7b5
Fix #6356 , requote NTDS.DIT path
2015-12-18 15:41:48 -06:00
William Vu
6afcc13774
Requote file path
2015-12-18 15:41:38 -06:00
William Vu
309deb52f5
Land #6356 , NTDS.DIT location finder
2015-12-18 15:33:00 -06:00
William Vu
06a2bb53bd
Clean up module
2015-12-18 15:29:15 -06:00
Christian Mehlmauer
fb6ede80c9
add joomla reference
2015-12-18 18:27:48 +01:00
wchen-r7
485196af4e
Remove modules/exploits/multi/http/uptime_file_upload.rb
...
Please use exploit/multi/http/uptime_file_upload_1 for exploiting
post2file.php on an older version of uptime.
If you are exploiting uptime that is patched against
exploit/multi/http/uptime_file_upload_1, then you may want to try
exploit/multi/http/uptime_file_upload_2.
2015-12-17 23:01:57 -06:00
wchen-r7
5f5b3ec6a1
Add MS15-134 Microsoft Windows Media Center MCL Information Disclosure
...
CVE-2015-6127
2015-12-17 22:41:58 -06:00
Martin Vigo
ccb13a2ca6
Add full IE support and bug fixes
2015-12-17 20:29:50 -08:00
Jon Hart
a8bb750db7
Address style/usability concerns in Android CVE-2012-6301 module
2015-12-17 13:45:32 -08:00
Brent Cook
0c0219d7b7
Land #6357 , cleanup redis rdbcompression options
2015-12-17 10:45:11 -06:00
Jon Hart
f3ac8a2cc0
Land #6360 , @pyllyukko's reference cleanup for ipmi_dumphashes
2015-12-16 22:03:40 -08:00
wchen-r7
06f1949e2c
Land #6355 , Joomla HTTP Header Unauthenticated Remote Code Execution
...
CVE-2015-8562
2015-12-16 17:55:51 -06:00
Christian Mehlmauer
8c43ecbfaf
add random terminator and clarify target
2015-12-17 00:08:52 +01:00
Gregory Mikeska
2106a47441
Merge branch 'pr/6357' into upstream-master
2015-12-16 16:02:48 -06:00
Christian Mehlmauer
08d0ffd709
implement @wvu-r7 's feedback
2015-12-16 22:44:01 +01:00
Christian Mehlmauer
76438dfb2f
implement @wchen-r7 's suggestions
2015-12-16 20:31:43 +01:00
Jon Hart
865e2a7c18
Only test/reset rdbcompression if told to and redis is configured that way
2015-12-16 11:20:13 -08:00
Jon Hart
f616ee14a8
Dont abort if compression can't be disabled
2015-12-16 11:11:00 -08:00
Jon Hart
12764660b2
Remove compression bits from description; remove unnecessary module options; require DISABLE_RDBCOMPRESSION
2015-12-16 11:07:27 -08:00
Christian Mehlmauer
b43d580276
try to detect joomla version
2015-12-16 16:16:59 +01:00
Christian Mehlmauer
30f90f35e9
also check for debian version number
2015-12-16 15:19:33 +01:00
Christian Mehlmauer
67eba0d708
update description
2015-12-16 14:46:00 +01:00
Christian Mehlmauer
fa3fb1affc
better ubuntu version check
2015-12-16 14:18:44 +01:00
Christian Mehlmauer
60181feb51
more ubuntu checks
2015-12-16 14:02:26 +01:00
Christian Mehlmauer
934c6282a5
check for nil
2015-12-16 13:52:06 +01:00
Christian Mehlmauer
2661cc5899
check ubuntu specific version
2015-12-16 13:49:07 +01:00
Christian Mehlmauer
675dff3b6f
use Gem::Version for version compare
2015-12-16 13:04:15 +01:00
pyllyukko
d110c6cc73
Added few references to ipmi_dumphashes
2015-12-16 13:36:37 +02:00
Christian Mehlmauer
01b943ec93
fix check method
2015-12-16 07:26:25 +01:00
Christian Mehlmauer
595645bcd7
update description
2015-12-16 07:03:01 +01:00
Christian Mehlmauer
d80a7e662f
some formatting
2015-12-16 06:57:06 +01:00
Christian Mehlmauer
c2795d58cb
use target_uri.path
2015-12-16 06:55:23 +01:00
Christian Mehlmauer
2e54cd2ca7
update description
2015-12-16 06:42:41 +01:00
nixawk
342ce05ff7
add a DISABLE_RDBCOMPRESSION option for redis file_upload
2015-12-16 04:28:52 +00:00
Christian Mehlmauer
d4ade7a1fd
update check method
2015-12-16 00:18:39 +01:00
Stuart Morgan
2c29298485
undoing this, put in a separate module
2015-12-15 23:16:21 +00:00
Stuart Morgan
5dd8cb7648
proper type conversions
2015-12-15 23:13:02 +00:00
Stuart Morgan
fef9a84548
rubocop
2015-12-15 23:12:14 +00:00
Stuart Morgan
a2b30ff16e
msftidy
2015-12-15 23:11:40 +00:00
Stuart Morgan
281966023c
Final version
2015-12-15 23:10:06 +00:00
Stuart Morgan
7fa453b7ff
Added module
2015-12-15 22:31:00 +00:00
Tyler Bennett
5bb8dbcafc
added peer to users table
2015-12-15 16:45:45 -05:00
Stuart Morgan
059de62400
Editing an existing module rather than adding a new one
2015-12-15 21:36:39 +00:00
Tyler Bennett
797bd9e04d
added peer to each table and added each users groups to the users table
2015-12-15 16:31:25 -05:00
Stuart Morgan
4a66b487de
Based on putty enum module
2015-12-15 21:28:13 +00:00
Christian Mehlmauer
c603430228
fix version check
2015-12-15 18:26:21 +01:00
wchen-r7
b9b280954b
Add a check for joomla
2015-12-15 11:03:36 -06:00
Christian Mehlmauer
e4309790f5
renamed module because X-FORWARDED-FOR header is also working
2015-12-15 17:37:45 +01:00
Christian Mehlmauer
84d5067abe
add joomla RCE module
2015-12-15 17:20:49 +01:00
wchen-r7
ab3fe64b6e
Add method peer for jenkins_java_deserialize.rb
2015-12-15 01:18:27 -06:00
Jon Hart
b78f7b4d55
Land #6319 , @all3g's module for abusing redis to achieve file uploads
2015-12-14 18:00:44 -08:00
Tyler Bennett
bda6c940cf
fixed issues with printing of tables and cleaned up output a bit removed unecessary prints
2015-12-14 16:23:18 -05:00
Jon Hart
e448bc3e27
If saving fails, print_error and mention permissions
2015-12-14 10:47:05 -08:00
Jon Hart
19acd366d6
Rename redis file upload module; remove the 'auth' part
2015-12-14 10:40:28 -08:00
Tod Beardsley
30c805d9c7
Land #6344 , R7-2015-22 / CVE-2015-8249
2015-12-14 12:30:51 -06:00
Tod Beardsley
b25aae3602
Add refs to module
...
See rapid7#6344.
2015-12-14 12:05:46 -06:00
Brent Cook
c00f05faba
Land #6346 , jenkins_java_deserialize check reliability fixes
2015-12-14 11:44:33 -06:00
William Vu
b085989923
Land #6266 , rsync creds scraper
2015-12-14 11:37:30 -06:00
wchen-r7
bd8aea2618
Fix check for jenkins_java_deserialize.rb
...
This fixes the following:
* nil return value checks
* handle missing X-Jenkins-CLI-Port scenario more properly
* proper HTTP path normalization
2015-12-14 11:25:59 -06:00
wchen-r7
5ffc80dc20
Add ManageEngine ConnectionId Arbitrary File Upload Vulnerability
2015-12-14 10:51:59 -06:00
Spencer McIntyre
4e492a1b0c
Add an additional grammar change to the listener option
2015-12-13 12:04:20 -05:00
radekk
90a523fb0a
Typos inside parameters description.
2015-12-12 22:48:20 +01:00
Vex Woo
dee23e4bda
Merge pull request #3 from jhart-r7/pr/fixup-6319
...
Cleanup redis unauth_file_upload, move redis stuff to mixin
2015-12-12 03:32:05 +00:00
dmohanty-r7
eb4611642d
Add Jenkins CLI Java serialization exploit module
...
CVE-2015-8103
2015-12-11 14:57:10 -06:00
Jon Hart
9ef46140c0
Improve output when success
2015-12-11 10:10:44 -08:00
Jon Hart
32a64c3d8e
Make auth easier, work automatically and on older redis versions
...
Also, improve check
2015-12-11 10:04:47 -08:00
Jon Hart
ac47c87af4
Move Password option to redis mixin
2015-12-11 08:53:11 -08:00
Jon Hart
38d0b0a0f2
Wire in @all3g's redis auth code
2015-12-11 08:42:59 -08:00
Tyler Bennett
c000e590d4
verified table values are correctly typed as Strs, but it still fails to print the tables
2015-12-10 15:51:59 -05:00
Jon Hart
555e52e416
Document the redis upload process more
2015-12-10 09:35:46 -08:00
Jon Hart
48a27170c2
Document process better, delete correct key
2015-12-10 09:13:13 -08:00
Jon Hart
d2f54af23f
Reset the dir and dbfilename back to their original settings
2015-12-10 08:56:24 -08:00
Jon Hart
21ab4e96e5
First pass at redis mixin
2015-12-10 08:29:59 -08:00
karllll
a5c6e260f2
Update hp_vsa_login_bof.rb
...
Updated reference URL to latest location
2015-12-10 10:56:39 -05:00
William Vu
563be5c207
Land #6322 , another Perl IRC bot exploit
2015-12-10 09:43:07 -06:00
William Vu
a945350821
Land #6307 , Perl IRC bot exploit
2015-12-10 09:42:35 -06:00
nixawk
0d8fc78257
make code more clear
2015-12-10 15:13:50 +00:00
nixawk
42013c18ba
add a password option - AUTH_KEY
2015-12-10 08:24:47 +00:00
nixawk
28bc5b4d4f
move it from exploit to auxiliary
2015-12-10 08:23:38 +00:00
Jon Hart
4cc7853ad8
Don't run_host unless check returns vulnerable; report_service
2015-12-09 18:33:40 -08:00
Jon Hart
624e5aeffa
First pass at converting redis module to aux; style cleanup
2015-12-09 17:59:48 -08:00
Tyler Bennett
c2ef7be217
cleaned up regex isseus and added the appropriate rex tables. Having issues with printing them due to type errors, but Im working on it
2015-12-09 17:49:38 -05:00
wchen-r7
11c1eb6c78
Raise Msf::NoCompatiblePayloadError if generate_payload_exe fails
...
Most exploits don't check nil for generate_payload_exe, they just
assume they will always have a payload. If the method returns nil,
it ends up making debugging more difficult. Instead of checking nil
one by one, we just raise.
2015-12-08 21:13:23 -06:00
Jon Hart
39da306b1d
Land #6057 , @danilbaz's module for dumping Bitlocker master key (FVEK)
2015-12-08 18:16:39 -08:00
Tyler Bennett
e574c844de
added rex table for channels func, has an issues with TypeError no implicit conversion of String into Integer upon building the table
2015-12-08 18:19:30 -05:00
Tyler Bennett
48cd350711
updated authors list with contributors
2015-12-08 16:29:00 -05:00
Tyler Bennett
92d56cd050
cleaned up uncessary Rex Tables working on the rest of them for users, groups and channels
2015-12-08 16:24:47 -05:00
wchen-r7
080ec26afb
Land #4489 , Update SMB admin modules to use Scanner & fixes
2015-12-08 14:49:26 -06:00
Jon Hart
ed8076f361
Merge branch 'master' into pr/6197
2015-12-08 12:08:15 -08:00
Jon Hart
2177b979fd
Update SessionTypes command to describe why shell is not listed
2015-12-08 12:06:47 -08:00
Jon Hart
3890961155
Correct SEP client exclusion enumeration
2015-12-08 10:16:25 -08:00
wchen-r7
7378e7b128
Do elog() when print_error()
2015-12-08 11:06:59 -06:00
BAZIN-HSC
be5f648969
manage-bde.exe path test if in System32 or sysnative
2015-12-08 16:14:13 +01:00
wchen-r7
53acfd7ce3
Land #6303 , Add phpFileManager 0.9.8 Remote Code Execution
2015-12-07 21:13:48 -06:00
wchen-r7
ea3c7cb35b
Minor edits
2015-12-07 21:13:14 -06:00
Tyler Bennett
75e31c252e
added rex table for nas settings, still working on users and hashes rex table
2015-12-07 14:48:28 -05:00
William Vu
db788d1b7c
Land #6238 , CmdStager BOURNE_{PATH,FILE} options
2015-12-07 12:34:42 -06:00
Tyler Bennett
3d892bd1d6
added rex table for grab_email func instead of printing out values
2015-12-07 10:37:36 -05:00
Tyler Bennett
069a50e1b8
Revert "fixed ddns_creds import issue, by using rhost and commenting why it needs to be used"
...
Reverting to hopefully force a fix for issue #3968
2015-12-07 09:41:46 -05:00
JT
b36834f4bc
Update legend_bot_exec.rb
2015-12-07 10:38:36 +08:00
JT
2244f2aa43
Add Legend Perl IRC Bot Remote Code Execution
2015-12-07 10:30:28 +08:00
JT
26c8fd8faa
Update xdh_x_exec.rb
2015-12-07 08:25:19 +08:00
JT
9ee5498090
Update xdh_x_exec.rb
...
satisfying msftidy's request
2015-12-06 20:21:18 +08:00
JT
10a8e98e41
Update xdh_x_exec.rb
2015-12-06 20:11:49 +08:00
JT
14afbc6800
Update xdh_x_exec.rb
...
updated description and new author.
2015-12-06 20:10:19 +08:00
nixawk
20f6cbe5ba
upload file to redis server (unauthentication)
2015-12-06 06:11:11 +00:00
Stuart Morgan
ca023b6499
Simplified do_report() to comply with msftidy
2015-12-05 23:27:28 +00:00
Stuart Morgan
4f1f755c1d
msftidy
2015-12-05 22:49:40 +00:00
Stuart Morgan
4469e9b5ef
Finalised module
2015-12-05 22:45:08 +00:00
Stuart Morgan
bd1bf4aa72
Initial test, fixed noteswq
2015-12-05 21:19:34 +00:00
Stuart Morgan
09c58e4097
Massive rework of the storage/notes/reporting
2015-12-05 21:18:29 +00:00
Jon Hart
f6417df9ba
Update enum_av_excluded to work properly under wow64
2015-12-04 17:13:43 -08:00
wchen-r7
66ba204c11
Land #6308 , change youtube url
2015-12-04 16:31:00 -06:00
wchen-r7
14b1b3a1f0
Land #6299 , Stageless HTTP(S) Python Meterpreter
2015-12-04 16:16:54 -06:00
wchen-r7
644c1347cd
Update payload sizes
2015-12-04 16:14:37 -06:00
Jon Hart
ad60a4118e
Put admin and client exclusions in different tables
2015-12-04 13:01:28 -08:00
Jon Hart
c92365090f
Simpler
2015-12-04 12:38:25 -08:00
Jon Hart
e7d2eb6ad9
Wire in support for showing process and file extension exclusions
2015-12-04 12:35:42 -08:00
Tyler Bennett
385e5a9fe1
fixed more rubocop issues with the rex table for ddns
2015-12-04 15:28:01 -05:00
Jon Hart
78a303974f
Handle empty exclusions better
2015-12-04 12:19:17 -08:00
Tyler Bennett
4e0ab9b68f
fixed ddns_creds import issue, by using rhost and commenting why it needs to be used
2015-12-04 15:10:02 -05:00
Tyler Bennett
6ce54f15ee
added rex table for ddns func
2015-12-04 14:46:26 -05:00
Jon Hart
81ee01a93e
Simplify exclusion extraction and printing
2015-12-04 11:42:03 -08:00
Tyler Bennett
16e4d6a727
fixedd more rubocop errors, still needs work
2015-12-04 14:08:18 -05:00
Jon Hart
1968a76863
Simplify AV enumeration code
2015-12-04 10:27:14 -08:00
Christian Mehlmauer
fc9d818837
change youtube url
2015-12-04 10:15:56 +01:00
Martin Vigo
b4ade1989a
Add IE support for stored passwords
2015-12-04 00:13:42 -08:00
JT
faac44f257
Update xdh_x_exec.rb
2015-12-04 12:39:19 +08:00
JT
f52e6ce65c
Update xdh_x_exec.rb
2015-12-04 11:17:16 +08:00
JT
4955357015
Update xdh_x_exec.rb
2015-12-04 11:06:06 +08:00
JT
4e43a90187
Add Xdh / fBot IRC Bot Remote Code Execution
2015-12-04 10:40:37 +08:00
jvazquez-r7
340fe5640f
Land #6255 , @wchen-r7's module for Atlassian HipChat JIRA plugin
2015-12-03 20:01:06 -06:00
jvazquez-r7
a972b33825
Fix typo
2015-12-03 20:00:37 -06:00
Jon Hart
28ee056c32
Make enumeration of each individual AV optional
2015-12-03 16:07:49 -08:00
Jon Hart
c007fffbce
Style cleanup
2015-12-03 15:55:12 -08:00
wchen-r7
f8c11b9cd1
Move to multi
2015-12-03 17:49:21 -06:00
Jon Hart
72f7efd042
Lots of style cleanup
2015-12-03 15:39:27 -08:00
Jon Hart
4b30a56f15
Add a few missing connects
2015-12-03 15:22:27 -08:00
Jon Hart
7346c528cd
Fix indentation
2015-12-03 15:21:06 -08:00
Jon Hart
6c31946995
Slightly simplify regex
2015-12-03 15:19:35 -08:00
Jon Hart
98096ab71c
Remove useless assignment
2015-12-03 15:16:54 -08:00
Jon Hart
504f6874f2
Convert to actions
2015-12-03 15:15:48 -08:00
Jon Hart
93cd3446db
Minor cleanup of some print_ lines
2015-12-03 15:01:27 -08:00
Jon Hart
753eddbbd6
Correct true/false for optional options, default values
2015-12-03 14:53:27 -08:00
JT
3bbc413935
Update phpfilemanager_rce.rb
2015-12-04 06:20:43 +08:00
Tyler Bennett
9d71ff6b9d
cleaned up a few misc prints and added in logic if mailport is empty
2015-12-03 15:51:49 -05:00
Tyler Bennett
3d617efa88
added code to parse mailport from config
2015-12-03 15:36:08 -05:00
wchen-r7
67edf88c39
Doc
2015-12-03 14:25:01 -06:00
wchen-r7
f33e63c16f
Support Win/Linx/Java payloads for Win/Linux platforms
2015-12-03 14:02:32 -06:00
Tyler Bennett
0d89dde4a6
changed sock.get to sock.get_once and fixed booleans hopefully. Still cleaning things up but its getting closer
2015-12-03 12:51:48 -05:00
r3naissance
db5c69226e
Add Usernames to Creds Database with owa_login.rb
2015-12-03 09:31:36 -07:00
JT
28ca899914
Update phpfilemanager_rce.rb
2015-12-03 18:07:25 +08:00
wchen-r7
83824b2902
First commit to support Windows for jira_hipchat_template
...
In Java
2015-12-03 02:39:55 -06:00
JT
d63bb4768f
Update phpfilemanager_rce.rb
2015-12-03 14:09:02 +08:00
JT
374b630601
Update phpfilemanager_rce.rb
2015-12-03 13:57:19 +08:00
JT
56b810cb18
Update phpfilemanager_rce.rb
2015-12-03 12:44:41 +08:00
JT
5414f33804
Update phpfilemanager_rce.rb
2015-12-03 12:43:47 +08:00
JT
ab77ab509a
Update phpfilemanager_rce.rb
2015-12-03 12:35:49 +08:00
JT
869caf789f
Update phpfilemanager_rce.rb
2015-12-03 12:34:17 +08:00
JT
a2d51d48cd
Add phpFileManager 0.9.8 Remote Code Execution
2015-12-03 12:11:31 +08:00
Jon Hart
fdbd3cfc11
Fix minor style problems, call check() from run_host
2015-12-02 15:46:35 -08:00
wchen-r7
09cd63a70c
Land #6302 , Limesurvey File Download aux mod
2015-12-02 15:43:56 -06:00
wchen-r7
93a4fd0ee4
Minor edits
2015-12-02 15:43:11 -06:00
Tyler Bennett
a8887e6b77
firts iteration of moving each payload to its own function and setting optional vars, cleaning up rubocop warnings as well
2015-12-02 16:33:09 -05:00
Tyler Bennett
ca496a376f
set username as a requirement and added note about randomly assinged password for user if not set
2015-12-02 14:16:36 -05:00
Christian Mehlmauer
581ea89f7f
fix nil error
2015-12-02 11:19:08 +01:00
Christian Mehlmauer
f06e4f3dbd
make this module work with other languages too
2015-12-02 11:14:10 +01:00
Christian Mehlmauer
1a4b91e33e
unzip backup file
2015-12-02 11:01:56 +01:00
Rory McNamara
15dd18dc4b
use single quotes, remove explicit nil
2015-12-02 09:36:07 +00:00
jvazquez-r7
0f24ca7d13
Land #6280 , @wchen-r7's module for Oracle Beehive processEvaluation Vulnerability
2015-12-01 21:38:09 -06:00
jvazquez-r7
d269be22e7
Land #6223 , @wchen-r7's module for Oracle Beehive prepareAudioToPlay exploit
2015-12-01 21:36:18 -06:00
wchen-r7
9697ce5033
Specify arch & platform for generate_payload_exe
...
If not specified, generic payloads will fail.
2015-12-01 18:46:52 -06:00
wchen-r7
0e21265ecc
Fix cookie parsing, typo, and unused var
2015-12-01 17:39:40 -06:00
Jon Hart
366b92a79e
Store rsync creds as creds, not loot
2015-12-01 15:30:39 -08:00
Christian Mehlmauer
217374d1c0
add limesurvey file download
2015-12-02 00:06:13 +01:00
jvazquez-r7
bb3a3ae8eb
Land #6176 , @ganzm's fix for 64 bits windows loadlibrary payload
2015-12-01 13:18:41 -06:00
Spencer McIntyre
3b3b569d8e
Fix payload CacheSize for current pymet
2015-12-01 13:00:15 -05:00
jvazquez-r7
bfe81db9a5
Update cached size
2015-12-01 11:45:45 -06:00
jvazquez-r7
2348cb7374
Update loadlibrary for 64 bits
2015-12-01 11:41:37 -06:00
James Lee
385378f338
Add reference to Rapid7 advisory
2015-12-01 11:37:27 -06:00
James Lee
98a0ddebda
Land #6298 , Advantech shellshock module
2015-12-01 11:37:09 -06:00
HD Moore
9dbf7cb86c
Remove the SSL option (not needed)
2015-12-01 11:34:03 -06:00
HD Moore
758e7c7b58
Rename
2015-12-01 11:33:45 -06:00
HD Moore
ea2174fc95
Typo and switch from raw -> encoded
2015-12-01 10:59:12 -06:00
HD Moore
16d0d53150
Update Shellshock modules, add Advantech coverage
2015-12-01 10:40:46 -06:00
wchen-r7
ea363dd495
priv to true
2015-12-01 10:23:36 -06:00
wchen-r7
2621753417
priv to true
2015-12-01 10:21:56 -06:00
wchen-r7
d5d4a4acdc
Register the correct jsp to cleanup
2015-12-01 10:21:15 -06:00
Tyler Bennett
36f48dc945
cleaned up required opts, only left needed vars to run the rest are optional based on user preference
2015-12-01 11:02:14 -05:00
Tyler Bennett
5e9a0ab3ff
removed version var in initialize method
2015-12-01 10:57:16 -05:00
Tyler Bennett
cb60b41d5d
added in fixes and missing typos, randomized the password for the user
2015-12-01 10:43:58 -05:00
Kyle Gray
bd8177bf6c
Merge remote-tracking branch 'origin/pr/6284'
...
Land #6284 , fix for false negatives found in #6281
@wvu found some false negatives while testing a server for #6281
2015-11-30 16:09:42 -06:00
Spencer McIntyre
fba9715a56
Add stageless python meterpreter http & https payloads
2015-11-28 17:41:55 -05:00
Andrew Smith
59bd88ff70
msftidy
2015-11-27 16:45:52 -05:00
Andrew Smith
9c016343c7
Update to logic and reliability
...
Included support for Windows Defender
Rewrote logic to support hosts with multiple AV products installed
2015-11-27 16:41:40 -05:00
Bigendian Smalls
d2bfc4d8e0
Added reverse shell payload for Mainframe
...
This is the first and probably most useful shellcode for mainframe
platform. Standard reverse shell works just like any other platform
reverse shell.
2015-11-26 17:07:03 -06:00