18fa411189
Updated with Egypt's suggestion, also changed the target name to include other versions
2017-04-27 13:19:44 +01:00
178d68003e
version check, as the name for the api key call changes on 11.0. Line 130
2017-04-18 10:32:28 +01:00
92e7183a74
Small typo fix
...
Running msfconsole would generate an Ubuntu crash report (?). This seems to be the culprit.
2017-04-17 11:14:51 -06:00
942959f7e8
Land #8255 , fixes for smb_ms17_010
2017-04-17 11:38:34 -05:00
7b936b0012
Land #8184 , convert IPMI protocol and modules to bindata
2017-04-17 07:40:15 -05:00
6f70efcfa1
add module documentation
2017-04-17 07:39:43 -05:00
b1c7f1302b
Fix report_vuln and prefer vprint_error
2017-04-17 02:48:56 -05:00
e21504b22d
huawei_hg532n_cmdinject: Use send_request_cgi() 'vars_get' key
...
Instead of rolling our own GET parameters implementation.
Thanks @wvu-r7!
2017-04-17 09:11:50 +02:00
7daec53106
huawei_hg532n_cmdinject: Improve overall documentation
...
- Add section on compiling custom binaries for the device
- Add documentation for Huawei's wget flavor (thanks @h00die)
- Abridge the module's info hash contents (thanks @wwebb-r7)
- Abridge the module's comments; reference documentation (@h00die)
2017-04-17 08:00:51 +02:00
8a302463ab
huawei_hg532n_cmdinject: Use minimum permissions for staged binary
...
Use u+rwx permissions only, instead of full 777, while staging the
wget binary to target. As suggested by @wvu-r7 and @busterb.
2017-04-17 03:27:57 +02:00
7ca7528cba
huawei_hg532n_cmdinject: Spelling fixes suggested by @wvu-r7
2017-04-17 03:23:20 +02:00
7b8e5e5016
Add Huawei HG532n command injection exploit
2017-04-15 21:01:47 +02:00
7950087804
Merge branch 'upstream-master' into land-8237-
2017-04-14 21:53:26 -05:00
a9857eb1c2
Land #8099 , Aux module to launch instances in AWS
2017-04-14 14:12:10 -05:00
42122d2835
Land #8238 , move SMB2 support back into smb_login, add simpler permissions checks
2017-04-14 14:06:46 -05:00
eb61241673
Land #8228 , New mainframe privesc payload for z/OS
2017-04-14 13:19:41 -05:00
d75f852d01
Land #8167 , Add MS17-010 auxiliary detection module
2017-04-14 13:00:16 -05:00
91fb3ce6b8
collapse SMB2 support into smb_login
...
converge the SMB and SMB loginscanners so that
there is only one SMB loginscanner that supports both
MS-2636
2017-04-13 15:22:03 -05:00
adeb4d10d7
smb2 login scanner admin check now working
...
we can now check for admin privs in the smb2
login scanner
MS-2636
2017-04-13 14:40:32 -05:00
48560d29f3
remove keyscan_extract and modify calling modules
2017-04-13 10:42:28 -05:00
c21d78b23b
Land #8186 , Convert DNS Fuzzer to use bindata
2017-04-11 23:27:08 -05:00
fa8011fd07
New mainframe privesc payload for z/OS
...
This module performs a privilege escaltion on mainframe systems
runing z/OS and using RACF for their security manager. A user
with any non-privileged credentials and the ability to write to
an apf authorized library can use this payload to add "root level"
privileges (e.g. SPECIAL / BPX.SUPERUSER) to their profile.
2017-04-11 15:04:44 -05:00
c867b7e228
Land #8204 , Add Cambian ePMP SNMP Configuration download
2017-04-11 10:59:13 -05:00
288e384164
Land #8189 , irssi password post gather module
2017-04-10 23:34:54 -05:00
96927b449c
Rework module to grab entire irssi configs
2017-04-11 00:02:40 -04:00
6a1531da34
Fix loot name attributes
2017-04-10 23:52:31 -04:00
d92f94e077
Fix grammar issue
2017-04-10 23:44:18 -04:00
d9e96a8b4f
Consolidate loot into single file
2017-04-10 23:42:50 -04:00
7f6bbb6ff2
Fix trailing space issue
2017-04-10 21:38:30 -04:00
9432a3543f
Extend irssi post mod to grab network passwords
2017-04-10 15:35:26 -04:00
47d74819a5
Update regex per reviewer request
2017-04-10 14:45:10 -04:00
d816092c56
Fix missing new line
2017-04-10 14:41:25 -04:00
06ca406d18
Fix weird whitespace
2017-04-09 22:23:58 -05:00
f7c8bd2464
add rescue for ::Rex::Proto::SMB::Exceptions::LoginError
2017-04-07 15:37:56 -06:00
3c189f0cb0
Adding Cambium SNMP Loot module
2017-04-07 01:32:45 +05:30
74dc7e478f
update piwik module
2017-04-05 20:19:07 +02:00
dd5a91f153
Land #8008 , Added archmigrate module for windows sessions
2017-04-05 08:55:27 -05:00
08b2a97293
Changed styling to be more in line with rubocop.
2017-04-05 10:05:56 +02:00
b8af7c1db0
Add irssi password post gather module
2017-04-05 00:56:24 -04:00
64c06a512e
Land #8020 , ntfs-3g local privilege escalation
2017-04-04 09:48:15 -05:00
891e7e465e
convert DNS fuzzer to bindata
2017-04-04 03:03:32 -05:00
46c7e822c8
convert IPMI protocol and modules to bindata
2017-04-04 02:44:17 -05:00
98ffa4d380
Land #7652 , add varnish cache CLI authentication scanner module
2017-04-02 21:52:45 -05:00
4c0539d129
Land #8178 , Add support for non-Ruby modules
2017-04-02 21:02:37 -05:00
a34c01ebd2
Land #8137 shodan honeyscore module
2017-04-02 21:37:36 -04:00
0092818893
Land #8169 add exploit rank where missing
2017-04-02 20:59:25 -04:00
151ed16c02
Re-ranking files
...
../exec_shellcode.rb
Rank Great -> Excellent
../cfme_manageiq_evm_upload_exec.rb
Rank Great -> Excellent
../hp_smhstart.rb
Rank Average -> Normal
2017-04-02 18:33:46 -04:00
26fc6bc920
added report_vuln()
2017-04-01 21:48:19 -06:00
e80b8cb373
move sploit.c out to data folder
2017-03-31 20:51:33 -04:00
035f37cf42
Land #8144 , Add Moxa Device Discovery Scanner Module
2017-03-31 19:11:27 -05:00
Sara Perez