d644f2d9c7
chrome 69.0.3497.100 --no-sandbox calc.exe
2020-02-15 06:10:52 +08:00
d6c3e4ad56
fix wasm finder to match pr description
2020-02-15 01:09:27 +08:00
94287c94ff
fix discovery and references
2020-02-15 00:39:48 +08:00
27effc1b56
typo. cmdstager command
2020-02-14 12:25:56 +04:00
f61c188e57
Handling possible nil case of regex on OS build.
...
Feedback from adfoster-r7
Testing of detection:
```
msf5 exploit(windows/local/ms16_075_reflection_juicy) > check
[*] Target appears to be patched or not vulnerable (Windows 10 (10.0
Build 18363).)
[*] The target is not exploitable.
```
Testing of (forced) nil-case:
```
msf5 exploit(windows/local/ms16_075_reflection_juicy) > check
[*] Reloading module...
[!] Could not determine Windows build number - exploiting might fail.
[*] The target is not exploitable.
```
2020-02-14 09:26:04 +09:00
07954c0ce2
Land #12902 , Add exploit module for crosschex buffer overflow
2020-02-13 15:48:10 +00:00
0e55e20c9c
Land #12902 , Add exploit module for crosschex buffer overflow
2020-02-13 15:43:38 +00:00
2ca2b5c7bb
replaces magic numbers with target fields
2020-02-13 14:17:23 +00:00
fce70c9284
Adjusting print method to better reflect the situation.
2020-02-13 08:02:02 +09:00
cbcf8a2a68
adds to_i and removes default options
2020-02-12 12:04:15 +00:00
6d73b572c7
Update vulnerable systems documentation.
...
Feedback from bcoles.
2020-02-12 08:22:43 +09:00
8fd3b483d3
improves option descriptions & timeout handling
2020-02-11 15:05:24 +00:00
946e244c8c
Updates docs and adds basic options
2020-02-11 13:40:51 +00:00
a7a80e08a8
Updated docs with platform info
2020-02-11 12:55:07 +00:00
3395b91c83
adds module documentation
2020-02-10 16:45:44 +00:00
65521270ea
Land #12853 , InfiniteWP exploit & mixin upgrades
2020-02-10 11:33:49 +00:00
25d863d912
Updating regex in exploit windows version check.
...
This addresses issue #12698 , where the Windows OS and build was not
being parsed correctly due to changes in the client.sys.config lib.
Tested against Windows 10 (patched):
```
msf5 exploit(windows/local/ms16_075_reflection_juicy) > rcheck
[*] Reloading module...
[-] Target appears to be patched or not vulnerable (Windows 10 (10.0
Build 18363).)
[*] The target is not exploitable.
```
2020-02-10 15:32:02 +09:00
a0b6584d19
Added password randomization
2020-02-07 19:14:56 -08:00
e2f2d55ecc
Updated check message
2020-02-07 18:34:27 -08:00
cb372a54f4
Added info to cleanup message
2020-02-07 16:41:27 -08:00
a05611d756
Improve cleanup functionality
2020-02-07 16:13:25 -08:00
eab1245eef
Update module doc
2020-02-07 12:30:00 -06:00
a9ae212b27
Replace ForceExploit with AutoCheck mixin
2020-02-07 12:04:57 -06:00
2ad8a02fd7
Fix version check
...
Co-Authored-By: adamgalway-r7 <54621924+adamgalway-r7@users.noreply.github.com >
2020-02-07 10:10:28 -06:00
4dcb2fbd96
Land #12889 , Add OpenSMTPD MAIL FROM RCE
2020-02-07 11:43:18 +00:00
7a0bf69eb0
Major refactor, and more complete testing with cmd/unix payloads
2020-02-07 19:34:18 +08:00
763dbf5d5d
Check WordPress version
2020-02-07 03:14:17 -06:00
6c59d7c37c
Refactor module
2020-02-07 01:38:11 -06:00
7f3c0c9314
Land #12906 , Add module for CVE-2019-19363
...
Merge branch 'land-12906' into upstream-master
2020-02-06 15:22:17 -06:00
9a8d9c6c88
check arch
2020-02-06 14:11:42 -06:00
e736588795
change method of exploitation for reliability
...
This commit changes a few things:
1. The module first writes the dll to a
temp location.
2. The module writes a batch file to a
temp location.
3. The batch file copies the dll until
the copy command fails (presumably
because the dll is now in use by
PrintIsolationHost.exe).
4. The dropped files are deleted.
5. Docs updated to reflect changes.
2020-02-06 12:51:36 -06:00
62c98710ad
Reword vulnerable commit range
2020-02-06 11:03:20 -06:00
e053ed7a1e
Add Msf::Exploit::Expect mixin and refactor again
2020-02-05 21:16:24 -06:00
95fa8602bc
Refactor modules that use Expect
2020-02-05 21:16:21 -06:00
edb3aa30f8
Minor style and performance edits
2020-02-05 15:19:06 -08:00
81f9fc7608
Refactor arbitrary payload support
2020-02-05 17:01:54 -06:00
dae06ab0c9
Reword comments in morris_sendmail_debug
...
Not sure why I used singular, but it was probably reading too much RFC.
2020-02-05 14:23:29 -06:00
a154efa250
Land #12887 , add dlink ssdpcgi cmd inject
2020-02-05 13:19:05 -06:00
9db6b5184b
Land #12894 , Add Windscribe WindscribeService Named Pipe Privilege Escalation
...
Merge branch 'land-12894' into upstream-master
2020-02-05 12:37:34 -06:00
ddec8a58a1
disables payload padding and describes shell code
2020-02-05 18:09:39 +00:00
de25920f30
The written word "through" is modified
2020-02-05 11:53:51 -03:00
25c23073c8
Modify disclosure URL, remove printf...
...
... as stager flavor and silence msftidy error.
2020-02-04 15:20:57 -03:00
5f7004cf7c
Remove 'HttpClient', 'Payload' and 'RHOST'; ...
...
... replace 'Targets' for a new option, and format 'header', as suggested in the review.
2020-02-04 14:04:23 -03:00
22a75c7bee
Revert "Fix style"
...
This reverts commit 9f81aeb4ad
2020-02-04 10:10:46 -06:00
d76546f8ee
clarifies inserted shell code's function
2020-02-04 15:14:36 +00:00
671f2e9616
msfTidy: set disclosure date to proper format
2020-02-04 11:55:39 +00:00
2360b0e2ff
clean up module using msftidy
2020-02-04 13:14:03 +02:00
37065f5ffe
PR Changes: More Cleanup
2020-02-04 10:59:02 +00:00
4fd865f3a9
PR Changes: Comments, fail_with, and cleanup
2020-02-04 10:57:41 +00:00
20386f1aa4
Add apache_activemq_traversal_upload module and documentation
2020-02-04 12:01:41 +02:00
Tim W