60b98fd20c
Update wp_plainview_activity_monitor_rce.rb
2019-11-27 21:59:54 +01:00
9b5265f49a
Update wp_plainview_activity_monitor_rce.rb
2019-11-27 21:57:24 +01:00
45bee2d500
Update splunk_upload_app_exec.rb
2019-11-26 15:38:34 +01:00
b22d2a1685
Update prints in DOUBLEPULSAR exploit check method
...
vprint_good should be print_warning, and most vprints should be print,
even if in check, since check is critical functionality.
2019-11-25 18:33:46 -06:00
6e93df1224
fix. DisablePayloadHandler to false in target 0 and add unknown author.
2019-11-22 17:56:50 +04:00
e6e1156185
add reference, description, etc.
2019-11-21 14:15:25 -06:00
a4657da33a
code execution with Java 8
2019-11-20 15:29:33 -06:00
fa1647190e
Update ajenti_auth_username_cmd_injection.rb
2019-11-20 19:09:24 +03:00
841e524b6f
Update modules/exploits/unix/webapp/ajenti_auth_username_cmd_injection.rb
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2019-11-20 18:08:33 +03:00
af59efa4cd
Update modules/exploits/unix/webapp/ajenti_auth_username_cmd_injection.rb
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2019-11-20 18:08:23 +03:00
b63fd963aa
default AMSI bypass off except for web_delivery
2019-11-19 22:26:40 +08:00
ccff82f818
Land #12589 , restrict windows/local/persistence_service to working session types
2019-11-18 15:15:50 -06:00
73950eef50
Land #12516 , Add Windows Escalate UAC Protection Bypass
2019-11-18 14:25:07 -06:00
5936d2c415
use a finer-grained exception here
2019-11-18 12:57:33 -06:00
2736cbc84c
Land #12588 , Remove unsupported session type
...
Merge branch 'land-12588' into upstream-master
2019-11-18 10:19:01 -06:00
5a6e4c031d
Land #12494 , Add Windows backup system sdclt uac bypass module
2019-11-18 01:47:11 -06:00
09730aebf4
s/http/https/
2019-11-18 01:45:57 -06:00
facf16b860
Declare correct SessionType - Fix #12586
2019-11-16 04:58:02 +00:00
9e37fb3ece
Declare correct SessionType - Fix #12587
2019-11-16 04:57:18 +00:00
d093c75ae5
Stupid pry....
2019-11-15 12:27:42 -06:00
1e95e1c956
Fix up required reg additions for different windows versions
...
Add module docs
2019-11-15 12:20:50 -06:00
6e904ea105
Fix/clarify target documentation for BlueKeep
2019-11-15 11:14:00 -06:00
46d759eca9
add support for Chrome 68.0.3440.84
2019-11-15 17:42:16 +08:00
4ef54518ed
add support for OSX and 69.0.3497.100
2019-11-15 16:12:49 +08:00
22412d4570
Fix bind error bug, and enhance check method.
2019-11-15 09:52:58 +08:00
28ecefadb8
Warn about fDisableCam in automatic mode
2019-11-14 11:08:27 -06:00
cb6d85bee2
Add suggestion about GROOMBASE
2019-11-14 11:08:14 -06:00
fc64ac42af
State 2008 caveat in module description and doc
2019-11-14 10:57:42 -06:00
5c6686a105
Land #12532 , Add FusionPBX Command exec.php Command Execution
...
Add FusionPBX Command exec.php Command Execution
2019-11-13 11:33:21 -06:00
66ad5deb47
Land #12531 , Add FusionPBX Operator Panel exec.php Command Execution
...
Add FusionPBX Operator Panel exec.php Command Execution
2019-11-13 11:31:30 -06:00
71cbefa5e8
Land #12534 , Add FreeSWITCH Event Socket Command Execution
...
Add FreeSWITCH Event Socket Command Execution
2019-11-13 11:27:53 -06:00
1ebef8bcb2
Land #12529 , add CMSMS object inject exploit
2019-11-13 08:37:05 -06:00
f79a35d428
check response
2019-11-13 08:34:23 -06:00
04dd5162cf
Add CVE-2019-5825, Chrome 73 1-day Array.map --no-sandbox exploit
2019-11-13 22:26:44 +08:00
45e2a3b229
Address RuboCop review
2019-11-13 02:10:03 -06:00
7a4c48ee27
Fix style in exploit/windows/smb/doublepulsar_rce
2019-11-13 02:04:14 -06:00
4877032e8a
Update exploit/windows/smb/doublepulsar_rce info
2019-11-13 00:30:09 -06:00
6766d9f6f7
Fix exploit/windows/local/ms16_032_secondary_logon_handle_privesc
...
- Powershell script was outdated.
Updated from https://www.exploit-db.com/exploits/39719
- Powershell script was buggy when current directory
was set to e.g. C:\ProgramData. (Get-Item Error)
Fixed.
- Stager was being dropped to current directory, but
it is not guaranteed that we always have permission
to write a file there. Use %TEMP% instead.
- Exploit only seems to work when executed under
a powershell of the same architecture as the
host. (Not WOW64)
This module now ensures that no matter the
architecture of the meterpreter, a powershell
of the same architecture as the host is being
run. (Using Sysnative directory when on WOW64)
- Stager was broken, now generating stager with Rex
and dropping stager as `.ps1` instead of `.txt`.
Ideally the exploit should be rewritten to
accept a shellcode payload directly or a smaller
stager powershell should be created so that it
fits in under 1024 bytes and can be fed directly
to CreateProcessWithLogonW without dropping to
disk.
2019-11-13 05:01:47 +01:00
d9b0c1aa2f
add advanced options ForceExploit
2019-11-12 23:03:28 +01:00
1489e03f0a
Update cmsms_object_injection_rce.rb
2019-11-12 23:02:16 +01:00
78ea784e84
Update modules/exploits/multi/http/cmsms_object_injection_rce.rb
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2019-11-12 23:00:31 +01:00
baf27f9654
Land #12542 , add Bludit File Upload Exploit
2019-11-12 15:44:34 -06:00
3c1fa90a75
Land #12515 , Pulse Secure VPN RCE
2019-11-12 02:55:01 -06:00
a267ad9d64
Reference env(1) as the reason we have useful RCE
2019-11-12 02:17:58 -06:00
8df559eceb
Update print to warning
2019-11-12 02:09:43 -06:00
0c4580f254
Calibrate timeout for hax
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2019-11-12 02:03:52 -06:00
de72ed8545
Print our glorious success
2019-11-12 02:02:53 -06:00
238c931fd3
Don't fail module if blocking through timeout
2019-11-12 01:55:56 -06:00
d8e612726c
Note that an admin SID is required at present
2019-11-12 01:46:23 -06:00
1573664c78
Reduce timeout for when the shell pops
2019-11-12 01:41:19 -06:00
leo-lb