7c630f0403
Avoid repetitive code in blind injections
2020-06-18 20:52:02 +02:00
fa43dc6dfb
minor fix to the structure
2020-06-18 17:28:47 +02:00
305dbe9e2f
refactor structure, get rid of prefix and suffix
2020-06-18 17:21:10 +02:00
0887f3feee
Improve the blind injection queries
2020-06-13 12:24:22 +02:00
3639765277
Improve code quality: less repetitive code
2020-06-11 19:16:23 +02:00
c319799c44
Add more comments
2020-06-11 00:07:53 +02:00
ecb1a0bb16
add test_vulnerable to MySQLi class, and fix minor issues with the test modules
2020-06-10 21:59:51 +02:00
12681b0746
Add support for encodings to exfiltrate data containing bad characters/multibyte characters
2020-06-10 21:40:22 +02:00
0f936f7500
Various fixes and enhancements
2020-06-09 23:43:15 +02:00
a9a1d01419
Update some libraries and modules
2020-06-09 14:18:52 +02:00
0bb93b4efb
Update modules
...
- ms17_010_command and ms17_010_psexec: deregister
SMB::ProtocolVersion option
- client: update error handling
- is_known_pipename: force SMB1 only for #enumerate_directories and
update error handling
2020-06-09 14:18:52 +02:00
04a44d2334
Improve client error/warning/debug messages
2020-06-09 14:18:52 +02:00
31a117f8f7
Update modules
...
- smb_ms17_010.rb
- psexec_ms17_010.rb
- psexec_psh.rb
- smb_enumshares.rb
2020-06-09 14:18:52 +02:00
474d7ebbab
Update SMB client
...
- Add SMB::AlwaysEncrypt option
- Force SMB1 for SMB fingerprint
- Update smb_netshareenumall
2020-06-09 14:18:51 +02:00
6ab47eb001
Update SMB Client and SimpleClient
...
- multiple protocol version negotiation
- SMB 1, 2 and 3 by default
- add SMB::ProtocolVersion option to SMB Client mixin
2020-06-09 14:18:51 +02:00
92d8464ac1
Various fixes and enhancements
2020-06-05 21:59:16 +02:00
118ada96a2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into GSOC/SQLi_Engine
2020-06-04 17:55:38 +02:00
001910473b
Land #13448 , Fix relative location redirects
2020-06-04 09:17:45 -05:00
db4880762a
Add common MySQL injection payloads and options
2020-06-03 01:18:19 +02:00
1b796aa50b
OptString to OptPort
2020-05-30 10:27:48 +08:00
16886fa41e
Move generate_viewstate_payload to mixin
2020-05-21 18:37:13 -05:00
c50e242151
Add ViewState mixin
2020-05-21 18:37:11 -05:00
aa6624e7f8
Land #13436 , service encoder fix for psexec
2020-05-14 16:43:07 -05:00
6034f48e8f
Land #13405 , once more with feeling
2020-05-13 11:54:41 -05:00
91ea692cbe
socket_server.rb: better describe "0.0.0.0"
...
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com >
2020-05-13 16:30:00 +02:00
44b0ddf2ed
Land #13405 , OptAddressLocal for SRVHOST
2020-05-13 09:15:42 -05:00
ec33651243
socket_server.rb: SRVHOST can be an interface
...
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com >
2020-05-13 16:14:20 +02:00
a4b316a91e
Fix following redirects from send_request_cgi!
2020-05-13 09:54:14 +02:00
258895f534
Use print_error for error messages
2020-05-12 00:02:52 +02:00
b7d16b1e72
Fix regression in psexec mixing filename and encoder
...
Closes #13407
2020-05-12 00:02:52 +02:00
646c10ff02
Disable RuboCop Security/Eval the non-hacky way
...
Hat tip @adfoster-r7!
2020-05-11 12:05:38 -05:00
f346b1b001
Add SaltStack Salt root key disclosure module
...
Also adds a new ZeroMQ mixin, mainly for use with Salt modules.
2020-05-11 12:05:38 -05:00
1214ac17a7
Refactor Msf::Exploit::CmdStager::HTTP
...
Minor updates to align with current style.
2020-05-10 04:12:45 -05:00
683ecb7b8d
Tweak handling of the DnsNote option
2020-05-08 12:21:52 -04:00
6be4b5431c
Remove the TLD wordlist option for now
2020-05-08 12:21:52 -04:00
0a8cb83e7f
Fix TXT records, the DNS port, and messages for cloud_lookup
2020-05-08 12:21:52 -04:00
715dfc13f8
Refactor the auxiliary mixin to an enumeration exploit mixin
2020-05-08 12:21:52 -04:00
c42db7959b
Use OptAddressLocal for SRVHOST to specify by interface name instead of IP
2020-05-06 19:51:13 +02:00
8ac04d5312
Land #13367 , Surface helpful error messages to users
2020-05-06 14:40:21 +01:00
2c8b5c2647
Fix edge cases in raising metasploit exceptions
2020-05-05 20:18:04 +01:00
c27269105e
Rename CmdStager to psh_invokewebrequest
2020-05-01 12:31:53 -05:00
9adaa08ddd
Use new PowerShell Invoke-WebRequest CmdStager
2020-05-01 12:19:12 -05:00
9633f5daf4
Exploit an LDAP auth bypass to add an admin user
...
Thanks to JJ Lehmann and Ofri Ziv of Guardicore Labs for their work.
https://www.guardicore.com/2020/04/pwning-vmware-vcenter-cve-2020-3952/
2020-04-22 17:38:11 -05:00
8b74fd6605
Move discover_base_dn method to mixin
2020-04-22 17:38:11 -05:00
88fcf4b9a2
Add and use new LDAP mixin
2020-04-22 17:38:11 -05:00
c5df5355ac
Update my module documentation to the new standard
...
Also update CheckModule to match current style and best practices.
2020-04-20 20:06:52 -05:00
ebc8a74496
Update lib/msf/core/exploit/cmdstager/http.rb
...
Should be clearer now wtf is going on.
2020-04-15 15:47:51 -05:00
6276247bf8
Move Expect mixin to Msf::Exploit::Remote
...
I don't think we'll ever see it used beyond remote exploits.
2020-04-15 15:47:50 -05:00
02ba071b84
Punctuate check prints to match CheckCodes
2020-04-15 15:47:50 -05:00
5fbaf87c96
Move ClassLoader to HTTP::ClassLoader
...
Also note the SSL workaround.
2020-04-14 14:01:18 -05:00
Niboucha Redouane