4a40f40c14
Typo3 News Module Sql Injection exploit
2018-03-12 07:00:45 -05:00
ea78e21961
Documentation accuracy
2018-03-09 07:43:12 -06:00
5a2f197c47
Remove redundant RPORT
2018-03-07 14:41:51 -06:00
e8a227b1a6
Changes as requested by jhart-r7:
...
- Default Username / Password are now random
- Doc fixed
- REST typo fixed
2018-03-07 10:48:05 +01:00
f6ebce2440
Update User List
2018-03-06 06:38:06 -06:00
5fde6bf5d3
Update Code
2018-03-05 22:39:16 -06:00
a344ffadd8
Modified Code, Added additional check
2018-02-26 07:29:08 -06:00
4e4aeb7b4d
Add GitStack v2.3.10 Unauth REST API Aux Module
2018-02-26 06:04:38 -06:00
949b474a0a
Avoid target_uri.path
...
It doesn't look like target_uri.path is suitable for this scenario,
because it causes our input to be modified and hard to use.
2018-02-15 16:31:09 -06:00
5467f4c97e
Add header
2018-02-15 16:19:54 -06:00
fe46f635db
Changes as requested by bcoles
2018-02-13 10:54:42 +01:00
f606773096
Add module for HP iLO CVE-2017-12542 authentication bypass
2018-02-09 11:14:20 +01:00
c9a3894bdb
Removed require statements
2018-02-08 12:00:47 -06:00
724a0e29f6
Update Parsing, Added Rescue
2018-02-07 19:19:58 -06:00
1de8ec1073
Implemented Suggested Changes
...
Updated documentation headings and function/filename formatting.
Updated module options and formatting. Added check for file to parse.
2018-02-07 08:01:54 -06:00
1233bb855c
msftidy checks
2018-02-05 22:54:03 -06:00
1e9e9c9be0
Ulterius Server < v1.9.5.0 Directory Traversal
...
Adds documentation and module for Ulterius Server
directory traversal vulnerability.
2018-02-05 22:50:09 -06:00
237c3f7b2c
crash 10.14393... should fail to leak transaction
2018-01-28 18:52:43 -07:00
2723b328aa
misc tidying, added more randomness
2018-01-28 18:20:18 -07:00
6c2d5b1fc2
semi-completed exploit files
2018-01-28 18:13:25 -07:00
7f3df74134
fixup! Adding Module for Postfixadmin CVE-2017-5930
...
Add error handling if request fails
Fix a typo in doc, add default value to doc
2017-12-30 13:04:23 +01:00
289e887895
Adding Module for Postfixadmin CVE-2017-5930
...
This exploit allows domain admins to delete protected aliases.
It can be used to redirect aliases like abuse@domain and can aid in
further attacks.
2017-12-29 17:13:59 +01:00
038119d9df
Use of get_cookies_parsed, changing dirs, marking deprecated in 2 mods, more
2017-12-23 00:14:27 +05:30
e93282b71d
Drop calls to vprint_*
2017-12-19 16:53:02 -06:00
2dc2ac134e
Don't default verbose
2017-12-19 16:48:41 -06:00
85350a9645
Add Rapid7 blog references
2017-12-18 17:11:47 -06:00
ae4edd65e1
Hard wrap descriptions
2017-12-18 17:03:13 -06:00
27a324237b
Initial commit for Cambium issues from @juushya
...
Note, these will trigger a bunch of WARNING msftidy messages for setting
cookies directly. This is on purpose.
2017-12-18 16:32:55 -06:00
2f6da89674
Change author name to nick.
2017-11-09 03:00:24 +11:00
578224ba8b
Merge branch 'master' into refactor_aux_admin_http_logins
2017-10-09 17:06:05 -05:00
b0dc44fb86
Land #8909 , Avoid saving some invalid creds
2017-09-05 12:43:03 -05:00
2bbba9c500
Avoid some ActiveRecord validation errors.
...
Per discussion with @bcoles in [PR 8759](https://github.com/rapid7/metasploit-framework/pull/8759#issuecomment-325028479 ), setting a login data's last_attempted_at value while also setting the status to UNTRIED will cause a validation error when there's a running+connected MSF DB.
This PR removes the handful of existing cases we're doing this (thx, @bcoles!).
2017-08-30 15:31:36 -05:00
32a4436ecd
first round of spelling/grammar fixes
2017-08-24 21:38:44 -04:00
e642789674
Look for sp_execute_external_script in mssql_enum
...
sp_execute_external_script can be used to execute code in MSSQL.
MSSQL 2016+ can be configured to execute R code. MSSQL 2017 can
be configured to execute Python code.
Documentation:
https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-execute-external-script-transact-sql
https://docs.microsoft.com/en-us/sql/advanced-analytics/tutorials/rtsql-using-r-code-in-transact-sql-quickstart
Interesting uses of sp_execute_external_script:
R - https://pastebin.com/zBDnzELT
Python - https://gist.github.com/james-otten/63389189ee73376268c5eb676946ada5
2017-08-16 21:40:03 -05:00
6b84c92056
Add Litchfield as author and use C-style operator
2017-08-07 14:20:22 -04:00
0d23a5001c
Convert to Unix-style EOL
2017-08-07 09:11:58 -04:00
f7c95d4b1a
Add Oracle DB Priv Esc via function-based index ( #1 )
...
Adds a Metasploit module for escalating an Oracle DB user to DBA
through abusing index privileges to create a function-based index
that runs with the privileges of the table owner, instead of the
user who created the index.
This module was tested on Oracle Database 11g Express Edition
Release 11.2.0.2.0 - 64 bit Production.
A user can query for their privileges with the following:
SELECT * FROM session_privs
The user will need to disconnect and reconnect after running
the exploit to access their new privileges.
2017-08-06 23:07:46 -04:00
8989d6dff2
Modified Accuvant bog posts to the new Optive urls
2017-08-02 13:25:17 +10:00
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
524373bb48
OCD - Removed un-needed full stop
2017-07-21 07:41:51 -07:00
772bec23a1
Fix various typos
2017-07-21 07:40:08 -07:00
3f6925196b
OCD - store_loot & print_good
2017-07-19 13:02:49 +01:00
ef826b3f2c
OCD - print_good & print_error
2017-07-19 12:48:52 +01:00
df9b642746
More print_status -> print_good
2017-07-19 11:39:15 +01:00
b8d80d87f1
Remove last newline after class - Make @wvu-r7 happy
2017-07-19 11:19:49 +01:00
a008f8e795
BruteForce - > Brute Force
2017-07-19 10:39:58 +01:00
4720d1a31e
OCD fixes - Spaces
2017-07-14 08:46:59 +01:00
9309115627
OCD - Banner clean up
2017-07-14 08:19:50 +01:00
fd843f364b
Removed extra lines
2017-07-14 08:17:16 +01:00
67310fa96c
print_status -> print_good. [When it is successful, show it!]
2017-07-14 00:09:35 +01:00
Mzack9999