16a48009ed
Add webmin CVE
2019-03-21 11:28:45 -05:00
4524707437
Fix rebase regressions in jenkins_metaprogramming
...
Ugh.
2019-03-21 11:20:21 -05:00
00cf0a7bea
Update postgres_copy_from_program_cmd_exec.rb
2019-03-21 14:23:00 +00:00
91758cd94b
Update postgres_copy_from_program_cmd_exec.rb
2019-03-21 11:11:03 +00:00
98638b6000
Update postgres_copy_from_program_cmd_exec.rb
2019-03-21 11:09:57 +00:00
03775228fe
Update and rename postgres_cmd_execution_nine_three.rb to postgres_copy_from_program_cmd_exec.rb
2019-03-21 11:08:53 +00:00
f651836a20
final suggested fixes to module
2019-03-21 10:24:47 +00:00
9c4b9239e5
Update postgres_cmd_execution_nine_three.rb
2019-03-21 10:08:56 +00:00
32bf2e134f
Fixes suggested by bcoles
2019-03-21 10:08:04 +00:00
7b8f59d7bc
Update modules/exploits/multi/postgres/postgres_cmd_execution_nine_three.rb
...
Co-Authored-By: Greenwolf <48361984+Greenwolf@users.noreply.github.com >
2019-03-21 09:33:29 +00:00
7e91235551
Adding new Postgres_cmd_execution module
...
PostgreSQL from 9.3 to latest has functionality allowing the database superuser & users in the 'pg_read_server_files' group to execute OS commands.
Explanation:
https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5
This is my first run through of a Metasploit module so I would appreciate anyone helping me clean it up. It currently works on OSX & Linux by providing a cmd stager (like cmd/unix/reverse_perl), and on windows by first starting up a PowerShell download cradle, then putting the command in the COMMAND parameter. It feels a little hacky though 😁
2019-03-20 17:38:12 +00:00
be5ec3379b
Update cmsms_showtime2_rce.rb
2019-03-20 15:50:30 +01:00
9bb7f11897
Unregister SSLCert option since it is never used in thisHTTPServer module.
2019-03-20 14:21:40 +01:00
c18ab91054
Update modules/exploits/multi/http/cmsms_showtime2_rce.rb
...
Co-Authored-By: fabiocogno <fabio.cogno@gmail.com >
2019-03-20 14:13:38 +01:00
e0a3e01d26
Update modules/exploits/multi/http/cmsms_showtime2_rce.rb
...
Co-Authored-By: fabiocogno <fabio.cogno@gmail.com >
2019-03-20 14:13:25 +01:00
365e032452
Update modules/exploits/multi/http/cmsms_showtime2_rce.rb
...
Co-Authored-By: fabiocogno <fabio.cogno@gmail.com >
2019-03-20 14:13:12 +01:00
49bb5a1624
Update modules/exploits/multi/http/cmsms_showtime2_rce.rb
...
Co-Authored-By: fabiocogno <fabio.cogno@gmail.com >
2019-03-20 14:13:00 +01:00
050aa7a98c
Update modules/exploits/multi/http/cmsms_showtime2_rce.rb
...
Co-Authored-By: fabiocogno <fabio.cogno@gmail.com >
2019-03-20 14:12:47 +01:00
fe0d5e0c97
Update modules/exploits/multi/http/cmsms_showtime2_rce.rb
...
Co-Authored-By: fabiocogno <fabio.cogno@gmail.com >
2019-03-20 14:12:35 +01:00
43f74b1cf2
Add CMS Made Simple (CMSMS) Showtime2 File Upload RCE
2019-03-19 23:48:46 +01:00
794134735e
Update modules/exploits/unix/webapp/wp_crop_rce.rb
...
Co-Authored-By: tiyeuse <39072217+tiyeuse@users.noreply.github.com >
2019-03-19 20:36:13 +01:00
b168312db1
Add exploit module for Wordpress core <=4.9.8 (CVE-2019-8942)
2019-03-19 17:51:59 +01:00
23a86e7ad2
Add exploit module for Wordpress core <=4.9.8 (CVE-2019-8942)
2019-03-19 16:03:29 +01:00
a2d6c77fb8
indentation fixes
2019-03-19 15:28:24 +01:00
985f3748e5
Update splunk_upload_app_exec.rb
2019-03-19 15:08:51 +01:00
c9dcdf1b66
new error logic
2019-03-19 14:58:31 +01:00
98a7938837
Update splunk_upload_app_exec.rb
2019-03-19 14:42:56 +01:00
aff77e58bf
Update modules/exploits/multi/http/splunk_upload_app_exec.rb
...
Co-Authored-By: avanzo <matteo@malvica.com >
2019-03-19 13:57:19 +01:00
109b2bcf7e
Update modules/exploits/multi/http/splunk_upload_app_exec.rb
...
Co-Authored-By: avanzo <matteo@malvica.com >
2019-03-19 13:46:57 +01:00
f98ad82583
Update modules/exploits/multi/http/splunk_upload_app_exec.rb
...
Co-Authored-By: avanzo <matteo@malvica.com >
2019-03-19 13:46:44 +01:00
983442d690
Update splunk_upload_app_exec.rb
2019-03-18 19:04:45 +01:00
3316e8c4bf
fixed standard payload syntax
2019-03-18 19:00:33 +01:00
2f1ee95073
Update splunk_upload_app_exec.rb
2019-03-18 15:11:04 +01:00
7a31fc2d17
added splunk 7.2.4 support
2019-03-18 09:12:00 +01:00
a1e6d4d19a
Update note about staging payloads over HTTPS
2019-03-16 13:36:58 -05:00
621fa8e4db
Fix issues and refactor module
2019-03-16 00:38:48 -05:00
0fa2d985e7
Add Jenkins ACL bypass and metaprogramming RCE
2019-03-16 00:32:36 -05:00
f2edda207f
Land #11382 , Added BMC Patrol Agent Command Exec Module
2019-03-15 13:21:06 -05:00
82f0c9e9ee
Land #11385 , Add Webmin Upload Exec
2019-03-15 08:15:49 -05:00
5abfc2c136
Add Module Doc
2019-03-14 13:46:34 -05:00
fa3e84f764
Cleanup and Add Option
2019-03-14 13:26:41 -05:00
1d586e46c0
Use MIME for form
2019-03-14 10:13:48 -05:00
1e00c28701
Checked the functionality of module. Added ability to connect via HTTPS.
2019-03-14 15:54:02 +01:00
9a32231cb5
Change upload and add option
...
Change the contents of the uploaded file and
don't overwrite and existing file by default.
Add option to specify name of file.
2019-03-14 09:34:55 -05:00
bd1cd7fae8
Bug and style fixes
...
webmin RCE
2019-03-12 10:54:43 -05:00
59fc1ec7ab
Rubocop changes
2019-03-09 12:22:04 -05:00
6d14a53c80
Update tested versions
2019-03-09 04:41:51 +00:00
9aa01c9ed2
Add elfinder_php_connector_exiftran_cmd_injection exploit
2019-03-09 03:24:18 +00:00
468679f907
Land #11092 , Add FreeBSD 8.3 / 9.0 Intel SYSRET Privilege Escalation module
2019-03-06 19:50:08 -06:00
9ca5ac294d
Land #10012 , Add an Android module to run payloads with su on a rooted device
2019-03-06 19:46:33 -06:00
Jacob Robles