e6e1156185
add reference, description, etc.
2019-11-21 14:15:25 -06:00
a4657da33a
code execution with Java 8
2019-11-20 15:29:33 -06:00
fa1647190e
Update ajenti_auth_username_cmd_injection.rb
2019-11-20 19:09:24 +03:00
841e524b6f
Update modules/exploits/unix/webapp/ajenti_auth_username_cmd_injection.rb
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2019-11-20 18:08:33 +03:00
af59efa4cd
Update modules/exploits/unix/webapp/ajenti_auth_username_cmd_injection.rb
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2019-11-20 18:08:23 +03:00
b63fd963aa
default AMSI bypass off except for web_delivery
2019-11-19 22:26:40 +08:00
ccff82f818
Land #12589 , restrict windows/local/persistence_service to working session types
2019-11-18 15:15:50 -06:00
73950eef50
Land #12516 , Add Windows Escalate UAC Protection Bypass
2019-11-18 14:25:07 -06:00
5936d2c415
use a finer-grained exception here
2019-11-18 12:57:33 -06:00
2736cbc84c
Land #12588 , Remove unsupported session type
...
Merge branch 'land-12588' into upstream-master
2019-11-18 10:19:01 -06:00
5a6e4c031d
Land #12494 , Add Windows backup system sdclt uac bypass module
2019-11-18 01:47:11 -06:00
09730aebf4
s/http/https/
2019-11-18 01:45:57 -06:00
facf16b860
Declare correct SessionType - Fix #12586
2019-11-16 04:58:02 +00:00
9e37fb3ece
Declare correct SessionType - Fix #12587
2019-11-16 04:57:18 +00:00
d093c75ae5
Stupid pry....
2019-11-15 12:27:42 -06:00
1e95e1c956
Fix up required reg additions for different windows versions
...
Add module docs
2019-11-15 12:20:50 -06:00
6e904ea105
Fix/clarify target documentation for BlueKeep
2019-11-15 11:14:00 -06:00
22412d4570
Fix bind error bug, and enhance check method.
2019-11-15 09:52:58 +08:00
28ecefadb8
Warn about fDisableCam in automatic mode
2019-11-14 11:08:27 -06:00
cb6d85bee2
Add suggestion about GROOMBASE
2019-11-14 11:08:14 -06:00
fc64ac42af
State 2008 caveat in module description and doc
2019-11-14 10:57:42 -06:00
5c6686a105
Land #12532 , Add FusionPBX Command exec.php Command Execution
...
Add FusionPBX Command exec.php Command Execution
2019-11-13 11:33:21 -06:00
66ad5deb47
Land #12531 , Add FusionPBX Operator Panel exec.php Command Execution
...
Add FusionPBX Operator Panel exec.php Command Execution
2019-11-13 11:31:30 -06:00
71cbefa5e8
Land #12534 , Add FreeSWITCH Event Socket Command Execution
...
Add FreeSWITCH Event Socket Command Execution
2019-11-13 11:27:53 -06:00
1ebef8bcb2
Land #12529 , add CMSMS object inject exploit
2019-11-13 08:37:05 -06:00
f79a35d428
check response
2019-11-13 08:34:23 -06:00
45e2a3b229
Address RuboCop review
2019-11-13 02:10:03 -06:00
7a4c48ee27
Fix style in exploit/windows/smb/doublepulsar_rce
2019-11-13 02:04:14 -06:00
4877032e8a
Update exploit/windows/smb/doublepulsar_rce info
2019-11-13 00:30:09 -06:00
6766d9f6f7
Fix exploit/windows/local/ms16_032_secondary_logon_handle_privesc
...
- Powershell script was outdated.
Updated from https://www.exploit-db.com/exploits/39719
- Powershell script was buggy when current directory
was set to e.g. C:\ProgramData. (Get-Item Error)
Fixed.
- Stager was being dropped to current directory, but
it is not guaranteed that we always have permission
to write a file there. Use %TEMP% instead.
- Exploit only seems to work when executed under
a powershell of the same architecture as the
host. (Not WOW64)
This module now ensures that no matter the
architecture of the meterpreter, a powershell
of the same architecture as the host is being
run. (Using Sysnative directory when on WOW64)
- Stager was broken, now generating stager with Rex
and dropping stager as `.ps1` instead of `.txt`.
Ideally the exploit should be rewritten to
accept a shellcode payload directly or a smaller
stager powershell should be created so that it
fits in under 1024 bytes and can be fed directly
to CreateProcessWithLogonW without dropping to
disk.
2019-11-13 05:01:47 +01:00
d9b0c1aa2f
add advanced options ForceExploit
2019-11-12 23:03:28 +01:00
1489e03f0a
Update cmsms_object_injection_rce.rb
2019-11-12 23:02:16 +01:00
78ea784e84
Update modules/exploits/multi/http/cmsms_object_injection_rce.rb
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2019-11-12 23:00:31 +01:00
baf27f9654
Land #12542 , add Bludit File Upload Exploit
2019-11-12 15:44:34 -06:00
3c1fa90a75
Land #12515 , Pulse Secure VPN RCE
2019-11-12 02:55:01 -06:00
a267ad9d64
Reference env(1) as the reason we have useful RCE
2019-11-12 02:17:58 -06:00
8df559eceb
Update print to warning
2019-11-12 02:09:43 -06:00
0c4580f254
Calibrate timeout for hax
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2019-11-12 02:03:52 -06:00
de72ed8545
Print our glorious success
2019-11-12 02:02:53 -06:00
238c931fd3
Don't fail module if blocking through timeout
2019-11-12 01:55:56 -06:00
d8e612726c
Note that an admin SID is required at present
2019-11-12 01:46:23 -06:00
1573664c78
Reduce timeout for when the shell pops
2019-11-12 01:41:19 -06:00
bc5b0645dd
Fix typo
2019-11-12 01:25:36 -06:00
2c6c46701c
Update DefaultOptions
2019-11-12 01:23:53 -06:00
8664ac9dd8
Add target print
2019-11-12 01:17:28 -06:00
e9fb4a2528
Check for nil
...
Oops.
2019-11-12 01:10:26 -06:00
f4c7690247
Print cmd/unix/generic command output, minus HTML
2019-11-12 01:08:56 -06:00
09901fdf56
Clarify session cookie could be invalid
2019-11-12 01:08:25 -06:00
5b825e8245
Readd cmd/unix/generic target with manual badchars
2019-11-12 01:08:09 -06:00
22da634ddc
Land #12553 , Meltdown fix for BlueKeep exploit
2019-11-11 17:33:52 -06:00
Shelby Pace