adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

13654 Commits

Author SHA1 Message Date
HD Moore 036f063988 Fix a stack trace when no SMB response is received 2017-05-19 16:24:41 -05:00
lincoln b76229b5f7 removed unessessary line 2017-05-18 19:15:49 -07:00
lincoln 7ca0fe5a68 Added make_junk function 2017-05-18 19:06:09 -07:00
James Lee 4def7ce6cc Land #8327, Simplify storing credentials 2017-05-18 16:49:01 -05:00
Daniel Teixeira c1624d0967 VX Search Enterprise GET Buffer Overflow 2017-05-18 17:12:47 +01:00
zerosum0x0 bdf121e1c0 x86 kernels will safely ret instead of BSOD 2017-05-17 23:48:14 -06:00
zerosum0x0 d944bdfab0 expect 0xC00000D 2017-05-17 23:05:20 -06:00
zerosum0x0 646ca14375 basic OS verification, ghetto socket read code 2017-05-17 22:48:45 -06:00
wchen-r7 c0bf2cc6e7 Land #8401, Buffer Overflow on Sync Breeze Enterprise 9.4.28 2017-05-17 23:39:50 -05:00
wchen-r7 3360171977 Land #8319, Add exploit module for Mediawiki SyntaxHighlight extension 2017-05-17 23:23:50 -05:00
Daniel Teixeira ad8788cc74 Update syncbreeze_bof.rb 2017-05-17 11:33:24 +01:00
Daniel Teixeira 5329ce56c4 Sync Breeze Enterprise GET Buffer Overflow 2017-05-17 10:53:28 +01:00
lincoln 2f39daafc5 Updated module removing hardcoded binary payload strings 
-Used only nessessary pointers needed for exploit to work removing junk/filler chars
-Repaced ROP chain with generic from msvcrt (even though original was beautiful and smaller, uses hardcoded pointers for leave instructions)
-Cannot use ropdb since 4 byte junk char during generation may result in InvalidByteSequenceError during UTF conversion
-It's been some years since my last pull request...so I might be a bit rusty to new Metasploit standards (please forgive me!)
 2017-05-16 23:22:42 -07:00
William Webb 7e2dab4ddc Land #8303, Buffer Overflow on Dupscout Enterprise v9.5.14 2017-05-17 01:04:59 -05:00
zerosum0x0 6fb4040d11 add core buffer dump for OS version 2017-05-16 23:18:39 -06:00
William Vu 1f4ff30adb Improve 200 fail_with in wp_phpmailer_host_header 
One. last. commit. Noticed this in the response body.
 2017-05-16 22:38:36 -05:00
wchen-r7 77a9676efb Land #8347, Add Serviio Media Server checkStreamUrl Command Execution 2017-05-16 16:20:39 -05:00
William Vu 6d81ca4208 Fix Array/String TypeError in ms17_010_eternalblue 2017-05-16 15:53:34 -05:00
William Vu e24de5f110 Fix Class/String TypeError in ms17_010_eternalblue 2017-05-16 15:41:16 -05:00
James Lee e3f4cc0dfd Land #8345, WordPress PHPMailer Exim injection 
CVE-2016-10033
 2017-05-16 15:07:21 -05:00
William Vu 29b7aa5b9b Update fail_with for 200 (bad user?) 2017-05-16 15:03:42 -05:00
wchen-r7 e62fc3e93c Land #8376, Add BuilderEngine 3.5 Arbitrary file upload & exec exploit 2017-05-16 14:53:32 -05:00
wchen-r7 631267480d Update module description 2017-05-16 14:48:46 -05:00
wchen-r7 2ed8ae11b4 Add doc and make minor changes 2017-05-16 14:47:19 -05:00
William Vu 7c1dea2f02 Refactor prestager to work with newer Exim 
Apparently it doesn't like reduce with extract.
 2017-05-16 14:22:43 -05:00
zerosum0x0 53bb5a8440 Update ms17_010_eternalblue.rb 2017-05-16 10:43:43 -06:00
William Vu 7c2fb9acc1 Fix nil bug in Server header check 2017-05-16 10:43:04 -05:00
William Vu 5fd6cb0890 Remove nil case, since response might be nil 
It doesn't always return something. Forgot that.
 2017-05-15 21:23:49 -05:00
William Vu b41427412b Improve fail_with granularity for 400 error 
Also corrects BadConfig to NoTarget in another one of my modules. Oops.
 2017-05-15 21:15:43 -05:00
William Vu 1a644cadc4 Add print_good to on_request_uri override 
Maybe the ability to send prestagers will be a part of CmdStager in the
future, or maybe CmdStager will actually be able to encode for badchars.
 2017-05-15 19:17:58 -05:00
james-otten 3c4dfee4f5 Module to execute powershell on Octopus Deploy server 
This is not a bug, but a feature which gives users with the correct
permissions the ability to take over a host running Octopus Deploy.

During an automated deployment initiated by this module, a powershell
based payload is executed in the context of the Octopus Deploy server,
which is running as either Local System or a custom domain account.
This is done by creating a release that contains a single script step
that is run on the Octopus Deploy server. The said script step is
deleted after the deployment is started. Though the script step will
not be visible in the Octopus Deploy UI, it will remain in the server's
database (with lot's of other interesting data).

Options for authenticating with the Octopus Deploy server include
username and password combination or an api key. Accounts are handled
by Octopus Deploy (stored in database) or Active Directory.

More information about Octopus Deploy:
https://octopus.com
 2017-05-15 18:57:38 -05:00
William Vu c4c55be444 Clarify why we're getting 400 and add fail_with 2017-05-15 18:53:36 -05:00
William Vu 489d9a6032 Drop module to AverageRanking and note 400 error 2017-05-15 17:35:40 -05:00
William Vu 2055bf8f65 Add note about PHPMailer being bundled 2017-05-15 14:29:11 -05:00
William Vu 35670713ff Remove budding anti-patterns to avoid copypasta 
While it offers a better OOBE, don't set a default LHOST. Force the user
to think about what they're setting it to. Also, RequiredCmd is largely
unnecessary and difficult to determine ahead of time unless the target
is a virtual appliance or something else "shipped."
 2017-05-15 12:56:14 -05:00
zerosum0x0 cb4c700e62 fix typo 2017-05-14 21:52:36 -06:00
zerosum0x0 865a36068e sleep fix and new shellcode 2017-05-14 21:45:19 -06:00
zerosum0x0 e3dcf0ab2d added docs 2017-05-14 19:22:26 -06:00
zerosum0x0 9634f974dd fix msftidy 2017-05-14 18:14:02 -06:00
zerosum0x0 fa79339432 eternalblue module 2017-05-14 18:11:41 -06:00
Spencer McIntyre f39e378496 Land #8330, fix ps_wmi_exec and psh staging 2017-05-13 14:26:47 -04:00
William Vu c622e3fc22 Deregister URIPATH because it's overridden by Path 2017-05-12 11:56:38 -05:00
William Vu 84af5d071d Deregister VHOST because it's overridden by Host 2017-05-12 11:44:10 -05:00
Mzack9999 27e1de14b0 BuilderEngine 3.5 Arbitrary file upload and execution exploit 2017-05-12 18:37:08 +02:00
William Vu 231510051c Fix uri_str for exploit 2017-05-11 16:30:10 -05:00
William Vu 2ae943d981 Use payload common case instead of general case 
Both x86 and x64 work on x64, but we really expect x64, and there's no
migration to move us from x86 to x64.
 2017-05-11 15:43:49 -05:00
Brent Cook e414bdb876 don't try to guess intent for specified default targets, leave auto-auto targeting to unspecified modules 2017-05-11 15:19:11 -05:00
Brent Cook 30c48deeab msftidy and misc. fixups for Quest BoF module 2017-05-11 08:07:39 -05:00
William Webb e8aed42ecd Land #8223, Quest Privilege Manager pmmasterd Buffer Overflow 2017-05-11 00:44:19 -05:00
Adam Cammack 18d95b6625 Land #8346, Templatize shims for external modules 2017-05-10 18:15:54 -05:00