fa6573f8e7
Note arch in supported target
2020-02-03 11:16:16 -06:00
a3717e13f6
Unf*ck PAYLOAD being set for neutralization
2020-02-03 11:16:16 -06:00
e12d993027
Move SMB DOPU module to match new naming scheme
2020-02-03 11:16:16 -06:00
f49ee7c60e
Prefer exploit.rb's rand_text wrapper
2020-02-03 11:16:16 -06:00
d64eb10b17
Update credit
2020-02-03 11:16:16 -06:00
548529e1d4
Clean up parsing
2020-02-03 11:16:16 -06:00
9e690414a1
Update ping response parsing with new information
...
Found the struct that corresponds to the ping response!
2020-02-03 11:16:16 -06:00
6241555531
Fix service pack
2020-02-03 11:16:16 -06:00
2ce49456a7
Fix arch detection and add product type
...
Thanks to @tsellers-r7 for testing XP and producing output to compare
against. Without a 32-bit test, the architecture guess was incorrect.
Additionally, product type had yet to be determined. The trailing bytes
were indeed significant! Thanks, Tom!
2020-02-03 11:16:16 -06:00
992a386ece
Use build_data_tpdu and note channelJoinConfirm
2020-02-03 11:16:16 -06:00
4d21b0e88e
Update prints in check for visibility
...
vprint_good should be print_warning, and most vprints should be print,
even if in check, since check is critical functionality.
2020-02-03 11:16:16 -06:00
7ba7221a8f
Parse ping response into version, build, and arch
2020-02-03 11:16:16 -06:00
db1a201885
Add RDP DOUBLEPULSAR RCE module
2020-02-03 11:16:16 -06:00
2ce3cb9e86
updated description
2020-02-03 17:09:56 +00:00
1ef34283eb
obtain session unreliably
2020-02-03 11:07:36 -06:00
6b229177f1
Add crosschex buffer overflow exploit
2020-02-03 17:02:04 +00:00
97f5f37344
Land #12807 , Install OpenSSH for Windows
2020-02-03 14:50:30 +00:00
6f453a0f83
Module rewrite to include Cron exploitation
2020-02-02 17:29:39 -08:00
e2d0d8f011
Cleanup module and permit alternate payload scheme
...
The original Qualys exploit uses an inline-shell for loop to read
and thereby consume lines from the input stream preceeding the
intended script for execution in the body section. Payloads which
do not contain bad characters (encoded or coincidentally simple)
can be placed directly into the FROM field and executed in place
of the original for loop filter.
2020-02-01 15:04:22 -05:00
34621c0adc
Add Windscribe WindscribeService Named Pipe Privilege Escalation
2020-02-01 00:41:07 +00:00
8d4637a42b
can now add printers
2020-01-31 15:07:56 -06:00
312a3466ee
Update 2020-7247 to execute from body
...
Using method from
https://www.openwall.com/lists/oss-security/2020/01/28/3
Attempted several other line readers via awk, while, for. Tried
without pipes or `>` in the strings. It appears other characters
are also illegal (conditional brackets likely culprits).
Initial testing on wide-open-configured opensmtpd on OpenBSD 6.6
libvirt Vagrant image produces shells, python meterpreter sessions,
and executes generic commands.
2020-01-31 04:32:03 -05:00
2907f4ae16
add default un to my/mssql login
2020-01-30 12:43:18 -05:00
b05fe7453f
add improved check method
2020-01-30 11:40:24 -06:00
394e99fbe9
Land #12568 , Fix exploit/windows/local/ms16_032_secondary_logon_handle_privesc
2020-01-30 11:57:56 +01:00
bf68730c76
Land #12885 , URL reference fix
2020-01-29 23:21:58 -06:00
9da4555509
Move clean-up code to cleanup method ( #2 )
...
Move clean-up code to cleanup method
2020-01-29 17:11:07 +01:00
81b8d5b58a
Add OpenSMTPD MAIL FROM RCE
2020-01-29 05:10:43 -06:00
8e0e21d337
Exploit for CVE-2019-20215
...
Staged, uses meterpreter
2020-01-28 16:15:24 -03:00
d4bd195a3d
Land #12871 , fix osx/local/persistence removal commands and payload options
2020-01-28 17:39:02 +08:00
9314e8b65b
Reference URL is broken
...
The URL http://www.fishnetsecurity.com/6labs/blog/post-exploitation-using-netntlm-downgrade-attacks redirects to the www.optiv.com homepage.
The correct current URL is https://www.optiv.com/blog/post-exploitation-using-netntlm-downgrade-attacks
2020-01-28 20:35:57 +11:00
0b0d4c8633
add x64 option to osx/local/persistence and update removal commands
2020-01-28 17:18:23 +08:00
3491da7da0
Add a random sentinel to close channel when terminates ( #1 )
...
* Add a random sentinel to close channel when terminates
* Replace spaces with tabs to be consistent
* Remove unnecessary escaped quotes and use include? instead of regex
2020-01-25 23:30:49 +01:00
2414fda288
add initial check/metadata
2020-01-24 16:14:51 -06:00
0d8d17c63d
Land #12736 , Add support for PPID spoofing
2020-01-24 08:49:51 -06:00
cfffb65a21
Land #12859 , update AF_PACKET chocobo_root linux LPE
2020-01-24 17:30:13 +08:00
fcf366e7ce
fix up enum_patches
2020-01-23 20:59:20 -05:00
355ddba6c9
Prefer exploit.rb's rand_text wrapper
2020-01-22 16:37:36 -06:00
6f6cc00871
Land #12751 , add Linux RDS socket NP deref privesc
2020-01-22 07:08:47 -06:00
06843d0ea5
update removal commands for osx/local/persistence
...
fixes #12870
2020-01-21 16:53:11 +01:00
ccc7b7747f
Land #12773 , add NVMS directory traversal
2020-01-21 08:44:14 -06:00
231c858383
add target_uri to request
2020-01-21 08:43:19 -06:00
e7e42b7a59
Land #12768 , add dlink command injection module
2020-01-21 07:37:43 -06:00
c1b66aac77
Updated check function and description
2020-01-20 17:16:45 -08:00
60b5a1791f
removing def data
...
Thanks bcoles
2020-01-20 15:39:45 +04:00
5d7c50e3ed
updated to use Msf::Post::Windows::Powershell mixin
2020-01-19 19:51:44 -05:00
4af14109f5
Grammar change in exploit name
2020-01-19 14:15:11 -08:00
d91a166034
Made changes from comments on PR #12858
2020-01-19 13:46:47 -08:00
19b1f567b2
Update AF_PACKET chocobo_root Privilege Escalation module
2020-01-19 11:51:01 +00:00
fc1b337c58
Add Apache James 2.3.2 Insecure User Creation Command Injection exploit module.
2020-01-18 19:05:27 -08:00
William Vu