ba9c7039f7
Add psreadline_history module
2018-12-21 18:18:21 +05:30
c959c98161
add original public research author
2018-12-21 02:54:35 -06:00
a7e8afe760
update references, remove unused metadata, use more straightforward string operations
2018-12-21 02:54:35 -06:00
0dab74a71f
tweak description
2018-12-21 02:54:35 -06:00
46acd7a206
simplify
2018-12-21 02:54:35 -06:00
2f35695327
update web link
2018-12-21 02:54:35 -06:00
ac51fbd122
style fixes
2018-12-21 02:54:35 -06:00
dc6ae6f058
initial import, CVE-2016-4117 OSX exploit
2018-12-21 02:54:35 -06:00
b83c6ad496
Land #11149 , fix a PTY leak in Python Meterpreter
2018-12-20 17:30:42 -06:00
bf2de42077
Now supports all version of Consul.
2018-12-20 18:56:07 +01:00
2919b970cd
Implement execution checks with a timeout limit so we don't leave zombie checks running in background.
2018-12-20 18:41:35 +01:00
ba5c40db77
No need for CVE field.
2018-12-20 18:18:53 +01:00
9481ad04f2
Adding support for ARCH_CMD and updating docs
2018-12-20 12:12:01 +03:00
5af05ad976
Land #11143 , nc -j fix for cups_root_file_read
2018-12-19 22:37:00 -06:00
bf4bb0a5b9
bump metasploit-payloads gem
...
Update metasploit-payloads gem to 1.3.57 to pick up
fix for Python Meterpreter PTY Leak from rapid7/metasploit-payloads#319
2018-12-19 18:19:24 -06:00
68ceb08957
Fixing minor issues such as err codes
2018-12-19 22:17:34 +03:00
d601837e03
Land #10401 , java_jmx_server scanner for Java JMX MBean servers
2018-12-19 13:12:03 -06:00
50b7d93a18
java_jmx_scanner: Incorporate @bcoles suggestions
2018-12-19 12:56:53 -06:00
f7eb3452be
Land #11083 , set user agent in Windows reverse_http(s) stagers
2018-12-19 11:38:12 -06:00
e5c8c18ded
Adding Mailcleaner exec
2018-12-19 17:35:40 +03:00
6921b79890
Land #11089 , Erlang cookie rce exploit module
2018-12-19 08:02:40 -06:00
3838be0a03
Windows Hide Chrome Window
2018-12-19 05:58:11 -06:00
1b8b3bbb95
Update nc -j check in cups_root_file_read
2018-12-18 17:38:33 -06:00
51ce96a2b4
Merge branch 'jmx_scanner' of https://github.com/sgorbaty/metasploit-framework into sgorbaty-jmx_scanner
2018-12-18 16:05:03 -06:00
60f3cfbb79
ysoserial: Cleaned up ysoserial payload in hp_imc_java_deserialize
2018-12-18 15:17:51 -06:00
bb758f9a61
I didn't forget msftidy I swear
2018-12-18 14:55:12 -06:00
8a2a605a99
added targets
2018-12-18 14:50:57 -06:00
0464f941a7
Add Windows Support
2018-12-18 14:17:10 -06:00
ef8601aa71
Bail early if we receive an unexpected response.
2018-12-18 19:42:26 +01:00
4ee7bdee6c
Merge branch 'consul_service_exec' of github.com:QKaiser/metasploit-framework into consul_service_exec
2018-12-18 19:33:51 +01:00
b3563b1bc2
Cleaner version of check function thanks to @bcoles.
2018-12-18 19:33:30 +01:00
5e134d7d8d
Update modules/exploits/multi/misc/consul_service_exec.rb
...
Co-Authored-By: QKaiser <QKaiser@users.noreply.github.com >
2018-12-18 19:27:19 +01:00
5192c081ee
Update modules/exploits/multi/misc/consul_service_exec.rb
...
Co-Authored-By: QKaiser <QKaiser@users.noreply.github.com >
2018-12-18 19:27:08 +01:00
6ad40deac3
print_status will never throw a JSON::ParseError exception.
2018-12-18 19:15:13 +01:00
b2b410cbbe
DoS Exploitation of Allen-Bradley legacy protocol (PCCC)
2018-12-18 16:49:53 +00:00
1e88ce9a3d
Edit the comments to -84
2018-12-18 16:33:44 +00:00
05218654f4
adjust the offset to -84
2018-12-18 16:30:47 +00:00
af418ec7f7
Fix mipsle byte_xori too
2018-12-18 16:05:23 +00:00
a52ffbcead
Missing disclosure date.
2018-12-18 17:03:09 +01:00
a3d020a7e2
Add support for authorization with X-Consul-Token ACL header.
2018-12-18 16:56:03 +01:00
1839144978
Cleaner to define this as a Hash, then call .to_json on it.
2018-12-18 16:53:49 +01:00
d40d6c4e3d
Update longxor.rb
...
Suffers from the same problem as the mipsbe version
2018-12-18 15:48:29 +00:00
34c9555717
Fix byte_xori encoder
...
The byte_xori encoder for mipsbe does not work correctly. At the end of the decoding, it should invoke cacheflush() with the correct parameters:
int cacheflush(char *addr, int nbytes, int cache)
I think this is because the encoder is based of the longxori encoder, which itself is pretty old (2008), and before kernel 2.6.11, cacheflush() did not need any parameters (from the cacheflush man page):
BUGS
Linux kernels older than version 2.6.11 ignore the addr and nbytes arguments, making this function fairly expensive. Therefore, the whole cache is always flushed.
This commit fixes that by setting up the parameters correctly. As an unfortunate side effect this increases the shellcode by 16 bytes, but it is absolutely necessary for it to work properly.
Note that this bug is not present when testing the encoder output on an emulator like qemu; emulators do not need to flush the caches to work properly.
2018-12-18 15:37:47 +00:00
177ae2f927
fail_with is not allowed in check method. Use vprint_error and return a CheckCode instead. Cleaner response check in check function. Usage of CheckCode instead of Exploit::CheckCode.
2018-12-18 16:33:53 +01:00
0feadf636b
Define in RPORT and SSL in register_options rather than DefaultOptions. Support for echo and printf command stager flavors + support for curl and wget command stager flavors (hence reactivation of SRVHOST, SRVPORT, URIPATH and SSLCert).
2018-12-18 16:29:36 +01:00
0acdcd98f2
Merge branch 'master' into consul_service_exec
2018-12-18 16:27:08 +01:00
f487f978c2
Merge branch 'consul_exec' of github.com:QKaiser/metasploit-framework into consul_exec
2018-12-18 16:09:18 +01:00
08541cd7b9
Merge branch 'master' into consul_exec
2018-12-18 16:07:08 +01:00
a1e1e4a4f4
Remove useless comment.
2018-12-18 16:05:50 +01:00
b80e5715d4
Add support for authorization with X-Consul-Token ACL header.
2018-12-18 16:02:39 +01:00
Garvit Dewan