4845b4b1fa
Orientdb 2.2.x RCE - Fix regular expression for version detection
2017-07-26 14:35:05 +01:00
30664924c8
Orientdb 2.2.x RCE - Reverted to send_request_raw due to issues exploiting windows boxes
2017-07-26 13:59:14 +01:00
354869205a
make exploit/multi/handler passive
...
This gives exploit/multi/handler a makeover, updating to use more-or-less
standard Ruby, and removing any mystical hacks at the same time (like select
instead of sleep).
This also gives it a Passive stance, and sets ExitOnSession to be false by
default, which is the setting that people use 99% of the time anyway.
2017-07-24 15:47:06 -07:00
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
838b066abe
Merge branch 'master' into land-8716
2017-07-24 05:51:44 -07:00
6c22f785e9
Orientdb 2.2.x RCE - Fine tune vulnerable version detection; removed redundant uri normalization checking; Swapped send_request_raw for send_request_cgi; using vars_get;
2017-07-24 09:52:47 +01:00
524373bb48
OCD - Removed un-needed full stop
2017-07-21 07:41:51 -07:00
772bec23a1
Fix various typos
2017-07-21 07:40:08 -07:00
ef826b3f2c
OCD - print_good & print_error
2017-07-19 12:48:52 +01:00
b8d80d87f1
Remove last newline after class - Make @wvu-r7 happy
2017-07-19 11:19:49 +01:00
3d4feffc62
OCD - Spaces & headings
2017-07-19 11:04:15 +01:00
f3f96babb9
Orientdb 2.2.x RCE - Changed the java_craft_runtime_exec function; Tested the module against Win7-Pro-x64 with OrientDB v2.2.20 with StagerCmd flavors vbs and certutil with success
2017-07-19 10:46:10 +01:00
219987726f
Orientdb 2.2.x RCE - Changed the CmdStager flavor to VBS script
2017-07-18 17:18:14 +01:00
5ca523e2ce
Orientdb 2.2.x RCE - Add warning about windows
2017-07-18 17:11:54 +01:00
af0a9c2f86
Orientdb 2.2.x RCE tidy stuff
2017-07-18 17:07:29 +01:00
99ba645034
Orientdb 2.2.x RCE
2017-07-18 16:53:44 +01:00
8f6cac9c37
Land #8652 , rpc console write exploit
...
lands pr for the metasploit rpc console write exploit
2017-07-14 14:47:35 -05:00
4720d1a31e
OCD fixes - Spaces
2017-07-14 08:46:59 +01:00
fd843f364b
Removed extra lines
2017-07-14 08:17:16 +01:00
424522147e
OCD fixes - Start of *.rb files
2017-07-13 23:53:59 +01:00
df024bb594
Remove duplicate setting of suhosin.simulation
2017-07-10 00:46:05 +03:00
3bda361544
add old hackingteam leak name
2017-07-07 00:52:11 -05:00
baff473cae
Add Metasploit RPC Console Command Execution module
2017-07-05 08:48:35 +00:00
7e1b50ab3b
Land #8629 , AKA (also known as) module reference
2017-06-28 19:15:45 -05:00
aa8c580aba
updates
2017-06-28 20:14:38 -04:00
d20036e0fb
revise spelling, add heartbleed and tidy checks
2017-06-28 18:50:20 -04:00
43d8c4c5e7
Land #8519 , Apache ActiveMQ file upload exploit
2017-06-28 17:19:39 -05:00
461ab4501d
add 'Also known as', AKA 'AKA', to module references
2017-06-28 15:53:00 -04:00
b51fc0a34e
Land #8489 , more httpClient modules use store_valid_credential
2017-06-21 17:18:34 -05:00
58cd432120
Added docs, minor code tweak to remove duplication.
2017-06-19 17:35:41 -05:00
49d998f7d9
catch invalid tokens
2017-06-15 21:45:29 -04:00
f4ffade406
add ability to specify API token instead of password
2017-06-15 21:05:53 -04:00
0766f92013
Add option for workspace
2017-06-13 12:46:36 +00:00
6a4c61456d
Add ProcessMaker Plugin Upload exploit module
2017-06-10 08:59:20 +00:00
d641058f75
Added module to exploit ActiveMQ CVE-2016-3088
2017-06-06 11:33:42 -07:00
2924318ca5
update java_rmi_server modules with CVE
2017-06-02 12:59:48 -05:00
218ec96009
Add IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution module
2017-05-31 13:00:35 +00:00
0e145573fc
more httpClient modules use store_valid_credential
2017-05-30 14:56:05 -05:00
04a701dba5
Check template file extension name
2017-05-26 07:31:34 -05:00
ee13195760
Update office_word_macro exploit to support template injection
2017-05-25 15:53:45 -05:00
3360171977
Land #8319 , Add exploit module for Mediawiki SyntaxHighlight extension
2017-05-17 23:23:50 -05:00
631267480d
Update module description
2017-05-16 14:48:46 -05:00
2ed8ae11b4
Add doc and make minor changes
2017-05-16 14:47:19 -05:00
27e1de14b0
BuilderEngine 3.5 Arbitrary file upload and execution exploit
2017-05-12 18:37:08 +02:00
b794bfe5db
Land #8335 , rank fixes for the msftidy god
2017-05-07 21:20:33 -05:00
88bef00f61
Add more ranks, remove module warnings
...
../vmware_mount.rb
Rank = Excellent
Exploit uses check code for target availability,
the vulnerability does not require user action,
and the exploit uses privilege escalation to run
arbitrary executables
../movabletype_upgrade_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability
../uptime_file_upload_2.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability
../zpanel_information_disclosure_rce.rb
Rank = ExcellentRanking
Exploit allows remote code execution,
implements version check for pChart
../spip_connect_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability
../wp_optimizepress_upload.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability
../wing_ftp_admin_exec.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability
../novell_mdm_lfi.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability
../run_as.rb
Rank = ExcellentRanking
Exploit utilizes command injection,
checks system type, and does not require user action
2017-05-07 15:41:26 -04:00
64452de06d
Fix msf/core and self.class msftidy warnings
...
Also fixed rex requires.
2017-05-03 15:44:51 -05:00
6870a48c48
Code suggestion from @jvoisin
2017-05-02 16:41:06 +02:00
006ed42248
Added fix information
...
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/0002
09.html
2017-05-01 09:01:14 +02:00
673dbdc4b9
Code review feedback from h00die
2017-04-29 20:37:39 +02:00
Ricardo Almeida