fb0a438fdf
Perform a version check to determine exploitability for graphite pickle
2016-10-05 16:08:02 -07:00
27cf5c65c4
working module
2016-10-04 23:21:53 -04:00
75bea08e0e
changing branches
2016-10-04 21:08:12 -04:00
63ed5624ff
Land #7395 , Ninja Forms module update
2016-10-04 11:14:30 -05:00
f60d575d62
Add EOF newline back in
2016-10-04 11:14:15 -05:00
3101564a0a
Enable support for windows 8 in the exploit
2016-10-04 16:27:33 +10:00
a4efa77878
Support driver list, adjust capcom exploit
...
This commit adds MSF-side support for listing currently loaded drivers
on the machine that Meterpreter is running on. It doesn't add a UI-level
command at this point, as I didn't see the need for it. It is, however,
possible to enumerate drivers on the target using the client API.
Also, the capcom exploit is updated so that it no longer checks for the
existence of the capcom.sys file in a fixed location on disk. Instead,
it enumerates the currently loaded drivers using the new driver listing
function, and if found it checks to make sure the MD5 of the target file
is the same as the one that is expected. The has is used instead of file
version information because the capcom driver doesn't have any version
information in it.
2016-10-04 11:27:20 +10:00
e6daef62b4
egypt
2016-10-03 20:24:59 -04:00
b1cb153c31
Make errors more meaningful
2016-10-03 15:29:40 -05:00
7b0a8784aa
additional doc updates
2016-09-29 19:02:16 -04:00
bac4a25b2c
compile or nill
2016-09-29 06:15:17 -04:00
4fac5271ae
slight cleanup
2016-09-29 05:51:13 -04:00
c036c258a9
cve-2016-4557
2016-09-29 05:23:12 -04:00
3b548dc3cd
update email and paths
2016-09-28 18:37:48 -04:00
2272e15ca2
Remove some anti-patterns, in the same spirit than #7372
2016-09-29 00:15:01 +02:00
988471b860
Land #7372 , useless use of cat fix
...
Obligatory: modules/exploits/linux/local/kloxo_lxsuexec.rb.
2016-09-28 16:37:11 -05:00
3033c16da6
Add missing rank
2016-09-28 16:37:04 -05:00
b46073b34a
Replace cat with Ruby's read_file
...
Thanks to wvu-r7 for the comment
2016-09-28 23:22:19 +02:00
45ee59581b
Fix inverted logic in Docker exploit
...
Positive condition should be tested first, imo. Confusing otherwise. My
bad, though.
Credit to @fslavin-r7.
2016-09-28 15:36:09 -05:00
ab94bb9cdd
Land #7365 , nonce fix for Ninja Forms exploit
2016-09-28 13:57:08 -05:00
dbb2abeda1
Remove the cat $FILE | grep $PATTERN anti-pattern
...
The `kloxo_lxsuexec.rb` and `netfilter_pvi_esc.rb` exploits
were using the infamous `cat+grep` anti-pattern, this commit
replaces it with `cat` and Ruby's `.include?` method.
2016-09-28 13:41:25 +02:00
35a2b3e59d
working panda
2016-09-27 20:15:17 -04:00
f838c9990f
Fix nonce bug in wp_ninja_forms_unauthenticated_file_upload
...
If wordpress saves the nonce value in JavaScript, we could get an
undefined method for nil.
2016-09-27 11:30:52 -05:00
76b3c37262
Fix msftidy errors
2016-09-27 22:56:07 +10:00
0e82ced082
Add LPE exploit module for the capcom driver flaw
...
This commit includes:
* RDI binary that abuses the SMEP bypass and userland function pointer
invocation that is provided by the driver.
* Related metasploit module.
* Associated make.build to build from command line.
* Updated command line build file.
This also includes the beginnings of a new set of functions that help
with the management/automation of kernel-related work on Windows for
local priv esc exploits.
2016-09-27 22:37:45 +10:00
6382fffc75
Land #7326 , Linux Kernel Netfilter Privesc
2016-09-26 12:38:50 -05:00
a13e83af8a
Land #7357 , Stagefright CVE-2015-3864
2016-09-25 17:10:06 -05:00
23e5556a4c
binary drops work!
2016-09-24 21:31:00 -04:00
dbf66f27d5
Add a browser-based exploit module for CVE-2015-3864
2016-09-23 11:14:31 -05:00
639dee993a
Fixed interactive password prompt issue
...
Fixed an issue where the exploit would drop to interactive password prompt by default on newer ruby version which rendered the exploit unusable. It now properly forces pubkey authentication instead and proceeds with the bypass as expected.
2016-09-23 17:03:40 +01:00
5de1d34869
Land #7341 , add module metasploit_static_secret_key_base
2016-09-23 09:20:48 -05:00
cba297644e
post to local conversion
2016-09-22 22:08:24 -04:00
7646771dec
refactored for live compile or drop binary
2016-09-22 20:07:07 -04:00
bc425b0378
Update samsung_security_manager_put
...
This patch improves the following
* Stage 1 XSS/JS attack to use the body.onload callback
* Better timing for FF
2016-09-22 12:02:49 -05:00
9f3c8c7eee
Land #7268 , add metasploit_webui_console_command_execution post-auth exploit
2016-09-22 00:50:58 -05:00
88cef32ea4
Land #7339 , SSH module fixes from net:ssh updates
2016-09-22 00:27:32 -05:00
04f8f7a0ea
Land #7266 , Add Kaltura Remote PHP Code Execution
2016-09-21 17:14:49 -05:00
dcfbb9ee6a
Tidy info
...
Replace errant \t with \x20
2016-09-21 20:14:11 +10:00
1e24568406
Tweak verbosity re: found secrets
2016-09-21 20:14:08 +10:00
30d07ce0c7
Tidy metasploit_static_secret_key_base module
...
* Inline magic values
* Optimise out dead Rails3-specific code
2016-09-21 20:13:58 +10:00
8b1d29feef
Land #7304 , fix rails_secret_deserialization popchain
2016-09-20 16:05:03 -05:00
2d3c167b78
Grammar changes again.
2016-09-20 23:51:12 +03:00
0f16393220
Yet another grammar changes
2016-09-20 19:48:40 +03:00
fb00d1c556
Another minor grammer changes
2016-09-20 19:23:28 +03:00
251421e4a7
Minor grammar changes
2016-09-20 10:37:39 -05:00
385428684f
Move module and docs under the exploit/linux/http folder
2016-09-20 12:45:23 +03:00
a9a1146155
fix more ssh option hashes
2016-09-20 01:30:35 -05:00
c689a8fb61
Removing empty lines before module start
2016-09-20 01:42:18 +03:00
29a14f0147
Change References to EDB number and remove 4 space
2016-09-20 01:31:56 +03:00
a1ca27d491
add module metasploit_static_secret_key_base
2016-09-20 07:04:00 +10:00
funkypickle