840c0d5f56
Land #7808 , add exploit for VMware VDP with known ssh private key (CVE-2016-7456)
2017-08-20 17:36:45 -05:00
88f39d924b
Land #8816 , added Jenkins v2 cookie support
2017-08-20 14:58:38 -05:00
f7dc831e9a
Land #8799 , Add module to detect Docker, LXC, and systemd-nspawn containers
2017-08-20 14:45:57 -05:00
aa797588e8
Land #8847 , Look for sp_execute_external_script in mssql_enum
2017-08-20 14:32:35 -05:00
2eba188166
Land #8789 , Add COM class ID hijack method for bypassing UAC
2017-08-20 13:57:17 -05:00
e8ab518d76
Land #8853 , Revert passive stance for multi/handler
2017-08-19 22:04:26 -05:00
d76616e8e8
Reverse and bind shells in R
...
Initial implementation of bind and reverse TCP shells in R.
Supports IPv4 and 6, provides stateless sessions which wont change
the cwd when cd is invoked since each command invocation actually
spawns a pipe to execute that specific line's invocation.
R injections are common in academic software written in a hurry by
students or lab administrators. The language runtimes are also
commonly found adjacent to valuable data, and often used by teams
which are not directly responsible for information security.
Testing:
Local testing with netcat bind and rev handlers.
TODO:
Add the appropriate platform/language library definitions
2017-08-19 06:12:05 -04:00
6ecdb8f2cc
Land #8852 , convert quest_pmmasterd_bof to cmd_interact/find
2017-08-18 13:20:17 -05:00
66a4ea4f0b
Revert passive stance for multi/handler
...
It's gotten to be a bit annoying. ExitOnSession=false was good, but this
was too much. Typing run -j isn't difficult.
2017-08-18 13:16:12 -05:00
cde319a5ec
Optim module and add doc
2017-08-18 19:30:41 +02:00
b529c3551c
Remove unused variable
2017-08-18 19:00:32 +02:00
dc358dd087
unknow to unknown
2017-08-18 11:33:48 -04:00
d659cdc8f6
Convert quest_pmmasterd_bof to cmd_interact/find
2017-08-18 00:19:09 -05:00
ea5370486f
minor unused variable fixes
2017-08-17 16:46:51 -04:00
9c196041ce
update youtube urls in post exploit module
2017-08-17 16:44:35 -04:00
8b4ccc66c7
add linux/aarch64/shell_reverse_tcp
2017-08-17 18:55:37 +08:00
e642789674
Look for sp_execute_external_script in mssql_enum
...
sp_execute_external_script can be used to execute code in MSSQL.
MSSQL 2016+ can be configured to execute R code. MSSQL 2017 can
be configured to execute Python code.
Documentation:
https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-execute-external-script-transact-sql
https://docs.microsoft.com/en-us/sql/advanced-analytics/tutorials/rtsql-using-r-code-in-transact-sql-quickstart
Interesting uses of sp_execute_external_script:
R - https://pastebin.com/zBDnzELT
Python - https://gist.github.com/james-otten/63389189ee73376268c5eb676946ada5
2017-08-16 21:40:03 -05:00
f07318c976
Fix post/linux/gather/hashdump NoMethodError
2017-08-16 00:56:32 -07:00
70a82b5c67
Land #8834 , add resiliency to x64 linux reverse_tcp stagers
2017-08-15 08:04:32 -04:00
df98c2a3dd
update cached sizes again
2017-08-15 08:02:51 -04:00
debbc31142
use separate module names for x86 and x64 generators
2017-08-15 08:02:01 -04:00
4dbf94556e
update CacheSize
2017-08-15 12:54:30 +09:00
ac976eee8e
Add author
2017-08-15 03:27:40 +00:00
e3265c4b1b
Land #8697 , fix oracle_hashdump and jtr_oracle_fast modules
2017-08-14 17:36:18 -04:00
69c4ae99a7
Land #8811 , fix peer printing with bruteforce modules
2017-08-14 17:31:48 -04:00
b4055a8071
Rename command
2017-08-14 23:26:18 +02:00
55db70ec3e
Handle case when locate is not here by using enum_directories_map
2017-08-14 23:25:01 +02:00
1a4db844c0
Refactor build_brute_message for legacy printing
2017-08-14 11:17:34 -05:00
b8f56d14e0
Land #8698 , Add HEADERS to php_eval module
2017-08-14 09:54:22 -04:00
27822c2ccf
Add Maven creds module
2017-08-14 14:59:59 +02:00
9fdf2ca1f4
Land #8830 , Cleanup auxiliary/scanner/msf/msf_rpc_login
2017-08-14 02:47:08 -04:00
fa4fae3436
Cleanup auxiliary/scanner/msf/msf_rpc_login
2017-08-14 06:34:04 +00:00
59086af261
Land #8771 , rewrite linux x64 stagers with Metasm
2017-08-14 02:32:29 -04:00
26193216d1
Land #8686 , add 'download' and simplified URI request methods to http client mixin
...
Updated PDF author metadata downloader to support the new methods.
2017-08-14 01:40:17 -04:00
7d4561e0fd
rename to download_log to avoid conflicting with the mixin
2017-08-14 01:10:37 -04:00
5d05ca154a
added http client 'download' method and updates to pdf author module from @bcoles
2017-08-14 01:08:53 -04:00
0a374b1a88
Add QNAP Transcode Server Command Execution exploit module
2017-08-13 09:13:56 +00:00
25764397ba
Update CachedSizes for changed nodejs payloads
...
Fixes test failures
2017-08-12 23:21:54 -07:00
7881a7ddc4
git submodule command exec
2017-08-13 11:47:44 +08:00
ecfe3d0235
added optional DoublePulsar check
2017-08-11 11:36:59 -06:00
bb5fffebc4
Land #8796 , SMBLoris Denial of Service Module.
2017-08-09 16:24:55 -05:00
901a1fdd1b
Minor tweaks.
2017-08-09 15:44:32 -05:00
1b6acd768e
Land #8817 , fixing @jhart-r7's ruby 2.2 blunder
2017-08-09 13:19:20 -07:00
1b6b29c22b
fix error with rdp scanníng
2017-08-09 21:32:15 +02:00
7e860571ae
fix bug where api_token auth was being used without token being set
2017-08-09 12:30:26 -04:00
9bb102d72d
add jenkins v2 cookie support
2017-08-09 12:29:31 -04:00
dd79aa3afb
Land #8627 , Add post module multi/gather/jenkins
2017-08-09 10:43:21 -05:00
0ac19087cd
Land #8720 , add resiliency (retries + sleep) to linux x86 stagers
2017-08-08 19:36:47 -05:00
3396afb41a
Add IP and port (peer) to print_brute messages
2017-08-08 15:46:40 -05:00
39e59805f9
Fix annoying print_brute messages in ssh_login
2017-08-08 15:15:23 -05:00
Brent Cook