9e1a7c869c
Use drdos mixin for memcached amp module
2018-02-27 22:51:27 -08:00
05c99ffb5c
Add Memcached amplification scanner
2018-02-28 11:24:17 +07:00
35b66d0e60
added payload tests
2018-02-27 19:24:51 -07:00
174c47195a
Add options LocalExePath, StartupName, ServiceDescription
2018-02-27 05:32:07 -05:00
325ad7256e
if multi/handler is disabled, exit
2018-02-27 04:30:09 -06:00
fcd6e8acab
Add options LocalExePath, StartupName, ServiceDescription
2018-02-27 05:27:32 -05:00
2939695991
Add ARCH_CMD and general fixup
2018-02-26 16:59:36 -05:00
15bd45cee3
Exodus Module
2018-02-26 21:31:13 +00:00
a344ffadd8
Modified Code, Added additional check
2018-02-26 07:29:08 -06:00
4e4aeb7b4d
Add GitStack v2.3.10 Unauth REST API Aux Module
2018-02-26 06:04:38 -06:00
553a82a408
Add options LEXEPATH, STARTUP_NAME, SERVICE_DESC
2018-02-26 02:39:11 -05:00
f786a1cfb9
Add options LEXEPATH, STARTUP_NAME, SERVICE_DESC
2018-02-26 01:59:49 -05:00
0c82b0a922
Support Windows 2008/7 and above
...
Probably about time that we supported versions less than 10 years old :)
2018-02-24 16:06:55 -05:00
a1587bcd68
Update smb_ms17_010.rb
2018-02-24 09:05:35 +05:30
46af6239df
Update smb_ms17_010.rb
2018-02-24 08:50:39 +05:30
9bae6246b2
Check for accessible named pipe on vuln targets
...
```
msf5 auxiliary(scanner/smb/smb_ms17_010) > run
[+] 192.168.0.2:445 - Host is likely VULNERABLE to MS17-010! - Windows 7 Ultimate 7601 Service Pack 1 x64 (64-bit)
[*] 192.168.0.2:445 - Checking for accessible named pipes
[+] 192.168.0.2:445 - Found accessible named pipe: netlogon
[+] 192.168.0.2:445 - Found accessible named pipe: lsarpc
[+] 192.168.0.2:445 - Found accessible named pipe: samr
[+] 192.168.0.2:445 - Found accessible named pipe: browser
[+] 192.168.0.2:445 - Found accessible named pipe: atsvc
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
2018-02-24 03:20:34 +05:30
133b34827f
Fix false+ login in a few more places
2018-02-23 13:16:41 -06:00
cd728defed
Merge branch 'master' into land-9607-
2018-02-23 11:09:20 -06:00
c7bbc6eca4
juniper post enum module
2018-02-22 21:08:21 -05:00
e19a071910
add bind_named_pipe x86
2018-02-22 19:03:37 -07:00
7663e5c1f6
Land #9601 , ms17_010_eternalblue reliability fixes
2018-02-22 15:30:45 -06:00
5815b626d9
Dont save email addresses as valid
...
Also add module doc for owa_login module
2018-02-22 14:58:11 -06:00
e531dbc976
Fix bug causing all logins to appear valid
...
The headers we were looking for were a little too loose
and were incorrectly identifying all responses as successful
login attempts
2018-02-22 11:25:35 -06:00
4b8a8fa2b1
Land #9441 , Create exploit for AsusWRT LAN RCE
...
Merge branch 'land-9441' into upstream-master
2018-02-22 10:40:45 -06:00
738d6ab33a
Land #9604 , Fix logged errors when running without Python 3.6 / gmpy2
2018-02-22 08:11:30 -06:00
99e278fa29
Land #9584 , Fix reverse_php_ssl infinite loop
2018-02-22 07:03:52 -06:00
77b3673e38
Fix reverse_php_ssl infinite loop
2018-02-22 08:42:54 +00:00
f98b4b0540
require 'rubygems/package'
2018-02-22 04:28:56 +00:00
7e665ab287
check for extra libraries explicitly, fail gracefully
2018-02-21 21:54:58 -06:00
3880f6a65e
Finally fix "Unknown admin user ''" after 2yrs
...
The failed password auth was necessary after all. I misread the PoC. :'(
Apparently the password auth sets the username, while the backdoored
keyboard-interactive auth sets the password.
2018-02-21 20:44:35 -06:00
cc2495dd9c
Explain fortinet-backdoor -> FortinetBackdoor
2018-02-21 17:05:30 -06:00
a5d78b82d4
Add require for Net::SSH::CommandStream
2018-02-21 15:51:53 -06:00
854ac67b8e
Use start_session in fortinet_backdoor
...
Still get "Unknown admin user ''" from a shell channel request,
@busterb's more complete implementation notwithstanding.
Hoping we fix this in a subsequent commit or related PR.
Please see #6612 and #9524 .
2018-02-21 15:33:34 -06:00
af45c1764b
Tweak exception handling and timing of ms17_010_eternalblue
2018-02-21 13:40:04 -06:00
78822fd799
Land #9524 , prefer 'shell' channels over 'exec' channels for ssh CommandStream
2018-02-21 06:59:09 -06:00
9cbc55ce40
Land #9593 , finger_users regex fix
2018-02-21 01:27:40 -06:00
bda7fefa7f
Land #9444 - hsts_eraser module and docs
2018-02-20 21:22:55 -06:00
b2cb4c425d
Land #9594 , CloudMe Sync v1.10.9 Buffer Overflow
2018-02-20 17:49:19 -06:00
6a62ca15e7
Remove NOPS
...
[ticket: #9594 ]
2018-02-20 17:40:33 -06:00
745ad4d727
CloudMe Sync Client BoF
2018-02-20 21:57:13 +00:00
d6206dc046
Better regex in finger_users
2018-02-20 15:48:00 -06:00
107a41a4ce
Land #9561 , Disk Savvy Enterprise v10.4.18 built-in server buffer overflow
2018-02-20 15:42:12 -06:00
d02bf40d69
Modified Exploit
...
Remove NOPS that weren't needed and freed up space for a larger payload.
[ticket: #9561 ]
2018-02-20 15:35:43 -06:00
4ce7468fbe
Added rid_hijack post module. Found at post/windows/manage
2018-02-20 22:29:23 +01:00
f10d58bc2d
upgrade osx shells to osx meterpreter
2018-02-21 02:54:38 +08:00
05e002e3c5
Land #9366 , Add x64 staged Meterpreter for macOS
2018-02-19 23:15:03 -06:00
69c7e83a55
Land #9164 , add OWA 2016 support
2018-02-19 23:12:27 -06:00
74c6e21f49
Lands #9504 , MagniComp SysInfo privilege escalation
2018-02-19 22:47:33 -06:00
56c00a8cb6
initial OWA 2016 support
2018-02-19 21:43:49 -06:00
9e3f12665e
Plaintext for console type to see what's going on.
2018-02-17 20:11:05 +01:00
Jon Hart