25f49c0091
Fixed Description
...
Just cleaned up Description.
2016-07-08 16:17:39 -07:00
bbe4162320
Added error checking and some suggested style changes
2016-07-08 08:27:56 -07:00
d0e1c67c18
Land #7026 , Add Action Pack render exploit CVE-2016-2098
2016-07-07 16:16:37 -05:00
2cc6565cc9
Update rails_actionpack_inline_exec
2016-07-07 15:56:50 -05:00
cfb56211e7
Revert "Revert "Land #7009 , egypt's rubyntlm cleanup""
...
This reverts commit 1164c025a2
2016-07-07 15:00:41 -05:00
09dcd1dade
Added version check and error handling, changed regex to ruby syntax.
...
Also made a few syntax changes to placate rubocop.
2016-07-07 10:35:18 -07:00
892f354ece
give me some credit
2016-07-06 21:39:45 -04:00
47cf6d5edf
better docs, extract more data
2016-07-06 21:28:57 -04:00
fee361dae0
Land #7075 , Add ms16-016 local privilege escalation
2016-07-06 12:01:01 -05:00
532ea5d4c4
Make sure there's a ref and checkcode
2016-07-06 12:00:20 -05:00
45401bfe45
Land #7069 , modify check codes in multiple local exploits
2016-07-06 00:04:24 -05:00
b4b3a84fa5
refactor ms16-016 code
2016-07-05 20:50:43 -05:00
1164c025a2
Revert "Land #7009 , egypt's rubyntlm cleanup"
...
This reverts commit d90f0779f8e3e360cc83
2016-07-05 15:22:44 -05:00
21bede1166
unify stager style
2016-07-05 11:24:54 -05:00
049b322ae4
add x86 and x64 stagers for mettle
2016-07-05 11:24:54 -05:00
8490a3b775
Remove hard-float requirement for MIPS O32
2016-07-05 11:24:54 -05:00
0390ed4d6e
Add MIPS O32 Linux support (big and little endian)
2016-07-05 11:24:54 -05:00
8de508c4e0
Add mettle module for ARM
2016-07-05 11:24:54 -05:00
6290cb681f
Change class name Metasploit4 to MetasploitModule
2016-07-05 11:12:49 -05:00
5f9f3259f8
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-07-05 10:48:38 -05:00
7d638a0975
Remove misc_anti_emu
2016-07-05 17:29:37 +02:00
e29d5b9efe
Land #6954 , Fix the available size of payload for exploit/.../payload_inject
2016-07-05 07:38:27 -07:00
0f8efec001
Fix modules broken by @wchen-r7 's 4275a65407 commit.
...
These modules call check() in the exploit() function and expected to get a CheckCode::Vulnerable, now that check() returns Appears instead of Vulnerable they always refuse to run.
I've flipped the logic, based on examples in other modules, now they refuse to run only if check() positively returns Safe.
2016-07-05 13:49:14 +02:00
cfc368ab65
Land #6959 , Add Linux ARM big endian ipv4 bind shellcode
2016-07-05 00:41:00 -05:00
54dfcee665
Land #7055 , add netgear_soap_password_extractor docs
2016-07-04 23:59:10 -05:00
9d13df3a25
Corrected for console width errors causing erroneous carriage returns, resulting in incorrect hash extraction on ms sql server 2012
2016-07-04 16:23:07 -04:00
ec4769fade
Create exploit for WebNMS credential disclosure
2016-07-04 21:15:15 +01:00
05ef5316df
Create exploit for WebNMS arbitrary file download
2016-07-04 21:10:14 +01:00
eeba35f87a
Create file for WebNMS 5.2 remote code execution
2016-07-04 21:07:03 +01:00
78335f8e20
Update the cache size in bsd/x64/shell_reverse_tcp
2016-07-04 00:35:52 +02:00
f246aa0b58
dup2() to STDERR_FILENO in bsd/x64/shell_reverse_tcp
2016-07-04 00:00:33 +02:00
54092177a2
Remove superfluous xor in bsd/x64/shell_reverse_tcp
2016-07-03 23:53:11 +02:00
12812650c0
Land #7054 , Fix busted alpha encoding on ms02_018_htr
2016-07-02 17:07:25 -05:00
4ed12d7077
Added: support for credentials saving using report_cred method as suggested
...
Added: support for detection of valid user credentials to skip login SQLi if not necessary.
2016-07-02 01:41:13 -04:00
844c13dc17
added new vuln device to netgear list, plus docs
2016-07-01 18:32:30 -04:00
3850431966
Fix busted alpha encoding on this old-ass exploit
2016-07-01 17:20:00 -05:00
bca0d716c0
Land #7047 , Ensure http_login scanner module saves passwds
2016-07-01 12:21:28 -05:00
70a79bb0e8
Land #7014 , Nagios remote root shell exploit
2016-07-01 08:17:38 -07:00
a1bd640eff
Fix hashrocket alignment
2016-07-01 09:05:03 -05:00
9663f88fdc
Download profile.zip instead of including it
...
profile.zip is GPL-licensed...
2016-07-01 01:17:23 -05:00
159446ce92
Ensure http_login scanner module saves passwds.
...
Fixes #6983 . When the auxiliary/scanner/http/http_login module discovers a successful basic auth user+password combination, make sure we properly store the password by specifically telling the credentials gem that the private data we're storing is a :password.
2016-06-30 16:58:39 -05:00
1401a61f59
Land #6998 , Fix #6984 Undefined method 'winver' in ms10_092_schelevator
2016-06-30 16:14:09 -05:00
3edb0b3625
Reduce chance to get a null byte in the decoder stub
2016-06-30 19:14:32 +02:00
31ea58d7f0
Inherit from Msf::Encoder::Xor to get key preventing badchars
...
I guess it what Msf::Encoder::Xor find_bad_keys is for.
2016-06-30 18:29:30 +02:00
1ecef265a1
Do a fail_with in case nonce is not found at all
2016-06-30 11:21:45 -05:00
e2b9225907
Fix #7022 , Failing to find wpnonce in fetch_ninja_form_nonce
...
This patch fixes a problem when the module is used against an older
version of ninja forms (such as 2.9.27), the nonce is found in a
hidden input instead of the JavaScript code, which actually causes
an undefined method 'gsub' bug in the module.
Fix #7022
2016-06-30 11:15:38 -05:00
afbeb2b668
Land #7023 , fixes for swagger exploit
...
Thanks @sdavis-r7!
See #7015 as well.
2016-06-30 10:54:34 -04:00
d1281b6594
Chmod to remove the exec bit.
2016-06-30 10:43:46 -04:00
068a4007de
Riverbed SteelCentral NetProfiler & NetExpress Exploit Module
...
Changes to be committed:
new file: modules/exploits/linux/http/riverbed_netprofiler_netexpress_exec.rb
2016-06-29 22:27:40 -04:00
8a777bec41
Forget to rename function after msftidy correction
2016-06-29 23:30:48 +02:00
sho-luv