9c8e351ba8
Use vars_get un send_request_cgi
2016-07-19 20:12:14 +03:00
ec2f8fcc71
Change check method and use meterpreter instead of unix cmd
2016-07-19 11:13:06 +03:00
650034b600
Use normalize_uri params instead of string concatenation
2016-07-19 01:01:05 +03:00
c8deb54938
Add Drupal RESTWS Remote Unauth PHP Code Exec
2016-07-18 21:32:10 +03:00
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e02167b1d9596c7
2016-07-15 12:00:31 -05:00
b2c3267a2a
Land #7042 , fetch_ninja_form_nonce/wponce fix
2016-07-13 11:38:11 -05:00
8f928c6ca1
Land #7006 , Add MS16-032 Local Priv Esc Exploit
2016-07-12 15:22:35 -05:00
815c426b4d
Match naming style
2016-07-12 15:18:39 -05:00
f11b84f106
Update wfsdelay and check for ms16-032
2016-07-12 15:17:21 -05:00
f164afaef8
Land #6932 , joomla_contenthistory_sqli_rce fixes
2016-07-12 14:26:49 -05:00
310332b521
Clean up module
2016-07-12 11:17:10 -05:00
b869b890c7
Land #7090 , Add module for Tikiwiki Upload Exec
2016-07-12 11:16:50 -05:00
2471e8bc8c
Add FileDropper to cleanup properly
2016-07-12 11:16:18 -05:00
277950cc79
Land #6733 , psexec StackAdjustment fix
2016-07-12 11:14:16 -05:00
43833c8756
Fixing double normalize function call
2016-07-12 07:30:18 +03:00
2b016e0216
Land #6812 , remove broken OSVDB references
2016-07-11 22:59:11 -05:00
7211936f96
Fix Payload exit issue
...
Fixed payload exiting issue by adding while ($true){Start-Sleep 1000};
statement.
2016-07-11 16:21:08 -04:00
fc56ab6722
Fixing some coding style because of rubocop
2016-07-11 23:10:18 +03:00
e79c3ba7c0
Tiki Wiki unauth rce
2016-07-11 22:44:07 +03:00
52c6daa0f2
Land #7048 , Riverbed SteelCentral NetProfiler and NetExpress Remote
...
Command Injection
2016-07-10 18:54:12 -05:00
b75084249a
Removed duplicate 'Privileged' key
2016-07-10 01:37:03 -04:00
25f49c0091
Fixed Description
...
Just cleaned up Description.
2016-07-08 16:17:39 -07:00
d0e1c67c18
Land #7026 , Add Action Pack render exploit CVE-2016-2098
2016-07-07 16:16:37 -05:00
2cc6565cc9
Update rails_actionpack_inline_exec
2016-07-07 15:56:50 -05:00
fee361dae0
Land #7075 , Add ms16-016 local privilege escalation
2016-07-06 12:01:01 -05:00
532ea5d4c4
Make sure there's a ref and checkcode
2016-07-06 12:00:20 -05:00
45401bfe45
Land #7069 , modify check codes in multiple local exploits
2016-07-06 00:04:24 -05:00
b4b3a84fa5
refactor ms16-016 code
2016-07-05 20:50:43 -05:00
e29d5b9efe
Land #6954 , Fix the available size of payload for exploit/.../payload_inject
2016-07-05 07:38:27 -07:00
0f8efec001
Fix modules broken by @wchen-r7 's 4275a65407 commit.
...
These modules call check() in the exploit() function and expected to get a CheckCode::Vulnerable, now that check() returns Appears instead of Vulnerable they always refuse to run.
I've flipped the logic, based on examples in other modules, now they refuse to run only if check() positively returns Safe.
2016-07-05 13:49:14 +02:00
12812650c0
Land #7054 , Fix busted alpha encoding on ms02_018_htr
2016-07-02 17:07:25 -05:00
4ed12d7077
Added: support for credentials saving using report_cred method as suggested
...
Added: support for detection of valid user credentials to skip login SQLi if not necessary.
2016-07-02 01:41:13 -04:00
3850431966
Fix busted alpha encoding on this old-ass exploit
2016-07-01 17:20:00 -05:00
70a79bb0e8
Land #7014 , Nagios remote root shell exploit
2016-07-01 08:17:38 -07:00
a1bd640eff
Fix hashrocket alignment
2016-07-01 09:05:03 -05:00
9663f88fdc
Download profile.zip instead of including it
...
profile.zip is GPL-licensed...
2016-07-01 01:17:23 -05:00
1401a61f59
Land #6998 , Fix #6984 Undefined method 'winver' in ms10_092_schelevator
2016-06-30 16:14:09 -05:00
1ecef265a1
Do a fail_with in case nonce is not found at all
2016-06-30 11:21:45 -05:00
e2b9225907
Fix #7022 , Failing to find wpnonce in fetch_ninja_form_nonce
...
This patch fixes a problem when the module is used against an older
version of ninja forms (such as 2.9.27), the nonce is found in a
hidden input instead of the JavaScript code, which actually causes
an undefined method 'gsub' bug in the module.
Fix #7022
2016-06-30 11:15:38 -05:00
d1281b6594
Chmod to remove the exec bit.
2016-06-30 10:43:46 -04:00
068a4007de
Riverbed SteelCentral NetProfiler & NetExpress Exploit Module
...
Changes to be committed:
new file: modules/exploits/linux/http/riverbed_netprofiler_netexpress_exec.rb
2016-06-29 22:27:40 -04:00
68bd4e2375
Fire and forget the shell
...
Edge case where reverse_perl returns 302 when app is unconfigured.
2016-06-29 14:51:05 -05:00
fcf8cda22f
Add basic module for CVE-2016-2098
...
ActionPack versions prior to 3.2.22.2, 4.1.14.2, and 4.2.5.2
implement unsafe dynamic rendering of inline content such that
passing ERB wrapped Ruby code leads to remote execution.
This module only implements the Ruby payloads, but can easily
be extended to use system calls to execute native/alternate
payload types as well.
Test Procedures:
Clone https://github.com/hderms/dh-CVE_2016_2098
Run bundle install to match gem versions to those in lockfile
Run the rails server and configure the metasploit module:
Set TARGETURI to /exploits
Configure payload and handler options
Execute the module, move on to post-exp
2016-06-28 03:28:16 -04:00
5f08591fef
Add Nagios XI exploit
2016-06-27 15:17:18 -05:00
2480781409
pesky pry.
2016-06-27 01:55:49 -04:00
c2b4e22b46
updated with discovered changes from k kali & documentation update changes requested.
2016-06-27 01:53:20 -04:00
15a1a9ed71
Raise if payload.arch doesn't match expected
...
This is necessary when payload is a generic/* since we can't actually
figure out what we need the prefix/suffix to be because the generics are
a pain to extract the arch/platform info out of.
Also remove some unnecessary options.
2016-06-24 16:08:47 -05:00
3fb9eae687
EOL space if a ruby devil.
2016-06-23 15:40:16 -07:00
b38b116c9a
@ePaul comments added to description.
2016-06-23 15:33:11 -07:00
08d08d2c95
Fix Java payload generator
2016-06-23 14:51:26 -05:00
Mehmet Ince