96f7012fe7
Code clean up (URLs, ordering and printing)
2017-09-06 13:17:28 +01:00
b884705a93
regsvr32_applocker_bypass_server -> web_delivery
2017-09-06 12:35:52 +01:00
e7b4cb71b1
Add PSH-Proxy to multi/script/web_delivery
2017-09-06 12:27:04 +01:00
6051a1a1c1
Land #8910 , Use meta redirect instead of JS redirect in 2 modules
2017-09-01 13:50:02 -05:00
86db2a5771
Land #8888 from @h00die, with two extra fixes
...
Fixes spelling and grammar in a bunch of modules. More to come!
2017-08-31 14:37:02 -05:00
49173818fd
Addresses #8674
...
This type of redirection will work without javascript being enabled.
Modules:
multi/browser/firefox_xpi_bootstrapped_addon
multi/browser/itms_overflow
More info on the meta element:
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta
2017-08-30 23:16:46 -05:00
202c936868
Land #8826 , git submodule remote command execution
2017-08-29 18:11:32 -05:00
46eeb1bee0
update style
2017-08-29 17:44:39 -05:00
39299c0fb8
randomize submodule path
2017-08-29 16:54:08 +08:00
a40429158f
40% done
2017-08-28 20:17:58 -04:00
8f17d536a7
Update phpmailer_arg_injection.rb
...
Removed second parameter as it was not necessary. Only changed needed was to change "send_request_cgi" to "send_request_cgi!"
2017-08-24 00:29:28 -06:00
c49b72a470
Follow 301 re-direct
...
I found that in some cases, the trigger URL cannot be accessed directly. For example, if the uploaded file was example.php, browsing to "example.php" would hit a 301 re-direct to "/example". It isn't until hitting "/example" that the php is executed. This small change will just allow the trigger to follow one 301 redirect.
2017-08-23 18:53:54 -06:00
821121d40b
Land #8871 , improve compatibility and speed of JDWP exploit
2017-08-23 18:53:47 -05:00
128949217e
more osx
2017-08-22 16:48:09 -05:00
bb120962aa
more osx support
2017-08-22 14:01:48 -05:00
7263c7a66e
add 64-bit, osx support
2017-08-22 13:51:28 -05:00
e01caac9ed
removing slice operators from jdwp_debugger
2017-08-21 16:36:54 -05:00
edbe8d73c2
Revert "Revert passive stance for multi/handler"
...
This reverts commit 66a4ea4f0b
2017-08-21 16:14:23 -05:00
eabe4001c2
Land #8492 , Add IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution module
2017-08-20 18:48:22 -05:00
88f39d924b
Land #8816 , added Jenkins v2 cookie support
2017-08-20 14:58:38 -05:00
66a4ea4f0b
Revert passive stance for multi/handler
...
It's gotten to be a bit annoying. ExitOnSession=false was good, but this
was too much. Typing run -j isn't difficult.
2017-08-18 13:16:12 -05:00
7881a7ddc4
git submodule command exec
2017-08-13 11:47:44 +08:00
7e860571ae
fix bug where api_token auth was being used without token being set
2017-08-09 12:30:26 -04:00
9bb102d72d
add jenkins v2 cookie support
2017-08-09 12:29:31 -04:00
6f97e45b35
enable Ruby 2.2 compat checks in Rubocop, correct multi/handler compat
2017-08-02 06:18:02 -05:00
8989d6dff2
Modified Accuvant bog posts to the new Optive urls
2017-08-02 13:25:17 +10:00
4845b4b1fa
Orientdb 2.2.x RCE - Fix regular expression for version detection
2017-07-26 14:35:05 +01:00
30664924c8
Orientdb 2.2.x RCE - Reverted to send_request_raw due to issues exploiting windows boxes
2017-07-26 13:59:14 +01:00
354869205a
make exploit/multi/handler passive
...
This gives exploit/multi/handler a makeover, updating to use more-or-less
standard Ruby, and removing any mystical hacks at the same time (like select
instead of sleep).
This also gives it a Passive stance, and sets ExitOnSession to be false by
default, which is the setting that people use 99% of the time anyway.
2017-07-24 15:47:06 -07:00
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
838b066abe
Merge branch 'master' into land-8716
2017-07-24 05:51:44 -07:00
6c22f785e9
Orientdb 2.2.x RCE - Fine tune vulnerable version detection; removed redundant uri normalization checking; Swapped send_request_raw for send_request_cgi; using vars_get;
2017-07-24 09:52:47 +01:00
524373bb48
OCD - Removed un-needed full stop
2017-07-21 07:41:51 -07:00
772bec23a1
Fix various typos
2017-07-21 07:40:08 -07:00
ef826b3f2c
OCD - print_good & print_error
2017-07-19 12:48:52 +01:00
b8d80d87f1
Remove last newline after class - Make @wvu-r7 happy
2017-07-19 11:19:49 +01:00
3d4feffc62
OCD - Spaces & headings
2017-07-19 11:04:15 +01:00
f3f96babb9
Orientdb 2.2.x RCE - Changed the java_craft_runtime_exec function; Tested the module against Win7-Pro-x64 with OrientDB v2.2.20 with StagerCmd flavors vbs and certutil with success
2017-07-19 10:46:10 +01:00
219987726f
Orientdb 2.2.x RCE - Changed the CmdStager flavor to VBS script
2017-07-18 17:18:14 +01:00
5ca523e2ce
Orientdb 2.2.x RCE - Add warning about windows
2017-07-18 17:11:54 +01:00
af0a9c2f86
Orientdb 2.2.x RCE tidy stuff
2017-07-18 17:07:29 +01:00
99ba645034
Orientdb 2.2.x RCE
2017-07-18 16:53:44 +01:00
8f6cac9c37
Land #8652 , rpc console write exploit
...
lands pr for the metasploit rpc console write exploit
2017-07-14 14:47:35 -05:00
4720d1a31e
OCD fixes - Spaces
2017-07-14 08:46:59 +01:00
fd843f364b
Removed extra lines
2017-07-14 08:17:16 +01:00
424522147e
OCD fixes - Start of *.rb files
2017-07-13 23:53:59 +01:00
df024bb594
Remove duplicate setting of suhosin.simulation
2017-07-10 00:46:05 +03:00
3bda361544
add old hackingteam leak name
2017-07-07 00:52:11 -05:00
baff473cae
Add Metasploit RPC Console Command Execution module
2017-07-05 08:48:35 +00:00
7e1b50ab3b
Land #8629 , AKA (also known as) module reference
2017-06-28 19:15:45 -05:00
g0tmi1k