a59913434d
Land #10916 , Xorg SUID privesc
2018-11-21 19:46:11 -06:00
d5d8216377
Land #10977 , Add documentation and some enhancement to freesshd_authbypass module
2018-11-20 11:44:49 -06:00
b679bfa3d9
Carriage return errors fixed.
2018-11-18 03:29:17 +08:00
fd0f40a141
Add PowerShell as a separate target then set it as default.
2018-11-18 03:20:48 +08:00
90b9204703
Update DisclosureDate to ISO 8601 in my modules
...
Basic msftidy fixer:
diff --git a/tools/dev/msftidy.rb b/tools/dev/msftidy.rb
index 9a21b9e398..e9ff2b21e5 100755
--- a/tools/dev/msftidy.rb
+++ b/tools/dev/msftidy.rb
@@ -442,6 +442,8 @@ class Msftidy
# Check disclosure date format
if @source =~ /["']DisclosureDate["'].*\=\>[\x0d\x20]*['\"](.+?)['\"]/
d = $1 #Captured date
+ File.write(@full_filepath, @source.sub(d, Date.parse(d).to_s))
+ fixed('Probably updated traditional DisclosureDate to ISO 8601')
# Flag if overall format is wrong
if d =~ /^... (?:\d{1,2},? )?\d{4}$/
# Flag if month format is wrong
2018-11-16 12:18:28 -06:00
08b3efa046
Enhanced module and added documentation.
2018-11-16 21:18:45 +08:00
a174c606aa
Changed SELINUX check to use built in methods
2018-11-16 04:22:18 -06:00
795aa3c99c
Land #10828 , git submodule url exec CVE-2018-17456
2018-11-14 12:39:13 -06:00
798d3156bc
Print git command for module
2018-11-14 10:57:36 -06:00
4fc047db87
Added advanced option to check console lock on linux systems, default true & updated docs
2018-11-13 22:33:12 -06:00
5e85683228
removed to_s from string
2018-11-13 15:28:55 -06:00
ac8932c144
update 9631 to a current branch
2018-11-13 15:15:25 -06:00
da134f06e3
Updated check method
...
Fixed check method and redundant variable declarations
2018-11-13 16:01:40 -05:00
538055c406
Initial documentation for Xorg Privesc Module
...
killed white spaces
2018-11-12 15:44:13 -06:00
ef7fc783be
Added Selinux check, changed version check, retested on all platforms
2018-11-11 12:34:30 -06:00
a5429d21a6
Update modules/exploits/multi/local/xorg_x11_suid_server.rb
...
Co-Authored-By: aringo <ringo.aaron@gmail.com >
2018-11-11 07:39:32 -06:00
2a7b18bcbf
Update modules/exploits/multi/local/xorg_x11_suid_server.rb
...
Co-Authored-By: aringo <ringo.aaron@gmail.com >
2018-11-11 07:38:42 -06:00
e6f548c5f4
added meterpreter, took out in session, moved to exploits/multi/local
2018-11-11 01:43:36 -06:00
1f14a9846d
Land #10767 , Add Cisco Prime Infrastructure remote root exploit
2018-11-10 17:08:16 +00:00
b93f14a5c2
Fixed some PR feedback, still working on adding meterpreter and cleanup
2018-11-08 22:10:46 -06:00
3f3bee6a79
added version check
2018-11-08 22:08:11 -06:00
012c8a450f
Feedback from PR work cont. changed loop, formatting errors, options
2018-11-08 22:08:11 -06:00
adb8be7f9f
includes partially implemented feedback from PR
2018-11-08 22:08:11 -06:00
18bf58e547
Update modules/exploits/openbsd/local/xorg_x11_suid_server.rb
...
Co-Authored-By: aringo <ringo.aaron@gmail.com >
2018-11-08 22:08:11 -06:00
8c4eb5f741
Update modules/exploits/openbsd/local/xorg_x11_suid_server.rb
...
Co-Authored-By: aringo <ringo.aaron@gmail.com >
2018-11-08 22:08:11 -06:00
84b79e6787
Update modules/exploits/openbsd/local/xorg_x11_suid_server.rb
...
Co-Authored-By: aringo <ringo.aaron@gmail.com >
2018-11-08 22:08:11 -06:00
7feb960d9b
Initial add of Xorg SUID privesc
2018-11-08 22:08:11 -06:00
9dd0f2a5ea
modified to allow unix cmd for testing and other targets not supported, took out interpolation,notes section re-added
...
added notes section back in
2018-11-06 20:45:20 -06:00
dd57b27652
Rename hash to generate_process_hash
...
In the interest of compatibility this uses a more descriptive name for
the process hash creation method instead of overriding ruby's hash method.
See https://docs.ruby-lang.org/en/2.0.0/Hash.html
2018-11-05 17:16:16 -06:00
aff4ef0752
land #10912 moving polycom exploit to misc folder
2018-11-05 16:54:24 -05:00
0c38babb9e
Land #10874 , rm size restriction from pyld_inject
2018-11-05 15:16:40 -06:00
f185c06204
Land 10794, Add support for ms17_010_eternalblue_win8 ProcessName option
...
Merge branch 'land-10794' into upstream-master
2018-11-05 15:08:59 -06:00
7ca2311325
Land #10792 , Add support for ms17_010_eternalblue ProcessName option
...
Merge branch 'land-10792' into upstream-master
2018-11-05 14:19:10 -06:00
1f0941101f
shut up, msftidy
2018-11-05 14:13:33 -06:00
4f2ba46125
Stop some of the rubocop carnage
2018-11-05 14:11:24 -06:00
a32d8083f0
Land #10847 - Add blueimp's jQuery (Arbitrary) File Upload
...
CVE-2018-9206
2018-11-05 11:37:20 -06:00
5ec155fd44
Changed some options to advanced
2018-11-05 09:59:17 -06:00
ff07289132
better style according to the review
2018-11-05 13:46:36 +08:00
7464d81c01
Add warning about JSP deletion
2018-11-05 00:52:34 +09:00
fdf45f269b
Move polycom_hdx_auth_bypass to exploit/unix/misc/
2018-11-04 06:14:26 +00:00
c3080d69f2
Use writable? method for local modules
2018-11-04 05:28:32 +00:00
6bc4b71ca3
Land #10873 , Add notes to exploit modules
2018-11-02 14:11:11 -05:00
7faa775b55
Remove the now unnecessary DisableNops option
2018-11-02 14:57:41 -04:00
86469cc5a0
Land #10836 , Add Morris worm sendmail debug mode exploit
2018-11-02 11:17:33 -05:00
1d81f3764f
Land #10700 , Add Morris worm fingerd exploit and VAX reverse shell
2018-11-02 11:16:46 -05:00
114a8127e8
Land #10858 , bypassuac_eventvwr optimizations - reduce created processes and artifacts
...
Merge branch 'land-10858' into upstream-master
2018-10-31 16:44:32 -05:00
af7a7d586b
Add validation check to make sure x64 remote host and a x86 session
...
cannot select an x64 target.
2018-10-31 16:31:52 -05:00
6fe7bb0bb6
Increase sleep time to 10 seconds
...
Increase the wait time before removing the registry key - allows the payload to spawn successfully on slow systems.
2018-10-29 12:55:03 -04:00
1c340f8202
Land #10853 , Add universal targeting to Mercury/32 IMAP LOGIN exploit
2018-10-28 18:17:46 +00:00
370bcaf8d8
Update mercury_login.md
2018-10-28 09:49:15 +01:00
Brent Cook