a59913434d
Land #10916 , Xorg SUID privesc
2018-11-21 19:46:11 -06:00
90b9204703
Update DisclosureDate to ISO 8601 in my modules
...
Basic msftidy fixer:
diff --git a/tools/dev/msftidy.rb b/tools/dev/msftidy.rb
index 9a21b9e398..e9ff2b21e5 100755
--- a/tools/dev/msftidy.rb
+++ b/tools/dev/msftidy.rb
@@ -442,6 +442,8 @@ class Msftidy
# Check disclosure date format
if @source =~ /["']DisclosureDate["'].*\=\>[\x0d\x20]*['\"](.+?)['\"]/
d = $1 #Captured date
+ File.write(@full_filepath, @source.sub(d, Date.parse(d).to_s))
+ fixed('Probably updated traditional DisclosureDate to ISO 8601')
# Flag if overall format is wrong
if d =~ /^... (?:\d{1,2},? )?\d{4}$/
# Flag if month format is wrong
2018-11-16 12:18:28 -06:00
a174c606aa
Changed SELINUX check to use built in methods
2018-11-16 04:22:18 -06:00
795aa3c99c
Land #10828 , git submodule url exec CVE-2018-17456
2018-11-14 12:39:13 -06:00
798d3156bc
Print git command for module
2018-11-14 10:57:36 -06:00
4fc047db87
Added advanced option to check console lock on linux systems, default true & updated docs
2018-11-13 22:33:12 -06:00
5e85683228
removed to_s from string
2018-11-13 15:28:55 -06:00
ac8932c144
update 9631 to a current branch
2018-11-13 15:15:25 -06:00
da134f06e3
Updated check method
...
Fixed check method and redundant variable declarations
2018-11-13 16:01:40 -05:00
538055c406
Initial documentation for Xorg Privesc Module
...
killed white spaces
2018-11-12 15:44:13 -06:00
ef7fc783be
Added Selinux check, changed version check, retested on all platforms
2018-11-11 12:34:30 -06:00
a5429d21a6
Update modules/exploits/multi/local/xorg_x11_suid_server.rb
...
Co-Authored-By: aringo <ringo.aaron@gmail.com >
2018-11-11 07:39:32 -06:00
2a7b18bcbf
Update modules/exploits/multi/local/xorg_x11_suid_server.rb
...
Co-Authored-By: aringo <ringo.aaron@gmail.com >
2018-11-11 07:38:42 -06:00
e6f548c5f4
added meterpreter, took out in session, moved to exploits/multi/local
2018-11-11 01:43:36 -06:00
9dd0f2a5ea
modified to allow unix cmd for testing and other targets not supported, took out interpolation,notes section re-added
...
added notes section back in
2018-11-06 20:45:20 -06:00
caf76a6555
Add applicable notes to my exploit modules
2018-10-27 20:54:14 -04:00
b3d45586db
feedback from code review
2018-10-18 12:30:46 +08:00
64e257649f
cleanup module
2018-10-18 11:45:59 +08:00
290d4428c1
create git mixin
2018-10-18 11:31:31 +08:00
063e477ff2
git submodule url exec (CVE-2018-17456)
2018-10-18 11:02:28 +08:00
5b14d94957
Land #10671 , struts2_namespace_ognl updates
...
There are still some outstanding concerns, but I want to unblock this.
2018-10-12 11:08:33 -05:00
2989507b85
Copy check for data_header to avoid crash
...
Variable was used but out of scope.
2018-10-12 11:06:26 -05:00
1da99c8bd1
Fixed syntax errors
...
Corrected redundant returns and indentation errors
2018-10-11 10:01:47 -04:00
86f7c270c6
Fixed stylistic and syntax errors
2018-10-11 09:19:35 -04:00
0f3917f540
Fixed syntax errors
2018-10-10 13:26:49 -04:00
26482ee6d6
Fixed EOL spaces
2018-10-09 18:30:41 -04:00
9c9cd33c34
Fixed syntax errors and inconsistencies
2018-10-09 17:45:02 -04:00
7bc98e0ea8
Fix formatting and convert a missed AKA reference
2018-10-05 03:22:08 -05:00
8b955f8ec5
Land #10704 , Navigate CMS Unauthenticated RCE
2018-10-04 06:44:21 -05:00
97729727d8
Minor modifications
2018-10-02 06:57:04 -05:00
6f5a8f8f42
Fix outdated metadata
2018-10-01 18:59:09 +01:00
e4256f4595
Make ENABLE_STATIC an OptBool, as I should have done in the first place
2018-09-27 17:54:22 -05:00
342cfe4199
Refactor again
2018-09-27 12:38:05 +02:00
82b1f40925
Add cleanup code
2018-09-27 11:17:53 +02:00
2b86297138
Refactor
2018-09-27 11:16:54 +02:00
f55483d17d
Fix incorrect session_id extraction
2018-09-27 11:07:43 +02:00
f882c3aec2
Add Navigate CMS Unauthenticated Remote Code Execution
2018-09-26 21:39:15 +02:00
fd8ad6f4d8
struts2_namespace_ognl: Added verbose messages for errors with Tomcat >= 7.0.88
2018-09-18 15:26:28 -05:00
4933f47ac5
struts2_namespace_ognl: Remove debugging code
2018-09-18 14:46:41 -05:00
a9e6257891
struts2_namespace_ognl multishot OGNL payloads for Windows Meterpreter support
2018-09-18 14:27:47 -05:00
6126a627cc
Land #10570 , AKA Metadata Refactor
2018-09-17 22:29:20 -05:00
011c25ed59
Merge changes from master (ghostscript)
2018-09-17 13:57:28 -05:00
4c036e70c1
Fix http://seclists.org links to https://
...
I have no idea how this happened in my own code. I was seeing https://.
2018-09-15 18:54:45 -05:00
718aaca0f4
Land #10546 , Add Apache Struts exploit: CVE-2018-11776
2018-09-07 14:54:23 -05:00
bd50e00ccc
Make some small changes:
...
Changes made:
* DisclosureDate
* Privileged to false
* Remove gsub for ';'
* Set cmd/unix/generic as the default payload for ARCH_CMD (linux)
2018-09-07 14:48:33 -05:00
b3cd4a89ad
Move CVE ref to top as per ~standard~
2018-09-07 14:33:25 -05:00
68ca771764
Add CVE reference to ghostscript_failed_restore.rb
2018-09-07 14:24:15 -05:00
99ca6cef49
Quote-block cleanup and improved error handling
2018-09-07 11:43:04 -05:00
3671f8f6b0
Handling for Tomcat namespace issues, 'allowStaticMethodAccess' settings, and payload output
...
Depending on the configuration of the Tomcat server, `allowStaticMethodAccess` may already be set. We now try to detect this as part of `profile_target`. But that check might fail. If so, we'll try our best and let the user control whether we prepend OGNL to enable `allowStaticMethodAccess` via the 'ENABLE_OGNL' option.
Additionally, sometimes enabling `allowStaticMethodAccess` will cause the OGNL query to fail.
Additionally additionally, some Tomcat configurations won't provide output from the payload. We'll detect that the payload ran successfully, but tell the user there was no output.
2018-09-06 17:56:42 -05:00
7eb06b4592
Address travis errors: Updated metadata and target OS logic
2018-09-06 12:43:56 -05:00
Brent Cook