02e4edc4cb
Land #8579 , Easy File Sharing HTTP Server 7.2 - Post Overflow exploit
2017-06-22 10:56:41 -05:00
b51fc0a34e
Land #8489 , more httpClient modules use store_valid_credential
2017-06-21 17:18:34 -05:00
99fb905bbd
fix typo
2017-06-21 16:52:09 -05:00
24d9bec0ae
Land #8260 , OpManager Version Check
2017-06-20 17:58:10 -05:00
241786e71f
Update description with tested versions.
2017-06-20 15:32:08 -05:00
14f0409c6c
Missing regex '+', readding so we get full API key.
2017-06-20 15:28:15 -05:00
b02719e795
Attempt to appease Travis...
2017-06-20 11:36:08 -05:00
c7a55ef92f
Added exploit documentation
2017-06-20 09:03:40 +02:00
7fb36edd50
corrected msftidy warnings
2017-06-17 22:58:47 +02:00
31a5cc94b2
Easy File Sharing HTTP Server 7.2 - Post Overflow exploit
2017-06-17 22:35:21 +02:00
a968a74ae0
Update ms17_010_eternalblue description and ranking.
...
The module has been noted to cause crashes, reboots, BSOD, etc, on
some systems.
2017-06-09 11:01:48 +12:00
99fa52e660
Land #8434 , Add Windows 10 Bypassuac fodhelper module
2017-06-07 11:15:01 -05:00
f47cc1a101
Rubocop readability changes
2017-06-05 14:32:45 -05:00
0e145573fc
more httpClient modules use store_valid_credential
2017-05-30 14:56:05 -05:00
d5e74ffdf3
Merge branch 'master' into feature/eternal_blue/rubysmb_refactor
2017-05-30 13:59:31 -05:00
a5f910ea63
move trans2 conditional to case statement
...
this is cleaner as a case statement
2017-05-30 13:52:29 -05:00
b65c959347
limited port of the trans2 exploit packets
...
ported some of the Trans2 packets for EternalBlue
over to RubySMB, but there is so much jacked up about these
packets I'm not sure we can do much more here
2017-05-30 13:49:27 -05:00
72ff4fbf48
Reword warning message, since it didn't make sense
2017-05-30 13:13:08 -05:00
890d35cc30
Fix warning placement to be more helpful
2017-05-30 13:06:23 -05:00
e9ac3fce5a
update credential mode for EB exploit
...
ExternalBlue can now just flat out take
credentials to authenticate with. If credentials
are not supplied then it will still do the
anonymous login.
2017-05-30 10:55:28 -05:00
beb1cef835
rescue connection failure for netbios, suggest how to fix it
2017-05-30 08:06:39 -05:00
a781480e89
Add error handling to get_once
...
And check for specific ack result/reason for 32-bit.
2017-05-29 22:28:50 -05:00
6e253a5be7
Use Rex::Proto::DCERPC::Response
2017-05-29 21:58:03 -05:00
42b14a93b8
Add comments
2017-05-28 23:45:09 -05:00
7a2944d113
Implement VerifyArch for ETERNALBLUE
2017-05-28 23:26:59 -05:00
ee5f37d2f7
remove nt trans raw sock op
...
don't send the nt transact packet as raw
socket data, instead use the client send_recv
method
2017-05-26 15:50:18 -05:00
f0f99ad479
nttrans packet setup correctly,everything broken
...
got the nttrans packet setup correctly but somewhere
along the line i broke the whole exploit wtf?
2017-05-26 14:54:46 -05:00
162a660d45
Remove the old windows/fileformat/office_word_macro
...
windows/fileformat/office_word_macro.rb has been deprecated and
it should have been removed on March 16th.
If you want to create a Microsoft Office macro exploit, please
use the multi/fileformat/office_word_macro exploit instead, which
supports multiple platforms, and will support template injection.
2017-05-26 07:33:46 -05:00
2835c165d7
Land #8390 , Add module to execute powershell on Octopus Deploy server
2017-05-25 17:33:07 -05:00
330526af72
Update check method
2017-05-25 17:30:58 -05:00
0b0e2f64ca
update SMB1 "Freehole" packet
...
the 'Freehole' packet is now generated with
RubySMB and sent by the client, rather than raw bytes
sent over the bare socket
2017-05-25 13:43:16 -05:00
bc8ad811aa
remove old anonymous login packet
...
we are now using the anonymous login from the
RubySMB client we no longer need this method to
manually build the packet
2017-05-25 10:49:42 -05:00
238052a18b
use RubySMB client echo
...
replaced the manually created echo packet
with the RubySMB client echo command
2017-05-25 10:47:14 -05:00
4ffe666b52
improve the cred fallback
...
we might get a successful sessionsetup
but a failure on IPC$ due to anonymous access
2017-05-24 17:36:07 -05:00
4c02b7b13a
added credentialed fallback
...
if anonymous login is blocked, then the user can
supply credentials for the exploit to try as a fallback
2017-05-24 16:09:51 -05:00
dc67fcd5a8
use RubySMB for anonymous login
...
use the new anonymous login capabilities in
RubySMB
2017-05-24 15:40:05 -05:00
e4ea618edf
Land #8419 , ETERNALBLUE fixes (round two)
...
Hope I resolved the conflicts correctly.
2017-05-23 17:03:21 -05:00
46eb6bdf62
Land #8399 , ETERNALBLUE fixes (round one)
2017-05-23 16:51:19 -05:00
f80c3aa3f4
Correct absolute path
2017-05-23 16:50:25 -05:00
93bb47d546
msftidy fix
2017-05-22 19:27:15 +01:00
092e7b96b8
typo
2017-05-22 17:27:50 +01:00
74c08cebee
Add bypassuac fodhelper module for Windows 10
2017-05-22 17:25:17 +01:00
467f1ce0ca
Land #8411 , Buffer overflow in VXSearch Enterprise v9.5.12
2017-05-22 07:37:31 -05:00
b5caeb29dd
only support for 32bit so far
2017-05-22 12:30:52 +02:00
036f063988
Fix a stack trace when no SMB response is received
2017-05-19 16:24:41 -05:00
b76229b5f7
removed unessessary line
2017-05-18 19:15:49 -07:00
7ca0fe5a68
Added make_junk function
2017-05-18 19:06:09 -07:00
c1624d0967
VX Search Enterprise GET Buffer Overflow
2017-05-18 17:12:47 +01:00
bdf121e1c0
x86 kernels will safely ret instead of BSOD
2017-05-17 23:48:14 -06:00
d944bdfab0
expect 0xC00000D
2017-05-17 23:05:20 -06:00
William Webb