8be2b1f59e
Land # 9407, Add BMC Server Automation RSCD Agent RCE exploit module
...
Merge branch 'land-9407' into upstream-master
2018-01-31 13:35:29 -06:00
08dcb5cc49
Land #9445 fixes for ssl labs scanner module
2018-01-29 20:51:05 -05:00
d4a0372238
Land #9457 , Dup Scout Enterprise v10.4.16 - Import Command Buffer Overflow
2018-01-29 11:40:54 -06:00
c390696ddf
Land #9379 , Oracle Weblogic RCE exploit and documentation
2018-01-25 21:47:18 -06:00
309deb9ee7
Land #9446 , Post API fix for setuid_nmap
2018-01-25 16:00:40 -06:00
4cd5801e6f
Dup Scout Import Command Buffer Overflow
2018-01-24 20:47:46 +00:00
6caba521d3
Land #9424 , Add SharknAT&To external scanner
2018-01-24 12:40:29 -05:00
eb572a3ef5
Land #8632 , colorado ftp fixes
2018-01-23 17:45:07 -06:00
a27cfeaea9
Land #9416 , Sync Breeze Enterprise 9.5.16 Import Command buffer overflow
...
Merge branch 'land-9416' into upstream-master
2018-01-23 16:35:51 -06:00
3922844650
ninja style changes
2018-01-23 16:34:49 -06:00
d81d50b491
Land #9430 , Improve Hyper-V checkvm checks
2018-01-23 15:22:12 -06:00
685a950077
Land #9114 , Add module for Kaltura <= 13.1.0 RCE (CVE-2017-14143)
...
Merge branch 'land-9114' into upstream-master
2018-01-23 12:35:59 -06:00
5684b9ed7c
Readd dropped return during refactoring
2018-01-23 10:12:15 -06:00
be08af5404
More Python style fixes
2018-01-23 09:17:22 -06:00
d3b3946669
Use Msf::Post::File#setuid? in setuid_nmap
2018-01-23 02:05:26 -06:00
03d1523d43
Land #6611 , add native DNS to Rex, MSF mixin, sample modules
2018-01-22 23:54:32 -06:00
a6e5944ec5
fix msftidy, add nicer errors on bind failure
2018-01-22 23:37:39 -06:00
aae77fc1a4
Land #9349 , GoAhead LD_PRELOAD CGI Module
2018-01-22 23:10:36 -06:00
d1569f8280
Land #9413 , Expand the number of class names searched when checking for an exploitable JMX server
2018-01-22 16:49:01 -06:00
10fde42adc
Land #9431 , Fix owa_login to handle inserting credentials for a hostname
2018-01-22 16:46:39 -06:00
b12953fa85
Land #9404 , update module author
2018-01-22 16:41:50 -06:00
04d305feb3
update SSL Labs scanner with new API, be robust
...
This updates the SSL Labs scanner to know about new additions to the API, and prevents the module from breaking again just because there is new JSON in the output. I couldn't figure out how to get the Api class to print messages normally, and there is some other output that needs to be added. But the module does work again.
2018-01-22 16:32:16 -06:00
394c31c1e3
Remove NoMethod Rescue for cerberus_sftp_enumusers
...
Please see reasons in #9436
2018-01-22 11:10:23 -06:00
38d056b930
Land #9436 - Fix cerberus_sftp_enumusers undefined method start for nil
...
Land #9436
Thanks Steve!
2018-01-22 11:07:23 -06:00
85d018096b
Pass password_prompt and non_interactive to fix #8970
...
Fix #8970
2018-01-22 11:06:12 -06:00
682c915a09
Land #9267 , Add targets to sshexec
2018-01-22 09:59:48 -06:00
69818aea22
update payload sizes
2018-01-21 08:03:07 -06:00
2a6b3671bf
Add connection addr+port info to http response object.
...
Update owa_login to use this instead of doing lookups on its own.
2018-01-19 13:37:33 -06:00
8f75d3a46b
Possible fix to changes in net::ssh usage
2018-01-19 15:10:14 +00:00
c7d3b5dfbb
Update payload and disable check functionality
...
The check functionality is broken as MSF cannot handle HttpServer and HttpClient at this time.
The payloads were updated to ensure CVE-2017-10271 is being exploited instead of CVE-2017-3506 as explained on https://blog.nsfocusglobal.com/threats/vulnerability-analysis/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability/
2018-01-18 13:26:44 -05:00
7849743789
update stageless python sizes
2018-01-18 00:41:58 -06:00
e9ce2374e5
Auto-resolve target if it's a hostname (owa_login).
...
Ensures the module does save the creds which it claims to be saving. See MS-2968.
2018-01-17 16:47:21 -06:00
9328374155
Update 'author' field of metadata
2018-01-17 16:43:37 -06:00
0f0b116751
Rename scanner bits to avoid confusion
2018-01-17 14:46:31 -06:00
10cf327c26
Improve Hyper-V tests in checkvm
...
All Win10 machines, physical and virtual, were being reported as 'Hyper-V' (false positives)
Added functionality to extract hostname of physical hypervisor from VM registry
2018-01-17 14:29:03 -06:00
4c11eae774
Maybe that timeout is needed.....
2018-01-17 13:21:36 -06:00
c7894f1d74
Split long lines and add comments
2018-01-17 12:04:12 -06:00
35bec8d3cd
Fixed classes names and added RMI interfaces
2018-01-17 17:10:36 +01:00
d345008b20
Added all the classes that implement RMI server
2018-01-17 17:03:32 +01:00
f439edfa1a
Fixes by the fabled wvu
2018-01-17 08:20:52 -06:00
d6e966b079
Land #9414 , wp_admin_shell_upload - remove plugin dir after exploitation
2018-01-16 21:08:22 -06:00
37bf68869f
Add scanner for the open proxy from 'SharknAT&To'
2018-01-16 21:05:19 -06:00
e5bd36da1c
Land #9402 , NIS bootparamd domain name disclosure
2018-01-15 15:36:00 -06:00
aa9b5e4419
Sync Breeze Enterprise Import Command
2018-01-15 20:46:40 +00:00
2f9eebe28b
remove plugin dir
2018-01-15 14:48:59 +01:00
dfb9941e95
Fix java_jmx_server exploit
...
Add test case when discovering RMI endpoint as the previous one was not complete
2018-01-15 12:13:09 +01:00
333ee893d3
Tidied up platform detection, check method, and minor typos.
2018-01-14 18:28:40 +00:00
736d438813
Address second round of feedback
...
Brain fart on guard clauses when I've been using them all this time...
Updating the conditions made the ternary fall out of favor.
Changed some wording in the doc to suggest the domain name for a
particular NIS server may be different from the bootparamd client's
configuration.
2018-01-13 22:55:01 -06:00
6568d29b67
Add BMC Server Automation RSCD Agent RCE exploit module.
2018-01-14 01:12:55 +00:00
1a8eb7bf2a
Update nis_ypserv_map after bootparam feedback
...
Yes, yes, I see the off-by-one "error." It's more accurate this way.
Basically, we want to ensure there's actually data to dump.
2018-01-13 15:40:17 -06:00
bwatters-r7