689fc28d1b
Added WinaXe 7.7 FTP client Server Ready buffer overflow
2016-11-06 23:35:16 -06:00
92964c1f95
Update phoenix_command.rb
2016-11-06 21:22:54 +01:00
2c2729f0b2
Update phoenix_command.rb
...
Coded was messed up by MS Edge, don't use it :)
2016-11-06 21:21:20 +01:00
1b4409f950
Update phoenix_command.rb
...
Style fix: replace "ractionport == nil ?" with "ractionport.nil?"
Is it OK? Did not find time to install and run rubocop ...
2016-11-06 21:15:31 +01:00
4ea9214466
Fixed a small bug
2016-11-06 16:20:55 +01:00
e9d85750c2
fix get_ipv4_addr(@interface) usage
...
get_ipv4_addr(@interface) returns a string not list, so get_ipv4_addr(@interface)[0] only got the first character of IP, which raises an error.
2016-11-06 19:04:57 +08:00
da356e7d62
Remove Compat hash to allow more payloads
2016-11-04 13:57:05 -05:00
f0c89ffb56
Refactor module and use FileDropper
2016-11-04 13:57:05 -05:00
6d7cf81429
Update references
2016-11-04 13:57:05 -05:00
009d6a45aa
Update description
2016-11-04 13:57:05 -05:00
bf7936adf5
Add instance_eval and syscall targets
2016-11-04 13:57:05 -05:00
4bf966f695
Add module to bypassuac using eventvwr
...
This module was inspired by the work done by Matt Nelson and Matt
Graeber who came up with the method in the first place. This works
nicely on a fully patched Windows 10 at the time of writing.
2016-11-05 04:41:38 +10:00
5b810fae41
Update atg_client to identify responses that indicate the command was not understood
2016-11-04 10:12:02 -07:00
ca5610ccde
Land #7511 , Update jenkins_script_console to support newer versions
2016-11-04 11:24:25 -05:00
e5ea4a53d3
Fix typo in windows cred phish module
2016-11-04 13:26:10 +10:00
b0970783ff
Another interim commit moving towards universal handlers
2016-11-04 13:25:02 +10:00
5ed030fcf6
Land #7529 , nil.downcase fix for tomcat_mgr_deploy
...
Don't think it was ever needed, since the password is case-sensitive.
Fixed a minor merge conflict where PASSWORD became HttpPassword.
2016-11-03 15:39:46 -05:00
2f8d3c3cf3
Remove the bug where downcase() is invoked on password which is optional and can be empty.
2016-11-03 15:23:19 -05:00
dae1f26313
Land #7521 , Modernize TLS protocol configuration for SMTP / SQL Server
2016-11-03 12:56:50 -05:00
eca4b73aab
Land #7499 , check method for pkexec exploit
2016-11-03 10:59:06 -05:00
1c746c0f93
Prefer CheckCode::Detected
2016-11-03 11:14:48 +01:00
2cdff0f414
Fix check method
2016-11-03 11:14:48 +01:00
5169341f62
Land #7522 , Fix psh template to avoid 100% cpu spike on CTRL+C
2016-11-02 16:40:34 -05:00
7895ba810d
Update payload cached size for the powershell payload
2016-11-03 02:50:13 +10:00
cc8c1adc00
Add first pass of multi x86 http/s payload (not working yet)
2016-11-03 02:44:53 +10:00
a651985b4f
Land #7498 , Joomla account creation and privesc
2016-11-01 22:46:36 -05:00
f414db5d6d
Clean up module
2016-11-01 22:46:28 -05:00
494b4e67bd
Refactor http/s handler & payloads
...
This commit moves much of the platform-specific logic from the
reverse_http handler down into the payloads. This makes the handler
a bit more agnostic of what the payload is (which is a good thing).
There is more to do here though, and things can be improved.
Handling of datastore settings has been changed to make room for the
ability to override the datastore completely when generating the
payloads. If a datastore is given via the `opts` then this is used
instead otherwise it falls back to the settings specified in the usual
datatstore location.
Down the track, we'll have a payload that supports multiple stages, and
the datastore will be generated on the fly, along with the stage itself.
Without this work, there's no other nice way of getting datastore
settings to be contained per-stager.
2016-11-02 11:33:59 +10:00
a924981369
Landing #7516 , X11 print fixes
2016-11-01 19:50:05 -04:00
a79f860cb7
Add UUIDs to mettle stages
2016-11-01 16:58:21 -05:00
05e2aad837
Land #7497 , Add Kerberos domain user enumeration module
2016-11-01 14:34:47 -05:00
e4b4264d79
Fix psh template to avoid 100% cpu spike on CTRL+C
...
Fixes #7293
2016-11-02 05:19:52 +10:00
1b4cef10d1
Change creds_name to Kerberos
2016-11-01 17:59:51 +00:00
31b593ac67
Land #7402 , Add Linux local privilege escalation via overlayfs
2016-11-01 12:46:40 -05:00
f8912486df
fix typos
2016-11-01 05:43:03 -05:00
47ec362148
Small fixes for dbvis enum
2016-11-01 07:35:36 +10:00
5c065459ae
print_{good,error} more specifically in open_x11
2016-10-31 11:29:00 -05:00
ffb53b7ca3
Tidy arch check in meterpreter inject
2016-11-01 01:51:12 +10:00
557424d2ec
Small tidy of the multiport_egress_traffic module
2016-11-01 01:46:58 +10:00
ec8536f7e9
Fix firefox module to use symbols where appopriate
2016-11-01 01:43:25 +10:00
b9bbb5e857
Replace regex use with direct string checks in dbvis module
2016-11-01 01:35:01 +10:00
3c57ff5c59
Avoid internal constants for bypassuac file path generation
2016-11-01 01:32:24 +10:00
6ce7352c45
Revert silly change in applocker bypass
2016-11-01 01:30:54 +10:00
3c56f1e1f7
Remove commented x64 arch from sock_sendpage
2016-11-01 01:29:11 +10:00
6b264ce6c4
Land #7508 , Fix typo PAYLOAD_OVERWRITE vs PAYLOAD_OVERRIDE
...
Fixes #7504 .
2016-10-30 17:58:43 -05:00
45d6012f2d
fix check method
2016-10-30 14:57:42 -04:00
ccce361768
Remove accidentally included debug output
2016-10-29 18:46:51 -04:00
fa7cbf2c5a
Fix the jenkins exploit module for new versions
2016-10-29 18:19:14 -04:00
f754adad0c
Fix typo PAYLOAD_OVERWRITE vs PAYLOAD_OVERRIDE
2016-10-29 11:20:32 +01:00
640827c24b
Final pass of regex -> string checks
2016-10-29 14:59:05 +10:00
Chris Higgins