5c90ce5c05
Land #11160 , Add CMDSTAGER::SSL datastore option
2018-12-21 13:34:59 -08:00
e8af5d4d93
Land #11128 , Rex::Exploitation::CmdStagerFetch
2018-12-21 12:19:11 -08:00
340f6d7d0d
Land #10952 , WP GDPR Compliance plugin exploit
2018-11-29 11:35:28 -08:00
77da5b145e
Land #10828 , git submodule url exec CVE-2018-17456
2018-11-14 10:51:16 -08:00
a43edc4fbf
Land #10864 , Add Cisco WebEx RCE Modules
2018-10-25 12:33:06 -07:00
c7ad4a47eb
Land #10851 , add ndkstager to data/exploits
2018-10-23 14:48:43 -07:00
f88790c2c0
Land #10820 , Add libssh authentication bypass scanner/"exploit"
2018-10-19 12:03:28 -07:00
5e27bdec14
Land #10790 , don't log peer if it represents > 1 target
2018-10-12 00:23:18 -07:00
228c08bb4d
Land #10659 , Minor code cleanups
2018-09-19 12:58:09 -07:00
bd8dea2c21
Land #9897 , Fix #8404 ListenerComm Support For Exploit::Remote::TcpServer
2018-09-10 14:27:34 -07:00
42784dceb1
Land #10593 , Refactor SSH mixins and update modules
2018-09-10 13:43:30 -07:00
4ec22c0ceb
Land #10376 , Handle connection errors and fail_with in check
2018-07-26 09:28:58 -07:00
c3469b0c80
Land #10303 , HttpClient Rex::ConnectionError fix
2018-07-25 16:04:21 -07:00
b44cccc368
Land #10287 , Add advanced option to skip WP checks
2018-07-12 11:24:04 -05:00
709630e35c
Land #10185 , add SMBv1/2 support in psexec
2018-06-29 15:51:50 -07:00
fd7ea515aa
Land #10218 , MS17-010 Windows Embedded Standard 7
2018-06-28 14:14:42 -07:00
b4e305862a
Land #10099 , fix nil error in HttpTrace when HTTP response is nil
...
Fix #10098
2018-06-01 07:03:21 -07:00
78c07b86c4
Land #9962 , tab-complete target options
2018-05-17 08:16:31 -07:00
76a47b81bc
Land #9994 , restore some SMB mixin aliases, add local definition
2018-05-09 17:48:53 -07:00
78f546ce81
Land #9986 , initial ruby_smb simple client integration
2018-05-09 17:48:52 -07:00
a74b2b5716
Land #9970 , final update to Drupalgeddon 2
2018-05-04 09:40:31 -05:00
935fa6414e
Land #9968 , second round of Drupalgeddon 2 updates
2018-05-04 09:38:34 -05:00
635f483b42
Land #9881 , cleanup psexec code
2018-05-01 14:51:20 -07:00
4e34413026
Land #9864 , command stager debugging fix
2018-04-12 09:27:21 -07:00
c7d5d1f489
Land #9783 , ARM WinRT support for ms17_010_psexec
2018-03-30 08:34:52 -07:00
c31a8ab687
Land #9618 , pipe auditing improvements
2018-03-27 14:21:47 -05:00
fac7f3d5be
Fix #9602 , a little defensive programming
...
Check for a nil message and unnecessary auth failures while looping.
2018-02-26 18:08:37 -06:00
826b986018
Land #9602 , Create sessions with the Fortinet SSH backdoor scanner
2018-02-22 08:27:36 -08:00
a27b2bff3c
Land #9443 , Add warning to FileDropper for deleting CWD
2018-02-20 09:24:11 -06:00
6c350be24e
Land #9473 , new MS17-010 aux and exploit modules
2018-02-02 11:32:40 -06:00
d6beb94c59
Land #6611 , add native DNS to Rex, MSF mixin, sample modules
2018-01-24 17:12:52 -06:00
4b225c30fd
Land #9368 , ye olde NIS ypserv map dumper
2018-01-10 22:02:36 -06:00
b1cecd4193
Bump TIMEOUT in Msf::Exploit::Remote::SunRPC
2018-01-10 20:36:35 -06:00
1c1f3b161e
Rescue XDR errors in Msf::Exploit::Remote::SunRPC
2018-01-10 20:11:30 -06:00
461f1c12e6
Fix nil bug(s) by moving arrays to initialize
2018-01-06 02:31:16 -06:00
14143c2b90
Fix missed file_dropper_win_path
2018-01-06 01:44:25 -06:00
50f4ebb3b2
Add register_dirs_for_cleanup to FileDropper
2018-01-04 11:06:32 -06:00
caae33b417
Land #9170 , Linux UDF for mysql_udf_payload
2017-12-21 20:48:24 -06:00
8e4b007edc
Move verify_arch to dcerpc_getarch
...
We can use this code elsewhere, such as the MS17-010 scanner.
2017-12-14 02:08:25 -06:00
2565ad6a27
Handle IPv6 addresses in full_uri (add brackets)
2017-12-07 12:56:55 -06:00
7b3bf85d03
Print the generated command stager for debugging
2017-11-28 16:00:28 -06:00
697031eb36
mysql UDF now multi
2017-11-03 05:26:05 -04:00
90766ceceb
remove more unusual raise RuntimeError patterns
2017-11-01 05:59:12 -05:00
386e14828a
Land #8728 , Psexec via PSH related fixes
2017-10-24 15:55:18 -05:00
402e926151
Land #9081 , Fix ftp.rb to get files larger than 16384
2017-10-23 22:11:36 -05:00
c6bc55a175
Land #9082 , Fix ftp.rb so it closes all data sockets
2017-10-23 22:10:38 -05:00
a3912e4913
Provide disconnect option to send_request_cgi
...
The HTTP client mixin provides a #send_request_cgi method which
forcibly disconnects the client after receiving a response. This
terminates certain types of resulting sessions which depend on the
connection from the client to maintain a subprocess housing the
shell invocation.
Provide a disconnect boolean option to #send_request_cgi which
is checked in the disconnect(c) call after receiving the response.
Testing:
Locally tested on in-house exploit module written for disclosure
report.
TODO:
Discuss possibility of implementing fully asynchronous methods
like #send_request_cgi_async which won't bother getting a response
for cases such as the module mentioned above which is a command
injection via unfiltered POST var.
2017-10-19 21:22:31 -04:00
1b306caf39
Fixed ftp.rb to get files larger than 16384
...
Existing ftp.rb did get_once, which limits file
DL to 16384 (def_block_size). Change to get and
added one more timeout variable see:
http://www.rubydoc.info/gems/librex/Rex%2FIO%2FStream:def_block_size
and
http://www.rubydoc.info/gems/librex/Rex%2FIO%2FStream:get_once
and
http://www.rubydoc.info/gems/librex/Rex%2FIO%2FStream:get
2017-10-13 12:41:11 -05:00
e5e9c7ccd6
Fixed ftp.rb so it closes all data sockets
...
ftp.rb was doing a shutdown without a close on data
(not command) sockets. This can cause CLOSE_WAIT
for extended periods in certain circumstances-ending
only when msf itself is closed.
2017-10-13 10:09:43 -05:00
294230c455
Land #8509 , add Winsxs bypass for UAC
2017-10-11 16:24:52 -05:00
Brent Cook