adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
68,708 Commits 27 Branches 1,043 Tags
024fc87b4cee07b4bec4189a36e16806b60f4e27
Commit Graph

33595 Commits

Author SHA1 Message Date
Spencer McIntyre 024fc87b4c Land #17272, Add F5 MCP post module 
Add F5 MCP post module
 2022-12-12 14:20:31 -05:00
Ashley Donaldson 8d097e0fd0 Fixes bug in s4u_persistence module 2022-12-09 11:24:16 +11:00
JustAnda7 293a203a03 Added path option to cmd payloads 2022-12-08 12:19:31 -06:00
Grant Willcox 77bda68932 Add in more constants for the SCAL flags and use them to make the code easier to read 2022-12-07 10:48:07 -06:00
Grant Willcox e7d72e0ecf Allow multiple controls to be specified 2022-12-06 23:21:48 -06:00
Grant Willcox fd8bdf4daf Make sure we use the LDAP_SERVER_SD_FLAGS_OID flag and set it to 7 when retrieving entries so that we don't retrieve the SACL, which cannot be retrieved by nonadmin users. 2022-12-06 22:54:03 -06:00
Christophe De La Fuente e7e2849f6d Land #17183, Zimbra fixes 2022-12-06 15:38:37 +01:00
Christophe De La Fuente ddaf5a3f0d Remove unecessary return statement 2022-12-06 15:07:28 +01:00
Christophe De La Fuente aaef7726db Land #17330, Fix enumerating emails via ProxyShell 2022-12-06 14:02:53 +01:00
Grant Willcox d48319a867 Land #17242, Add Gather Module for WP BookingPress Plugin unauth SQLi (CVE-2022-0739) 2022-12-05 15:04:31 -06:00
Grant Willcox cb68c255bb Fix up issues from review 2022-12-05 14:17:43 -06:00
Redouane NIBOUCHA 4b008d6ea8 revert the identify_hash line 2022-12-05 14:17:39 -06:00
Redouane NIBOUCHA 41edc92d5d Update wp_bookingpress_category_services_sqli to use the SQLi library 2022-12-05 14:17:31 -06:00
Grant Willcox 1fec75621c Fix up documentation from review 2022-12-05 14:04:22 -06:00
Jack Heysel f29b4fad75 Add Gather Module for WP BookingPress Plugin SQLi (CVE-2022-0739) 2022-12-05 14:04:03 -06:00
bwatters 37540572e0 Land #17214, add database functionality to vcenter post module 
Merge branch 'land-17214' into upstream-master
 2022-12-05 12:50:14 -06:00
bwatters 54cd055276 Land #17286, CVE-2021-22015 vCenter priv esc 
Merge branch 'land-17286' into upstream-master
 2022-12-05 09:31:01 -06:00
Christophe De La Fuente 6e7d4edf02 Land #16990, Syncovery for Linux - Login brute-force utility 2022-12-05 14:39:29 +01:00
cgranleese-r7 8e9e8468f2 Land #17338, Lint modules 2022-12-05 13:17:40 +00:00
adfoster-r7 0d3c1dc122 Land #17333, Fix typos: Replace 'the the' with 'the' 2022-12-05 11:46:27 +00:00
adfoster-r7 14d05c9c6c Lint modules 2022-12-05 10:41:31 +00:00
bcoles c1ff9337c8 dnn_cookie_deserialization_rce: Remove empty 'Payload' Hash key 2022-12-04 17:50:24 +11:00
bcoles 431804ef15 Fix typos: Replace 'the the' with 'the' 2022-12-04 17:41:24 +11:00
bcoles d90dee8235 enum_proxy: Cleanup and support non-Meterpreter sessions 2022-12-04 15:10:47 +11:00
Spencer McIntyre 96da805014 Fix enumerating emails via ProxyShell 
The ResolveNames endpoint used to gather emails addresses for targeting
only returns 100 at a time. This updates the module to check if the
search result contains all entries and when it does, it recurses into
itself with a refined search prefix. All results are returned to match
the original functionality instead of enumerating and halting once one
that's suitable for exploitation has been found.
 2022-12-02 15:58:50 -05:00
Jack Heysel 04dc8e8455 Land #17310, update checkvm post module 
Add notes and add powershell to supported SessionTypes
 2022-12-01 17:05:09 -05:00
adfoster-r7 4207449382 Land #17323, fix enlightenment check method 2022-12-01 20:26:16 +00:00
h00die 867059efe5 add super to cleanup command 2022-12-01 14:55:43 -05:00
h00die 62b484fdc7 blank over empty 2022-12-01 14:34:09 -05:00
bwatters dcff4d37b6 Land #17163, Pfsense PfBlockerNG RCE module check method improvement 
Merge branch 'land-17163' into upstream-master
 2022-12-01 09:25:18 -06:00
h00die 039b611fae fix enlightenment check method 2022-11-30 17:06:50 -05:00
Maik Ro 330cb2944b fix typo 
OptString.new('FILENAME', [true, 'The OpoenOffice Text document name', 'msf.odt']) -> OpoenOffice changed to OpenOffice
 2022-11-30 22:10:18 +01:00
Christophe De La Fuente d3057f15b2 Land #17275, Add Exploit For CVE-2022-41082 (ProxyNotShell) 2022-11-30 18:16:19 +01:00
Spencer McIntyre d491c10d22 Store service credentials in the database 2022-11-30 11:59:10 -05:00
bcoles 60180a4442 checkvm: Add notes and add powershell to supported SessionTypes 2022-11-29 21:28:15 +11:00
Spencer McIntyre 8ea8e2410d Land #17299, Fixes #17227 
Fixes #17227 - polkit_dbus_auth_bypass module when run from a command…
 2022-11-28 16:22:52 -05:00
Jack Heysel 5d3cfa69b8 Land #17210, add ParseError rescue to snmp modules 
snmp_enum, snmp_enumshares and snmp_enumusers now rescue
SNMP ParseErrors
 2022-11-28 15:37:02 -05:00
bwatters 3462dc6bf4 Land #17087, remote control collection rce 
Merge branch 'land-17087' into upstream-master
 2022-11-28 14:29:52 -06:00
Spencer McIntyre 264d45e04a Appease rubocop 2022-11-28 10:16:55 -05:00
Spencer McIntyre f24df8a051 Change an exception class and drop DOMAIN passing 2022-11-28 10:06:14 -05:00
omer citak 9aa1a84b3a added target uri in to "Authorization not requested" error message 2022-11-27 15:35:34 +03:00
Ashley Donaldson 25a0d0ff0e Fixes #17227 - polkit_dbus_auth_bypass module when run from a command shell 2022-11-25 15:13:57 +11:00
Spencer McIntyre 6350daf2d8 Land #17273, F5 exploit module CVE-2022-41800 
F5 exploit module CVE-2022-41800 (authenticated RCE in RPM code)
 2022-11-23 17:57:18 -05:00
Ron Bowes b7cf112d42 Fix an issue where the session handler would close too early on Zimbra modules 2022-11-23 13:09:47 -08:00
Ron Bowes ffbf8b303a Change a 'return 0' to 'fail_with', per Christophe's request 2022-11-23 12:51:51 -08:00
Ron Bowes 28a68ede8c Merge branch 'master' into zimbra-fixes 2022-11-23 12:50:56 -08:00
Ron Bowes aa3d8be77c Remove Targets 2022-11-23 11:11:35 -08:00
Ron Bowes 4fd22226fe Combine into one module with options to turn features on/off 2022-11-23 11:10:34 -08:00
Ron Bowes cbb50ed902 Remove non-functioning Arch'es 2022-11-23 10:42:07 -08:00
Spencer McIntyre 3f58bfe11e Check that the target is Exchange Server 2019 2022-11-23 10:47:10 -05:00