adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
68,051 Commits 27 Branches 1,043 Tags
052d233bd973e6a7e8b39da038962ceffa4cc6de
Commit Graph

1377 Commits

Author SHA1 Message Date
Grant Willcox 97bce45e69 Land #16915, Add exploit for CVE-2022-23277 (Exchange RCE) 2022-08-19 11:11:46 -05:00
Christophe De La Fuente d49b74d164 Land #16809, Add exploit module for Advantech iView command injection - CVE-2022-2143 2022-08-18 17:19:14 +02:00
Spencer McIntyre 7c1dd17c86 Add a missing verison, fix typos 2022-08-17 17:36:31 -04:00
Spencer McIntyre 62ab42b797 Update vulnerable version numbers and docs 2022-08-17 08:55:46 -04:00
space-r7 7f02daac5b change default password 2022-08-09 16:12:54 -05:00
Spencer McIntyre 0e148d6ba4 Update and rename the module 2022-08-09 13:32:09 -04:00
Spencer McIntyre 2290b04995 Update the exploit with the new gadget chain 2022-08-08 17:52:53 -04:00
space-r7 0334beada2 Land #16758, add ManageEngine ADAudit Plus exploit 2022-08-05 12:19:42 -05:00
space-r7 4202502992 make some prints vprints, add steps 2022-08-05 11:34:46 -05:00
Ron Bowes 7c21c57564 Merge branch 'master' into manageengine-adauditplus-cve-2022-28219 2022-08-04 14:07:50 -07:00
Ron Bowes 713e476139 Remove 'puts' again 2022-08-04 12:59:11 -07:00
Ron Bowes 7844b8f5f8 Encode usernames containing spaces into 8.3 2022-08-04 12:55:08 -07:00
Ron Bowes 530174c940 Remove an errant puts 2022-08-04 12:42:14 -07:00
Ron Bowes 969c81e41c Improve the FTP reverse connection in two ways - 1-add a terminator so we know when it's done, and 2-don't fail the whole thing if we fail on one name 2022-08-04 11:13:46 -07:00
Ron Bowes 2ec25fc3e5 Add a timeout to the reverse FTP connection 2022-08-03 15:17:02 -07:00
Grant Willcox 6d45320c0c Update exploit title/name 2022-08-02 14:27:27 -05:00
space-r7 175c428ff9 remove on_new_session logic 2022-08-02 13:41:23 -05:00
space-r7 ea1207d6e1 add authentication 2022-08-02 12:31:52 -05:00
Grant Willcox f0e62de46a Add CVE-2022-35405 docs and module 2022-08-02 11:57:56 -05:00
Ron Bowes d86e666e18 Change Platform to 'win' 2022-08-01 15:37:58 -07:00
space-r7 d6d51eecb0 manually delete file 2022-07-27 08:50:00 -05:00
space-r7 24ab27bdfe add x86 arch and additional check for response 2022-07-25 11:16:26 -05:00
Ron Bowes b4d2294255 Use vprint instead of print for some status messages, and clean up some comments 2022-07-22 10:01:27 -07:00
Ron Bowes d63912a1b8 Use better thread synchronization methods 2022-07-22 09:59:04 -07:00
Ron Bowes fe99eb0d0a Whoops, better lint - needed -A instead of -a 2022-07-22 09:52:37 -07:00
Ron Bowes e6282c3ff8 Remove win_cmd 2022-07-22 09:49:33 -07:00
Ron Bowes f3731191a1 Add timeouts for the reverse connections using IO.select() 2022-07-22 09:45:53 -07:00
space-r7 e0a5bfd7b3 remove opts used for debugging 2022-07-21 18:50:23 -05:00
space-r7 e1b0e871b3 add finished module and docs 2022-07-21 18:33:56 -05:00
Ron Bowes 8c729e8414 Add Comm 2022-07-21 08:58:28 -07:00
space-r7 a5cb271b21 add initial module work 2022-07-19 17:25:57 -05:00
Ron Bowes 304d717757 Make the path-traversal depth configurable 2022-07-15 15:41:27 -07:00
Ron Bowes 7468f6ecd8 Remove JAVA Arch 2022-07-15 15:35:14 -07:00
Ron Bowes 6f33ddd867 Remove a broken error check 2022-07-15 13:49:56 -07:00
Ron Bowes 5f3268eae7 Fix the Arch 2022-07-15 13:46:49 -07:00
Ron Bowes 5257de67f9 Style fixes 2022-07-15 13:43:46 -07:00
Ron Bowes 56dd61027f Rubocop 2022-07-08 10:38:42 -07:00
Ron Bowes 8090fdb273 Re-order authors 2022-07-08 10:27:41 -07:00
Ron Bowes 67c60c9c5f Specify the vulnerable version 2022-07-08 10:27:25 -07:00
Ron Bowes bcd4b6e49f Better name 2022-07-08 10:26:09 -07:00
Ron Bowes 9685bc4bc3 Use flat_map instead of map().flatten 2022-07-08 10:25:10 -07:00
Ron Bowes 134ce0d7bd Make the FTP server more realistic, and remove Timeout 2022-07-08 10:21:58 -07:00
Ron Bowes 46b5092be4 Make Rubocop happy, and improve error handling 2022-07-07 16:07:10 -07:00
Ron Bowes 3a9feac1cf Finish up the first draft of the module, which seems to work decently 2022-07-07 14:22:37 -07:00
Ron Bowes 966d469aa5 Continuing cleanup 2022-07-07 12:57:34 -07:00
Ron Bowes f9664575c5 Working payload 2022-07-07 10:57:41 -07:00
Ron Bowes d785e90bd9 Get the full exploit working, except for a hardcoded payload 2022-07-07 09:58:07 -07:00
Ron Bowes fa8d109f65 Add the incomplete version of CVE-2022-28219 module to msf 2022-07-06 15:57:13 -07:00
bcoles bbbec267b6 exploits: Set tftphost option for modules which use Windows TFTP stager 2022-06-29 19:10:52 +10:00
Spencer McIntyre bf1f786813 Title case the target name 2022-04-20 15:22:07 -04:00