adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
43,178 Commits 27 Branches 1,043 Tags
0ac19087cd6015e596fff45a4ca1bed65afcc8ef
Commit Graph

877 Commits

Author SHA1 Message Date
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
Brent Cook 838b066abe Merge branch 'master' into land-8716 2017-07-24 05:51:44 -07:00
Brent Cook 7c55cdc1c8 fix some module documentation 
3 modules got documentation landed in the wrong spot. This also fixes a few
typos and improves formatting.
 2017-07-23 07:46:52 -07:00
g0tmi1k e710701416 Made msftidy.rb happy 
...untested with the set-cookie 'fix'
 2017-07-21 19:55:26 -07:00
g0tmi1k 524373bb48 OCD - Removed un-needed full stop 2017-07-21 07:41:51 -07:00
g0tmi1k 772bec23a1 Fix various typos 2017-07-21 07:40:08 -07:00
g0tmi1k ef826b3f2c OCD - print_good & print_error 2017-07-19 12:48:52 +01:00
g0tmi1k b8d80d87f1 Remove last newline after class - Make @wvu-r7 happy 2017-07-19 11:19:49 +01:00
Pearce Barry 9775df1f6e Land #8586, Easy Chat Server 2 to 3.1 - Buffer overflow (SEH) exploit 2017-07-14 15:20:01 -05:00
David Maloney ee1c87b868 Land #8172, example modules 
lands several example modules
 2017-07-14 15:17:20 -05:00
g0tmi1k 4720d1a31e OCD fixes - Spaces 2017-07-14 08:46:59 +01:00
g0tmi1k fd843f364b Removed extra lines 2017-07-14 08:17:16 +01:00
Mzack9999 66eb89e72a Exploit now uses HTTP mixin 2017-06-25 16:38:21 +02:00
Mzack9999 a8865252da Added exploit documentation 2017-06-23 14:12:04 +02:00
Brent Cook 3b248c78f3 resurrect old example modules, integrate into module tree 2017-06-22 11:36:35 -05:00
William Webb 02e4edc4cb Land #8579, Easy File Sharing HTTP Server 7.2 - Post Overflow exploit 2017-06-22 10:56:41 -05:00
Jin Qian b51fc0a34e Land #8489, more httpClient modules use store_valid_credential 2017-06-21 17:18:34 -05:00
Jeffrey Martin 99fb905bbd fix typo 2017-06-21 16:52:09 -05:00
Pearce Barry 24d9bec0ae Land #8260, OpManager Version Check 2017-06-20 17:58:10 -05:00
Pearce Barry 241786e71f Update description with tested versions. 2017-06-20 15:32:08 -05:00
Pearce Barry 14f0409c6c Missing regex '+', readding so we get full API key. 2017-06-20 15:28:15 -05:00
Pearce Barry b02719e795 Attempt to appease Travis... 2017-06-20 11:36:08 -05:00
Mzack9999 c7a55ef92f Added exploit documentation 2017-06-20 09:03:40 +02:00
Mzack9999 af4eb0fbe3 Corrected shellcode 2017-06-20 00:55:18 +02:00
Mzack9999 0b04dc0584 Correct EDB Number 2017-06-20 00:52:29 +02:00
Mzack9999 bc826cb824 Easy Chat Server From 2.0 to 3.1 - Buffer Overflow (SEH) exploit 2017-06-20 00:36:59 +02:00
Mzack9999 7fb36edd50 corrected msftidy warnings 2017-06-17 22:58:47 +02:00
Mzack9999 31a5cc94b2 Easy File Sharing HTTP Server 7.2 - Post Overflow exploit 2017-06-17 22:35:21 +02:00
Jeffrey Martin 0e145573fc more httpClient modules use store_valid_credential 2017-05-30 14:56:05 -05:00
wchen-r7 2835c165d7 Land #8390, Add module to execute powershell on Octopus Deploy server 2017-05-25 17:33:07 -05:00
wchen-r7 330526af72 Update check method 2017-05-25 17:30:58 -05:00
William Webb 467f1ce0ca Land #8411, Buffer overflow in VXSearch Enterprise v9.5.12 2017-05-22 07:37:31 -05:00
Daniel Teixeira c1624d0967 VX Search Enterprise GET Buffer Overflow 2017-05-18 17:12:47 +01:00
wchen-r7 c0bf2cc6e7 Land #8401, Buffer Overflow on Sync Breeze Enterprise 9.4.28 2017-05-17 23:39:50 -05:00
Daniel Teixeira ad8788cc74 Update syncbreeze_bof.rb 2017-05-17 11:33:24 +01:00
Daniel Teixeira 5329ce56c4 Sync Breeze Enterprise GET Buffer Overflow 2017-05-17 10:53:28 +01:00
William Webb 7e2dab4ddc Land #8303, Buffer Overflow on Dupscout Enterprise v9.5.14 2017-05-17 01:04:59 -05:00
wchen-r7 77a9676efb Land #8347, Add Serviio Media Server checkStreamUrl Command Execution 2017-05-16 16:20:39 -05:00
james-otten 3c4dfee4f5 Module to execute powershell on Octopus Deploy server 
This is not a bug, but a feature which gives users with the correct
permissions the ability to take over a host running Octopus Deploy.

During an automated deployment initiated by this module, a powershell
based payload is executed in the context of the Octopus Deploy server,
which is running as either Local System or a custom domain account.
This is done by creating a release that contains a single script step
that is run on the Octopus Deploy server. The said script step is
deleted after the deployment is started. Though the script step will
not be visible in the Octopus Deploy UI, it will remain in the server's
database (with lot's of other interesting data).

Options for authenticating with the Octopus Deploy server include
username and password combination or an api key. Accounts are handled
by Octopus Deploy (stored in database) or Active Directory.

More information about Octopus Deploy:
https://octopus.com
 2017-05-15 18:57:38 -05:00
Brendan Coles 42c7d64b28 Update style 2017-05-10 06:37:09 +00:00
Brendan Coles 32dafb06af Replace NoTarget with NotVulnerable 2017-05-08 22:29:44 +00:00
William Vu b794bfe5db Land #8335, rank fixes for the msftidy god 2017-05-07 21:20:33 -05:00
Bryan Chu 88bef00f61 Add more ranks, remove module warnings 
../vmware_mount.rb
Rank = Excellent
Exploit uses check code for target availability,
the vulnerability does not require user action,
and the exploit uses privilege escalation to run
arbitrary executables

../movabletype_upgrade_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../uptime_file_upload_2.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../zpanel_information_disclosure_rce.rb
Rank = ExcellentRanking
Exploit allows remote code execution,
implements version check for pChart

../spip_connect_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../wp_optimizepress_upload.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../wing_ftp_admin_exec.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../novell_mdm_lfi.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../run_as.rb
Rank = ExcellentRanking
Exploit utilizes command injection,
checks system type, and does not require user action
 2017-05-07 15:41:26 -04:00
Brendan Coles 0eacf64324 Add Serviio Media Server checkStreamUrl Command Execution 2017-05-05 07:54:00 +00:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings 
Also fixed rex requires.
 2017-05-03 15:44:51 -05:00
Sara Perez 18fa411189 Updated with Egypt's suggestion, also changed the target name to include other versions 2017-04-27 13:19:44 +01:00
Daniel Teixeira a3a4ba7605 Buffer Overflow on Dup Scout Enterprise v9.5.14 2017-04-26 15:19:00 +01:00
Daniel Teixeira 47898717c9 Minor documentation improvements 
Space after ,
 2017-04-24 14:47:25 +01:00
DanielRTeixeira f1c51447c1 Add files via upload 
Buffer Overflow on Disk Sorter Enterprise
 2017-04-19 10:57:41 +01:00
Sara Perez 178d68003e version check, as the name for the api key call changes on 11.0. Line 130 2017-04-18 10:32:28 +01:00