adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
56,079 Commits 27 Branches 1,043 Tags
1116635477d8d168131048e52d055eeac7b0630a
Commit Graph

16715 Commits

Author SHA1 Message Date
L 42d34201d2 fixed lib/msf/util/java_deserialization.rb 2020-04-27 10:49:57 -05:00
L 3bd15cbb81 Replace "ysoserial" string with randomness for evasion 2020-04-27 10:48:54 -05:00
L 7576a9d1c3 Support ysoserial alongside ysoserial-modified payload (including cmd, bash, powershell, none) 2020-04-27 10:48:53 -05:00
Christophe De La Fuente af239303d2 Land #13257, .NET Deserialization Library Improvements 2020-04-27 13:05:38 +02:00
Metasploit d171a3109d Bump version of framework to 5.0.87 2020-04-23 12:03:51 -05:00
William Vu 9633f5daf4 Exploit an LDAP auth bypass to add an admin user 
Thanks to JJ Lehmann and Ofri Ziv of Guardicore Labs for their work.

https://www.guardicore.com/2020/04/pwning-vmware-vcenter-cve-2020-3952/
 2020-04-22 17:38:11 -05:00
William Vu 8b74fd6605 Move discover_base_dn method to mixin 2020-04-22 17:38:11 -05:00
William Vu 88fcf4b9a2 Add and use new LDAP mixin 2020-04-22 17:38:11 -05:00
gwillcox-r7 546333b227 Land #13252, UUID support for OSX x64 reverse_tcp stager 2020-04-22 16:36:10 -05:00
Spencer McIntyre 090cf259ee Add some additional unit testing through rspec 2020-04-22 15:53:59 -04:00
Spencer McIntyre 6995a9a775 Add strong and qualified name types for .NET assemblies 2020-04-22 10:38:21 -04:00
Spencer McIntyre 3c4afa805b Cleanup style inconsistencies and update record read logic 2020-04-22 09:18:03 -04:00
Spencer McIntyre c920ca7181 Implement changes from PR feedback 2020-04-21 21:08:05 -04:00
Spencer McIntyre 1615a68abf Land #13263, remove spaces from the Python stager 2020-04-21 12:55:02 -04:00
Mehmet İnce f174b71549 Recalculate payload cache sizes and update payload format 2020-04-21 16:06:36 +03:00
Alan Foster d43dc330da Land #13298, Fix ExitOnSession usage in to_handler 2020-04-21 13:43:17 +01:00
William Vu c5df5355ac Update my module documentation to the new standard 
Also update CheckModule to match current style and best practices.
 2020-04-20 20:06:52 -05:00
Spencer McIntyre 15b816d14d Fix ExitOnSession usage in to_handler 2020-04-20 20:02:58 -04:00
gwillcox-r7 129d15b8eb Land #13282, Add Unicode support to search command 2020-04-20 09:29:52 -05:00
cn-kali-team 38176266f9 Check encoding 2020-04-19 09:54:04 +08:00
cn-kali-team c11855f0a0 Check encoding 2020-04-19 09:53:55 +08:00
cn-kali-team cca50b6cfa fix #13150 2020-04-18 13:21:46 +08:00
cn-kali-team 9158e4bb72 fix #13150 2020-04-18 13:19:37 +08:00
gwillcox-r7 e5cefbfcf1 Land #13267, Rename tip command to tips 2020-04-17 10:14:38 -05:00
Alan Foster 5e6ce9ff9c Rename tip command to tips 2020-04-17 10:38:26 +01:00
gwillcox-r7 d759fbaed3 Land #13259, Miscellaneous fixes for @wvu's modules and documentation 2020-04-16 22:10:10 -05:00
Alan Foster 6a354fa83d Add additional tips 2020-04-17 00:07:02 +01:00
Metasploit be19fb004c Bump version of framework to 5.0.86 2020-04-16 12:02:53 -05:00
Mehmet İnce 69b0dd180c Added python stager format without space 2020-04-16 16:21:39 +03:00
Spencer McIntyre 23319489b9 Remove unnecessary logic from ClassWithId 2020-04-15 18:11:45 -04:00
William Vu ebc8a74496 Update lib/msf/core/exploit/cmdstager/http.rb 
Should be clearer now wtf is going on.
 2020-04-15 15:47:51 -05:00
William Vu 6276247bf8 Move Expect mixin to Msf::Exploit::Remote 
I don't think we'll ever see it used beyond remote exploits.
 2020-04-15 15:47:50 -05:00
William Vu 02ba071b84 Punctuate check prints to match CheckCodes 2020-04-15 15:47:50 -05:00
Spencer McIntyre 49580a48ac Refactor exceptions and add more unit testing 2020-04-15 15:13:41 -04:00
Spencer McIntyre e809949089 Add the SOAP formatter 2020-04-15 15:13:41 -04:00
Spencer McIntyre 82dc28e2c4 Use gadget chain classes for identification 2020-04-15 15:13:41 -04:00
Spencer McIntyre 46d5628d79 Add the WindowsIdentity gadget chain 2020-04-15 15:13:41 -04:00
Spencer McIntyre 1799afd5e0 Add gadget chain author credit 2020-04-15 15:13:41 -04:00
Spencer McIntyre dc5bce543e Refactor word and symbol arrays 2020-04-15 15:13:41 -04:00
Spencer McIntyre f808121c84 Refactor formatters into modules 2020-04-15 15:13:41 -04:00
Spencer McIntyre ead2f473d9 Move the TypeConfuseDelegate gadget chain 2020-04-15 15:13:41 -04:00
Spencer McIntyre c8112404ec Fix a reference issue for the ClassWithId object 2020-04-15 15:13:41 -04:00
Spencer McIntyre d60733e04a Add and use the new EnumArray type for convenience 2020-04-15 15:13:41 -04:00
Spencer McIntyre 6b4a1abaa6 Refactor gadget chains into submodules 2020-04-15 15:13:41 -04:00
Spencer McIntyre 925c8c2c82 Experimenting to fix ClassWithId parameters 2020-04-15 15:13:41 -04:00
Spencer McIntyre 296f24499c Work on the TypeConfuseDelegate chain 2020-04-15 15:13:41 -04:00
Spencer McIntyre f447feb328 Fix and cleanup MemberValues bugs 2020-04-15 15:13:41 -04:00
Spencer McIntyre 94d67eae87 Bump bindata and start the TypeConfuseDelegate chain 2020-04-15 15:13:41 -04:00
Spencer McIntyre 0f81278436 Refactor types into submodules 2020-04-15 15:13:41 -04:00
Spencer McIntyre 60f0d3f99d More refactoring of serialization types 2020-04-15 15:13:41 -04:00