adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
63,518 Commits 27 Branches 1,043 Tags
144fc5eddfa24c36d918cd9adcf79ea282a072e4
Commit Graph

32220 Commits

Author SHA1 Message Date
adfoster-r7 144fc5eddf Add smarter targetlist support 2022-03-08 23:52:23 +00:00
adfoster-r7 25265c7a7b Linting 2022-03-08 23:52:23 +00:00
adfoster-r7 3e68e298a1 Add targets 2022-03-08 23:52:23 +00:00
adfoster-r7 e02021ee91 Fix database cred reporting and error handling 2022-03-08 23:52:23 +00:00
adfoster-r7 507b1dab2b Apply PR feedback 2022-03-08 23:52:22 +00:00
adfoster-r7 b4fe2502aa Update smb_relay to support smb 2 and smb3 2022-03-08 23:52:22 +00:00
space-r7 a91bf22758 Land #16286, replace IO.read with File.binread 2022-03-07 14:01:19 -06:00
space-r7 7a9d30e5b1 Land #16227, add wp masterstudy privesc module 2022-03-07 10:58:23 -06:00
space-r7 47532bb49a use Faker for email and user names 2022-03-07 10:57:40 -06:00
Spencer McIntyre 42e0c027ab Land #16248, Added Apache APISIX RCE module 2022-03-07 09:47:04 -05:00
Spencer McIntyre 422f96fbbe Fix a plugin name reference 
The plugin is actually "batch-requests", change the reference to be more
clear.
 2022-03-07 09:46:15 -05:00
h00die 86cad29799 wp masterstudy review 2022-03-06 08:07:20 -05:00
Brendan Coles ef4e7b2165 post/windows/manage/persistence_exe: Replace IO.read with File.binread 2022-03-05 13:24:55 +00:00
Heyder Andrade d7c992f402 Need to use POST to check whether the batch request is enabled or not 2022-03-04 21:00:32 +01:00
Spencer McIntyre 9ef50a2d23 Fixup typos 2022-03-04 12:34:14 -05:00
Spencer McIntyre 83b2f5a128 Land #16268, Update check comhijack 2022-03-04 09:59:49 -05:00
adfoster-r7 ad2fab6fee Land #16153, read full response on smtp send/recv 2022-03-04 01:24:46 +00:00
Heyder Andrade ca4ed9affe Added logic to treat the two ways of execute command 
If we have the API token we can execute command using the parameter
`filter_func` or `script`, and if there is an IP restriction
enabled by the plugin ip-restriction we can bypass this restiction if
the plugin batch-request is also enabled.
 2022-03-04 02:13:09 +01:00
bwatters fb658fbb13 Land #16245, pfSense Authenticated File Write (CVE-2021-41282) 
Merge branch 'land-16245' into upstream-master
 2022-03-03 15:08:34 -06:00
bwatters 3f35524c61 Rubocop fixes 2022-03-03 13:02:55 -06:00
bwatters f0878f4d1a Improve check method and add autocheck 2022-03-03 12:52:05 -06:00
Spencer McIntyre 6be3443680 Land #16103, LPE in polkit's pkexec (CVE-2021-4034) 2022-03-03 09:24:11 -05:00
Spencer McIntyre 0463373756 Simplify finding pkexec 2022-03-03 09:19:45 -05:00
Heyder Andrade 460584b079 Improved server header validation 2022-03-03 12:48:37 +01:00
Heyder Andrade a0afba45aa Remove unnecessary stuffs 2022-03-03 02:00:51 +01:00
bwatters e649fe3f69 Fix some markdown issues, update docs and add arch check for payloads 2022-03-02 16:30:52 -06:00
Spencer McIntyre d60e625746 Land #16254, shodan_search default user-agent 
Fixes #16189 and #16223
 2022-03-02 16:57:05 -05:00
Heyder Andrade 0d8933d162 Removed else statements from check in favor of implicit return 2022-03-02 22:42:08 +01:00
Heyder Andrade 41236232e2 WIP - add clean up function 2022-03-02 17:47:58 +01:00
bwatters 06e897436c Add Fedora results to docs and some minor final cleanup 2022-03-02 09:12:01 -06:00
Heyder Andrade 7aa9547e05 WIP - improvements on the request body 2022-03-02 01:43:04 +01:00
bwatters 58aed837b2 Update docs and options 2022-03-01 14:48:48 -06:00
Heyder Andrade bb2a2e458b shodan_search default user-agent overwirte - fix #16189 and #16223 
As the Shodan is checking the UserAgent to decide which content-type it
will deliver, the default user-agent is causing it to reply a html page.
This commit overwrite the default user-agent the the module shodan_search
to 'Wget' that works in on the shodan API.
 2022-03-01 21:31:35 +01:00
bwatters 0516badd8e Change the way we cd after new session is created 2022-03-01 14:20:07 -06:00
Heyder Andrade abd03d592e WIP - adding bypass the IP restriction (CVE-2022-24112) 2022-03-01 19:00:59 +01:00
Heyder Andrade ea2b29661f Fix typo 2022-03-01 17:13:20 +01:00
Spencer McIntyre 5e5c207864 Update metasploit-payloads gem to 2.0.76 2022-03-01 10:01:07 -05:00
bwatters 0081811c52 Land #16185, Firefox CVE-2020-26950 use after free browser exploit 
Merge branch 'land-16185' into upstream-master
 2022-02-28 14:38:23 -06:00
space-r7 0d10409d67 Land #16131, add modern events calendar sqli 2022-02-28 12:27:45 -06:00
Heyder Andrade ad7bd6d623 Added Apache APISIX default API Token RCE module 
Added module that laverage the default admin API token for Apache APISIX
to add malicious route which leads to the remote LUA code execution
through the script parameter added in the 2.x version.
 2022-02-28 18:09:18 +01:00
Jake Baines 65e16a1a72 Initial implementation of pfSense auth file creation bug (CVE-2021-41282) 2022-02-27 18:12:54 -08:00
Tim W 579811418f update documentation with note about Firefox 82.0.1 2022-02-26 12:35:38 +00:00
bwatters ecaf8b1ba9 Land #16204, Hikvision Unauthenticated RCE (CVE-2021-36260) 
Merge branch 'land-16204' into upstream-master
 2022-02-25 16:37:08 -06:00
bwatters b69db83398 Land #16202, Add exploit for CVE-2022-21882 (Win32k LPE) 
Merge branch 'land-16202' into upstream-master
 2022-02-25 15:55:48 -06:00
h00die 2195edbb8d masterstudy privesc 2022-02-25 16:36:47 -05:00
Grant Willcox 217afa0f3b Land #16190, Axis Camera App RCE (No CVE) 2022-02-25 11:35:03 -06:00
Grant Willcox 1e0db45f1d Add small note about ARMLE stager for future travelers 2022-02-25 11:34:31 -06:00
Jake Baines 2bec5c425f Change CheckCode to Appears 2022-02-25 08:32:06 -08:00
Jake Baines 1facfe4a2f Alter upload filename. 2022-02-25 02:53:52 -08:00
Jake Baines d055a7d811 Altered some randomization, the json extracted by check, and fixed some wording 2022-02-24 18:48:21 -08:00