adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
63,518 Commits 27 Branches 1,043 Tags
144fc5eddfa24c36d918cd9adcf79ea282a072e4
Commit Graph

3916 Commits

Author SHA1 Message Date
Spencer McIntyre 42e0c027ab Land #16248, Added Apache APISIX RCE module 2022-03-07 09:47:04 -05:00
Spencer McIntyre 422f96fbbe Fix a plugin name reference 
The plugin is actually "batch-requests", change the reference to be more
clear.
 2022-03-07 09:46:15 -05:00
Heyder Andrade d7c992f402 Need to use POST to check whether the batch request is enabled or not 2022-03-04 21:00:32 +01:00
Spencer McIntyre 9ef50a2d23 Fixup typos 2022-03-04 12:34:14 -05:00
Heyder Andrade ca4ed9affe Added logic to treat the two ways of execute command 
If we have the API token we can execute command using the parameter
`filter_func` or `script`, and if there is an IP restriction
enabled by the plugin ip-restriction we can bypass this restiction if
the plugin batch-request is also enabled.
 2022-03-04 02:13:09 +01:00
Heyder Andrade 460584b079 Improved server header validation 2022-03-03 12:48:37 +01:00
Heyder Andrade a0afba45aa Remove unnecessary stuffs 2022-03-03 02:00:51 +01:00
Heyder Andrade 0d8933d162 Removed else statements from check in favor of implicit return 2022-03-02 22:42:08 +01:00
Heyder Andrade 41236232e2 WIP - add clean up function 2022-03-02 17:47:58 +01:00
Heyder Andrade 7aa9547e05 WIP - improvements on the request body 2022-03-02 01:43:04 +01:00
Heyder Andrade abd03d592e WIP - adding bypass the IP restriction (CVE-2022-24112) 2022-03-01 19:00:59 +01:00
Heyder Andrade ea2b29661f Fix typo 2022-03-01 17:13:20 +01:00
bwatters 0081811c52 Land #16185, Firefox CVE-2020-26950 use after free browser exploit 
Merge branch 'land-16185' into upstream-master
 2022-02-28 14:38:23 -06:00
Heyder Andrade ad7bd6d623 Added Apache APISIX default API Token RCE module 
Added module that laverage the default admin API token for Apache APISIX
to add malicious route which leads to the remote LUA code execution
through the script parameter added in the 2.x version.
 2022-02-28 18:09:18 +01:00
Tim W 579811418f update documentation with note about Firefox 82.0.1 2022-02-26 12:35:38 +00:00
h00die d5ba1afbec fix URLs not resolving 
fix URLs not resolving

add csv export to references

fix URLs not resolving

pdf not pd

missed a url change

remove extra recirectedfrom fields

remove extra file

fix ovftool url accidental replacement
 2022-02-16 17:22:40 -06:00
Tim W 4e5cd8693d add notes section to placate msftidy 2022-02-16 11:48:55 +00:00
Tim W 480c44e9cb refactor DEBUG_EXPLOIT code into mixin 2022-02-16 11:38:04 +00:00
Tim W 35d122e16d msftidy 2022-02-16 08:35:04 +00:00
Tim W fb53ca0ac2 actually add support for Windows 2022-02-16 08:33:24 +00:00
bwatters 1086926b2e Land #16159, Add module for CVE-2021-3129 
Merge branch 'land-16159' into upstream-master
 2022-02-15 17:14:01 -06:00
bwatters 0239ef1cc6 Land #16117, Updates for Log4Shell 2022-02-15 16:39:00 -06:00
Heyder Andrade 891387885b Fixed typos 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-02-15 08:47:50 +01:00
Heyder Andrade bbb66eba55 Fixed typos 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-02-15 08:47:26 +01:00
Heyder Andrade acfc7348c3 Fixed typos 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-02-15 08:47:10 +01:00
Heyder Andrade c935bc6388 Update modules/exploits/multi/php/ignition_laravel_debug_rce.rb 
Fix typos

Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-02-15 08:46:25 +01:00
Heyder Andrade 2e73469b6b Update modules/exploits/multi/php/ignition_laravel_debug_rce.rb 
Fix typos

Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-02-15 08:46:02 +01:00
Heyder Andrade ca62a05ce1 Clenup and check strategy 
- Removed else statements from check in favor of implicit return
- Added comment explaining the check strategy (to be less intrusive)
 2022-02-11 00:30:31 +01:00
Heyder Andrade d1764b2e75 Update option name 
Update option name from LOGPATH to LOGFILE to become more intuitive.
 2022-02-11 00:00:19 +01:00
Heyder Andrade df53a62cc9 Making reason from failures more descriptives 
Cases
[x] User defined wrong log file
    [-] Exploit aborted due to failure: unexpected-reply: Log file
/var/www/log.log seems doesn't exit
[x] module doesnt detect the log file
    [-] Log file does not exist /var/www/storage/logs/laravel.log
    [-] Exploit aborted due to failure: bad-config: Log file is
required, however it was defined nor it was not automatically detecte
[x] site doesnt respond with error, module unable to find the log
directoy
    [-] Unable to automatically find the log file. To continue set
LOGPATH manually
    [-] Exploit aborted due to failure: bad-config: Log file is
required, however it was defined nor it was not automatically detected
[x] site with debug mode false
    [-] Exploit aborted due to failure: not-vulnerable: The target is
not exploitable. "set ForceExploit true" to override check result
 2022-02-10 23:40:49 +01:00
Heyder Andrade 719e71648c Change Vulnerable to Appear in the check method 
As we can't determine with certainly whether the target is vulnerable the check method should return appear instead of vulnerable.

Co-authored-by: Simon Janusz <85949464+sjanusz-r7@users.noreply.github.com>
 2022-02-10 20:08:36 +01:00
Heyder Andrade cc52850ff0 Fix coding style offenses. 2022-02-09 21:30:17 +01:00
Heyder Andrade da1bc1f6d1 Change exploit Rank. Add AutoCheck. Remove custom timeout on request cgi. 2022-02-09 21:19:10 +01:00
Heyder Andrade c7092861e0 Fix the CVE format based on failed tests 2022-02-08 14:38:54 +01:00
Heyder Andrade f1fe6b7c89 Add module to CVE-2021-3129 2022-02-08 14:21:10 +01:00
Brendan Coles 5bbe934db9 Add QEMU Monitor HMP 'migrate' Command Execution module 2022-02-07 17:48:27 +00:00
Spencer McIntyre e2c91ebf30 Land #16010, zabbix_script_exec improvements 
This updates the zabbix_script_exec module to work with versions 5.0 and
newer as well as adds a new item-based execution technique.
 2022-02-04 15:13:13 -05:00
Spencer McIntyre ae278d0568 Cleanup some minor typos 2022-02-04 15:12:57 -05:00
lap1nou 8838d9cb66 Added timeout system, fixed a bug with TLS_PSK, linted 2022-02-04 04:01:23 -08:00
Spencer McIntyre 965493191f Add and use a Log4Shell mixin 2022-02-03 16:09:49 -05:00
lap1nou 645ef5e71f Fixed few bugs 2022-02-02 14:30:02 -08:00
lap1nou 7bf08a28ea Modified default stager 2022-02-02 12:34:07 -08:00
lap1nou de32cc0e97 Linted with Rubocop, factorized API call, fixed some grammmar 2022-02-01 13:29:30 -08:00
Spencer McIntyre d46822184f Updates for Log4Shell 2022-01-28 14:56:44 -05:00
Spencer McIntyre 458d584f83 Add details to check codes and PR feedback 2022-01-21 09:40:23 -05:00
Spencer McIntyre 579627f5c7 Update docs, note OS X support 2022-01-20 10:47:11 -05:00
Spencer McIntyre ba469a4b2c Add version detection to the Unifi exploit 2022-01-20 09:26:48 -05:00
Spencer McIntyre 3d80a46e67 Check the HTTP response from the trigger 2022-01-19 17:51:31 -05:00
Spencer McIntyre ef344d9d12 Add the Unifi Log4Shell RCE exploit 2022-01-19 17:51:31 -05:00
bwatters 4cf3ae352c Land #16050, Log4Shell: vCenter RCE 
Merge branch 'land-16050' into upstream-master
 2022-01-19 16:30:33 -06:00