adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
59,591 Commits 27 Branches 1,043 Tags
1af4aaeb9145cfa60587aa1b670f1663f2bb9303
Commit Graph

2797 Commits

Author SHA1 Message Date
Spencer McIntyre b4dd46a8de Land #14721, sudo_baron_samedit: Add target: Debian 10 x64, sudo v1.8.27, libc v2.28 2021-02-05 16:01:58 -05:00
Shelby Pace fc8ed5ba4e Land #14154, use prepend autocheck 2021-02-05 12:22:38 -06:00
Brendan Coles cfda83df99 sudo_baron_samedit: Add target: Debian 10 x64, sudo v1.8.27, libc v2.28 2021-02-05 07:54:34 +00:00
Spencer McIntyre 504865d507 Add a target for Ubuntu 18.04 and setgid and setuid by default 2021-02-04 10:45:00 -05:00
Spencer McIntyre 7281d00938 Implement feedback from PR review 2021-02-04 09:25:40 -05:00
Spencer McIntyre c33c08bae9 Add a check method using the version information 2021-02-03 18:16:13 -05:00
Spencer McIntyre c590d7b1bb Add module docs and be more permissive with Length formatting 2021-02-03 18:16:13 -05:00
Spencer McIntyre 117cdc4fd7 Populate module metadata and cleanup files 2021-02-03 18:16:13 -05:00
Spencer McIntyre b9413b4103 Update the exploit C code to allocate it's own PTY 2021-02-03 18:16:13 -05:00
Spencer McIntyre 13dd9ac10e Initial work on CVE-2021-3156 2021-02-03 18:16:13 -05:00
cgranleese-r7 3a2932b798 Migrate old uses of manual autocheck to use the new prepend autocheck 2021-02-02 10:15:46 +00:00
William Vu 39b7ba584e Randomize strings 
Spencer tells me not to signature-bait, at least not so obviously. ;)
 2021-01-22 16:15:16 -06:00
William Vu 0d410f32c3 Add MobileIron CVE-2020-15505 exploit 2021-01-22 00:37:07 -06:00
Spencer McIntyre 9b8b4621df Land #14368, Pulse Connect Secure gzip RCE: cve-2020-8260 2020-12-17 17:43:55 -05:00
Spencer McIntyre 43b1497cf6 Remove some debug info and mark bind payloads as being incompatible 2020-12-17 16:36:20 -05:00
Shelby Pace 83943adf8b Land #14466, add Aerospike UDF rce 2020-12-10 11:07:56 -06:00
William Vu e52084242f Remove unused vprint_status conditional 2020-12-09 22:45:41 -06:00
William Vu 399c8dbb79 Don't be lazy about sending the request 
Don't telegraph our command injection _quite_ so much. We still
"complete" the initial command line to minimize disruption.

I am now backgrounding ssh-keygen to improve the speed of the exploit.
 2020-12-09 22:07:08 -06:00
Spencer McIntyre 2a2694ef16 Apply rubocop changes and precompute the encryption key 2020-12-07 14:59:40 -05:00
Spencer McIntyre d208e441ba Update the documentation 2020-12-07 10:54:20 -05:00
Spencer McIntyre 811de07e7a Add logout functionality and cleanup HTTP session management 2020-12-07 10:41:42 -05:00
Spencer McIntyre b968cf9183 Cleanup the payload delivery mechanism 2020-12-07 09:40:29 -05:00
dwelch-r7 1617b3ec9b Use zeitwerk for lib/msf/core folder 2020-12-07 10:31:45 +00:00
Brendan Coles 6cdb484d7c Add Aerospike Database UDF Lua Code Execution exploit 2020-12-05 14:15:22 +00:00
Spencer McIntyre 7612845714 Add the initial Ruby port for CVE-2020-8260 2020-12-04 17:56:38 -05:00
Pedro Ribeiro a99ce581dd Update TP-Link AC1750 Pwn2Own 2019 module 2020-11-26 12:56:02 +00:00
William Vu f73a88a39c Land #14396, hadoop_unauth_exec clarification 2020-11-16 12:44:13 -06:00
Tod Beardsley 06a0634828 Describe the Hadoop vuln as not-a-vuln clearly 2020-11-16 11:31:59 -06:00
A Galway 0328e3f815 Land #14359, gives preference to default target options 2020-11-13 14:44:13 +00:00
h00die 020e90543d IOS -> IOC 2020-11-11 17:43:16 -05:00
h00die 6880376c61 add reliability, stability, side effects to pulse_secure_gzip_rce 2020-11-11 17:19:10 -05:00
William Vu fcb507e412 Fix AutoCheck 
I'm a big dummy.
 2020-11-11 15:57:38 -06:00
William Vu 42bdae919b Add SaltStack Salt REST API RCE (CVE-2020-16846) 
Leveraging CVE-2020-25592.
 2020-11-11 13:09:26 -06:00
William Vu 67ae309896 Set plat/arch in saltstack_salt_unauth_rce targets 
Looks like I forgot this, and it affects compatible payloads.
 2020-11-11 13:09:26 -06:00
h00die b0b9ace606 Revert "remove ruby pulse_secure_cmd_exec" 
This reverts commit efb8557e43.
 2020-11-09 20:09:12 -05:00
h00die da70b74954 fix version numbers 2020-11-08 22:38:53 -05:00
h00die 3c4962e9b0 working and clean 2020-11-08 22:31:26 -05:00
h00die 9f936038e5 cleanup rnd1 2020-11-08 08:42:19 -05:00
h00die 0e62e7793d working session on linux/x86/shell/reverse_tcp 2020-11-08 08:27:55 -05:00
Alan Foster 5b438fd933 Preference target values when registering options 2020-11-05 23:16:37 +00:00
h00die f39e4d62e2 working but needs cleanup 2020-11-04 17:59:04 -05:00
h00die bacc0f78ed permissions solved 2020-11-04 14:17:16 -05:00
h00die 8a936a07f0 stuck in read only mode 2020-11-03 18:33:40 -05:00
h00die 1e0ea16173 runs, needs cleanup 2020-11-03 15:25:49 -05:00
Spencer McIntyre 659137da94 Remove the DRuby remote code execution module 2020-11-02 08:32:52 -05:00
h00die efb8557e43 remove ruby pulse_secure_cmd_exec 2020-11-01 14:46:46 -05:00
Spencer McIntyre ba17a5d67f Apply rubocop fixes for the DRuby RCE module 2020-10-22 12:35:35 -04:00
Spencer McIntyre 8aca08f80b Add the DRuby RCE check method 2020-10-22 12:34:51 -04:00
Spencer McIntyre 34e41e66ec Fix the syscall DRuby target by adding a small delay before execve 2020-10-22 12:18:12 -04:00
Spencer McIntyre 49145bfd31 Don't start the DRuby service, it appears unnecessary 2020-10-22 12:15:39 -04:00