adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
71,649 Commits 27 Branches 1,043 Tags
1efb3f733f8113a00a6d82b292dcf19febca6cf3
Commit Graph

902 Commits

Author SHA1 Message Date
Simon Janusz 8b56dc0117 Land #18250, CVE-2023-28252: Windows CLFS Driver Privilege Escalation 2023-09-14 10:18:29 +01:00
bwatters 946794c3f8 Land #18341, add CVE-2023-38831 for Winrar 6.22 
Merge branch 'land-18341' into upstream-master
 2023-09-07 15:59:36 -05:00
xaitax d5f355d8de WinRAR 6.22 (CVE-2023-38831) 2023-09-04 18:56:22 +02:00
Ege Balcı 48cb2db70b Update scenario 2023-09-01 03:48:08 +02:00
jheysel-r7 ef55c4f2c1 Update documentation/modules/exploit/windows/local/cve_2023_28252_clfs_driver.md 2023-08-30 12:11:37 -04:00
Ege Balcı 1d9c7fde77 Add LG Simple Editor Unauthenticated RCE (CVE-2023-40498) Exploit 2023-08-29 17:58:43 +02:00
Christophe De La Fuente 7fa2586e34 Land #18247, Netgear NMS RCE CVE-2023-38096/8 2023-08-28 11:23:08 +02:00
Ege Balcı b10d677308 Doc update. 2023-08-25 21:18:48 +02:00
Ege Balcı 0fe335aff2 Update documentation/modules/exploit/windows/http/netgear_nms_rce.md 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-08-24 16:10:30 +00:00
Ismail Dawoodjee c216c5a184 Fix lines in SmarterMail RCE docs for linting with msftidy_docs 2023-08-23 23:07:07 +08:00
Jack Heysel bcfc892195 General code clean up 2023-08-04 14:27:14 -04:00
bwatters e8456a6625 Add documentation and fix null filename catch 2023-08-03 18:30:20 -05:00
Jack Heysel 29c2361a9c Module clean up, docs, metadata, rubocop 2023-08-02 18:53:20 -04:00
Ege Balcı 329920eeb2 Add Netgear NMS RCE (CVE-2023-38096/8) exploit 2023-08-02 18:03:57 +02:00
ismaildawoodjee 1706812099 Implemented requested changes 
* Small fixes in Description - removed backticks
* Implemented Windows Command target
* Removed PowerShell Stager, in Targets and in exploit method
* Implemented Rex::Socket::Tcp in place of TCPSocket

* Updated TARGET section in documentation
* Added TARGET 0 - Windows Command scenario
* Removed PowerShell Stager scenario
* Replaced 'Using configured payload' lines to use Windows Command payload
  for the 2nd, 3rd, and 4th scenarios. Did not rerun the scenarios, however
 2023-07-07 04:14:20 -04:00
Ismail Dawoodjee 24ef4e1b90 Update documentation/modules/exploit/windows/http/smartermail_rce.md 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2023-07-06 18:49:49 +03:00
ismaildawoodjee ad0d3e79a9 SmarterMail RCE module and documentation 2023-07-06 08:00:28 -04:00
Spencer McIntyre dfd450561e Tweak some messages and cleanup markdown table 2023-06-22 14:23:25 -04:00
bwatters 5f667e1d79 Address code review 2023-06-22 10:22:43 -05:00
bwatters 2adea08f67 Add documentation & code cleanup 2023-06-21 15:41:50 -05:00
Grant Willcox a1e930397a Land #18072, Add CVE-2023-1133 - .NET Deserialization exploit for Delta Electronics InfraSuite Device Master 2023-06-08 08:42:07 -05:00
space-r7 74dd134783 add options in scenarios output 2023-06-07 17:15:28 -05:00
Grant Willcox 4465582fee Add in link to archived version of the installer 2023-06-07 16:51:01 -05:00
Shelby Pace 2738906f87 Update documentation/modules/exploit/windows/misc/delta_electronics_infrasuite_deserialization.md 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2023-06-07 16:41:44 -05:00
Shelby Pace 54649fb856 Update documentation/modules/exploit/windows/misc/delta_electronics_infrasuite_deserialization.md 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2023-06-07 16:41:37 -05:00
Shelby Pace 4377ff037a Update documentation/modules/exploit/windows/misc/delta_electronics_infrasuite_deserialization.md 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2023-06-07 16:41:28 -05:00
Shelby Pace 60c642bcd0 Update documentation/modules/exploit/windows/misc/delta_electronics_infrasuite_deserialization.md 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2023-06-07 16:41:19 -05:00
space-r7 3b53966caa add installation steps 2023-06-06 12:14:14 -05:00
space-r7 5f7ae883f8 add documentation 2023-06-05 17:38:58 -05:00
Grant Willcox f7d2cdae56 Add in ability to restore settings n documentation changes. 
Previously there was not the ability to restore the server proxy setting.
This updates the code to do so. Additionally this also updates the documentation
to note that Fetch payloads are incompatible with this module since they
use HTTP connections that will be impacted by this module changing the server's
HTTP proxy settings. There is no way around this.
 2023-06-02 09:48:03 -05:00
Grant Willcox 965311d09e Fix documentation and fix bug in creating PARMS value 2023-06-02 09:48:02 -05:00
Grant Willcox 8577f21e52 Add in documentation and updated code 2023-06-02 09:48:01 -05:00
Grant Willcox 459cf871cb Land #17979, Add exploit for Ivanti Avalanche file upload - CVE-2023-28128 2023-05-16 09:19:33 -05:00
Grant Willcox ea988f0c78 Add more documentation on how to set the target up based on my own experience and so that we have a backup in case the link to external documentation breaks 2023-05-12 14:27:39 -05:00
Grant Willcox cf5f90ac4f Minor updates to documentation to tidy things up a bit 2023-05-11 16:48:16 -05:00
space-r7 722de33b6f address feedback, use cleanup to restore path 
fix bug where if config restore failed, module would
output that it was both a failure and a success
add akb topic as reference
 2023-05-11 13:20:25 -05:00
Grant Willcox 9f6a1c18a1 Minor updates to fix URLs, disclosure date, description, and minor gramatical things 2023-05-10 18:22:00 -05:00
space-r7 d60843f0eb name versions that are vulnerable 2023-05-09 09:16:42 -05:00
space-r7 08a79a2f4e add documentation 2023-05-08 17:42:23 -05:00
Grant Willcox f773d348e1 Add in notes about reliability of the module, and also add documentation on 7005 test on Windows 2022 2023-05-08 12:11:01 -05:00
Grant Willcox c221edb1ec Add in ADAudit Plus build 6077 testing examples 2023-05-08 11:45:44 -05:00
Grant Willcox 19651633c4 Update the installation instructions to resolve some issues encountered during testing 2023-05-04 18:26:54 -05:00
Grant Willcox f27fc28411 Perform review updates 2023-05-04 15:12:31 -05:00
ErikWynter aede036b02 additional changes from code review 2023-05-04 15:12:30 -05:00
Grant Willcox 0fd743d851 Add in fixes from code review 2023-05-04 15:12:29 -05:00
Grant Willcox d5032f0a5d Minor touchups on documentation for review 2023-05-04 15:12:28 -05:00
ErikWynter 32796b429b add note about payload limitations for builds 7004 and 7005 2023-05-04 15:12:27 -05:00
Grant Willcox 3b0d8b850b Fix up some issues identified during review 2023-05-04 15:12:26 -05:00
ErikWynter 9f68a5f8d1 add manageengine_adaudit_plus_authenticated_rce exploit module and docs 2023-05-04 15:12:09 -05:00
h00die 4b176c8ef5 fix unified_remote_rce docs 2023-04-16 10:11:01 -04:00