adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
58,383 Commits 27 Branches 1,043 Tags
263b6bc0701dfd79241a6de7e92772a8864569ea
Commit Graph

2119 Commits

Author SHA1 Message Date
youkergav 263b6bc070 Merge branch 'master' of github.com:rapid7/metasploit-framework into su_login 2020-10-09 05:26:48 -04:00
youkergav 23c6c415eb Added python alternative and check function 2020-10-09 03:58:55 -04:00
bwatters 3a6293357e Land #14190, Add the DOMAIN option to the CVE-2020-0688 Exploit 
Merge branch 'land-14190' into upstream-master
 2020-10-05 12:12:21 -05:00
h00die 15bb690308 fix vulnerability spelling 2020-10-04 13:00:48 -04:00
bwatters e24a81919a Land #13996, Add module for CVE-2020-9801, CVE-2020-9850 and CVE-2020-9856, 
RCE for Safari on macOS 10.15.3 (pwn2own2020)

Merge branch 'land-13996' into upstream-master
 2020-10-01 09:46:39 -05:00
bwatters 3aeeede4a6 Land #14187, Added CVE-2020-3433 module 
Merge branch 'land-14187' into upstream-master
 2020-09-29 13:41:33 -05:00
youkergav 0bceead907 Merge branch 'master' of github.com:rapid7/metasploit-framework into su_login 2020-09-29 01:53:50 -04:00
Spencer McIntyre e7d2b73600 Add a DOMAIN option to CVE-2020-0688 for consistency with other modules 2020-09-28 09:24:39 -04:00
youkergav 38fb644169 Architecture updates; base64 password; compliance 2020-09-25 23:58:48 -04:00
Shelby Pace f0f4da2b1e Land #14157, Windows update orchestrator privesc 2020-09-25 16:07:27 -05:00
Antoine GOICHOT fef88f27eb Added CVE-2020-3433 module 2020-09-25 23:04:58 +02:00
Shelby Pace 2111865acf remove stray backtick 2020-09-25 16:04:46 -05:00
bwatters 2ed72007e0 Typos and cleanup 2020-09-25 12:27:55 -05:00
youkergav 17483f838e Bug fixes per requests 2020-09-25 00:01:52 -04:00
youkergav 49a5dfc139 Spelling and grammer fixes 2020-09-24 03:29:07 -04:00
youkergav 35dd9cb517 Add Login to User with Su on Linux / Unix Systems 2020-09-24 02:36:26 -04:00
kalba-security e65083c092 Add maracms_upload_exec.rb exploit module and docs 2020-09-22 16:53:29 -04:00
bwatters 6cf3c0491f Add documentation 2020-09-22 12:16:29 -05:00
Christophe De La Fuente 2d1b378a18 Land #14122, Jenkins Deserialization RCE (CVE-2017-1000353) 2020-09-22 12:32:09 +02:00
Shelby Pace 2ae50e9304 Land #14025, add Artica Proxy auth bypass / rce 2020-09-21 15:27:53 -05:00
h00die ee77cc8e78 Land #14123, vyos restricted shell escape and priv escalation 2020-09-19 09:13:38 -04:00
Brendan Coles 6208f8795a vyos_restricted_shell_privesc: support login as admin user 2020-09-18 15:49:25 +00:00
Shelby Pace 74669f4052 Land #14135, add tp-link command injection 2020-09-18 09:47:02 -05:00
Shelby Pace f4bfad0439 msftidy_docs changes 2020-09-18 09:42:14 -05:00
Pietro Oliva 5f204257a5 Remove unnecessary comma, fix docs 2020-09-18 10:15:23 -04:00
Pietro Oliva d3f68d0fe4 Fix double shell issue 2020-09-18 09:23:02 -04:00
Shelby Pace c04e8d73c3 Land #14023, spooler svc privesc (PrinterDemon) 2020-09-17 16:06:29 -05:00
Shelby Pace 510d119579 add steps for producing serialized object 2020-09-17 13:58:48 -05:00
Shelby Pace f5f010a1b0 Update documentation/modules/exploit/linux/http/jenkins_cli_deserialization.md 
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>
 2020-09-17 09:11:43 -05:00
Pietro Oliva 072f35c270 -Updated module to work using CmdStager 
-Updated documentation accordingly
-Removed unnecessary includes and simplified code
 2020-09-16 19:51:15 -04:00
Spencer McIntyre c2d101a06b Land #14126, Add Microsoft Exchange Server DLP Policy RCE (CVE-2020-16875) 2020-09-16 16:31:13 -04:00
William Vu 03e0b9098c Add more words about Exchange role groups 2020-09-16 12:55:08 -05:00
bwatters 198f3905ae Logic errors and typos 2020-09-16 11:17:39 -05:00
bwatters ce8033714d remove copy/pasta code and fix version check 2020-09-16 11:17:39 -05:00
bwatters c2e2a4fe2c More Rubocop, add documentation, and typo fix 2020-09-16 11:17:39 -05:00
Shelby Pace 0f0d6a233b Land #14074, add Mida eFramework command injection 2020-09-16 10:24:51 -05:00
William Vu e118ff1509 Add Microsoft Exchange Server DLP Policy RCE 
CVE-2020-16875
 2020-09-16 02:41:08 -05:00
0xsysenter b0f329a238 Update documentation/modules/exploit/linux/http/tp_link_ncxxx_bonjour_command_injection.md 
improved documentation

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-09-15 21:00:06 +02:00
0xsysenter a987065eae Update documentation/modules/exploit/linux/http/tp_link_ncxxx_bonjour_command_injection.md 
improved documentation

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-09-15 20:59:31 +02:00
William Vu 5ba3301d16 Fix nexus_repo_manager_el_injection.md scenario 
Missed in 966194d2b7.
 2020-09-15 13:14:36 -05:00
Pietro Oliva 19d8527275 Added module documentation 2020-09-15 12:32:27 -04:00
Niboucha Redouane 3a09337935 Remove AUTH_BYPASS target 2020-09-15 01:51:34 +02:00
Brendan Coles 485c51c88c Add VyOS restricted-shell Escape and Privilege Escalation 2020-09-11 18:19:25 +00:00
Brendan Coles febe38e1ce resolve qa comments 2020-09-11 17:16:10 +00:00
Shelby Pace d86f9427c9 change version check and add sleep 2020-09-11 11:49:14 -05:00
Shelby Pace 926398dd6f add remaining docs info 2020-09-10 18:25:34 -05:00
gwillcox-r7 593945ee61 Update module documentation with more detail r.e affected versions and the fact that the use of UNC paths could cause an issue if they are not typed in correctly. Also update the module documentation to use the output from recent tests to reflect recent changes. Shortern the module description and update its stability rating. Finally add in a reliability rating for the exploit module. 2020-09-10 11:32:45 -05:00
gwillcox-r7 7e1560ff26 Update documentation with the installation instructions I mentioned in the GitHub comments. Also RuboCop the exploit module code. 2020-09-10 11:32:18 -05:00
gwillcox-r7 d0fe87fbf6 Update documentation with some updated info about potentially bad situations the module could run into, and also include some new documentation on the new option we have added in to try to prevent this from happening 2020-09-10 11:32:18 -05:00
ide0x90 c4d463e921 Added option to generate standalone DLL. 2020-09-10 11:32:18 -05:00