adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
72,331 Commits 27 Branches 1,043 Tags
2718c078d209eb2e7c14f7d976c68efba104f5c8
Commit Graph

35436 Commits

Author SHA1 Message Date
Kevin Joensen 2718c078d2 removed WfsDelay 2023-12-01 10:15:55 +01:00
Kevin Joensen d26db0b1dd changed datastore['TARGETURI'] to target_uri.path 2023-12-01 10:15:13 +01:00
Kevin Joensen 26e7807154 updated URI to TARGETURI 2023-12-01 10:09:06 +01:00
Kevin Joensen 9105966b20 Fixed debug string 2023-12-01 10:07:28 +01:00
Kevin Joensen 7dbd938e3b fixed linting with rubocop and msftidy.rb 2023-11-27 18:44:10 +01:00
Kevin Joensen 3ffeef36f6 Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-27 11:48:50 +01:00
Kevin Joensen ebc18db0ac Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-27 11:48:12 +01:00
Kevin Joensen 4906ea228d updated fields to have random values 2023-11-27 09:39:18 +01:00
Kevin Joensen 27b2cdf5b1 Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Remove obsolete slash in normalize_uri parameters

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-25 13:09:15 +01:00
Kevin Joensen 32380d8a26 Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Remove obsolete slash in normalize_uri parameters

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-25 13:09:03 +01:00
Kevin Joensen a04943063e Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Removes quotes from normalize_uri parameters.

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-25 13:07:08 +01:00
Kevin Joensen 8c007c0ef7 added exploit for CVE-2023-32781 - PRTG authenticated RCE 2023-11-23 19:28:02 +01:00
adfoster-r7 7f8da5a121 Land #18558, Support x64 in enum_chrome 2023-11-21 15:26:56 +00:00
adfoster-r7 5c09c86349 Land #18448, corrected options confict between module and ldap mixin 2023-11-21 13:33:21 +00:00
Spencer McIntyre 13ae9fcded Refactor things in #decrypt_data 
* Check that the initial memory was actually allocated before writing to
  it
* Don't pass 16 to CryptUnprotectData as the ppszDataDescr parameter
  because it is not a valid LPWSTR
* Don't leak memory in the event that CryptUnprotectData by ensuring mem
  and addr are always free'ed
* Combine free calls into one for speed
* Don't assume the sessions is ARCH_X64 if it is not ARCH_X86 because
  that may change some day
 2023-11-20 16:40:42 -05:00
Spencer McIntyre 69e5caa1a0 Refactor the ghostcat module to use the AJP defs 2023-11-17 12:58:05 -05:00
Jack Heysel 1da4333611 Land #18434, Add module for Zoneminder RCE 
This PR adds an RCE module for the Zoneminder video
surveillance software system (CVE-2023-26035).
 2023-11-10 15:15:01 -05:00
Wolfgang Hotwagner 9ce3fdc557 added empty line after guard clause 2023-11-09 22:23:27 +00:00
whotwagner 4919291ec8 Update modules/exploits/unix/webapp/zoneminder_snapshots.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-11-09 23:21:39 +01:00
whotwagner 21340d0fd8 Update modules/exploits/unix/webapp/zoneminder_snapshots.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-11-09 23:21:26 +01:00
whotwagner 87cb12731e Update modules/exploits/unix/webapp/zoneminder_snapshots.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-11-09 23:20:57 +01:00
whotwagner e4005feb30 Update modules/exploits/unix/webapp/zoneminder_snapshots.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-11-09 23:20:33 +01:00
whotwagner 110cea8cc9 Update modules/exploits/unix/webapp/zoneminder_snapshots.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-11-09 23:20:17 +01:00
bwatters b5aeab0c9f Merge #18491, Add Module for PL/SQL Developer to gather credentials 
Merge branch 'land-18491' into upstream-master
 2023-11-09 11:18:52 -06:00
Jemmy Wang 893da00c6a Modify Table DisplayName and password matching regex 2023-11-09 13:58:14 +08:00
Jemmy Wang a4750b11bc Optimize AES key 2023-11-09 05:26:20 +08:00
Jemmy Wang 9c23f86d83 Add support for v15 new encryption algorithm 2023-11-09 05:08:27 +08:00
bwatters 77a93e452f Land #18507, Exploit & Auxiliary modules for CVE-2023-20198 and CVE-2023-20273 (Cisco IOS XE) 
Merge branch 'land-18507' into upstream-master
 2023-11-08 09:05:40 -06:00
Jack Heysel 06369281b9 Land #18503, Apache Nifi Cred Stealer Post Module 
This PR adds a post module to steal config and credential
information for Apache NiFi.
 2023-11-07 20:05:10 -05:00
jheysel-r7 7331db43dd Update print statement 2023-11-07 18:55:42 -05:00
Jemmy Wang d4166098a8 Update to be compatible for PL/SQL 14 2023-11-08 01:15:22 +08:00
h00die 87cd4aac5e spelling fix 2023-11-07 05:04:31 -05:00
sfewer-r7 2a56c3f28b remove redundant \d in check regex 2023-11-07 09:21:04 +00:00
h00die f1317fa050 review comments 2023-11-06 18:34:36 -05:00
h00die 0ce7b03397 update nifi credentials post module 2023-11-06 14:50:02 -05:00
sfewer-r7 25ef7d1272 add the RCE exploit 2023-11-06 17:12:40 +00:00
bwatters e8d45b00ba Land #18501, Exploit module for CVE-2023-46604 - Apache ActiveMQ 
Merge branch 'land-18501' into upstream-master
 2023-11-06 09:30:48 -06:00
sfewer-r7 b28668790d allow user to explicitly specify a CLI mode. Valid modes are 'user', 'privileged', and 'global'. 2023-11-06 11:40:22 +00:00
sfewer-r7 10ee87c712 Add an optional CISCO_ADMIN_USERNAME and CISCO_ADMIN_PASSWORD options. If set these admin creds are used to leverage CVE-2023-20273. If not set, then CVE-2023-20198 is used to create a new temp admin account before leveraging CVE-2023-20273 2023-11-06 10:20:07 +00:00
sfewer-r7 ea21036995 reduce nesting in the check routine 2023-11-06 09:42:59 +00:00
sfewer-r7 4272678938 reduce the indentation in on_request_uri 2023-11-06 09:36:20 +00:00
sfewer-r7 fa8c40072c ensure the payload doesnt contain a CDATA closing tag, if found then fail before we attempt exploitation 2023-11-06 09:36:20 +00:00
Christophe De La Fuente 1cde6198b5 Land #18481, MagnusBilling unauthenticated RCE [CVE-2023-30258] 2023-11-03 20:42:27 +01:00
sfewer-r7 a55132b36f strip out "**CLI Line # " from the results and use print_line instead of print_status for cleaner output. 2023-11-03 17:09:08 +00:00
sfewer-r7 c8121ebd8e mention dropping to User EXEC mode via two exit keywords 2023-11-03 16:43:21 +00:00
Jack Heysel ce5188a76c Land #18218, improve Windows checkvm post module 
This PR includes a number of enhancements to the windows
checkvm post module, including reducing the number of requests
set to the targets among other things.
 2023-11-03 12:17:06 -04:00
sfewer-r7 17420289dc Add two auxiliary modules for the recent Cisco IOS XE exploit chain bugs (CVE-2023-20198 and CVE-2023-20273). This allows for unauthenticated remote CLI or OS command execution. 2023-11-03 15:38:35 +00:00
jheysel-r7 23110e2ee3 Update modules/post/windows/gather/checkvm.rb 2023-11-03 11:18:55 -04:00
Jack Heysel 8bb7b98ce9 Land #18506, Fix stability issue for f5 2023-46747 
This PR fixes a statbility issue with the
f5_bigip_tmui_rce_cve_2023_46747 module. Prior to this fix
occasionally the module would fail on login as things were
running too quickly, the module now retrys loging in.
 2023-11-03 10:51:04 -04:00
Spencer McIntyre e5790f8d6e Fix a stability issue with the module 
Occassionally the module will fail on login if things are running too
quickly. Fix it by retrying like update_user_password does.
 2023-11-02 17:10:20 -04:00