adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
59,982 Commits 27 Branches 1,043 Tags
2a48dd265d8bb200ed6d2ead53700a52bbccee32
Commit Graph

59982 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Vladimir Ivanov 2a48dd265d Replace class var @@agents with a class instance var in auxiliary and exploit modules. 2021-03-22 12:13:04 +03:00
Vladimir Ivanov 6e13a26fd3 Delete links to launchpad.support.sap.com in doc files 2021-03-22 11:03:53 +03:00
Vladimir Ivanov 42726a70c0 client.rb - library for auxiliary and exploit modules 
cve_2020_6207_solman_rce.rb - auxiliary module
cve_2020_6207_solman_rce.md - documentation for auxiliary module
cve_2020_6207_solman_rs.rb - exploit module
cve_2020_6207_solman_rs.md - documentation for exploit module
 2021-03-21 16:51:21 +03:00
Grant Willcox 2126caf6a7 Land #14917, Add sort by category and reverse search results flags to the search command 2021-03-19 15:29:57 -05:00
Grant Willcox 9713402caf Add in more documentation to the help output, add support for searching by if modules have a check method or not, and support outputting an appropriate error message if the -s option is used with an invalid parameter 2021-03-19 15:01:58 -05:00
pingport80 332a076cec define sort, sort_options and desc 2021-03-19 15:01:56 -05:00
pingport80 bdf87c8080 add missing end 2021-03-19 15:01:56 -05:00
pingport80 d5ff94f101 add -s and -r options for search 2021-03-19 15:01:56 -05:00
pingport80 6584282b96 add sort to search command 2021-03-19 15:01:55 -05:00
Metasploit 19bc85fa1d automatic module_metadata_base.json update 2021-03-19 14:08:46 -05:00
adfoster-r7 a9af2d4542 Land #14815, replace ::Rex::Socket.gethostbyname with Socket.getaddrinfo 2021-03-19 19:02:45 +00:00
cgranleese-r7 799ea56316 replace ::Rex::Socket.gethostbyname with Socket.getaddrinfo 2021-03-19 11:01:27 +00:00
Metasploit 9bee43d660 automatic module_metadata_base.json update 2021-03-18 17:17:40 -05:00
Grant Willcox 341212c5f7 Land #14912, netgear_r6700_pass_reset - Fix check code typo and version check logic 2021-03-18 17:10:12 -05:00
Metasploit f9389eb7b2 automatic module_metadata_base.json update 2021-03-18 15:11:38 -05:00
Grant Willcox 8b859d2e17 Land #14910, Fix filezilla_client_cred.rb to only base64 decode strings inside tags specifically marked as being base64 encoded. 2021-03-18 15:03:57 -05:00
Metasploit 19e6e4310d automatic module_metadata_base.json update 2021-03-18 14:36:54 -05:00
bwatters 2c1869f9df Land #14907, Add exploit for CVE-2021-1732 
Merge branch 'land-14907' into upstream-master
 2021-03-18 14:29:59 -05:00
Metasploit 1bfc599892 automatic module_metadata_base.json update 2021-03-18 12:13:36 -05:00
bwatters fb7a97077f Land #14875,CVE-2021-21978 - VMWare View Planner Harness 4.6.x < 4.6 Security Patch 1 Arbitrary File Upload RCE 
Merge branch 'land-14875' into upstream-master
 2021-03-18 12:06:12 -05:00
Metasploit 4e3f21dd7b Bump version of framework to 6.0.37 2021-03-18 12:03:22 -05:00
Metasploit cd8d6e6e12 automatic module_metadata_base.json update 6.0.36 2021-03-18 09:30:28 -05:00
Grant Willcox f82168a2cf Land #14914, abb_wserver_exec - Add CVE Reference 2021-03-18 09:22:10 -05:00
Metasploit fe0ea56f22 automatic module_metadata_base.json update 2021-03-17 18:00:42 -05:00
Grant Willcox e6a2aaefcf Land #14911, impersonate_ssl: added an SNI option for the ssl certificate request 2021-03-17 17:53:18 -05:00
Grant Willcox 2cd67b1950 Rework the get_cert method to make use of Rex library methods instead so that pivotting can still work 2021-03-17 17:36:17 -05:00
Grant Willcox 01c93c0d8a Apply more RuboCop fixes to clean up old code and remove some dangerous calls to eval() that weren't needed 2021-03-17 15:06:04 -05:00
Wes 42df4495a7 abb_wserver_exec - add CVE reference 
add the cve for this

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5620
https://nvd.nist.gov/vuln/detail/CVE-2019-5620

cve was assigned years after public exploit code
 2021-03-17 15:58:21 -04:00
friedrico d7f03aaf80 getCert to snake case 2021-03-17 19:25:20 +01:00
Metasploit 8cf3bead59 Bump version of framework to 6.0.36 2021-03-17 12:32:39 -05:00
Adam Cammack 736369b643 Land #14905, Use ensure to run exploit cleanup 6.0.35 2021-03-17 11:56:09 -05:00
Metasploit 6cecc02b88 automatic module_metadata_base.json update 2021-03-17 10:04:47 -05:00
Grant Willcox 9d5799f4f9 Land #14913, OSVDB 100324 - update advisory link for abb_wserver_exec.rb 2021-03-17 09:56:21 -05:00
Wes 34674ce174 Update abb_wserver_exec.rb 
update advisory link 

#2708
 2021-03-17 09:59:15 -04:00
Metasploit 2a8277accb automatic module_metadata_base.json update 2021-03-17 08:33:18 -05:00
Spencer McIntyre 2ce0a90965 Land #14856, Fix method check for linux/ftp/proftp_telnet_iac module 2021-03-17 09:26:31 -04:00
Brendan Coles 71725d9366 netgear_r6700_pass_reset: Fix check and version check 2021-03-17 11:21:38 +00:00
friedrico a58a69d029 added an SNI option for the ssl certificate request 2021-03-17 09:10:48 +01:00
friedrico 3b5cdd767f Base64 encoding is set iff encoding attribute is set to base64 and not when it "could be due to length and alphabet of the password" 2021-03-17 08:49:28 +01:00
capme b99114787a re-adding first check, but not including [^ ] 2021-03-17 06:51:08 +07:00
capme 294a1a275c dropping extra version c that stated vulnerable 2021-03-17 06:20:59 +07:00
capme 26c653ef4a implement also for freebsd 2021-03-17 06:13:51 +07:00
Metasploit cec1b1fb06 automatic module_metadata_base.json update 2021-03-16 17:50:50 -05:00
Grant Willcox b1c3c49eb5 Land #14757, nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes 2021-03-16 17:43:43 -05:00
Spencer McIntyre f3df076067 Only upgrade the token of EProcess was found 2021-03-16 15:20:44 -04:00
Spencer McIntyre 1d365cdd75 Land #14906, remove random characters from yard-doc comment 2021-03-16 10:45:51 -04:00
Spencer McIntyre 0bff88c0c0 Update the module metadata and add module docs 2021-03-16 10:40:34 -04:00
Jeffrey Martin 13dae6730c remove random characters from yard-docs 2021-03-16 09:21:28 -05:00
Brendan Coles e30d8db082 nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes 
Resolve Rubocop violations
Fix off-by-one in array index triggered when no file upload succeeds
Fix cleanup: ensure files are removed when upload succeeds but execution fails
Add AutoCheck
Add module notes
Add error handling and associated operator feedback
Add additional writable paths required for some old Nagios versions
Add fallback to session as `apache` if privlege escalation fails
Update documentation in line with above changes and fix software download links
 2021-03-16 07:13:55 +00:00
Jeffrey Martin 83d757f0dd use ensure for cleanup 
There exists a possibility that cleanup can be missed when an exploit raises
an exception other than `Interrupt` when run, by shifting the cleanup into
`ensure` for all exceptions when `keep_handler` is not set handlers and
other cleanup tasks from a module will be called for more possible error
states.
 2021-03-15 17:17:09 -05:00