adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
59,982 Commits 27 Branches 1,043 Tags
2a48dd265d8bb200ed6d2ead53700a52bbccee32
Commit Graph

30471 Commits

Author SHA1 Message Date
Vladimir Ivanov 2a48dd265d Replace class var @@agents with a class instance var in auxiliary and exploit modules. 2021-03-22 12:13:04 +03:00
Vladimir Ivanov 42726a70c0 client.rb - library for auxiliary and exploit modules 
cve_2020_6207_solman_rce.rb - auxiliary module
cve_2020_6207_solman_rce.md - documentation for auxiliary module
cve_2020_6207_solman_rs.rb - exploit module
cve_2020_6207_solman_rs.md - documentation for exploit module
 2021-03-21 16:51:21 +03:00
cgranleese-r7 799ea56316 replace ::Rex::Socket.gethostbyname with Socket.getaddrinfo 2021-03-19 11:01:27 +00:00
Grant Willcox 341212c5f7 Land #14912, netgear_r6700_pass_reset - Fix check code typo and version check logic 2021-03-18 17:10:12 -05:00
Grant Willcox 8b859d2e17 Land #14910, Fix filezilla_client_cred.rb to only base64 decode strings inside tags specifically marked as being base64 encoded. 2021-03-18 15:03:57 -05:00
bwatters 2c1869f9df Land #14907, Add exploit for CVE-2021-1732 
Merge branch 'land-14907' into upstream-master
 2021-03-18 14:29:59 -05:00
bwatters fb7a97077f Land #14875,CVE-2021-21978 - VMWare View Planner Harness 4.6.x < 4.6 Security Patch 1 Arbitrary File Upload RCE 
Merge branch 'land-14875' into upstream-master
 2021-03-18 12:06:12 -05:00
Grant Willcox f82168a2cf Land #14914, abb_wserver_exec - Add CVE Reference 2021-03-18 09:22:10 -05:00
Grant Willcox e6a2aaefcf Land #14911, impersonate_ssl: added an SNI option for the ssl certificate request 2021-03-17 17:53:18 -05:00
Grant Willcox 2cd67b1950 Rework the get_cert method to make use of Rex library methods instead so that pivotting can still work 2021-03-17 17:36:17 -05:00
Grant Willcox 01c93c0d8a Apply more RuboCop fixes to clean up old code and remove some dangerous calls to eval() that weren't needed 2021-03-17 15:06:04 -05:00
Wes 42df4495a7 abb_wserver_exec - add CVE reference 
add the cve for this

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5620
https://nvd.nist.gov/vuln/detail/CVE-2019-5620

cve was assigned years after public exploit code
 2021-03-17 15:58:21 -04:00
friedrico d7f03aaf80 getCert to snake case 2021-03-17 19:25:20 +01:00
Wes 34674ce174 Update abb_wserver_exec.rb 
update advisory link 

#2708
 2021-03-17 09:59:15 -04:00
Spencer McIntyre 2ce0a90965 Land #14856, Fix method check for linux/ftp/proftp_telnet_iac module 2021-03-17 09:26:31 -04:00
Brendan Coles 71725d9366 netgear_r6700_pass_reset: Fix check and version check 2021-03-17 11:21:38 +00:00
friedrico a58a69d029 added an SNI option for the ssl certificate request 2021-03-17 09:10:48 +01:00
friedrico 3b5cdd767f Base64 encoding is set iff encoding attribute is set to base64 and not when it "could be due to length and alphabet of the password" 2021-03-17 08:49:28 +01:00
capme b99114787a re-adding first check, but not including [^ ] 2021-03-17 06:51:08 +07:00
capme 294a1a275c dropping extra version c that stated vulnerable 2021-03-17 06:20:59 +07:00
capme 26c653ef4a implement also for freebsd 2021-03-17 06:13:51 +07:00
Grant Willcox b1c3c49eb5 Land #14757, nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes 2021-03-16 17:43:43 -05:00
Spencer McIntyre 0bff88c0c0 Update the module metadata and add module docs 2021-03-16 10:40:34 -04:00
Brendan Coles e30d8db082 nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes 
Resolve Rubocop violations
Fix off-by-one in array index triggered when no file upload succeeds
Fix cleanup: ensure files are removed when upload succeeds but execution fails
Add AutoCheck
Add module notes
Add error handling and associated operator feedback
Add additional writable paths required for some old Nagios versions
Add fallback to session as `apache` if privlege escalation fails
Update documentation in line with above changes and fix software download links
 2021-03-16 07:13:55 +00:00
bwatters ae5d31cb39 Land # 14776, Add Window Server 2012 SrClient DLL Hijacking local exploit module 
Merge branch 'land-14776' into upstream-master
 2021-03-15 14:34:35 -05:00
Spencer McIntyre 2e3d98a36a Move the DLL injection code into a reusable function 2021-03-15 11:47:02 -04:00
kalba-security 98c04eae6c Remove TODO comment, update documentaton to include WAIT_FOR_TIWORKER option. 2021-03-15 07:51:12 -04:00
dwelch-r7 596e1fb6f8 Add rubocop rule to correct Gem::Version to Rex::Version 2021-03-15 11:17:47 +00:00
Grant Willcox 57931956d9 Fix bad style again 2021-03-15 01:33:32 -05:00
capme b112cc52eb change variable into snake case 2021-03-15 06:39:55 +07:00
capme ea95048377 fix identation. make readable check version 3. fix logical operator 2021-03-15 06:34:53 +07:00
Grant Willcox ecae6eb91a Update response check to explicitly check if the response body is empty and to remove unneeded safe navigation operator 2021-03-14 13:14:52 -05:00
Grant Willcox 6616112b59 Correct exploit ranking, wrap file restoration in ensure clause, fix typos, and address other review comments 2021-03-14 00:00:18 -06:00
Grant Willcox 89ce1c5229 Quick update to make the backdoor a bit stealthier by removing the extra Payload Success! message that wasn't needed 2021-03-14 00:00:17 -06:00
Grant Willcox a6c92a12a1 Add link to wvu's PoC and fix typo 2021-03-14 00:00:17 -06:00
Grant Willcox 4f2e299d8f Update the exploit to use Python as its payload since this is a lot more flexible, allows Meterpreter, returns a shell faster, and we are already injecting into and executing a Python file 2021-03-14 00:00:06 -06:00
Grant Willcox c2c5db95d8 Add in documentation and fix some mistakes in the description of the module 2021-03-14 00:00:05 -06:00
Grant Willcox 7d6e636114 Initial upload of exploit code for CVE-2021-21978 2021-03-13 23:59:47 -06:00
Grant Willcox 61f960dc34 Land #14824, Skip empty files for path traversal enumeration inside http_traversal.rb 2021-03-12 18:59:45 -06:00
Spencer McIntyre f0a9a1deb3 Add the initial exploit for CVE-2021-1732 2021-03-12 17:30:22 -05:00
Grant Willcox 8dce1acd64 Land #14794, dup_scout_enterprise_login_bof: Add v9.9.14 target and auto targeting 2021-03-12 12:07:57 -06:00
Spencer McIntyre 3684bc6f30 Land #14661, payload/x86/exec with metasm conversoin and NULL free variant 2021-03-12 12:02:44 -05:00
Grant Willcox ef97b33d74 Land #14877, Support more recent versions of Firefox's default profile directory 2021-03-12 10:53:09 -06:00
Geyslan G. Bem dc6dac3af1 payload/x86/exec.rb - logic inverted for readability 
Signed-off-by: Geyslan G. Bem <geyslan@gmail.com>
 2021-03-11 19:11:34 -03:00
Geyslan G. Bem 1da8c111b7 payloads/x86/exec.rb - set NullFreeVersion as required 
Set NullFreeVersion as a required option.
Remove nullfreeversion redundant assignment.

Signed-off-by: Geyslan G. Bem <geyslan@gmail.com>
 2021-03-11 18:31:35 -03:00
Spencer McIntyre aaf7e21def Update the microfocus_ucmdb_unauth_deser module to use the new mixin 
This updates the microfocus_ucmdb_unauth_deser module to use the new
Java Deserialization mixin. Unfortunately we do not have access to the
software for testing so these changes can not be verified.
 2021-03-11 12:09:29 -06:00
Spencer McIntyre d580e7d122 Fix some documentation, remove unnecessary code and fix a filename typo 2021-03-11 12:09:29 -06:00
Spencer McIntyre 8d2e644f4f Add a new Java Deserialization mixin and use it to set the shell 2021-03-11 12:09:29 -06:00
Spencer McIntyre 2bd6b7abc7 Specify the modified_type when generating ysoserial payloads 
Fixes #13753
 2021-03-11 12:09:29 -06:00
Alan Foster f5edb5a105 Remove redundant rubocop disables 2021-03-11 17:23:44 +00:00