adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
59,982 Commits 27 Branches 1,043 Tags
2a48dd265d8bb200ed6d2ead53700a52bbccee32
Commit Graph

15156 Commits

Author SHA1 Message Date
Vladimir Ivanov 2a48dd265d Replace class var @@agents with a class instance var in auxiliary and exploit modules. 2021-03-22 12:13:04 +03:00
Vladimir Ivanov 42726a70c0 client.rb - library for auxiliary and exploit modules 
cve_2020_6207_solman_rce.rb - auxiliary module
cve_2020_6207_solman_rce.md - documentation for auxiliary module
cve_2020_6207_solman_rs.rb - exploit module
cve_2020_6207_solman_rs.md - documentation for exploit module
 2021-03-21 16:51:21 +03:00
bwatters 2c1869f9df Land #14907, Add exploit for CVE-2021-1732 
Merge branch 'land-14907' into upstream-master
 2021-03-18 14:29:59 -05:00
bwatters fb7a97077f Land #14875,CVE-2021-21978 - VMWare View Planner Harness 4.6.x < 4.6 Security Patch 1 Arbitrary File Upload RCE 
Merge branch 'land-14875' into upstream-master
 2021-03-18 12:06:12 -05:00
Wes 42df4495a7 abb_wserver_exec - add CVE reference 
add the cve for this

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5620
https://nvd.nist.gov/vuln/detail/CVE-2019-5620

cve was assigned years after public exploit code
 2021-03-17 15:58:21 -04:00
Wes 34674ce174 Update abb_wserver_exec.rb 
update advisory link 

#2708
 2021-03-17 09:59:15 -04:00
Spencer McIntyre 2ce0a90965 Land #14856, Fix method check for linux/ftp/proftp_telnet_iac module 2021-03-17 09:26:31 -04:00
capme b99114787a re-adding first check, but not including [^ ] 2021-03-17 06:51:08 +07:00
capme 294a1a275c dropping extra version c that stated vulnerable 2021-03-17 06:20:59 +07:00
capme 26c653ef4a implement also for freebsd 2021-03-17 06:13:51 +07:00
Grant Willcox b1c3c49eb5 Land #14757, nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes 2021-03-16 17:43:43 -05:00
Spencer McIntyre 0bff88c0c0 Update the module metadata and add module docs 2021-03-16 10:40:34 -04:00
Brendan Coles e30d8db082 nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes 
Resolve Rubocop violations
Fix off-by-one in array index triggered when no file upload succeeds
Fix cleanup: ensure files are removed when upload succeeds but execution fails
Add AutoCheck
Add module notes
Add error handling and associated operator feedback
Add additional writable paths required for some old Nagios versions
Add fallback to session as `apache` if privlege escalation fails
Update documentation in line with above changes and fix software download links
 2021-03-16 07:13:55 +00:00
bwatters ae5d31cb39 Land # 14776, Add Window Server 2012 SrClient DLL Hijacking local exploit module 
Merge branch 'land-14776' into upstream-master
 2021-03-15 14:34:35 -05:00
Spencer McIntyre 2e3d98a36a Move the DLL injection code into a reusable function 2021-03-15 11:47:02 -04:00
kalba-security 98c04eae6c Remove TODO comment, update documentaton to include WAIT_FOR_TIWORKER option. 2021-03-15 07:51:12 -04:00
Grant Willcox 57931956d9 Fix bad style again 2021-03-15 01:33:32 -05:00
capme b112cc52eb change variable into snake case 2021-03-15 06:39:55 +07:00
capme ea95048377 fix identation. make readable check version 3. fix logical operator 2021-03-15 06:34:53 +07:00
Grant Willcox ecae6eb91a Update response check to explicitly check if the response body is empty and to remove unneeded safe navigation operator 2021-03-14 13:14:52 -05:00
Grant Willcox 6616112b59 Correct exploit ranking, wrap file restoration in ensure clause, fix typos, and address other review comments 2021-03-14 00:00:18 -06:00
Grant Willcox 89ce1c5229 Quick update to make the backdoor a bit stealthier by removing the extra Payload Success! message that wasn't needed 2021-03-14 00:00:17 -06:00
Grant Willcox a6c92a12a1 Add link to wvu's PoC and fix typo 2021-03-14 00:00:17 -06:00
Grant Willcox 4f2e299d8f Update the exploit to use Python as its payload since this is a lot more flexible, allows Meterpreter, returns a shell faster, and we are already injecting into and executing a Python file 2021-03-14 00:00:06 -06:00
Grant Willcox c2c5db95d8 Add in documentation and fix some mistakes in the description of the module 2021-03-14 00:00:05 -06:00
Grant Willcox 7d6e636114 Initial upload of exploit code for CVE-2021-21978 2021-03-13 23:59:47 -06:00
Spencer McIntyre f0a9a1deb3 Add the initial exploit for CVE-2021-1732 2021-03-12 17:30:22 -05:00
Grant Willcox 8dce1acd64 Land #14794, dup_scout_enterprise_login_bof: Add v9.9.14 target and auto targeting 2021-03-12 12:07:57 -06:00
Spencer McIntyre aaf7e21def Update the microfocus_ucmdb_unauth_deser module to use the new mixin 
This updates the microfocus_ucmdb_unauth_deser module to use the new
Java Deserialization mixin. Unfortunately we do not have access to the
software for testing so these changes can not be verified.
 2021-03-11 12:09:29 -06:00
Spencer McIntyre d580e7d122 Fix some documentation, remove unnecessary code and fix a filename typo 2021-03-11 12:09:29 -06:00
Spencer McIntyre 8d2e644f4f Add a new Java Deserialization mixin and use it to set the shell 2021-03-11 12:09:29 -06:00
Spencer McIntyre 2bd6b7abc7 Specify the modified_type when generating ysoserial payloads 
Fixes #13753
 2021-03-11 12:09:29 -06:00
Alan Foster f5edb5a105 Remove redundant rubocop disables 2021-03-11 17:23:44 +00:00
Shelby Pace fbd6f19d04 Land #14846, add HPE SIM unauth AMF deser rce 2021-03-08 16:50:49 -06:00
Grant Willcox 514d46bd4d Rubocop module again and also update the documentation to reflect recent changes 2021-03-08 16:08:36 -06:00
Grant Willcox 8479f01290 Improve the check logic to more accurately detect if a target is vulnerable or not 2021-03-08 15:59:26 -06:00
Grant Willcox 2e45962cc0 Change gsub! to gsub so that we don't end up with nil errors when a match isn't found 2021-03-08 15:11:58 -06:00
kalba-security ab632b93d1 Drop x86 target, add checks for Windows Update nil setting and for when TiWorker.exe is already running on the target 2021-03-06 10:47:59 -05:00
William Vu bcf7ad000b Add CheckModule to fingerprint VMware product 2021-03-05 17:25:37 -06:00
William Vu 33e52b0fb2 Update and refactor check 
Now with more science!
 2021-03-05 17:25:37 -06:00
William Vu 26f1c209b2 Add VMware vCenter Server CVE-2021-21972 exploit 2021-03-05 17:25:37 -06:00
Grant Willcox 02e89947c7 Update check method to fix an incorrect check code, change from Appears to Detected 2021-03-05 11:16:24 -06:00
Grant Willcox 2b488800e6 Update the check method to eliminate potential false positives by searching for the presence of three strings that together should only be returned by HPE SIM web servers. 2021-03-05 11:14:30 -06:00
Spencer McIntyre 53f4d3f193 Land #14792, Apply fixes for invalid architecture checks to affected modules 
Fixes #14599
 2021-03-05 09:24:34 -05:00
Christophe De La Fuente 32899a61ea Land #14847, Add Microsoft Windows RRAS Service MIBEntryGet Overflow 2021-03-05 11:01:58 +01:00
capme 4ed489c12c fix method check for linux/ftp/proftp_telnet_iac module 2021-03-05 14:49:51 +07:00
Grant Willcox 59d7288773 RuboCop module and fix small spelling mistake in documentation 2021-03-04 18:48:19 -06:00
Grant Willcox f193caa48e Also make sure that the default option is to use Windows Powershell since this supports Meterpreter and is generally a lot more reliable 2021-03-04 18:40:21 -06:00
Grant Willcox d739bf7809 Fix up payload_template_adjustments function to use a simpler loop like structure as per space-r7 
's recommendations
 2021-03-04 18:34:45 -06:00
Grant Willcox 41794fe4e7 Remove redundant assignments of sysinfo["Architecture"] to unused "arch" variable 2021-03-04 15:54:38 -06:00