adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41,776 Commits 27 Branches 1,043 Tags
309876f2f6d6f94de80900b1aa9a716aabbad391
Commit Graph

1379 Commits

Author SHA1 Message Date
Brent Cook 4c0539d129 Land #8178, Add support for non-Ruby modules 2017-04-02 21:02:37 -05:00
h00die 0092818893 Land #8169 add exploit rank where missing 2017-04-02 20:59:25 -04:00
Bryan Chu 151ed16c02 Re-ranking files 
../exec_shellcode.rb
Rank Great -> Excellent

../cfme_manageiq_evm_upload_exec.rb
Rank Great -> Excellent

../hp_smhstart.rb
Rank Average -> Normal
 2017-04-02 18:33:46 -04:00
Adam Cammack 6910cb04dd Add first exploit written in Python 2017-03-31 17:07:55 -05:00
dmohanty-r7 1ce7bf3938 Land #8126, Add SolarWind LEM Default SSH Pass/RCE 2017-03-31 11:21:32 -05:00
dmohanty-r7 c445a1a85a Wrap ssh.loop with begin/rescue 2017-03-31 11:16:10 -05:00
Bryan Chu 5e31a32771 Add missing ranks 
../exec_shellcode.rb
Rank = Great
This exploit is missing autodetection and version checks,
but should be ranked Great due to high number of possible targets

../cfme_manageiq_evm_upload_exec.rb
Rank = Great
This exploit implements a check to assess target availability,
and the vulnerability does not require any user action

../dlink_dcs_930l_authenticated_remote_command_execution
Rank = Excellent
Exploit utilizes command injection

../efw_chpasswd_exec
Rank = Excellent
Exploit utilizes command injection

../foreman_openstack_satellite_code_exec
Rank = Excellent
Exploit utilizes code injection

../nginx_chunked_size
Rank = Great
Exploit has explicit targets with nginx version auto-detection

../tp_link_sc2020n_authenticated_telnet_injection
Rank = Excellent
See dlink_dcs_930l_authenticated_remote_command_execution,
exploit uses OS Command Injection

../hp_smhstart
Rank = Average
Must be specific user to exploit, no autodetection,
specific versions only
 2017-03-31 02:39:44 -04:00
Pearce Barry 9db2e9fbcd Land #8146, Add Default Secret & Deserialization Exploit for Github Enterprise 2017-03-24 14:38:47 -05:00
William Webb e04f01ed6b Land #7778, RCE on Netgear WNR2000v5 2017-03-23 15:34:16 -05:00
wchen-r7 3b062eb8d4 Update version info 2017-03-23 13:46:09 -05:00
wchen-r7 fdb52a6823 Avoid checking res.code to determine RCE success 
Because it's not accurate
 2017-03-23 13:39:45 -05:00
wchen-r7 39682d6385 Fix grammar 2017-03-23 13:23:30 -05:00
wchen-r7 ee21377d23 Credit Brent & Adam 2017-03-23 11:22:49 -05:00
wchen-r7 196a0b6ac4 Add Default Secret & Deserialization Exploit for Github Enterprise 2017-03-23 10:40:31 -05:00
Mehmet Ince d37966f1bb Remove old file 2017-03-23 12:53:08 +03:00
Mehmet Ince 8a43a05c25 Change name of the module 2017-03-23 12:49:31 +03:00
bwatters-r7 a93aef8b7a Land #8086, Add Module Logsign Remote Code Execution 2017-03-22 11:33:49 -05:00
h00die 7bcd53d87d Land #8079, exploit and aux for dnaLims 2017-03-20 11:08:05 -04:00
h00die fd5345a869 updates per pr 2017-03-20 10:40:43 -04:00
h00die fe5167bf26 changes to file per pr 2017-03-20 10:16:42 -04:00
h00die 84e4b8d596 land #8115 which adds a CVE reference to IMSVA 2017-03-18 09:51:52 -04:00
Mehmet Ince 6aa42dcf08 Add solarwinds default ssh user rce 2017-03-17 21:54:35 +03:00
Mehmet Ince f706c4d7f6 Removing prefix 2017-03-16 00:49:55 +03:00
Mehmet Ince 60186f6046 Adding CVE number 2017-03-16 00:31:21 +03:00
William Vu 01ea5262b8 Land #8070, msftidy vars_get fixes 2017-03-14 12:05:24 -05:00
William Vu 5c436f2867 Appease msftidy in tr064_ntpserver_cmdinject 
Also s/"/'/g.
 2017-03-14 11:52:21 -05:00
William Vu 5d6a159ba9 Use query instead of uri in mvpower_dvr_shell_exec 
I should have caught this in #7987, @bcoles, but I forgot. Apologies.
This commit finishes what @itsmeroy2012 attempted to do in #8070.
 2017-03-14 11:51:55 -05:00
itsmeroy2012 79331191be msftidy error updated 2.5 2017-03-14 22:02:59 +05:30
itsmeroy2012 67fc43a0a1 msftidy error updated 2.4 2017-03-14 21:33:53 +05:30
itsmeroy2012 fe4e2306b4 Reverting one step 2017-03-13 22:22:24 +05:30
William Vu fe4f20c0cc Land #7968, NETGEAR R7000 exploit 2017-03-10 16:02:30 -06:00
itsmeroy2012 1c54e0ba94 msftidy error updated 2.2 2017-03-10 23:59:38 +05:30
itsmeroy2012 6d8789a56e Updated msftidy error 2.1 2017-03-10 23:03:37 +05:30
itsmeroy2012 c0f17cf6b8 msftidy error updated 2.0 2017-03-10 22:16:27 +05:30
Mehmet Ince f6bac3ae31 Add iso link to md file and change CheckCode code 2017-03-10 13:00:49 +03:00
flakey-biscuits 0ab3ad86ee change dnalims_file_retrieve module type 2017-03-09 10:06:31 -05:00
flakey-biscuits 95a01b9f5e add dnaLIMS exploits 2017-03-09 09:46:18 -05:00
William Vu 081ca17ebf Specify default resource in start_service 
This eliminates the need to override resource_uri. Depends on #8078.
 2017-03-09 03:00:51 -06:00
= c52b0cba5e msftidy error on master updated 2017-03-08 20:58:01 +05:30
William Vu 0f899fdb0b Convert ARCH_CMD to CmdStager 2017-03-08 07:35:37 -06:00
= 7976966ce9 Issue 7923 - msftidy errors on master 2017-03-08 03:12:41 +05:30
Mehmet Ince e5636d6ce1 Adding logsign rce module and doc 2017-02-28 21:04:37 +03:00
Pedro Ribeiro f18b533226 change platform time to unix (although it is linux in reality but whatevs) 2017-02-24 22:58:24 +00:00
Brendan Coles 5d3a4cce67 Use all caps for module option names 2017-02-23 16:30:01 +11:00
Carter 25b3cc685a Update netgear_r7000_cgibin_exec.rb 2017-02-22 11:36:52 -05:00
Brendan Coles 47fec5626e Style update 2017-02-22 07:56:17 +00:00
Brendan Coles e491f01c70 Add MVPower DVR Shell Unauthenticated Command Execution module 2017-02-22 05:15:57 +00:00
wchen-r7 48f6740fee Land #7969, Add Module Trend Micro IMSVA Remote Code Execution 2017-02-21 17:29:04 -06:00
bwatters-r7 a9b9a58d4d Land #7893, Add Module AlienVault OSSIM/USM Remote Code Execution 2017-02-21 13:35:56 -06:00
Carter e99ba0ea86 Msftidy stuff 2017-02-18 00:34:49 -05:00