adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
68,522 Commits 27 Branches 1,043 Tags
39da40e4b533bd55e2479f3d44cd9fe41b140b60
Commit Graph

33501 Commits

Author SHA1 Message Date
Christophe De La Fuente d1a7170020 Land #17021, Gitea Git fetch RCE module - CVE-2022-30781 2022-11-17 12:28:29 +01:00
Christophe De La Fuente 11541a5774 Add comment for details about the string substitutions on Windows 2022-11-17 12:25:52 +01:00
krastanoel 1ddc137f1a Update module 
- adjust execute_command method and add logic for :win_dropper target
- move cmdstager uripath setting into target case statement
- add more cmdstagerflavour for :linux_dropper target
- fix lint msftidy
 2022-11-15 22:30:45 +07:00
krastanoel cbca2a5604 Update modules/exploits/multi/http/gitea_git_fetch_rce.rb 
apply suggestion

Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-11-15 22:17:59 +07:00
Christophe De La Fuente 494c9601ca Land #17222, Pre-authenticated Remote Code Execution in VMware NSX Manager using XStream [CVE-2021-39144] 2022-11-15 14:16:14 +01:00
Spencer McIntyre eff9a16e00 Use the access mask data type 
Also switch from bit16 to uint16 so it's little endian.
 2022-11-14 12:27:38 -05:00
h00die 59535b6799 remove 'is' 2022-11-12 16:19:50 -05:00
h00die-gr3y 70669f3fea addressed code improvement suggestions 2022-11-12 10:21:43 +00:00
H00die.Gr3y 72080910e7 Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-11-12 09:22:06 +01:00
H00die.Gr3y 85b4512292 Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-11-12 09:21:55 +01:00
H00die.Gr3y 5d314e5799 Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-11-12 09:21:42 +01:00
H00die.Gr3y 04d6a310af Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-11-12 09:16:46 +01:00
H00die.Gr3y 1ce8695401 Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-11-12 09:16:30 +01:00
H00die.Gr3y e38138d69e Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-11-12 09:16:17 +01:00
H00die.Gr3y 967388eba7 Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb 
Agreed !

Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-11-12 09:15:42 +01:00
adfoster-r7 3599221002 Land #17229, add post/multi/recon/reverse_lookup module 2022-11-09 11:28:45 +00:00
krastanoel 639afebe1e Update module 
- handle cleanup method on manual `check`
- adjust targets flavour option
- add :win_dropper target and handle the payload delivery
NOTE: the Windows dropper target is still unsuccessfull but keep this for further review
 2022-11-09 16:12:20 +07:00
krastanoel 13bb31feeb Update module 
- move repository migration to execute_command.
NOTE: the stageless payload is still unsuccessfull but keep this anyway for christophe to review.
 2022-11-09 04:52:18 +07:00
krastanoel bca5138fc8 Update module 
- move cleanup process to its own method and handle the response
- remove timeout and http delay option
- adjust target type location as code review suggestion
 2022-11-09 01:42:27 +07:00
krastanoel a50cca27e6 remove cookie_jar manipulation 2022-11-09 00:48:23 +07:00
krastanoel 52d867bbc7 follow Ruby coding convetions 
- combine gitea_version into get_gitea_version for the check method
- validate empty username
 2022-11-09 00:41:30 +07:00
Spencer McIntyre 65e4e1b76d Land #17221, Fix crash with payload sizes 
Fix crash when generating payload sizes
 2022-11-08 10:26:27 -05:00
krastanoel f0b67c8812 fix msftidy 2022-11-08 14:14:45 +07:00
krastanoel 540984804d Apply suggestions from code review 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-11-08 14:09:31 +07:00
adfoster-r7 f84113d96e Land #17235, report service_name in ManageEngineDesktopCentral 2022-11-07 23:57:09 +00:00
Grant Willcox 416cf78ae2 Land #17149, Update ssl_version module to be useful 2022-11-07 15:59:50 -06:00
Spencer McIntyre 47097b8d7d Land #17211, Compress Python payloads 
Compress Python payloads before base64 encoding
 2022-11-07 14:17:05 -05:00
Jeffrey Martin 27e9d9d272 report service_name in ManageEngineDesktopCentral 
The scanner now reports the service_name in the `Result` object.
 2022-11-07 12:23:59 -06:00
Spencer McIntyre ed7d458f07 Land #17122, Add in ESC Finder Module (ESC1-ESC3) 2022-11-07 11:53:15 -05:00
Spencer McIntyre c1d092b70d Minor tweaks 
Filter out enrollable certs by default and print the warning higher. Add
periods to all messages for consistency. Drop the message from
vprint_good to vprint_status when the query works.
 2022-11-07 10:37:12 -05:00
Christophe De La Fuente 929d4f2fa4 Land #17097, Gather Navicat 2022-11-07 12:30:16 +01:00
Christophe De La Fuente 85137056b9 Use fail_with instead of return 2022-11-07 12:28:10 +01:00
h00die-gr3y da189041b4 randomized endpoint url 2022-11-07 08:16:54 +00:00
llamasoft 1a353ee273 Update Python payloads to have dynamic sizes 
While the length of the input payload is always the same size,
it may not always have the same contents due to random checksum
URI and UUID generation.  This leads to payloads whose sizes
can vary by a few bytes between runs.
 2022-11-05 15:58:10 -04:00
llamasoft d6e9e1508c Compress Python pingback payloads 2022-11-05 15:49:51 -04:00
h00die-gr3y bf0ed5b513 fixed some typos in documentation 2022-11-05 15:36:42 +00:00
h00die-gr3y 642a83bd0d Updated module and added documentation 2022-11-05 15:14:31 +00:00
h00die cf0910d831 review comments 2022-11-05 07:23:14 -04:00
bcoles 7bf29c0a4e Add post/multi/recon/reverse_lookup 2022-11-05 13:18:35 +11:00
Grant Willcox 79ac775443 Perform updates from code review. 2022-11-04 15:44:28 -05:00
Grant Willcox 6a70087b7a Add in ESC2 and ESC3 attacks, rework code to split things up to support multiple ESC attacks, and make ESC attack filters easier to read by indenting them. Also remove some extra code that wasn't being used 2022-11-04 15:44:24 -05:00
Grant Willcox 8922e5b203 Add in first initial implementation of ESC module and updates to associated libraries. 2022-11-04 15:43:34 -05:00
h00die-gr3y 71d1c971a7 init commit module 2022-11-04 13:31:27 +00:00
adfoster-r7 0d9cca79b4 Fix crash when generating payload sizes 2022-11-04 02:10:58 +00:00
Christophe De La Fuente cd081cd0e6 Fixes from code review 2022-11-02 14:04:42 +01:00
Christophe De La Fuente 83d15c48d7 Add Password Manager Pro password recovery module 2022-11-02 14:04:42 +01:00
bwatters e83a7c5c6d Update identify hash library and call 2022-11-01 17:33:14 -05:00
space-r7 197b37751b Land #17174, add FLIR AX8 command injection module 2022-11-01 12:41:01 -05:00
Grant Willcox c4c4e736d9 Land #17142, Apache CouchDB Erlang RCE module CVE-2022-24706 2022-11-01 12:26:49 -05:00
Jack Heysel f61136dd6d Fixed powershell taget 2022-11-01 10:55:50 -05:00