adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
61,763 Commits 27 Branches 1,043 Tags
3c9c057fc3c241c19c1be80787b7fc061663118c
Commit Graph

1644 Commits

Author SHA1 Message Date
adfoster-r7 4a9a15e638 Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
Spencer McIntyre 9934f5d5ab Remove a useless variable assignment for rubocop 2021-07-29 08:54:07 -04:00
Grant Willcox a518fcac98 Add in timeout to 10th and final request to prevent module from throwing errors like it isn't working when it really is 2021-07-28 11:32:47 -05:00
Grant Willcox a13f6a35dc Use fail_with to properly handle the case where the target isn't the one we support 2021-07-27 13:00:44 -05:00
Grant Willcox 8dec3eaaaa Lock target into a specific firmware version as we don't have time to spend trying to get the heap overflow working for other firmware versions 2021-07-27 13:00:43 -05:00
Grant Willcox 6a787336e4 Improve the check function by using a different file that leaks details about the version of the router firmware on more devices without running into the issue of some of them requiring authentication 2021-07-27 13:00:37 -05:00
Grant Willcox 98e69f7d10 Fix up namespacing for some Check codes that would be hit under certain conditions to be proper, preventing our module throwing errors 2021-07-27 13:00:29 -05:00
Grant Willcox a53411229f Move files over to start work on converting this into an auxiliary module 2021-07-27 13:00:17 -05:00
Spencer McIntyre 3098e2fcdd Update the module notes regarding instability 2021-07-16 09:03:40 -04:00
Spencer McIntyre ed979992fd Remove a redundant print status statement 2021-07-13 10:14:16 -04:00
Spencer McIntyre 32eab49428 Fix a typo in the module description 2021-07-12 12:20:37 -04:00
Spencer McIntyre e155bb64cd Improved check method for PrintNightmare 2021-07-09 12:15:39 -04:00
Grant Willcox 70fd9376e3 Final documentation improvements to explain SMB setup and improvements to module to fix one minor error output 2021-07-07 17:05:22 -05:00
Spencer McIntyre f42aa3742c Automatically reconnect to the named pipe 2021-07-07 13:25:51 -04:00
Spencer McIntyre f74903178e Add a check method that detects the service 2021-07-06 17:29:08 -04:00
Spencer McIntyre d5d48949b2 Update PrintNightmare module docs 2021-07-06 16:30:51 -04:00
Spencer McIntyre 0f9b913b0f Remove the RPORT redefinition 2021-07-06 09:29:01 -04:00
Spencer McIntyre 9c6b023b0d Add PrintNightmare module docs 2021-07-02 16:00:39 -04:00
Spencer McIntyre dfa91961f7 Use enumeration to find target directories 2021-07-02 15:39:00 -04:00
Spencer McIntyre d9ecfb823f Add DCERPC plumbing for EnumPrinterDrivers 2021-07-02 12:10:00 -04:00
Spencer McIntyre b9830487de Add targets for older versions of Windows 2021-07-01 17:48:21 -04:00
Spencer McIntyre 9dea8b5f99 Define necessary flags and print target info 2021-07-01 16:01:07 -04:00
Spencer McIntyre f6279ee9bc Randomize the name and catch some errors 2021-07-01 14:00:51 -04:00
Spencer McIntyre e44eb0005e Initial PrintNightmare PoC 2021-07-01 12:32:43 -04:00
Spencer McIntyre 9cc17095d4 Land #15282, CVE-2019-15975 Cisco DCNM auth bypass 2021-06-24 11:59:21 -04:00
Spencer McIntyre fe6b725d3f Update the documentation and fix a couple of bugs 2021-06-24 11:19:26 -04:00
Yann Castel 5ac025477a parent e7983c3b6f 
author Yann Castel <yann.castel@orange.com> 1622466490 +0200
committer Spencer McIntyre <Spencer_McIntyre@rapid7.com> 1624547674 -0400

Add an exploit for CVE-2019-15975 (Cisco DCNM)

add documentation

passed rubocop

edit documentation

set ssl to true by default

edit documentation

rubocop again

int return code was replaced by symbols

Update modules/auxiliary/admin/networking/cisco_dcnm_auth_bypass.rb

Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>

rubocop ok

various changes

Update modules/auxiliary/admin/networking/cisco_dcnm_auth_bypass.rb

Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>

Update modules/auxiliary/admin/networking/cisco_dcnm_auth_bypass.rb

Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>

various changes 2

various changes

Update modules/auxiliary/admin/networking/cisco_dcnm_auth_bypass.rb

Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>

adding some guards + module notes
 2021-06-24 11:19:25 -04:00
Alan Foster 275b5b85e1 Add check method to tomcat ghostcat module 2021-05-24 19:10:10 +01:00
cgranleese-r7 a894b8cc29 Updates Python shebangs to Python 3 2021-05-18 12:43:04 +01:00
Alan Foster 100da2f1b1 Enforce Style/RedundantBegin for new modules 2021-05-13 04:01:03 +01:00
cgranleese-r7 68ad21c6a6 Adds error handling for NoMethodError 2021-04-22 12:48:39 +01:00
Spencer McIntyre c4f88e35ba Land #14622, add the sp_oacreate technique to the mssql_exec module 2021-04-12 15:00:15 -04:00
Spencer McIntyre ef82219235 Update the mssql_exec docs and some verbiage 2021-04-12 14:52:13 -04:00
Paul Werther 7a07146d03 add ref for xp_cmdshell 2021-04-11 22:18:44 +02:00
Paul Werther 75aba6707b modify original module, add technique option 2021-04-11 22:16:15 +02:00
Grant Willcox 608ac3a0b7 Update module description to clean it up and also add documentation for uncommon options 2021-04-09 16:09:02 -05:00
Alan Foster 8814218f20 Update tomcat ghost module with default ports 2021-04-08 10:29:09 +01:00
Vladimir Ivanov 690e687e7e Updates from code review 
Update modules/post/multi/sap/smdagent_get_properties.rb
Update modules/auxiliary/admin/sap/cve_2020_6207_solman_rce.rb
Update documentation for auxiliary module cve_2020_6207_solman_rce.md
Update documentation for post module smdagent_get_properties.md
Move setup_xml_and_variables to `run` method in auxiliary module cve_2020_6207_solman_rce.rb
Delete list_dir, read_file, file_exist in post module smdagent_get_properties.rb
 2021-04-06 21:23:39 +02:00
Ivanov Vladimir a803d7a0d1 CVE-2019-0307 
Add post module smdagent_get_properties.rb
Add lib sap_smd_agent_unencrypted_property.rb
Update auxiliary module cve_2020_6207_solman_rce.rb
Update lib sap_sol_man_eem_miss_auth.rb
 2021-03-29 20:29:30 +03:00
Vladimir Ivanov 3b8f3620d2 Minor updates 
Updated action_exec in auxiliary module cve_2020_6207_solman_rce.rb
Updated execute_command in exploit module cve_2020_6207_solman_rs.rb
 2021-03-25 15:37:29 +03:00
Vladimir Ivanov 0487e451cf Updated payload 
Updated make_rce_payload, renamed get_agent_os to check_agent in lib sap_sol_man_eem_miss_auth.rb
Updated action_ssrf, action_exec in auxiliary module cve_2020_6207_solman_rce.rb
Updated execute_command, exploit in exploit module cve_2020_6207_solman_rs.rb
 2021-03-25 14:20:54 +03:00
Vladimir Ivanov d28bcdc821 Updated action_ssrf, action_exec in auxiliary cve_2020_6207_solman_rce.rb 2021-03-24 16:05:34 +03:00
Vladimir Ivanov 567f78c532 Update PAYLOAD_XML, check_response in lib sap_sol_man_eem_miss_auth.rb 
Delete class var agents in auxiliary and exploit modules
 2021-03-24 11:21:57 +03:00
Vladimir Ivanov 6aba44c4d5 Delete analyze_error in auxiliary module cve_2020_6207_solman_rce.rb 2021-03-23 23:59:20 +03:00
Vladimir Ivanov 2c18435e6e Update pretty_agents_table in lib sap_sol_man_eem_miss_auth.rb 
Change output in auxiliary and exploit modules
 2021-03-23 23:00:34 +03:00
Vladimir Ivanov 4399fa73fc Update make_rce_payload, make_soap_body in lib sap_sol_man_eem_miss_auth.rb 
Update rce command in auxiliary module cve_2020_6207_solman_rce.rb
 2021-03-23 19:02:59 +03:00
Vladimir Ivanov 0fae3f4805 Added conditions in options in auxiliary module cve_2020_6207_solman_rce.rb 2021-03-23 14:02:12 +03:00
Vladimir Ivanov d76224066f Rename option URIPATH to TARGETURI 2021-03-23 13:33:39 +03:00
Vladimir Ivanov 113dce79de Move lib/metasploit/framework/sap_solman/client.rb to lib/msf/core/exploit/remote/http/sap_sol_man_eem_miss_auth.rb 2021-03-23 13:20:27 +03:00
Vladimir Ivanov 2a48dd265d Replace class var @@agents with a class instance var in auxiliary and exploit modules. 2021-03-22 12:13:04 +03:00