adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
61,763 Commits 27 Branches 1,043 Tags
3c9c057fc3c241c19c1be80787b7fc061663118c
Commit Graph

3759 Commits

Author SHA1 Message Date
adfoster-r7 4a9a15e638 Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
space-r7 c9bdd96c76 remove GIT_HOOK option 
post-checkout is the only hook that will work
with this exploit, so no option is needed. Also update
the documentation to reflect that.
 2021-08-12 10:18:13 -05:00
space-r7 31cbcb7774 add notes to updated modules 2021-08-12 10:18:13 -05:00
space-r7 70f304a548 change modules to use hash in build_commit_object 2021-08-12 10:18:13 -05:00
Shelby Pace d0c0372596 add request / response classes 2021-08-12 10:18:12 -05:00
Shelby Pace a4cc95448f remove namespace 2021-08-12 10:18:12 -05:00
Shelby Pace 0fe761b838 modify options and add documentation 2021-08-12 10:18:12 -05:00
Shelby Pace 98ef499351 add git lfs and smart http changes 2021-08-12 10:18:11 -05:00
Shelby Pace 53187648c1 add module 
also includes packfile obj metadata changes
 2021-08-12 10:18:11 -05:00
Shelby Pace d7161d0b90 add packfile, pkt line, and module code 2021-08-12 10:18:11 -05:00
Shelby Pace d89554e995 add git mixin changes and usage in git exploits 2021-08-12 10:18:11 -05:00
Shelby Pace 3fb225c9c6 add wrapper methods for creating git objects 
use methods in git_submodule_command_exec
 2021-08-12 10:18:11 -05:00
Grant Willcox ade653f0bf Final fixup edits to change the timeout value to be an advanced option and also to use send_req_cgi 2021-08-05 13:10:24 -05:00
Grant Willcox 00cfdc4f17 Use Faker to generate a fake app name, add in option to specify timeout to server, and also fix Alan's remaining review comments 2021-08-05 09:46:34 -05:00
Grant Willcox 0d7d5ab93f Switch over to Rex::MIME::Message to use our built in mixins, and also fix last remaining review comments 2021-08-02 11:17:26 -05:00
Grant Willcox 27f70af1b3 Fix up some of the mistakes wvu pointed out 2021-07-30 15:28:10 -05:00
Grant Willcox 5b3bbf7f36 Fix up tabs formatting issue that was causing RuboCop to complain. Silly RuboCop :) 2021-07-30 12:17:46 -05:00
Grant Willcox 3427571887 Push up working CVE-2019-11580 exploit and associated documentation 2021-07-30 12:07:12 -05:00
Shelby Pace 183caff15c Land #15418, add modern events calendar rce 2021-07-26 09:45:05 -05:00
Shelby Pace 38ae82155e modify info, fix spacing 2021-07-26 09:43:34 -05:00
Shelby Pace 9e95eb7be1 Land #15408, add Wordpress sp doc file upload 2021-07-23 12:36:29 -05:00
Shelby Pace d207f994c0 modify doc description 
randomize form data, formatting
 2021-07-23 12:33:41 -05:00
Hakyac 0f8e256d52 Update modules/exploits/multi/http/wp_plugin_sp_project_document_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:12:57 +02:00
Hakyac 13678f5140 Update modules/exploits/multi/http/wp_plugin_sp_project_document_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:12:51 +02:00
Hakyac 9cdddac5cd Update modules/exploits/multi/http/wp_plugin_sp_project_document_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:11:26 +02:00
Hakyac 877ac006f8 Update modules/exploits/multi/http/wp_plugin_sp_project_document_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:11:21 +02:00
Hakyac 73995ac8d1 Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:09:44 +02:00
Hakyac 5e2776411d Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:09:25 +02:00
Hakyac 8a3f5affe8 Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:09:13 +02:00
Yann Castel a3e5bd527b use of vars_get + delete payload after use 2021-07-21 09:59:05 +02:00
Hakyac 53214e8792 Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-21 09:41:46 +02:00
Hakyac 09ca7751c0 Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-21 09:41:38 +02:00
Hakyac 815a6d4d95 Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-21 09:41:28 +02:00
Yann Castel c169c78f03 use of vars_get 2021-07-21 09:38:36 +02:00
Hakyac 7e3281dfcf Update modules/exploits/multi/http/wp_plugin_sp_project_document_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-21 09:08:30 +02:00
Hakyac 40220052da Update modules/exploits/multi/http/wp_plugin_sp_project_document_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-21 09:07:12 +02:00
Shelby Pace 79d49a6857 Land #15402, add Wordpress Backup Guard rce 2021-07-20 15:53:57 -05:00
Shelby Pace f738383b98 rename docs, modify privileged to false 
use vars_get in upload request
 2021-07-20 15:31:38 -05:00
Yann Castel 4a9bef2e9f various suggestions 2021-07-20 19:10:39 +02:00
Yann Castel 010d3e5a4a various suggestions 2021-07-20 18:22:37 +02:00
Hakyac 2bf1c1ac26 Update modules/exploits/multi/http/wp_plugin_backup_guard_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-20 09:28:01 +02:00
Hakyac 7c14882510 Update modules/exploits/multi/http/wp_plugin_backup_guard_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-20 09:27:40 +02:00
Hakyac 2c51c2b6e4 Update modules/exploits/multi/http/wp_plugin_backup_guard_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-20 09:27:09 +02:00
Hakyac ce9a00492c Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2021-07-20 09:11:58 +02:00
Hakyac 5bf1a7847e Update modules/exploits/multi/http/wp_plugin_sp_project_document_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2021-07-20 09:09:23 +02:00
Hakyac f78c503f9f Update wp_plugin_sp_project_document_rce.rb 2021-07-20 09:04:12 +02:00
William Vu aebdc0ddfc Update module credits 
Clarified contributions.
 2021-07-14 15:10:25 -05:00
Yann Castel 4d016a3521 correct CVE id 2021-07-12 14:35:47 +02:00
Yann Castel 6934ec7d18 initial commit 2021-07-12 14:25:38 +02:00
Tim W 39455827aa Land #15254, use obfuscated powershell protection bypasses 2021-07-12 12:20:17 +01:00