adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

6651 Commits

Author SHA1 Message Date
SunCSR Team 910463b492 Update wp_duplicator_file_read.md 2020-12-13 21:13:33 -05:00
James Lee f255724e01 Changes to support older Solr (tested 5.3.0) 
Use a new parameter instead of a header because older versions don't
have access to the request object.

There was an issue where the exploit would fail if the exec returned -1
despite the payload otherwise working, fixed by not trying to return
output in that case.

Also updates the documentation to reflect that we have a Java target now
and quoting is no longer a concern.
 2020-12-13 19:05:47 -06:00
SunCSR Team cbc99363e9 Update wp_duplicator_file_read.md 2020-12-12 22:55:44 +07:00
SunCSR Team d35d5f1061 Update wp_duplicator_file_read.md 2020-12-12 21:30:56 +07:00
William Vu ba125c1c64 Merge remote-tracking branch 'upstream/master' into feature/solaris 2020-12-11 14:25:05 -06:00
C4ssandre e02451fe13 Fixing mistake in doc. 2020-12-11 04:53:37 -05:00
C4ssandre 9c9e8929af Adding a scenario. 2020-12-11 04:50:53 -05:00
C4ssandre 53a12a7984 Updating doc. 2020-12-11 03:53:25 -05:00
SunCSR Team 477c09a7ed Create wp_duplicator_file_read.md 
Duplicator 1.3.24 & 1.3.26 - Unauthenticated Arbitrary File Download
 2020-12-11 01:15:52 -05:00
Shelby Pace 83943adf8b Land #14466, add Aerospike UDF rce 2020-12-10 11:07:56 -06:00
Brendan Coles a9e231ad0a Use CVE-2020-5752 path traversal bypass for CVE-2019-3999 2020-12-10 12:14:47 +00:00
C4ssandre c005492ee9 Updating doc. 2020-12-10 00:58:53 -05:00
William Vu 9452c1dcfa Fix merge conflict from #14202, in linear history 2020-12-09 17:24:29 -06:00
Shelby Pace d337d832b8 Land #14422, add GitLab file read/rce 2020-12-09 11:34:14 -06:00
Tim W fb9b1c5de4 Land #14409, add weak services technique to the service permissions LPE 2020-12-09 17:16:53 +00:00
Spencer McIntyre 59339f3337 Land #14418, Wordpress plugin Email Subscribers & Newsletters sqli (CVE-2019-20361) 2020-12-09 10:29:32 -05:00
Spencer McIntyre 90a99ae7c3 Land #14423, Expand wordpress_scanner to look for themes & plugins 2020-12-09 09:12:28 -05:00
h00die e3e3895ec5 forgot an R 2020-12-08 20:58:29 -05:00
h00die 13967a40d2 updates to easy wp smtp module 2020-12-08 20:51:54 -05:00
Spencer McIntyre 6d7c6c054a Update the module docs with more details for the registry technique 2020-12-08 17:39:34 -05:00
C4ssandre c86f93b9c0 Updating list of tested machines. 2020-12-07 21:38:42 -05:00
Shelby Pace 8e1cab0131 Land #14339, add flexdotnetcms rce 2020-12-07 14:28:01 -06:00
Spencer McIntyre d208e441ba Update the documentation 2020-12-07 10:54:20 -05:00
William Vu a69269a101 Update module doc 2020-12-07 01:35:59 -06:00
William Vu af27d91eea Fix download link 
I was logged in.
 2020-12-07 01:35:13 -06:00
William Vu 9ac5725ce3 Show how to find libc base 2020-12-07 01:35:13 -06:00
William Vu 0211c2c6e8 Add module doc 2020-12-07 01:35:13 -06:00
alanfoster 835059f00c [CVE-2020-10977] Gitlab arbitrary file read to RCE 2020-12-07 01:26:54 +00:00
Brendan Coles 6cdb484d7c Add Aerospike Database UDF Lua Code Execution exploit 2020-12-05 14:15:22 +00:00
h00die b21fccebaa updates from review 2020-12-04 21:50:31 -05:00
Grant Willcox 5961bf700d Land #14314, Pulse Secure Connect Client Credentials Gatherer 2020-12-04 10:04:43 -06:00
bwatters 5d7014bf39 Land #14298, Windows post-exploitation gather module - Memory dumping via Avast AvDump utility 
Merge branch 'land-14298' into upstream-master
 2020-12-02 08:30:38 -06:00
C4ssandre f901e91d70 Fixing markdown content and formatting issues. Markdown is not yet complete and will need additional modification when other changes will be brought to ruby module and C dll. 2020-11-30 14:12:57 +00:00
dwelch-r7 3824f3923f Land #14394, Apache Tomcat - AJP 'Ghostcat' File Read/Inclusion 
Apache Tomcat - AJP 'Ghostcat' File Read/Inclusion
 2020-11-30 05:15:29 +00:00
Quentin Kaiser 985aa59e2b Update documentation with scenarios of each branch (9.0.x, 9.1.x) running on Windows 10 with different privileges (unprivileged user, system) where applicable. 2020-11-27 17:15:19 +01:00
Tim W 87eba681e0 Land #14365, Update TP-Link AC1750 Pwn2Own 2019 module 2020-11-26 19:55:00 +00:00
Pedro Ribeiro a99ce581dd Update TP-Link AC1750 Pwn2Own 2019 module 2020-11-26 12:56:02 +00:00
Graeme Robinson 8e534ffc22 Split scenarios to separate blocks for each target 
As suggested in https://github.com/rapid7/metasploit-framework/pull/14216#discussion_r512868894.
 2020-11-26 13:46:01 +01:00
Graeme Robinson 536e1a1a02 Fix typo in documentation 2020-11-26 13:46:01 +01:00
Graeme Robinson c280bb67e7 Wrap at 140 characters to appease msftidy_docs.rb. 2020-11-26 13:46:01 +01:00
Graeme Robinson 4dc564e62b Added documentation for module. 2020-11-26 13:46:01 +01:00
Spencer McIntyre 95665e916c Land #14416, wordpress plugin 'simple file list' rce 2020-11-25 09:58:26 -05:00
Spencer McIntyre 94c157bc95 Tweak the documentation and module output just a little for clarity 2020-11-25 09:58:07 -05:00
cgranleese-r7 31426576e0 Land #14264, Add exploit/multi/http/kong_gateway_admin_api_rce 2020-11-25 11:09:02 +00:00
Grant Willcox efdc7f062e Land #14241, OpenMediaVault 5.5.11 Authenticated Remote Code Execution 2020-11-24 13:42:53 -06:00
Grant Willcox bd00ce9177 Add in fixes from review 2020-11-24 12:08:51 -06:00
h00die ff3ddffcb5 fix docs 2020-11-22 09:04:23 -05:00
h00die 98d00f47f3 tidy 2020-11-22 07:48:54 -05:00
Jared Stroud c5222bead9 adding blog as further references 2020-11-21 22:24:35 -05:00
h00die f4c67d713b adjust version number 2020-11-21 10:39:03 -05:00