adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

3133 Commits

Author SHA1 Message Date
adfoster-r7 55dd5aa9c0 Land #18899, update ysoserial viewstate tool 2024-03-14 00:12:38 +00:00
Spencer McIntyre 9b8b7045ff Land #18715, Add Splunk library 2024-03-05 16:17:30 -05:00
Gaurav Jain 985b0ba47f Add reviewed changes to splunk library 2024-03-06 01:32:57 +05:30
Spencer McIntyre b30f264630 Land #18844, fix #file_dropper_exist? for Window 
Bugfix Msf::Exploit::FileDropper#file_dropper_exist? for Windows sessions
 2024-03-05 15:01:20 -05:00
sjanusz-r7 3c8f43e23e Align SQL sessions peerhost and peerport 2024-03-04 13:11:32 +00:00
adfoster-r7 d8abd2bcc2 Land #18898, Add rex proto mysql client wrapper 2024-02-29 10:13:47 +00:00
dwelch-r7 a4543b0f41 Land #18897, Update smb login to support additional configuration 2024-02-29 10:07:02 +00:00
adfoster-r7 131585235b Update SMB Login to support additional configuration 2024-02-28 20:24:06 +00:00
sjanusz-r7 b423241e6b Use Rex Post MySQL Client for lib, specs & modules 2024-02-28 18:19:50 +00:00
sjanusz-r7 55a8d6732f Add Rex Proto MySQL Client 2024-02-28 18:19:46 +00:00
Spencer McIntyre 8bc6705557 Move viewstate signing logic into Rex 2024-02-27 14:37:55 -05:00
Spencer McIntyre 4a51e028d8 Print multiple attributes on individual rows 2024-02-26 17:28:41 -05:00
Spencer McIntyre 4b7f4e2b0d Just show the DN, commas and all 
This way the DN can just be copy-pasted into locations where a DN is
expected.
 2024-02-22 17:36:30 -05:00
sjanusz-r7 1b7c2bbaec SQL sessions consolidation 2024-02-21 16:16:14 +00:00
sfewer-r7 60bc412026 file_dropper_exist? needs to test if teh path if either a file or a directory, the logic for shell sessions on wqindows is testing if a path if a file and not a directory. this is wrong. Origionally FileDropper only supported cleaningup files, so this logic made sense (it was copied over from teh File post moduile) but FileDropper has since supported directories so teh logic here neds to reflect that. 2024-02-19 09:12:17 +00:00
sjanusz-r7 fc963bd8bb Add Proxies support to creating a session with postgres_login 2024-02-16 14:45:17 +00:00
sfewer-r7 3483419d50 file_dropper_exist? was broken on the windows platform, so files registered for cleanup were not being deleted. We must call session.shell_command_token 2024-02-16 10:09:07 +00:00
adfoster-r7 7b56d012e8 Land #18678, add LDAP capture capabilities 2024-02-15 22:11:04 +00:00
adfoster-r7 1d406cfc2a Land #18809, DNS command improvements 2024-02-14 22:12:30 +00:00
Christophe De La Fuente fc5a12431c Land #18664, Add an SMB-based fetch payload for Windows 2024-02-14 14:57:32 +01:00
Zach Goldman d18520adc6 update rhost and rport calls 2024-02-13 13:00:38 -06:00
Zach Goldman c05c6773df adjust session logic in modules 2024-02-13 11:59:09 -06:00
Zach Goldman 94223f05fc update relevant modules to work with sessions 
separate out optional session logic

fixing session handling
 2024-02-09 13:18:49 -06:00
sjanusz-r7 30fc29e0f5 Use PostgreSQL session type for modules 2024-02-09 15:38:06 +00:00
Spencer McIntyre 11ca24e290 Specify the record type for PTR lookups 2024-02-08 11:22:33 -05:00
cgranleese-r7 b060809a8d Addresses logoff PR feedback 2024-02-07 12:51:04 +00:00
cgranleese-r7 e80f0ef8cd Removes session logic from mixins and uses client instead of datastore for rhost and rport 2024-02-06 14:11:16 +00:00
cgranleese-r7 0e9cad6d45 Adds MySQL session type 2024-02-02 14:39:37 +00:00
adfoster-r7 48221e594d Land #18704, Leverage the module metadata cache in the module_sets 2024-02-02 14:16:46 +00:00
adfoster-r7 7ac4387d35 Land #18696, Convert MSSQL mixin to class 2024-02-02 14:14:34 +00:00
Zach Goldman 35778e92b2 client consolidation 
convert first module from remote to client

move client to rex

remove metasploit mixin
 2024-02-01 17:23:55 -06:00
Spencer McIntyre b5906418c2 Update the HashCapture mixin 
Use #srvport instead of the datastore and pull in upstream chanes for
the metasploit-credential gem to enable use within payloads.
 2024-01-29 13:35:56 -05:00
Spencer McIntyre 33306fa4dd The SRVPORT is already registered 
The SRVPORT datastore option is registered by the Remote::SMB::Server
mixin so including it here is redundant.
 2024-01-29 13:35:54 -05:00
bwatters d05b85de50 Land #18680, Shared SMB Service 
Merge branch 'land-18680' into upstream-master
 2024-01-26 14:42:11 -06:00
Gaurav Jain 38c9185564 Add reviewed changes 2024-01-26 22:58:00 +05:30
adfoster-r7 15d0d4f0df Land #18663, Add new PostgreSQL Session Type 2024-01-24 10:46:26 +00:00
Jack Heysel 904e34434e Land #18626, SaltStack Minion Deployer 
This PR adds an exploit module which allows for
a user who has compromised a host acting as a
SaltStack Master to deploy payloads to the Minions
attached to that Master.
 2024-01-23 11:58:38 -05:00
sjanusz-r7 1fe448f2f4 Revert remote/postgres verbosity changes 2024-01-22 14:27:38 +00:00
Dean Welch 391bc4e69e shuffle platform parsing and code quality 2024-01-19 14:30:34 +00:00
sjanusz-r7 fbdb025542 Notify user on failed Postgres connection 2024-01-19 10:29:44 +00:00
sjanusz-r7 a4305f0ca0 Allow PostgreSQL lib to use session client 2024-01-19 10:29:44 +00:00
Gaurav Jain 97ef243d2e Add Splunk library 2024-01-18 22:47:13 +05:30
Christophe De La Fuente b8aa55c322 Land #18633, WordPress Backup Migration Plugin PHP Filter Chain RCE (CVE-2023-6553) 2024-01-17 18:42:52 +01:00
Christophe De La Fuente a8d46b3e7a Land #18627, Ansible: post gather module, payload deployer, and file reader 2024-01-17 15:26:25 +01:00
Christophe De La Fuente 6dec82ec24 Remove exec.nil? statement 2024-01-17 15:06:15 +01:00
h00die 56a9beb39d ansible review 2024-01-15 17:18:49 -05:00
Dean Welch 2cf045d3c4 Leverage the module metadata cache in the module_sets 2024-01-15 14:56:46 +00:00
Jack Heysel 5e25a99700 Responded to comments 2024-01-12 13:08:32 -05:00
h00die b031311892 ansible review 2024-01-10 17:29:15 -05:00
h00die e711c9ea43 ansible review 2024-01-10 17:16:57 -05:00