adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

3133 Commits

Author SHA1 Message Date
Grant Willcox c1d6dced8d Update library code to read exchange versions from exchange_versions.json and populate exchange_versions.json with initial info 2022-03-17 11:29:01 -05:00
Grant Willcox 419c9ea554 Fix review comments to simplify regex, and also add in new is_exchange? function to check if a target is running Exchange Server or not. 2022-03-17 11:29:00 -05:00
Grant Willcox 1f53e9d1c4 Rubocop and fix a mistake on commenting too much of the code out from testing 2022-03-17 11:29:00 -05:00
Grant Willcox 269cd5cfed Add in Exchange Version mixin and module example 2022-03-17 11:28:53 -05:00
Ashley Donaldson 7fe9d0b2b6 Don't start the DNS server twice 2022-03-17 08:02:31 +11:00
adfoster-r7 a62ca2259e Land #16316, deref services correctly 2022-03-11 12:08:42 +00:00
Ashley Donaldson d5373a7278 Removed redundant cleanup calls which exploit_driver will call anyway 2022-03-11 12:08:51 +11:00
Ashley Donaldson 6f159fa54e Consistent handling of DNS and LDAP servers wrt ServiceManager 2022-03-10 11:01:37 +11:00
Ashley Donaldson 9761d68c19 Rename stop_service to cleanup_service for services that use reference counting 2022-03-10 10:28:25 +11:00
Ashley Donaldson c9d43aafe6 Use dereferencing directly, and rename 'stop' to 'cleanup' for clarity 2022-03-10 09:06:25 +11:00
Heyder Andrade dd47017b5c Added support to old key exchange algorithms 
This commit fix the issue #16138 by adding support to old key
exchange algorithms in the net/ssh lib by defining the
`append_all_supported_algorithms` to `true`.
 2022-03-09 10:25:50 +01:00
adfoster-r7 3b524360ed Explicitly specify server/client versions, fix logger crash, and specify jtr format 2022-03-09 01:37:22 +00:00
adfoster-r7 22f88f9ab7 Add docs 2022-03-08 23:52:24 +00:00
adfoster-r7 6f2a7d6167 Add note that SMB v1 is not supported 2022-03-08 23:52:24 +00:00
adfoster-r7 53772fa366 Gracefully handle relay host timeout, fix typos, and move SMBHashCapture location 2022-03-08 23:52:24 +00:00
adfoster-r7 bcb0850e07 Rename SMBHOST 2022-03-08 23:52:23 +00:00
adfoster-r7 144fc5eddf Add smarter targetlist support 2022-03-08 23:52:23 +00:00
adfoster-r7 25265c7a7b Linting 2022-03-08 23:52:23 +00:00
adfoster-r7 3e68e298a1 Add targets 2022-03-08 23:52:23 +00:00
adfoster-r7 e02021ee91 Fix database cred reporting and error handling 2022-03-08 23:52:23 +00:00
adfoster-r7 507b1dab2b Apply PR feedback 2022-03-08 23:52:22 +00:00
adfoster-r7 b4fe2502aa Update smb_relay to support smb 2 and smb3 2022-03-08 23:52:22 +00:00
adfoster-r7 ad2fab6fee Land #16153, read full response on smtp send/recv 2022-03-04 01:24:46 +00:00
Spencer McIntyre 6be3443680 Land #16103, LPE in polkit's pkexec (CVE-2021-4034) 2022-03-03 09:24:11 -05:00
bwatters 06e897436c Add Fedora results to docs and some minor final cleanup 2022-03-02 09:12:01 -06:00
bwatters 0081811c52 Land #16185, Firefox CVE-2020-26950 use after free browser exploit 
Merge branch 'land-16185' into upstream-master
 2022-02-28 14:38:23 -06:00
Jeffrey Martin abe55c8f91 raise RuntimeError on incomplete or extra data 2022-02-24 14:02:44 -06:00
Grant Willcox 94ca15686f Fix issue hwereby some sites don't expose the WordPress API under the /index.php/ directory but instead under the root directory. This allows us to expand support for these websites. 2022-02-24 11:39:17 -06:00
usiegl00 6d94a316cf Add packet fragmentation to ShadowMitmDispatcher 
The ShadowMitmDispatcher now supports arbitrary size packets. The
ShadowMitmDispatcher now supports SMB3. The ShadowMitmDispatcher no
longer interferes with existing sessions.
 2022-02-18 17:05:37 +09:00
Tim W 480c44e9cb refactor DEBUG_EXPLOIT code into mixin 2022-02-16 11:38:04 +00:00
bwatters 0239ef1cc6 Land #16117, Updates for Log4Shell 2022-02-15 16:39:00 -06:00
adfoster-r7 18b4ce8a13 Update replicant pattern to increment refs 2022-02-15 16:08:35 +00:00
Jeffrey Martin af3fa09896 refactor smtp delivery to support continuation 
When dealing with SMTP servers the communication needs to flow
a known protocol. To ensure the socket is in the correct state
after a send and receive it needs to be read until a line return
a response code followed by a `space` and additional data and `\r\n`
or the response code immediately followed by `\r\n` is returned.
 2022-02-14 16:55:49 -06:00
usiegl00 881805c543 Update ShadowMitmDispatcher fix PacketFu timeout 
Setting the timeout to 0 was causing packet capturing issues in
PacketFu. Using cap.stream.each_data instead of cap.next reduces cpu
usage.
 2022-02-13 21:24:57 +09:00
Tim W a13ae3882b Land #16174, fix specifying the mode on File.read for ruby 3 on multiple modules 2022-02-13 12:08:13 +00:00
alanfoster 395ab1d77e Specify mode rb on file reads 2022-02-12 21:39:12 +00:00
usiegl00 72a0732009 Update ShadowMitmDispatcher to reduce ip lookups 
The ShadowMitmDispatcher must be initialized with an interface, mac, and
ip address as keyword arguments. This prevents dispatchers from
retrieving the same network configuration multiple times.
 2022-02-11 22:35:40 +09:00
Jeffrey Martin 5bc60f5bf7 clear any additional response on smtp connect 
When connecting to an SMTP server after `HELO` and auth
complete there can be additional data sent from the client
that sits in the socket queue. Adding a `get_once` after connection
has settled ensure any pending for extension responses are cleared.
 2022-02-10 14:25:05 -06:00
bwatters 9635fde12d Add support and templates for aarch64 targets 2022-02-10 10:49:02 -06:00
usiegl00 8558f88a14 Update the Shadow Dispatcher for portability 
Use PacketFu::Utils.whoami? instead of PacketFu::Utils.default_int to
retrieve the ip address for a network interface. The Exploit class for
the Shadow Dispatcher is now a module.
 2022-02-10 22:42:25 +09:00
Jake Baines 9758251278 Initial commit of CVE-2021-37343 2022-02-05 18:21:18 -08:00
Spencer McIntyre 965493191f Add and use a Log4Shell mixin 2022-02-03 16:09:49 -05:00
usiegl00 8bf51dd1d8 Update smb_shadow and shadow_mitm_dispatcher 
The dispatcher no longer uses an override flag, Instead the smb_shadow
module explicitly sets the attributes.
 2022-01-31 14:49:18 +09:00
Redouane NIBOUCHA 51814a4a8b Refactor the code, using if(CONDITION,sleep(...),0) only 2022-01-30 23:49:07 +00:00
Redouane NIBOUCHA e329d78a46 Use = instead of <> for blind queries (fixes some wordpress plugin SQLis) 2022-01-30 23:01:08 +00:00
Spencer McIntyre d46822184f Updates for Log4Shell 2022-01-28 14:56:44 -05:00
usiegl00 dbc8a70b7c Merge remote-tracking branch 'origin/master' into mitm_dispatcher 2022-01-28 10:24:50 +09:00
usiegl00 0259e586a9 Update smb_shadow module and rename MitmDispatcher 
The MitmDispatcher is now the ShadowMitmDispatcher to help prevent name
confusion. Updated the ShadowMitmDispatcher to use native rex lib calls
to decode binary fields.
 2022-01-28 08:39:07 +09:00
Spencer McIntyre dd2d512851 Support session -1 for ListenerComm options 2022-01-24 11:42:39 -05:00
usiegl00 5cc716fa0d Add MitmDispatcher to the smb_shadow module 
The MitmDispatcher reduces code repetition and enables the use of
standard RubySMB syntax. I have noticed increased power draw when using
the new dispatcher compared to the previous (less stateful) approach.
 2022-01-21 14:57:07 +09:00