adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

11360 Commits

Author SHA1 Message Date
Spencer McIntyre 3bf4c0e7b1 Add the peer prefix to messages 2023-10-27 13:48:45 -04:00
Spencer McIntyre 1dc4e35134 Fix typos and log vulnerable servers 
Log servers that are vulnerable but don't leak any cookies
 2023-10-27 11:47:01 -04:00
Spencer McIntyre 94ede61a99 Add module docs 2023-10-26 09:52:59 -04:00
Spencer McIntyre 8bd976e118 Initial commit of Citrix Bleed (CVE-2023-4966) 2023-10-26 09:15:03 -04:00
Spencer McIntyre 15aaa90379 Land #18447, CVE-2023-22515 Confluence Auth Bypass 
CVE-2023-22515 - Atlassian Confluence Data Center and Server Authentication Bypass
 2023-10-19 17:35:17 -04:00
Spencer McIntyre ee0e5b9eda Tidy the docs, fix the username 
The username can not contain capital letters, or the operation will
fail.
 2023-10-19 17:19:55 -04:00
Emir Polat c79cc5a36b Final Checks 2023-10-19 17:19:55 -04:00
Emir Polat b3a9579e8a Update modules/auxiliary/admin/http/atlassian_confluence_auth_bypass.rb 
Implement changes proposed by Spencer McIntyre (smcintyre-r7)
 2023-10-19 17:19:30 -04:00
emirpolatt 258ac6421b Fix fail_with response code compare and documentation fixes 2023-10-19 17:19:30 -04:00
emirpolatt 7c977e07ef Remove of the X-Atlassian-Token header from server-info.action 2023-10-19 17:19:30 -04:00
emirpolatt 236a301f27 Check method fixes 
get_confluence_version inside to check method. Also new status messages
 2023-10-19 17:19:08 -04:00
cgranleese-r7 9def455f65 Land #18449, Update mysql authbypass hashdump module to correctly close sockets 2023-10-13 11:43:59 +01:00
emirpolatt 0cb56c1de5 Some fixes 2023-10-13 02:16:17 -07:00
emirpolatt e48ead5e8c Fingerprint reduction with Rex::Text.rand_text_alpha(8) 2023-10-13 02:11:57 -07:00
emirpolatt 84f5c7321e Reducing fingerprinting via Rex::Text.rand_text_alpha(8) 2023-10-13 02:02:13 -07:00
emirpolatt 9219a3e90a Adding AttackerKB analysis URL 2023-10-13 01:56:14 -07:00
Ashley Donaldson 776c0644e0 Corresponding change from RubySMB code review 2023-10-13 11:11:22 +11:00
Spencer McIntyre 05dd2e1473 Land #18351, Apache Superset RCE (CVE-2023-37941) 2023-10-12 17:10:10 -04:00
Hynek Petrak b2f847706f Update vmware_vcenter_vmdir_auth_bypass.rb 
Few more instances corrected
 2023-10-12 19:08:51 +02:00
adfoster-r7 075fe09c2f Fix mysql authbypass running out of sockets 2023-10-12 17:40:33 +01:00
Hynek Petrak 060dc84c18 corrected options confict between module and ldap mixin 2023-10-12 16:52:57 +02:00
Rory McKinley 1b172768b4 Use upstream ruby-mysql in Remote::MYSQL 
* ... and dependents
 2023-10-12 13:08:35 +02:00
emirpolatt 2b05dab554 Fix: Msftidy Warnings 2023-10-11 12:19:40 -07:00
emirpolatt 9ef1d1746a CVE-2023-22515 - Atlassian Confluence Data Center and Server Broken Access Control Leads to Authentication Bypass 2023-10-11 12:09:22 -07:00
JustAnda7 7876912eab Changes-as-per-comments 2023-10-08 02:49:46 -04:00
JustAnda7 ea189d6c34 Changes-to-the-helper-lib 2023-10-02 13:35:28 -04:00
Jack Heysel 5087e0ffe3 Land #18197, Ldap login scanner module 
Adds a new login scanner module for LDAP
 2023-10-02 10:56:56 -04:00
Dean Welch 76a25c6937 Don't store creds for successful schannel ldap auth 2023-10-02 13:42:25 +01:00
Ashley Donaldson 1bd229056e Support Kerberos auth for DCERPC 2023-09-28 16:26:06 +10:00
errorxyz 2cf8b3808c Fix lotus_domino_hashes to use #service_details from HttpClient mixin 2023-09-27 21:16:24 +05:30
Nishant Desai 1a3b00e593 shifting-appropriate-methods-to-auth-lib 2023-09-27 12:23:29 +00:00
errorxyz b4dee448bc Update deprecated report_auth_info method call in lotus_domino_hashes 2023-09-24 22:32:52 +05:30
errorxyz 7cd447b5d0 Update deprecated report_auth_info method call in modicon_password_recovery 2023-09-24 22:22:36 +05:30
JustAnda7 6972a910fb changes-to-support-ntlm 2023-09-20 16:48:08 +00:00
Dean Welch 1609836ea2 Don't store passwords to creds if the password wasn't needed for the auth type 2023-09-20 14:30:06 +01:00
cgranleese-r7 37b506c238 Land #18374, fix related modules references 2023-09-20 10:03:47 +01:00
adfoster-r7 4dd18d814e Land #18377, add support for HELO to smtp_relay auxiliary module in case EHLO is not supported 2023-09-18 21:59:24 +01:00
ErikWynter e5c922619b use res for check response code instead of res.inspect 2023-09-18 19:33:07 +03:00
ErikWynter 75d2d20a04 check response code instead of text for downgrade to HELO 2023-09-18 17:25:04 +03:00
dwelch-r7 c1a44c8b7f Land #18359, Forge ticket fix 2023-09-18 13:05:25 +01:00
h00die 8d79d5afbd fix references 2023-09-18 06:56:18 -04:00
ErikWynter 47bb57a1fe add support for HELO in case EHLO is not supported 2023-09-18 12:31:13 +03:00
h00die 13e7f6cc27 fix related modules references 2023-09-15 16:35:55 -04:00
Dean Welch 09c757513f Correct Msf::ValidationError namespacing 2023-09-15 12:23:49 +01:00
h00die 619a46d450 working hashes for apache superset rce 2023-09-14 13:21:01 -04:00
Ashley Donaldson 5c93b3880a Don't add extra PACs for silver tickets 2023-09-13 15:41:09 +10:00
Spencer McIntyre 28c4902f4a Land #18180, Flask unsign library, related modules 
Apache Supserset Priv Esc (CVE-2023-27524) and Flask unsign Library
 2023-09-12 19:02:30 -04:00
Spencer McIntyre c1cabdf099 Process escape sequences in the wordlist 2023-09-12 16:49:38 -04:00
Dean Welch 5713b74cd4 Use constants for LDAP::Auth conditional 2023-09-12 14:41:58 +01:00
h00die 94657d317b another round of review comments 2023-09-11 14:29:20 -04:00