adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

11360 Commits

Author SHA1 Message Date
Ryuuuuu e3983eac1f Correct incorrect log format 2023-04-12 13:04:13 +09:00
Ryuuuuu 29c24438a6 Correct incorrect log format when no files found 2023-04-12 13:01:49 +09:00
sfewer-r7 0af2f00ca0 URI decode the (optional) CFC_METHOD_PARAMETER param names and values, as they will be encoded again during send_request_cgi. 2023-04-11 12:42:29 +01:00
sfewer-r7 5c1057dd58 use the rails method blank? here to check for both nil and empty 2023-04-11 11:48:27 +01:00
sfewer-r7 657c1446c4 dont check these datastore options for empty? as the default values will either be set or an empty value will be detected during configuration validation 2023-04-11 11:41:55 +01:00
sfewer-r7 43fe41bea5 RCE exploit for CVE-2023-26359 and an auxiliary module for arbitrary file read via the same vuln. 2023-04-06 14:02:01 +01:00
cgranleese-r7 e004be00fe Converted to Active Support 2023-04-05 16:53:01 +01:00
cgranleese-r7 769e2e760c stop point 2023-04-04 10:27:15 +01:00
cgranleese-r7 c3a7da54d5 reduces code duplication 2023-04-04 10:27:11 +01:00
cgranleese-r7 40e6917b7f tests passing 2023-04-04 10:24:09 +01:00
adfoster-r7 f7cee703ce Land #17835, cisco_dcnm_auth_bypass: Fix TARGETURI URL normalization 2023-04-03 11:47:56 +01:00
SubcomandanteMeowcos a54f3d4707 fix broken module references 
doing these "by domain" now, piecemeal.

this PR fixes all broken references to the "insecurety" website, which is long dead.
 2023-04-01 05:17:02 -07:00
bcoles 2711ba4b3a cisco_dcnm_auth_bypass: Fix TARGETURI URL normalization 2023-03-31 23:53:41 +11:00
dwelch-r7 ab08cd2d1c Land #17753, Update get_ticket to support using forged golden tickets 2023-03-30 14:15:48 +01:00
space-r7 1f32004901 Land #17813, ssh_enumusers set CHECK_FALSE to true 2023-03-29 12:31:31 -05:00
space-r7 9cd024a7a2 Land #17828, add AMQP login scanner module 2023-03-29 09:24:48 -05:00
adfoster-r7 e1ecdac2a5 Land #17724, Add ticket checksum to kerberos ticket creation 2023-03-29 09:01:39 +01:00
space-r7 72ec93d27a Land #17827, add AMQP version scanner module 2023-03-28 16:00:42 -05:00
Spencer McIntyre 97d67c6a79 Add an AMQP login scanner 2023-03-27 16:53:03 -04:00
Spencer McIntyre 95e8a1c175 Initial AMQP version scanner 2023-03-27 16:44:11 -04:00
Samuel Henrique d77113dad5 ssh_enumusers.rb: Change default value of 'CHECK_FALSE' to true (closes #17810) 
The default action "Malformed Packet" reports all users as found even
 though they don't exist.

 Setting "CHECK_FALSE" to true will make the scanner bail out as it
 realizes the target is patched.
 2023-03-23 22:24:59 +00:00
adfoster-r7 d04c8e1bce Update broken secunia references 2023-03-23 10:43:57 +00:00
Grant Willcox 3a7da2ad8a Revert "Added new Datastore options to ssh_login" 2023-03-13 10:05:22 -05:00
Aaron Meese 0a6ac589e4 Update modules/auxiliary/scanner/http/rpyc_rce.py 
Renames `system` function to `remote_system`

Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2023-03-09 15:55:51 -07:00
Christophe De La Fuente 4866c2b8b8 Land #17686, Additional PetitPotam Methods 2023-03-09 19:29:16 +01:00
dwelch-r7 9961fffaa2 Land #17756, Update secrets dump to generate kerberos rc4 key for machine account 2023-03-09 16:12:52 +00:00
dwelch-r7 01399e4818 Land #17749, Add nthashes to keytab export 2023-03-09 16:09:13 +00:00
adfoster-r7 5c1fcc3a72 Update secrets dump to generate kerberos rc4 key for machine account 2023-03-09 14:05:12 +00:00
adfoster-r7 ab57c09dc2 Update get_ticket to support using forged golden tickets 2023-03-09 12:21:29 +00:00
adfoster-r7 3bc4639235 Add nthashes to keytab export 2023-03-08 18:03:44 +00:00
rohitkumarankam 599642bbb9 Updated variable names to be more specific 2023-03-08 10:53:24 -06:00
rohitkumarankam 71e142a5ee updated variable names 2023-03-08 10:53:23 -06:00
rohitkumarankam 2c3005fee3 Added new Datastore options to ssh_login 2023-03-08 10:53:23 -06:00
bcoles 3f781de8e9 Add Wowza Streaming Engine Manager Login Utility 2023-03-07 23:42:42 +11:00
Dean Welch d318a9e0d0 Add advanced option to include Ticket Checksum during forging 2023-03-06 13:21:23 +00:00
cgranleese-r7 252012f48d Land #17675, Add support for forging inter-realm Kerberos tickets 2023-03-03 14:17:48 +00:00
cgranleese-r7 6259f02051 Land #17684, Add rbcd exploitation documentation to docs site 2023-03-03 13:31:53 +00:00
adfoster-r7 efd79eb638 Add support for forging inter-realm Kerberos tickets 2023-03-03 13:20:39 +00:00
adfoster-r7 0047ce5d3a Add rbcd exploitation documentation to docs site 2023-03-03 13:18:29 +00:00
space-r7 b3e6767125 Land #17676, add SIS login module 2023-02-28 15:41:24 -06:00
space-r7 380a66916f use print instead of vprint 2023-02-28 15:40:03 -06:00
Imran E. Dawoodjee 2f08cf6c46 Improved version check, review round 1 2023-02-26 17:23:54 +08:00
Grant Willcox f6bfa6a61b Add in SCHANNEL support, and update modules to fix a hang when using to_json instead of get_operation_result. 2023-02-24 13:50:04 -06:00
Imran E. Dawoodjee 2b5b17916f Update docs, improved robustness of module+lib 2023-02-22 22:41:14 +08:00
Spencer McIntyre 6dbf22a5e7 Automatically rebind on STATUS_PIPE_DISCONNECTED 2023-02-21 15:51:10 -05:00
Spencer McIntyre fa3baa40e6 Add three new petitpotam methods 2023-02-21 14:38:52 -05:00
Imran E. Dawoodjee 6e9a7a9d07 Minor fixes 2023-02-20 23:45:59 +08:00
ajmeese7 a2026182e1 feat: created module to exploit CVE-2019-16328 2023-02-19 16:03:05 -05:00
Imran E. Dawoodjee bdc435f5c8 Add login module for Softing Secure Integration Server 2023-02-19 22:25:22 +08:00
Jonas Vestberg c610949a5a Move temp storage of reg hives to %TEMP% 2023-02-16 20:13:31 +01:00