adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

3986 Commits

Author SHA1 Message Date
Ron Bowes cf172d22c8 Get rid of #String.hash in favour of UnixCrypt 2023-02-01 11:02:04 -08:00
Ron Bowes 1094221468 Merge branch 'rapid7:master' into f5-createuser-privesc 2023-02-01 10:20:43 -08:00
Ron Bowes 34d93e862c Update modules/exploits/linux/local/f5_create_user.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-02-01 10:16:03 -08:00
Ron Bowes e90b47fd17 Update modules/exploits/linux/local/f5_create_user.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-02-01 10:15:00 -08:00
Ron Bowes d89c193db2 Update modules/exploits/linux/local/f5_create_user.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-02-01 10:14:38 -08:00
Jack Heysel 690d22f759 Rapid7 compiled binary 2023-02-01 10:08:13 -05:00
h00die 2c72cc145a updates to module 2023-01-31 20:05:33 -05:00
h00die fa687d3614 argv instead of hardcoded payload path 2023-01-31 16:02:25 -05:00
h00die 5a374533af cve-2022-1043 2023-01-31 16:02:25 -05:00
h00die 8d58eb6279 cve-2022-1043 2023-01-31 16:02:25 -05:00
Jack Heysel 022760d24a Land #17300, linux LPE cve-2022-22942 module 
This PR adds a linux priv esc against VMWare virtual machines
 with kernel 4.14-rc1 - 5.17-rc1 due to a VMWare driver bug.
 2023-01-31 14:07:55 -05:00
adfoster-r7 56728fc7c2 Land #17573, modules/exploits/linux/ssh Resolve Rubocop violations 2023-01-31 14:12:03 +00:00
adfoster-r7 bbf17c167c Land #17511, add exploit for CVE-2022-44877 command injection in CentOS Control Web Panel 2023-01-31 14:05:19 +00:00
bcoles 11cf391da8 modules/exploits/linux/ssh: Resolve Rubocop violations 2023-01-31 23:59:22 +11:00
h00die 62d43a6e96 use exploit retry function 2023-01-28 07:44:53 -05:00
adfoster-r7 672fb9ce9f Land #17460, add support for feature kerberos authentication 2023-01-26 17:47:27 +00:00
Spencer McIntyre f81195d0cc Fix a typo 2023-01-25 13:45:18 -05:00
space-r7 153af9fb68 Land #17407, add Cacti unauth command injection 2023-01-23 13:06:46 -06:00
space-r7 58cd5bb003 specify command stager flavors 2023-01-23 11:53:19 -06:00
Spencer McIntyre 6fe0933c1e Add exploit for CVE-2022-44877 2023-01-20 09:04:24 -05:00
h00die 633c58a0ff tomcat on rhel priv esc 2023-01-19 15:28:10 -05:00
h00die 3a0b694790 better engrish 2023-01-18 20:12:49 -05:00
h00die c823295915 cleanup better 2023-01-18 16:19:48 -05:00
bwatters 158c557d58 Update LICENSE file and location of source file 2023-01-17 17:28:22 -05:00
h00die e28ff3b160 minor fixes 2023-01-17 15:30:36 -05:00
h00die be7ca91a8f cve-2022-22942 2023-01-17 15:30:36 -05:00
Grant Willcox 7e23c34e6c Apply fixes per code review 2023-01-17 12:44:22 -06:00
h00die-gr3y 541dab9365 simplified messaging 2023-01-17 12:44:20 -06:00
h00die-gr3y 77687bff3f init module 2023-01-17 12:44:20 -06:00
adfoster-r7 eddac9321c Merge 6.2.36 master into kerberos feature branch 2023-01-13 17:31:02 +00:00
ErikWynter 8472efed02 fix typos, add reference, don't use methods to wrap datastore options 2023-01-13 14:53:29 +02:00
Grant Willcox 725f83601f Land #17435, Restore raw_send_recv for module using SMTP mixin 2023-01-05 11:29:53 -06:00
Grant Willcox f39973de86 Fix up missing option in documentation and also add some additional validation on server response. 2023-01-04 17:02:05 -06:00
h00die-gr3y 11b95b2094 added additional response check 2023-01-04 17:02:04 -06:00
h00die-gr3y c7b59b4815 updates based on gwillcox-r7 review comments 2023-01-04 17:02:04 -06:00
h00die-gr3y f9ecaa92ae updated references section 2023-01-04 17:02:03 -06:00
h00die-gr3y 4db15346e1 init commit module 2023-01-04 17:01:58 -06:00
Jeffrey Martin 6b5948a69d restore raw_send_recv for module using SMTP mixin 
changes in #16153 adjusted modules that were not utilizing
`Exploit::Remote::SMTPDeliver` in error restore calls to `raw_send_recv`
that is no longer shadowed by in `SMTPDeliver`.
 2023-01-04 14:45:58 -06:00
adfoster-r7 95d361754f Merge branch 'upstream-master' into merge-6.2.33-master-into-kerberos-feature-branch 2022-12-28 13:59:42 +00:00
Christophe De La Fuente 20d70799a7 Land #17298, Add opentsdb_yrange_cmd_injection module and docs 2022-12-23 13:38:58 +01:00
Christophe De La Fuente 83b11a69a8 Make rubocop happy 2022-12-23 13:38:16 +01:00
ErikWynter 7fa557805e add final code review suggestions 2022-12-23 11:29:29 +02:00
ErikWynter 8f96746551 fix typo and add credit for discovery 2022-12-23 11:11:31 +02:00
ErikWynter 4c2dfe0279 add cacti_unauthenticated_cmd_injection 2022-12-22 17:55:45 +02:00
Ron Bowes 2ec77e6d95 Merge branch 'master' into f5-createuser-privesc 2022-12-15 13:11:26 -08:00
Steffen Robertz cc5c405941 Unauthenticated RCE for multiple Zyxel Router changes 2022-12-15 21:44:57 +01:00
Steffen Robertz 1b690283db Unauthenticated RCE for multiple Zyxel Router 2022-12-15 11:50:48 +01:00
adfoster-r7 a9ccfe31b7 Merge branch 'upstream-master' into merge-msf-6.2.31-into-kerberos-feature-branch 2022-12-13 19:40:39 +00:00
Christophe De La Fuente e7e2849f6d Land #17183, Zimbra fixes 2022-12-06 15:38:37 +01:00
Christophe De La Fuente ddaf5a3f0d Remove unecessary return statement 2022-12-06 15:07:28 +01:00