adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

3986 Commits

Author SHA1 Message Date
jheysel-r7 4f95df6ee6 Update modules/exploits/linux/http/panos_auth_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-08-18 15:19:04 -04:00
Jack Heysel f01f4c08a4 Randomize payload + rubocop 2022-08-17 17:43:16 -04:00
Jack Heysel 75efe1528c Added check method, reponded to PR comments 2022-08-17 17:24:03 -04:00
jheysel-r7 2c3778e938 Update modules/exploits/linux/http/panos_auth_rce.rb 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2022-08-17 14:03:05 -04:00
jheysel-r7 470ceda467 Update modules/exploits/linux/http/panos_auth_rce.rb 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2022-08-17 14:02:39 -04:00
jheysel-r7 aacf676cd1 Update modules/exploits/linux/http/panos_auth_rce.rb 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2022-08-17 13:32:14 -04:00
Ron Bowes 5fd211acd6 End the session when an HTTP/200 is received 2022-08-17 10:19:36 -07:00
Jack Heysel 57109f2966 Add PAN-OS auth command injection module 2022-08-16 09:44:05 -04:00
Redouane NIBOUCHA b0d5a6bec4 Rubocop fix 2022-08-11 13:22:51 +02:00
Redouane NIBOUCHA e612f02ecb Add MAX_TRIES option, address the feedback of bwatters-r7 2022-08-11 13:21:14 +02:00
Jack Heysel 06f0fffc20 Land #16856, Webmin package updates RCE module 
This module exploits an arbitrary command injection
in Webmin versions prior to 1.997.
 2022-08-09 16:13:19 -04:00
Christophe De La Fuente 38b845f247 Fix from code review 
- Documentation typos
- Adding ARM64 support
 2022-08-09 15:09:25 +02:00
Ron Bowes 5d7fb283b7 Capture the command output 2022-08-05 13:55:05 -05:00
Ron Bowes 6564ea9719 Change Vulnerable to Appears 2022-08-05 13:55:05 -05:00
Ron Bowes 2cde5f6364 Typo / compile error 2022-08-05 13:55:05 -05:00
Ron Bowes caff6a53f5 Add a CVE and better description 2022-08-05 13:55:05 -05:00
Ron Bowes ea581482d4 Remove the commented-out CVE, it's making lint sad 2022-08-05 13:55:05 -05:00
Ron Bowes 6e8d04ddc9 Add a note that IOCs show up in logs 2022-08-05 13:55:05 -05:00
Ron Bowes cc27f563ec Small cleanup 2022-08-05 13:55:05 -05:00
Ron Bowes 5e1888ee46 Cleanups 2022-08-05 13:55:05 -05:00
Ron Bowes 0fd61e859d Make lint happy 2022-08-05 13:55:05 -05:00
Ron Bowes bba4a23f65 Add zimbra_slapper_priv_esc module (privilege escalation in Zimbra, currently 0-day) 2022-08-05 13:55:05 -05:00
Christophe De La Fuente 9c6a198453 Land #16796, Path traversal vulnerability in RARLAB UnRAR < 6.12 with Zimbra RCE module 2022-08-04 19:44:57 +02:00
Ron Bowes d8faa4dd37 Fix a blank line that I thought I'd fixed 2022-08-04 08:24:32 -07:00
Ron Bowes 26eee72512 Only print_status once, so it doesn't make a mess in the background 2022-08-04 08:02:28 -07:00
Ron Bowes a314423e81 Some changes requested by @cdelafuente-r7 2022-08-03 14:51:51 -07:00
bwatters 163d4d5b11 Land #16854, Add CVE-2022-31660 VMware Workspace ONE Access LPE 
Merge branch 'land-16854' into upstream-master
 2022-08-03 16:50:12 -05:00
Spencer McIntyre 0b9e1bbbb3 Fix "can not" to "cannot" 2022-08-03 17:45:06 -04:00
Christophe De La Fuente 449a7b71d5 Add module exploit and docs for the Webmin package updates RCE 2022-08-03 12:01:41 +02:00
Spencer McIntyre 207862a810 Update module metadata now that it's disclosed 2022-08-02 12:13:34 -04:00
Spencer McIntyre ef8fe215e1 Finish up an exploit for the first bug 2022-08-02 12:13:28 -04:00
bwatters d71350dfe6 Remove superfluous code and add extra check 2022-08-02 11:04:13 -05:00
Ron Bowes c66f98bae6 Make lint happy 2022-08-01 10:03:35 -07:00
Ron Bowes 7ee0a78ffc Change to using monotonic clock 2022-08-01 10:02:00 -07:00
Ron Bowes e7edafbcfb Throw errors in the rar-generator library rather than returning nil 2022-08-01 09:54:31 -07:00
Ron Bowes 110e9ddeee Set stance 2022-08-01 09:47:58 -07:00
Jake Baines b00cadfbeb Initial commit of MobileIron Core Log4Shell exploitation (CVE-2021-44228) 2022-07-29 10:31:15 -07:00
Ron Bowes e76ef61452 Move a warning into the exploit function 2022-07-27 12:48:56 -07:00
Ron Bowes f279e8d6ca Split the CVE-2022-30333 unrar module into two different modules with a shared mixin to generate the file 2022-07-27 12:45:47 -07:00
Ron Bowes 7a79b8cbc2 Some fixes for Christophe's review 2022-07-26 09:24:33 -07:00
Redouane NIBOUCHA ae9932d921 Rubocop fixes, register_dir_for_cleanup instead of register_file_for_cleanup in upload_source 2022-07-25 21:31:20 +02:00
Grant Willcox 72b1dbfeee Remove code that could cause check method to fail, fix up some documentation errors and add in scenario, and generally address some review comments 2022-07-25 13:05:04 -05:00
Nuri Çilengir 8b42e893b1 Update roxy_wi_exec.rb 2022-07-25 16:45:44 +00:00
Nuri Çilengir eca8af4e2a Update roxy_wi_exec.rb 2022-07-25 16:13:14 +00:00
Nuri Çilengir b16da0fe92 Update roxy_wi_exec.rb 2022-07-25 16:05:20 +00:00
Redouane NIBOUCHA 88d069a77d Add option for compiling the exploit on the target 2022-07-25 01:08:53 +02:00
Niboucha Redouane 9d3a57c2c5 Update the check method 
Co-authored-by: bcoles <bcoles@gmail.com>
 2022-07-23 02:44:26 +02:00
Nuri Çilengir bc0b27e1e2 Apply suggestions from code review 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2022-07-22 12:58:46 +00:00
Nuri Çilengir fc3b08fb8b Apply suggestions from code review 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2022-07-22 12:51:40 +00:00
Redouane NIBOUCHA 37f1fdd47b Add module docs, add Ubuntu 22.04 offsets, update check method 2022-07-22 03:30:03 +02:00