adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

3986 Commits

Author SHA1 Message Date
bwatters 42a56b2800 Remove the thing I commented out..... 2022-04-12 21:19:20 -05:00
bwatters 147d6e1df7 Added docs, reverted strip_comments, rubocop'd 2022-04-12 21:14:11 -05:00
bwatters 96d86944da Added precompiled binary and option to strip output, fixed comment-strip bug 2022-04-07 17:09:35 -05:00
bwatters db89fc5e7a Add module for cve-2022-0995 2022-04-06 13:35:14 -05:00
adfoster-r7 a62ca2259e Land #16316, deref services correctly 2022-03-11 12:08:42 +00:00
Ashley Donaldson 1576fd720e Remove another redundant cleanup 2022-03-11 12:17:30 +11:00
space-r7 b747e55dda Land #16303, add Dirty Pipe exploit 2022-03-10 11:16:28 -06:00
space-r7 872b9c9a7c modify docs to reflect changes, remove 'return' 2022-03-10 10:39:32 -06:00
space-r7 2f86c78c91 remove check mode, check by kernel version only 2022-03-10 10:02:05 -06:00
Tim W 472c26924a fix kernel version check 2022-03-10 07:47:58 +00:00
Ashley Donaldson 9761d68c19 Rename stop_service to cleanup_service for services that use reference counting 2022-03-10 10:28:25 +11:00
bwatters 5505d05d04 Maybe actually fix arch check this time... 2022-03-09 11:06:26 -06:00
Tim W 955cc9c986 fix cross compiling 2022-03-09 06:59:25 +00:00
Tim W b5e88f24df feedback from space 2022-03-09 06:06:53 +00:00
bwatters ae0f1729c1 Update arch check 2022-03-08 18:21:34 -06:00
bwatters fb7f2ba326 Fix arch check and on_session cd 2022-03-08 13:16:32 -06:00
Tim W a195c65121 change default suid binary from /usr/bin/sudo to /bin/passwd 2022-03-08 16:37:07 +00:00
Tim W 300ab51079 feedback from jvoisin 2022-03-08 16:22:31 +00:00
Tim W 0c7806222f msftidy 2022-03-08 10:28:04 +00:00
Tim W a614f9c2aa add a description and PrependFork 2022-03-08 10:17:06 +00:00
Tim W 7ca6a28c05 embed payload inside exploit and add check method 2022-03-08 09:51:49 +00:00
Tim W 5bd48d0a7d initial commit of dirtypipe 2022-03-07 15:49:27 +00:00
Pedro Ribeiro e1079a587d remove cache flush from shellcode, dont need it 2022-03-06 23:02:02 +00:00
adfoster-r7 ad2fab6fee Land #16153, read full response on smtp send/recv 2022-03-04 01:24:46 +00:00
Spencer McIntyre 6be3443680 Land #16103, LPE in polkit's pkexec (CVE-2021-4034) 2022-03-03 09:24:11 -05:00
Spencer McIntyre 0463373756 Simplify finding pkexec 2022-03-03 09:19:45 -05:00
bwatters e649fe3f69 Fix some markdown issues, update docs and add arch check for payloads 2022-03-02 16:30:52 -06:00
bwatters 06e897436c Add Fedora results to docs and some minor final cleanup 2022-03-02 09:12:01 -06:00
bwatters 58aed837b2 Update docs and options 2022-03-01 14:48:48 -06:00
bwatters 0516badd8e Change the way we cd after new session is created 2022-03-01 14:20:07 -06:00
bwatters ecaf8b1ba9 Land #16204, Hikvision Unauthenticated RCE (CVE-2021-36260) 
Merge branch 'land-16204' into upstream-master
 2022-02-25 16:37:08 -06:00
Grant Willcox 217afa0f3b Land #16190, Axis Camera App RCE (No CVE) 2022-02-25 11:35:03 -06:00
Grant Willcox 1e0db45f1d Add small note about ARMLE stager for future travelers 2022-02-25 11:34:31 -06:00
Jake Baines 2bec5c425f Change CheckCode to Appears 2022-02-25 08:32:06 -08:00
Jake Baines 1facfe4a2f Alter upload filename. 2022-02-25 02:53:52 -08:00
Jake Baines d055a7d811 Altered some randomization, the json extracted by check, and fixed some wording 2022-02-24 18:48:21 -08:00
Jake Baines 48072b6554 Fix rubcop complaint introduced in suggestion commit 2022-02-24 18:28:38 -08:00
Jake Baines 454eba2438 Apply suggestions from code review 
Added changes suggested by @gwillcox-r7

Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2022-02-24 21:25:09 -05:00
Jake Baines 9f05a7d11a Removed unneeded custom timeout 2022-02-24 08:13:04 -08:00
Jake Baines 3739dad470 Updated to use print_bad instead of fail_with for application removal errors. Also included instructions on how to manually remove the application 2022-02-24 07:44:34 -08:00
Jake Baines e1616a520f Fixed a couple of typos. Changed a CheckCode. Randomized the replaced tmp file name 2022-02-24 06:38:36 -08:00
Jake Baines 4cd3563bc7 Initial commit of exploit for CVE-2021-36260 2022-02-19 13:13:24 -08:00
bwatters f311bd4fce Remove duplicate warning 2022-02-18 16:31:35 -06:00
bwatters 3ea032472d Updated exploit with better check method, added OnSessionCmd option 
to run a command when a session is bootstrapped, added more
documentation.
 2022-02-18 16:30:47 -06:00
Pedro Ribeiro 92856e739b Fix shellcode so that it works with "0" octets in LHOST IP 2022-02-17 23:06:53 +07:00
h00die d5ba1afbec fix URLs not resolving 
fix URLs not resolving

add csv export to references

fix URLs not resolving

pdf not pd

missed a url change

remove extra recirectedfrom fields

remove extra file

fix ovftool url accidental replacement
 2022-02-16 17:22:40 -06:00
Jake Baines 5ac3330802 Initial commit of Axis camera app install exploit 2022-02-14 17:54:18 -08:00
Jeffrey Martin af3fa09896 refactor smtp delivery to support continuation 
When dealing with SMTP servers the communication needs to flow
a known protocol. To ensure the socket is in the correct state
after a send and receive it needs to be read until a line return
a response code followed by a `space` and additional data and `\r\n`
or the response code immediately followed by `\r\n` is returned.
 2022-02-14 16:55:49 -06:00
Pedro Ribeiro 5e738309f9 add shellcode comment 2022-02-14 02:24:59 +07:00
Pedro Ribeiro 99e2cfdab4 correct CVE number 2022-02-13 01:15:10 +07:00