adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

3986 Commits

Author SHA1 Message Date
bwatters fadb0f45dd Land #18708, Ivanti Connect Secure RCE exploit module (CVE-2023-46805 and CVE-2024-21887) 
Merge branch 'land-18708' into upstream-master
 2024-01-19 15:47:43 -06:00
sfewer-r7 de6ed9e1d6 use get_json_document instead of JSON.parse 2024-01-18 15:35:43 +00:00
sfewer-r7 4ff399844f By replacing the trailing ';' with a '#' we comment out the remaining portion of the command string (Thank you @jvoisin). We must also include a space character for this to work as expected, doing so also removes the need to bootstrap the Linux payloads with a separate file. 2024-01-18 10:04:38 +00:00
Stephen Fewer c74fd86961 Update modules/exploits/linux/http/ivanti_connect_secure_rce_cve_2023_46805.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-01-18 09:18:46 +00:00
Stephen Fewer 3bb1d2bc02 Update modules/exploits/linux/http/ivanti_connect_secure_rce_cve_2023_46805.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-01-18 09:18:35 +00:00
Christophe De La Fuente a8d46b3e7a Land #18627, Ansible: post gather module, payload deployer, and file reader 2024-01-17 15:26:25 +01:00
sfewer-r7 70ef0dcb0d improve the check logic to fall through when the json doesnt have the key we expect it to have 2024-01-17 10:02:59 +00:00
sfewer-r7 518c1e5d3c mention Pull Connect as well as the CVEs in the description 2024-01-17 10:02:11 +00:00
sfewer-r7 ad7e348eaa remove a copy pasta link 2024-01-17 09:16:18 +00:00
h00die d7cf9155a6 ofbiz working for 18.12.09 2024-01-16 20:06:11 -05:00
sfewer-r7 f9419c4839 seperate commands into an array instead of one bog long string 2024-01-16 17:19:13 +00:00
sfewer-r7 ea1dafa353 this is a slightly nicer way to write this 2024-01-16 17:08:09 +00:00
sfewer-r7 4060e069ed first commit of the ICS exploit 2024-01-16 14:32:48 +00:00
h00die 56a9beb39d ansible review 2024-01-15 17:18:49 -05:00
h00die-gr3y e7f2abbf9e Small typo update 2024-01-14 19:26:10 +00:00
h00die 381b840f11 salt review 2024-01-10 17:19:58 -05:00
h00die e711c9ea43 ansible review 2024-01-10 17:16:57 -05:00
h00die e9296d1add saltstack review 2024-01-10 17:04:03 -05:00
h00die 077cad34ab non-working module 2024-01-08 19:47:24 -05:00
h00die-gr3y 85897a2596 update adding aarch64 architecture and some new targets 2024-01-06 17:26:38 +00:00
h00die 80e9f1b97d saltstack salt-master review 2024-01-06 06:38:59 -05:00
h00die-gr3y 94a84960a2 Improved check for v3.x routers to obtain exact version 2024-01-05 16:20:29 +00:00
h00die-gr3y eb902457f2 small update to module for mt6000 vuln test 2024-01-05 13:19:54 +00:00
h00die-gr3y adf455e8cb Third release of module and documentation 2024-01-04 14:01:37 +00:00
h00die-gr3y b2312c97d3 Second release of module and documentation 2024-01-04 09:26:16 +00:00
h00die-gr3y 9fdac8fd28 First release of module 2024-01-03 19:43:49 +00:00
h00die-gr3y 08c5e6a689 Draft release of module. Not ready for review 2023-12-31 10:19:34 +00:00
Julien Voisin ed421c21ca Add a way to get the buildid via perf 2023-12-29 17:24:27 +01:00
Jack Heysel 11d58ef2e8 Land #18631, Improve vScalation Priv Esc Check 
This PR adds an improvement to the check method of the
vcenter_java_wrapper_vmon_priv_esc module. Before the module
would attempt to run stat on a file before checking if the file
existed on the system. This fixes that issue.
 2023-12-28 13:16:11 -05:00
Jack Heysel 63eb5f2a35 Land #18632, Add improvements to glibc tunables 
This PR adds improvements to the glibc tunables module. In the
event the file command is not present on the target the module
will try to use the readelf command in order to get the ld.so
BuildID to determine whether or not the target is compatible with
exploit.
 2023-12-28 12:41:52 -05:00
h00die 357bdc8c10 ansible post library 2023-12-24 11:49:27 -05:00
h00die b654275ec4 add saltstack lib 2023-12-23 13:52:52 -05:00
h00die 11c12fcb6d review comments 2023-12-23 13:23:34 -05:00
h00die e72242949e review comments 2023-12-23 12:22:57 -05:00
h00die a5698f6aa6 review comments 2023-12-23 12:18:06 -05:00
Christophe De La Fuente 3182cb4000 Land #18612, Craft CMS unauthenticed RCE [CVE-2023-41892] 2023-12-22 10:59:39 +01:00
Balgogan 0a2dea523f Add suggested changes 2023-12-22 00:04:54 +01:00
h00die-gr3y 4c404765a4 Final update to the module based on cdelafuente-r7 comments 2023-12-21 12:06:21 +00:00
h00die 91c58ba268 asan local better check 2023-12-20 21:00:17 -05:00
h00die 526da210ad asan local better check 2023-12-20 20:58:00 -05:00
jvoisin fc66cd1522 Improve a bit glibc_tunables_priv_esc 
- Fix some typos
- Add a check via `readelf` should `file` not be available
- Add a message before launching the exploit, since it might take some time to finish.
 2023-12-20 20:59:47 +01:00
Christophe De La Fuente fb26c93291 Land #18541, Glibc Tunables Privilege Escalation CVE-2023-4911 (Looney Tunables) 2023-12-20 20:04:21 +01:00
Jack Heysel 77fb5d02b2 Fixed up indentation and rubocop complaints 2023-12-20 13:16:32 -05:00
jheysel-r7 342492557d Apply suggestions from code review 2023-12-20 13:09:13 -05:00
jheysel-r7 6a16602a08 Apply suggestions from code review 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-12-20 13:08:33 -05:00
Christophe De La Fuente 7ca256560d Land #18542, Vinchin Backup & Recovery Command Injection 2023-12-20 18:56:50 +01:00
Balgogan 9c9af0dca1 Fix statement 2023-12-20 01:51:19 +01:00
h00die 1e374403ec better check for vmon 2023-12-19 19:01:45 -05:00
Balgogan 22a05c8bf5 Add CVE-2023-50917 2023-12-20 00:43:00 +01:00
Jack Heysel d65ceb9abc Rubocop 2023-12-19 13:54:23 -05:00