adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

3986 Commits

Author SHA1 Message Date
M. Cory Billington f27c0a481c Update modules/exploits/linux/http/suitecrm_log_file_rce.rb 
Co-authored-by: bcoles <bcoles@gmail.com>
 2021-05-22 00:56:44 -05:00
M. Cory Billington e62efe0690 Added module and documentation for SuiteCRM Log File RCE 2021-05-22 00:11:19 -05:00
Grant Willcox 133b40de30 Land #15212, Converts Python shebangs over to Python 3 2021-05-19 10:39:09 -05:00
Spencer McIntyre 56388cd696 Land #15146, Add support for extra OSes for CVE-2021-3156 (Baron Samedit) 2021-05-18 18:02:30 -04:00
Spencer McIntyre a8a1cf75b8 Reorder the Fedora targets to be descending 2021-05-18 18:02:12 -04:00
cgranleese-r7 a894b8cc29 Updates Python shebangs to Python 3 2021-05-18 12:43:04 +01:00
Grant Willcox e7983c3b6f Land #15192, Enforce Style/RedundantBegin for new modules 2021-05-17 09:51:57 -05:00
adfoster-r7 ac2c467121 Land #15011, Enhance analyze command API to understand modules' needs 2021-05-14 14:30:33 +01:00
Alan Foster 100da2f1b1 Enforce Style/RedundantBegin for new modules 2021-05-13 04:01:03 +01:00
William Vu 637e9cff48 Update vmware_vrops_mgr_ssrf_rce documentation 2021-05-06 18:30:20 -05:00
Ashley Donaldson 5dc8d0e684 Added automatic cleanup for exploit scripts that modify /etc/passwd 2021-05-06 21:50:03 +10:00
Ashley Donaldson 832813f057 If the exploit is completed but no session is created, tell the user if they have alternative exploits they could try. 2021-05-06 12:37:18 +10:00
Ashley Donaldson 000546e551 Rubocop changes 2021-05-04 16:24:00 +10:00
Ashley Donaldson fbc291bc22 Tested on various other Fedora's 2021-05-04 14:18:16 +10:00
Ashley Donaldson 7f89ac44ce Tested module on Fedora 25 
Also verify user does not already exist when adding a new user
 2021-05-04 10:38:28 +10:00
Mehmet INCE bf0551979f Fix the module according to the review 2021-05-03 12:29:00 +03:00
Mehmet INCE 06157601df Remove SCREEN_EFFECTS from sideeffects 2021-05-03 11:14:43 +03:00
Mehmet INCE 9e04805c0e Adding check method to gravcms exec 2021-05-03 11:14:43 +03:00
Mehmet INCE e3d05395de Add GravCMS exec 2021-05-03 11:14:42 +03:00
Ashley Donaldson 0435e281d9 Updated CVE-2021-3156 documentation to reflect code changes. 2021-05-03 16:45:50 +10:00
William Vu d433c0fd12 Fix typo 2021-04-30 23:29:24 -05:00
Shelby Pace 0535489703 Land #14947, add IGEL OS RCE 2021-04-30 15:49:11 -05:00
Shelby Pace de22236902 add AutoCheck and update docs output 2021-04-30 15:38:57 -05:00
Rob V 41fe16463d switching to CmdStager 
- had to switch away from python payload to appease CmdStager
- removed systemd service adjustments preferring to use sleep to avoid rate limits
- updated check function to accomodate more current vulnerable version information in vendor advisory
 2021-04-30 12:53:33 -04:00
Ashley Donaldson 3722435a25 Tested and verified exploitability of second CVE-2021-3156 exploit on three platforms 2021-04-30 18:51:06 +10:00
Ashley Donaldson b1d2c39c98 Added second CentOS 7 exploit 2021-04-30 18:30:19 +10:00
Ashley Donaldson 124d157a1c Added CVE-2021-3156 exploits for CentOS 7 and 8 2021-04-30 17:25:59 +10:00
Spencer McIntyre 994825dcc9 Land #15090, Add exploit for CVE-2021-22502 2021-04-29 14:09:28 -04:00
Spencer McIntyre b2142aada7 Land #15086, Add exploit for CVE-2020-11857 2021-04-29 11:47:17 -04:00
Spencer McIntyre 4373b464ce Update the markdown module docs a bit 2021-04-29 11:46:40 -04:00
Ashley Donaldson 79152cafe6 Added support for Ubuntu 14.04.3 for CVE-2021-3156 2021-04-29 20:48:51 +10:00
Ashley Donaldson 9d9d3ce061 Added Ubuntu 16.04-specific exploit script to CVE-2021-3156 module 
The generic approach used for other targets doesn't work for 16.04, as that one relies on tcache bins, which are not present in glibc 2.23.
 2021-04-29 18:28:13 +10:00
Ashley Donaldson fcd17ed3b1 Port sudoedit exploit to Python 
It's assumed that Python is more likely to be present on the target system
than gcc, so is better as a dependency.
 2021-04-29 13:17:32 +10:00
Shelby Pace a4af80d3e1 Land #15005, add VMware vRealize SSRF RCE 2021-04-27 09:19:55 -05:00
Shelby Pace 363db0e271 Land #14977, add Apache Druid js rce 2021-04-26 12:01:19 -05:00
Pedro Ribeiro 07d82cde93 fix timeout errors in rubocop 2021-04-23 22:10:38 +07:00
Pedro Ribeiro 02ce5a1724 Update modules/exploits/linux/http/microfocus_obr_cmd_injection.rb 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2021-04-23 22:01:05 +07:00
Pedro Ribeiro 58e00b582e Update modules/exploits/linux/http/microfocus_obr_cmd_injection.rb 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2021-04-23 22:00:55 +07:00
Pedro Ribeiro 651a34af53 add sploit for MF OBR cmd injection 2021-04-23 21:04:36 +07:00
Pedro Ribeiro 02656a2c31 add clarification - it's for linux only 2021-04-23 19:23:18 +07:00
Pedro Ribeiro 9a779fef79 add ZDI id 2021-04-23 15:15:09 +07:00
Pedro Ribeiro 30c333b30d fix typo in shrboadmin 2021-04-23 15:03:34 +07:00
Pedro Ribeiro 71f5955b42 add OBR SSH module 2021-04-23 15:00:06 +07:00
William Vu a62d1dfbcd Add some details back in 2021-04-21 16:02:21 -05:00
William Vu 5111caf536 Address @gwillcox-r7 review 
New words from @gwillcox-r7.
 2021-04-21 13:10:21 -05:00
William Vu 22433d5b2c Add clarifying comment 2021-04-21 10:42:10 -05:00
William Vu 08907a5e3a Add VMware vRealize Operations Manager SSRF RCE 
CVE-2021-21975 + CVE-2021-21983
 2021-04-21 10:42:10 -05:00
Grant Willcox 7b7e521d6c Fix up a wrong type field value and set it back to 1 from 2 in the send_exploit() function, since this was causing the exploit to fail 2021-04-20 17:45:51 -05:00
Grant Willcox e0f13e44d1 Land #14699, Add Nagios XI snmptrap RCE and docs (CVE-2020-5792) 2021-04-20 14:30:45 -05:00
Grant Willcox f241a050b8 Apply review comments and fixes to documentation and the module 2021-04-20 12:38:34 -05:00