adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

3986 Commits

Author SHA1 Message Date
h00die 7ceeb9f8de review comments 2023-08-08 17:15:22 -04:00
h00die 67ea97d686 set right port 2023-08-08 17:15:22 -04:00
h00die 06a4433e2a review comments 2023-08-08 17:15:22 -04:00
h00die 97daf47269 h2 web interface shell 2023-08-08 17:15:22 -04:00
Ege Balcı 340e4c0117 Make rubocop happy 2023-08-08 20:54:40 +02:00
Ege Balcı d1f9f540c6 Add VMware vRealize Log Insight RCE exploit 2023-08-08 20:32:38 +02:00
h00die-gr3y 19ef0cc4f9 Added documentation and fixed a typo in the module description 2023-07-28 21:30:24 +00:00
h00die-gr3y f282e1ab92 first drop of module 2023-07-28 20:14:44 +00:00
ErikWynter f79b4331b8 code review fixes for wd_mycloud_unauthenticated_cmd_injection 2023-07-27 23:09:50 +03:00
ErikWynter 53b8653ac7 add wd_mycloud_unauthenticated_cmd_injection 2023-07-26 17:24:44 +03:00
Christophe De La Fuente c7f8ce5acd Land #18199, VMWare vRealize Network Insight pre-authenticated RCE CVE-2023-20887 2023-07-25 17:45:30 +02:00
Jack Heysel ee26e7f926 Rubocop fixes 2023-07-20 16:40:28 -04:00
Jack Heysel 421b06119f Update docs 2023-07-20 14:55:27 -04:00
Jack Heysel c48346413c Fixed payload and verion detection 2023-07-20 14:44:56 -04:00
h00die 530934f78a review comments 2023-07-19 11:42:47 -04:00
space-r7 7af22bfd41 Land #18077, add Symmetricom unauth cmd injection 2023-06-13 17:07:16 -05:00
space-r7 5535401345 add exploit rank 2023-06-13 17:05:30 -05:00
Steve Campbell 37bc9cd5a4 Update symmetricom_syncserver_rce.rb 
Updated info to add allowed SRVPORT and LPORT, and fixed issue with srvport variable not used.
 2023-06-13 16:22:08 -04:00
space-r7 cbf7109c51 add rubocop fixes and some metadata 2023-06-13 13:44:23 -05:00
SinSinology fd5e4dfc39 VMWare vRealize Network Insight pre-authenticated RCE CVE-2023-20887 
Technical details at
https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/
 2023-06-13 15:16:11 +01:00
Steve Campbell ed516faa93 Update modules/exploits/linux/http/symmetricom_syncserver_rce.rb 
Added link to CVE

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2023-06-12 16:34:24 -04:00
Steve Campbell 5b73c8fea1 Update modules/exploits/linux/http/symmetricom_syncserver_rce.rb 
Added CVE

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2023-06-12 16:33:57 -04:00
Steve Campbell 4e4d09862e Update modules/exploits/linux/http/symmetricom_syncserver_rce.rb 
Fixed misspelling

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2023-06-12 16:32:12 -04:00
Steve Campbell bc2fb0c919 Update modules/exploits/linux/http/symmetricom_syncserver_rce.rb 
Updated heading

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2023-06-12 16:31:21 -04:00
h00die-gr3y 4479d94658 Updates based on review comments from space-r7 and jvoisin 2023-06-12 19:28:08 +00:00
h00die-gr3y 7cd3854208 Removed Webshell upload and updated documentation 2023-06-12 13:58:59 +00:00
h00die-gr3y 417c9fa591 init commit module and documentation 2023-06-10 09:42:32 +00:00
space-r7 c9af514be4 Land #18063, add TerraMaster webshell upload 2023-06-09 17:55:32 -05:00
space-r7 c8609d7983 Land #18070, add TerraMaster chained exp module 2023-06-09 12:29:47 -05:00
sfewer-r7 27f5a789c9 rework the exploit to use the new MIPS64 fetch payload adapters. Removed the seperate command and dropper targets in favor of a single default target which can do both thanks to fetch payloads. Removed the redundant IO select() call which was bad copy pasta on my part. 2023-06-09 09:47:57 +01:00
Stephen Fewer a1528556e0 Merge branch 'rapid7:master' into CVE-2023-28771 2023-06-09 09:42:19 +01:00
h00die-gr3y dfc366e022 Latest updates based on reviewers comments 2023-06-08 21:25:40 +00:00
Steve Campbell 229fc0c002 Added symmetricom_syncserver_rce.rb 2023-06-08 12:46:10 -04:00
h00die-gr3y 0bcd930f61 Updated NAS model and version check 2023-06-08 09:12:45 +00:00
h00die-gr3y b3b0cb4ccf Updates based on space-r7 comments 2023-06-08 07:39:44 +00:00
h00die-gr3y 46fcdb76d5 Updates based on jvoisin comments 2023-06-07 08:27:55 +00:00
h00die-gr3y 3e6ae74886 init commit module 2023-06-06 07:07:36 +00:00
h00die-gr3y 00e39eb540 updated CMD stager order 2023-06-05 14:54:31 +00:00
h00die-gr3y 07def1c9f0 init commit module 2023-06-05 11:19:42 +00:00
Spencer McIntyre 9e38ed4459 Land #17929, Linux sudoedit LPE (CVE-2023-22809) 
Linux sudoedit priv esc (CVE-2023-22809)
 2023-05-23 09:30:18 -04:00
sfewer-r7 0205bb36d3 change ranking to GreatRanking as stability is CRASH_SERVICE_RESTARTS 2023-05-22 20:09:11 +01:00
sfewer-r7 6b101b5a4d make rubocop happy 2023-05-22 18:03:58 +01:00
Spencer McIntyre f464401dde Land #17782, Add fetch payloads 
Add http wget cmd based fetch payload for Linux and Windows
 2023-05-18 12:18:27 -04:00
bwatters 548a2d7ab4 Add fetch payloads for Windows and Linux x64 2023-05-18 10:47:29 -05:00
h00die 2ca5ca1f63 stronger grep 2023-05-16 16:18:14 -04:00
h00die 6bee4f56d9 updates from review 2023-05-13 15:49:11 -04:00
Christophe De La Fuente a485a786ef Land #17881, Zyxel chained RCE using LFI and weak password derivation algorithm 2023-05-10 11:49:51 +02:00
h00die-gr3y 4f8024454c Updates based on cdelafuente-r7 latest comments 2023-05-10 07:46:11 +00:00
h00die-gr3y 51ab9746fb Updates based on cdelafuente-r7 comments 2023-05-06 19:05:21 +00:00
h00die e692e927dc review fixes 2023-05-05 16:43:47 -04:00