adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

3986 Commits

Author SHA1 Message Date
Grant Willcox d012145726 Land #17599, Cisco RV LAN Exploit - CVE-2022-20705 and CVE-2022-20707 2023-02-13 17:50:06 -06:00
Stephen Wildow 96fecb6048 Modified BadChars and FailWith codes 2023-02-13 17:49:09 -05:00
Grant Willcox 45e453d687 Fix up remaining review comments 2023-02-13 15:07:25 -06:00
Stephen Wildow 79b1801a4f Rewrote check method to only abuse authentication bypass. Added additional status checks. 2023-02-11 17:43:33 -05:00
sfewer-r7 a3f4dceb5b clean up the check method; avoid using print_message in favor of the CheckCode reason. and use a CheckCode of Safe rather than Unknown if we dont find the expected version string. Thanks @bcoles for the review on this. 2023-02-10 13:03:23 +00:00
sfewer-r7 dc8ee988f5 use Rex::Version in the check method for better version comparisons 2023-02-10 10:45:32 +00:00
sfewer-r7 a19bdde276 pass the 'bne:uueupload' param via the vars_get option 2023-02-10 10:44:21 +00:00
sfewer-r7 54c472ef18 fix typo in the description 2023-02-10 10:43:36 +00:00
Stephen Wildow 036ed7f467 Removed /etc/password. Modified check code and fail_with. Added proper checking for non-vulnerable versions of firmware. 2023-02-09 21:55:40 -05:00
Grant Willcox f2a86327d0 Minor fixes from review 2023-02-09 15:34:25 -06:00
sfewer-r7 d4be663923 add the side effect flag ARTIFACTS_ON_DISK as during extraction of the UUE encoded zip file, some randomly names temp files are left in /u01/install/APPS/fs1/EBSapps/appl/bne/12.0.0/upload 2023-02-09 17:28:15 +00:00
sfewer-r7 86f11b09fb avoid the upto loop when creating jsp_path 2023-02-09 17:18:58 +00:00
sfewer-r7 406574722a satisfy Rubocop 2023-02-09 16:30:30 +00:00
sfewer-r7 b97a288102 add an exploit module for CVE-2022-21587 (Oracle E-Business Suite RCE) 2023-02-09 16:22:30 +00:00
Stephen Wildow 4b05ba6189 Update description and vulnerability listings. Cleaned up references. More randomization. Removed first unnecessary request in exploit portion of code. Added rescue section around json grabbing. 2023-02-08 21:26:18 -05:00
Jack Heysel 19bcf8be7f Working hardcoded payload 2023-02-08 18:14:11 -05:00
adfoster-r7 656ded4b86 Add module notes 2023-02-08 15:46:07 +00:00
adfoster-r7 25ee41df68 Run rubocop on exploit modules 2023-02-08 15:20:32 +00:00
Stephen Wildow 35749a000a Added docs. Performed code linting with rubocop. 2023-02-07 20:27:07 -05:00
Matthew Dunn 52fa2e5be6 Add example for version 5.5.6 with CVE-2021-25297 2023-02-07 14:18:53 -06:00
Grant Willcox 489ab24876 Add in additional case documentation for the various targets and CVEs and fix a bug in the code 2023-02-07 14:18:45 -06:00
Grant Willcox 7c30889784 Refactor code to handle unsigned licenses in one central function 2023-02-07 14:18:39 -06:00
Grant Willcox b14bcd40a2 Fix incorrect match logic grabbing the wrong entry from results for NSP 2023-02-07 14:18:38 -06:00
Grant Willcox 425da60b15 Add in missing case 5 check 2023-02-07 14:18:38 -06:00
Matthew Dunn 90e07ef5ed Switch to match over scan and add troubleshooting steps 2023-02-07 14:18:37 -06:00
Matthew Dunn 8cddf56238 Verify auth_cookies before use 2023-02-07 14:18:37 -06:00
Matthew Dunn a276659681 Use more encompassing single regex 2023-02-07 14:18:36 -06:00
Matthew Dunn 7554b5e4fd Add failure condition for nsp's that fail to match the regex 2023-02-07 14:18:36 -06:00
Matthew Dunn 1cb06b11ac Adjust exploit and docs to support versions 5.5.6-5.7.5 2023-02-07 14:18:09 -06:00
Matthew Dunn 87176f9d7f Address Review Comments and add CVE-2021-25297 coverage 2023-02-07 14:18:06 -06:00
Matthew Dunn c5914d8c99 Insert randomized strings to fix exploit with plugin_output_len 2023-02-07 14:18:05 -06:00
Matthew Dunn 990db5372f Remove extra payload details, add config check 2023-02-07 14:18:05 -06:00
Matthew Dunn b042e71b2a Make Module work for both target url parameters 2023-02-07 14:18:04 -06:00
Matthew Dunn b606d1ff6b Add Documentation for Module 
Fix CVE format

Add Documentation
 2023-02-07 14:18:04 -06:00
Matthew Dunn 5846d95b25 Create nagios_xi_configwizards_authenticated_rce.rb 
Add initial module
 2023-02-07 14:18:03 -06:00
Stephen Wildow 475813eb33 Properly labing ZDI vulnerability 2023-02-05 21:48:48 -05:00
Stephen Wildow 59332da8ce Randomized hard coded strings, modified cmd string, and updated references 2023-02-05 21:42:57 -05:00
Stephen Wildow ac9caa8894 Removed unnecessary CVE listing 2023-02-05 14:32:04 -05:00
Stephen Wildow 7cff3cc2b0 Updated to include vulnerable versions of software 2023-02-05 13:20:52 -05:00
Stephen Wildow 4b3125d14b Add module to exploit Cisco RV34x Small Business Routers 2023-02-05 10:15:16 -05:00
h00die a5a7d5dd10 correct cleanup and stabilization 2023-02-05 08:15:38 -05:00
h00die 561b42f105 use exploit retry function 2023-02-04 18:17:42 -05:00
h00die aff14e8e46 tocat to tomcat 2023-02-04 18:17:42 -05:00
h00die e30cae2e40 uncomment needed code 2023-02-04 18:17:42 -05:00
h00die 34b1e66f90 tomcat 8 priv esc on ubuntu prebuilt so file 2023-02-04 18:17:41 -05:00
h00die 2b09af78e1 tomcat 8 priv esc on ubuntu 2023-02-04 18:17:41 -05:00
Jack Heysel 6ab7e177f4 Land #17392, add F5 Big-IP priv esc module 
Add a privilege escalation module for F5 that uses
the unsecured MCP socket to create a new root account
 2023-02-02 15:10:33 -05:00
adfoster-r7 952a4fe37a Land #17581, modules: Check datastore ForceExploit before checking if session is root 2023-02-02 10:19:07 +00:00
bcoles ef87a63bde modules: Check datastore ForceExploit before checking if session is root 2023-02-02 18:17:02 +11:00
Grant Willcox 48a27ab555 Fix the remaining references to the old wiki site. 2023-02-01 21:25:06 -06:00