adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

4544 Commits

Author SHA1 Message Date
Shelby Pace 6712363bb5 Land #10737, add TeamCity XML-RPC exploit module 2018-11-27 14:59:37 -06:00
Shelby Pace 56f14733a9 changed cmd_stager flavor to printf 2018-11-27 14:23:56 -06:00
Aaron Ringo 9dd4017674 some modifications to WIP, changed gcc, fixed other errors 2018-11-26 21:06:37 -06:00
Aaron Ringo 5e9c10dbe8 added modulepath, tested on centos with selinux 2018-11-25 19:48:05 -06:00
Aaron Ringo 2ad453b6e3 added modulepath 2018-11-25 15:54:37 -06:00
Brendan Coles be6cfde921 Land #11015, Fix payload and console check for Xorg_privesc Linux targets 2018-11-25 04:51:27 +00:00
Aaron Ringo 93db7b399f Using Wfsdelay instead of sleep loop, users get shells ASAP 2018-11-24 22:26:04 -06:00
Aaron Ringo 1783617770 consolelock check updated to use id, payload upload changed, documentation updated, misc formatting 2018-11-24 15:10:21 -06:00
Brent Cook a59913434d Land #10916, Xorg SUID privesc 2018-11-21 19:46:11 -06:00
William Vu 90b9204703 Update DisclosureDate to ISO 8601 in my modules 
Basic msftidy fixer:

diff --git a/tools/dev/msftidy.rb b/tools/dev/msftidy.rb
index 9a21b9e398..e9ff2b21e5 100755
--- a/tools/dev/msftidy.rb
+++ b/tools/dev/msftidy.rb
@@ -442,6 +442,8 @@ class Msftidy
     # Check disclosure date format
     if @source =~ /["']DisclosureDate["'].*\=\>[\x0d\x20]*['\"](.+?)['\"]/
       d = $1  #Captured date
+      File.write(@full_filepath, @source.sub(d, Date.parse(d).to_s))
+      fixed('Probably updated traditional DisclosureDate to ISO 8601')
       # Flag if overall format is wrong
       if d =~ /^... (?:\d{1,2},? )?\d{4}$/
         # Flag if month format is wrong
 2018-11-16 12:18:28 -06:00
Aaron Ringo a174c606aa Changed SELINUX check to use built in methods 2018-11-16 04:22:18 -06:00
Jacob Robles 795aa3c99c Land #10828, git submodule url exec CVE-2018-17456 2018-11-14 12:39:13 -06:00
Julien Legras 02f2a2828e Fix references CVE and WPVDB 2018-11-14 18:19:12 +01:00
Julien Legras 3daec992c8 Fix indentation 2018-11-14 18:08:31 +01:00
Jacob Robles 798d3156bc Print git command for module 2018-11-14 10:57:36 -06:00
Julien Legras b9348bd579 Added the CVE number in the references 2018-11-14 16:52:57 +01:00
Julien Legras 5f9570cbcf Added WordPress Duplicator <= 1.2.40 and documentation 2018-11-14 16:39:42 +01:00
Aaron Ringo 4fc047db87 Added advanced option to check console lock on linux systems, default true & updated docs 2018-11-13 22:33:12 -06:00
Shelby Pace 5e85683228 removed to_s from string 2018-11-13 15:28:55 -06:00
Shelby Pace ac8932c144 update 9631 to a current branch 2018-11-13 15:15:25 -06:00
Alex Gonzalez da134f06e3 Updated check method 
Fixed check method and redundant variable declarations
 2018-11-13 16:01:40 -05:00
Aaron Ringo 538055c406 Initial documentation for Xorg Privesc Module 
killed white spaces
 2018-11-12 15:44:13 -06:00
Aaron Ringo ef7fc783be Added Selinux check, changed version check, retested on all platforms 2018-11-11 12:34:30 -06:00
Brendan Coles a5429d21a6 Update modules/exploits/multi/local/xorg_x11_suid_server.rb 
Co-Authored-By: aringo <ringo.aaron@gmail.com>
 2018-11-11 07:39:32 -06:00
Brendan Coles 2a7b18bcbf Update modules/exploits/multi/local/xorg_x11_suid_server.rb 
Co-Authored-By: aringo <ringo.aaron@gmail.com>
 2018-11-11 07:38:42 -06:00
Aaron Ringo e6f548c5f4 added meterpreter, took out in session, moved to exploits/multi/local 2018-11-11 01:43:36 -06:00
Aaron Ringo 9dd0f2a5ea modified to allow unix cmd for testing and other targets not supported, took out interpolation,notes section re-added 
added notes section back in
 2018-11-06 20:45:20 -06:00
Quentin Kaiser 1d337e9987 No debug. 2018-10-29 13:46:07 +01:00
Quentin Kaiser e76f3ab22f No debug. 2018-10-29 13:44:16 +01:00
Spencer McIntyre caf76a6555 Add applicable notes to my exploit modules 2018-10-27 20:54:14 -04:00
Tim W b3d45586db feedback from code review 2018-10-18 12:30:46 +08:00
Tim W 64e257649f cleanup module 2018-10-18 11:45:59 +08:00
Tim W 290d4428c1 create git mixin 2018-10-18 11:31:31 +08:00
Tim W 063e477ff2 git submodule url exec (CVE-2018-17456) 2018-10-18 11:02:28 +08:00
William Vu 5b14d94957 Land #10671, struts2_namespace_ognl updates 
There are still some outstanding concerns, but I want to unblock this.
 2018-10-12 11:08:33 -05:00
William Vu 2989507b85 Copy check for data_header to avoid crash 
Variable was used but out of scope.
 2018-10-12 11:06:26 -05:00
Alex Gonzalez 1da99c8bd1 Fixed syntax errors 
Corrected redundant returns and indentation errors
 2018-10-11 10:01:47 -04:00
Alex Gonzalez 86f7c270c6 Fixed stylistic and syntax errors 2018-10-11 09:19:35 -04:00
Alex Gonzalez 0f3917f540 Fixed syntax errors 2018-10-10 13:26:49 -04:00
Alex Gonzalez 26482ee6d6 Fixed EOL spaces 2018-10-09 18:30:41 -04:00
Alex Gonzalez 9c9cd33c34 Fixed syntax errors and inconsistencies 2018-10-09 17:45:02 -04:00
Dylan Pindur 94e45b12b1 Replace cmd generation with built-in stager module 2018-10-07 10:15:10 +08:00
William Vu 7bc98e0ea8 Fix formatting and convert a missed AKA reference 2018-10-05 03:22:08 -05:00
Dylan Pindur 0f34f94496 Add back SSL options for tc-agent-xmlrpc-module 2018-10-05 15:11:13 +08:00
Dylan Pindur 8ae0bcbacd Refactor if statements to be cleaner 2018-10-05 09:48:44 +08:00
Jacob Robles 8b955f8ec5 Land #10704, Navigate CMS Unauthenticated RCE 2018-10-04 06:44:21 -05:00
Dylan Pindur 11d9b44922 Add exploit module for TeamCity Agent XMLRPC 2018-10-03 18:33:10 +08:00
Jacob Robles 97729727d8 Minor modifications 2018-10-02 06:57:04 -05:00
Rob 6f5a8f8f42 Fix outdated metadata 2018-10-01 18:59:09 +01:00
asoto-r7 e4256f4595 Make ENABLE_STATIC an OptBool, as I should have done in the first place 2018-09-27 17:54:22 -05:00