adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

1489 Commits

Author SHA1 Message Date
Brendan Coles 42c7d64b28 Update style 2017-05-10 06:37:09 +00:00
Brendan Coles 32dafb06af Replace NoTarget with NotVulnerable 2017-05-08 22:29:44 +00:00
William Vu b794bfe5db Land #8335, rank fixes for the msftidy god 2017-05-07 21:20:33 -05:00
Bryan Chu 88bef00f61 Add more ranks, remove module warnings 
../vmware_mount.rb
Rank = Excellent
Exploit uses check code for target availability,
the vulnerability does not require user action,
and the exploit uses privilege escalation to run
arbitrary executables

../movabletype_upgrade_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../uptime_file_upload_2.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../zpanel_information_disclosure_rce.rb
Rank = ExcellentRanking
Exploit allows remote code execution,
implements version check for pChart

../spip_connect_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../wp_optimizepress_upload.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../wing_ftp_admin_exec.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../novell_mdm_lfi.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../run_as.rb
Rank = ExcellentRanking
Exploit utilizes command injection,
checks system type, and does not require user action
 2017-05-07 15:41:26 -04:00
Brendan Coles 0eacf64324 Add Serviio Media Server checkStreamUrl Command Execution 2017-05-05 07:54:00 +00:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings 
Also fixed rex requires.
 2017-05-03 15:44:51 -05:00
Sara Perez 18fa411189 Updated with Egypt's suggestion, also changed the target name to include other versions 2017-04-27 13:19:44 +01:00
Daniel Teixeira a3a4ba7605 Buffer Overflow on Dup Scout Enterprise v9.5.14 2017-04-26 15:19:00 +01:00
Daniel Teixeira 47898717c9 Minor documentation improvements 
Space after ,
 2017-04-24 14:47:25 +01:00
DanielRTeixeira f1c51447c1 Add files via upload 
Buffer Overflow on Disk Sorter Enterprise
 2017-04-19 10:57:41 +01:00
Sara Perez 178d68003e version check, as the name for the api key call changes on 11.0. Line 130 2017-04-18 10:32:28 +01:00
Brent Cook bb140b9581 fix deprecated target ARCH 2017-03-03 13:38:16 -06:00
William Webb d76e80bc44 Land #7424, Ektron Webservices XSLT Remote Code Execution 2017-03-03 12:12:21 -06:00
wchen-r7 5d0b532b20 Fix #8002, Use post/windows/manage/priv_migrate instead of migrate -f 
Because migrate -f uses a meterpreter script, and meterpreter scripts
are deprecated, we should be replacing with a post module

Fix #8002
 2017-02-23 17:04:36 -06:00
Maurice Popp d5fd620fbb Add files via upload 2017-02-14 11:21:36 +01:00
Gabor Seljan bda464fd6b Increase output 2017-01-21 10:51:58 +01:00
Gabor Seljan e3043b0889 Use random string as egg 2017-01-21 10:28:47 +01:00
Gabor Seljan c47f087c83 Fix check code 2017-01-21 09:39:09 +01:00
Gabor Seljan 905213cc41 Add module for DiskSavvy Enterprise (EDB-40854) 2017-01-19 20:34:00 +01:00
Gabor Seljan 483865b815 Fix reference 2017-01-11 23:28:23 +01:00
Gabor Seljan 24014d8465 Minor code formatting 2017-01-10 22:59:42 +01:00
Gabor Seljan 9162374ae3 Add automatic targeting 2017-01-08 11:23:18 +01:00
Gabor Seljan d2472712f3 Add module for DiskBoss Enterprise (EDB-40869) 2017-01-07 19:44:38 +01:00
Brent Cook f313389be4 Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch 2016-11-20 19:08:56 -06:00
Chris Higgins 4e9802786c Removed spaces causing build to fail 2016-11-13 21:46:24 -06:00
OJ 57eabda5dc Merge upstream/master 2016-10-29 13:54:31 +10:00
Chris Higgins c153686465 Added Disk Pulse Enterprise Login Buffer Overflow 2016-10-27 21:49:17 -05:00
OJ 1d617ae389 Implement first pass of architecture/platform refactor 2016-10-28 07:16:05 +10:00
Brent Cook ed35bf5011 remove unneeded badchars from payload specification 2016-10-26 04:47:33 -05:00
David Maloney 6b77f509ba fixes bad file refs for cmdstagers 
when moving to the rex-exploitation gem some of the
file references were missed, partially due to silly differences
between how each file was referenced

Fixes #7466
 2016-10-21 12:31:18 -05:00
Catatonic Prime da307a5312 Adding description of the module 2016-10-10 06:22:11 +00:00
Catatonic Prime 467f9e700d msftidy fixes for title & removing unused dependency 2016-10-10 06:11:29 +00:00
Catatonic Prime 6cbae172f8 Adding Ektron 8.5 Web Service XSLT RCE 2016-10-10 05:21:45 +00:00
Pearce Barry 226ded8d7e Land #6921, Support basic and form auth at the same time 2016-08-25 16:31:26 -05:00
James Lee d46c3a1d8c Collector looks like hex, store it as a string 2016-07-29 21:57:51 -05:00
Brent Cook b08d1ad8d8 Revert "Land #6812, remove broken OSVDB references" 
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
 2016-07-15 12:00:31 -05:00
Brent Cook 2b016e0216 Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
wchen-r7 14adcce8bf Missed the HTTPUSERNAME fix 2016-05-27 18:37:04 -05:00
wchen-r7 61f9cc360b Correct casing - should be HttpUsername and HttpPassword 2016-05-27 18:31:54 -05:00
wchen-r7 4dcddb2399 Fix #4885, Support basic and form auth at the same time 
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.

Fix #4885
 2016-05-27 16:25:42 -05:00
wchen-r7 99a573a013 Do unless instead "if !" to follow the Ruby guideline 2016-05-19 19:21:45 -05:00
Vex Woo b5284375a7 osb_uname_jlist - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:16:53 -05:00
Vex Woo 11fedd7353 ca_totaldefense_regeneratereports - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:15:28 -05:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references. 
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
 2016-04-23 12:32:34 -05:00
Brent Cook 57cb8e49a2 remove overwritten keys from hashes 2016-04-20 07:43:57 -04:00
wchen-r7 f3336c7003 Update windows/http/easyfilesharing_seh 2016-03-31 19:24:06 -05:00
wchen-r7 dd83757966 Bring #6488 up to date with upstream-master 2016-03-31 19:11:11 -05:00
l0gan e29fc5987f Add missing stream.raw for hp_sitescope_dns_tool 
This adds the missing stream.raw.
 2016-03-15 11:06:06 -05:00
Christian Mehlmauer 3123175ac7 use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook f703fa21d6 Revert "change Metasploit3 class names" 
This reverts commit 666ae14259.
 2016-03-07 13:19:55 -06:00