adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

1489 Commits

Author SHA1 Message Date
bwatters 5f667e1d79 Address code review 2023-06-22 10:22:43 -05:00
bwatters a2c2a9193f Update error catching logic 2023-06-22 08:27:44 -05:00
bwatters 2adea08f67 Add documentation & code cleanup 2023-06-21 15:41:50 -05:00
bwatters 52907ac794 Add space limitation 2023-06-21 12:56:59 -05:00
bwatters 10c6e6328f Add user cleanup and update error handling 2023-06-21 12:00:34 -05:00
bwatters 9d16b0043b Add check method 2023-06-21 11:26:04 -05:00
bwatters 957339b3c0 Simplify output 2023-06-21 08:34:02 -05:00
bwatters d63c14dc17 Ugly, but working 2023-06-20 20:06:57 -05:00
bwatters d5a986a4bc Fix copy/pasta 2023-06-15 08:34:30 -05:00
bwatters f5f61ca508 Start of MOVEit port 2023-06-14 10:04:07 -05:00
Grant Willcox 617aff5a43 Fix up supported payloads and remove nonused parameter 2023-06-02 09:48:03 -05:00
Grant Willcox f7d2cdae56 Add in ability to restore settings n documentation changes. 
Previously there was not the ability to restore the server proxy setting.
This updates the code to do so. Additionally this also updates the documentation
to note that Fetch payloads are incompatible with this module since they
use HTTP connections that will be impacted by this module changing the server's
HTTP proxy settings. There is no way around this.
 2023-06-02 09:48:03 -05:00
Grant Willcox 965311d09e Fix documentation and fix bug in creating PARMS value 2023-06-02 09:48:02 -05:00
Grant Willcox 6e89f9b275 Address review comments 2023-06-02 09:48:02 -05:00
Grant Willcox 8577f21e52 Add in documentation and updated code 2023-06-02 09:48:01 -05:00
Grant Willcox 05bb3cd182 Update again 2023-06-02 09:48:01 -05:00
Grant Willcox c78a9bac1d Remove dropper target and try expand potential BadChars and limit payload size??? 2023-06-02 09:48:01 -05:00
Grant Willcox 6d066dc649 Add in initial copy of exploit 2023-06-02 09:47:49 -05:00
Grant Willcox 459cf871cb Land #17979, Add exploit for Ivanti Avalanche file upload - CVE-2023-28128 2023-05-16 09:19:33 -05:00
Grant Willcox 560fc9000b Fix up checks on responses to make sure they are more robust checks 2023-05-12 16:08:47 -05:00
Grant Willcox 3b2d23eeae Fix up check method, unduplicate fail_with messages to make them unique, and add @cleanup_needed so we can check if cleanup is needed to avoid unnecessary messages when just checking if the target is vulnerable or not 2023-05-12 14:14:40 -05:00
space-r7 722de33b6f address feedback, use cleanup to restore path 
fix bug where if config restore failed, module would
output that it was both a failure and a success
add akb topic as reference
 2023-05-11 13:20:25 -05:00
Shelby Pace 131f2519bc Update modules/exploits/windows/http/ivanti_avalanche_filestoreconfig_upload.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-05-11 10:48:48 -05:00
Grant Willcox 9f6a1c18a1 Minor updates to fix URLs, disclosure date, description, and minor gramatical things 2023-05-10 18:22:00 -05:00
space-r7 e514de9aef add comment about jsf substitution 2023-05-10 09:13:01 -05:00
space-r7 d1e3ce1183 add Ivanti Avalanche file upload 2023-05-08 17:41:52 -05:00
Grant Willcox f773d348e1 Add in notes about reliability of the module, and also add documentation on 7005 test on Windows 2022 2023-05-08 12:11:01 -05:00
space-r7 f04dababa2 add upload code 2023-05-05 18:59:46 -05:00
ErikWynter b8856bbb87 fix capitalization of Htlm_fileName JSON parram 2023-05-05 09:59:11 +03:00
space-r7 9fa0dac56c add login and path change methods 2023-05-04 18:03:02 -05:00
ErikWynter c088430bd9 improve sanity checks in login method and other code review fixes 2023-05-04 15:12:31 -05:00
Grant Willcox f27fc28411 Perform review updates 2023-05-04 15:12:31 -05:00
ErikWynter 9b596b3efd minor changes 2023-05-04 15:12:31 -05:00
ErikWynter 1c6c1dffc6 final code review fixes 2023-05-04 15:12:31 -05:00
ErikWynter 9fe7db4648 improve status codes handling 2023-05-04 15:12:30 -05:00
ErikWynter 86b7f97421 remove trailing whitespace 2023-05-04 15:12:30 -05:00
ErikWynter aede036b02 additional changes from code review 2023-05-04 15:12:30 -05:00
Grant Willcox 8871b2955b Fix up Active Directory name so we appropriately use uppercase 2023-05-04 15:12:30 -05:00
Grant Willcox ba687c49aa Fix a few typos 2023-05-04 15:12:29 -05:00
ErikWynter a5e86a0c51 code review improvements, including renaming silent param 2023-05-04 15:12:29 -05:00
Grant Willcox 0fd743d851 Add in fixes from code review 2023-05-04 15:12:29 -05:00
ErikWynter dd075d5c99 library improvements after code review, module update 2023-05-04 15:12:28 -05:00
ErikWynter 47d374497a create adaudit plus mixin and move some stuff there 2023-05-04 15:12:27 -05:00
Grant Willcox 3b0d8b850b Fix up some issues identified during review 2023-05-04 15:12:26 -05:00
ErikWynter 9f68a5f8d1 add manageengine_adaudit_plus_authenticated_rce exploit module and docs 2023-05-04 15:12:09 -05:00
cgranleese-r7 40e6917b7f tests passing 2023-04-04 10:24:09 +01:00
adfoster-r7 d04c8e1bce Update broken secunia references 2023-03-23 10:43:57 +00:00
cgranleese-r7 508f5c7e52 Land #17619, Run rubocop on exploit modules 2023-02-09 10:11:53 +00:00
adfoster-r7 25ee41df68 Run rubocop on exploit modules 2023-02-08 15:20:32 +00:00
h00die-gr3y a2f4a27614 updated module and added documentation 2023-01-29 10:06:14 +00:00