adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

1489 Commits

Author SHA1 Message Date
h00die 533bed6b51 pre review updates 2020-06-22 06:30:44 -04:00
h00die 9defe33d9a docs and working module 2020-06-20 00:06:46 -04:00
h00die 9f424a8cbb cleanup getting through it 2020-06-19 22:59:19 -04:00
h00die 40e6551b8b works with cmd payload calc 2020-06-19 21:16:55 -04:00
h00die c2c931030f review comments 2020-06-17 11:47:11 -04:00
Tod Beardsley 655a323467 Add CVE-2020-7356 for Cayin xPost 2020-06-17 09:57:29 -05:00
h00die aec1f77b70 wip 2020-06-10 20:42:22 -04:00
h00die b5c90ea20c xpost working 2020-06-09 13:07:00 -04:00
William Vu d6aea635c7 Update authors in Netsweeper/myLittleAdmin modules 
Edits for accuracy and precision.
 2020-05-22 17:05:12 -05:00
William Vu afe7ef5d9a Bump WfsDelay for first exploit attempt 2020-05-22 09:32:22 -05:00
William Vu e471efa399 Whitelist :certutil and :vbs CmdStagers 
These worked for @smcintyre-r7 on Windows Server 2019.
 2020-05-22 09:24:16 -05:00
William Vu 16886fa41e Move generate_viewstate_payload to mixin 2020-05-21 18:37:13 -05:00
William Vu d1a07e9403 Use ViewState mixin in module 2020-05-21 18:37:13 -05:00
William Vu 11030dff84 Add CVE references (they weren't there before) 2020-05-21 18:12:57 -05:00
William Vu 889a4cd6e0 Add Plesk/myLittleAdmin ViewState deserialization 2020-05-21 18:12:57 -05:00
William Vu 12d4ad68e3 Fix things in ThinkPHP and ManageEngine exploits 
Current pattern is print_good instead of vprint_good for this particular
message directly or indirectly called by execute_command.

CmdStagerFlavor is checked at the top level, but it is also checked per
target. Moving this to where it's more appropriate.
 2020-05-20 22:47:03 -05:00
William Vu 655088bb0d Fix punctuation typo in exchange_ecp_viewstate 2020-05-20 09:47:11 -05:00
Spencer McIntyre 30b17c6323 Remove some whitespace for msftidy compliance 2020-05-04 10:14:00 -04:00
Spencer McIntyre 7fb17ecf17 Update some module metadata for the Kentico RCE exploit 2020-05-04 10:12:21 -04:00
Spencer McIntyre c128a3ba92 Add CmdStager and Powershell targets to the Kentico RCE exploit 2020-05-04 10:07:10 -04:00
Patrick Webster 60b83d536e Update modules/exploits/windows/http/kentico_staging_syncserver.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2020-05-04 09:26:14 -04:00
Patrick Webster c5adcbfd43 Update modules/exploits/windows/http/kentico_staging_syncserver.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2020-05-04 09:26:13 -04:00
Patrick Webster 0679f1b317 Update modules/exploits/windows/http/kentico_staging_syncserver.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2020-05-04 09:26:13 -04:00
Patrick Webster 376c61bc46 Added exploit module kentico_staging_syncserver. 2020-05-04 09:26:13 -04:00
William Vu e5857d5544 Comments for the comment god 2020-04-27 20:58:39 -05:00
William Vu 3e9f7d5f0a Comment the absolute path prepended to traversal 2020-04-27 20:57:02 -05:00
William Vu f18ec9929b Remove directory traversal prefix altogether 2020-04-27 20:23:29 -05:00
William Vu 1318faa992 Clarify the quote is from the vendor's advisory 2020-04-27 16:53:34 -05:00
William Vu cefeb9ffde Randomize dir in desktopcentral_deserialization 
Also apply RuboCop.
 2020-04-27 16:13:22 -05:00
Christophe De La Fuente af239303d2 Land #13257, .NET Deserialization Library Improvements 2020-04-27 13:05:38 +02:00
William Vu e248e2ed43 Consolidate CmdStager flavors to symbols 
As per the API. Strings are fine, but they're supposed to be symbols.
 2020-04-15 15:47:51 -05:00
William Vu 6523dd81c9 Add comment clarifying build number 2020-04-15 15:47:51 -05:00
William Vu 3aa95f98eb Move RPORT back to where I prefer it 
It was next to SSL before because I wanted to indicate the port was SSL.
 2020-04-15 15:47:51 -05:00
William Vu 7cf7211b46 Refactor desktopcentral_deserialization check 2020-04-15 15:47:51 -05:00
William Vu 5cf0f888ee Remove notes-level version information 
Not sure I like this. Don't want people ot copypasta it.
 2020-04-15 15:47:51 -05:00
William Vu 02ba071b84 Punctuate check prints to match CheckCodes 2020-04-15 15:47:50 -05:00
William Vu 1fdafc5104 "Correct" Windows platform in ManageEngine exploit 2020-04-15 15:47:50 -05:00
Spencer McIntyre 6ae3df69c6 Update the dnn_cookie_deserialization_rce for the new library 2020-04-15 15:13:42 -04:00
Spencer McIntyre b37adbeeed Update existing modules to use explicit parameters 2020-04-15 15:13:41 -04:00
Adam Galway e8d134fc56 Land #12096, DNN cookie desrialization exploit 2020-04-02 15:57:46 +01:00
Spencer McIntyre 54edd201e4 Cleanup cmdstager options 2020-03-24 17:14:47 -04:00
Spencer McIntyre a69f3eb946 Use the correct its instead of it's 2020-03-24 16:44:18 -04:00
Spencer McIntyre a0cd00dac7 Cleanup module doc and comments for CVE-2020-0646 2020-03-24 10:15:58 -04:00
Spencer McIntyre 0832604131 Finish up the CVE-2020-0646 SharePoint RCE 2020-03-23 18:14:28 -04:00
Spencer McIntyre 6c24ed4c96 Initial SharePoint WorkFlows XOML RCE module 2020-03-20 17:57:54 -04:00
William Vu ddefafab78 Revert "Patch serialVersionUID in the library" 
This reverts commit eaf8554e69.
 2020-03-13 17:36:40 -05:00
William Vu 02e2072a87 Update module traits after joint testing 2020-03-13 14:01:54 -05:00
William Vu eaf8554e69 Patch serialVersionUID in the library 2020-03-13 13:17:26 -05:00
William Vu c11be38e1c Default to certutil CmdStager 2020-03-13 12:38:07 -05:00
William Vu 03ff32210e Fix CmdStager target 2020-03-13 12:26:45 -05:00