adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

7658 Commits

Author SHA1 Message Date
Grant Willcox 862b057277 Fix up RuboCop issues 2022-02-11 14:18:25 -06:00
Grant Willcox 4c1b2478fa Add in exploit and documentation 2022-02-11 13:58:56 -06:00
usiegl00 72a0732009 Update ShadowMitmDispatcher to reduce ip lookups 
The ShadowMitmDispatcher must be initialized with an interface, mac, and
ip address as keyword arguments. This prevents dispatchers from
retrieving the same network configuration multiple times.
 2022-02-11 22:35:40 +09:00
Grant Willcox 5431d3d0f6 Add in initial check method code 2022-02-09 20:12:41 -06:00
usiegl00 8bf51dd1d8 Update smb_shadow and shadow_mitm_dispatcher 
The dispatcher no longer uses an override flag, Instead the smb_shadow
module explicitly sets the attributes.
 2022-01-31 14:49:18 +09:00
usiegl00 dbc8a70b7c Merge remote-tracking branch 'origin/master' into mitm_dispatcher 2022-01-28 10:24:50 +09:00
usiegl00 0259e586a9 Update smb_shadow module and rename MitmDispatcher 
The MitmDispatcher is now the ShadowMitmDispatcher to help prevent name
confusion. Updated the ShadowMitmDispatcher to use native rex lib calls
to decode binary fields.
 2022-01-28 08:39:07 +09:00
adfoster-r7 a17dfcc849 Rubocop smb relay module 2022-01-26 00:47:19 +00:00
usiegl00 5cc716fa0d Add MitmDispatcher to the smb_shadow module 
The MitmDispatcher reduces code repetition and enables the use of
standard RubySMB syntax. I have noticed increased power draw when using
the new dispatcher compared to the previous (less stateful) approach.
 2022-01-21 14:57:07 +09:00
Pedro Ribeiro ea00da0a03 fix NUUO advisory links 2022-01-13 18:54:56 +00:00
Pedro Ribeiro 09d6b1388c fix kaseya links 2022-01-13 18:47:11 +00:00
Christophe De La Fuente a458961631 Move the cleanup instance variables to the begining of #exploit 2022-01-07 20:34:58 +01:00
Christophe De La Fuente 41ebb3aa29 Land #15903, SMB Shadow Module: Direct SMB Session Takeover 2022-01-07 16:57:17 +01:00
usiegl00 3051c5d9f5 Add mutex to cleanup in smb_shadow 
The mutex will prevent multiple calls to cleanup when the module is
stopped with Ctrl-C. Add a Notes section to the documentation which
describes arpspoof usage and such.
 2022-01-07 14:18:15 +09:00
usiegl00 cf6ab21467 Fix disabling of port 445 forwarding in smb_shadow 
Update the iptables invocation to use the FORWARD table, which filters
packets being routed through the device. Add check for STATUS_PENDING
response from the server while creating the service.
 2022-01-06 13:15:30 +09:00
usiegl00 204da6a0b4 Use packet filter anchor for pfctl in smb_shadow 
The packet filter anchor will prevent the flushing of previous packet
filter rules. Using an anchor also allows us to remove the rule, instead
of disabling the filter.
 2021-12-28 20:13:32 +09:00
William Vu 4cd83b5e72 Add ManageEngine ServiceDesk Plus CVE-2021-44077 2021-12-23 12:27:57 -06:00
Spencer McIntyre 1915b1395e Land #15742, Added module for CVE-2021-40444 2021-12-08 17:46:02 -05:00
Spencer McIntyre 2f6710e02e Remove the Not_Hosted target 
It's not currently working and Metasploit should just handle everything
 2021-12-08 17:22:44 -05:00
bwatters 852230c739 Fix bug brought in by importing Msf::Post::File 
Split out javascript to a file and deobfuscate it
Update documentation for new targets
Fix other small suggestions
 2021-12-08 10:36:27 -06:00
usiegl00 609bf4be3c Update smb_shadow module to clean unnecessary code 
Remove the return statement after fail_with which will never be reached.
Add documentation for the module options. Reset the packet forwarding
settings during the module cleanup.
 2021-12-07 08:41:52 +09:00
usiegl00 260ea0725c Update smb_shadow module and docs for review 
Add mutex to module to prevent race condition. Add sleep to after arp
query to prevent arp cache restoration. Add DefangedMode to indicate
system network changes. Change module INTERFACE option to be explicit.
Remove unnecessary module payload parameters. Add module Notes.
 2021-12-03 14:33:40 +09:00
Brendan Coles a60c59c3af ms08_067_netapi: Add nine Windows 2003 SP2 targets for various locales 
* Windows 2003 SP2 Portuguese (NX)
* Windows 2003 SP2 Chinese - Simplified (NX)
* Windows 2003 SP2 Czech (NX)
* Windows 2003 SP2 Dutch (NX)
* Windows 2003 SP2 Hungarian (NX)
* Windows 2003 SP2 Italian (NX)
* Windows 2003 SP2 Russian (NX)
* Windows 2003 SP2 Swedish (NX)
* Windows 2003 SP2 Turkish (NX)
 2021-12-02 16:33:02 +00:00
space-r7 51d85fada5 Land #15914, ms03_026_dcom cleanup 2021-11-30 11:37:43 -06:00
Tim W abb11cf896 Land #15918, add more targets for ms07_029_msdns_zonename 2021-11-30 08:24:03 +00:00
Brendan Coles 28bc460bac ms07_029_msdns_zonename: Add additional Windows 2000/2003 target offsets 2021-11-30 07:38:08 +00:00
bwatters 14064ff3f9 Update module description and remove extra module. 2021-11-29 15:23:02 -06:00
Brendan Coles 8fa73f9e90 ms05_039_pnp: Rename 'Windows 2000 SP4 English/French/German/Dutch' target to 'Windows 2000 SP4 Universal' 2021-11-28 13:39:05 +00:00
Brendan Coles 5fab1da09b ms03_026_dcom: cleanup 2021-11-28 08:25:31 +00:00
usiegl00 bfd57daea7 Update Range Syntax to Support Ruby 2.5 
Change [?..] to [?..-1] to be compatible with older ruby versions. Fix
failing msftidy rubocop linting tests.
 2021-11-25 15:05:39 +09:00
usiegl00 e19511a31c Update documentation for the smb_shadow module. 
Add additional clarity and details to the existing documentation for the
smb_shadow module. Remove some outdated comments and fix some spelling
errors.
 2021-11-25 08:12:13 +09:00
William Vu 344bdacae4 Remove preferred payload 
We'll add it back to Framework later.
 2021-11-24 10:44:59 -06:00
usiegl00 e2734293e1 Add SMB Shadow Module: Direct SMB Session Takeover 
This module intercepts direct SMB connections on the LAN.
Both the SMB Server and Client must be on the LAN.
The SMB Client must be authenticating to the Server as an Administrator.
This module is dependent on an external ARP spoofer.
 2021-11-24 20:05:30 +09:00
William Vu e8e5467b70 Credit mr_me for keytool classloading technique 
Confirmed. :)
 2021-11-23 20:12:05 -06:00
William Vu 3702615003 Improve check precision by matching more stuff 2021-11-23 19:05:09 -06:00
William Vu e2cf3e6706 Clarify working directory for FileDropper 2021-11-23 19:05:09 -06:00
William Vu 2f1bfa738a Add ManageEngine ADSelfService Plus CVE-2021-40539 2021-11-23 19:05:09 -06:00
Grant Willcox 9023c61ac8 Land #15851, User Agent Refresh 2021-11-17 15:08:52 -06:00
bwatters 2a68b9ae9f Add targets to track http server status 2021-11-17 07:54:49 -06:00
Grant Willcox 7e01e33e51 Make the XML generation into a function that accepts an argument and do further cleanup to simplify the code around this 2021-11-11 23:56:11 -06:00
Grant Willcox 8d55b16ade Fix one more mistake and rename document and module to a more easy to find name 2021-11-11 16:42:58 -06:00
Grant Willcox be4fa90f1a Fix up wvu's review comments 2021-11-11 14:39:40 -06:00
Grant Willcox 9d6f0a0eb2 Update XML to reduce it to the bare minimum needed to get the exploit working. Possible I could do more but in my tests it seems everything in here now is needed 2021-11-10 16:25:08 -06:00
Grant Willcox 27310dc002 Add in exploit and documentation for CVE-2021-42237 2021-11-10 15:52:22 -06:00
Ashley Donaldson 527057c700 Updated user agent strings in some modules where it shouldn't impact exploitability 2021-11-10 11:12:38 +11:00
Grant Willcox 3af93cbacc Fix up changes from timwr's review so long 2021-11-09 10:36:50 -06:00
Grant Willcox 780a9370a2 First draft of code, documentation, and exploit DLL plus exploit code 2021-11-09 10:36:40 -06:00
RAMELLA Sébastien 38973510f7 update modules (auxiliary and exploit) 2021-11-09 15:18:58 +04:00
surya 2f00ccfbc8 Linted Stuff 2021-10-08 03:04:34 +05:30
surya 59ffc44dbc Cleared a minor error 2021-10-08 02:57:13 +05:30