adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

7658 Commits

Author SHA1 Message Date
space-r7 722de33b6f address feedback, use cleanup to restore path 
fix bug where if config restore failed, module would
output that it was both a failure and a success
add akb topic as reference
 2023-05-11 13:20:25 -05:00
Shelby Pace 131f2519bc Update modules/exploits/windows/http/ivanti_avalanche_filestoreconfig_upload.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-05-11 10:48:48 -05:00
Grant Willcox 9f6a1c18a1 Minor updates to fix URLs, disclosure date, description, and minor gramatical things 2023-05-10 18:22:00 -05:00
space-r7 e514de9aef add comment about jsf substitution 2023-05-10 09:13:01 -05:00
space-r7 d1e3ce1183 add Ivanti Avalanche file upload 2023-05-08 17:41:52 -05:00
Grant Willcox f773d348e1 Add in notes about reliability of the module, and also add documentation on 7005 test on Windows 2022 2023-05-08 12:11:01 -05:00
space-r7 f04dababa2 add upload code 2023-05-05 18:59:46 -05:00
ErikWynter b8856bbb87 fix capitalization of Htlm_fileName JSON parram 2023-05-05 09:59:11 +03:00
space-r7 9fa0dac56c add login and path change methods 2023-05-04 18:03:02 -05:00
ErikWynter c088430bd9 improve sanity checks in login method and other code review fixes 2023-05-04 15:12:31 -05:00
Grant Willcox f27fc28411 Perform review updates 2023-05-04 15:12:31 -05:00
ErikWynter 9b596b3efd minor changes 2023-05-04 15:12:31 -05:00
ErikWynter 1c6c1dffc6 final code review fixes 2023-05-04 15:12:31 -05:00
ErikWynter 9fe7db4648 improve status codes handling 2023-05-04 15:12:30 -05:00
ErikWynter 86b7f97421 remove trailing whitespace 2023-05-04 15:12:30 -05:00
ErikWynter aede036b02 additional changes from code review 2023-05-04 15:12:30 -05:00
Grant Willcox 8871b2955b Fix up Active Directory name so we appropriately use uppercase 2023-05-04 15:12:30 -05:00
Grant Willcox ba687c49aa Fix a few typos 2023-05-04 15:12:29 -05:00
ErikWynter a5e86a0c51 code review improvements, including renaming silent param 2023-05-04 15:12:29 -05:00
Grant Willcox 0fd743d851 Add in fixes from code review 2023-05-04 15:12:29 -05:00
ErikWynter dd075d5c99 library improvements after code review, module update 2023-05-04 15:12:28 -05:00
ErikWynter 47d374497a create adaudit plus mixin and move some stuff there 2023-05-04 15:12:27 -05:00
Grant Willcox 3b0d8b850b Fix up some issues identified during review 2023-05-04 15:12:26 -05:00
ErikWynter 9f68a5f8d1 add manageengine_adaudit_plus_authenticated_rce exploit module and docs 2023-05-04 15:12:09 -05:00
adfoster-r7 f35b9e4fa5 Fix crash when running local exploit suggester 2023-04-21 10:13:37 +01:00
h00die 4b176c8ef5 fix unified_remote_rce docs 2023-04-16 10:11:01 -04:00
cgranleese-r7 e004be00fe Converted to Active Support 2023-04-05 16:53:01 +01:00
cgranleese-r7 c3a7da54d5 reduces code duplication 2023-04-04 10:27:11 +01:00
cgranleese-r7 40e6917b7f tests passing 2023-04-04 10:24:09 +01:00
Jack Heysel 15d267a233 Land #17826, post module for CVE-2023-21768 
This adds an exploit module for CVE-2023-21768 that
achieves local privilege escalation on Windows 11 2H22.
 2023-03-30 12:27:28 -04:00
jheysel-r7 152ef4a86b Update modules/exploits/windows/local/cve_2023_21768_afd_lpe.rb 2023-03-30 11:28:46 -04:00
jheysel-r7 6f400052b1 Update modules/exploits/windows/local/cve_2023_21768_afd_lpe.rb 2023-03-30 11:00:55 -04:00
Jack Heysel f3c12ba176 Land #17808, Update broken secunia references 
The Secunia links in the framework were dead. They have
now been restored using the wayback machine to grab
replacement links from the earliest date possible.
 2023-03-27 17:20:13 -04:00
Christophe De La Fuente 6d4ee0c071 Add exploit for CVE-2023-21768 2023-03-27 20:08:22 +02:00
Spencer McIntyre 3ca177eb1f Add the exploit for CVE-2022-38108 2023-03-23 17:28:58 -04:00
adfoster-r7 d04c8e1bce Update broken secunia references 2023-03-23 10:43:57 +00:00
Grant Willcox 43b4ee268c Land #17592, Fix bypassuac_injection_winsxs for x64 2023-02-09 11:41:51 -06:00
Spencer McIntyre e6f4e96544 Close hFindFile 2023-02-09 11:43:20 -05:00
cgranleese-r7 508f5c7e52 Land #17619, Run rubocop on exploit modules 2023-02-09 10:11:53 +00:00
bwatters 01a78f972c Land #17567, ManageEngine Endpoint Central RCE (CVE-2022-47966) 
Merge branch 'land-17567' into upstream-master
 2023-02-08 13:06:53 -06:00
adfoster-r7 656ded4b86 Add module notes 2023-02-08 15:46:07 +00:00
adfoster-r7 25ee41df68 Run rubocop on exploit modules 2023-02-08 15:20:32 +00:00
Spencer McIntyre f2e5e77e27 Fix bypassuac_injection_winsxs for x64 
Tested on Windows 8.1, prior to these chagnes the bad railgun definition
would cause the session to crash.
 2023-02-03 13:02:53 -05:00
cgranleese-r7 80dbbca020 Land #17371, Lenovo Diagnostics Driver Privilege Escalation (CVE-2022-3699) 2023-02-03 13:43:04 +00:00
adfoster-r7 014bdddd1a Land #17564, Fixed AnyConnect IPC message format 2023-02-01 16:34:44 +00:00
h00die-gr3y a2f4a27614 updated module and added documentation 2023-01-29 10:06:14 +00:00
h00die-gr3y bf10b29a84 first drop module 2023-01-29 07:47:22 +00:00
Duarte Silva a7ae3c9389 Fixed AnyConnect IPC message format: 
- Made an error in the original research where the TLV had a type
  and a index, when it only has a type and a modifier that makes
  it into a TV (Type and Value, no Length).
- A TV has its value where the Length would be on a TLV.
- Also added a note on the endieness being correct/working because
  endieness has no impact in the message being used to exploit the
  vulnerability.
 2023-01-28 09:08:51 +00:00
adfoster-r7 672fb9ce9f Land #17460, add support for feature kerberos authentication 2023-01-26 17:47:27 +00:00
Jack Heysel 6ac0d9ba27 Trailing whitespace corrected 2023-01-19 22:16:54 -05:00