adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

18316 Commits

Author SHA1 Message Date
sk4 af0761bcfd Add CMS Made Simple object injection exploit module 2019-11-01 12:11:38 +01:00
Brendan Coles 294cbcffb6 Land #12382, Add Linux Micro Focus (HPE) Data Protector omniresolve Privesc (CVE-2019-11660) 2019-11-01 08:06:01 +00:00
bcoles b08e031863 Update module description 2019-11-01 17:11:33 +11:00
bcoles c6e739c76d Code cleanup 2019-11-01 16:30:37 +11:00
Cristina Muñoz 10b5df1c4f Change all python2.7 shebangs to python3. 
Remove utf-8 encoding declarations, as this is the default for python3.
 2019-10-31 15:10:58 -07:00
Cristina Muñoz 8563a29003 Convert all python code to python3. Fixes #12506. 2019-10-31 14:16:14 -07:00
Francesco Soncina 9fc2df5ea8 move force_tls12 to rex-powershell 2019-10-31 16:28:59 +01:00
William Vu f5ce31519c Fix style, once more with feeling 2019-10-31 09:59:35 -05:00
wvu-r7 dc62ea080b Fix style 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-10-31 09:54:18 -05:00
Shelby Pace 0b4a0b3148 Land #12476, add Nostromo dir traversal RCE 2019-10-31 08:24:41 -05:00
Shelby Pace 99fd254348 add reference 2019-10-31 08:23:57 -05:00
Quentin Kaiser ca81793860 Forgot to put ForceExploit in registered options. 2019-10-31 10:25:26 +01:00
William Vu 81da0d18c6 Add blurb about pre-auth file read 2019-10-30 20:41:57 -05:00
bwatters-r7 340b73f3c6 Add Windows Escalate UAC Protection Bypass (Via dot net profiler) 2019-10-30 20:38:44 -05:00
William Vu f3a6aeea60 Add true post_auth? definition 2019-10-30 20:31:58 -05:00
William Vu 77c26e9a70 Add Pulse Secure VPN arbitrary command execution 2019-10-30 20:08:02 -05:00
Onur ER 379fb3b65c Targets version fixed 2019-10-29 23:04:42 +03:00
Onur ER e07289c71a Update Ajenti Command Injection module 
Module name changed.
Removed space.
Check module issues fixed.
random_password moved into json_body.
 2019-10-29 22:49:11 +03:00
Onur ER 89e56cf26d Rename ajenti_login_rce.rb to ajenti_auth_username_cmd_exec.rb 2019-10-29 22:19:59 +03:00
Onur ER 9b9d3013a4 Module name changed. 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-10-29 22:18:36 +03:00
Brendan Coles 5c17dc6a74 Add rConfig install Command Execution exploit 2019-10-29 15:53:59 +00:00
Quentin Kaiser 0531dd7bb9 Hash rocket alignment. 2019-10-29 12:28:39 +01:00
Quentin Kaiser bc0c2bf721 check function rewrite. 2019-10-29 12:27:15 +01:00
Quentin Kaiser 436d6781c1 Fix description. 2019-10-29 12:25:01 +01:00
Quentin Kaiser b357db22cf Fix description. 2019-10-29 12:24:22 +01:00
Quentin Kaiser 8bbb33c483 Generic name. 2019-10-29 12:24:00 +01:00
Quentin Kaiser b6dd30302a Rewriting of command stager, based on exploits/unix/webapp/webmin_backdoor. 2019-10-29 12:23:19 +01:00
Onur ER bbf405bf92 Added EDB number instead of url 2019-10-28 22:09:01 +03:00
Onur ER 5dea40f43b Added Ajenti 2.1.31 exploit 
Ajenti is an open source, web-based control panel that can be used for a large variety of server management tasks. It can install packages and run commands, and you can view basic server information such as RAM in use, free disk space, etc. All this can be accessed from a web browser.

This module exploits a command injection in Ajenti <= 2.1.31.
By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.
 2019-10-28 21:39:13 +03:00
William Vu ec0974222c Fix module title again 2019-10-27 11:48:50 -05:00
William Vu e010f48a3b Move module to coldfusion_rds_auth_bypass 2019-10-27 11:25:56 -05:00
William Vu 2cc5f23915 Fix module title 2019-10-27 11:25:40 -05:00
bwatters-r7 3483c50a86 Add Windows backup system sdclt uac bypass module 2019-10-25 15:01:56 -05:00
William Vu a0d1f02fd1 Fix failed login check for ColdFusion 9.something 
It was merely "ColdFusion Administrator" for the version I tested.
 2019-10-24 17:07:45 -05:00
Shelby Pace fcc9ad628c Land #12473, add xscreensaver log privesc 2019-10-23 13:27:45 -05:00
Brendan Coles 991ccdbda5 Land #12106, Add Linux PTRACE_TRACEME local root exploit 2019-10-23 14:01:14 +00:00
Tim W 8c93b219d1 fix compile.rb and rubocop 2019-10-23 20:54:42 +08:00
Tim W 7ff71819e9 add architecture check to check method 2019-10-23 20:38:55 +08:00
Tim W 3b5d0b98e7 add a basic check method using loginctl 2019-10-23 19:50:19 +08:00
Tim W 7d25e321ef add some more comments 2019-10-23 14:45:32 +08:00
Brendan Coles ab9d1470d2 Use workaround for horrific command tokenisation 2019-10-23 06:37:30 +00:00
h00die 2d829f9d46 first upgrade on futex 2019-10-22 21:05:55 -04:00
Shelby Pace e8469dca93 Land #11025, add Xorg SUID Modulepath Privesc 2019-10-22 14:11:00 -05:00
Shelby Pace f4a54df262 change location of rescue, method name 2019-10-22 09:31:43 -05:00
Brendan Coles 39db3be145 Update tested versions 2019-10-22 06:35:57 +00:00
Shelby Pace 1fd09b6a81 add solaris targets and Metasm usage 2019-10-21 16:13:10 -05:00
William Vu 3565b0efb8 Land #12365, Total.js CMS widget creation RCE 2019-10-21 15:22:09 -05:00
Quentin Kaiser d76ea0ca59 Initial module version for Nostromo RCE (CVE-2019-16278). 2019-10-21 18:11:44 +02:00
Brendan Coles 84430c2a66 Add Solaris xscreensaver log Privilege Escalation module 2019-10-21 06:14:50 +00:00
RAMELLA Sébastien 25f60b07ed compliance for the framework 2019-10-18 15:51:58 +04:00