adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

18316 Commits

Author SHA1 Message Date
Jack Heysel e625e2e474 Land #17652, module for pyload js2py exploit 
This adds an exploit for CVE-2023-0297 which is unauthenticated
Javascript injection in pyLoads Click N Load service.
 2023-02-21 16:27:04 -05:00
sfewer-r7 963b9a9952 Merge remote-tracking branch 'origin/CVE-2022-21587' into CVE-2022-21587 2023-02-21 18:02:10 +00:00
sfewer-r7 3854c30a11 more specific testing of the response after upload to ensure it contains the expected EBS response data. infer the relative path traversal depth from the path to the upload folder, thanks @gwillcox-r7 2023-02-21 18:00:17 +00:00
JBince 75fb5e883d Exploit update based on feedback 2023-02-19 09:16:56 -06:00
Grant Willcox c713da368d Add in a few fixes from the review 2023-02-17 14:52:57 -06:00
space-r7 871c9c57f3 add logic to retrieve email address 2023-02-17 14:13:29 -06:00
JBince ce9933fc4c Feedback changes + rubocop & msftidy changes 2023-02-17 08:16:49 -06:00
sfewer-r7 73e82274dd changes as per @gwillcox-r7 review 2023-02-17 13:10:53 +00:00
space-r7 197124dd76 add Git usage, repository creation 2023-02-16 17:38:02 -06:00
JBince a3a6ae9c4a feedback fixes 2023-02-16 14:33:03 -06:00
Jack Heysel 44c393e2f1 Fixed netcat session cleanup 2023-02-16 13:14:24 -05:00
Jack Heysel 1c49b002d2 Changed get_csrf to use xpath 2023-02-16 10:47:04 -05:00
Jack Heysel 00d1637f3d Changed check method to use xpath 2023-02-16 10:33:15 -05:00
Spencer McIntyre ecd5ad29a7 Add module docs 2023-02-15 16:29:42 -05:00
Arnout Engelen 5d8b1dc4a6 Link Hadoop YARN exploit to documentation 
This exploit scans for misconfigured installations, link to the documentation
that describes how to properly secure it.
 2023-02-15 21:17:26 +01:00
Spencer McIntyre 557042c91c Initial exploit is working 2023-02-15 14:18:25 -05:00
Spencer McIntyre ac9d60ce9e Land #17281, Added module for CVE-2022-2992 
Added module for CVE-2022-2992 - Gitlab Remote Command Execution via Github import
 2023-02-14 16:57:29 -05:00
space-r7 78ae5f49ce add gitlab prefix back to methods 2023-02-14 15:26:01 -06:00
space-r7 304b90ecc8 split mixins between forms and v4 api used 2023-02-14 12:37:43 -06:00
Jack Heysel 8aed02de3d Linting 2023-02-14 10:39:47 -05:00
Jack Heysel ff159c8760 Updated TODO 2023-02-13 20:24:32 -05:00
Jack Heysel ca0b1ffe05 Documentation fixes 2023-02-13 19:56:23 -05:00
Jack Heysel 2e195b2742 Initial commit Froxlor RCE 2023-02-13 19:39:18 -05:00
Grant Willcox d012145726 Land #17599, Cisco RV LAN Exploit - CVE-2022-20705 and CVE-2022-20707 2023-02-13 17:50:06 -06:00
Stephen Wildow 96fecb6048 Modified BadChars and FailWith codes 2023-02-13 17:49:09 -05:00
JBince 9c3cfd8bdb Added documentation, cleaned up functions, rubocop fixes 2023-02-13 15:19:45 -06:00
Grant Willcox 45e453d687 Fix up remaining review comments 2023-02-13 15:07:25 -06:00
Spencer McIntyre c3fa924cfa Remove the NGROK_URL option 2023-02-13 14:31:44 -05:00
Spencer McIntyre 210b7a3254 Use #get_json_document instead of JSON.parse 
Also fix typos
 2023-02-13 14:00:13 -05:00
space-r7 d6419ee4fb add check method, login, main logic 2023-02-13 11:31:06 -06:00
JBince 2a386981bd Updated Module & Payloads + Rubocop Fixes 2023-02-13 09:03:57 -06:00
JBince f4c5e34a1b Added improved functionality on both Windows and Unix installs 2023-02-12 14:42:22 -06:00
JBince fcfc39296f Added improved functionality on both Windows and Unix installs 2023-02-12 14:39:11 -06:00
Stephen Wildow 79b1801a4f Rewrote check method to only abuse authentication bypass. Added additional status checks. 2023-02-11 17:43:33 -05:00
JBince d5b7ad30a1 Created module 2023-02-10 17:01:57 -06:00
sfewer-r7 a3f4dceb5b clean up the check method; avoid using print_message in favor of the CheckCode reason. and use a CheckCode of Safe rather than Unknown if we dont find the expected version string. Thanks @bcoles for the review on this. 2023-02-10 13:03:23 +00:00
sfewer-r7 dc8ee988f5 use Rex::Version in the check method for better version comparisons 2023-02-10 10:45:32 +00:00
sfewer-r7 a19bdde276 pass the 'bne:uueupload' param via the vars_get option 2023-02-10 10:44:21 +00:00
sfewer-r7 54c472ef18 fix typo in the description 2023-02-10 10:43:36 +00:00
Stephen Wildow 036ed7f467 Removed /etc/password. Modified check code and fail_with. Added proper checking for non-vulnerable versions of firmware. 2023-02-09 21:55:40 -05:00
Frycos e963582e18 Update fortra_goanywhere_rce_cve_2023_0669.rb 
Name typo
 2023-02-09 23:06:59 +01:00
Grant Willcox f2a86327d0 Minor fixes from review 2023-02-09 15:34:25 -06:00
Grant Willcox aa9b3df6b3 Land #17625, Add credit for CVE-2023-0669; fix path in docs 2023-02-09 14:02:52 -06:00
Spencer McIntyre c7279e9a0a Add credit for CVE-2023-0669; fix path in docs 2023-02-09 13:02:40 -05:00
Grant Willcox 43b4ee268c Land #17592, Fix bypassuac_injection_winsxs for x64 2023-02-09 11:41:51 -06:00
sfewer-r7 d4be663923 add the side effect flag ARTIFACTS_ON_DISK as during extraction of the UUE encoded zip file, some randomly names temp files are left in /u01/install/APPS/fs1/EBSapps/appl/bne/12.0.0/upload 2023-02-09 17:28:15 +00:00
sfewer-r7 86f11b09fb avoid the upto loop when creating jsp_path 2023-02-09 17:18:58 +00:00
Spencer McIntyre e6f4e96544 Close hFindFile 2023-02-09 11:43:20 -05:00
sfewer-r7 406574722a satisfy Rubocop 2023-02-09 16:30:30 +00:00
sfewer-r7 b97a288102 add an exploit module for CVE-2022-21587 (Oracle E-Business Suite RCE) 2023-02-09 16:22:30 +00:00