adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

18316 Commits

Author SHA1 Message Date
Spencer McIntyre 8ea8e2410d Land #17299, Fixes #17227 
Fixes #17227 - polkit_dbus_auth_bypass module when run from a command…
 2022-11-28 16:22:52 -05:00
bwatters 3462dc6bf4 Land #17087, remote control collection rce 
Merge branch 'land-17087' into upstream-master
 2022-11-28 14:29:52 -06:00
Spencer McIntyre 264d45e04a Appease rubocop 2022-11-28 10:16:55 -05:00
Spencer McIntyre f24df8a051 Change an exception class and drop DOMAIN passing 2022-11-28 10:06:14 -05:00
Heyder Andrade ff63f0aa32 Added reference 2022-11-28 14:11:07 +01:00
Ashley Donaldson 25a0d0ff0e Fixes #17227 - polkit_dbus_auth_bypass module when run from a command shell 2022-11-25 15:13:57 +11:00
ErikWynter 78dfaa12ef add opentsdb_yrange_cmd_injection module and docs 2022-11-24 21:37:24 +02:00
Spencer McIntyre 6350daf2d8 Land #17273, F5 exploit module CVE-2022-41800 
F5 exploit module CVE-2022-41800 (authenticated RCE in RPM code)
 2022-11-23 17:57:18 -05:00
Ron Bowes b7cf112d42 Fix an issue where the session handler would close too early on Zimbra modules 2022-11-23 13:09:47 -08:00
Ron Bowes ffbf8b303a Change a 'return 0' to 'fail_with', per Christophe's request 2022-11-23 12:51:51 -08:00
Ron Bowes 28a68ede8c Merge branch 'master' into zimbra-fixes 2022-11-23 12:50:56 -08:00
Ron Bowes cbb50ed902 Remove non-functioning Arch'es 2022-11-23 10:42:07 -08:00
Spencer McIntyre 3f58bfe11e Check that the target is Exchange Server 2019 2022-11-23 10:47:10 -05:00
Heyder Andrade 27f8f4fc47 Cleanup 2022-11-23 01:55:06 +01:00
Heyder Andrade 7880530989 The check method should report when finding a vulnerable product. 
I think all exploit modules should "report" in the check method when finding a vulnerable
product. By doing that we can take advantage of all check methods in the exploit module
and use them as a "scanner". That would give the chance for the user to check multiple
simultaneously targets and save the result for further actions.
 2022-11-23 01:29:38 +01:00
Heyder Andrade 0e5f8d49f9 Code cleanup and payload generation improvements 2022-11-23 00:29:10 +01:00
Heyder Andrade 7983c14166 Removed a bunch of hard-coded stuff and cleaned out fake smart server 2022-11-22 12:07:55 +01:00
h00die 7227bec259 set autocheck false 2022-11-21 15:53:37 -05:00
bwatters 8c9e2c9fc7 Add check method, update hosting IP/port 2022-11-21 15:53:37 -05:00
h00die d141efcbfe screen effects 2022-11-21 15:53:37 -05:00
h00die 181b8e4eea review comments 2022-11-21 15:53:37 -05:00
h00die d4536b24a6 remote control collection rce 2022-11-21 15:53:37 -05:00
Spencer McIntyre ed99f2f67f Bypass EEMS M1 2022-11-21 11:13:16 -05:00
h00die 6877304bac exploit for cve-2021-22015 vcenter priv esc 2022-11-20 11:29:49 -05:00
Heyder Andrade 3d73f574d4 Impreve error handling 2022-11-20 12:10:04 +01:00
Heyder Andrade c9eaa9af37 Added module for #CVE-2022-2992 2022-11-19 15:21:31 +01:00
Grant Willcox 8ca7550062 Land #17257, Adding exploit for ChurchInfo 1.2.13-1.3.0 RCE (CVE-2021-43258) 2022-11-18 19:27:10 -06:00
Grant Willcox 237eb904d4 Add in fixes for documentation examples and then update the code to fix some bugs 2022-11-18 18:30:07 -06:00
Grant Willcox 85a6770973 Add additional checks, a check method, and fix up some doc errors 2022-11-18 18:22:06 -06:00
m4lwhere b9ecdb3bc2 Use TARGETURI, registered cleanup, implment cookie_jar, and perform response checks and documentation 2022-11-18 18:21:27 -06:00
m4lwhere a33a313544 Adding exploit for ChurchInfo 1.3.0 2022-11-18 18:21:08 -06:00
space-r7 3d5708e3e6 Land #17271, add f5 big-ip csrf exploit 2022-11-18 16:19:09 -06:00
space-r7 8b30ff3dce remove CmdStager inclusion 2022-11-18 16:18:25 -06:00
Spencer McIntyre 29d57dde66 Consolidate into ProxyMaybeShell 2022-11-18 17:01:01 -05:00
Spencer McIntyre fc7594dbc8 Add exploit for CVE-2022-41082 AKA ProxyNotShell 2022-11-18 17:00:27 -05:00
space-r7 162b0daf3b add new options and usage of pre-compiled exploit 
also updates documentation with new option
descriptions
 2022-11-17 17:20:41 -06:00
space-r7 ea486169b4 use erb template for objective-c code 2022-11-17 11:55:19 -06:00
Shelby Pace f8dff82a78 Update modules/exploits/osx/local/acronis_trueimage_xpc_privesc.rb 
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2022-11-17 10:29:49 -06:00
Christophe De La Fuente d1a7170020 Land #17021, Gitea Git fetch RCE module - CVE-2022-30781 2022-11-17 12:28:29 +01:00
Christophe De La Fuente 11541a5774 Add comment for details about the string substitutions on Windows 2022-11-17 12:25:52 +01:00
Ron Bowes 93cba95170 Add URLs 2022-11-16 12:23:47 -08:00
Ron Bowes 7ebf84c66b Add URLs 2022-11-16 12:20:37 -08:00
Ron Bowes 20e6c1b55e Add URLs 2022-11-16 12:19:16 -08:00
Ron Bowes fc579fe3f4 Add a privesc module for F5, using the MCP protocol 2022-11-16 12:12:16 -08:00
Ron Bowes d0e109b842 Check in exploit module for CVE-2022-41800 2022-11-16 12:04:18 -08:00
Ron Bowes 99e661cfcf Check in exploit script for CVE-2022-41622 (CSRF into SOAP) 2022-11-16 11:58:15 -08:00
space-r7 486e469682 add new reference 2022-11-16 10:32:08 -06:00
space-r7 383e121f20 add FileDropper usage and module description 2022-11-15 12:37:39 -06:00
krastanoel 1ddc137f1a Update module 
- adjust execute_command method and add logic for :win_dropper target
- move cmdstager uripath setting into target case statement
- add more cmdstagerflavour for :linux_dropper target
- fix lint msftidy
 2022-11-15 22:30:45 +07:00
krastanoel cbca2a5604 Update modules/exploits/multi/http/gitea_git_fetch_rce.rb 
apply suggestion

Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-11-15 22:17:59 +07:00