adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

18316 Commits

Author SHA1 Message Date
Jack Heysel b256a521c8 Changed payload to POST 2022-10-12 19:16:29 -05:00
Jack Heysel 3c27c8e5aa Condensed payload, changed base64 encoding to hex 2022-10-12 19:12:35 -05:00
Jack Heysel e4eac96b4b Add Module for pfSense pfBlockerNG unauth RCE as root 2022-10-12 19:12:22 -05:00
Grant Willcox f92d913f0c Land #17116, Adding CVE-2022-22947 Spring Cloud Gateway RCE Exploit 2022-10-12 11:53:47 -05:00
Grant Willcox 487a26ee0f Add in some missing info to examples, set default port, and update IOCs to note we include some IOCs in the logs 2022-10-12 11:19:47 -05:00
Ayantaker e75438d0b2 Documentation fix and minor fixes 
Fixed the documentation according to msftidy's suggestion and removed a few unessary parts of code
 2022-10-11 18:17:52 -04:00
Grant Willcox 45aa09411e First round of edits from review 2022-10-11 15:46:04 -05:00
h00die 4950124ea0 use more Post::File functions 2022-10-08 09:50:25 -04:00
h00die a3eee73efb review comments 2022-10-08 09:16:57 -04:00
Ayan Saha f67a7f395f Modified unix_cmd payload as per suggestion 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-10-08 02:26:11 +05:30
Ayan Saha ec57260c66 Adding suggested code 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-10-08 02:25:35 +05:30
bwatters ef0ca2edbb Land #17057, Msf::Post::Windows::ExtAPI: Remove load_extapi method 
Merge branch 'land-17057' into upstream-master
 2022-10-07 15:54:52 -05:00
Ayantaker 32db330ff6 Fixing the rubocop issue 2022-10-07 11:08:01 -04:00
JustAnda7 36f4c702b3 Fixed #16674 2022-10-07 01:59:52 -04:00
Ayantaker 910ee931c2 Fixing the description of the module 2022-10-06 15:55:32 -04:00
Ayantaker c8cd6a7864 Adding CVE-2022-22947 Spring Cloud Gateway RCE Exploit 
CVE-2022-22947 exploits Spring Cloud Gateway. The module has been tested with Spring Cloud gateway version 3.1.0 on Linux kali 5.18.0-kali5-amd64
 2022-10-06 15:48:36 -04:00
Ron Bowes 48dd4693df Add docs for CVE-2022-41352 (zimbra cpio), and fix some text 2022-10-06 10:46:48 -07:00
Ron Bowes 08c29f7f28 Add exploit for CVE-2022-41352 (zimbra cpio) 2022-10-06 10:23:53 -07:00
h00die 525d2ff4ea check files exist before suid checking them 2022-10-05 19:59:20 -04:00
h00die 6db9ee743e check files exist before suid checking them 2022-10-05 19:43:07 -04:00
adfoster-r7 46910b9390 Land #17105, set keep_cookies value to boolean true instead of string true 2022-10-05 11:37:37 +01:00
Jack Heysel 0145264046 Land #17093, add Enlightenment priv esc module 
This PR adds a local priv esc for Enlightenment on Ubuntu
which exploit a simple cmd injection
 2022-10-04 14:09:18 -04:00
space-r7 63af4e3702 Land #17067, add remote mouse rce 2022-10-04 11:40:33 -05:00
h00die 06aefb630a string true to bool true 2022-10-03 19:50:04 -04:00
h00die b7073df1e0 review comments 2022-10-03 16:53:14 -04:00
h00die 68b2aec6fb review comments 2022-10-03 15:25:53 -04:00
h00die fffc080286 use vars_form_data 2022-10-03 14:43:12 -04:00
krastanoel bd15798be7 support windows platform 2022-10-03 19:57:09 +07:00
h00die c6e18ee469 cve-2022-1329 2022-10-02 15:59:58 -04:00
h00die de184226f6 repeatable sessions 2022-10-01 11:30:21 -04:00
h00die e78babea90 cve-2022-37706 2022-10-01 11:24:29 -04:00
krastanoel e3fc3544cd still could not yet support windows 2022-10-01 17:44:44 +07:00
krastanoel 15c956c2d6 Update module 
- add command stagers logic
- set default uripath
 2022-10-01 16:19:43 +07:00
krastanoel 046bb356fb adjust uripath 2022-10-01 15:17:28 +07:00
bcoles 5f92d9418d Modules: Fix Stability/SideEffects/Reliability notes for several modules 2022-10-01 17:54:59 +10:00
krastanoel 2331f21f9e Update module 
- adjust create, migrate and delete repository with the common lib
 2022-10-01 01:16:18 +07:00
krastanoel 953221d518 Handle datastore username empty string 2022-09-30 22:23:40 +07:00
krastanoel 381bdbae7f Update module 
- adjust check method using common lib
- handle autocheck false
 2022-09-30 22:14:45 +07:00
bwatters 89ef91c9cd Update ranking for nft_set_elem_init 2022-09-30 09:57:54 -05:00
krastanoel 7e46ba4575 use fail with instead checkcode 2022-09-30 16:50:34 +07:00
krastanoel e1284ea17d handle get_csrf check caller separately 2022-09-30 16:45:49 +07:00
h00die 1215bf7784 cve 2022-09-29 16:35:09 -04:00
h00die a31e3ea96b remote mouse comments 2022-09-29 16:21:59 -04:00
adfoster-r7 5d345e6689 Merge branch 'upstream-master' into feature-kerberos-authentication 2022-09-29 16:42:58 +01:00
bwatters 76c6632305 Land #16673, qdPM 9.1 - Authenticated Remote Code Execution (CVE-2020-7246) 
Merge branch 'land-16673' into upstream-master
 2022-09-29 09:46:27 -05:00
Jack Heysel 379f303ea8 Land #17061, Mobile Mouse Server RCE 
This PR includes a module that uses default
configuration in Unified Remote to spawn a
run prompt and return a shell.
 2022-09-28 10:48:41 -04:00
bwatters e27dbd2787 Land #16794,Add exploit for CVE-2022-34918 
Merge branch 'land-16794' into upstream-master
 2022-09-27 16:37:52 -05:00
h00die a070cd3a76 remote mouse comments 2022-09-27 16:52:42 -04:00
h00die 391a27b08c remote mouse rce 2022-09-27 16:37:42 -04:00
h00die 547ab00a0e review comments 2022-09-27 14:51:03 -04:00