adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

18316 Commits

Author SHA1 Message Date
c0rs 03441a72c6 RuboCop Fixes for module Veritas Backup Exec Agent Remote Code Execution 2022-09-13 18:27:21 +03:00
c0rs efbe06f944 Add module Veritas Backup Exec Agent Remote Code Execution 2022-09-13 18:18:52 +03:00
jheysel-r7 8a6c2dc896 Update modules/exploits/linux/http/panos_op_cmd_exec.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-09-12 17:35:25 -04:00
jheysel-r7 92068e3c02 Update modules/exploits/linux/http/panos_op_cmd_exec.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-09-12 17:34:57 -04:00
jrude 70ccbd8079 inform user about IOC 2022-09-12 09:30:50 +02:00
h00die 803fff9003 wifi remote remove unused code 2022-09-09 06:06:52 -04:00
h00die 66bbe98f5f wifi remote with better cmd stagers 2022-09-09 05:57:36 -04:00
h00die ae91cfa9c5 unified_remote exploit 2022-09-08 17:09:31 -04:00
bwatters 2af5b22272 Land #16983, firefox_xpi_bootstrapped_addon: Add notes, description, references, docs 
Merge branch 'alnd-16983' into upstream-master
 2022-09-08 08:23:32 -05:00
Jan Rude 90447d1832 Update syncovery_linux_rce_2022_36534.rb 2022-09-07 20:28:10 +02:00
Jan Rude 257d503525 Update syncovery_linux_rce_2022_36534.rb 2022-09-07 20:21:20 +02:00
Jan Rude 868f3d940c use vars_get 2022-09-07 20:16:40 +02:00
space-r7 a11569fc53 Land #16944, add Apach Spark RCE 2022-09-07 13:02:27 -05:00
space-r7 65906bbb87 add curl cmd stager flavor 2022-09-07 12:45:13 -05:00
space-r7 1a9e33265a fix typos 2022-09-07 11:27:56 -05:00
Jan Rude 0fb289aa7b Update syncovery_linux_rce_2022_36534.rb 2022-09-07 16:31:54 +02:00
jrude 01556b22d5 Syncovery For Linux - Auth. RCE (CVE-2022-36534) 2022-09-07 13:34:48 +02:00
h00die-gr3y 6c1f7c2d8c removed unnecessary code 2022-09-07 09:40:11 +00:00
h00die c7b8ec7511 unified_remote exploit 2022-09-06 21:44:59 -04:00
h00die-gr3y 797e450f4a updated timer code 2022-09-06 19:08:27 +00:00
h00die 3f7e0667f6 wifi mouse rce 2022-09-05 08:16:49 -04:00
bcoles a7d2145e8d firefox_xpi_bootstrapped_addon: Add notes, description, references, docs 2022-09-05 02:23:37 +10:00
H00die.Gr3y 19a396304d Update modules/exploits/linux/http/apache_spark_rce_cve_2022_33891.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-09-03 20:28:49 +04:00
Christophe De La Fuente 8ba621a291 Land #16923, Cisco ASA-X with FirePOWER Services Authenticated Command Injection (CVE-2022-20828) 2022-09-02 18:37:37 +02:00
Jake Baines 320bd944f0 Updated default creds. Properly used fail_with. Set meterpreter to fork. Some wording and code cleanup. 2022-09-02 08:44:04 -07:00
space-r7 fb28f81700 Land #16750, update jenkins_script_console 2022-08-31 16:59:33 -05:00
Spencer McIntyre 6965115c8e Land #16786, Zyxel Firewall LPE (CVE-2022-30526) 2022-08-31 08:40:23 -04:00
h00die-gr3y d38494498a added linux dropper and code review suggestions 2022-08-27 17:45:47 +00:00
H00die.Gr3y b8a514bb55 Update modules/exploits/linux/http/apache_spark_rce_cve_2022_33891.rb 
Co-authored-by: bcoles <bcoles@gmail.com>
 2022-08-27 11:08:32 +04:00
H00die.Gr3y 3164967e07 Update modules/exploits/linux/http/apache_spark_rce_cve_2022_33891.rb 
Co-authored-by: bcoles <bcoles@gmail.com>
 2022-08-27 10:39:43 +04:00
h00die-gr3y 21c4e3ce3d commit module and documentation 2022-08-26 15:05:39 +00:00
Grant Willcox 6a71daac44 Land #16918, End the session when an HTTP/200 is received 2022-08-25 16:55:54 -05:00
Spencer McIntyre ae5a9bd41b Land #16734, Add rtf support to cve-2022-30190 
Add rtf support to cve-2022-30190 AKA Follina
 2022-08-25 17:26:46 -04:00
Spencer McIntyre 68eae1664e Tweak the follina docs 2022-08-25 17:10:59 -04:00
bwatters 683132242c fix up the uri_space maths 2022-08-25 16:08:26 -05:00
Spencer McIntyre 324fb69735 Resolve rubocop issues 2022-08-25 14:41:30 -04:00
Spencer McIntyre 8a79128ac4 Switch to using Rex::RandomIdentifier 2022-08-25 14:37:37 -04:00
Spencer McIntyre 2e8e15e338 Fail back to the old method using error handling 
Tested successfully on docker image tags:
  * Jenkins 1.565  (pushed 2015-11-14)
  * Jenkins 2.60.3 (pushed 2018-07-17)
Tested unsuccessfully on docker image tags:
  * Jenkins 2.346.3 (pushed 2022-08-10)
    Issue is that login is broken because the URI changed from
    j_acegi_security_check to j_spring_security_check.
 2022-08-25 14:06:47 -04:00
h00die-gr3y 14aad14b57 rubocop fix update 2022-08-25 17:54:53 +00:00
Ron Bowes abd392c372 Add in changes from review 2022-08-23 11:44:03 -05:00
Ron Bowes 97f8ec9367 Documentation, output cleanup 2022-08-23 11:43:51 -05:00
Ron Bowes 24460efb77 Iniital import of working exploit 2022-08-23 11:43:51 -05:00
Christophe De La Fuente 847cd97927 Land #16925, Fix a payload bug in unrar_cve_2022_30333 2022-08-23 12:59:37 +02:00
Ron Bowes 13d8c41f98 Clean up and better documentation 2022-08-22 11:46:50 -07:00
Ron Bowes c7ba5dde00 Append a newline and NUL byte to the payload, to make sure shellscripts (and other scripts) parse properly 2022-08-22 11:03:07 -07:00
Ron Bowes 82bf8b5a22 Add a setting for a custom payload, and encode default payloads as executables 2022-08-22 10:09:53 -07:00
Spencer McIntyre 07fdc1f1ec Land #16907, ms10_092_schelevator: Cleanup 2022-08-22 11:53:02 -04:00
Ron Bowes f90b6464ad Remove the Payload section from linux/fileformat/unrar_cve_2022_30333 2022-08-19 14:23:51 -07:00
Jake Baines b4fe31757d Added module for CVE-2022-20828 2022-08-19 12:29:37 -07:00
Grant Willcox 97bce45e69 Land #16915, Add exploit for CVE-2022-23277 (Exchange RCE) 2022-08-19 11:11:46 -05:00