adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

18316 Commits

Author SHA1 Message Date
bcoles 666a3efcfd ms10_092_schelevator: Cleanup 2022-08-19 15:19:28 +10:00
Jack Heysel 6c09cc8c9d Responded to PR comments 2022-08-18 16:20:03 -04:00
jheysel-r7 c4abda67c1 Update modules/exploits/linux/http/panos_auth_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-08-18 16:15:21 -04:00
jheysel-r7 1f6c52923b Update modules/exploits/linux/http/panos_auth_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-08-18 15:19:14 -04:00
jheysel-r7 4f95df6ee6 Update modules/exploits/linux/http/panos_auth_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-08-18 15:19:04 -04:00
Christophe De La Fuente d49b74d164 Land #16809, Add exploit module for Advantech iView command injection - CVE-2022-2143 2022-08-18 17:19:14 +02:00
Jack Heysel f01f4c08a4 Randomize payload + rubocop 2022-08-17 17:43:16 -04:00
Spencer McIntyre 7c1dd17c86 Add a missing verison, fix typos 2022-08-17 17:36:31 -04:00
Jack Heysel 75efe1528c Added check method, reponded to PR comments 2022-08-17 17:24:03 -04:00
bwatters 115955591b Fix up the Unicode coversions and update docs 2022-08-17 13:21:56 -05:00
jheysel-r7 2c3778e938 Update modules/exploits/linux/http/panos_auth_rce.rb 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2022-08-17 14:03:05 -04:00
jheysel-r7 470ceda467 Update modules/exploits/linux/http/panos_auth_rce.rb 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2022-08-17 14:02:39 -04:00
jheysel-r7 aacf676cd1 Update modules/exploits/linux/http/panos_auth_rce.rb 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2022-08-17 13:32:14 -04:00
Ron Bowes 5fd211acd6 End the session when an HTTP/200 is received 2022-08-17 10:19:36 -07:00
Spencer McIntyre 62ab42b797 Update vulnerable version numbers and docs 2022-08-17 08:55:46 -04:00
Jack Heysel 57109f2966 Add PAN-OS auth command injection module 2022-08-16 09:44:05 -04:00
Redouane NIBOUCHA b0d5a6bec4 Rubocop fix 2022-08-11 13:22:51 +02:00
Redouane NIBOUCHA e612f02ecb Add MAX_TRIES option, address the feedback of bwatters-r7 2022-08-11 13:21:14 +02:00
space-r7 7f02daac5b change default password 2022-08-09 16:12:54 -05:00
Jack Heysel 06f0fffc20 Land #16856, Webmin package updates RCE module 
This module exploits an arbitrary command injection
in Webmin versions prior to 1.997.
 2022-08-09 16:13:19 -04:00
Spencer McIntyre 0e148d6ba4 Update and rename the module 2022-08-09 13:32:09 -04:00
Christophe De La Fuente 38b845f247 Fix from code review 
- Documentation typos
- Adding ARM64 support
 2022-08-09 15:09:25 +02:00
Spencer McIntyre 2290b04995 Update the exploit with the new gadget chain 2022-08-08 17:52:53 -04:00
Ron Bowes 5d7fb283b7 Capture the command output 2022-08-05 13:55:05 -05:00
Ron Bowes 6564ea9719 Change Vulnerable to Appears 2022-08-05 13:55:05 -05:00
Ron Bowes 2cde5f6364 Typo / compile error 2022-08-05 13:55:05 -05:00
Ron Bowes caff6a53f5 Add a CVE and better description 2022-08-05 13:55:05 -05:00
Ron Bowes ea581482d4 Remove the commented-out CVE, it's making lint sad 2022-08-05 13:55:05 -05:00
Ron Bowes 6e8d04ddc9 Add a note that IOCs show up in logs 2022-08-05 13:55:05 -05:00
Ron Bowes cc27f563ec Small cleanup 2022-08-05 13:55:05 -05:00
Ron Bowes 5e1888ee46 Cleanups 2022-08-05 13:55:05 -05:00
Ron Bowes 0fd61e859d Make lint happy 2022-08-05 13:55:05 -05:00
Ron Bowes bba4a23f65 Add zimbra_slapper_priv_esc module (privilege escalation in Zimbra, currently 0-day) 2022-08-05 13:55:05 -05:00
space-r7 0334beada2 Land #16758, add ManageEngine ADAudit Plus exploit 2022-08-05 12:19:42 -05:00
space-r7 4202502992 make some prints vprints, add steps 2022-08-05 11:34:46 -05:00
Ron Bowes 7c21c57564 Merge branch 'master' into manageengine-adauditplus-cve-2022-28219 2022-08-04 14:07:50 -07:00
Ron Bowes 713e476139 Remove 'puts' again 2022-08-04 12:59:11 -07:00
Ron Bowes 7844b8f5f8 Encode usernames containing spaces into 8.3 2022-08-04 12:55:08 -07:00
Ron Bowes 530174c940 Remove an errant puts 2022-08-04 12:42:14 -07:00
Ron Bowes 969c81e41c Improve the FTP reverse connection in two ways - 1-add a terminator so we know when it's done, and 2-don't fail the whole thing if we fail on one name 2022-08-04 11:13:46 -07:00
Christophe De La Fuente 9c6a198453 Land #16796, Path traversal vulnerability in RARLAB UnRAR < 6.12 with Zimbra RCE module 2022-08-04 19:44:57 +02:00
Ron Bowes d8faa4dd37 Fix a blank line that I thought I'd fixed 2022-08-04 08:24:32 -07:00
Ron Bowes 26eee72512 Only print_status once, so it doesn't make a mess in the background 2022-08-04 08:02:28 -07:00
Ron Bowes 2ec25fc3e5 Add a timeout to the reverse FTP connection 2022-08-03 15:17:02 -07:00
Ron Bowes a314423e81 Some changes requested by @cdelafuente-r7 2022-08-03 14:51:51 -07:00
bwatters 163d4d5b11 Land #16854, Add CVE-2022-31660 VMware Workspace ONE Access LPE 
Merge branch 'land-16854' into upstream-master
 2022-08-03 16:50:12 -05:00
Spencer McIntyre 0b9e1bbbb3 Fix "can not" to "cannot" 2022-08-03 17:45:06 -04:00
Christophe De La Fuente 449a7b71d5 Add module exploit and docs for the Webmin package updates RCE 2022-08-03 12:01:41 +02:00
Jack Heysel 82182f7815 Land #16852, Zoho PMP XML-RPC Unauth RCE module 
Add in exploit module for CVE-2022-35405 aka Zoho
Password Manager Pro XML-RPC Unauthenticated RCE
 2022-08-02 17:18:28 -04:00
Grant Willcox 6d45320c0c Update exploit title/name 2022-08-02 14:27:27 -05:00