adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

18316 Commits

Author SHA1 Message Date
usiegl00 0259e586a9 Update smb_shadow module and rename MitmDispatcher 
The MitmDispatcher is now the ShadowMitmDispatcher to help prevent name
confusion. Updated the ShadowMitmDispatcher to use native rex lib calls
to decode binary fields.
 2022-01-28 08:39:07 +09:00
Dhiraj Mishra ad190fe80f Spaces at EOL 2022-01-27 12:51:36 +04:00
Dhiraj Mishra 4828bc58e6 Spaces at EOL and Date 2022-01-27 12:43:41 +04:00
Dhiraj Mishra dbca5eeb07 Some linting 2022-01-27 12:32:33 +04:00
Dhiraj Mishra 4c0340b26c cve_2021_4034_pwnkit_lpe_pkexec 2022-01-26 23:05:36 +04:00
agalway-r7 0e0834302d Land #16099, cleans up smb_relay module via rubocop 2022-01-26 10:28:52 +00:00
adfoster-r7 a17dfcc849 Rubocop smb relay module 2022-01-26 00:47:19 +00:00
Grant Willcox 44f040ad78 Land #16056, Exploit Module for Grandstream UCM62xx IP PBX (CVE-2020-5722) 2022-01-24 21:03:46 -06:00
Grant Willcox 15751a0f78 Minor langauge fix and final typo 2022-01-24 21:01:34 -06:00
Jake Baines 04d06a2df1 Switched to proper fail_with calls in exploit failure 2022-01-24 04:13:43 -08:00
Jake Baines 2c989ec714 Addressed multiple review comments (spelling, doc details, randomization, etc) 2022-01-22 14:09:58 -08:00
Spencer McIntyre 458d584f83 Add details to check codes and PR feedback 2022-01-21 09:40:23 -05:00
usiegl00 5cc716fa0d Add MitmDispatcher to the smb_shadow module 
The MitmDispatcher reduces code repetition and enables the use of
standard RubySMB syntax. I have noticed increased power draw when using
the new dispatcher compared to the previous (less stateful) approach.
 2022-01-21 14:57:07 +09:00
Spencer McIntyre 579627f5c7 Update docs, note OS X support 2022-01-20 10:47:11 -05:00
Spencer McIntyre ba469a4b2c Add version detection to the Unifi exploit 2022-01-20 09:26:48 -05:00
Spencer McIntyre 3d80a46e67 Check the HTTP response from the trigger 2022-01-19 17:51:31 -05:00
Spencer McIntyre ef344d9d12 Add the Unifi Log4Shell RCE exploit 2022-01-19 17:51:31 -05:00
bwatters 4cf3ae352c Land #16050, Log4Shell: vCenter RCE 
Merge branch 'land-16050' into upstream-master
 2022-01-19 16:30:33 -06:00
Grant Willcox 8bb3e39fd7 Land #16036, Add Grandstream GXV3175 'settimezone' Unauthenticated Command Execution 2022-01-19 10:58:42 -06:00
Brendan Coles ee2feb1207 Add Grandstream GXV3175 'settimezone' Unauthenticated Command Execution 2022-01-19 00:04:15 +00:00
Grant Willcox 8852eaa6b8 Land #16049 - Reference Fixes 2022-01-18 13:46:25 -06:00
Jake Baines 4ebb702405 Added an exploit for Grandstream UCM62xx IP PBX (CVE-2020-5722) 2022-01-15 12:46:56 -08:00
Spencer McIntyre 96a5d656bd Final cleanups and reference updates 2022-01-14 08:41:37 -05:00
Spencer McIntyre 3f04b80d8b Add vCenter Log4Shell docs 2022-01-13 14:50:28 -05:00
Pedro Ribeiro 053fbe2a28 fix cisco advisory links 2022-01-13 18:55:39 +00:00
Pedro Ribeiro ea00da0a03 fix NUUO advisory links 2022-01-13 18:54:56 +00:00
Pedro Ribeiro 09d6b1388c fix kaseya links 2022-01-13 18:47:11 +00:00
Spencer McIntyre d5c83b41f9 Cleanup the vCenter Log4Shell exploit 2022-01-13 11:57:00 -05:00
Spencer McIntyre 7b1398f0ae Allow overriding check module datastore options 2022-01-13 11:51:39 -05:00
Spencer McIntyre 62a814fa59 Refactor Log4shell exploit code into reusable bits 2022-01-13 09:45:02 -05:00
Spencer McIntyre e093154865 Refactor the BeanFactory gadget code 2022-01-12 16:58:31 -05:00
Spencer McIntyre e873907d13 Initial vCenter exploit via Log4Shell 2022-01-12 15:34:45 -05:00
space-r7 435e79aaef Land #16041, add SonicWALL cmd injection 2022-01-12 13:23:57 -06:00
space-r7 199eae5e99 Land #16012, add pi-hole aux module and lib 2022-01-12 09:21:11 -06:00
Spencer McIntyre 877bab6f2a Land #15969, Log4j2 HTTP Header Injection Exploit 2022-01-11 16:52:08 -05:00
Spencer McIntyre 7b64383040 Preemptively tweak references to ysoserial 2022-01-11 16:25:21 -05:00
Jake Baines 264f2bc03f Added the AttackerKB analysis 2022-01-11 03:17:45 -08:00
Jake Baines b0941f746f Added link to R7 blog 2022-01-10 13:24:33 -08:00
Jake Baines d4ee9a0183 Initial commit of CVE-2021-20039 exploit 2022-01-10 12:43:50 -08:00
lap1nou cb616b94c7 Removed some useless parameter + fixed a few bugs 2022-01-09 13:08:25 -08:00
RageLtMan 6a7c81e1ba Update authors 2022-01-08 21:56:15 -05:00
h00die 43549488fe peer review comments 2022-01-08 15:26:47 -05:00
lap1nou 53c2400be9 Added cleaning procedure + fixed few mistakes/error mesage, removed unused docs 2022-01-08 10:56:31 -08:00
lap1nou ccc90b0330 Linted doc+module, added support for 6.x version, aded support for TLS and item RCE, improved payload management 2022-01-07 17:40:15 -08:00
Spencer McIntyre 3f15c9ecc1 Writeup the module docs 2022-01-07 17:30:39 -05:00
Spencer McIntyre 9b03d0272a Add check and auto-HTTP_HEADER capabilities 2022-01-07 17:30:39 -05:00
Spencer McIntyre 6198d9653d Remove the REMOTE_LOAD datastore option 
The necessary value can be inferred by the target and it's payload
compatibility so just set it intelligently.
 2022-01-07 17:30:39 -05:00
Spencer McIntyre f56f328c8d Use an enum for the YSoSerial payload option 2022-01-07 17:30:39 -05:00
Spencer McIntyre 3cb70c01bf Cleanup typos, make module aggressive 2022-01-07 17:30:39 -05:00
Christophe De La Fuente a458961631 Move the cleanup instance variables to the begining of #exploit 2022-01-07 20:34:58 +01:00