adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

18316 Commits

Author SHA1 Message Date
A Galway 88e64fcfae eternalblue_win8 ported from python to ruby 2021-07-08 17:42:30 +01:00
Yann Castel 38cdad47c0 initial commit 2021-07-08 16:53:37 +02:00
Spencer McIntyre dc9c0035ab Land #15371, check if apport-cli is in $PATH 
Fixes #15370
 2021-07-08 09:28:35 -04:00
Spencer McIntyre 636b790acb Update to using the AutoCheck mixin 2021-07-08 09:03:42 -04:00
William Vu fc1a34d7b1 Improve here doc formatting 2021-07-08 01:19:21 -05:00
William Vu af986380d3 Fix CheckCode 
It's closer to CheckCode::Appears than CheckCode::Vulnerable.
 2021-07-06 22:22:27 -05:00
Spencer McIntyre a0bd903b50 Update module docs and the TARGETURI option 2021-07-06 15:52:50 -04:00
Spencer McIntyre bfc45359ff More documentation updates and address PR feedback 2021-07-06 11:27:06 -04:00
agalway-r7 410493f729 Land #15318, NSClient priv esc post module 2021-07-06 16:07:30 +01:00
Hakyac 8b0c4a1042 Update modules/exploits/windows/local/nscp_pe.rb 
Co-authored-by: agalway-r7 <agalway@rapid7.com>
 2021-07-06 11:18:56 +02:00
Yann Castel 1a057d321b rhost is working 2021-07-05 10:24:49 +02:00
bwatters 0a43ec7e4a Add module for CVE-2021-35464; pre-auth RCE in ForgeRock OpenAM server 2021-07-02 16:05:39 -05:00
Hakyac 2085c2db13 Update modules/exploits/windows/local/nscp_pe.rb 
Co-authored-by: agalway-r7 <agalway@rapid7.com>
 2021-06-30 20:28:35 +02:00
Christophe De La Fuente daa5b32393 Update from review 
- Remove `MeterpreterTryToFork` option logic
- Add `Prepend` code directly under `Payload` info
- Rebase to use the updated `PrependFork`
- Add logic to verify that shells specified in the options really exist
  on the remote host
 2021-06-30 18:13:35 +02:00
Christophe De La Fuente eca20bec92 Update from code review 
- Fix documentation typos
- Rename `MeterpreterBackground` Mettle option to `MeterpreterTryToFork`
 2021-06-30 11:02:11 +02:00
Christophe De La Fuente ccaedd6c9a Last additions and improvements 
- add binaries
- add documentation
- backup `runc` binary in the exploit C file
- add `MeterpreterBackground` options to set Mettle `background` option
- add `WsfDelay` logic
- refactor code
- add cleanup logic
- add restore `runc` binary logic
 2021-06-30 11:02:11 +02:00
Christophe De La Fuente 1b59b8c83e Rebase and fix conflicts in lib/msf/core/post/common.rb 2021-06-30 11:02:11 +02:00
Shelby Pace a2a1b91a69 Land #15341, add wpdiscuz exploit 2021-06-25 16:22:02 -05:00
Shelby Pace f24a01945c fix rubocop error 2021-06-25 15:33:45 -05:00
Alexandre ZANNI 167e33dac0 safe navigation operator on res 2021-06-25 17:09:20 +02:00
Shelby Pace 6d13f0627e formatting changes 2021-06-25 16:20:42 +02:00
Shelby Pace 1194e7d0f3 add guards, adjust formatting, add docs 2021-06-25 16:20:42 +02:00
Brendan Coles d40656b852 apport_abrt_chroot_priv_esc: check if apport-cli is in $PATH 2021-06-25 11:48:16 +00:00
Shelby Pace 3c7d96695e Land #15349, add rConfig vendors auth rce 2021-06-24 10:43:18 -05:00
Shelby Pace 9f864df5f1 use Rex::Version instead of Gem::Version 2021-06-24 10:14:17 -05:00
Shelby Pace df1faf85ff rename files, change version check, use cookie jar 2021-06-24 09:47:38 -05:00
Spencer McIntyre b85031ff6a Fallback to Python3 in sshexec when it's available 2021-06-18 13:35:23 -04:00
Yann Castel 211bf4351d adding delay option 2021-06-18 11:32:15 +02:00
Yann Castel 1d2e3212d3 using MIME + added some guards 2021-06-18 10:43:30 +02:00
Hakyac 7781d9ff1e Update modules/exploits/linux/http/rconfig_authenticated_rce.rb 
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2021-06-18 10:22:11 +02:00
Hakyac 1e7737f8b4 Update modules/exploits/linux/http/rconfig_authenticated_rce.rb 
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2021-06-18 10:17:52 +02:00
Hakyac f4bd18c5a3 Update modules/exploits/linux/http/rconfig_authenticated_rce.rb 
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2021-06-18 09:21:00 +02:00
Spencer McIntyre 397c9ef140 Land #15333, Cisco HyperFlex File Upload RCE 2021-06-17 13:40:39 -04:00
deadjakk dadc59ebbe Added changes requested by @smcintyre-r7 
- Updated default port number to match documentation
- Updated the str append to '<<'
- Fixed issue with the login scanner returning false positives
- Removed rank from login scanner
- Removed Custom Executable target in favor of EXE::CUSTOM
- Moved the X3Crypt code out of the exception block
- Added additional checks to the exploit module, the same that were made in login_scanner
- Changed the check function to produce the proper return 'CheckCode' values
 2021-06-17 12:39:17 -05:00
Jack Heysel 281fce0c94 Cisco HyperFlex File Upload RCE module 
beta draft

RCE working with linux/x64/meterpreter_reverse_tcp

rubocop

Updated title, removed newlines

Responded to comments

Rubo cop offenses

Update documentation/modules/exploit/linux/http/cisco_hyperflex_file_upload_rce.md

Co-authored-by: wvu <wvu-r7@users.noreply.github.com>

Update modules/exploits/linux/http/cisco_hyperflex_file_upload_rce.rb

Co-authored-by: wvu <wvu-r7@users.noreply.github.com>

Update modules/exploits/linux/http/cisco_hyperflex_file_upload_rce.rb

Co-authored-by: wvu <wvu-r7@users.noreply.github.com>

Update modules/exploits/linux/http/cisco_hyperflex_file_upload_rce.rb

Co-authored-by: wvu <wvu-r7@users.noreply.github.com>

Update modules/exploits/linux/http/cisco_hyperflex_file_upload_rce.rb

Co-authored-by: wvu <wvu-r7@users.noreply.github.com>

Responded to comments

Rubocop offenses

Added support for Java Dropper

Made changes to Linux Dropper

Rubocop

Improved check method, changed to default staged paylod, removed TODO

Switched to single-quoted strings
 2021-06-17 12:38:47 -04:00
Yann Castel dca4f3f471 fix download link 2021-06-17 15:19:42 +02:00
Yann Castel 0fda6b348d initial commit 2021-06-17 15:15:59 +02:00
deadjakk 3a9a16f296 Update modules/exploits/x3/x3_adxsrv_auth_bypass_cmd_exec.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2021-07-08 11:01:51 -05:00
deadjakk fa98e9a3a4 Made a number of changes according to review: https://github.com/rapid7/metasploit-framework/pull/15400 
- Renamed exploit module to x3_adxsrv_auth_bypass_cmd_exec.rb
- Changed print_bad to fail_with
- Updated Name in module to reflect the auth bypass element
- Updated the rand number generation
- Added error checking to adxdir function return value
- Changed payload variable name -> sage_payload
 2021-06-16 14:07:49 -05:00
deadjakk 5ee429fc01 Update modules/exploits/x3/x3_adxsrv_cmd.rb 
Co-authored-by: bcoles <bcoles@gmail.com>
 2021-07-07 18:54:15 -05:00
deadjakk 15a197b368 Update modules/exploits/x3/x3_adxsrv_cmd.rb 
Co-authored-by: bcoles <bcoles@gmail.com>
 2021-07-07 18:50:47 -05:00
deadjakk e40b98c5f2 added robocop -a'd files 2021-07-07 12:31:05 -05:00
deadjakk 21446c8455 added Sage X3 modules 2021-07-07 11:14:23 -05:00
Grant Willcox 62f9d15ba3 Land #15314, Add Exploit for CVE-2021-31181 (SharePoint RCE) 2021-06-16 10:39:49 -05:00
Alexandre ZANNI 67406e71e4 WordPress wpDiscuz Unauthenticated File Upload Vulnerability 2021-06-15 14:15:30 +02:00
Grant Willcox 464dcdf578 Land #15239, ipfire <= 2.25 Core Update 156 pakfire.cgi Authenticated RCE 2021-06-14 18:01:24 -05:00
Grant Willcox 537a7763f5 Land #15337, Update apache_activemq_upload_jsp.rb to fix missing checks and add missing slashes to some requests 2021-06-14 15:28:40 -05:00
Grant Willcox 5b274770ef Update exploit code to add missing slashes to certain important parts of the code where the exploit might fail if a custom path is supplied, and also improve the error handling in the code overall 2021-06-14 15:02:38 -05:00
adfoster-r7 fb0e0f88a9 Land #15215, HashiCorp Nomad exec RCE 2021-06-14 17:49:36 +01:00
Wyatt Dahlenburg 1789c7b070 Adding notes to Nomad Module 2021-06-14 10:39:23 -05:00