adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

18316 Commits

Author SHA1 Message Date
Grant Willcox f241a050b8 Apply review comments and fixes to documentation and the module 2021-04-20 12:38:34 -05:00
Grant Willcox fcdd47e8f5 Land #15064 - Fix Rex::Socket::SSHFactory NameError in exploit/linux/ssh/f5_bigip_known_privkey 2021-04-20 10:41:42 -05:00
William Vu 8d71cfc024 Fix SSHFactory NameError in f5_bigip_known_privkey 
This could probably be refactored to use Msf::Exploit::Remote::SSH.
 2021-04-19 17:07:26 -05:00
Grant Willcox d60cdbebb3 Add in Regex fix to ensure that really old versions of NagiosXI will still be detected as vulnerable despite unusual version naming convention 2021-04-19 14:17:05 -05:00
h00die 51f9e1ae73 cockpit cms rce 2021-04-18 18:52:04 -04:00
Grant Willcox 4ac9304ca2 Land #14968 - Add Nagios XI Mibs.php Authenticated RCE module and docs (CVE-2020-5791) 2021-04-16 14:37:15 -05:00
Grant Willcox 496e074ec8 Add in fixes to documentation and module from review 2021-04-16 13:14:17 -05:00
A Galway 88f17c5128 cleanup and removes cookies filtering 2021-04-16 17:31:11 +01:00
Grant Willcox d155702356 Add in Notes section to chrome_simplifiedlowering_overflow.rb 2021-04-16 11:02:52 -05:00
Tim c6464313d4 Update modules/exploits/multi/browser/chrome_simplifiedlowering_overflow.rb 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2021-04-16 16:46:43 +01:00
Tim W 97425602e9 fix typo and docs in chrome_simplifiedlowering_overflow 2021-04-16 14:59:43 +01:00
Spencer McIntyre cc1aa34534 Tweak what is restored to avoid a bugcheck 2021-04-16 09:16:38 -04:00
A Galway fc55d74b80 http-client cookie jar support and tests 2021-04-16 12:24:21 +01:00
William Vu 9e6f425427 Move exploit/linux/http/citrix_dir_traversal_rce 
To exploit/freebsd/http/citrix_dir_traversal_rce. It's actually FreeBSD.
 2021-04-15 19:13:25 -05:00
Grant Willcox 832ca92f42 Land #14700, Add Nagios XI Plugins Filename Authenticate RCE module and docs (CVE-2020-35578) 2021-04-14 16:58:55 -05:00
Grant Willcox 61395f3cb1 Update scenarios in documentation and also update the module to handle cases where the version number may not be in a format that Rex::Text can immediately handle. 2021-04-14 16:32:53 -05:00
Grant Willcox 76353efada Fix minor RuboCop error 2021-04-14 15:38:06 -05:00
Grant Willcox 154e237edd Add in fixes to documentation and module that were covered in the review process 2021-04-14 15:33:42 -05:00
adfoster-r7 4c37e35d82 Land #14770, guard when spawn is used with TcpServer mixin 2021-04-14 11:34:25 +01:00
Grant Willcox a59e7e196d Land #14701, Rename Nagios XI authenticated RCE module and integrate Nagios XI mixin 2021-04-13 18:58:29 -05:00
Grant Willcox d766cf9b96 Change module title to be more descriptive and remove bad characters 2021-04-13 17:33:34 -05:00
Grant Willcox 0aada27128 Update the documentation to account for the fact that the plugin name has to be check_ping and also update the module to randomize some of the fields where possible. 2021-04-13 17:15:34 -05:00
Spencer McIntyre 6176f6fd16 Avoid a CRITICAL_STRUCTURE_CORRUPTION bugcheck from patch guard 2021-04-13 17:39:32 -04:00
Grant Willcox ead9d73dc5 Add in fixes from review to documentation and module 2021-04-13 16:34:13 -05:00
Spencer McIntyre ba9674ca69 Search a wider range of the hal heap and remove an irrelevant sentence 2021-04-13 14:44:24 -04:00
Spencer McIntyre ec962cf2be Adjust the hal heap base address calculation 2021-04-13 13:11:24 -04:00
William Vu e842c3ecab Fix Gem::Package NameError with Rex::Tar::Writer 2021-04-12 18:50:31 -05:00
Rob V 1ba22f9b0c leveraging Udp mixin for version check 2021-04-09 15:21:38 -04:00
Spencer McIntyre 63e438e992 Bump RubySMB and add a simple check method 2021-04-09 14:44:27 -04:00
Rob V 3ecd97f8bc using Rex::Version over more manual process 2021-04-09 14:39:32 -04:00
Rob V ffcec1f3b4 adding comment header 2021-04-09 14:16:20 -04:00
Spencer McIntyre f9e632231b Update module metadata for SMBGhost 2021-04-09 14:15:11 -04:00
Spencer McIntyre dd9936ae84 Add SMBGhost RCE module docs 2021-04-09 14:15:11 -04:00
Spencer McIntyre d8bed16d4d Refactor constants into a proper target hash 2021-04-09 14:15:11 -04:00
Spencer McIntyre c4055f348c Restructure and refactor the kernel mode shellcode 2021-04-09 14:15:11 -04:00
Spencer McIntyre 8b3381a901 Initial commit of the CVE-20202-0796 exploit 2021-04-09 14:15:05 -04:00
Shelby Pace a36030bcb7 add AutoCheck and usage of TARGETURI option 
remove CheckCmd from docs
 2021-04-09 12:08:25 -05:00
robvinson 85176f4385 style change using unless instead of if not 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-04-09 09:17:58 -05:00
robvinson c913762077 move privileged from false to true 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-04-09 09:16:49 -05:00
je5442804 352fedcca0 Improved 2021-04-09 19:50:43 +08:00
je5442804 69b62cee3a Update modules/exploits/linux/http/apache_druid_js_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-04-09 08:31:38 +08:00
je5442804 58f14a3219 Update module-send_request 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-04-09 08:31:25 +08:00
je5442804 afb263bcba Update description 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-04-09 08:27:30 +08:00
Tim W 7c575cd38f Land #15007, add a chrome renderer exploit (CVE-2020-16040) 2021-04-08 22:18:20 +01:00
Tim W 53b739277a do location.reload() if exploit fails 2021-04-08 21:21:06 +01:00
Tim W 8019eda667 fix 0x2000 shellcode limit 2021-04-08 21:17:40 +01:00
Tim W bd32f686bc remove dataview allocation 2021-04-08 21:17:01 +01:00
Tim W 6b86f6c881 remove 0x150 shellcode limit 2021-04-08 21:06:15 +01:00
Tim W c12f098c45 cosmetic fixes 2021-04-08 20:54:54 +01:00
Shelby Pace 926f051377 Land #14978, add Gitea and Gogs exploit modules 2021-04-07 13:44:43 -05:00