adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

18316 Commits

Author SHA1 Message Date
kalba-security 45d13bf85e Simplify shash checks, use cgi request instead of raw, fix ctype header placement 2020-09-24 07:49:55 -04:00
youkergav 49a5dfc139 Spelling and grammer fixes 2020-09-24 03:29:07 -04:00
youkergav 35dd9cb517 Add Login to User with Su on Linux / Unix Systems 2020-09-24 02:36:26 -04:00
kalba-security e026c74108 Improve Failure:: categories and remove empty parameters from POST requests 2020-09-23 13:27:19 -04:00
kalba-security 1133f76722 Improve feedback when authentication fails 2020-09-23 07:51:11 -04:00
Christophe De La Fuente 7c575223a2 Sync with master 2020-09-23 10:08:07 +02:00
kalba-security e65083c092 Add maracms_upload_exec.rb exploit module and docs 2020-09-22 16:53:29 -04:00
bwatters 7e68c42876 Rubocop, fix check method, clean up c code 2020-09-22 07:45:02 -05:00
Christophe De La Fuente 2d1b378a18 Land #14122, Jenkins Deserialization RCE (CVE-2017-1000353) 2020-09-22 12:32:09 +02:00
Shelby Pace 2ae50e9304 Land #14025, add Artica Proxy auth bypass / rce 2020-09-21 15:27:53 -05:00
Shelby Pace 18fa28f96b change date format / default payload 2020-09-21 15:26:39 -05:00
h00die ee77cc8e78 Land #14123, vyos restricted shell escape and priv escalation 2020-09-19 09:13:38 -04:00
bwatters 534e945cd0 First attempt at CVE-2020-1313 2020-09-18 15:39:12 -05:00
Brendan Coles 6208f8795a vyos_restricted_shell_privesc: support login as admin user 2020-09-18 15:49:25 +00:00
Shelby Pace 74669f4052 Land #14135, add tp-link command injection 2020-09-18 09:47:02 -05:00
Pietro Oliva 5f204257a5 Remove unnecessary comma, fix docs 2020-09-18 10:15:23 -04:00
Pietro Oliva e2c169d7d3 Remove unnecessarily setting SSL via datastore 2020-09-18 09:32:45 -04:00
0xsysenter 3144a1aede Add SSL in DefaultOptions 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-09-18 15:31:23 +02:00
Pietro Oliva d3f68d0fe4 Fix double shell issue 2020-09-18 09:23:02 -04:00
Shelby Pace c04e8d73c3 Land #14023, spooler svc privesc (PrinterDemon) 2020-09-17 16:06:29 -05:00
Shelby Pace 8b75401fcf remove requires 2020-09-17 16:04:56 -05:00
Shelby Pace 09c5b906af change notes and primary command stager flavor 2020-09-17 13:25:14 -05:00
Shelby Pace 8c1968e01c use more generic regex for versioning 
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>
 2020-09-17 09:12:20 -05:00
Pietro Oliva 072f35c270 -Updated module to work using CmdStager 
-Updated documentation accordingly
-Removed unnecessary includes and simplified code
 2020-09-16 19:51:15 -04:00
Spencer McIntyre c2d101a06b Land #14126, Add Microsoft Exchange Server DLP Policy RCE (CVE-2020-16875) 2020-09-16 16:31:13 -04:00
William Vu 5bda3b4b9d Revert "Make User-Agent consistent across requests" 
This reverts commit 0ec97aa447.
 2020-09-16 13:24:18 -05:00
William Vu da4e960eb0 Revert "Fix HttpUserAgent to UserAgent" 
This reverts commit 3c8390a1c7.
 2020-09-16 13:24:14 -05:00
William Vu 3c8390a1c7 Fix HttpUserAgent to UserAgent 
Payload vs. HttpClient. Whoops.
 2020-09-16 13:03:55 -05:00
William Vu 0ec97aa447 Make User-Agent consistent across requests 2020-09-16 12:59:17 -05:00
William Vu 03e0b9098c Add more words about Exchange role groups 2020-09-16 12:55:08 -05:00
Pietro Oliva c396ad0436 Fix compatibility issue resulting in no shell on some devices 2020-09-16 13:38:34 -04:00
bwatters d8df8a3422 Change description and fix typo 2020-09-16 11:17:39 -05:00
bwatters dcd0918694 Fixed cleanup and check 2020-09-16 11:17:39 -05:00
bwatters 198f3905ae Logic errors and typos 2020-09-16 11:17:39 -05:00
bwatters fe59099678 Clean up C code, add support for x86 targets 2020-09-16 11:17:39 -05:00
bwatters ce8033714d remove copy/pasta code and fix version check 2020-09-16 11:17:39 -05:00
bwatters c2e2a4fe2c More Rubocop, add documentation, and typo fix 2020-09-16 11:17:39 -05:00
bwatters f14d6ffe13 Rubocop and modularization 2020-09-16 11:17:39 -05:00
bwatters a72769909b Change exe to take destination and source files for copy 2020-09-16 11:17:39 -05:00
bwatters 17272209cc First try at CVE-2020-1048, needs lots of work 2020-09-16 11:17:38 -05:00
Shelby Pace 0f0d6a233b Land #14074, add Mida eFramework command injection 2020-09-16 10:24:51 -05:00
William Vu e118ff1509 Add Microsoft Exchange Server DLP Policy RCE 
CVE-2020-16875
 2020-09-16 02:41:08 -05:00
Pietro Oliva c6b6021df3 Tidy up code with rubocop and msftidy 2020-09-14 21:13:09 -04:00
Pietro Oliva 963a4d29ec Removed unnecessary "begin, end" 2020-09-14 19:53:18 -04:00
Niboucha Redouane 3a09337935 Remove AUTH_BYPASS target 2020-09-15 01:51:34 +02:00
0xsysenter 201385f111 Update modules/exploits/linux/http/tp_link_ncxxx_bonjour_command_injection.rb 
Remove unnecessary comma

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-09-15 01:23:00 +02:00
0xsysenter a9e45dc0a1 Update modules/exploits/linux/http/tp_link_ncxxx_bonjour_command_injection.rb 
remove unnecessary comma

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-09-15 01:17:01 +02:00
0xsysenter 9c5f64d692 Update modules/exploits/linux/http/tp_link_ncxxx_bonjour_command_injection.rb 
fix disclosure date format

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-09-15 01:15:53 +02:00
Pietro Oliva f10ed189e9 Add module for TP-Link Cameras Command Injection (CVE-2020-12109) 2020-09-14 14:20:42 -04:00
Niboucha Redouane ca32a15f8d Remove trailing comma after the URL reference 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-09-14 19:03:57 +02:00