adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

18316 Commits

Author SHA1 Message Date
William Vu 4cd52c5f32 Reorder Expect mixin's send_expect parameters 2020-02-27 02:48:11 -06:00
William Vu 8820944696 Fix exploit/unix/smtp/opensmtpd_mail_from_rce 2020-02-27 02:11:08 -06:00
Alan Foster af9d2a28de Fix msftidy warnings 2020-02-26 14:56:08 +00:00
Alan Foster 6bac1ec2aa Remove executable flags from exploit files 2020-02-26 10:39:50 +00:00
Brent Cook f59ec03c42 Land #12465, add Android Binder UAF (CVE-2019-2215) 2020-02-23 01:06:33 -08:00
airevan 5a58fbb0e5 Remove space 2020-02-23 14:45:53 +08:00
airevan d102f3e48f Remove space 2020-02-23 13:03:13 +08:00
airevan adaa9e239a Add phpstudy backdoor exploit module 2020-02-23 10:23:32 +08:00
airevan bb7ed355f0 Add phpstudy backdoor exploit module 2020-02-22 22:55:45 +08:00
airevan 6a07160bd5 Add phpstudy backdoor exploit module 2020-02-22 19:53:06 +08:00
Jeffrey Martin 578bf9999f Land #12955, Update logic for ForceExploit in modules 2020-02-21 15:45:12 -06:00
Christophe De La Fuente f9077bcd8d Land #12704, OpenNetAdmin 18.1.1 Remote Code Execution exploit 2020-02-21 15:49:26 +01:00
Christophe De La Fuente 5e4b83581a Fix indentation issue 2020-02-21 15:47:32 +01:00
bwatters-r7 c9e4ca34c3 Land #12921, Updating regex in ms16_075_reflection_juicy exploit windows version check 
Merge branch 'land-12921' into upstream-master
 2020-02-20 21:10:37 -06:00
Onur ER f483b80849 Changed to vars_post 2020-02-21 03:48:12 +03:00
Onur ER 695f6869df Update opennetadmin_ping_cmd_injection.rb 2020-02-21 03:13:44 +03:00
Onur ER f90d605c21 Update modules/exploits/unix/webapp/opennetadmin_ping_cmd_injection.rb 
Co-Authored-By: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>
 2020-02-21 03:07:27 +03:00
0x44434241 f6e4b52446 Removing dead code. 2020-02-21 08:33:20 +09:00
Christophe De La Fuente f484e6c83c Land #12862, Apache James 2.3.2 arbitrary file write exploit module 2020-02-20 10:41:13 +01:00
kalba-security c2f13d906b fix sqli get request syntax 2020-02-20 11:38:43 +02:00
mattaberegg a861ad3f21 Payload handler/cleanup improvement 2020-02-19 18:57:08 -08:00
Shelby Pace db8555e007 Land #12942, add Diamorphine privilege escalation 2020-02-19 10:36:39 -06:00
kalba-security 9980a96917 Move documentation to correct directory 2020-02-19 16:57:38 +02:00
kalba-security 0d0bd865c8 add eyesofnetwork module and docs 2020-02-19 16:33:04 +02:00
0x44434241 4288632203 Applied suggestions from rubocop. 
Feedback from bwatters-r7
 2020-02-19 16:59:08 +09:00
William Vu 7dc1315dac Update logic for ForceExploit in my modules 
This lets the user opt out of running check completely.
 2020-02-19 01:06:50 -06:00
William Vu 4fa3b25788 Correct language in crosschex_device_bof 2020-02-18 23:18:45 -06:00
0x44434241 028285de77 Refactoring juicy potato check() logic. 
Previously, server 2016/19 was not correctly detected and falsely
reporting as vulnerable, because the check was overly trusting the
reported OS name - see PR #355 for a description of the problem.

Furthermore, I discovered a self-introduced bug in the regex of build
detection, which would in some cases first match on '2016' and not the
build number, which would be less than the five-digit build number for
the forseeable future.

Testing data included in PR comments.

Feedback from @bwatters-r7
 2020-02-19 11:19:02 +09:00
Tim W aa1fdb2075 Land #12724, server AMSI and SBL separately from psh stager in web_delivery 2020-02-19 09:33:25 +08:00
Brent Cook 9aac803f41 remove a scratchpad line I saved while testing blog link fixes 2020-02-18 09:26:29 -06:00
Brent Cook 8489bcdfd9 This fixes broken links to the community.rapid7.com blog 
Performed mechanically with sed, spot-checked that the new blog can consume these links.
 2020-02-18 09:06:11 -06:00
Christophe De La Fuente 1b54d27301 Update code #2 
- Make error message more descriptive
- Use `Rex.sleep` in stead of `sleep`
- Update `detect_qsl` logic
- Change the first `Exploit::CheckCode` to `Unknown` for the `Check` method
 2020-02-17 19:04:32 +01:00
Christophe De La Fuente 828d974db5 Update code and documentation 
- Add `OperationMaxRetries` option documentation
- Add default value to `TARGETURI` and update the documentation
- Remove `PosOffset` advanced option and hardcode the value
- Update `Description`
- Move URI encoding logic to `send_crafted_request`
- Refactor `send_crafted_request` to handle the HTTP parameter and final & (%26)
 2020-02-17 18:25:10 +01:00
Christophe De La Fuente 0e9c637364 Randomize filename and HTTP parameter 2020-02-17 15:58:21 +01:00
Christophe De La Fuente 226f4b0a53 Line wrap to 80 columns and small fix 
- Line wrap documentation to 80 columns
- Line wrap `Description` field to 80 columns
- Remove unnecessary unless statement
 2020-02-17 13:06:32 +01:00
Tim W f630990b3b use random amsi resource url 2020-02-17 10:07:18 +08:00
Brendan Coles ac6d0e4391 Add Diamorphine Rootkit Signal Privilege Escalation module 2020-02-16 14:53:16 +00:00
Tim W 3a89bef6c4 improve description 2020-02-15 10:37:15 +08:00
Christophe De La Fuente 351c0d1651 Small improvements 2020-02-14 17:16:27 -06:00
Tim W d95391b7f4 minor refactor 2020-02-15 06:10:52 +08:00
Tim W 55d5e55c5e use simpler wasm code 2020-02-15 06:10:52 +08:00
Tim W 4b92403bba fix? 2020-02-15 06:10:52 +08:00
Tim W 5420007dff add support for osx and windows using wasm rwx region 2020-02-15 06:10:52 +08:00
Tim W f6343f35aa attempt to speed up pop_r9 gadget search 2020-02-15 06:10:52 +08:00
Tim W bb4007747b fix 2020-02-15 06:10:52 +08:00
Tim W 35dac6ea5f no offsets 2020-02-15 06:10:52 +08:00
Tim W 59ed3e5948 dynamic offsets 2020-02-15 06:10:52 +08:00
Tim W 2efc381115 strcmp 2020-02-15 06:10:52 +08:00
Tim W 6fa086a0ab add debugging option 2020-02-15 06:10:52 +08:00
Tim W bbbb9565a4 fix win7 2020-02-15 06:10:52 +08:00