adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

18316 Commits

Author SHA1 Message Date
secenv b6731a6d1c Remove printf as flavor 
There is no printf in this router.
 2019-12-31 13:10:59 -03:00
secenv bedb1132b7 Convert to staged exploit 
Works with meterpreter now :D
 2019-12-31 13:08:51 -03:00
secenv 5f2c29946c Remove the prompt variable + some EOL spaces; modify rand() 
As suggested by @bcoles
 2019-12-31 11:19:59 -03:00
secenv 2eec026a28 D-Link DIR-859 Unauthenticated RCE (CVE-2019-17621) 
Exploits a vulnerability in the /gena.cgi UPnP endpoint in D-Link DIR-859 (and potentially other) SOHO routers. CVE ID: 2019-17621.
Code based on modules/exploits/linux/http/dlink_dir300_exec_telnet.rb
 2019-12-30 19:22:04 -03:00
ide0x90 44489f0326 Using heredoc, streamlined check for PowerShell, improved docs. 2019-12-29 12:00:50 +08:00
ide0x90 4fb2e92a8f Cleanup according to Rubocop 2019-12-29 02:04:06 +08:00
ide0x90 daae0886fa Included lazy and manual check for Bash. 
More code cleanup, reducing use of class variables.
Normalized all the URIs.
Created a function to wrap GET requests to the target.
 2019-12-29 01:32:44 +08:00
Brent Cook e8cd136e56 Land #12712, add OpenBSD Dynamic Loader chpass privesc 2019-12-27 03:56:02 -06:00
ide0x90 65e7354ee6 Added TARGETURI 2019-12-27 15:48:37 +08:00
ide0x90 ce01137525 More cleanup. Better check. Encoding issues over with (hopefully). 2019-12-27 15:16:09 +08:00
Brent Cook 8061cdf974 Land #12760, improvements to linux/local/bpf_priv_esc module 2019-12-26 13:43:54 -06:00
Brendan Coles a7b63557db Notify operator that cleanup of crontab is required 2019-12-26 16:21:44 +00:00
ide0x90 29b306fedf Cleanup sweep the 2nd as per suggestions from @bcoles 2019-12-27 00:13:49 +08:00
ide0x90 046d8cbedc REALLY added documentation. 
Made module work with base64.
Cleaned up template as per @acammack-r7 's suggestions.
 2019-12-26 23:35:34 +08:00
ide0x90 242cee3060 Improved target verification and added documentation. 2019-12-26 20:22:21 +08:00
ide0x90 f637254ab2 Initial commit for module exploit/multi/http/solr_velocity_rce 2019-12-26 18:12:42 +08:00
Brendan Coles d449a93b44 Add Msf::Post::File.attributes method 2019-12-25 07:34:44 +00:00
Nicholas Starke 13cadbf3f1 Adding DLINK DWL-2600 Command Injection Module 
This module takes advantage of a previously discovered command injection
vulnerability in DLINK DWL-2600 WiFi Access points.  This vulnerability
is authenticated, and the module is responsible for retrieving a valid
authentication token.
 2019-12-24 12:31:49 -06:00
wvu-r7 e89a596e5c Land #12754, ForceExploit for 4.3BSD exploits 2019-12-23 19:13:42 -06:00
William Vu 01b6bc112d Rescue EOFError for good measure 2019-12-23 19:02:13 -06:00
William Vu 81f8f4f67f Add ForceExploit to 4.3BSD (VAX) exploits 2019-12-23 18:17:09 -06:00
Brent Cook ce991071e4 Land #12524, update most python code with python 3 compatibility 2019-12-23 14:49:08 -06:00
h00die 4f8382fc98 Land #12744, rds lpe updates and improvements 2019-12-22 10:21:03 -05:00
h00die 4e1e8d344f rds reliability, stability notes 2019-12-22 10:20:00 -05:00
Brendan Coles 4c0fc3a505 Add OpenBSD Dynamic Loader chpass Privilege Escalation (CVE-2019-19726) 2019-12-22 08:46:43 +00:00
h00die 7a027216cc Land #12701 linux priv esc on reptile_cmd rootkit 2019-12-21 15:50:07 -05:00
Shelby Pace 894927d960 Land #12693, add Comahawk privilege escalation 2019-12-18 15:40:51 -06:00
bwatters-r7 b36c191fc7 With feeling... 2019-12-18 14:33:13 -06:00
bwatters-r7 f9fbe96145 more bcoles suggestions 2019-12-18 14:25:43 -06:00
Brendan Coles c0da9e2202 Rename exploit/linux/local/rds_priv_esc -> exploit/linux/local/rds_rds_page_copy_user_priv_esc 2019-12-18 20:05:19 +00:00
Francesco Soncina 671f80896a Update payload_inject.rb 2019-12-18 16:06:26 +01:00
Tim W 58bf71d555 simplify amsi resource url 2019-12-17 17:35:29 +08:00
Francesco Soncina 664b196388 Update payload_inject.rb 2019-12-17 01:35:24 +01:00
Francesco Soncina 64c1f557c6 add support for PPID spoofing to payload_inject 2019-12-17 01:19:45 +01:00
Brent Cook fde942bc37 Land #12517, replace CheckScanner mixin with CheckModule, which works with anything 2019-12-16 17:40:10 -06:00
bwatters-r7 66dcbc5d99 Stupid typo... 2019-12-16 12:54:48 -06:00
bwatters-r7 06bcef3670 bcoles suggested chganges 2019-12-16 12:50:41 -06:00
Brent Cook 9cc02cb51f Land #12643, add additional example exploit modules 2019-12-16 11:34:33 -06:00
Brent Cook e1e668d7da Land #12651, add OpenMRS deserialization exploit 2019-12-16 11:31:24 -06:00
Christophe De La Fuente 42a60034f2 Land #12725, Bash profile persistence module 2019-12-16 09:19:08 +01:00
h00die 1ff925eac9 Land #12727, netfilter_priv_esc_ipv4 improvements 2019-12-15 07:07:40 -05:00
Brendan Coles dd41892123 Update netfilter_priv_esc_ipv4 exploit 2019-12-15 07:17:42 +00:00
bluesentinelsec c43330934b New module: Bash Profile Persistence 2019-12-14 21:40:18 -05:00
Francesco Soncina a3a25b193e serve AMSI/SBL bypass separately 2019-12-14 19:49:53 +01:00
Onur ER 548abf4364 Rename modules/exploits/multi/http/opennetadmin_ping_cmd_injection.rb to modules/exploits/unix/webapp/opennetadmin_ping_cmd_injection.rb 2019-12-14 16:26:19 +03:00
Onur ER 44636f4975 Update opennetadmin_ping_cmd_injection.rb 2019-12-14 16:24:27 +03:00
h00die 5fc561e916 Land #12661, more docs 2019-12-13 17:42:36 -05:00
bwatters-r7 6538a4188d Space-suggested updates 2019-12-13 15:25:01 -06:00
Onur ER 7730c5359d Update modules/exploits/multi/http/opennetadmin_ping_cmd_injection.rb 
Co-Authored-By: acammack-r7 <adam_cammack@rapid7.com>
 2019-12-13 16:39:17 +03:00
Tim 0e076d286e Update modules/exploits/multi/browser/chrome_array_map.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-12-13 12:47:21 +07:00