adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

35981 Commits

Author SHA1 Message Date
h00die 75ed65a0ab properly name saltstack salt 2021-05-03 19:34:37 -04:00
Spencer McIntyre c03b9d78f3 Update metasploit-payloads gem to 2.0.45 2021-05-03 09:50:41 -04:00
Mehmet INCE bf0551979f Fix the module according to the review 2021-05-03 12:29:00 +03:00
Mehmet INCE 06157601df Remove SCREEN_EFFECTS from sideeffects 2021-05-03 11:14:43 +03:00
Mehmet INCE 9e04805c0e Adding check method to gravcms exec 2021-05-03 11:14:43 +03:00
Mehmet INCE e3d05395de Add GravCMS exec 2021-05-03 11:14:42 +03:00
Ashley Donaldson 0435e281d9 Updated CVE-2021-3156 documentation to reflect code changes. 2021-05-03 16:45:50 +10:00
Ashley Donaldson 4cd7637274 Fixed Rubocop errors added since this module was forked 2021-05-03 13:28:07 +10:00
Ashley Donaldson f0a442b77d Retrieve configured kerberos ticket location before retrieving tickets 
Rather than assume that file-configured kerberos tickets will be at /tmp/krb5_*, let's check the config file.
Also allows us to give more meaningful error messages and point people in the direction of where to look if it doesn't work.
 2021-05-03 13:07:45 +10:00
h00die 2c76671436 add windows minion file 2021-05-02 10:01:06 -04:00
h00die 33727ef664 idrac docs and cleanup 2021-05-02 08:52:11 -04:00
h00die 2c0c7791a0 more error handling, updated docs 2021-05-02 08:19:43 -04:00
Brendan Coles 4a93f15c80 Land #15136, Set microfocus_ucmdb_unauth_deser default payload to reverse_python 2021-05-02 10:27:05 +00:00
Pedro Ribeiro e6b605369e UCMDB: remove warning from docs and change Linux target to reverse_python 2021-05-02 16:53:02 +07:00
pingport80 fd73b03239 add get_processes for windows in common.rb 2021-05-02 14:16:51 +05:30
Ashley Donaldson 86a7b7b915 Forked a long time ago, so let's get it closer to the main branch 2021-05-02 14:23:56 +10:00
William Vu d433c0fd12 Fix typo 2021-04-30 23:29:24 -05:00
William Vu 4fafb9a272 Fix missing CheckCode in saltstack_salt_root_key 2021-04-30 23:26:18 -05:00
h00die fde1696ae2 windows and osx updates 2021-04-30 20:59:54 -04:00
Tim W 14e22bee37 Land #15105, CVE-2021-21220 - Chrome V8 XOR typer mismatch OOB access RCE 2021-04-30 22:56:07 +01:00
Tim W 360fee153f use 2 space indentation 2021-04-30 22:32:05 +01:00
Tim W 27a9b797b1 location.reload() on failure 2021-04-30 22:31:50 +01:00
Shelby Pace 0535489703 Land #14947, add IGEL OS RCE 2021-04-30 15:49:11 -05:00
Shelby Pace de22236902 add AutoCheck and update docs output 2021-04-30 15:38:57 -05:00
Rob V 41fe16463d switching to CmdStager 
- had to switch away from python payload to appease CmdStager
- removed systemd service adjustments preferring to use sleep to avoid rate limits
- updated check function to accomodate more current vulnerable version information in vendor advisory
 2021-04-30 12:53:33 -04:00
Grant Willcox f267f0866c Fix up documentation typos and improve JavaScript using comments from @timwr's review. 2021-04-30 10:54:09 -05:00
Shelby Pace 45a8e1f49f Land #15087, Operations Bridge Reporter support 2021-04-30 08:41:35 -05:00
adfoster-r7 6c6d7699ed Land #14831, Add CookieJar support to http_client 2021-04-30 14:08:04 +01:00
Ashley Donaldson 3722435a25 Tested and verified exploitability of second CVE-2021-3156 exploit on three platforms 2021-04-30 18:51:06 +10:00
Ashley Donaldson b1d2c39c98 Added second CentOS 7 exploit 2021-04-30 18:30:19 +10:00
Ashley Donaldson 124d157a1c Added CVE-2021-3156 exploits for CentOS 7 and 8 2021-04-30 17:25:59 +10:00
Alan Foster 04ff0f6bd7 Update exchange ecp dlp policy to work with new cookie jar 2021-04-29 21:26:02 +01:00
Spencer McIntyre 994825dcc9 Land #15090, Add exploit for CVE-2021-22502 2021-04-29 14:09:28 -04:00
Spencer McIntyre b2142aada7 Land #15086, Add exploit for CVE-2020-11857 2021-04-29 11:47:17 -04:00
Spencer McIntyre 4373b464ce Update the markdown module docs a bit 2021-04-29 11:46:40 -04:00
Ashley Donaldson 79152cafe6 Added support for Ubuntu 14.04.3 for CVE-2021-3156 2021-04-29 20:48:51 +10:00
Ashley Donaldson 9d9d3ce061 Added Ubuntu 16.04-specific exploit script to CVE-2021-3156 module 
The generic approach used for other targets doesn't work for 16.04, as that one relies on tcache bins, which are not present in glibc 2.23.
 2021-04-29 18:28:13 +10:00
Ashley Donaldson fcd17ed3b1 Port sudoedit exploit to Python 
It's assumed that Python is more likely to be present on the target system
than gcc, so is better as a dependency.
 2021-04-29 13:17:32 +10:00
Ashley Donaldson 78295b654b Land #14702, Add module Redis extractor 2021-04-29 11:02:38 +10:00
Ashley Donaldson 4678790c4a Fixed Rubocop issues 2021-04-29 11:02:12 +10:00
btnz-k a223baf0a3 Updated emby_version_ssrf to include timeout. Updated documentation filenames and content. 2021-04-28 13:07:51 -07:00
btnz-k b3b9d89bd1 changes to meet r7 reqs 2021-04-28 12:41:41 -07:00
btnz 13c619cb7e Add files via upload 2021-04-28 10:37:39 -07:00
btnz a5f68fc043 Add files via upload 2021-04-28 10:36:55 -07:00
Tim W 92a5a56d41 refactor check_useragent 2021-04-28 14:41:17 +01:00
Ashley Donaldson 06f3785ec3 Various changes from code review 
* Remove use of member variable for storing state
* Display Redis hashes as Ruby hashes
* Rubifying code
 2021-04-28 17:12:56 +10:00
Ashley Donaldson 54923c971b Use new parsing code in most requests in the module 2021-04-28 16:23:19 +10:00
Ashley Donaldson dc24800407 Robustness improvements to Redis extractor module 
* Use RESP's information about bulk string and array lengths
* Iterative rather than recursive approach
 2021-04-28 11:17:48 +10:00
Grant Willcox 5541988d10 Upload working exploit and documentation for CVE-2021-21220 2021-04-27 13:23:35 -05:00
adfoster-r7 24d291c1f0 Land #15081, Adds error handling for mssql_idf when module has no matching results 2021-04-27 15:52:40 +01:00