adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

35981 Commits

Author SHA1 Message Date
William Vu 22ae40a072 Remove new AKB reference 
I'm not sure it adds enough value due to the URL format.
 2021-04-03 14:05:45 -05:00
William Vu d020b2fb5f Update f5_icontrol_rest_ssrf_rce for AKB reference 2021-04-03 12:58:42 -05:00
je5442804 80f96f0045 Update modules/exploits/linux/http/apache_druid_js_rce.rb 
Co-authored-by: wvu <wvu-r7@users.noreply.github.com>
 2021-04-03 23:57:22 +08:00
Geyslan G. Bem 74a77fb66e x64/shell_bind_tcp_random_port: rip one byte off 
Gets rid of one more byte and adjusts mentions to //bin/sh string.

Signed-off-by: Geyslan G. Bem <geyslan@gmail.com>
 2021-04-03 12:04:32 -03:00
Christophe De La Fuente 401a4ff8c7 Land #14975, Fix uninitialized constant in cve_2020_1054_drawiconex_lpe 2021-04-02 17:23:03 +02:00
jvoisin 943698ef19 Add an haserl-based exploit for Alpine linux 2021-04-02 13:43:52 +02:00
Jinny 3ce4e5ec2c Updated calls to describe method to fix crashes 2021-04-01 22:06:40 +02:00
Shelby Pace 71914a1ddb Land #14813, additional dup scout bof targets 2021-04-01 13:03:57 -05:00
BuildTools b42a22c4de Updated documentation 2021-04-01 13:30:39 -04:00
kalba-security 34a5f7906c Rebase so we can use the latest mixin code,update the version range, update docs 2021-04-01 13:29:44 -04:00
kalba-security faab100d9a Add Nagios XI Mibs.php Authenticated RCE module and docs 2021-04-01 13:06:33 -04:00
kalba-security f76f58eb51 Rebase, use latest mixin code in check, update version and docs 2021-04-01 12:43:44 -04:00
kalba-security dd5c747584 Add Nagios XI snmptrap RCE and docs 2021-04-01 12:26:06 -04:00
kalba-security 02b9e5c939 rebase, use latest mixin code, correct vulnerable versions, update docs 2021-04-01 12:18:46 -04:00
kalba-security 3b7e612541 Add Nagios XI Plugins Filename Authenticate RCE module and docs 2021-04-01 11:23:52 -04:00
kalba-security 2df90d8d23 Rebase, rename module to nagios_xi_plugins_check_plugin_authenticated_rce, update check to take advantage of mixin, minor improvements 2021-04-01 11:07:49 -04:00
Shelby Pace 2cbd1a6be9 Land #14935, add F5 iControl REST API SSRF RCE 2021-04-01 08:40:38 -05:00
kalba-security a02f14f644 Add 'moved_from' alias 2021-04-01 09:26:24 -04:00
kalba-security 0e7c11ada3 Rename module and modify it to use the Nagios XI mixin, add autocheck, fix syntax and linting, also update docs 2021-04-01 09:26:16 -04:00
dwelch-r7 278c56652e Update RbMysql to the most recent code from this gem https://github.com/tmtm/ruby-mysql 2021-04-01 14:17:28 +01:00
je5442804 2ac30a5c61 Update modules/exploits/linux/http/apache_druid_js_rce.rb 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2021-04-01 07:07:24 +08:00
Shelby Pace 8cdaf9791d Land #14950, add saltstack salt api rce 2021-03-31 14:50:30 -05:00
William Vu cb3f1238f3 Add F5 iControl REST CVE-2021-22986 exploit 2021-03-31 14:02:32 -05:00
jconnolly80911 c0531f4208 OSX Post exploitation .gitignore retrieval 
This post exploitation module is meant to locate all .gitignore files in a user's home directory as well as retrieve the contents of both the .gitignore as well as the files contained in the .gitignore. There are two modes. Mode 1 finds the .gitignore files. Mode 2 retrieves the file. You must set the FILE path with the gitignore file you'd like to retrieve. This could be used to retrieve potentially sensitive artifacts.

After establishing a meterpreter session:
* use post/osx/gather/gitignore
* set mode 1
* set session n (where n is the session in which you'd like to run the module)
* run

The module will take some time to complete but will recursively search all directories from the user's home directory for .gitignore files and then print the absolute path of each file it finds. Copy the path of whichever gitignore you'd like to read and paste into the FILE variable.

* set mode 2
* set file /path/to/.gitignore
* run

At this point, the module will display the contents of the gitignore file. If it contains something of interest, you can copy the filename and replace it in the absolute path for which you found the .gitignore. 

* set file /path/to/artifact
* run

This will retrieve the contents of the artifact you are looking to read.
 2021-03-31 14:47:48 -04:00
William Vu 51200c4b22 Remove CmdStagerFlavor from a couple modules 
Not strictly necessary. We need a better way to limit by platform.
 2021-03-31 12:08:46 -05:00
Christophe De La Fuente 9806026ab9 Update from code review 2021-03-31 17:48:35 +02:00
Christophe De La Fuente 73a8b7aa5f Add Gitea and Gogs RCE modules and documentations 2021-03-31 16:47:29 +02:00
je5442804 b6b7956f0f Add Apache Druid CVE-2021-25646 RCE 2021-03-31 21:11:23 +08:00
Spencer McIntyre d73ec7a751 Remove the CmdStager allow list and randomize the domain 2021-03-31 08:54:37 -04:00
je5442804 21ec87d8bd Add Apache Druid CVE-2021-25646 RCE 2021-03-31 20:43:28 +08:00
Tim W 70c8e802d8 Fix #14974, fix uninitialized constant in cve_2020_1054_drawiconex_lpe 2021-03-31 12:06:15 +01:00
Spencer McIntyre a0a4bc079a Add the exploit module for CVE-2021-26295 2021-03-30 18:18:16 -04:00
Spencer McIntyre 3340593938 Land #14951, Update metasploit_payloads-mettle gem to 1.0.8 2021-03-30 12:16:17 -04:00
ryanpohlner d92d0e59d8 Fixed generic cmd payload not echoing 2021-03-29 20:06:12 -04:00
ryanpohlner c55303863a Fixed payload triggering twice 2021-03-29 18:27:25 -04:00
Vladimir Ivanov 1f4046c45f Update references and delete check_addr in post module smdagent_get_properties.rb 2021-03-29 22:58:48 +03:00
Spencer McIntyre 8d579ff30c Update the HTTP Title scanner as a demonstration 2021-03-29 13:56:25 -04:00
Ivanov Vladimir a803d7a0d1 CVE-2019-0307 
Add post module smdagent_get_properties.rb
Add lib sap_smd_agent_unencrypted_property.rb
Update auxiliary module cve_2020_6207_solman_rce.rb
Update lib sap_sol_man_eem_miss_auth.rb
 2021-03-29 20:29:30 +03:00
Spencer McIntyre 9d85af51cb Land #14945, Proxylogon RCE (Praetorian update) 2021-03-29 12:04:19 -04:00
adfoster-r7 4bf5f4a49c Land #14963, Fix cloud_lookup gather module (PublicSuffix) 2021-03-29 15:12:20 +01:00
Spencer McIntyre 11f4946817 Tweak some ProxyLogon verbiage for clarity 2021-03-29 10:07:43 -04:00
RAMELLA Sébastien e09c62a8c2 fix. missing require 2021-03-29 15:56:46 +04:00
RAMELLA Sébastien 02b240b22a code review 2021-03-29 14:23:39 +04:00
Christophe De La Fuente fca8bf37e2 Update description & add Stability trait 2021-03-29 11:14:35 +02:00
Grant Willcox 80ae750df5 Land #14697, Add Nagios XI mixin and auxiliary scanner module and docs 2021-03-26 18:12:16 -05:00
btnz-k db376a9dd8 Working R7 changes to meet requirements 2021-03-26 14:09:49 -07:00
bwatters 11b12e4c63 Land #14869, Add Windows post module for gathering Exchange mailboxes 
Merge branch 'land-14869' into upstream-master
 2021-03-26 15:08:06 -05:00
bwatters c193465c0f Drop python 3.6 string formatting syntax because the parser is not there, yet 2021-03-26 13:37:58 -05:00
Grant Willcox 1dbf1656d3 Update to introduce wrapping on some comments and also to fix up the CVE output a bit 2021-03-26 11:46:51 -05:00
Tim W c05ed60dd8 update payloads cached size 2021-03-26 15:25:35 +00:00