adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

35981 Commits

Author SHA1 Message Date
Grant Willcox b1c3c49eb5 Land #14757, nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes 2021-03-16 17:43:43 -05:00
RAMELLA Sébastien ecb201b98a add. check to get canary 2021-03-16 19:42:05 +04:00
Spencer McIntyre 0bff88c0c0 Update the module metadata and add module docs 2021-03-16 10:40:34 -04:00
Brendan Coles e30d8db082 nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes 
Resolve Rubocop violations
Fix off-by-one in array index triggered when no file upload succeeds
Fix cleanup: ensure files are removed when upload succeeds but execution fails
Add AutoCheck
Add module notes
Add error handling and associated operator feedback
Add additional writable paths required for some old Nagios versions
Add fallback to session as `apache` if privlege escalation fails
Update documentation in line with above changes and fix software download links
 2021-03-16 07:13:55 +00:00
RAMELLA Sébastien 72a4b58f4b add. missing headers 2021-03-16 00:08:56 +04:00
bwatters ae5d31cb39 Land # 14776, Add Window Server 2012 SrClient DLL Hijacking local exploit module 
Merge branch 'land-14776' into upstream-master
 2021-03-15 14:34:35 -05:00
Spencer McIntyre 2e3d98a36a Move the DLL injection code into a reusable function 2021-03-15 11:47:02 -04:00
RAMELLA Sébastien d2df432eff fix. SID regex match 2021-03-15 19:38:53 +04:00
RAMELLA Sébastien 90dc3cdceb add. autodiscover check, and remove useless SID condition 2021-03-15 16:09:24 +04:00
RAMELLA Sébastien d2819bbb43 add. autodiscover check 2021-03-15 16:03:38 +04:00
kalba-security 98c04eae6c Remove TODO comment, update documentaton to include WAIT_FOR_TIWORKER option. 2021-03-15 07:51:12 -04:00
dwelch-r7 596e1fb6f8 Add rubocop rule to correct Gem::Version to Rex::Version 2021-03-15 11:17:47 +00:00
Grant Willcox 57931956d9 Fix bad style again 2021-03-15 01:33:32 -05:00
capme b112cc52eb change variable into snake case 2021-03-15 06:39:55 +07:00
capme ea95048377 fix identation. make readable check version 3. fix logical operator 2021-03-15 06:34:53 +07:00
RAMELLA Sébastien e5c76bfe13 pass. rubocop 2021-03-15 01:16:34 +04:00
RAMELLA Sébastien 59955f0a32 add. timeout and fix. CmdStagerFLavor 2021-03-15 01:10:56 +04:00
RAMELLA Sébastien dcf2b69d6d add. exploitation module doc and some changes 2021-03-14 22:49:41 +04:00
Grant Willcox ecae6eb91a Update response check to explicitly check if the response body is empty and to remove unneeded safe navigation operator 2021-03-14 13:14:52 -05:00
archcloudlabs 2bf44f972c Adding additional AVDump.exe paths 2021-03-14 12:23:34 -04:00
Grant Willcox 6616112b59 Correct exploit ranking, wrap file restoration in ensure clause, fix typos, and address other review comments 2021-03-14 00:00:18 -06:00
Grant Willcox 89ce1c5229 Quick update to make the backdoor a bit stealthier by removing the extra Payload Success! message that wasn't needed 2021-03-14 00:00:17 -06:00
Grant Willcox a6c92a12a1 Add link to wvu's PoC and fix typo 2021-03-14 00:00:17 -06:00
Grant Willcox 4f2e299d8f Update the exploit to use Python as its payload since this is a lot more flexible, allows Meterpreter, returns a shell faster, and we are already injecting into and executing a Python file 2021-03-14 00:00:06 -06:00
Grant Willcox c2c5db95d8 Add in documentation and fix some mistakes in the description of the module 2021-03-14 00:00:05 -06:00
Grant Willcox 7d6e636114 Initial upload of exploit code for CVE-2021-21978 2021-03-13 23:59:47 -06:00
Grant Willcox 61f960dc34 Land #14824, Skip empty files for path traversal enumeration inside http_traversal.rb 2021-03-12 18:59:45 -06:00
RAMELLA Sébastien 47f16e56d9 add. exploit (for freeze other pull request) 2021-03-13 03:49:45 +04:00
Spencer McIntyre f0a9a1deb3 Add the initial exploit for CVE-2021-1732 2021-03-12 17:30:22 -05:00
Grant Willcox 8dce1acd64 Land #14794, dup_scout_enterprise_login_bof: Add v9.9.14 target and auto targeting 2021-03-12 12:07:57 -06:00
Spencer McIntyre 3684bc6f30 Land #14661, payload/x86/exec with metasm conversoin and NULL free variant 2021-03-12 12:02:44 -05:00
Grant Willcox ef97b33d74 Land #14877, Support more recent versions of Firefox's default profile directory 2021-03-12 10:53:09 -06:00
RAMELLA Sébastien 854e949ce2 add. autodiscover feature (and others change) 2021-03-12 14:49:30 +04:00
RAMELLA Sébastien b8da46600b fix. according on nmap nse script 2021-03-12 14:33:04 +04:00
Geyslan G. Bem dc6dac3af1 payload/x86/exec.rb - logic inverted for readability 
Signed-off-by: Geyslan G. Bem <geyslan@gmail.com>
 2021-03-11 19:11:34 -03:00
Geyslan G. Bem 1da8c111b7 payloads/x86/exec.rb - set NullFreeVersion as required 
Set NullFreeVersion as a required option.
Remove nullfreeversion redundant assignment.

Signed-off-by: Geyslan G. Bem <geyslan@gmail.com>
 2021-03-11 18:31:35 -03:00
Spencer McIntyre aaf7e21def Update the microfocus_ucmdb_unauth_deser module to use the new mixin 
This updates the microfocus_ucmdb_unauth_deser module to use the new
Java Deserialization mixin. Unfortunately we do not have access to the
software for testing so these changes can not be verified.
 2021-03-11 12:09:29 -06:00
Spencer McIntyre d580e7d122 Fix some documentation, remove unnecessary code and fix a filename typo 2021-03-11 12:09:29 -06:00
Spencer McIntyre 8d2e644f4f Add a new Java Deserialization mixin and use it to set the shell 2021-03-11 12:09:29 -06:00
Spencer McIntyre 2bd6b7abc7 Specify the modified_type when generating ysoserial payloads 
Fixes #13753
 2021-03-11 12:09:29 -06:00
Brian Halbach 31201b4cdd Update jira_user_enum.rb 2021-03-11 11:55:27 -06:00
cgranleese-r7 a953626f2d Adds a fix and improves error handling 2021-03-11 17:37:19 +00:00
Alan Foster f5edb5a105 Remove redundant rubocop disables 2021-03-11 17:23:44 +00:00
Gabriel Garcia fff46afb3b Refactoring URL building 2021-03-11 08:13:02 -08:00
Security Curious 59086989f7 Update Firefox Default Profile Directory 
The default firefox profile directory now no longer ends in `.default`
but instead `.default-release`. For backwards compat the new regex
supports both. For more information see:

https://support.mozilla.org/bm/questions/1264072#answer-1235567

It's possible we might want to also support things like
`.default-nightly`, etc but really if we want to do more than grab
the default profile we should read the `profiles.ini` file to get
an itemized list of profiles from Firefox itself. This would also
future-proof this script.

Since profiles are not generally used by most Firefox users just going
for the simpler solution of looking for `.default-release`.
 2021-03-10 21:43:04 -05:00
RAMELLA Sébastien b03877d8fb add. download email attachments + refactorize 2021-03-10 21:12:00 +04:00
sophosyaniv b2f4df4148 fix lint 2021-03-09 19:33:08 -08:00
Brian Halbach 698b4e11c2 Updated Author info 2021-03-09 14:22:50 -06:00
RAMELLA Sébastien f7fe97a145 rename gather module name 2021-03-09 23:52:01 +04:00
RAMELLA Sébastien 932098dccf add. gather capability module 2021-03-09 23:46:07 +04:00