adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

35981 Commits

Author SHA1 Message Date
sfewer-r7 ccd8c71ec6 change the payload space to 5000. This allows all the payloads I tested to work but also allows all the 3 gadget chains I tested to work. ClaimsPrincipal and TypeConfuseDelegate will fail if the space is too large. 2023-10-04 09:38:42 +01:00
sfewer-r7 1be8e0245b remove the powershell target as the powershell command adapter will handle this for us (thanks Spencer). Increate the space to handle the larger powershell command lines. I tested with cmd/windows/powershell/x64/meterpreter/reverse_tcp and the powershell command length was 4404. 2023-10-03 17:48:37 +01:00
adfoster-r7 14c42fcefc Land #18405, Show errors on inaccessible payload files 2023-10-03 12:22:04 +01:00
sfewer-r7 2eacb75feb Add a reference to the AssetNote blog. Better describe what teh TARGET_URI option is for and why it defaults to /AHT/ 2023-10-03 11:17:21 +01:00
cgranleese-r7 87d108aab5 Removes Meterpreter logic 2023-10-03 09:53:02 +01:00
h00die 88eb44be64 kibana telemetry rce 2023-10-02 16:53:20 -04:00
JustAnda7 ea189d6c34 Changes-to-the-helper-lib 2023-10-02 13:35:28 -04:00
sfewer-r7 1695a12c9c Explicitly state both the release name (e.g. 2022.0.2) and the version number (e.g. 8.8.2) in a more consistent way. 2023-10-02 17:40:11 +01:00
Jack Heysel 5087e0ffe3 Land #18197, Ldap login scanner module 
Adds a new login scanner module for LDAP
 2023-10-02 10:56:56 -04:00
sjanusz-r7 e70f356239 Show errors on inaccessible payload files 2023-10-02 14:46:25 +01:00
Dean Welch 76a25c6937 Don't store creds for successful schannel ldap auth 2023-10-02 13:42:25 +01:00
sfewer-r7 53ed4a632b add in exploit module for CVE-2023-40044 - WS_FTP unauthenticated RCE via .NET deserialization. 2023-10-02 11:42:19 +01:00
Christophe De La Fuente 50155e3d94 Land #18389, Juniper Junos OS PHPRC Manipulation RCE (CVE-2023-36845) 2023-09-29 18:05:28 +02:00
Jack Heysel 37bc4ca51f Fixed root password resetting 2023-09-29 11:40:03 -04:00
Jack Heysel 58642c16c9 Changed WebSocket to SSH 2023-09-28 14:41:03 -04:00
Jack Heysel 3f15de3995 Responded to Christophes suggestions 2023-09-28 14:26:37 -04:00
Spencer McIntyre 36d8a34d39 Land #18408, JetBrains TeamCity CVE-2023-42793 2023-09-28 14:01:59 -04:00
Spencer McIntyre e7ab983279 Minor code changes 
Changes include:
  * Remove the PAYLOAD key which didn't do anything
  * Add the missing payload size constraint
  * Use #retry_until_truthy
 2023-09-28 13:19:26 -04:00
sfewer-r7 89940e8b08 use the correct naming convention for normal options. 2023-09-28 16:36:18 +01:00
sfewer-r7 9a6e2dab71 improve the check routine to explicitly look for either a header value or a cookie value that TeamCity is known to set 2023-09-28 16:28:16 +01:00
sfewer-r7 96568bf6d3 typo in comment 2023-09-28 16:05:46 +01:00
sfewer-r7 ad7ff705c7 add in a Linux target 2023-09-28 14:57:02 +01:00
sfewer-r7 fbd5e60cfc add in coverage for CVE-2023-42793. Currently only a Windows target. 2023-09-28 12:31:59 +01:00
Ashley Donaldson 1bd229056e Support Kerberos auth for DCERPC 2023-09-28 16:26:06 +10:00
errorxyz 2cf8b3808c Fix lotus_domino_hashes to use #service_details from HttpClient mixin 2023-09-27 21:16:24 +05:30
bwatters a4c6b11237 Fix pass by reference bug on the module side 2023-09-27 09:43:32 -05:00
Christophe De La Fuente 1058291af9 Land #18314, Windows Error Reporting RCE (CVE-2023-36874) 2023-09-27 15:25:06 +02:00
Nishant Desai 1a3b00e593 shifting-appropriate-methods-to-auth-lib 2023-09-27 12:23:29 +00:00
Jack Heysel 3eaa4adcb7 rubocop 2023-09-26 18:48:33 -04:00
Jack Heysel 9a1881cbcf jvoisin suggestions 2023-09-26 18:42:14 -04:00
Jack Heysel 09f3a98d13 Finished JAIL_BREAK addition 2023-09-26 16:45:28 -04:00
bwatters 0b84feaf60 updates from code review 2023-09-26 14:03:31 -05:00
Jack Heysel b4539f174d Added JAIL_BREAK option and corresponding methods 2023-09-25 19:03:54 -04:00
errorxyz b4dee448bc Update deprecated report_auth_info method call in lotus_domino_hashes 2023-09-24 22:32:52 +05:30
errorxyz 7cd447b5d0 Update deprecated report_auth_info method call in modicon_password_recovery 2023-09-24 22:22:36 +05:30
errorxyz 203470302a Remove deprecated report_auth_info method call from vbulletic_vote_sqli_exec module 2023-09-24 22:20:35 +05:30
bwatters be731f330e Add error checking and randomize the report directory 2023-09-22 14:43:21 -05:00
eu b1de44d892 Fix code styling 2023-09-22 16:51:49 +02:00
eu 4044835a64 Improve the cleanup method 
- The cleanup methos is deleting the job and removing the app directory
- Added a change dir command as an AutoRunScript just to avoid the error when trying to access the current directory in the session
 2023-09-22 15:45:40 +02:00
eu 47d8e4de04 Remove ReturnOutput option 
TODO: distinguish commands that return output and commands that don't
 2023-09-22 11:52:14 +02:00
Jack Heysel 127f0104d2 Address review comments 2023-09-21 13:36:00 -04:00
Jack Heysel 12de4dd2c7 Improved request sending and added watchtower ref 2023-09-21 09:45:59 -04:00
cgranleese-r7 6fdcc43530 Removes mixin 2023-09-21 14:35:13 +01:00
Christophe De La Fuente 1e69086d24 Land #18365, TOTOLINK X5000R Wireless GigaBit Router Unauthenticed RCE [CVE-2023-30013] 2023-09-21 11:27:19 +02:00
h00die-gr3y 6e11f4353b Updates addressing cdelafuente-r7 comments 2023-09-20 22:14:48 +00:00
Jack Heysel da8c020d14 Junos OS SRX and EX PHPRC Manipulation RCE 2023-09-20 16:47:05 -04:00
JustAnda7 6972a910fb changes-to-support-ntlm 2023-09-20 16:48:08 +00:00
bwatters 03fa034ff5 Actually delete the file I told you to delete 2023-09-20 09:10:51 -05:00
Dean Welch 1609836ea2 Don't store passwords to creds if the password wasn't needed for the auth type 2023-09-20 14:30:06 +01:00
cgranleese-r7 461e661d06 Makes improvement to enum_computers module 2023-09-20 12:50:39 +01:00