adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

35981 Commits

Author SHA1 Message Date
usiegl00 b8068bc781 Cleanup for Sonoma Dyld 
This adds support for the dyld changes incorperated into Sonoma and
cleans up the existing support for Ventura. This does not break
compatibility with previous versions.
 2023-06-19 10:57:37 +02:00
usiegl00 44762f18e8 Increase Stack Space for Loader 
This increases the stack stack space mmap'd for the 2nd stage loader and
should fix the invalid stack memory access crash on the staged payload.
 2023-06-19 10:57:37 +02:00
usiegl00 e70bdb028a Basic MachO Signing 
This commit adds the sign method to Payload::MachO which performs a
basic SHA256 signature update on the provided macho to enable it to run
under osx aarch64 systems.
 2023-06-19 10:57:37 +02:00
usiegl00 658c87996d Hotwire MachO Signing 
This commit hotwires in executable signing to some of the aarch64 osx
payloads in order to ensure that they are fully functional.
 2023-06-19 10:57:37 +02:00
usiegl00 5f8767f4cf M1ssion Dyld Mettle: Aarch64 Payloads 
This builds on Back from the dyld by adding the required aarch64
assembly code to enable the OSX loader to run on the m1. This enables
the use of native payloads on M1 or M2 devices that do not have Rosetta
installed.
 2023-06-19 10:57:37 +02:00
Guilhem RIOUX 8d7dc7ae26 Add exploit for unauth RCE Jorani 2023-06-19 06:16:07 +02:00
Nishant Desai e3c97148e8 Capturing-SimpleBind-Authentication 2023-06-18 18:47:42 +00:00
h00die 67225650de convert _ to . 2023-06-16 16:13:36 -04:00
h00die 4f661ff230 rocketmq version lib 2023-06-16 15:36:06 -04:00
Ashley Donaldson 381d291da9 Use revision in MSF modules 2023-06-16 10:07:35 +10:00
bwatters 03d59ba4e7 Land # 18084, Add x86 Linux Fetch Payloads 
Merge branch 'land-18084' into upstream-master
 2023-06-15 09:04:22 -05:00
bwatters d5a986a4bc Fix copy/pasta 2023-06-15 08:34:30 -05:00
adfoster-r7 51dc30909a Land #17670, add module to exploit CVE-2019-16328 2023-06-14 23:30:33 +01:00
bwatters f5f61ca508 Start of MOVEit port 2023-06-14 10:04:07 -05:00
Jack Heysel c98cc00de9 Land #18075, RocketMQ version scanner 2023-06-13 18:15:34 -04:00
space-r7 7af22bfd41 Land #18077, add Symmetricom unauth cmd injection 2023-06-13 17:07:16 -05:00
space-r7 5535401345 add exploit rank 2023-06-13 17:05:30 -05:00
bwatters 38f542174d Land #17336, A more robust implementation for Windows version comparisons 
Merge branch 'land-17336' into upstream-master
 2023-06-13 15:38:56 -05:00
Steve Campbell 37bc9cd5a4 Update symmetricom_syncserver_rce.rb 
Updated info to add allowed SRVPORT and LPORT, and fixed issue with srvport variable not used.
 2023-06-13 16:22:08 -04:00
space-r7 091ee36b44 Land #18086, add TerraMaster cmd injection 2023-06-13 14:34:42 -05:00
space-r7 cbf7109c51 add rubocop fixes and some metadata 2023-06-13 13:44:23 -05:00
SinSinology fd5e4dfc39 VMWare vRealize Network Insight pre-authenticated RCE CVE-2023-20887 
Technical details at
https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/
 2023-06-13 15:16:11 +01:00
Jeffrey Martin fa33052cf8 Land #18090, Update the exported keytab table entries to sort by db insert id 2023-06-13 08:13:25 -05:00
adfoster-r7 7fe6b8f481 Update the exported keytab table entries to sort by db insert id 2023-06-13 09:14:06 +01:00
Jack Heysel f97ab80224 Land #17942, Improve AMSI bypass on new Windows 
The script generated by the web_delivery module is blocked
by the Antimalware Scan Interface (AMSI) on newer versions
of windows. This PR allows the script to bypass AMSI.
 2023-06-12 18:50:48 -04:00
Steve Campbell ed516faa93 Update modules/exploits/linux/http/symmetricom_syncserver_rce.rb 
Added link to CVE

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2023-06-12 16:34:24 -04:00
Steve Campbell 5b73c8fea1 Update modules/exploits/linux/http/symmetricom_syncserver_rce.rb 
Added CVE

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2023-06-12 16:33:57 -04:00
Steve Campbell 4e4d09862e Update modules/exploits/linux/http/symmetricom_syncserver_rce.rb 
Fixed misspelling

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2023-06-12 16:32:12 -04:00
Steve Campbell bc2fb0c919 Update modules/exploits/linux/http/symmetricom_syncserver_rce.rb 
Updated heading

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2023-06-12 16:31:21 -04:00
h00die-gr3y 4479d94658 Updates based on review comments from space-r7 and jvoisin 2023-06-12 19:28:08 +00:00
h00die-gr3y 7cd3854208 Removed Webshell upload and updated documentation 2023-06-12 13:58:59 +00:00
RageLtMan ead8a99d79 AWS EC2 Enum: handle limits properly 
Get all instances if limit is not set, improve output slightly.

Note: `inst.network_interfaces.select {|iface| iface.association}`
appears to have problems with multiple calls at run time - says
that the AWS SDK is trying to call `:[]` on `nil` but works in Pry.
 2023-06-10 08:45:25 -04:00
Jeffrey Martin c33fe50bbb remove overzealous error handler 
Update the error handling around the EC2 sdk to follow official documentation:
https://github.com/aws/aws-sdk-ruby/blob/a350a9cf9946aadd1292df6936aecd706c6ddd85/gems/aws-sdk-ec2/lib/aws-sdk-ec2.rb#L68-L72
 2023-06-10 08:45:25 -04:00
Jeffrey Martin b1477a8616 add new notes metadata 2023-06-10 08:45:25 -04:00
RageLtMan afdcf76ef6 AWS EC2 enum: rubocop pass 2023-06-10 08:45:25 -04:00
RageLtMan a04b54486f AWS EC2 enum: parse tags 2023-06-10 08:45:25 -04:00
RageLtMan 00eed69b92 AWS EC2 enum: implement reporting 2023-06-10 08:45:25 -04:00
h00die-gr3y 417c9fa591 init commit module and documentation 2023-06-10 09:42:32 +00:00
space-r7 c9af514be4 Land #18063, add TerraMaster webshell upload 2023-06-09 17:55:32 -05:00
Spencer McIntyre 0ba65b7393 Add the x86 fetch payloads 2023-06-09 16:47:45 -04:00
Spencer McIntyre 4c817ce1de Land #17946, CVE-2023-21839 - Oracle Weblogic RCE 
CVE-2023-21839 - Oracle Weblogic PreAuth Remote Command Execution via ForeignOpaqueReference IIOP Deserialization
 2023-06-09 14:55:43 -04:00
space-r7 c8609d7983 Land #18070, add TerraMaster chained exp module 2023-06-09 12:29:47 -05:00
Grant Willcox 694c1006e4 Add more IPv6 support in to the module 2023-06-09 12:24:35 -05:00
sfewer-r7 27f5a789c9 rework the exploit to use the new MIPS64 fetch payload adapters. Removed the seperate command and dropper targets in favor of a single default target which can do both thanks to fetch payloads. Removed the redundant IO select() call which was bad copy pasta on my part. 2023-06-09 09:47:57 +01:00
Stephen Fewer a1528556e0 Merge branch 'rapid7:master' into CVE-2023-28771 2023-06-09 09:42:19 +01:00
bwatters 039f238dd4 Land #18068, Fix VBS stager in shell_to_meterpreter 
Merge branch 'land-18068' into upstream-master
 2023-06-08 19:16:54 -05:00
h00die-gr3y dfc366e022 Latest updates based on reviewers comments 2023-06-08 21:25:40 +00:00
h00die 3e538a34af review comments 2023-06-08 16:38:22 -04:00
Spencer McIntyre 5b5c29842c Land #18022, Add post/windows/manage/make_token 
Add update_token to MSF + make_token post-ex module
 2023-06-08 14:53:22 -04:00
Steve Campbell 229fc0c002 Added symmetricom_syncserver_rce.rb 2023-06-08 12:46:10 -04:00