adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

35981 Commits

Author SHA1 Message Date
Stephen Wildow 79b1801a4f Rewrote check method to only abuse authentication bypass. Added additional status checks. 2023-02-11 17:43:33 -05:00
JBince d5b7ad30a1 Created module 2023-02-10 17:01:57 -06:00
sfewer-r7 a3f4dceb5b clean up the check method; avoid using print_message in favor of the CheckCode reason. and use a CheckCode of Safe rather than Unknown if we dont find the expected version string. Thanks @bcoles for the review on this. 2023-02-10 13:03:23 +00:00
sfewer-r7 dc8ee988f5 use Rex::Version in the check method for better version comparisons 2023-02-10 10:45:32 +00:00
sfewer-r7 a19bdde276 pass the 'bne:uueupload' param via the vars_get option 2023-02-10 10:44:21 +00:00
sfewer-r7 54c472ef18 fix typo in the description 2023-02-10 10:43:36 +00:00
Stephen Wildow 036ed7f467 Removed /etc/password. Modified check code and fail_with. Added proper checking for non-vulnerable versions of firmware. 2023-02-09 21:55:40 -05:00
Frycos e963582e18 Update fortra_goanywhere_rce_cve_2023_0669.rb 
Name typo
 2023-02-09 23:06:59 +01:00
Grant Willcox f2a86327d0 Minor fixes from review 2023-02-09 15:34:25 -06:00
Grant Willcox aa9b3df6b3 Land #17625, Add credit for CVE-2023-0669; fix path in docs 2023-02-09 14:02:52 -06:00
Spencer McIntyre c7279e9a0a Add credit for CVE-2023-0669; fix path in docs 2023-02-09 13:02:40 -05:00
Grant Willcox 43b4ee268c Land #17592, Fix bypassuac_injection_winsxs for x64 2023-02-09 11:41:51 -06:00
sfewer-r7 d4be663923 add the side effect flag ARTIFACTS_ON_DISK as during extraction of the UUE encoded zip file, some randomly names temp files are left in /u01/install/APPS/fs1/EBSapps/appl/bne/12.0.0/upload 2023-02-09 17:28:15 +00:00
sfewer-r7 86f11b09fb avoid the upto loop when creating jsp_path 2023-02-09 17:18:58 +00:00
Spencer McIntyre e6f4e96544 Close hFindFile 2023-02-09 11:43:20 -05:00
sfewer-r7 406574722a satisfy Rubocop 2023-02-09 16:30:30 +00:00
sfewer-r7 b97a288102 add an exploit module for CVE-2022-21587 (Oracle E-Business Suite RCE) 2023-02-09 16:22:30 +00:00
bcoles de8a6e1445 Move fortra_goanywhere_rce_cve_2023_0669 module documentation to documentation directory 2023-02-09 23:12:45 +11:00
cgranleese-r7 508f5c7e52 Land #17619, Run rubocop on exploit modules 2023-02-09 10:11:53 +00:00
RageLtMan ef53e3c52e Python reverse command shell over SCTP 
Implement reverse shell over SCTP in Python.
During testing against Arch Linux with Python 3.10.9, any attempt
to interact with the resulting shell produced:
```
Traceback (most recent call last):
  File "/tmp/shell.py", line 12, in <module>
    so.send(o)
OSError: [Errno 22] Invalid argument
```
Implement handling for OSError 22 on the send() method for the
abnormal stream socket.

Testing:
  Tested against local KVM virtual machine running Arch Linux
 2023-02-08 21:47:28 -05:00
RageLtMan a215d64574 Linux x64 binary reverse SCTP stager 
Implement binary SCTP stager for Linux x64.

Testing:
  Successful test against Arch Linux x64 VM in local Libvirt
 2023-02-08 21:47:28 -05:00
RageLtMan 8aef054dfd SCTP Sessions 
With the introduction of SCTP socket support in Rex::Socket via
https://github.com/rapid7/rex-socket/pull/56, Framework can utilize
this protocol for session transports similarly to  TCP as it is a
stream-wise transport.

Implement bind and reverse handlers for the new socket type.
Implement example bind and reverse payloads using socat copying
from the initial udp sessions implementation.

Testing:
  Rudimentary bind session test against local Libvirt Linux VM

Next steps:
  Implement the language-level payloads for the interpreters common
to POSIX environments supporting SCTP.
  Implement meterpreter transports for SCTP in Python, PHP, Mettle,
and Java modalities (Windows doesn't support it without carrying
its own usermode protocol library).
 2023-02-08 21:47:28 -05:00
Stephen Wildow 4b05ba6189 Update description and vulnerability listings. Cleaned up references. More randomization. Removed first unnecessary request in exploit portion of code. Added rescue section around json grabbing. 2023-02-08 21:26:18 -05:00
Jack Heysel 19bcf8be7f Working hardcoded payload 2023-02-08 18:14:11 -05:00
bwatters 01a78f972c Land #17567, ManageEngine Endpoint Central RCE (CVE-2022-47966) 
Merge branch 'land-17567' into upstream-master
 2023-02-08 13:06:53 -06:00
Spencer McIntyre c997952d83 Land #17607, Fortra RCE CVE-2023-0669 
Fortra deserialization RCE CVE-2023-0669 (ETR)
 2023-02-08 12:56:09 -05:00
cgranleese-r7 a878403a3e Land #17618, Run rubocop on auxiliary admin http modules 2023-02-08 17:40:26 +00:00
adfoster-r7 656ded4b86 Add module notes 2023-02-08 15:46:07 +00:00
Spencer McIntyre 2b008af097 Move the module to reflect it targets Windows too 2023-02-08 10:24:27 -05:00
adfoster-r7 25ee41df68 Run rubocop on exploit modules 2023-02-08 15:20:32 +00:00
Spencer McIntyre 75ceb7b670 Refactor option handling. 
Use CamelCase names for advaned options and add validation.
 2023-02-08 10:17:16 -05:00
Spencer McIntyre fef7c85518 Add Windows target compatibility 2023-02-08 09:47:37 -05:00
adfoster-r7 6e9b33dc88 Run rubocop on auxiliary admin http modules 2023-02-08 14:30:08 +00:00
adfoster-r7 b56213b168 Update linting on post modules 2023-02-08 14:12:43 +00:00
dwelch-r7 11c886b30f Land #17616, Run rubocop on post modules 2023-02-08 14:09:16 +00:00
adfoster-r7 a81a71c5df Run rubocop on post modules 2023-02-08 13:47:34 +00:00
cgranleese-r7 10144a9f13 Land #17615, Add missing module notes for stability reliability and side effects 2023-02-08 12:28:47 +00:00
adfoster-r7 433bafdccf Add missing module notes for stability reliability and side effects 2023-02-08 11:45:17 +00:00
Stephen Wildow 35749a000a Added docs. Performed code linting with rubocop. 2023-02-07 20:27:07 -05:00
bwatters 8ee67085c8 Land #17556, ManageEngine ADSelfService Plus RCE (CVE-2022-47966) 
Merge branch 'land-17556' into upstream-master
 2023-02-07 16:57:22 -06:00
Matthew Dunn 52fa2e5be6 Add example for version 5.5.6 with CVE-2021-25297 2023-02-07 14:18:53 -06:00
Grant Willcox 489ab24876 Add in additional case documentation for the various targets and CVEs and fix a bug in the code 2023-02-07 14:18:45 -06:00
Grant Willcox 7c30889784 Refactor code to handle unsigned licenses in one central function 2023-02-07 14:18:39 -06:00
Grant Willcox b14bcd40a2 Fix incorrect match logic grabbing the wrong entry from results for NSP 2023-02-07 14:18:38 -06:00
Grant Willcox 425da60b15 Add in missing case 5 check 2023-02-07 14:18:38 -06:00
Matthew Dunn 90e07ef5ed Switch to match over scan and add troubleshooting steps 2023-02-07 14:18:37 -06:00
Matthew Dunn 8cddf56238 Verify auth_cookies before use 2023-02-07 14:18:37 -06:00
Matthew Dunn a276659681 Use more encompassing single regex 2023-02-07 14:18:36 -06:00
Matthew Dunn 7554b5e4fd Add failure condition for nsp's that fail to match the regex 2023-02-07 14:18:36 -06:00
Matthew Dunn 1cb06b11ac Adjust exploit and docs to support versions 5.5.6-5.7.5 2023-02-07 14:18:09 -06:00