adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

35981 Commits

Author SHA1 Message Date
Ron Bowes 34d93e862c Update modules/exploits/linux/local/f5_create_user.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-02-01 10:16:03 -08:00
Ron Bowes e90b47fd17 Update modules/exploits/linux/local/f5_create_user.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-02-01 10:15:00 -08:00
Ron Bowes d89c193db2 Update modules/exploits/linux/local/f5_create_user.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-02-01 10:14:38 -08:00
adfoster-r7 014bdddd1a Land #17564, Fixed AnyConnect IPC message format 2023-02-01 16:34:44 +00:00
adfoster-r7 a5990a5a7d Land #17578, modules/exploits/openbsd Add notes and use CheckCodes messages 2023-02-01 16:26:59 +00:00
Jack Heysel a6f0a8abe3 Land #17301, module for cve-2022-1043, linux LPE 
This module exploits a bug in io_uring leading to an additional put_cred
that can be exploited to hijack credentials of other processes.
 2023-02-01 10:38:10 -05:00
Jack Heysel 690d22f759 Rapid7 compiled binary 2023-02-01 10:08:13 -05:00
bcoles 86a6611e98 modules/exploits/openbsd: Add notes and use CheckCodes messages 2023-02-01 22:26:44 +11:00
bcoles c9012ae222 modules/exploits/qnx: Use AutoCheck, add Notes, resolve Rubocop violations 2023-02-01 20:51:44 +11:00
h00die 2c72cc145a updates to module 2023-01-31 20:05:33 -05:00
h00die fa687d3614 argv instead of hardcoded payload path 2023-01-31 16:02:25 -05:00
h00die 5a374533af cve-2022-1043 2023-01-31 16:02:25 -05:00
h00die 8d58eb6279 cve-2022-1043 2023-01-31 16:02:25 -05:00
Jack Heysel 022760d24a Land #17300, linux LPE cve-2022-22942 module 
This PR adds a linux priv esc against VMWare virtual machines
 with kernel 4.14-rc1 - 5.17-rc1 due to a VMWare driver bug.
 2023-01-31 14:07:55 -05:00
adfoster-r7 56728fc7c2 Land #17573, modules/exploits/linux/ssh Resolve Rubocop violations 2023-01-31 14:12:03 +00:00
adfoster-r7 bbf17c167c Land #17511, add exploit for CVE-2022-44877 command injection in CentOS Control Web Panel 2023-01-31 14:05:19 +00:00
bcoles 11cf391da8 modules/exploits/linux/ssh: Resolve Rubocop violations 2023-01-31 23:59:22 +11:00
Christophe De La Fuente f676568d89 Fix CVE 2023-01-30 12:18:08 +01:00
Christophe De La Fuente a5ba1245c2 Fix CVE 2023-01-30 12:15:14 +01:00
h00die-gr3y a2f4a27614 updated module and added documentation 2023-01-29 10:06:14 +00:00
h00die-gr3y bf10b29a84 first drop module 2023-01-29 07:47:22 +00:00
h00die 62d43a6e96 use exploit retry function 2023-01-28 07:44:53 -05:00
Duarte Silva a7ae3c9389 Fixed AnyConnect IPC message format: 
- Made an error in the original research where the TLV had a type
  and a index, when it only has a type and a modifier that makes
  it into a TV (Type and Value, no Length).
- A TV has its value where the Length would be on a TLV.
- Also added a note on the endieness being correct/working because
  endieness has no impact in the message being used to exploit the
  vulnerability.
 2023-01-28 09:08:51 +00:00
bcoles e11aaa8027 modules/exploits/multi/local: Resolve Rubocop and msftidy_docs violations 2023-01-28 15:02:24 +11:00
Christophe De La Fuente 85d5b041aa Add minimum build number check 2023-01-27 18:03:19 +01:00
Grant Willcox 6043d0ffba Update all links from Wiki site to new docs site. 2023-01-27 09:58:53 -06:00
Spencer McIntyre 647cf1d402 Return Time from #extract_logon_time 2023-01-27 10:05:02 -05:00
Spencer McIntyre f4976a0f9f Fix the logon_time in the MS14-068 exploit 2023-01-26 16:16:55 -05:00
Christophe De La Fuente e01239cf7b Add exploit module and documentation 2023-01-26 21:53:14 +01:00
adfoster-r7 672fb9ce9f Land #17460, add support for feature kerberos authentication 2023-01-26 17:47:27 +00:00
Christophe De La Fuente ed2dd2fc0c Add randomization in the XML when possible & fix BadChars issue 2023-01-26 18:42:09 +01:00
adfoster-r7 2d30909a2f Change option name namespacing convention 2023-01-26 16:17:50 +00:00
Christophe De La Fuente 2be22752be Add Linuc specifics and documentation 2023-01-26 16:16:00 +01:00
Spencer McIntyre 2da5d8ea43 Catch exceptions in inspect_ticket 2023-01-26 09:21:55 -05:00
Grant Willcox 71aa4bdace Update ldap_query with find_schema_dn function to find the schema DN which may not be the same as the base DN so we can query security attributes of entries 2023-01-25 15:19:29 -06:00
Spencer McIntyre f81195d0cc Fix a typo 2023-01-25 13:45:18 -05:00
adfoster-r7 3d003ff14c Land #17540, Handle KDC_ERR_CERTIFICATE_MISMATCH for certifried 2023-01-25 18:39:20 +00:00
Spencer McIntyre 427e354328 Land #17538, Fix smb login crash 
Fix smb login crash with kerberos options set
 2023-01-25 13:35:14 -05:00
Dean Welch 5b473e4ede Handle KDC_ERR_CERTIFICATE_MISMATCH for certifried 2023-01-25 18:22:54 +00:00
Spencer McIntyre 21f33296b7 Consolidate PKINIT hash extraction code 2023-01-25 12:16:42 -05:00
Spencer McIntyre 44d8304beb Report the PKCS12 error message 2023-01-25 10:02:37 -05:00
adfoster-r7 24a8582a7b Fix smb login crash with kerberos options set 2023-01-25 13:58:29 +00:00
Spencer McIntyre dbe9ee3a77 Update documentation 2023-01-25 08:39:52 -05:00
Spencer McIntyre a5e2c5b3b7 Unify pkinit_login with get_ticket 2023-01-25 08:36:26 -05:00
Spencer McIntyre 785e2caa9f Refactor #send_request_tgt_pkinit, clarify docs 2023-01-25 08:36:26 -05:00
adfoster-r7 9babcf3564 Add conditions to forge ticket 2023-01-24 13:28:10 +00:00
Christophe De La Fuente 38f0d33d6b Add exploit module 2023-01-24 00:55:45 +01:00
space-r7 153af9fb68 Land #17407, add Cacti unauth command injection 2023-01-23 13:06:46 -06:00
space-r7 58cd5bb003 specify command stager flavors 2023-01-23 11:53:19 -06:00
cgranleese-r7 af740aea85 Land #17515, Use shared helper for creating kerberos options 2023-01-23 13:37:00 +00:00