adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

35981 Commits

Author SHA1 Message Date
ErikWynter 3c219c8a77 prevent .keys call on nil in log4shell_header_injection 2022-12-15 12:51:30 +02:00
Steffen Robertz 1b690283db Unauthenticated RCE for multiple Zyxel Router 2022-12-15 11:50:48 +01:00
Ashley Donaldson 28bd03f971 Apply suggestions from code review 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2022-12-15 14:50:10 +11:00
Ashley Donaldson 57152fdd5f Use framework's thread mechanism for background keepalive worker 2022-12-15 14:44:57 +11:00
Grant Willcox d15ed9d2bd Land #17370, force mixin to utilize ruby_smb 2022-12-14 13:13:04 -06:00
adfoster-r7 2783e92203 Update windows_secrets_dump and Keytab module to export kerberos keys 2022-12-14 13:40:39 +00:00
Christophe De La Fuente 2a28af208d Land #16992, Syncovery For Linux - Auth. RCE (CVE-2022-36534) 2022-12-14 13:43:00 +01:00
Christophe De La Fuente 9582411554 Land #16991, Syncovery For Linux - Insecure Session Token Generation (CVE-2022-36536) 2022-12-14 11:30:47 +01:00
whoot 0f1e228f50 finalization 2022-12-14 08:59:53 +01:00
whoot 1f1b04e009 finalization 2022-12-14 08:38:20 +01:00
Jan Rude 0ae824e169 Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-12-14 08:07:55 +01:00
Jan Rude e16e689308 Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-12-14 08:07:45 +01:00
Jan Rude d6ba30adcf Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-12-14 08:07:35 +01:00
Jan Rude 911431c63b Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-12-14 08:07:24 +01:00
adfoster-r7 a9ccfe31b7 Merge branch 'upstream-master' into merge-msf-6.2.31-into-kerberos-feature-branch 2022-12-13 19:40:39 +00:00
Christophe De La Fuente d6a5590c06 Land #17265, Add Exploit for CVE-2020-25736 2022-12-13 18:49:56 +01:00
Shelby Pace 0596620de7 Update modules/exploits/osx/local/acronis_trueimage_xpc_privesc.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-12-13 09:49:59 -06:00
Jan Rude 03a640fcec Update modules/auxiliary/scanner/http/syncovery_linux_token_cve_2022_36536.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-12-13 16:06:42 +01:00
Jan Rude f158cfaadd Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-12-13 16:05:56 +01:00
Jan Rude c8e301224b Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-12-13 16:05:45 +01:00
Jan Rude 53cde6d2ef Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-12-13 16:04:45 +01:00
Jack Heysel 2fa7e7b2d5 Lenovo Diagnostics Driver Privilege Escaltion (CVE-2022-3699) 2022-12-12 21:53:53 -05:00
Spencer McIntyre d09aef7dc5 Land #17350, Remove unnecesary sleep 
Remove unnecesary sleep in several bypassuac modules
 2022-12-12 17:45:10 -05:00
Jeffrey Martin 0eec36200c force mixin to utilize ruby_smb 
When refactored recently the new code expects a `RubySMB` object
this ensures the client returned meets that expectation.
 2022-12-12 16:14:09 -06:00
space-r7 13a557013c support 2021 version of software 
specifically, the exploit will now search
for com.acronis.helpertool in addtion to the
2020 helper tool name. This also updates the
check() method to return CheckCode::Detected
for when we find the vulnerable service but
can't detect the build number
 2022-12-12 15:53:35 -06:00
Spencer McIntyre 5a66666b4d Fix check methods by using #present? 2022-12-12 16:53:34 -05:00
Spencer McIntyre 024fc87b4c Land #17272, Add F5 MCP post module 
Add F5 MCP post module
 2022-12-12 14:20:31 -05:00
npm-cesium137-io d04111ad6f solarwinds_orion_dump markdown update 
Nuked the last embarrassing typo in the module description.

Updated the documentation to include detail on sqlcmd / CSV export
process when manually exporting the data.
 2022-12-12 10:54:41 -05:00
Spencer McIntyre a80db73bab Land #17325, add impersonation for get_ticket 
Enable the `get_ticket` module to impersonate a user with S4U2self and S4U2proxy
 2022-12-12 09:10:37 -05:00
npm-cesium137-io 6eaa0bfab2 Add veeam_credential_dump post module 
Post module for Veeam Backup and Replication / Veeam ONE Monitor Server
credential extract
 2022-12-10 16:21:59 -05:00
npm-cesium137-io 8075654f10 Revise solarwinds_orion_dump MKII 
Fixed humiliating typos in the markdown doc.

Updated the Author section of the module per guidelines.

Changed credential type for AES key loot storage.

Updated database config code to include the case where the SQL password
is not encrypted (needs testing).

Additional tweaks and fixes.
 2022-12-09 14:47:18 -05:00
whoot 771b7c58f9 change brute-forcer 2022-12-09 12:33:13 +01:00
Jan Rude 005d43f7d1 Merge branch 'rapid7:master' into syncovery_craftable_token 2022-12-09 09:34:42 +01:00
whoot c1d090334c apply suggestions 2022-12-09 09:31:20 +01:00
Ashley Donaldson 8d097e0fd0 Fixes bug in s4u_persistence module 2022-12-09 11:24:16 +11:00
Ashley Donaldson c54109586c Remove unnecesary sleep in several bypassuac modules 2022-12-09 11:09:19 +11:00
JustAnda7 293a203a03 Added path option to cmd payloads 2022-12-08 12:19:31 -06:00
Grant Willcox 77bda68932 Add in more constants for the SCAL flags and use them to make the code easier to read 2022-12-07 10:48:07 -06:00
npm-cesium137-io 2f3fd6c917 Revise solarwinds_orion_dump 
Made modifications to documentation to add further detail for each
action.

Significant refactor of error handling, now with (hopefully) proper use
of exceptions.

Various suggested code improvements and optimization.

Fixed some redundant and buggy code.
 2022-12-07 07:55:43 -05:00
Grant Willcox e7d72e0ecf Allow multiple controls to be specified 2022-12-06 23:21:48 -06:00
Grant Willcox fd8bdf4daf Make sure we use the LDAP_SERVER_SD_FLAGS_OID flag and set it to 7 when retrieving entries so that we don't retrieve the SACL, which cannot be retrieved by nonadmin users. 2022-12-06 22:54:03 -06:00
cn-kali-team c81029a165 fix 2022-12-07 12:32:41 +08:00
cn-kali-team 7720119948 fix 2022-12-07 12:32:14 +08:00
三米前有蕉皮 bb3e5df6f5 Update modules/post/windows/gather/credentials/minio_client.rb 
Co-authored-by: bcoles <bcoles@gmail.com>
 2022-12-07 09:23:50 +08:00
三米前有蕉皮 9c94ce09da Update modules/post/windows/gather/credentials/minio_client.rb 
Co-authored-by: bcoles <bcoles@gmail.com>
 2022-12-07 09:20:38 +08:00
space-r7 9c7355388c add attackerkb link 2022-12-06 11:19:05 -06:00
Heyder Andrade cf6d5d3a14 It made the gadgets being used more readable 2022-12-06 17:47:49 +01:00
Christophe De La Fuente e7e2849f6d Land #17183, Zimbra fixes 2022-12-06 15:38:37 +01:00
Christophe De La Fuente ddaf5a3f0d Remove unecessary return statement 2022-12-06 15:07:28 +01:00
Christophe De La Fuente aaef7726db Land #17330, Fix enumerating emails via ProxyShell 2022-12-06 14:02:53 +01:00