adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

35981 Commits

Author SHA1 Message Date
space-r7 ea486169b4 use erb template for objective-c code 2022-11-17 11:55:19 -06:00
Spencer McIntyre f4a65a220a Support ON_BEHALF_OF in icpr_cert 
Add the code necessary to request certificates on behalf of other users.
This is necessary to exploit templates vulnerable to ESC2 and ESC3.
 2022-11-17 12:12:35 -05:00
Shelby Pace f8dff82a78 Update modules/exploits/osx/local/acronis_trueimage_xpc_privesc.rb 
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2022-11-17 10:29:49 -06:00
Christophe De La Fuente d1a7170020 Land #17021, Gitea Git fetch RCE module - CVE-2022-30781 2022-11-17 12:28:29 +01:00
Christophe De La Fuente 11541a5774 Add comment for details about the string substitutions on Windows 2022-11-17 12:25:52 +01:00
Ron Bowes 93cba95170 Add URLs 2022-11-16 12:23:47 -08:00
Ron Bowes 6a8b94ee42 Merge branch 'f5-post-modules' into f5-createuser-privesc 2022-11-16 12:23:02 -08:00
Ron Bowes c01c4c3cdd Add URLs 2022-11-16 12:22:17 -08:00
Ron Bowes 7ebf84c66b Add URLs 2022-11-16 12:20:37 -08:00
Ron Bowes 20e6c1b55e Add URLs 2022-11-16 12:19:16 -08:00
Ron Bowes fc579fe3f4 Add a privesc module for F5, using the MCP protocol 2022-11-16 12:12:16 -08:00
Ron Bowes 944fd07502 Add three post-modules and a mixin for communicating with F5's MCP 2022-11-16 12:09:58 -08:00
Ron Bowes d0e109b842 Check in exploit module for CVE-2022-41800 2022-11-16 12:04:18 -08:00
Ron Bowes 99e661cfcf Check in exploit script for CVE-2022-41622 (CSRF into SOAP) 2022-11-16 11:58:15 -08:00
space-r7 486e469682 add new reference 2022-11-16 10:32:08 -06:00
space-r7 383e121f20 add FileDropper usage and module description 2022-11-15 12:37:39 -06:00
krastanoel 1ddc137f1a Update module 
- adjust execute_command method and add logic for :win_dropper target
- move cmdstager uripath setting into target case statement
- add more cmdstagerflavour for :linux_dropper target
- fix lint msftidy
 2022-11-15 22:30:45 +07:00
krastanoel cbca2a5604 Update modules/exploits/multi/http/gitea_git_fetch_rce.rb 
apply suggestion

Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-11-15 22:17:59 +07:00
Christophe De La Fuente 494c9601ca Land #17222, Pre-authenticated Remote Code Execution in VMware NSX Manager using XStream [CVE-2021-39144] 2022-11-15 14:16:14 +01:00
space-r7 e0c693c5a8 add objective-c code and pid code 2022-11-14 17:57:39 -06:00
Spencer McIntyre eff9a16e00 Use the access mask data type 
Also switch from bit16 to uint16 so it's little endian.
 2022-11-14 12:27:38 -05:00
h00die f6eba6a836 updated bloodhound module 2022-11-13 14:29:28 -05:00
h00die 7abbdbe567 bloodhound module working with exe with sharphound v4 2022-11-13 10:26:15 -05:00
h00die 59535b6799 remove 'is' 2022-11-12 16:19:50 -05:00
h00die-gr3y 70669f3fea addressed code improvement suggestions 2022-11-12 10:21:43 +00:00
H00die.Gr3y 72080910e7 Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-11-12 09:22:06 +01:00
H00die.Gr3y 85b4512292 Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-11-12 09:21:55 +01:00
H00die.Gr3y 5d314e5799 Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-11-12 09:21:42 +01:00
H00die.Gr3y 04d6a310af Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-11-12 09:16:46 +01:00
H00die.Gr3y 1ce8695401 Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-11-12 09:16:30 +01:00
H00die.Gr3y e38138d69e Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-11-12 09:16:17 +01:00
H00die.Gr3y 967388eba7 Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb 
Agreed !

Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-11-12 09:15:42 +01:00
space-r7 8e59cac3a8 add check and exploit methods 2022-11-11 17:56:13 -06:00
adfoster-r7 65f6aaca82 Land #17077, Add support for AES keys for silver/golden ticket forging 2022-11-09 16:51:11 +00:00
Dean Welch 23ff829e52 Add support for AES keys for silver/golden ticket forging 2022-11-09 13:01:13 +00:00
adfoster-r7 3599221002 Land #17229, add post/multi/recon/reverse_lookup module 2022-11-09 11:28:45 +00:00
krastanoel 639afebe1e Update module 
- handle cleanup method on manual `check`
- adjust targets flavour option
- add :win_dropper target and handle the payload delivery
NOTE: the Windows dropper target is still unsuccessfull but keep this for further review
 2022-11-09 16:12:20 +07:00
krastanoel 13bb31feeb Update module 
- move repository migration to execute_command.
NOTE: the stageless payload is still unsuccessfull but keep this anyway for christophe to review.
 2022-11-09 04:52:18 +07:00
krastanoel bca5138fc8 Update module 
- move cleanup process to its own method and handle the response
- remove timeout and http delay option
- adjust target type location as code review suggestion
 2022-11-09 01:42:27 +07:00
Christophe De La Fuente 37fd441b0f Land #17117, Authenticate to Kerberos with PKINIT 2022-11-08 18:54:03 +01:00
krastanoel a50cca27e6 remove cookie_jar manipulation 2022-11-09 00:48:23 +07:00
krastanoel 52d867bbc7 follow Ruby coding convetions 
- combine gitea_version into get_gitea_version for the check method
- validate empty username
 2022-11-09 00:41:30 +07:00
Spencer McIntyre 65e4e1b76d Land #17221, Fix crash with payload sizes 
Fix crash when generating payload sizes
 2022-11-08 10:26:27 -05:00
krastanoel f0b67c8812 fix msftidy 2022-11-08 14:14:45 +07:00
krastanoel 540984804d Apply suggestions from code review 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-11-08 14:09:31 +07:00
adfoster-r7 f84113d96e Land #17235, report service_name in ManageEngineDesktopCentral 2022-11-07 23:57:09 +00:00
Grant Willcox 416cf78ae2 Land #17149, Update ssl_version module to be useful 2022-11-07 15:59:50 -06:00
Spencer McIntyre 47097b8d7d Land #17211, Compress Python payloads 
Compress Python payloads before base64 encoding
 2022-11-07 14:17:05 -05:00
Jeffrey Martin 27e9d9d272 report service_name in ManageEngineDesktopCentral 
The scanner now reports the service_name in the `Result` object.
 2022-11-07 12:23:59 -06:00
Spencer McIntyre ed7d458f07 Land #17122, Add in ESC Finder Module (ESC1-ESC3) 2022-11-07 11:53:15 -05:00