adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

35981 Commits

Author SHA1 Message Date
npm-cesium137-io d3ba830dc2 Refactor thycotic_secretserver_dump MKI 
Re-worked version detection code after working with earlier builds of
Secret Server.

Removed the LastModifiedDate time stamp from the SQL query as it was not
available in any but late versions.

Added logic for dealing with SQL schema differences between versions.

Added support for earlier builds of Secret Server, including pre-10.4
instances, which use different encryption mechanisms.

Significant refactor of several methods to support legacy versions of
Secret Server.

Re-designed the workflow: module now has three actions, "export" dumps
the encrypted CSV, "decrypt" will decrypt an exported CSV and "dump"
(default) does both.

Various bug-fixes and tweaks based on feedback.

Changed some of the wording of output messages.
 2022-08-25 15:36:01 -04:00
Spencer McIntyre 324fb69735 Resolve rubocop issues 2022-08-25 14:41:30 -04:00
Spencer McIntyre 8a79128ac4 Switch to using Rex::RandomIdentifier 2022-08-25 14:37:37 -04:00
Spencer McIntyre 2e8e15e338 Fail back to the old method using error handling 
Tested successfully on docker image tags:
  * Jenkins 1.565  (pushed 2015-11-14)
  * Jenkins 2.60.3 (pushed 2018-07-17)
Tested unsuccessfully on docker image tags:
  * Jenkins 2.346.3 (pushed 2022-08-10)
    Issue is that login is broken because the URI changed from
    j_acegi_security_check to j_spring_security_check.
 2022-08-25 14:06:47 -04:00
h00die-gr3y 14aad14b57 rubocop fix update 2022-08-25 17:54:53 +00:00
Christophe De La Fuente 1b5338da06 Land #16701, Rewrite of Cisco ASA Clientless VPN Brute-force 2022-08-25 16:04:48 +02:00
Grant Willcox 5a8484fa36 Fix bug introduced with recent changes whereby .first was called where it wasn't needed 2022-08-24 16:15:11 -05:00
Grant Willcox 998a3876a5 Rubocop modules 2022-08-24 15:43:10 -05:00
Spencer McIntyre 3c495770b8 Allow configuring a base_dn prefix 2022-08-24 15:13:16 -04:00
Grant Willcox dc7f602a58 Fix up library code and associated modules so that they always return consistent values and the modules process them appropriately 2022-08-24 13:37:03 -05:00
Grant Willcox 323f279093 Fix up more comments from the review sans some library changes I still need to work through 2022-08-24 11:56:14 -05:00
bcoles 8939d09efa post/windows/gather/memory_dump: Support dumping processes by name 2022-08-24 18:04:29 +10:00
Grant Willcox a249257c27 Remove extra debug statement 2022-08-23 21:00:07 -05:00
Grant Willcox 70e006c493 Initial updates from personal review, sans module adjustments 2022-08-23 20:48:15 -05:00
Christophe De La Fuente 158da155d3 Land #16898, Msf::Post::Windows::Accounts: Add domain_controller? method 2022-08-23 20:16:29 +02:00
Ron Bowes abd392c372 Add in changes from review 2022-08-23 11:44:03 -05:00
Ron Bowes 97f8ec9367 Documentation, output cleanup 2022-08-23 11:43:51 -05:00
Ron Bowes 24460efb77 Iniital import of working exploit 2022-08-23 11:43:51 -05:00
Christophe De La Fuente 847cd97927 Land #16925, Fix a payload bug in unrar_cve_2022_30333 2022-08-23 12:59:37 +02:00
Ron Bowes 13d8c41f98 Clean up and better documentation 2022-08-22 11:46:50 -07:00
npm-cesium137-io b5a5fb23fb Add thycotic_secretserver_dump post module 
Initial commit for post module targeting Windows servers with Secret
Server installed.
The module can decrypt secrets from Secret Server version 10.4 - 11.2
provided they are not protected by HSM.
An additional auxiliary module is being developed to perform offline
decryption and recovery of the database using the loot extracted via
this module.
 2022-08-22 14:41:33 -04:00
Ron Bowes c7ba5dde00 Append a newline and NUL byte to the payload, to make sure shellscripts (and other scripts) parse properly 2022-08-22 11:03:07 -07:00
Ron Bowes 82bf8b5a22 Add a setting for a custom payload, and encode default payloads as executables 2022-08-22 10:09:53 -07:00
Spencer McIntyre 07fdc1f1ec Land #16907, ms10_092_schelevator: Cleanup 2022-08-22 11:53:02 -04:00
bcoles b3f9847bc4 enum_ms_product_keys: Cleanup and support non-meterpreter sessions 2022-08-21 16:00:27 +10:00
bcoles 7e055a2512 Msf::Post::Windows::Accounts: Add domain_controller? method 2022-08-20 12:16:26 +10:00
Ron Bowes f90b6464ad Remove the Payload section from linux/fileformat/unrar_cve_2022_30333 2022-08-19 14:23:51 -07:00
Jake Baines b4fe31757d Added module for CVE-2022-20828 2022-08-19 12:29:37 -07:00
Jake Baines 2242272ef4 Added CSRF token support. Fixed an issue with HTTP Keep-Alive 👀 2022-08-19 10:51:33 -07:00
Grant Willcox 97bce45e69 Land #16915, Add exploit for CVE-2022-23277 (Exchange RCE) 2022-08-19 11:11:46 -05:00
bcoles 666a3efcfd ms10_092_schelevator: Cleanup 2022-08-19 15:19:28 +10:00
bcoles 28a599804e enum_shares: Cleanup and support non-meterpreter sessions 2022-08-19 14:08:59 +10:00
Jack Heysel 6c09cc8c9d Responded to PR comments 2022-08-18 16:20:03 -04:00
jheysel-r7 c4abda67c1 Update modules/exploits/linux/http/panos_auth_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-08-18 16:15:21 -04:00
jheysel-r7 1f6c52923b Update modules/exploits/linux/http/panos_auth_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-08-18 15:19:14 -04:00
jheysel-r7 4f95df6ee6 Update modules/exploits/linux/http/panos_auth_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-08-18 15:19:04 -04:00
Christophe De La Fuente d49b74d164 Land #16809, Add exploit module for Advantech iView command injection - CVE-2022-2143 2022-08-18 17:19:14 +02:00
Jack Heysel f01f4c08a4 Randomize payload + rubocop 2022-08-17 17:43:16 -04:00
Spencer McIntyre 7c1dd17c86 Add a missing verison, fix typos 2022-08-17 17:36:31 -04:00
Jack Heysel 75efe1528c Added check method, reponded to PR comments 2022-08-17 17:24:03 -04:00
bwatters 115955591b Fix up the Unicode coversions and update docs 2022-08-17 13:21:56 -05:00
jheysel-r7 2c3778e938 Update modules/exploits/linux/http/panos_auth_rce.rb 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2022-08-17 14:03:05 -04:00
jheysel-r7 470ceda467 Update modules/exploits/linux/http/panos_auth_rce.rb 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2022-08-17 14:02:39 -04:00
jheysel-r7 aacf676cd1 Update modules/exploits/linux/http/panos_auth_rce.rb 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2022-08-17 13:32:14 -04:00
Ron Bowes 5fd211acd6 End the session when an HTTP/200 is received 2022-08-17 10:19:36 -07:00
Spencer McIntyre 62ab42b797 Update vulnerable version numbers and docs 2022-08-17 08:55:46 -04:00
Jack Heysel 57109f2966 Add PAN-OS auth command injection module 2022-08-16 09:44:05 -04:00
Jake Baines f093794864 Added Cisco ASA ASDM/HTTP brute force module 2022-08-16 06:31:25 -07:00
h00die df35cb2040 ipv4 checking in vcenter 2022-08-14 16:48:38 -04:00
h00die 794ce923ad placeholder 
vicidial sqli module

first run of docs

updates to vicidial
 2022-08-13 17:02:24 -04:00