adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

35981 Commits

Author SHA1 Message Date
Spencer McIntyre 0b9e1bbbb3 Fix "can not" to "cannot" 2022-08-03 17:45:06 -04:00
Christophe De La Fuente fd2b325e44 Land #16788, SCADA scanner module for BACnet protocol 2022-08-03 19:46:03 +02:00
ErikWynter a95d239a88 cisco_pvc only report on creds when we have them 2022-08-03 19:10:28 +03:00
ErikWynter 75c6e80d68 add check method 2022-08-03 17:57:27 +03:00
adfoster-r7 f65119b353 Support OpenSSL3 and run Ubuntu 22.04 in test matrix 2022-08-03 15:49:53 +01:00
adfoster-r7 8253e99c11 Update zerologon error handling to output invalid computer name details 2022-08-03 15:32:38 +01:00
ErikWynter 7489b23336 add saving creds to the db 2022-08-03 17:27:53 +03:00
ErikWynter e0514a5bf9 add cisco pvc2300 auxiliary module 2022-08-03 16:38:09 +03:00
krastanoel 36e542e2e1 Fix check code message typo 2022-08-03 19:21:42 +07:00
Christophe De La Fuente 449a7b71d5 Add module exploit and docs for the Webmin package updates RCE 2022-08-03 12:01:41 +02:00
bwatters a54d2402dc Land #16844, Cleanup and support non-Meterpreter sessions 
Merge branch 'land-16844' into upstream-master
 2022-08-02 16:30:42 -05:00
Jack Heysel 82182f7815 Land #16852, Zoho PMP XML-RPC Unauth RCE module 
Add in exploit module for CVE-2022-35405 aka Zoho
Password Manager Pro XML-RPC Unauthenticated RCE
 2022-08-02 17:18:28 -04:00
Grant Willcox 6d45320c0c Update exploit title/name 2022-08-02 14:27:27 -05:00
space-r7 175c428ff9 remove on_new_session logic 2022-08-02 13:41:23 -05:00
space-r7 ea1207d6e1 add authentication 2022-08-02 12:31:52 -05:00
Spencer McIntyre a0058c03b7 Land #16837, MobileIron Core Log4Shell RCE Module 2022-08-02 13:25:52 -04:00
Grant Willcox f0e62de46a Add CVE-2022-35405 docs and module 2022-08-02 11:57:56 -05:00
krastanoel 9a4a590b27 Add Cassandra Web file read auxiliary module 2022-08-02 23:40:40 +07:00
Spencer McIntyre 207862a810 Update module metadata now that it's disclosed 2022-08-02 12:13:34 -04:00
Spencer McIntyre ef8fe215e1 Finish up an exploit for the first bug 2022-08-02 12:13:28 -04:00
bwatters d71350dfe6 Remove superfluous code and add extra check 2022-08-02 11:04:13 -05:00
Jack Heysel 4085efa778 Land #16832, remove echo statement from ms10_092 
This PR removes the SCHELEVATOR echo statement from
the exec_schtasks method as its not needed anymore
 2022-08-02 10:51:41 -04:00
Ron Bowes d86e666e18 Change Platform to 'win' 2022-08-01 15:37:58 -07:00
Ron Bowes c66f98bae6 Make lint happy 2022-08-01 10:03:35 -07:00
Ron Bowes 7ee0a78ffc Change to using monotonic clock 2022-08-01 10:02:00 -07:00
Ron Bowes e7edafbcfb Throw errors in the rar-generator library rather than returning nil 2022-08-01 09:54:31 -07:00
Ron Bowes 110e9ddeee Set stance 2022-08-01 09:47:58 -07:00
PazFi a727ebbf5e Adding detection of I-AM responses sent in unicast form. 2022-08-01 15:11:57 +03:00
PazFi f2a70c43cb Removing unnecessary lines of code. 2022-08-01 13:55:38 +03:00
bcoles 11a00fa1f2 post/multi/gather/env: Cleanup and support non-Meterpreter sessions 2022-08-01 13:37:15 +10:00
bcoles f324b8c24e enum_powershell_env: Cleanup and support non-Meterpreter sessions 2022-08-01 00:56:21 +10:00
PazFi baa686f5e0 Using Rex::Socket::Udp instead of packetfu. 
Adding report_note in case user does not have privileges to write to file.
Added sleeping time between outputs.
Removed LHOST from options, since it is not needed.
Replaced print_bad with fail_with.
 2022-07-31 16:50:52 +03:00
PazFi 362318c95b Fixing rubocop issues. 2022-07-31 08:44:40 +03:00
Grant Willcox 153dbfb995 Land #16825, Add better support for IMAP strings when capturing creds 2022-07-29 15:35:46 -05:00
Grant Willcox 5aa5ae32e0 Land #16825, Add better support for IMAP strings when capturing creds 2022-07-29 15:25:31 -05:00
Ron Bowes 1e6924b19c Add better ID response 2022-07-29 12:58:55 -07:00
Jake Baines b00cadfbeb Initial commit of MobileIron Core Log4Shell exploitation (CVE-2021-44228) 2022-07-29 10:31:15 -07:00
Spencer McIntyre 7da5f2ad4a Changes from PR feedback 2022-07-28 16:05:22 -04:00
Spencer McIntyre 52e84fa328 Add explicit ticket support for WinRM modules 2022-07-28 16:03:24 -04:00
Grant Willcox 7df60f71b6 Remove SCHELEVATOR echo statement as its not needed anymore 2022-07-28 11:02:59 -05:00
ErikWynter d6dabd4bfb additional code review improvements for xnode auxiliary modules/lib/docs 2022-07-28 15:12:00 +03:00
Ron Bowes e76ef61452 Move a warning into the exploit function 2022-07-27 12:48:56 -07:00
Ron Bowes f279e8d6ca Split the CVE-2022-30333 unrar module into two different modules with a shared mixin to generate the file 2022-07-27 12:45:47 -07:00
Ron Bowes 7c0bb35a4b Fix a crash from the original module if 'arg' was nil, and remove an errant space 2022-07-27 10:43:14 -07:00
Giacomo Casoni 76f6eda5a9 Using FileDropper Mixin 2022-07-27 19:32:50 +02:00
Ron Bowes aa51353605 Move the arg-parsing logic out of the login request 2022-07-27 10:14:37 -07:00
space-r7 d6d51eecb0 manually delete file 2022-07-27 08:50:00 -05:00
Grant Willcox bcd1f63848 Fix logicial error when handing the case where a user did not specify an action at any point and is using the default one 2022-07-27 07:41:40 -05:00
Ron Bowes d53dc7ca90 Add support for RFC7888-style logins, which send the username/password as separate lines 2022-07-26 15:11:46 -07:00
Grant Willcox 7c82c1cf32 Land #16817, Consolidate the config directory lookups 2022-07-26 14:57:50 -05:00