adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

35981 Commits

Author SHA1 Message Date
Grant Willcox 8d080135bb First round of review edits 2022-02-24 13:46:33 -06:00
Spencer McIntyre 544f8e161a Land #16164, Create Module For CVE-2021-42321 2022-02-24 11:36:12 -05:00
Spencer McIntyre 2b0002031d Fix the minimum build number 
This particular change looks like a mistake. Build 17134 (v1803) is the
oldest that is supported.
 2022-02-24 11:24:20 -05:00
Jake Baines 9f05a7d11a Removed unneeded custom timeout 2022-02-24 08:13:04 -08:00
Spencer McIntyre 6d325933a9 Remove the default payload options 2022-02-24 10:55:38 -05:00
Jake Baines 3739dad470 Updated to use print_bad instead of fail_with for application removal errors. Also included instructions on how to manually remove the application 2022-02-24 07:44:34 -08:00
Jake Baines e1616a520f Fixed a couple of typos. Changed a CheckCode. Randomized the replaced tmp file name 2022-02-24 06:38:36 -08:00
Spencer McIntyre 2e32619328 Merge info in the meterpreter module 2022-02-24 09:04:51 -05:00
Grant Willcox 585b470703 Land #16093, Fix URL refs for various modules and improve tools/modules/module_reference.rb code 2022-02-23 17:04:26 -06:00
Grant Willcox 5f672019ac Add in RuboCop fixes before final land 2022-02-23 16:27:12 -06:00
Spencer McIntyre bad55a858c Add the new adapter payload type 2022-02-23 16:38:57 -05:00
Grant Willcox 40c3dd68a2 Land #16061 - Add support to retrieve user list from wp-json to wordpress_scanner module 2022-02-22 17:58:02 -06:00
Grant Willcox fddd3f15c2 Fix up code so that it will not block on attempting to delete the configuration on the folder, just in case the configuration doesn't exist in the first place. Instead print a warning and continue. 2022-02-22 17:52:29 -06:00
adfoster-r7 dc301a12bd Land #16156, Authenticated Microweber v1.2.10 Local File Inclusion 2022-02-22 18:20:59 +00:00
talhak08 95f47847e2 VHOST compatibility added 2022-02-22 14:21:33 +03:00
adfoster-r7 5e4f7a1707 Land #16200, fix post/windows/enum_chrome on Chrome > 80 2022-02-21 11:38:47 +00:00
Jake Baines 4cd3563bc7 Initial commit of exploit for CVE-2021-36260 2022-02-19 13:13:24 -08:00
space-r7 5fb3dc1d8e add printer create / spooler settings logic 2022-02-18 17:51:24 -06:00
bwatters f311bd4fce Remove duplicate warning 2022-02-18 16:31:35 -06:00
bwatters 3ea032472d Updated exploit with better check method, added OnSessionCmd option 
to run a command when a session is bootstrapped, added more
documentation.
 2022-02-18 16:30:47 -06:00
Spencer McIntyre 443bf1249a Remove all the old CVE-2021-1732 data 2022-02-18 15:25:39 -05:00
Spencer McIntyre bcd7cb1122 Writeup the module metadata and docs 2022-02-18 15:23:44 -05:00
Spencer McIntyre d92259f868 One exploit for CVE-2021-1732 and CVE-2022-21882 2022-02-18 15:23:38 -05:00
usiegl00 6d94a316cf Add packet fragmentation to ShadowMitmDispatcher 
The ShadowMitmDispatcher now supports arbitrary size packets. The
ShadowMitmDispatcher now supports SMB3. The ShadowMitmDispatcher no
longer interferes with existing sessions.
 2022-02-18 17:05:37 +09:00
Tim W 526f1be891 run rubocop on enum_chrome.rb 2022-02-18 02:45:09 +00:00
space-r7 0781e90ca2 add struct processing logic 2022-02-17 19:03:32 -06:00
Pedro Ribeiro 92856e739b Fix shellcode so that it works with "0" octets in LHOST IP 2022-02-17 23:06:53 +07:00
h00die d5ba1afbec fix URLs not resolving 
fix URLs not resolving

add csv export to references

fix URLs not resolving

pdf not pd

missed a url change

remove extra recirectedfrom fields

remove extra file

fix ovftool url accidental replacement
 2022-02-16 17:22:40 -06:00
Tim W f5c17a0d00 use LocalAlloc instead of process.open 2022-02-16 21:27:26 +00:00
Tim W 9211838a62 fix #16134, fix post/windows/enum_chrome on Chrome > 80 2022-02-16 21:27:15 +00:00
Grant Willcox 891c33bd99 Final improvements to store captured WordPress usernames as credentials in database 2022-02-16 14:30:46 -06:00
Grant Willcox 2d9edcd22f Remove extra lines, use normalize_url, convert JSON.parse call to using get_json_document instead and update code appropriately. 2022-02-16 11:43:29 -06:00
Tim W 4e5cd8693d add notes section to placate msftidy 2022-02-16 11:48:55 +00:00
Tim W 480c44e9cb refactor DEBUG_EXPLOIT code into mixin 2022-02-16 11:38:04 +00:00
Tim W 35d122e16d msftidy 2022-02-16 08:35:04 +00:00
Tim W fb53ca0ac2 actually add support for Windows 2022-02-16 08:33:24 +00:00
Tim W 841af2c6e1 add support for Windows 2022-02-16 08:30:07 +00:00
Tim W 6e59efc324 fix evil is undefined on exploit failure 2022-02-16 07:52:42 +00:00
Grant Willcox 6700ed7f3c Update module to use built in error handling within send_request_cgi vs doing it ourselves 2022-02-15 18:18:53 -06:00
bwatters 1086926b2e Land #16159, Add module for CVE-2021-3129 
Merge branch 'land-16159' into upstream-master
 2022-02-15 17:14:01 -06:00
bwatters 0239ef1cc6 Land #16117, Updates for Log4Shell 2022-02-15 16:39:00 -06:00
Grant Willcox f876c1760e Land #16195, Update hp_dataprotector_cmd_exec.rb to support x64 targets 2022-02-15 12:44:13 -06:00
Grant Willcox cbf0fe0d5e Land #16193, Remove the deprecated VSS modules 2022-02-15 12:04:40 -06:00
darrenmartyn 604361b59d Update hp_dataprotector_cmd_exec.rb 
64 bit payloads
 2022-02-15 18:03:13 +00:00
Grant Willcox e203548213 Land #16087, Grandstream UCM62xx IP PBX Websocket Blind SQL Injection Credential Dump 2022-02-15 11:11:11 -06:00
Grant Willcox 6e2f81010e Make Exploit::CheckCode messages more explicit when handling JSON data so we know what we are failing on 2022-02-15 10:47:30 -06:00
adfoster-r7 18b4ce8a13 Update replicant pattern to increment refs 2022-02-15 16:08:35 +00:00
Jake Baines 14234e467a Moved to aux/gather. Implemented autocheck. Added failure on websocket error 2022-02-15 06:23:19 -08:00
Spencer McIntyre 50d78e035d Remove the deprecated VSS modules 2022-02-15 08:49:11 -05:00
Tim W 2405a040a8 rubocop and msftidy 2022-02-15 09:31:06 +00:00