adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

35981 Commits

Author SHA1 Message Date
Pedro Ribeiro 053fbe2a28 fix cisco advisory links 2022-01-13 18:55:39 +00:00
Pedro Ribeiro ea00da0a03 fix NUUO advisory links 2022-01-13 18:54:56 +00:00
Pedro Ribeiro 09d6b1388c fix kaseya links 2022-01-13 18:47:11 +00:00
Pedro Ribeiro b08e22a153 fix nvrmini reset link 2022-01-13 18:43:41 +00:00
Spencer McIntyre d5c83b41f9 Cleanup the vCenter Log4Shell exploit 2022-01-13 11:57:00 -05:00
Spencer McIntyre 7b1398f0ae Allow overriding check module datastore options 2022-01-13 11:51:39 -05:00
Christophe De La Fuente e10331b22d Land #15656, Allow authenticated user creation in vmware_vcenter_vmdir_auth_bypass 2022-01-13 17:04:12 +01:00
shoxxdj 42142a4ba4 add option to retrieve users from wordpress API 2022-01-13 16:56:23 +01:00
Spencer McIntyre 62a814fa59 Refactor Log4shell exploit code into reusable bits 2022-01-13 09:45:02 -05:00
Spencer McIntyre e093154865 Refactor the BeanFactory gadget code 2022-01-12 16:58:31 -05:00
Spencer McIntyre e873907d13 Initial vCenter exploit via Log4Shell 2022-01-12 15:34:45 -05:00
space-r7 435e79aaef Land #16041, add SonicWALL cmd injection 2022-01-12 13:23:57 -06:00
adfoster-r7 6223ee671f Land #16045, fix msftidy error in pihole_domains_api_exec 2022-01-12 16:19:48 +00:00
adfoster-r7 64d97193b3 Land #16043, Fix wordpress scanner crash when scanning themes 2022-01-12 16:16:57 +00:00
Christophe De La Fuente b0743e15d9 Update documentation and fix vulnarable/non-vulnerable status message 2022-01-12 16:51:40 +01:00
space-r7 4065e61951 fix msftidy error in pihole_domains_api_exec 2022-01-12 09:34:15 -06:00
space-r7 199eae5e99 Land #16012, add pi-hole aux module and lib 2022-01-12 09:21:11 -06:00
shoxxdj 372c4782a2 bugfix in files loop 2022-01-12 09:31:38 +01:00
Spencer McIntyre 877bab6f2a Land #15969, Log4j2 HTTP Header Injection Exploit 2022-01-11 16:52:08 -05:00
Spencer McIntyre 7b64383040 Preemptively tweak references to ysoserial 2022-01-11 16:25:21 -05:00
Jake Baines 264f2bc03f Added the AttackerKB analysis 2022-01-11 03:17:45 -08:00
Jake Baines b0941f746f Added link to R7 blog 2022-01-10 13:24:33 -08:00
Jake Baines d4ee9a0183 Initial commit of CVE-2021-20039 exploit 2022-01-10 12:43:50 -08:00
lap1nou cb616b94c7 Removed some useless parameter + fixed a few bugs 2022-01-09 13:08:25 -08:00
RageLtMan 6a7c81e1ba Update authors 2022-01-08 21:56:15 -05:00
h00die 43549488fe peer review comments 2022-01-08 15:26:47 -05:00
lap1nou 53c2400be9 Added cleaning procedure + fixed few mistakes/error mesage, removed unused docs 2022-01-08 10:56:31 -08:00
h00die 7b11429b49 Land #12217, f5_bigip_cookie_disclosure module now stores the cookie in noteswq 2022-01-08 07:03:35 -05:00
lap1nou ccc90b0330 Linted doc+module, added support for 6.x version, aded support for TLS and item RCE, improved payload management 2022-01-07 17:40:15 -08:00
Spencer McIntyre 3f15c9ecc1 Writeup the module docs 2022-01-07 17:30:39 -05:00
Spencer McIntyre 9b03d0272a Add check and auto-HTTP_HEADER capabilities 2022-01-07 17:30:39 -05:00
Spencer McIntyre 6198d9653d Remove the REMOTE_LOAD datastore option 
The necessary value can be inferred by the target and it's payload
compatibility so just set it intelligently.
 2022-01-07 17:30:39 -05:00
Spencer McIntyre f56f328c8d Use an enum for the YSoSerial payload option 2022-01-07 17:30:39 -05:00
Spencer McIntyre 3cb70c01bf Cleanup typos, make module aggressive 2022-01-07 17:30:39 -05:00
Christophe De La Fuente a458961631 Move the cleanup instance variables to the begining of #exploit 2022-01-07 20:34:58 +01:00
h00die 4df91dd3ec f5 big-ip module and doc updates 2022-01-07 12:17:43 -05:00
Paul-Emmanuel Raoul dfa75c6bca Update some descriptions and output messages 2022-01-07 12:17:43 -05:00
Paul-Emmanuel Raoul dd6768f174 Fix the last style issue 2022-01-07 12:17:43 -05:00
Paul-Emmanuel Raoul b8e7c327cf Update references 2022-01-07 12:17:43 -05:00
Paul-Emmanuel Raoul 8e5a977aab Remove redundant characters in the cookie regex 
The metacharacter '\w' already contains numbers and underscores.
 2022-01-07 12:17:43 -05:00
Paul-Emmanuel Raoul 32d12385c6 Fix more style issues 2022-01-07 12:17:43 -05:00
Paul-Emmanuel Raoul 5d00c4106d Fix some style issues 2022-01-07 12:17:43 -05:00
Paul-Emmanuel Raoul fd74b260b7 Add myself to the authors 2022-01-07 12:17:43 -05:00
Paul-Emmanuel Raoul da049a4d22 Store the cookie name, pool name and route domain 
The cookie name, pool name and route domain are now stored in the
database as notes since they can contain useful recon information.

See https://github.com/rapid7/metasploit-framework/issues/12187.
 2022-01-07 12:17:43 -05:00
Christophe De La Fuente 41ebb3aa29 Land #15903, SMB Shadow Module: Direct SMB Session Takeover 2022-01-07 16:57:17 +01:00
usiegl00 3051c5d9f5 Add mutex to cleanup in smb_shadow 
The mutex will prevent multiple calls to cleanup when the module is
stopped with Ctrl-C. Add a Notes section to the documentation which
describes arpspoof usage and such.
 2022-01-07 14:18:15 +09:00
bwatters b7fcb8951f Rubocop changes 2022-01-06 15:45:59 -06:00
VanSnitza 94182b1d1a resolve msftidy warning and adding option for dumping resonse telegrams 2022-01-06 18:50:47 +01:00
VanSnitza 9ac90539d9 Adding Modbus Service Device ID 0x2B 
Modbus specification usually requires devices to implement Command 0x2B which give clear text info about a device. Some real world devices implement it others don't .
 2022-01-06 13:52:55 +01:00
usiegl00 cf6ab21467 Fix disabling of port 445 forwarding in smb_shadow 
Update the iptables invocation to use the FORWARD table, which filters
packets being routed through the device. Add check for STATUS_PENDING
response from the server while creating the service.
 2022-01-06 13:15:30 +09:00