adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

73452 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
sfewer-r7 fa4a16df5e add in cve number 2024-03-01 16:39:38 +00:00
sjanusz-r7 8184035d57 Show query help on empty query call 2024-03-01 11:33:13 +00:00
sjanusz-r7 82486e712c Early return on nil query result 2024-03-01 11:28:28 +00:00
sjanusz-r7 6b11cd4332 Fix tests broken by updating SQL prompt on DB change 2024-03-01 11:27:52 +00:00
sjanusz-r7 1b73044203 Correctly handle changing of databases and the query return values for SQL sessions 2024-03-01 11:27:52 +00:00
Metasploit 401cdca09b automatic module_metadata_base.json update 2024-02-29 23:48:56 -06:00
Jack Heysel a73a7531a9 Land #18827, Add module for BoidCMS CVE-2023-38836 
This is an authenticated RCE against BoidCMS versions 2.0.0 and earlier.
The underlying issue is that the file upload check allows a php file to
be uploaded and executes as a media file if the GIF header is present in
the PHP file.
 2024-02-29 21:31:44 -08:00
Metasploit ee681cdb79 automatic module_metadata_base.json update 2024-02-29 17:20:20 -06:00
adfoster-r7 d4791f966b Land #18904, change bloodhound OutputDirectory to OptString 2024-02-29 23:03:13 +00:00
adfoster-r7 d10909c961 Land #18887, Adds support for searching by session types 2024-02-29 22:38:20 +00:00
adfoster-r7 4d85a8dff9 Land #18902, Update github action libraries 2024-02-29 22:29:16 +00:00
adfoster-r7 703e9ba68d Land #18896, Resolve deprecation warnings from setup-python in Github actions 2024-02-29 22:28:53 +00:00
Spencer McIntyre bcb4e3aa9d Update the help output in the docs page too 2024-02-29 16:56:06 -05:00
Spencer McIntyre d09053cde5 Add the viewstate generator as an option 2024-02-29 16:56:06 -05:00
Spencer McIntyre 3e80e04b34 Adjust option validation 2024-02-29 16:56:06 -05:00
Spencer McIntyre f1a9d9988a Update the dot_net.rb tool help output 2024-02-29 16:56:06 -05:00
Spencer McIntyre 0975f99305 Add viewstate options 2024-02-29 16:55:59 -05:00
Spencer McIntyre 87f91f284a Add unit tests for the new rex viewstate library 2024-02-29 16:55:54 -05:00
bwatters 550c6f030a Updates based on jheysel-r7's suggestions 2024-02-29 12:42:22 -06:00
adfoster-r7 fcbb3bddfa Update github action libraries 2024-02-29 15:51:23 +00:00
cgranleese-r7 0c1bcbf275 Adds support for searching by session types 2024-02-29 15:15:40 +00:00
cgranleese-r7 fcba49d23a Update pwd output to be inline with smb client output 2024-02-29 15:11:40 +00:00
Patrick Double 8b1ff6d44e change bloodhound OutputDirectory to OptString 
OptPath is intended for a local path and performs validation. Attempting to set it to a target path that doesn't exist on the local fails.
 2024-02-29 07:12:37 -06:00
sjanusz-r7 6fe9ef5f8c Align SQL clients to use current_database 2024-02-29 12:34:54 +00:00
cgranleese-r7 17315653a5 Land #18901, Fix Rex MySQL wrapper test to have correct method symbol 2024-02-29 11:48:16 +00:00
sjanusz-r7 bc4362d07d Fix Rex MySQL wrapper test to have correct method symbol 2024-02-29 11:16:18 +00:00
Metasploit a0dc757cb8 automatic module_metadata_base.json update 2024-02-29 05:06:39 -06:00
adfoster-r7 b0123eab2e Land #18890, rename shell to query_interactive for sql session types, add -i flag 2024-02-29 10:41:06 +00:00
adfoster-r7 d8abd2bcc2 Land #18898, Add rex proto mysql client wrapper 2024-02-29 10:13:47 +00:00
dwelch-r7 a4543b0f41 Land #18897, Update smb login to support additional configuration 2024-02-29 10:07:02 +00:00
Metasploit 435759bb47 Bump version of framework to 6.3.59 2024-02-29 03:39:23 -06:00
sfewer-r7 f0ca5c10dc we can shuffle thequery params so teh jsp param is not first. we can optionally add soem charachters before the trailing .jsp 2024-02-29 09:13:44 +00:00
Jack Heysel 4fe861c653 Land #18878, Update rspec gems 
This PR updates a number of rspec gems which help improve test suite
error messages when string encodings are different.
6.3.58 		2024-02-28 20:37:11 -08:00
adfoster-r7 131585235b Update SMB Login to support additional configuration 2024-02-28 20:24:06 +00:00
Jack Heysel 8ce95003fe Rubocop 2024-02-28 11:09:34 -08:00
Jack Heysel 6589b86a4c Updated check method to account for backports 2024-02-28 11:04:38 -08:00
sjanusz-r7 b423241e6b Use Rex Post MySQL Client for lib, specs & modules 2024-02-28 18:19:50 +00:00
sjanusz-r7 55a8d6732f Add Rex Proto MySQL Client 2024-02-28 18:19:46 +00:00
Metasploit 42255a27a6 automatic module_metadata_base.json update 2024-02-28 10:13:56 -06:00
adfoster-r7 26214cbfd2 Land #18889, Fresh SQL prompt when pressing enter if no input was provided 2024-02-28 15:40:43 +00:00
Jack Heysel 4b54d43db5 Land #18892, Add AD CS Updates for ESC13 
This PR adds functionality to enable Metasploit users
to be able to exploit the latest ESC technique, ESC13.
 2024-02-28 07:28:16 -08:00
Spencer McIntyre 1726767fdf Update the workflow docs for ESC13 2024-02-28 08:48:30 -05:00
Spencer McIntyre 8bc6705557 Move viewstate signing logic into Rex 2024-02-27 14:37:55 -05:00
KanchiMoe a887682e0f Upversion setup-python to v5 2024-02-27 19:20:22 +00:00
Zach Goldman 17d8fa2335 rename shell to query_interactive for sql session types, add -i flag 2024-02-27 11:38:04 -06:00
adfoster-r7 334f9e5ff9 Land #18893, updates the help command to consistently format columns 2024-02-27 17:04:00 +00:00
sjanusz-r7 efba30031d Fix early returns in Reline prompt 2024-02-27 16:59:38 +00:00
sfewer-r7 b7200b52e1 typo 2024-02-27 14:58:56 +00:00
sjanusz-r7 d51aa30fff Rex Table command column width based on longest dispatcher command with sane default 2024-02-27 13:11:24 +00:00
sfewer-r7 f52543b4a6 Older version of TeamCity (circa 2018) do not support access tokens, so we can fall back on creating an admin user accoutn before we upload the plugin. Creating an access token is better as we can delete the token, unlike the user account. 2024-02-27 12:01:57 +00:00