adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
59,802 Commits 27 Branches 1,043 Tags
3da8fce9cfc19dd5cea218d73b9859fa7a5a6bbf
Commit Graph

15099 Commits

Author SHA1 Message Date
Brendan Coles 3da8fce9cf Add Microsoft Windows RRAS Service MIBEntryGet Overflow 2021-03-03 02:50:42 +00:00
Grant Willcox 6d939c16ce Land #14783, Update KarjaSoft Sami FTP Server v2.0.2 USER Overflow module 2021-02-26 11:17:05 -06:00
Brendan Coles 743248d993 Update KarjaSoft Sami FTP Server v2.0.2 USER Overflow module 2021-02-25 20:53:30 +00:00
dwelch-r7 319f15d938 Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
Alan Foster b06c5c12aa Rubocop recently landed modules continued 2021-02-25 14:13:40 +00:00
Spencer McIntyre 1d5a6e4a0b Land #14771, Add Apache Flink JAR Upload Java Code Execution 2021-02-23 09:19:56 -05:00
Brendan Coles 69031fa91f Add Apache Flink JAR Upload Java Code Execution 2021-02-22 23:00:57 +00:00
Tim W edea755096 Land #14740, CVE-2021-3156 Sudo LPE (AKA: Baron Samedit) Improvements 2021-02-22 17:48:33 +00:00
agalway-r7 8a339f54c1 Land #14734, updates and runs rubocop against recent modules 
Rubocop recently landed modules
 2021-02-19 13:48:47 +00:00
agalway-r7 275e9c5454 Land #14696, Further Zeitwerk lands to improve boot speed 
Zeitwerk rex folder
 2021-02-19 10:33:37 +00:00
Alan Foster 5b3fde7735 Rubocop recently landed modules 2021-02-16 15:08:08 +00:00
A Galway f227e82600 Land #14730, OBM Local PrivEsc to SYSTEM 2021-02-15 10:24:34 +00:00
Brendan Coles a1c316c679 msftidy: Fix exploit module checks for author and stack buffer overflow 2021-02-13 04:10:13 +00:00
Shelby Pace c1e2cfd9e7 Land #14744, add Klog Server unauth cmd injection 2021-02-12 11:40:57 -06:00
Brendan Coles bdc2041c83 Add Klog Server authenticate.php user Unauthenticated Command Injection 2021-02-12 17:07:52 +00:00
dwelch-r7 f6c3de5732 Land #14733, Add latest Rubocop rules 2021-02-12 16:18:13 +00:00
Spencer McIntyre 01593f21b4 Add the Ubuntu 19.04 target for CVE-2021-3156 2021-02-12 10:06:47 -05:00
Spencer McIntyre 20067d183e Use single quotes for escaping arguments consistently 2021-02-12 08:59:38 -05:00
Alan Foster bed7ae2c78 Add latest rubocop rules 2021-02-12 13:31:51 +00:00
Spencer McIntyre f31c7846d2 Escape shell arguments even more thoroughly 2021-02-11 12:25:28 -05:00
Christophe De La Fuente 88eaf97e79 Land #14607, Updates for Exchange ECP DLP Policy Exploit 2021-02-11 15:15:34 +01:00
Brendan Coles 9cbf25347e Land #14708, safari_proxy_object_type_confusion: Add offsets: 10.13.1 + 10.13.2 
Add offsets for OSX 10.13.1 and 10.13.2
 2021-02-11 13:17:53 +00:00
Tim W 40dd113d3b fix whitespace 2021-02-11 12:43:47 +00:00
Spencer McIntyre 944e8d572d Register missing files for cleanup 2021-02-10 18:05:20 -05:00
Spencer McIntyre 6562f309ce Handle whitespace in the target path 2021-02-10 17:40:42 -05:00
Spencer McIntyre 8757eb33fe Add an automatic target that uses version fingerprinting 2021-02-10 16:16:33 -05:00
Spencer McIntyre 1f5f086c5e Updates for the Exchange ECP DLP Policy RCE module to randomize data 2021-02-10 15:00:39 -05:00
Spencer McIntyre b9dd1b927b Randomize the path to the library that's loaded 2021-02-10 08:45:52 -05:00
Christophe De La Fuente 85b7e85d0b Land #14671, Micro Focus Multiple Products Authenticated RCE (CVE-2020-11853) 2021-02-09 18:24:57 +01:00
Pedro Ribeiro 9881512833 Update modules/exploits/multi/http/microfocus_obm_auth_rce.rb 
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>
 2021-02-09 14:18:47 +07:00
dwelch-r7 7fbbe23426 Remove more requires that were missed before 2021-02-08 14:51:58 +00:00
dwelch-r7 b95be3ed10 Zeitwerk rex folder 2021-02-08 12:24:12 +00:00
Spencer McIntyre b4dd46a8de Land #14721, sudo_baron_samedit: Add target: Debian 10 x64, sudo v1.8.27, libc v2.28 2021-02-05 16:01:58 -05:00
Shelby Pace fc8ed5ba4e Land #14154, use prepend autocheck 2021-02-05 12:22:38 -06:00
Shelby Pace 606c6561a0 remove manual ForceExploit check in emacs_movemail 2021-02-05 12:15:44 -06:00
Brendan Coles cfda83df99 sudo_baron_samedit: Add target: Debian 10 x64, sudo v1.8.27, libc v2.28 2021-02-05 07:54:34 +00:00
Spencer McIntyre 504865d507 Add a target for Ubuntu 18.04 and setgid and setuid by default 2021-02-04 10:45:00 -05:00
Spencer McIntyre 7281d00938 Implement feedback from PR review 2021-02-04 09:25:40 -05:00
Spencer McIntyre c33c08bae9 Add a check method using the version information 2021-02-03 18:16:13 -05:00
Spencer McIntyre c590d7b1bb Add module docs and be more permissive with Length formatting 2021-02-03 18:16:13 -05:00
Spencer McIntyre 117cdc4fd7 Populate module metadata and cleanup files 2021-02-03 18:16:13 -05:00
Spencer McIntyre b9413b4103 Update the exploit C code to allocate it's own PTY 2021-02-03 18:16:13 -05:00
Spencer McIntyre 13dd9ac10e Initial work on CVE-2021-3156 2021-02-03 18:16:13 -05:00
cgranleese-r7 3a2932b798 Migrate old uses of manual autocheck to use the new prepend autocheck 2021-02-02 10:15:46 +00:00
Pedro Ribeiro 90f8c1f7b9 add tested for 2019.11 too 2021-01-30 21:54:48 +07:00
Jeffrey Martin 50b3a4c73a Land #14679, Remove < character from Archive_Tar exploit module 2021-01-29 08:49:00 -06:00
Tim W 800a1cf5be add more offsets for safari_proxy_object_type_confusion 2021-01-29 12:23:13 +00:00
Pedro Ribeiro 137664818d add obm windows privesc sploit 2021-01-29 18:45:33 +07:00
Alan Foster e0ab259880 Remove < character from Archive_Tar exploit module 2021-01-29 11:20:50 +00:00
Robin Wood 89f4d3e2d7 Fix for issue #14678 
Stops the printing of a rogue nil when exploit completes.

See https://github.com/rapid7/metasploit-framework/issues/14678
 2021-01-29 11:17:38 +00:00