adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
76,154 Commits 27 Branches 1,043 Tags
441b671edd1531ceb457017fa7600aeee42072f7
Commit Graph

114 Commits

Author SHA1 Message Date
h00die 1906646e67 peer review 2024-11-28 13:18:47 -05:00
h00die 2b593bcf54 wp_post_smtp_acct_takeover peer review 2024-11-03 13:52:55 -05:00
h00die 65efd07935 docs for wp_post_smtp 2024-10-30 15:38:46 -04:00
jheysel-r7 05ff8359b8 Merge pull request #19436 from h4x-x0r/CVE-2024-6670 
WhatsUp Gold SQL Injection (CVE-2024-6670) Module
 2024-09-26 17:04:30 -04:00
jheysel-r7 d11c2be4ea Merge pull request #19375 from h4x-x0r/CVE-2024-20419 
Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419) Module
 2024-09-24 12:19:54 -04:00
h4x-x0r 64f595c431 cleanup, version check, documentation 
cleanup, version check, documentation
 2024-09-02 15:41:08 +01:00
bwatters 4af2294709 Land #19386, Ivanti Virtual Traffic Manager (vTM) Authentication Bypass (CVE-2024-7593) Module 
Merge branch 'land-19386' into upstream-master
 2024-08-27 09:39:10 -05:00
bwatters 84431b0a4e Land #19380, Control iD iDSecure Authentication Bypass (CVE-2023-6329) Module 
Merge branch 'land-19380' into upstream-master
 2024-08-26 18:09:09 -05:00
h4x-x0r 9c72a85134 Verified more versions 
Verified exploit against more affected versions
 2024-08-14 06:33:45 +01:00
h4x-x0r 75201b0892 Updated references 
references, affected versions, credits
 2024-08-14 05:15:36 +01:00
h4x-x0r 7bfc386973 Updated 
added error handling, documentation, version check, store_valid_credential
 2024-08-14 04:57:08 +01:00
h4x-x0r 26d6347919 Code cleanup 
Code cleanup
 2024-08-11 06:15:24 +01:00
h4x-x0r 5fa18a66ee Control iD iDSecure Authentication Bypass (CVE-2023-6329) Module 
Control iD iDSecure Authentication Bypass (CVE-2023-6329) Module
 2024-08-11 05:41:07 +01:00
h4x-x0r 8a72124e9d Code cleanup and error handling added 
Code cleanup and error handling added
 2024-08-09 21:11:20 +01:00
h4x-x0r 4384d32c83 Cisco SSM On-Prem Account Takeover (CVE-2024-20419) 
Cisco SSM On-Prem Account Takeover (CVE-2024-20419)
 2024-08-09 18:59:54 +01:00
h00die 482d2b28b1 gitlab password reset account takeoever 2024-01-18 16:19:26 -05:00
Stephen Fewer 64c9968328 Update cisco_ios_xe_os_exec_cve_2023_20273.md, which was missing CISCO_ADMINUSERNAME and CISCO_ADMIN_PASSWORD in the show options command output 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2023-11-08 09:16:12 +00:00
sfewer-r7 8364ae896b add the CLI command to sue to enable testing the WebUI 2023-11-06 17:11:39 +00:00
sfewer-r7 b28668790d allow user to explicitly specify a CLI mode. Valid modes are 'user', 'privileged', and 'global'. 2023-11-06 11:40:22 +00:00
sfewer-r7 10ee87c712 Add an optional CISCO_ADMIN_USERNAME and CISCO_ADMIN_PASSWORD options. If set these admin creds are used to leverage CVE-2023-20273. If not set, then CVE-2023-20198 is used to create a new temp admin account before leveraging CVE-2023-20273 2023-11-06 10:20:07 +00:00
Stephen Fewer be1229747f fix another typo on documentation 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-06 09:47:38 +00:00
Stephen Fewer 22cb55b36b fix type on documentation 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-06 09:47:23 +00:00
sfewer-r7 a55132b36f strip out "**CLI Line # " from the results and use print_line instead of print_status for cleaner output. 2023-11-03 17:09:08 +00:00
sfewer-r7 c8121ebd8e mention dropping to User EXEC mode via two exit keywords 2023-11-03 16:43:21 +00:00
sfewer-r7 17420289dc Add two auxiliary modules for the recent Cisco IOS XE exploit chain bugs (CVE-2023-20198 and CVE-2023-20273). This allows for unauthenticated remote CLI or OS command execution. 2023-11-03 15:38:35 +00:00
Spencer McIntyre 15aaa90379 Land #18447, CVE-2023-22515 Confluence Auth Bypass 
CVE-2023-22515 - Atlassian Confluence Data Center and Server Authentication Bypass
 2023-10-19 17:35:17 -04:00
Spencer McIntyre ee0e5b9eda Tidy the docs, fix the username 
The username can not contain capital letters, or the operation will
fail.
 2023-10-19 17:19:55 -04:00
emirpolatt 258ac6421b Fix fail_with response code compare and documentation fixes 2023-10-19 17:19:30 -04:00
emirpolatt 9ef1d1746a CVE-2023-22515 - Atlassian Confluence Data Center and Server Broken Access Control Leads to Authentication Bypass 2023-10-11 12:09:22 -07:00
h00die 557a15a115 spelling fixes on docs 2023-10-10 14:46:18 -04:00
Grant Willcox 2958a43a6a Update to reflect fact that bug is an improper authentication logic bug and to randomize password for auth parameter since it is ignored 2022-09-23 12:19:29 -05:00
h00die-gr3y f2d357eda1 updated documentation with camera specifications 2022-09-23 09:38:37 -05:00
Grant Willcox edc37835e5 Add more nil checks in, update some of the check code to catch an edge case, update notes to account for indicators of compromise, and fix some extra issues noticed on second round of review 2022-09-23 09:38:35 -05:00
Grant Willcox 3ca34568c2 Clean up some of the documentation and module code and descriptions 2022-09-23 09:38:12 -05:00
h00die-gr3y 5ed7ff7f52 init commit module and documentation 2022-09-23 09:38:05 -05:00
h00die 86cad29799 wp masterstudy review 2022-03-06 08:07:20 -05:00
h00die 2195edbb8d masterstudy privesc 2022-02-25 16:36:47 -05:00
space-r7 bb00575acb add command for starting docker env 2022-01-11 17:07:36 -06:00
h00die 87031de384 fix doc numbering 2022-01-02 11:57:32 -05:00
h00die 8a1ac9d51d move pihole docs 2022-01-02 11:56:04 -05:00
h00die c3e0f455ec some cleanup for rubocop 2021-12-30 15:35:22 -05:00
h00die b39196fd0f review comments 2021-11-04 15:28:05 -04:00
h00die 1e9af10a21 pr review 2021-10-21 17:25:14 -04:00
h00die 5235f69e7e update wp_automatic docs 2021-10-17 15:38:38 -04:00
h00die 165acca028 wp_automatic_plugin 2021-10-17 13:04:38 -04:00
h00die 43d77d63ce ghostcat meta updates 2021-10-03 16:30:12 -04:00
Grant Willcox 9deffb1848 Fix up a bug and resolve Christophe's review comments 2021-09-23 16:45:15 -05:00
Grant Willcox 061240367d Push up changes to support saving WiFi credentials captured to the database, as well as to fix issues noticed during the review process 2021-09-23 13:31:27 -05:00
Grant Willcox 1ca075fb4f Fix up RuboCop issues 2021-09-22 14:06:06 -05:00
Grant Willcox d4474b0706 Add in refined XPATH searches to module, ability to automatically get a session, improved error handling, documenation for module, and general improvements 2021-09-22 14:01:49 -05:00