adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
59,950 Commits 27 Branches 1,043 Tags
484d5eee0901cc4c814dcdf19738e144a413ed18
Commit Graph

1678 Commits

Author SHA1 Message Date
Grant Willcox b1c3c49eb5 Land #14757, nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes 2021-03-16 17:43:43 -05:00
Brendan Coles e30d8db082 nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes 
Resolve Rubocop violations
Fix off-by-one in array index triggered when no file upload succeeds
Fix cleanup: ensure files are removed when upload succeeds but execution fails
Add AutoCheck
Add module notes
Add error handling and associated operator feedback
Add additional writable paths required for some old Nagios versions
Add fallback to session as `apache` if privlege escalation fails
Update documentation in line with above changes and fix software download links
 2021-03-16 07:13:55 +00:00
Spencer McIntyre d580e7d122 Fix some documentation, remove unnecessary code and fix a filename typo 2021-03-11 12:09:29 -06:00
Spencer McIntyre 8d2e644f4f Add a new Java Deserialization mixin and use it to set the shell 2021-03-11 12:09:29 -06:00
dwelch-r7 319f15d938 Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
Alan Foster b06c5c12aa Rubocop recently landed modules continued 2021-02-25 14:13:40 +00:00
agalway-r7 8a339f54c1 Land #14734, updates and runs rubocop against recent modules 
Rubocop recently landed modules
 2021-02-19 13:48:47 +00:00
agalway-r7 275e9c5454 Land #14696, Further Zeitwerk lands to improve boot speed 
Zeitwerk rex folder
 2021-02-19 10:33:37 +00:00
Alan Foster 5b3fde7735 Rubocop recently landed modules 2021-02-16 15:08:08 +00:00
Brendan Coles a1c316c679 msftidy: Fix exploit module checks for author and stack buffer overflow 2021-02-13 04:10:13 +00:00
Shelby Pace c1e2cfd9e7 Land #14744, add Klog Server unauth cmd injection 2021-02-12 11:40:57 -06:00
Brendan Coles bdc2041c83 Add Klog Server authenticate.php user Unauthenticated Command Injection 2021-02-12 17:07:52 +00:00
Alan Foster bed7ae2c78 Add latest rubocop rules 2021-02-12 13:31:51 +00:00
dwelch-r7 b95be3ed10 Zeitwerk rex folder 2021-02-08 12:24:12 +00:00
cgranleese-r7 3a2932b798 Migrate old uses of manual autocheck to use the new prepend autocheck 2021-02-02 10:15:46 +00:00
William Vu 39b7ba584e Randomize strings 
Spencer tells me not to signature-bait, at least not so obviously. ;)
 2021-01-22 16:15:16 -06:00
William Vu 0d410f32c3 Add MobileIron CVE-2020-15505 exploit 2021-01-22 00:37:07 -06:00
Spencer McIntyre 9b8b4621df Land #14368, Pulse Connect Secure gzip RCE: cve-2020-8260 2020-12-17 17:43:55 -05:00
Spencer McIntyre 43b1497cf6 Remove some debug info and mark bind payloads as being incompatible 2020-12-17 16:36:20 -05:00
William Vu e52084242f Remove unused vprint_status conditional 2020-12-09 22:45:41 -06:00
William Vu 399c8dbb79 Don't be lazy about sending the request 
Don't telegraph our command injection _quite_ so much. We still
"complete" the initial command line to minimize disruption.

I am now backgrounding ssh-keygen to improve the speed of the exploit.
 2020-12-09 22:07:08 -06:00
Spencer McIntyre 2a2694ef16 Apply rubocop changes and precompute the encryption key 2020-12-07 14:59:40 -05:00
Spencer McIntyre d208e441ba Update the documentation 2020-12-07 10:54:20 -05:00
Spencer McIntyre 811de07e7a Add logout functionality and cleanup HTTP session management 2020-12-07 10:41:42 -05:00
Spencer McIntyre b968cf9183 Cleanup the payload delivery mechanism 2020-12-07 09:40:29 -05:00
Spencer McIntyre 7612845714 Add the initial Ruby port for CVE-2020-8260 2020-12-04 17:56:38 -05:00
William Vu f73a88a39c Land #14396, hadoop_unauth_exec clarification 2020-11-16 12:44:13 -06:00
Tod Beardsley 06a0634828 Describe the Hadoop vuln as not-a-vuln clearly 2020-11-16 11:31:59 -06:00
A Galway 0328e3f815 Land #14359, gives preference to default target options 2020-11-13 14:44:13 +00:00
h00die 020e90543d IOS -> IOC 2020-11-11 17:43:16 -05:00
h00die 6880376c61 add reliability, stability, side effects to pulse_secure_gzip_rce 2020-11-11 17:19:10 -05:00
William Vu fcb507e412 Fix AutoCheck 
I'm a big dummy.
 2020-11-11 15:57:38 -06:00
William Vu 42bdae919b Add SaltStack Salt REST API RCE (CVE-2020-16846) 
Leveraging CVE-2020-25592.
 2020-11-11 13:09:26 -06:00
h00die b0b9ace606 Revert "remove ruby pulse_secure_cmd_exec" 
This reverts commit efb8557e43.
 2020-11-09 20:09:12 -05:00
h00die da70b74954 fix version numbers 2020-11-08 22:38:53 -05:00
h00die 3c4962e9b0 working and clean 2020-11-08 22:31:26 -05:00
h00die 9f936038e5 cleanup rnd1 2020-11-08 08:42:19 -05:00
h00die 0e62e7793d working session on linux/x86/shell/reverse_tcp 2020-11-08 08:27:55 -05:00
Alan Foster 5b438fd933 Preference target values when registering options 2020-11-05 23:16:37 +00:00
h00die f39e4d62e2 working but needs cleanup 2020-11-04 17:59:04 -05:00
h00die bacc0f78ed permissions solved 2020-11-04 14:17:16 -05:00
h00die 8a936a07f0 stuck in read only mode 2020-11-03 18:33:40 -05:00
h00die 1e0ea16173 runs, needs cleanup 2020-11-03 15:25:49 -05:00
h00die efb8557e43 remove ruby pulse_secure_cmd_exec 2020-11-01 14:46:46 -05:00
Grant Willcox 2c391e9edc Fix up last of the module that had incorrect disclosure dates 2020-10-07 12:09:35 -05:00
Alan Foster 30809787c4 Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
Alan Foster 26ff912291 Fix invalid disclosure date formats 2020-10-02 12:20:05 +01:00
Christophe De La Fuente 2d1b378a18 Land #14122, Jenkins Deserialization RCE (CVE-2017-1000353) 2020-09-22 12:32:09 +02:00
Shelby Pace 2ae50e9304 Land #14025, add Artica Proxy auth bypass / rce 2020-09-21 15:27:53 -05:00
Shelby Pace 18fa28f96b change date format / default payload 2020-09-21 15:26:39 -05:00