adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
60,745 Commits 27 Branches 1,043 Tags
4a9bef2e9ff009a162db0239edb38c7daa003bd9
Commit Graph

2926 Commits

Author SHA1 Message Date
Shelby Pace 9f864df5f1 use Rex::Version instead of Gem::Version 2021-06-24 10:14:17 -05:00
Shelby Pace df1faf85ff rename files, change version check, use cookie jar 2021-06-24 09:47:38 -05:00
Yann Castel 1d2e3212d3 using MIME + added some guards 2021-06-18 10:43:30 +02:00
Hakyac 7781d9ff1e Update modules/exploits/linux/http/rconfig_authenticated_rce.rb 
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2021-06-18 10:22:11 +02:00
Hakyac 1e7737f8b4 Update modules/exploits/linux/http/rconfig_authenticated_rce.rb 
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2021-06-18 10:17:52 +02:00
Hakyac f4bd18c5a3 Update modules/exploits/linux/http/rconfig_authenticated_rce.rb 
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2021-06-18 09:21:00 +02:00
Yann Castel dca4f3f471 fix download link 2021-06-17 15:19:42 +02:00
Yann Castel 0fda6b348d initial commit 2021-06-17 15:15:59 +02:00
Grant Willcox e7983c3b6f Land #15192, Enforce Style/RedundantBegin for new modules 2021-05-17 09:51:57 -05:00
adfoster-r7 ac2c467121 Land #15011, Enhance analyze command API to understand modules' needs 2021-05-14 14:30:33 +01:00
Alan Foster 100da2f1b1 Enforce Style/RedundantBegin for new modules 2021-05-13 04:01:03 +01:00
William Vu 637e9cff48 Update vmware_vrops_mgr_ssrf_rce documentation 2021-05-06 18:30:20 -05:00
Mehmet INCE bf0551979f Fix the module according to the review 2021-05-03 12:29:00 +03:00
Mehmet INCE 06157601df Remove SCREEN_EFFECTS from sideeffects 2021-05-03 11:14:43 +03:00
Mehmet INCE 9e04805c0e Adding check method to gravcms exec 2021-05-03 11:14:43 +03:00
Mehmet INCE e3d05395de Add GravCMS exec 2021-05-03 11:14:42 +03:00
William Vu d433c0fd12 Fix typo 2021-04-30 23:29:24 -05:00
Shelby Pace 0535489703 Land #14947, add IGEL OS RCE 2021-04-30 15:49:11 -05:00
Shelby Pace de22236902 add AutoCheck and update docs output 2021-04-30 15:38:57 -05:00
Rob V 41fe16463d switching to CmdStager 
- had to switch away from python payload to appease CmdStager
- removed systemd service adjustments preferring to use sleep to avoid rate limits
- updated check function to accomodate more current vulnerable version information in vendor advisory
 2021-04-30 12:53:33 -04:00
Spencer McIntyre 994825dcc9 Land #15090, Add exploit for CVE-2021-22502 2021-04-29 14:09:28 -04:00
Spencer McIntyre b2142aada7 Land #15086, Add exploit for CVE-2020-11857 2021-04-29 11:47:17 -04:00
Spencer McIntyre 4373b464ce Update the markdown module docs a bit 2021-04-29 11:46:40 -04:00
Shelby Pace a4af80d3e1 Land #15005, add VMware vRealize SSRF RCE 2021-04-27 09:19:55 -05:00
Shelby Pace 363db0e271 Land #14977, add Apache Druid js rce 2021-04-26 12:01:19 -05:00
Pedro Ribeiro 07d82cde93 fix timeout errors in rubocop 2021-04-23 22:10:38 +07:00
Pedro Ribeiro 02ce5a1724 Update modules/exploits/linux/http/microfocus_obr_cmd_injection.rb 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2021-04-23 22:01:05 +07:00
Pedro Ribeiro 58e00b582e Update modules/exploits/linux/http/microfocus_obr_cmd_injection.rb 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2021-04-23 22:00:55 +07:00
Pedro Ribeiro 651a34af53 add sploit for MF OBR cmd injection 2021-04-23 21:04:36 +07:00
Pedro Ribeiro 02656a2c31 add clarification - it's for linux only 2021-04-23 19:23:18 +07:00
Pedro Ribeiro 9a779fef79 add ZDI id 2021-04-23 15:15:09 +07:00
Pedro Ribeiro 30c333b30d fix typo in shrboadmin 2021-04-23 15:03:34 +07:00
Pedro Ribeiro 71f5955b42 add OBR SSH module 2021-04-23 15:00:06 +07:00
William Vu a62d1dfbcd Add some details back in 2021-04-21 16:02:21 -05:00
William Vu 5111caf536 Address @gwillcox-r7 review 
New words from @gwillcox-r7.
 2021-04-21 13:10:21 -05:00
William Vu 22433d5b2c Add clarifying comment 2021-04-21 10:42:10 -05:00
William Vu 08907a5e3a Add VMware vRealize Operations Manager SSRF RCE 
CVE-2021-21975 + CVE-2021-21983
 2021-04-21 10:42:10 -05:00
Grant Willcox 7b7e521d6c Fix up a wrong type field value and set it back to 1 from 2 in the send_exploit() function, since this was causing the exploit to fail 2021-04-20 17:45:51 -05:00
Grant Willcox e0f13e44d1 Land #14699, Add Nagios XI snmptrap RCE and docs (CVE-2020-5792) 2021-04-20 14:30:45 -05:00
Grant Willcox f241a050b8 Apply review comments and fixes to documentation and the module 2021-04-20 12:38:34 -05:00
Grant Willcox fcdd47e8f5 Land #15064 - Fix Rex::Socket::SSHFactory NameError in exploit/linux/ssh/f5_bigip_known_privkey 2021-04-20 10:41:42 -05:00
William Vu 8d71cfc024 Fix SSHFactory NameError in f5_bigip_known_privkey 
This could probably be refactored to use Msf::Exploit::Remote::SSH.
 2021-04-19 17:07:26 -05:00
Grant Willcox d60cdbebb3 Add in Regex fix to ensure that really old versions of NagiosXI will still be detected as vulnerable despite unusual version naming convention 2021-04-19 14:17:05 -05:00
Grant Willcox 4ac9304ca2 Land #14968 - Add Nagios XI Mibs.php Authenticated RCE module and docs (CVE-2020-5791) 2021-04-16 14:37:15 -05:00
Grant Willcox 496e074ec8 Add in fixes to documentation and module from review 2021-04-16 13:14:17 -05:00
William Vu 9e6f425427 Move exploit/linux/http/citrix_dir_traversal_rce 
To exploit/freebsd/http/citrix_dir_traversal_rce. It's actually FreeBSD.
 2021-04-15 19:13:25 -05:00
Grant Willcox 832ca92f42 Land #14700, Add Nagios XI Plugins Filename Authenticate RCE module and docs (CVE-2020-35578) 2021-04-14 16:58:55 -05:00
Grant Willcox 61395f3cb1 Update scenarios in documentation and also update the module to handle cases where the version number may not be in a format that Rex::Text can immediately handle. 2021-04-14 16:32:53 -05:00
Grant Willcox 76353efada Fix minor RuboCop error 2021-04-14 15:38:06 -05:00
Grant Willcox 154e237edd Add in fixes to documentation and module that were covered in the review process 2021-04-14 15:33:42 -05:00