adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
62,775 Commits 27 Branches 1,043 Tags
4c02405ab520ca3232aeb359a14fd82ae29e23db
Commit Graph

2349 Commits

Author SHA1 Message Date
Jeffrey Martin d802a9ee0b remove rubocop exemption no longer required 2021-11-23 07:58:07 -06:00
Jeffrey Martin 21a6a18d92 trade URI.encode & URI.escape for Ruby 3 
Ruby 3 removed the `URI.escape` methods however access to
the a parse for the same RFC is stil available at `URI::DEFAULT_PARSER.escape`.

Per the Ruby forum [comment](https://bugs.ruby-lang.org/issues/17309#note-1) this should equal.
 2021-11-22 14:11:03 -06:00
Jake Baines 4b7c5acc5b Changed qx delimiter to # and added it to badchars. Defaulted to a staged payload 2021-11-03 10:51:37 -07:00
Jake Baines 116e2b0c1d Enabled use of cmdstager::flavor printf. Tested against a CentOS install. Updated docs. Default to MeterpreterTryToFork and enabled autocheck 2021-11-03 08:49:09 -07:00
Jake Baines beb30f2b6a Expanded cmdstager flavors. Removed bad variable name 2021-11-02 12:01:36 -07:00
Jake Baines 10bb77ea4b Addressed a wide variety of spelling and formatting issues. Added a reference. Registered TARGETURI. Randomized the image payload in check. Added additional options information to documentation. 2021-11-02 09:50:06 -07:00
Jake Baines 3aadb6000b Initial version of CVE-2021-22205 GitLab Unauth RCE 2021-11-02 01:46:51 -07:00
dwelch-r7 73e55fcaee Land #15665, Add Meterpreter compatibility metadata 2021-10-29 12:45:26 +01:00
Spencer McIntyre 7fc38d1b50 Land #15754, add apache2 path traversal modules 2021-10-22 12:40:57 -04:00
William Vu 42ed1b6eef Add Windows support to CVE-2021-26084 exploit 2021-10-14 16:58:04 -05:00
dwelch-r7 dcb42da269 Land #15612, Add multiple moodle modules 2021-10-11 23:18:55 +01:00
h00die 59aa525ecb rubocop 2021-10-11 16:23:09 -04:00
RAMELLA Sébastien 60b2b0f009 update modules and docs 2021-10-10 17:01:15 +04:00
RAMELLA Sébastien 256b4edf78 update modules to CVE-2021-42013 2021-10-08 15:22:47 +04:00
adfoster-r7 28eab4d871 Add Meterpreter compatibility metadata 2021-10-06 13:54:51 +01:00
adfoster-r7 9884634d0b Land #15744, update description, refs, and rubocop on tomcat_jsp_upload_bypass 2021-10-05 10:25:47 +01:00
h00die d9d3204e1c update description, ref, rubocop 2021-10-04 22:14:51 -04:00
h00die f49d817ac4 working on cd 2021-10-03 16:13:38 -04:00
adfoster-r7 a7aa255389 Update gitea git hooks rce check method 2021-10-01 01:11:11 +01:00
adfoster-r7 c86f52a3ec Land #15679, bug fix for tomcat_mgr_upload module not undeploying app after exploit 2021-09-21 03:34:43 +01:00
Spencer McIntyre 4bccc0541f Add a note about exploitable versions 2021-09-16 17:08:23 -04:00
Spencer McIntyre fd0f565095 Add automatic targeting for the CVEs 2021-09-16 15:15:52 -04:00
Spencer McIntyre 9f971e8716 Update the module for CVE-2021-3287 2021-09-16 12:58:30 -04:00
Naveen Sunkavally d1da74d329 bug fix to undeploy app after exploit 2021-09-15 21:54:21 -04:00
Spencer McIntyre fb74888a31 Correct the CVE reference 2021-09-15 08:42:55 -04:00
Spencer McIntyre d82ed7d4a2 Write up the module docs 2021-09-14 09:10:44 -04:00
Spencer McIntyre 3986707895 Add and test the remaining targets 2021-09-14 09:10:44 -04:00
Spencer McIntyre d640866b68 Apply rubocop changes and fix all targets 2021-09-14 09:10:44 -04:00
Spencer McIntyre d4834631c3 Add the generated YSoSerial gadget chain 2021-09-14 09:10:44 -04:00
Spencer McIntyre 02fde3ac51 Initial work on CVE-2021-3287 2021-09-14 09:10:44 -04:00
adfoster-r7 46718e3390 Run Rubocop layout rules on modules 2021-09-10 12:53:39 +01:00
h00die 65aae010ce more libs for moodle and teacher priv esc to rce module 2021-09-04 13:31:11 -04:00
h00die 77dff0fc13 working admin shell 2021-09-01 17:49:17 -04:00
h00die 3580920dde moving more to libs 2021-09-01 17:36:38 -04:00
h00die e3115ba9e9 rubocop this thing 2021-08-29 17:18:06 -04:00
h00die 5ea2cf9e5a moodle_admin_shell_upload working and minor other fixes 2021-08-29 16:59:44 -04:00
h00die b969d57f22 admin shell upload initial commit 2021-08-29 10:51:58 -04:00
h00die 176c1f0751 moodle lib and module 2021-08-29 10:50:25 -04:00
h00die d3b00aa10a Merge branch 'cleanup_moodle' into moodle_310_rce 2021-08-29 07:15:01 -04:00
h00die a35be13958 moodle 3.8.0 tested 2021-08-28 08:10:28 -04:00
h00die 3801c525c3 cleanup moodle_cmd_exec 2021-08-27 20:03:27 -04:00
h00die cd24ad1bdf lint 2021-08-27 19:53:45 -04:00
h00die b9c9ed243a lint 2021-08-27 19:51:52 -04:00
h00die c0a8535764 moodle spellcheck rce 2021-08-27 19:51:52 -04:00
adfoster-r7 4a9a15e638 Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
space-r7 c9bdd96c76 remove GIT_HOOK option 
post-checkout is the only hook that will work
with this exploit, so no option is needed. Also update
the documentation to reflect that.
 2021-08-12 10:18:13 -05:00
space-r7 31cbcb7774 add notes to updated modules 2021-08-12 10:18:13 -05:00
space-r7 70f304a548 change modules to use hash in build_commit_object 2021-08-12 10:18:13 -05:00
Shelby Pace d0c0372596 add request / response classes 2021-08-12 10:18:12 -05:00
Shelby Pace a4cc95448f remove namespace 2021-08-12 10:18:12 -05:00