adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
62,775 Commits 27 Branches 1,043 Tags
4c02405ab520ca3232aeb359a14fd82ae29e23db
Commit Graph

1305 Commits

Author SHA1 Message Date
William Vu 344bdacae4 Remove preferred payload 
We'll add it back to Framework later.
 2021-11-24 10:44:59 -06:00
William Vu e8e5467b70 Credit mr_me for keytool classloading technique 
Confirmed. :)
 2021-11-23 20:12:05 -06:00
William Vu 3702615003 Improve check precision by matching more stuff 2021-11-23 19:05:09 -06:00
William Vu e2cf3e6706 Clarify working directory for FileDropper 2021-11-23 19:05:09 -06:00
William Vu 2f1bfa738a Add ManageEngine ADSelfService Plus CVE-2021-40539 2021-11-23 19:05:09 -06:00
Grant Willcox 9023c61ac8 Land #15851, User Agent Refresh 2021-11-17 15:08:52 -06:00
Grant Willcox 7e01e33e51 Make the XML generation into a function that accepts an argument and do further cleanup to simplify the code around this 2021-11-11 23:56:11 -06:00
Grant Willcox 8d55b16ade Fix one more mistake and rename document and module to a more easy to find name 2021-11-11 16:42:58 -06:00
Grant Willcox be4fa90f1a Fix up wvu's review comments 2021-11-11 14:39:40 -06:00
Grant Willcox 9d6f0a0eb2 Update XML to reduce it to the bare minimum needed to get the exploit working. Possible I could do more but in my tests it seems everything in here now is needed 2021-11-10 16:25:08 -06:00
Grant Willcox 27310dc002 Add in exploit and documentation for CVE-2021-42237 2021-11-10 15:52:22 -06:00
Ashley Donaldson 527057c700 Updated user agent strings in some modules where it shouldn't impact exploitability 2021-11-10 11:12:38 +11:00
adfoster-r7 28eab4d871 Add Meterpreter compatibility metadata 2021-10-06 13:54:51 +01:00
Spencer McIntyre 56cd43a8b8 Land #15624, Add module for CVE-2020-27955 2021-09-15 14:54:19 -04:00
Spencer McIntyre 1bd3a764a6 Fixup issues from testing 2021-09-14 16:32:25 -04:00
adfoster-r7 46718e3390 Run Rubocop layout rules on modules 2021-09-10 12:53:39 +01:00
bwatters a7d99ebbfc Land # 15611, ProxyShell Improvements 
Merge branch 'land-15611' into upstream-master
 2021-09-07 11:47:13 -05:00
Jack Heysel 99352ad107 Move methods from lfs.rb, fix fail_with types 2021-09-03 16:17:35 -05:00
jheysel-r7 93aea73939 Update modules/exploits/windows/http/git_lfs_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-09-03 16:17:35 -05:00
Jack Heysel 5294c714aa Fix spacing 2021-09-03 16:17:35 -05:00
Jack Heysel f9c4c35431 Update the target_suitable? method 2021-09-03 16:17:35 -05:00
Jack Heysel ba64dce5b7 Rubocop offenses 2021-09-03 16:17:30 -05:00
Jack Heysel 3c43bd409d Added docs an Git User-Agent FP 2021-09-03 16:15:39 -05:00
Jack Heysel 514a37ef2f Removed unecessary gem file + rubocop 2021-09-03 16:15:39 -05:00
Jack Heysel 21d99a74fb beta commit 2021-09-03 16:15:38 -05:00
Spencer McIntyre 33da289a9c Print stderr when it's not blank 2021-08-31 09:18:11 -04:00
Spencer McIntyre 95015f0c2b Update the ProxyShell module docs 2021-08-27 17:50:28 -04:00
Spencer McIntyre 425dcf1f81 Cleanup and refactor the exploit logic 2021-08-27 17:26:40 -04:00
Spencer McIntyre 965dec43ae Delete the draft email 2021-08-27 16:59:17 -04:00
Spencer McIntyre 0b3b0aab7d Fix the UNC path conversion regex 2021-08-27 15:56:58 -04:00
Spencer McIntyre 5e32ca9f56 Improve error checks and dont use whoami 2021-08-27 15:52:34 -04:00
Spencer McIntyre c4cf99795e Remove the requirement on knowing an email address 2021-08-27 15:34:51 -04:00
Spencer McIntyre 845c01f27f Store the enumerated mailbox email addresses 2021-08-27 15:07:13 -04:00
Spencer McIntyre 6c01a0dbea Work off of the system mailbox 2021-08-27 14:32:26 -04:00
adfoster-r7 4a9a15e638 Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
Spencer McIntyre d5fdcb8fcb Add the plumbing to enumerate email addresses 2021-08-27 11:44:27 -04:00
William Vu 0a06730802 Update contributors 2021-08-19 10:30:21 -05:00
Spencer McIntyre 84f8c44e69 Write to the targeted backend server 2021-08-18 12:34:40 -04:00
Spencer McIntyre 75e63992d6 Write an exploit for ProxyShell 2021-08-18 10:50:34 -04:00
William Vu 6fbaecf919 Backport print changes to recent modules 2021-07-08 21:26:35 -05:00
Grant Willcox 62f9d15ba3 Land #15314, Add Exploit for CVE-2021-31181 (SharePoint RCE) 2021-06-16 10:39:49 -05:00
Spencer McIntyre d1be69eae6 Implement changes based on PR feedback 2021-06-14 10:15:27 -04:00
Spencer McIntyre edee95bbb2 Update the check to not fail if a COOKIE is used 2021-06-10 11:29:07 -04:00
agalway-r7 1858b574ec Land #15305, Authenticated RCE module for NSClient++ 2021-06-09 15:38:34 +01:00
Yann Castel c7b7b871c9 missing variable e for rescue 2021-06-09 11:13:39 +02:00
Yann Castel 674eb51f86 add scenario + small changes 2021-06-09 08:59:35 +02:00
Spencer McIntyre 3afe3ebfa3 Add the module docs 2021-06-08 15:23:24 -04:00
Spencer McIntyre 325ecfedff Add some error handling while extracting the key 2021-06-08 14:58:58 -04:00
Hakyac dc40cddb04 Update modules/exploits/windows/http/nscp_authenticated_rce.rb 
Co-authored-by: bcoles <bcoles@gmail.com>
 2021-06-08 16:38:01 +02:00
Hakyac d2bf8ae912 Update modules/exploits/windows/http/nscp_authenticated_rce.rb 
Co-authored-by: bcoles <bcoles@gmail.com>
 2021-06-08 16:34:40 +02:00