adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
47,584 Commits 27 Branches 1,043 Tags
4e46ebdb9c0014ec210c59f0246c8207bef3fc2c
Commit Graph

1848 Commits

Author SHA1 Message Date
Brent Cook e78337d59a Land #10374, Net::SSH::CommandStream fixes 2018-07-25 18:21:39 -05:00
Wei Chen 6c2e8f2402 Land #10300, Add root exploit for Axis network cameras 2018-07-25 14:46:04 -05:00
Wei Chen f169afff6a Add documentation and a new reference 2018-07-25 14:44:44 -05:00
William Vu 60faddebbf Update authors with sinn3r 2018-07-25 14:35:09 -05:00
William Vu efacaef9df Clamp compatible payloads until we know better 2018-07-25 14:14:15 -05:00
William Vu 86d634cb64 Update module for MVP 2018-07-25 12:01:36 -05:00
Sonny Gonzalez f5ccdcfcd2 Net SSH CommandStream fixes implemented 
* Net::SSH::CommandStream typos fixed
* Net::SSH::CommandStream cleanup made more robust and refactored
* require 'net/ssh/command_stream' added to various modules
 2018-07-25 11:22:28 -05:00
Brent Cook 08290b81c0 Land #10282, Add support for running external modules outside of msfconsole 2018-07-18 17:38:40 -05:00
Brent Cook b90583d07c don't throw an exception in haraka checks if we cannot connect 2018-07-18 17:17:45 -05:00
Tim W 70a1df70a1 Land #9753, Linux BPF sign extension local privesc 2018-07-18 18:44:14 +08:00
Brendan Coles 6bf184dbcf Update tested versions 2018-07-17 06:24:16 +00:00
Jacob Robles 6e450973b9 Land #10295, Add QNAP Q'Center change_passwd Command Execution exploit 2018-07-14 10:09:46 -05:00
Jacob Robles 18e65abc54 Fix link 2018-07-14 10:03:01 -05:00
Brendan Coles 9bdec97b2e Fix bpf_sign_extension_priv_esc 2018-07-13 23:01:17 +00:00
Brendan Coles 4e72dff791 Update module references 2018-07-14 05:03:13 +10:00
William Vu c9001699cd Land #10027, Hadoop unauthed command execution 2018-07-12 21:58:49 -05:00
William Vu 50252c75d6 Clean up module 
With a little rubocop -a.
 2018-07-12 21:58:00 -05:00
William Vu 9080b38dcc Add Axis camera exploit (VDOO research) 2018-07-12 18:46:49 -05:00
Wei Chen e613b2570a Land #10299, Add 88 CVEs to various auxiliary and exploit modules 2018-07-12 18:26:07 -05:00
William Vu 3546286049 Add missed ARCH_CMD to top-level Arch array 
It's not necessary because of targets, but it's required for printing.
 2018-07-12 17:37:06 -05:00
asoto-r7 1a3a4ef5e4 Revised 88 aux and exploit modules to add CVEs / references 2018-07-12 17:34:52 -05:00
Brendan Coles 4b62f41369 Add QNAP Q'Center change_passwd Command Execution exploit 2018-07-12 20:00:17 +00:00
William Vu acb20e5a29 Land #9780, CouchDB auth bypass and RCE 2018-07-12 03:36:17 -05:00
William Vu f53080ee60 Fix exploit and do final cleanup 2018-07-12 02:13:30 -05:00
William Vu 167745c124 Selectively add RuboCop fixes 2018-07-11 22:49:46 -05:00
William Vu ccc3267166 Correct rubocop -a 
We'll update .rubocop.yml later.
 2018-07-11 22:49:46 -05:00
William Vu ca5e496b8f Run rubocop -a 2018-07-11 21:40:19 -05:00
Brent Cook 1af360d7e0 Land #10108, add IBM QRadar SIEM exploit 2018-07-10 11:52:32 -05:00
Adam Cammack 1fddbdb8ef Specify the command option external modules 2018-07-10 10:24:07 -05:00
Wei Chen 5fc5a47cd2 Update CVE references for exploit modules 
These are based on cross references by EDB, OSVDB, module short
name, blog post and BID.
 2018-07-08 18:46:04 -05:00
Shelby Pace b5fb970aec Land #10133, Add HID discoveryd RCE exploit 2018-07-06 14:32:29 -05:00
Brent Cook 05a0d79be7 Land #10219, Add HP VAN SDN Controller exploit 2018-07-05 14:21:44 -05:00
William Vu 53d5d82498 Rename module to match new vector 2018-07-05 13:31:16 -05:00
William Vu 762b4b5e53 Simplify creds auth by checking X-Auth-Token alone 
It's a lot more direct than checking for the redirect.
 2018-07-05 13:20:27 -05:00
William Vu 2b069f45ca Clarify how we're using the auth token for creds 
In the service token's case, the service token *is* the auth token.
 2018-07-05 13:05:23 -05:00
William Vu 41b0adad88 Use uninstall action command injection 2018-07-03 18:07:22 -05:00
William Vu a25a656d28 Add "E" to HP to make HPE for better searches 
We'll stick with calling it HP everywhere else.
 2018-07-03 10:29:09 -05:00
William Vu 1bf94ac448 Spruce up check method and related 2018-07-02 13:59:24 -05:00
William Vu 6e090acc76 Stop joking with timeouts 2018-07-02 13:18:31 -05:00
William Vu 78ca4d4217 Finally use Msf::Util::EXE.to_zip 8) 2018-07-02 13:04:59 -05:00
Green-m aa3fcea377 update check method to print error message normaliy 2018-07-01 23:17:34 -04:00
Green-m c3b71d4642 Update mismatch indentation and others 2018-07-01 22:43:07 -04:00
Pedro Ribeiro 6ace45e312 Add correct IBM CVE 
Turns out IBM decided to revisit the advisory and attribute 3 different CVE numbers intead of 1.
 2018-06-30 12:06:16 +07:00
William Vu 78cefe0528 Clarify original exploit credit 
It's definitely more than a PoC (exploit). It's weaponized.
 2018-06-29 13:02:40 -05:00
William Vu 34f303187f Drop privesc retval, since it's obsoleted by print 2018-06-29 12:53:59 -05:00
Jacob Robles fc3199259b Land #9958, Nagios xi 2 electric 2018-06-29 12:16:18 -05:00
William Vu dbb502ae19 Refactor code and address review comments 2018-06-29 12:13:15 -05:00
Jacob Robles 675a736ab7 Update Docs 2018-06-29 11:08:31 -05:00
Jacob Robles 574c47cba6 Change Ranking 
Command to change the database user
account could cause a DoS condition
if the credentials are incorrect.
 2018-06-29 10:56:18 -05:00
Jacob Robles 57b89444f3 Additional style fixes 2018-06-29 10:53:57 -05:00