adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
71,990 Commits 27 Branches 1,043 Tags
4e61596e7aff309bf20bbc8ee69f2c2ceda10037
Commit Graph

7570 Commits

Author SHA1 Message Date
Rory McKinley 1b172768b4 Use upstream ruby-mysql in Remote::MYSQL 
* ... and dependents
 2023-10-12 13:08:35 +02:00
sfewer-r7 8431d11654 leverage Rex::MIME::Message instead of creating the multipart data manualy 2023-10-04 09:39:25 +01:00
sfewer-r7 ccd8c71ec6 change the payload space to 5000. This allows all the payloads I tested to work but also allows all the 3 gadget chains I tested to work. ClaimsPrincipal and TypeConfuseDelegate will fail if the space is too large. 2023-10-04 09:38:42 +01:00
sfewer-r7 1be8e0245b remove the powershell target as the powershell command adapter will handle this for us (thanks Spencer). Increate the space to handle the larger powershell command lines. I tested with cmd/windows/powershell/x64/meterpreter/reverse_tcp and the powershell command length was 4404. 2023-10-03 17:48:37 +01:00
sfewer-r7 2eacb75feb Add a reference to the AssetNote blog. Better describe what teh TARGET_URI option is for and why it defaults to /AHT/ 2023-10-03 11:17:21 +01:00
sfewer-r7 1695a12c9c Explicitly state both the release name (e.g. 2022.0.2) and the version number (e.g. 8.8.2) in a more consistent way. 2023-10-02 17:40:11 +01:00
sfewer-r7 53ed4a632b add in exploit module for CVE-2023-40044 - WS_FTP unauthenticated RCE via .NET deserialization. 2023-10-02 11:42:19 +01:00
bwatters a4c6b11237 Fix pass by reference bug on the module side 2023-09-27 09:43:32 -05:00
Christophe De La Fuente 1058291af9 Land #18314, Windows Error Reporting RCE (CVE-2023-36874) 2023-09-27 15:25:06 +02:00
bwatters 0b84feaf60 updates from code review 2023-09-26 14:03:31 -05:00
bwatters be731f330e Add error checking and randomize the report directory 2023-09-22 14:43:21 -05:00
bwatters 03fa034ff5 Actually delete the file I told you to delete 2023-09-20 09:10:51 -05:00
cgranleese-r7 37b506c238 Land #18374, fix related modules references 2023-09-20 10:03:47 +01:00
bwatters b4a1bb8fa2 Add docs and support for shell sessions; update exe to work without runtime lib. 2023-09-19 17:50:18 -05:00
cgranleese-r7 23dc1a487d Land #18321, Add Ivanti Avalanche MDM Buffer Overflow Exploit (CVE-2023-32560) 2023-09-18 10:43:45 +01:00
h00die dd947d49cc fix related modules references 2023-09-15 16:42:03 -04:00
h00die cd183194fd fix related modules references 2023-09-15 16:40:22 -04:00
h00die 13e7f6cc27 fix related modules references 2023-09-15 16:35:55 -04:00
Simon Janusz 8b56dc0117 Land #18250, CVE-2023-28252: Windows CLFS Driver Privilege Escalation 2023-09-14 10:18:29 +01:00
Jack Heysel b80f9a84e4 Updated check method and reliability 2023-09-11 13:10:57 -04:00
Jack Heysel 96a6baa500 Land #17474, Add Windows 11 support for Capcom LPE 
This PR adds support to the Capcom.sys LPE for Windows 11 21H1
 2023-09-08 13:43:07 -04:00
jheysel-r7 0111e55006 Update modules/exploits/windows/local/capcom_sys_exec.rb 2023-09-08 13:05:44 -04:00
bwatters 946794c3f8 Land #18341, add CVE-2023-38831 for Winrar 6.22 
Merge branch 'land-18341' into upstream-master
 2023-09-07 15:59:36 -05:00
xaitax adae68d288 Update winrar_cve_2023_38831.rb 2023-09-07 22:01:49 +02:00
Alex 4d2277faa3 Update modules/exploits/windows/fileformat/winrar_cve_2023_38831.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2023-09-07 21:46:24 +02:00
Alex 51d80b626f Update modules/exploits/windows/fileformat/winrar_cve_2023_38831.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2023-09-07 21:46:16 +02:00
Alex 8b40f56fd7 Update modules/exploits/windows/fileformat/winrar_cve_2023_38831.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2023-09-07 21:46:09 +02:00
Alex cc78156b8c Update modules/exploits/windows/fileformat/winrar_cve_2023_38831.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2023-09-07 21:46:00 +02:00
xaitax 28785eb8a1 Remove payload space 2023-09-07 19:59:31 +02:00
Ege Balcı e286c96dee Update modules/exploits/windows/http/lg_simple_editor_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-09-07 17:00:17 +00:00
Ege Balcı 3509193ae8 Update modules/exploits/windows/http/lg_simple_editor_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-09-07 17:00:10 +00:00
bwatters 91e7af4370 Added check, some stealth, and cleaned code 2023-09-05 14:29:13 -05:00
xaitax ac91516cc9 Update winrar_cve_2023_38831.rb 2023-09-04 20:25:20 +02:00
xaitax b0fa4cc266 Update winrar_cve_2023_38831.rb 2023-09-04 19:54:43 +02:00
xaitax d5f355d8de WinRAR 6.22 (CVE-2023-38831) 2023-09-04 18:56:22 +02:00
Ege Balcı 4088276b36 Adjust option name 2023-09-04 16:46:14 +02:00
Ege Balcı c2fc371721 Update modules/exploits/windows/misc/ivanti_avalanche_mdm_bof.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-09-01 01:59:03 +00:00
Ege Balcı 9044588971 Update modules/exploits/windows/misc/ivanti_avalanche_mdm_bof.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-09-01 01:53:40 +00:00
Ege Balcı f96ca4429a Update modules/exploits/windows/misc/ivanti_avalanche_mdm_bof.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-09-01 01:53:31 +00:00
Ege Balcı 20a22f1baf Fix check, randomize JSP name, ditch backup 2023-09-01 03:46:58 +02:00
Ege Balcı 757e942ac9 Update modules/exploits/windows/http/lg_simple_editor_rce.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-09-01 01:16:32 +00:00
bwatters ccba494e61 Exploit working, still needs to be cleaned up 2023-08-29 18:01:44 -05:00
Ege Balcı 32f9357f7a Update side effects 2023-08-29 18:08:11 +02:00
Ege Balcı 1d9c7fde77 Add LG Simple Editor Unauthenticated RCE (CVE-2023-40498) Exploit 2023-08-29 17:58:43 +02:00
Christophe De La Fuente 7fa2586e34 Land #18247, Netgear NMS RCE CVE-2023-38096/8 2023-08-28 11:23:08 +02:00
Ege Balcı 65402ab3ab Update stability to CRASH_SAFE 2023-08-26 18:55:31 +02:00
Ege Balcı 047a1c9e03 Remove TRA (Tenable vuln ID) 2023-08-26 18:45:42 +02:00
Ege Balcı ed01948ffe Randomize buffer + use make_nops 2023-08-26 18:43:07 +02:00
Ege Balcı 721d5cfaa1 Update modules/exploits/windows/misc/ivanti_avalanche_mdm_bof.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-08-26 16:27:21 +00:00
Ege Balcı 06ab901397 Update modules/exploits/windows/misc/ivanti_avalanche_mdm_bof.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-08-26 16:27:12 +00:00