adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
71,990 Commits 27 Branches 1,043 Tags
4e61596e7aff309bf20bbc8ee69f2c2ceda10037
Commit Graph

1460 Commits

Author SHA1 Message Date
sfewer-r7 8431d11654 leverage Rex::MIME::Message instead of creating the multipart data manualy 2023-10-04 09:39:25 +01:00
sfewer-r7 ccd8c71ec6 change the payload space to 5000. This allows all the payloads I tested to work but also allows all the 3 gadget chains I tested to work. ClaimsPrincipal and TypeConfuseDelegate will fail if the space is too large. 2023-10-04 09:38:42 +01:00
sfewer-r7 1be8e0245b remove the powershell target as the powershell command adapter will handle this for us (thanks Spencer). Increate the space to handle the larger powershell command lines. I tested with cmd/windows/powershell/x64/meterpreter/reverse_tcp and the powershell command length was 4404. 2023-10-03 17:48:37 +01:00
sfewer-r7 2eacb75feb Add a reference to the AssetNote blog. Better describe what teh TARGET_URI option is for and why it defaults to /AHT/ 2023-10-03 11:17:21 +01:00
sfewer-r7 1695a12c9c Explicitly state both the release name (e.g. 2022.0.2) and the version number (e.g. 8.8.2) in a more consistent way. 2023-10-02 17:40:11 +01:00
sfewer-r7 53ed4a632b add in exploit module for CVE-2023-40044 - WS_FTP unauthenticated RCE via .NET deserialization. 2023-10-02 11:42:19 +01:00
Ege Balcı e286c96dee Update modules/exploits/windows/http/lg_simple_editor_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-09-07 17:00:17 +00:00
Ege Balcı 3509193ae8 Update modules/exploits/windows/http/lg_simple_editor_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-09-07 17:00:10 +00:00
Ege Balcı 20a22f1baf Fix check, randomize JSP name, ditch backup 2023-09-01 03:46:58 +02:00
Ege Balcı 757e942ac9 Update modules/exploits/windows/http/lg_simple_editor_rce.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-09-01 01:16:32 +00:00
Ege Balcı 32f9357f7a Update side effects 2023-08-29 18:08:11 +02:00
Ege Balcı 1d9c7fde77 Add LG Simple Editor Unauthenticated RCE (CVE-2023-40498) Exploit 2023-08-29 17:58:43 +02:00
Ege Balcı 329920eeb2 Add Netgear NMS RCE (CVE-2023-38096/8) exploit 2023-08-02 18:03:57 +02:00
ismaildawoodjee e61342afac Proper error handling for closing TCP socket and used Rex exceptions 2023-07-09 07:25:09 -04:00
ismaildawoodjee 1706812099 Implemented requested changes 
* Small fixes in Description - removed backticks
* Implemented Windows Command target
* Removed PowerShell Stager, in Targets and in exploit method
* Implemented Rex::Socket::Tcp in place of TCPSocket

* Updated TARGET section in documentation
* Added TARGET 0 - Windows Command scenario
* Removed PowerShell Stager scenario
* Replaced 'Using configured payload' lines to use Windows Command payload
  for the 2nd, 3rd, and 4th scenarios. Did not rerun the scenarios, however
 2023-07-07 04:14:20 -04:00
Ismail Dawoodjee f959dee046 Change module name 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2023-07-06 18:50:44 +03:00
ismaildawoodjee 591fee1850 Fix msftidy complaining about https:// URL scheme in Line 2 2023-07-06 11:01:54 -04:00
ismaildawoodjee ad0d3e79a9 SmarterMail RCE module and documentation 2023-07-06 08:00:28 -04:00
adfoster-r7 085943bd78 Add Ruby 3.3.0-preview1 to test suite 2023-06-29 22:53:17 +01:00
Spencer McIntyre dfd450561e Tweak some messages and cleanup markdown table 2023-06-22 14:23:25 -04:00
bwatters a05bde217c Ensure any users we create are deleted 2023-06-22 12:18:07 -05:00
bwatters 5f667e1d79 Address code review 2023-06-22 10:22:43 -05:00
bwatters a2c2a9193f Update error catching logic 2023-06-22 08:27:44 -05:00
bwatters 2adea08f67 Add documentation & code cleanup 2023-06-21 15:41:50 -05:00
bwatters 52907ac794 Add space limitation 2023-06-21 12:56:59 -05:00
bwatters 10c6e6328f Add user cleanup and update error handling 2023-06-21 12:00:34 -05:00
bwatters 9d16b0043b Add check method 2023-06-21 11:26:04 -05:00
bwatters 957339b3c0 Simplify output 2023-06-21 08:34:02 -05:00
bwatters d63c14dc17 Ugly, but working 2023-06-20 20:06:57 -05:00
bwatters d5a986a4bc Fix copy/pasta 2023-06-15 08:34:30 -05:00
bwatters f5f61ca508 Start of MOVEit port 2023-06-14 10:04:07 -05:00
Grant Willcox 617aff5a43 Fix up supported payloads and remove nonused parameter 2023-06-02 09:48:03 -05:00
Grant Willcox f7d2cdae56 Add in ability to restore settings n documentation changes. 
Previously there was not the ability to restore the server proxy setting.
This updates the code to do so. Additionally this also updates the documentation
to note that Fetch payloads are incompatible with this module since they
use HTTP connections that will be impacted by this module changing the server's
HTTP proxy settings. There is no way around this.
 2023-06-02 09:48:03 -05:00
Grant Willcox 965311d09e Fix documentation and fix bug in creating PARMS value 2023-06-02 09:48:02 -05:00
Grant Willcox 6e89f9b275 Address review comments 2023-06-02 09:48:02 -05:00
Grant Willcox 8577f21e52 Add in documentation and updated code 2023-06-02 09:48:01 -05:00
Grant Willcox 05bb3cd182 Update again 2023-06-02 09:48:01 -05:00
Grant Willcox c78a9bac1d Remove dropper target and try expand potential BadChars and limit payload size??? 2023-06-02 09:48:01 -05:00
Grant Willcox 6d066dc649 Add in initial copy of exploit 2023-06-02 09:47:49 -05:00
Grant Willcox 459cf871cb Land #17979, Add exploit for Ivanti Avalanche file upload - CVE-2023-28128 2023-05-16 09:19:33 -05:00
Grant Willcox 560fc9000b Fix up checks on responses to make sure they are more robust checks 2023-05-12 16:08:47 -05:00
Grant Willcox 3b2d23eeae Fix up check method, unduplicate fail_with messages to make them unique, and add @cleanup_needed so we can check if cleanup is needed to avoid unnecessary messages when just checking if the target is vulnerable or not 2023-05-12 14:14:40 -05:00
space-r7 722de33b6f address feedback, use cleanup to restore path 
fix bug where if config restore failed, module would
output that it was both a failure and a success
add akb topic as reference
 2023-05-11 13:20:25 -05:00
Shelby Pace 131f2519bc Update modules/exploits/windows/http/ivanti_avalanche_filestoreconfig_upload.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-05-11 10:48:48 -05:00
Grant Willcox 9f6a1c18a1 Minor updates to fix URLs, disclosure date, description, and minor gramatical things 2023-05-10 18:22:00 -05:00
space-r7 e514de9aef add comment about jsf substitution 2023-05-10 09:13:01 -05:00
space-r7 d1e3ce1183 add Ivanti Avalanche file upload 2023-05-08 17:41:52 -05:00
Grant Willcox f773d348e1 Add in notes about reliability of the module, and also add documentation on 7005 test on Windows 2022 2023-05-08 12:11:01 -05:00
space-r7 f04dababa2 add upload code 2023-05-05 18:59:46 -05:00
ErikWynter b8856bbb87 fix capitalization of Htlm_fileName JSON parram 2023-05-05 09:59:11 +03:00