adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
67,057 Commits 27 Branches 1,043 Tags
52ac28199115085bbcb61ba5b8097e34bb3c37d2
Commit Graph

4952 Commits

Author SHA1 Message Date
Erik Wynter 3ad42dd153 change option names to H3 for weblogic_deserialize_asyncresponseservice docs 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-07-07 19:04:26 +03:00
kalba-security 12522d1407 fix cve in weblogic_deserialize_asyncresponseservice docs and run msftidy_docs 2022-07-01 10:34:27 -04:00
Christophe De La Fuente 0d19e47b8d Land #16677, Add module for adding/deleting computers via MS-SAMR 2022-06-30 12:12:26 +02:00
Spencer McIntyre 1b7d8f1e74 Fix a whitespace issue, restore option naming 2022-06-29 12:24:29 -04:00
Spencer McIntyre 41ba2d263b Address PR feedback 
Simplify the application_key usage, update docs and catch another
exception.
 2022-06-28 11:53:05 -04:00
Erik e9b2fc6ecf Merge branch 'rapid7:master' into master 2022-06-23 12:52:09 -10:00
Erik 84aa9ceeb9 Update phpmailer_arg_injection.md 
Added options to the module docs for the new options
 2022-06-23 12:50:33 -10:00
Spencer McIntyre a96bc36d9c Update the docs with the Windows target 2022-06-15 17:24:44 -04:00
Spencer McIntyre 825604dda9 Add docs and a configurable password 2022-06-15 08:51:47 -04:00
bwatters f6bd8fd020 Land #16571, Vcenter offline mdb extract 
Merge branch 'land-16571' into upstream-master
 2022-06-13 10:32:07 -05:00
Jack Heysel 67ea2bc23c Land #16630 Fix duplicate ntlm hash storage 
Net-NTLM (v1 and v2) hashes were being duplicated when
stored in the database due to the unique data in the challenge
dispite being the same. This fixes that issue
 2022-06-08 14:07:34 -04:00
bwatters 3875db78ae Land #16644, Add Exploit for CVE-2022-26134 (Confluence RCE) 
Merge branch 'land-16644' into upstream-master
 2022-06-07 16:00:37 -05:00
jheysel-r7 2b99967d0c Merge branch 'master' into fix/duplicate-netntlm 2022-06-07 11:42:51 -04:00
Spencer McIntyre 1a06f69f95 Works through v7.18 now too 2022-06-06 22:03:21 -04:00
Spencer McIntyre 2c0e034a18 Fix a couple of typos 2022-06-06 18:14:05 -04:00
bwatters c751ef46c9 Land #16635, Add 0-day MSWord RCE #Follina CVE-2022-30190 
Merge branch 'land-16635' into upstream-master
 2022-06-06 14:41:31 -05:00
Spencer McIntyre 1aec2e8649 Note version in the docs 2022-06-03 18:29:28 -04:00
Spencer McIntyre 600fba7fa1 Add module docs 2022-06-03 17:26:15 -04:00
Christophe De La Fuente 474116d413 Land #16611, DotCMS File Upload to RCE Module (CVE-2022-26352) 2022-06-02 15:30:10 +02:00
RAMELLA Sébastien 3ab06461af fix. second review 2022-06-02 00:58:20 +04:00
RAMELLA Sébastien dd1814903c fix. SRVHOST default value 2022-06-02 00:07:15 +04:00
RAMELLA Sébastien 8c19a02835 fix. first review 2022-06-01 20:15:08 +04:00
Jack Heysel bea4207c62 Land PR #16607 - MyBB RCE Module (CVE-2022-24734) 
This exploit module leverages an improper input validation
vulnerability in MyBB prior to 1.8.30 to execute arbitrary
code in the context of the user running the application.
 2022-05-31 11:59:53 -04:00
Christophe De La Fuente dac355d9cf Land #16492, nfs_mount more intelligent mountability 2022-05-31 11:56:19 +02:00
RAMELLA Sébastien 7f89e92da3 add more informations about 2022-05-31 00:12:30 +04:00
Jack Heysel 2c02a607ee Responded to PR feedback 2022-05-30 14:46:54 -04:00
RAMELLA Sébastien 97921b4ed9 fix chmod 644 2022-05-30 22:11:35 +04:00
RAMELLA Sébastien dfc226cf5f add. Supposed 0day MSWord RCE 2022-05-30 21:23:18 +04:00
Christophe De La Fuente b996f5ee49 Fixes from code review 2022-05-30 16:24:18 +02:00
Spencer McIntyre 1466506069 Update the docs to be accurate 2022-05-27 14:41:06 -04:00
adfoster-r7 d225d4663c Land #16413, update local exploit suggester 2022-05-25 13:24:11 +01:00
sjanusz 6b1faf0e0e Add 'run' commands to Local Exploit Suggester docs 2022-05-25 12:05:06 +01:00
Jack Heysel 9d9d81a855 Docs update 2022-05-24 10:16:36 -04:00
sjanusz 7734161ffc Update Local Exploit Suggester documentation 2022-05-24 14:48:40 +01:00
Christophe De La Fuente bac9be956f Add documentation 2022-05-23 17:27:42 +02:00
Jack Heysel 3afb9b2ffe dotCMS file upload to RCE module 2022-05-20 15:57:22 -04:00
Spencer McIntyre 02e7a65b93 Just move the auxiliary module into an exploit 2022-05-16 17:44:31 -04:00
Grant Willcox 133b9e307a Land #16563, Zyxel Firewall Unauthenticated Command Injection (CVE-2022-30525) 2022-05-13 18:55:30 -05:00
Jake Baines 39567281bf Revised setup guidance 2022-05-13 13:41:05 -07:00
Grant Willcox 2eb31cf765 Add in edits from review 2022-05-13 15:32:12 -05:00
npm-cesium137-io 8b502d074f vcenter_offline_mdb_extract aux module 
Add new aux module vcenter_offline_mdb_extract for extracting IdP
credentials, certificates and keys from a vCenter backup file.

Added module documentation.
 2022-05-13 15:57:59 -04:00
npm-cesium137-io ecec8a5993 Clean up unrelated files. 2022-05-13 15:53:40 -04:00
bwatters 1fe04caadd Land #16406, Create get_bookmarks.rb 
Merge branch 'land-16406' into upstream-master
 2022-05-13 13:42:31 -05:00
dwelch-r7 c0c02e56ba Land #16430, Improve kerberos user enum module 2022-05-13 12:17:26 +01:00
bwatters 934f193dc0 Land #16484, Add vcenter_forge_saml_token aux module 
Merge branch 'land-16484' into upstream-master
 2022-05-12 17:36:20 -05:00
Jake Baines da133a34c8 Updated affected 2022-05-12 03:22:02 -07:00
Jake Baines 617b4ae044 Initial commit of Zyxel unauth command injection (CVE=2022-30525) 2022-05-12 01:43:59 -07:00
Grant Willcox 6354d7a055 Redo explanation of exploit in documentation to appropriately account for various nuances. Also update exploit title and description accordingly. 2022-05-11 16:43:36 -05:00
Heyder Andrade 8a6dd7152e Added tested versions reference 2022-05-11 16:43:12 -05:00
Heyder Andrade 77f60eb21e Added module and documentation for f5 icontrol RCE (CVE-2022-1388) 2022-05-11 16:43:00 -05:00