adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
59,357 Commits 27 Branches 1,043 Tags
560327debaa90f5fb932ab49154eee89dd80b0e6
Commit Graph

30201 Commits

Author SHA1 Message Date
Christophe De La Fuente c8819259ae Land #14414, CVE-2020-1337 - patch bypass for CVE-2020-1048 2021-01-15 19:13:14 +01:00
bwatters 9beb570ca3 Remove unnecessary require that broke things 2021-01-15 08:32:05 -06:00
Spencer McIntyre 1e633276e4 Land #14615, Update the metasploit-payloads and mettle gems 2021-01-14 12:14:47 -05:00
Spencer McIntyre 65dfaf9453 Update the metasploit-payloads and mettle gems 2021-01-14 10:16:17 -05:00
Spencer McIntyre ea154717aa Use an absolute assembly path for the CVE-2020-17136 exploit 2021-01-14 08:53:11 -05:00
Grant Willcox 6fc4518625 Land #14600, Refactor and document some of the FileSystem mixin methods 2021-01-12 16:10:23 -06:00
bwatters d8e68e6487 Specify you must be SYSTEM for dll removal in docs and removed unused variable in the module 2021-01-12 11:45:53 -06:00
Spencer McIntyre 33bd712e0a Land #14585, Create module for CVE-2020-17136: Cloud Filter Arbitrary File Creation EoP 2021-01-11 17:16:40 -05:00
bwatters 50e115b414 Cleanup and edits per review from Christophe 
Removed unused method from ps script
Cleaned up some code in the module
Added removal instructions to the documentation
 2021-01-11 16:02:58 -06:00
Shelby Pace 7aef731267 Land #14572, add AIT CSV import rce 2021-01-11 15:37:05 -06:00
h00die 7d7263cf1f spelling 2021-01-09 08:13:19 -05:00
Spencer McIntyre 829bacbef6 Refactor and document some of the FileSystem mixin methods 2021-01-08 16:10:36 -05:00
Grant Willcox 3072391d00 Make second round of review edits to fix Spencer's comments 2021-01-08 12:50:52 -06:00
Christophe De La Fuente 2886ee0448 Land #14582, Support command actions for post modules and consolidate VSS modules 2021-01-08 16:54:04 +01:00
Christophe De La Fuente 6092fa32ae Land #14515, fix reverse_awk and bind_awk exit behavior 2021-01-08 14:37:38 +01:00
Grant Willcox d5bb36c530 Fix up code to use built in cd() and mkdir() commands, and adjust code to not overwrite datastore hash. Also use service_hash over manually starting the service. 2021-01-07 17:39:30 -06:00
bwatters 7d81b4826d Update credits 2021-01-07 16:30:19 -06:00
Spencer McIntyre 104a9575d8 Use a regex to perform a check on the DEVICE option 2021-01-07 15:02:46 -05:00
Anurag Mondal 2465c6ca0f Update webmin_show_cgi_exec.rb 
Fixed some typos.
 2021-01-07 15:05:53 +05:30
bwatters 5e5d7b1abb Update to execute_string to avoid the issue where an arbitrary 
length comment is required for the exploit to work.
 2021-01-06 17:08:22 -06:00
Grant Willcox 3e52debd8b Update the exploit a bit more to remove excess options and also update the documentation accordingly. 2021-01-06 12:16:06 -06:00
Grant Willcox 5262e16694 Make adjustments since the exploit can currently only target x64 systems 2021-01-06 11:40:02 -06:00
Christophe De La Fuente 17c393f101 Land #14046, Adding juicypotato-like privilege escalation exploit for windows 2021-01-06 16:02:05 +01:00
Grant Willcox 863417fca7 Second round of updates and some rubocop changes to conform to standards. 2021-01-06 01:30:40 -06:00
Grant Willcox 81ee149ea2 Add check code support to module and update the documentation accordingly, plus rework the module description 2021-01-06 01:06:08 -06:00
Grant Willcox 839daf93e9 Update the compiled DLL and redo a lot of the module to get it into its first ready state using a different DLL hijack I found during research 2021-01-05 16:12:08 -06:00
Shelby Pace 7cab5568ab Land #14568, add total upkeep backup download 2021-01-05 14:01:04 -06:00
bwatters 54f5e565fa Land #14330, SpamTitan Gateway Remote Code Execution 
Merge branch 'land-14330' into upstream-master
 2021-01-04 12:14:12 -06:00
Grant Willcox 668eeae4e1 Initial push of code 2021-01-04 12:04:38 -06:00
Shelby Pace 9e41dfec62 Land #14334, close socket in x86 bind payloads 2021-01-04 11:50:07 -06:00
Spencer McIntyre 6ac9cb7c0e Apply rubocop changes for the new VSS module 2021-01-04 12:26:36 -05:00
Spencer McIntyre 2f58d246e7 Add documentation for the new VSS module 2021-01-04 12:25:41 -05:00
Spencer McIntyre 2b1ac98eba Deprecate all of the old vss_* modules in favor of the new unified one 2021-01-04 10:54:42 -05:00
Spencer McIntyre fd2a752052 Add the VSS_UNMOUNT action and use the win32 API instead of a command 2021-01-04 10:45:41 -05:00
h00die d8c55501a5 ait csv improter exploit 2021-01-01 12:14:52 -05:00
h00die c64d0038ab review step 1 2020-12-31 12:54:33 -05:00
h00die ff3dd7b73a first go of wp_total_upkeep 2020-12-30 16:34:12 -05:00
Spencer McIntyre 88f5fada50 Initial unified VSS module 2020-12-29 17:48:17 -05:00
Spencer McIntyre 8701a2e6e8 Remove the deprecated SOCKS modules in favor of the new unified one 2020-12-29 13:33:06 -05:00
Grant Willcox 7de662c807 Land #14521, Struts2 Multi Eval OGNL RCE 2020-12-23 11:40:16 -06:00
Grant Willcox 70f8ff31f8 Update documentation to include missing extra options I forgot to document, edit the wording on the module to match the documentation, and do final touch ups. 2020-12-23 10:50:22 -06:00
CSharperMantle d99c2ac783 linguistic fixes of 'does not exists' 2020-12-23 11:36:38 +08:00
Grant Willcox 8a932b847a Apply RuboCop edits 2020-12-22 17:57:38 -06:00
Shelby Pace 6958f18e52 Land #14532, fix cmd_exec error in android capture 2020-12-22 14:51:54 -06:00
Grant Willcox 4a449f97d3 Land #14522, Replace hard-coded Shiro default key with ENC_KEY 2020-12-22 09:26:49 -06:00
Grant Willcox 7d0cb771a5 Apply RuboCop updates to module. 2020-12-21 17:31:24 -06:00
Grant Willcox 24e8aeffe5 Incorporate review feedback and update the associated documentation. 2020-12-21 17:29:21 -06:00
Grant Willcox 2c66beac17 Land #14429, Create shodan_host.rb, a module to grab ports from a given IP using Shodan 2020-12-21 15:58:17 -06:00
Grant Willcox 12277d3020 Apply RuboCop changes to the exploit module and also make final adjustments to the exploit code to handle some edge cases and fix review comments 2020-12-21 15:26:48 -06:00
Brendan Coles 87a80afeb7 post/android/capture/screen: Use Msf::Post::Common mixin 2020-12-20 11:17:39 +00:00