adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
51,136 Commits 27 Branches 1,043 Tags
592cc6cc2d5ea4fc987ca90abc3e35093f61a67d
Commit Graph

2901 Commits

Author SHA1 Message Date
Jacob 592cc6cc2d Update postgres_copy_from_program_cmd_exec.rb 2019-03-27 10:40:14 +00:00
Jacob 3c66b4fad2 Update postgres_copy_from_program_cmd_exec.rb 2019-03-26 20:22:55 +00:00
Jacob 242f48744e Update postgres_copy_from_program_cmd_exec.rb 2019-03-26 20:18:50 +00:00
Jacob 4ef10013db COMMAND removed 2019-03-26 18:59:52 +00:00
Jacob 0d6cbc90c5 Update postgres_copy_from_program_cmd_exec.rb 2019-03-26 18:54:20 +00:00
Jacob 91e869a970 Update postgres_copy_from_program_cmd_exec.rb 2019-03-24 22:48:42 +00:00
Jacob 3b0f399730 Update postgres_copy_from_program_cmd_exec.rb 2019-03-24 22:44:31 +00:00
bcoles 55939a64a0 Update modules/exploits/multi/postgres/postgres_copy_from_program_cmd_exec.rb 
Co-Authored-By: Greenwolf <48361984+Greenwolf@users.noreply.github.com>
 2019-03-24 19:32:29 +00:00
Jacob 74464a2087 Update postgres_copy_from_program_cmd_exec.rb 2019-03-24 18:17:43 +00:00
Jacob 3c0a9d0748 Update postgres_copy_from_program_cmd_exec.rb 2019-03-24 15:37:10 +00:00
bcoles f14b213725 Update modules/exploits/multi/postgres/postgres_copy_from_program_cmd_exec.rb 
Co-Authored-By: Greenwolf <48361984+Greenwolf@users.noreply.github.com>
 2019-03-24 15:36:25 +00:00
Jacob 27b3717add Update postgres_copy_from_program_cmd_exec.rb 2019-03-24 15:35:59 +00:00
bcoles 567be6fa11 Update modules/exploits/multi/postgres/postgres_copy_from_program_cmd_exec.rb 
Co-Authored-By: Greenwolf <48361984+Greenwolf@users.noreply.github.com>
 2019-03-22 11:18:07 +00:00
Jacob 00cf0a7bea Update postgres_copy_from_program_cmd_exec.rb 2019-03-21 14:23:00 +00:00
Jacob 91758cd94b Update postgres_copy_from_program_cmd_exec.rb 2019-03-21 11:11:03 +00:00
Jacob 98638b6000 Update postgres_copy_from_program_cmd_exec.rb 2019-03-21 11:09:57 +00:00
Jacob 03775228fe Update and rename postgres_cmd_execution_nine_three.rb to postgres_copy_from_program_cmd_exec.rb 2019-03-21 11:08:53 +00:00
Jacob f651836a20 final suggested fixes to module 2019-03-21 10:24:47 +00:00
Jacob 9c4b9239e5 Update postgres_cmd_execution_nine_three.rb 2019-03-21 10:08:56 +00:00
Jacob 32bf2e134f Fixes suggested by bcoles 2019-03-21 10:08:04 +00:00
bcoles 7b8f59d7bc Update modules/exploits/multi/postgres/postgres_cmd_execution_nine_three.rb 
Co-Authored-By: Greenwolf <48361984+Greenwolf@users.noreply.github.com>
 2019-03-21 09:33:29 +00:00
Jacob 7e91235551 Adding new Postgres_cmd_execution module 
PostgreSQL from 9.3 to latest has functionality allowing the database superuser & users in the 'pg_read_server_files' group to execute OS commands. 

Explanation:
https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5

This is my first run through of a Metasploit module so I would appreciate anyone helping me clean it up. It currently works on OSX & Linux by providing a cmd stager (like cmd/unix/reverse_perl), and on windows by first starting up a PowerShell download cradle, then putting the command in the COMMAND parameter. It feels a little hacky though 😁
 2019-03-20 17:38:12 +00:00
William Vu a1e6d4d19a Update note about staging payloads over HTTPS 2019-03-16 13:36:58 -05:00
William Vu 621fa8e4db Fix issues and refactor module 2019-03-16 00:38:48 -05:00
William Vu 0fa2d985e7 Add Jenkins ACL bypass and metaprogramming RCE 2019-03-16 00:32:36 -05:00
Brent Cook f2edda207f Land #11382, Added BMC Patrol Agent Command Exec Module 2019-03-15 13:21:06 -05:00
rwincey 59fc1ec7ab Rubocop changes 2019-03-09 12:22:04 -05:00
rwincey f05d86ffae Even Less Code 2019-02-28 21:49:29 -05:00
rwincey b96326ec80 Less Code 2019-02-28 21:48:25 -05:00
William Vu f35a13d795 Fix exploit/multi/http/oracle_ats_file_upload 2019-02-25 11:35:34 -06:00
William Vu f534fd9755 Fix exploit/multi/http/apache_jetspeed_file_upload 2019-02-25 11:32:06 -06:00
William Vu 53bf15b184 Fix exploit/multi/http/struts2_rest_xstream 2019-02-25 11:18:27 -06:00
rwincey a0b5291c30 Space slipped in 2019-02-13 10:25:21 -05:00
rwincey e716c24f2d Style police :P 2019-02-13 00:35:54 -05:00
rwincey b55fdc7323 Minor updates 2019-02-11 21:39:43 -05:00
rwincey f1675cddad Documentation 2019-02-10 23:16:45 -05:00
rwincey ced3ad0bfd BMC Patrol CMD Exec Module 2019-02-10 22:26:24 -05:00
Wei Chen 3a12592976 Land #11072, Add nuuo_nvrmini_upgrade_rce 2019-02-06 22:30:45 -06:00
Wei Chen c8d79cb7c0 Make minor changes for nuuo module 2019-02-06 22:26:31 -06:00
Brendan Coles 6f31b1a110 Change default payload to reverse_bash 2019-02-03 06:18:31 +00:00
Brendan Coles 9c3368f325 Add Evince CBT File Command Injection module 2019-02-03 05:38:56 +00:00
William Vu b7bc52d20b Fix HTTP/SMB mixin order to restore SSL option 
Mixin order matters. Mixins kinda suck.
 2019-01-29 11:09:34 -06:00
Brendan Coles 24f807490f revisionism 2019-01-10 19:19:14 +00:00
Jacob Robles 2f939481e7 Land #11206, add coldfusion ckeditor file upload 2019-01-10 07:27:38 -06:00
Jacob Robles b81f59e7b1 Fix targets and syntax changes 2019-01-10 06:39:45 -06:00
Qazeer a63c057c3a Integrate bcoles' comments (filename generation, conditional block improvement, etc.) 2019-01-06 22:50:46 +01:00
Qazeer c03466d2f2 Fixed date format issue and added Bugtraq ID 2019-01-06 14:34:40 +01:00
Qazeer 4644ad8966 Add CVE-2018-15961 Adobe ColdFusion CKEditor unrestricted file upload 2019-01-06 04:55:20 +01:00
Shelby Pace 29e7c49332 Land #10444, add Consul rexec RCE module 2018-12-28 09:14:28 -06:00
Shelby Pace fb8f06b2f5 Land #10443, add Consul service RCE module 2018-12-28 08:33:56 -06:00