adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
57,241 Commits 27 Branches 1,043 Tags
5a40c6dc00a13ad4bcdd18f9828fa8e08b155699
Commit Graph

29151 Commits

Author SHA1 Message Date
h00die 5a40c6dc00 move config_changes 2020-07-27 15:35:05 -04:00
William Vu c6fd9a4b08 Land #13895, SAP RECON CVE-2020-6287 improvements 2020-07-27 08:51:16 -05:00
Ron Wills 2e84c6ea18 Used more appropriate api 2020-07-24 10:28:07 -06:00
Ron Wills 6592a0cc53 Clean up the temperary script with the clear text password in it 
Removed the old unused clean up code
 2020-07-24 10:16:52 -06:00
Spencer McIntyre 13d7c5445a Address rubocop complaints 2020-07-23 18:10:07 -04:00
Spencer McIntyre ff4db5daea Add the REMOVE action to the exploit for CVE-2020-6287 2020-07-23 17:59:40 -04:00
Spencer McIntyre 68614bcc3b Add check functionality for CVE-20220-6287 2020-07-23 14:46:06 -04:00
William Vu 13a4339274 Land #13861, intel_sysret_priv_esc AutoCheck && cc 2020-07-23 11:34:30 -05:00
William Vu a89c966bbc Land #13852, SAP "RECON" CVE-2020-6287 aux module 2020-07-23 10:30:36 -05:00
Spencer McIntyre e0046ef8f2 Randomize unnecessary values and set the secure attribute 2020-07-23 10:47:53 -04:00
Spencer McIntyre d108cd0da9 Address feedback for consistency within CVE-2020-6287 2020-07-23 10:31:46 -04:00
Spencer McIntyre 593ddd8ac4 Add module docs for CVE-2020-6287 2020-07-23 09:47:22 -04:00
Ron Wills 6be25a00b6 Replaced file creation from shell script to the Msf::Post::File native API 
Cleanup of the previous commit
 2020-07-23 07:04:20 -06:00
Ron Wills 14d484aac0 Replaced file creation from shell script to the Msf::Post::File native API 2020-07-23 06:21:17 -06:00
Ron Wills eff9c9b914 Fixed shell script creation with passwords with special characters 2020-07-22 20:09:15 -06:00
Spencer McIntyre 2364b3f46c Fix the remaining rubocop issues for CVE-2020-6287 2020-07-22 19:18:42 -04:00
Spencer McIntyre 7b781ca12f Report a vuln in the CVE-2020-6287 module and fix xpath comparisons 2020-07-22 18:29:55 -04:00
Spencer McIntyre 2d43da2a39 Apply rubocop fixes for CVE-2020-6287 2020-07-22 18:04:11 -04:00
Spencer McIntyre ec9ee2baa7 Complete the exploit with privilege escalation through a role 2020-07-22 17:57:39 -04:00
William Vu f601c49ba9 Default to LDAPS in vCenter Server vmdir modules 2020-07-22 15:40:10 -05:00
William Vu f736b0192f Add LDAPS support and update vCenter vmdir modules 2020-07-22 14:23:00 -05:00
Shelby Pace 3dbb63241c Land #13853, bpf signed ext privesc improvements 2020-07-22 14:09:17 -05:00
William Vu 41457b21d9 Land #13868, vCenter vmdir CVE-2020-3952 hash dump 2020-07-22 14:00:44 -05:00
William Vu 903abd2110 Print the cleaned password and lockout policy 
Don't be lazy!
 2020-07-22 12:33:33 -05:00
Shelby Pace bf4d0bf6ee Land #13828, add Zentao Pro rce 2020-07-22 09:42:11 -05:00
Shelby Pace be95c0e17e include autocheck 2020-07-22 09:40:25 -05:00
Shelby Pace 6c066a97ed add bcoles suggestions 2020-07-22 09:39:17 -05:00
adfoster-r7 d34ab2bd98 Land #13859, remove fail_with call from exim4_deliver_message_priv_esc check method 2020-07-22 10:16:45 +01:00
h00die 83540f3a37 deleted variable 2020-07-21 19:33:31 -04:00
h00die a4c38a2be6 use libraries 2020-07-21 19:22:38 -04:00
William Vu d85e569705 Refactor for future hash types 2020-07-21 12:02:30 -05:00
William Vu a91a14441d Add source reference for "-" meta-attribute 
Hat tip Hynek for https://github.com/vmware/lightwave.
 2020-07-21 11:01:01 -05:00
William Vu 08a89d7e71 Add additional error checking 2020-07-21 09:55:33 -05:00
Hynek Petrak 93ce10f511 fix unpacking userpassword entry 2020-07-21 11:23:58 +02:00
William Vu 5f5a2e7508 Refactor code (untested) 2020-07-21 01:09:46 -05:00
Alan Foster 8e561c4eb5 Fix false positive with shodan search module 2020-07-20 18:12:43 +01:00
Hynek Petrak a4da09111e Store credentials with create_credential 2020-07-20 11:15:09 +02:00
Hynek Petrak 6e1fb5f143 Added password hash dump 2020-07-20 10:34:09 +02:00
Brendan Coles 9d2b706d92 Use AutoCheck mixin and prefer cc over gcc 2020-07-18 23:31:34 +00:00
Brendan Coles 96fea955d0 Remove fail_with from check method 2020-07-18 10:00:14 +00:00
Erik Wynter 368adc26ef Update zentao_pro_rce.rb 2020-07-17 18:12:27 -04:00
William Vu d5d4716b1c Update TMSH escape reliability notes 
What's strange is that if the stars align, like if the system has been
"used" enough, the exploit is incredibly reliable. Maybe my test
environment is bonkers.
 2020-07-17 06:26:00 -05:00
William Vu c082ccd337 Make Meterpreter the default target 2020-07-17 06:10:53 -05:00
William Vu 1ae689ce5f Improve robustness by refactoring error handling 
tmshCmd.jsp is extremely unreliable!
 2020-07-17 05:23:42 -05:00
Brendan Coles fe773c0422 Use Msf::Exploit::Remote::AutoCheck and Msf::Post::Linux::Compile 2020-07-17 10:06:42 +00:00
Spencer McIntyre d1e2c75b3e Initial PoC of CVE-2020-6287 that adds a user 2020-07-17 02:03:43 -04:00
Spencer McIntyre ffebf48242 Land #13830, Add QEMU/KVM target for CVE-2019-0708 2020-07-16 16:00:16 -04:00
bwatters eb863048f0 Land #13741, CVE-2020-5741: Plex rce on Windows 
Merge branch 'land-13741' into upstream-master
 2020-07-16 10:20:50 -05:00
gwillcox-r7 8cfcfe36aa Land #13750, Centralize Cisco, Juniper, Brocade and Ubuiquiti auxiliary modules under networking directory 2020-07-16 10:16:52 -05:00
gwillcox-r7 09983771c8 Fix up a statment so instead of having an if followed by an else, we use elsif instead inside enum_juniper.rb 2020-07-16 10:10:11 -05:00