adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
49,186 Commits 27 Branches 1,043 Tags
5a978dca2e902ec2344cd7f85dc43ba0b96df108
Commit Graph

1173 Commits

Author SHA1 Message Date
Spencer McIntyre caf76a6555 Add applicable notes to my exploit modules 2018-10-27 20:54:14 -04:00
Brent Cook e2f97c75a0 Land #10616, update Unitrends UEB module to support vulnerabilities in version 10 2018-10-05 16:20:38 -05:00
William Vu 7bc98e0ea8 Fix formatting and convert a missed AKA reference 2018-10-05 03:22:08 -05:00
William Vu ee06ec2fda Background a subshell to continue execution 
This provides a more stable injection. I should have tested this sooner.
 2018-09-27 23:51:42 -05:00
William Vu 0dab5b622f Change default target to cmd/unix 2018-09-27 23:39:32 -05:00
William Vu e999b4d81c Lower rank to AverageRanking 2018-09-27 23:28:13 -05:00
William Vu 7a2d0acee6 Add basic check method and move rand_srv 
The .srv can be random each request.
 2018-09-27 23:28:13 -05:00
William Vu d29d936d6f Bump WfsDelay to 10 for this slow-ass device 2018-09-27 23:28:13 -05:00
Brent Cook 6126a627cc Land #10570, AKA Metadata Refactor 2018-09-17 22:29:20 -05:00
William Vu 4c036e70c1 Fix http://seclists.org links to https:// 
I have no idea how this happened in my own code. I was seeing https://.
 2018-09-15 18:54:45 -05:00
h00die 354803185c fix msftidy warning 2018-09-11 05:24:01 -04:00
h00die d8f2d08058 finish up docs and 10 exploit 2018-09-10 21:08:30 -04:00
h00die 589fb4bf3b first try at ueb mix 2018-09-09 22:41:01 -04:00
Erin Bleiweiss eb17d9b198 Refactor AKA references for modules 2018-08-31 16:56:05 -05:00
Christian Mehlmauer a66556b436 fix msftidy errors 2018-08-28 13:12:43 +02:00
William Vu 6df235062b Land #10505, post-auth and default creds info 2018-08-24 18:08:15 -05:00
William Vu 7e496ae067 Import target DefaultOptions into the datastore 2018-08-16 12:18:02 -05:00
Wei Chen d9fc99ec4a Correct false negative post_auth? status 2018-08-09 23:34:03 -05:00
Green-m d2c53e1c88 Update the check method. 2018-08-03 01:39:37 -04:00
William Vu 4eef9e64ea Implement dropper target in axis_srv_parhand_rce 2018-07-31 21:43:29 -05:00
Wei Chen bcfb3d099b Land #10255, Adding Micro Focus Secure Messaging Gateway RCE 2018-07-30 21:07:02 -05:00
Mehmet İnce 48a903f0b3 Fixing r and sql variables use same object issue 2018-07-31 00:57:32 +03:00
Wei Chen 6c2e8f2402 Land #10300, Add root exploit for Axis network cameras 2018-07-25 14:46:04 -05:00
Wei Chen f169afff6a Add documentation and a new reference 2018-07-25 14:44:44 -05:00
William Vu 60faddebbf Update authors with sinn3r 2018-07-25 14:35:09 -05:00
William Vu efacaef9df Clamp compatible payloads until we know better 2018-07-25 14:14:15 -05:00
William Vu 86d634cb64 Update module for MVP 2018-07-25 12:01:36 -05:00
Jacob Robles 6e450973b9 Land #10295, Add QNAP Q'Center change_passwd Command Execution exploit 2018-07-14 10:09:46 -05:00
Jacob Robles 18e65abc54 Fix link 2018-07-14 10:03:01 -05:00
Brendan Coles 4e72dff791 Update module references 2018-07-14 05:03:13 +10:00
William Vu c9001699cd Land #10027, Hadoop unauthed command execution 2018-07-12 21:58:49 -05:00
William Vu 50252c75d6 Clean up module 
With a little rubocop -a.
 2018-07-12 21:58:00 -05:00
William Vu 9080b38dcc Add Axis camera exploit (VDOO research) 2018-07-12 18:46:49 -05:00
Wei Chen e613b2570a Land #10299, Add 88 CVEs to various auxiliary and exploit modules 2018-07-12 18:26:07 -05:00
William Vu 3546286049 Add missed ARCH_CMD to top-level Arch array 
It's not necessary because of targets, but it's required for printing.
 2018-07-12 17:37:06 -05:00
asoto-r7 1a3a4ef5e4 Revised 88 aux and exploit modules to add CVEs / references 2018-07-12 17:34:52 -05:00
Brendan Coles 4b62f41369 Add QNAP Q'Center change_passwd Command Execution exploit 2018-07-12 20:00:17 +00:00
William Vu acb20e5a29 Land #9780, CouchDB auth bypass and RCE 2018-07-12 03:36:17 -05:00
William Vu f53080ee60 Fix exploit and do final cleanup 2018-07-12 02:13:30 -05:00
William Vu 167745c124 Selectively add RuboCop fixes 2018-07-11 22:49:46 -05:00
William Vu ccc3267166 Correct rubocop -a 
We'll update .rubocop.yml later.
 2018-07-11 22:49:46 -05:00
William Vu ca5e496b8f Run rubocop -a 2018-07-11 21:40:19 -05:00
Brent Cook 1af360d7e0 Land #10108, add IBM QRadar SIEM exploit 2018-07-10 11:52:32 -05:00
Wei Chen 5fc5a47cd2 Update CVE references for exploit modules 
These are based on cross references by EDB, OSVDB, module short
name, blog post and BID.
 2018-07-08 18:46:04 -05:00
Brent Cook 05a0d79be7 Land #10219, Add HP VAN SDN Controller exploit 2018-07-05 14:21:44 -05:00
William Vu 53d5d82498 Rename module to match new vector 2018-07-05 13:31:16 -05:00
William Vu 762b4b5e53 Simplify creds auth by checking X-Auth-Token alone 
It's a lot more direct than checking for the redirect.
 2018-07-05 13:20:27 -05:00
William Vu 2b069f45ca Clarify how we're using the auth token for creds 
In the service token's case, the service token *is* the auth token.
 2018-07-05 13:05:23 -05:00
Mehmet İnce a272dcabd7 Fix typos and additional updates regarding to review 2018-07-05 13:33:40 +01:00
Mehmet İnce 3b8149216f print a verbose error message 2018-07-04 23:20:58 +01:00