adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
60,845 Commits 27 Branches 1,043 Tags
5b3edd4cb2accbf2bd8eb835470f6e9cd59cd2f6
Commit Graph

1240 Commits

Author SHA1 Message Date
William Vu aad4ea8e09 Add check 
Thanks to @adfoster-r7 for the round of golf!
 2021-05-17 13:58:03 -05:00
William Vu 47740c8ac3 Add NetMotion Mobility CVE-2021-26914 exploit 2021-05-17 13:58:03 -05:00
Alan Foster 100da2f1b1 Enforce Style/RedundantBegin for new modules 2021-05-13 04:01:03 +01:00
Debjeet Banerjee 54dbedf181 URI.escape is obsolete and needs to be updated 
The current code results in the following error :
```
[*] Started reverse TCP handler on 192.168.1.105:4444 
[*] Using URL: http://0.0.0.0:8080/o6wYorU
[*] Local IP: http://192.168.1.105:8080/o6wYorU
[*] Server started.
[*] Sending a malicious request to /
/usr/share/metasploit-framework/modules/exploits/windows/http/rejetto_hfs_exec.rb:110: warning: URI.escape is obsolete
/usr/share/metasploit-framework/modules/exploits/windows/http/rejetto_hfs_exec.rb:110: warning: URI.escape is obsolete
[*] Server stopped.
[!] This exploit may require manual cleanup of '%TEMP%\jsywNguEzNXZF.vbs' on the target
[*] Exploit completed, but no session was created.
```

This minor edit should fix it.
 2021-05-09 12:40:48 +05:30
Alan Foster 04ff0f6bd7 Update exchange ecp dlp policy to work with new cookie jar 2021-04-29 21:26:02 +01:00
adfoster-r7 4c37e35d82 Land #14770, guard when spawn is used with TcpServer mixin 2021-04-14 11:34:25 +01:00
Shelby Pace 71914a1ddb Land #14813, additional dup scout bof targets 2021-04-01 13:03:57 -05:00
William Vu 51200c4b22 Remove CmdStagerFlavor from a couple modules 
Not strictly necessary. We need a better way to limit by platform.
 2021-03-31 12:08:46 -05:00
ryanpohlner d92d0e59d8 Fixed generic cmd payload not echoing 2021-03-29 20:06:12 -04:00
ryanpohlner c55303863a Fixed payload triggering twice 2021-03-29 18:27:25 -04:00
Spencer McIntyre 9d85af51cb Land #14945, Proxylogon RCE (Praetorian update) 2021-03-29 12:04:19 -04:00
Spencer McIntyre 11f4946817 Tweak some ProxyLogon verbiage for clarity 2021-03-29 10:07:43 -04:00
RAMELLA Sébastien 02b240b22a code review 2021-03-29 14:23:39 +04:00
RAMELLA Sébastien c64b1b200e remove ClientID, seem useless 2021-03-26 16:37:08 +04:00
William Vu b517372e4d Fix sharepoint_ssi_viewstate, too 2021-03-26 01:32:46 -05:00
William Vu a6df15c8c2 Fix the rest of the optional method 2021-03-26 01:29:47 -05:00
William Vu 0b8ac121d4 Fix fail_with usage in advantech_iview_unauth_rce 
Brain fart. Should be print_warning so as not to fail the session.
 2021-03-25 11:33:41 -05:00
RAMELLA Sébastien 75041c5837 update proxylogon rce 2021-03-25 19:46:58 +04:00
bwatters 6505f9ccbd Land #14830, Adding FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (CVE-2021-3378) 
Merge branch 'land-14830' into upstream-master
 2021-03-24 17:41:10 -05:00
bwatters 5394464932 Fix rubocop complaint 2021-03-24 17:38:11 -05:00
Christophe De La Fuente 2dcd0fad04 Land #14860, Auxiliary/Exploit Scanner/Gather/RCE for Exchange ProxyLogon (CVE-2021-26855) 2021-03-23 13:10:15 +01:00
Christophe De La Fuente a6cd7c9b30 Rubocop update - JSON Unnecessary symbol conversion 2021-03-23 10:58:03 +01:00
RAMELLA Sébastien 37b0552803 last code review before land 2021-03-22 23:20:40 +04:00
William Vu 4dc860cce3 Update Spencer credit 2021-03-22 14:14:12 -05:00
Spencer McIntyre 8605fe4529 Use POST for the check method and write the module docs 2021-03-22 15:04:21 -04:00
RAMELLA Sébastien 09b844653b remove DisablePayloadHandler and add x86 support 2021-03-22 00:30:01 +04:00
RAMELLA Sébastien c543b44fc2 fix: CmdStagerFlavor, add: Powershell target, ... 2021-03-21 22:47:27 +04:00
William Vu 30629c2405 Remove JSP stub to-do 
Spencer looked into this more thoroughly. The JSP stub is good.
 2021-03-19 17:17:01 -05:00
William Vu 66d9cab44d Fix some things 2021-03-19 16:52:24 -05:00
William Vu ba58f41558 Sneak Spencer into credits 2021-03-19 16:52:15 -05:00
RAMELLA Sébastien f5c807590c a last round of review + rubocop 2021-03-20 01:23:43 +04:00
Spencer McIntyre 69a2eb4e43 Add a check method that relies on the version number 2021-03-19 16:48:33 -04:00
William Vu a012eddd1f Add Advantech iView CVE-2021-22652 exploit 2021-03-19 13:51:14 -05:00
RAMELLA Sébastien a81a9617fa add. aspnet_client as altenate write path 2021-03-19 22:01:41 +04:00
RAMELLA Sébastien ac573d0957 all modules code review. 2021-03-19 17:35:55 +04:00
RAMELLA Sébastien fa2fdc9b8a add. X-vDirObjectId header 2021-03-19 12:35:29 +04:00
RAMELLA Sébastien 6e34a80693 fix. OAB + code review 2021-03-19 10:19:57 +04:00
RAMELLA Sébastien c76e04e92b adjust SID 2021-03-18 15:23:21 +04:00
RAMELLA Sébastien 7f80422272 replace module into a good dir 2021-03-17 23:45:13 +04:00
RAMELLA Sébastien 72a4b58f4b add. missing headers 2021-03-16 00:08:56 +04:00
RAMELLA Sébastien d2df432eff fix. SID regex match 2021-03-15 19:38:53 +04:00
RAMELLA Sébastien 90dc3cdceb add. autodiscover check, and remove useless SID condition 2021-03-15 16:09:24 +04:00
RAMELLA Sébastien e5c76bfe13 pass. rubocop 2021-03-15 01:16:34 +04:00
RAMELLA Sébastien 59955f0a32 add. timeout and fix. CmdStagerFLavor 2021-03-15 01:10:56 +04:00
RAMELLA Sébastien dcf2b69d6d add. exploitation module doc and some changes 2021-03-14 22:49:41 +04:00
RAMELLA Sébastien 47f16e56d9 add. exploit (for freeze other pull request) 2021-03-13 03:49:45 +04:00
Grant Willcox 8dce1acd64 Land #14794, dup_scout_enterprise_login_bof: Add v9.9.14 target and auto targeting 2021-03-12 12:07:57 -06:00
Spencer McIntyre 8d2e644f4f Add a new Java Deserialization mixin and use it to set the shell 2021-03-11 12:09:29 -06:00
Shelby Pace fbd6f19d04 Land #14846, add HPE SIM unauth AMF deser rce 2021-03-08 16:50:49 -06:00
Grant Willcox 514d46bd4d Rubocop module again and also update the documentation to reflect recent changes 2021-03-08 16:08:36 -06:00