adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
58,004 Commits 27 Branches 1,043 Tags
5eb2884c7eaef633a6b2dc4e01a0640929ca2ebf
Commit Graph

29473 Commits

Author SHA1 Message Date
h00die 610d4d86d2 initial vyos implementation 2020-09-20 19:48:20 -04:00
Christophe De La Fuente e11840c2a5 land #14031, F5 processor 2020-09-14 18:38:58 +02:00
h00die daa10ea735 enhance user data parsing 2020-09-12 10:07:23 -04:00
bwatters f248f20b9e Land #13942, Add module for CVE-2020-9934 
Merge branch 'land-13942' into upstream-master
 2020-09-11 14:58:50 -05:00
Tim W 93cdba483d add documentation 2020-09-11 17:31:40 +08:00
gwillcox-r7 593945ee61 Update module documentation with more detail r.e affected versions and the fact that the use of UNC paths could cause an issue if they are not typed in correctly. Also update the module documentation to use the output from recent tests to reflect recent changes. Shortern the module description and update its stability rating. Finally add in a reliability rating for the exploit module. 2020-09-10 11:32:45 -05:00
gwillcox-r7 16b27ae270 Add in version checking to ensure we only check if the target has the 'Enable insecure guest logons' enabled if their build number is greater than or equal to 10.0.16299.0, which was the build where this change first was implemented. 2020-09-10 11:32:45 -05:00
gwillcox-r7 45480373a9 Fix up the exploit module so that it will not wait for AV if a UNC path is used, as there is no chance the AV on the host can remove the file on the UNC share, and the UNC share won't be accessed until the exact moment it is needed 2020-09-10 11:32:45 -05:00
gwillcox-r7 7e1560ff26 Update documentation with the installation instructions I mentioned in the GitHub comments. Also RuboCop the exploit module code. 2020-09-10 11:32:18 -05:00
gwillcox-r7 0d493bbc54 Add in extra code to handle cases where the loops may enter a infinte loop state. New code should prevent this from happening 2020-09-10 11:32:18 -05:00
gwillcox-r7 a94d36248b Add in the AVTIMEOUT option to allow the module to check if any AV or other processes deleted the uploaded DLL file, thereby preventing a situation where the DNS server is unable to restart. Also add in some warning's r.e when we enter the danger section and when we exit it so that users at more aware of when this is happening. 2020-09-10 11:32:18 -05:00
gwillcox-r7 78dc43efa5 Fix up incorrect regex within the check method to fix a logic bug 2020-09-10 11:32:18 -05:00
ide0x90 c4d463e921 Added option to generate standalone DLL. 2020-09-10 11:32:18 -05:00
ide0x90 53f3b70b33 Changed DLL so that it doesn't block the DNS service from stopping after the module executes. 
Added OS check (>= Server 2003 is vulnerable so far).
Now cleans up dropped DLL and modified registry value.
 2020-09-10 11:32:18 -05:00
ide0x90 7701ea1bc8 Compile DLL so that the DNS service doesn't crash when the module is run. 2020-09-10 11:32:18 -05:00
ide0x90 151fdb7ea5 Reduced exploit ranking and added check to see if session is elevated. 2020-09-10 11:32:18 -05:00
ide0x90 d1e9039af4 Initial module and documentation for Microsoft Windows DNS ServerLevelPluginDll abuse 2020-09-10 11:31:51 -05:00
Grant Willcox bc49826766 Land #14099, Fix user path in enum_powershell_env for new versions of Windows 2020-09-10 10:53:15 -05:00
Adam Cammack cc8321e8c8 Land #14096, Fix payload cache size generation 2020-09-10 09:47:52 -05:00
Spencer McIntyre f2e3480469 Just give travis the sizes it's expecting 2020-09-09 08:49:01 -04:00
Tim W 686ef94e37 fix mkdir 2020-09-09 15:36:31 +08:00
Tim W c725a713af more feedback from bcoles 2020-09-09 14:21:03 +08:00
Tim W d447bbc3dc feedback from bcoles 2020-09-09 13:27:11 +08:00
Tim W 42d70bb2a2 Add module for CVE-2020-9934 2020-09-09 13:27:11 +08:00
gwillcox-r7 0270a09d10 Add in further fixes to address issues discovered during manual code review, and then apply RuboCop fixes 2020-09-08 12:29:39 -05:00
Juan Escobar 710ac48d26 Remove the UNIT_ID option from the registers_option section and from the documentation, and update the module with a link to the Modbus protocol specification. 2020-09-08 12:28:14 -05:00
gwillcox-r7 c6d98a537b Add in various fixes for review comments, including description improvements, validation of the UNIT_ID value, and fixes to the return values of some functions. Also update the documentation to address issues from first round of the review. 2020-09-08 12:27:47 -05:00
itsecurityco bec08f5f3e more appropiate message when num_object is null 2020-09-08 12:27:35 -05:00
Juan 04e09267cf Refactor the module's code and fix several typos 
Co-authored-by: bcoles <bcoles@gmail.com>
 2020-09-08 12:27:00 -05:00
itsecurityco 288a35f701 patch bug when unit id is invalid 2020-09-08 12:26:33 -05:00
itsecurityco a0f91d93ad Upload initial copy of the module and its documentation 2020-09-08 12:26:06 -05:00
adfoster-r7 be5cd6e26c Land #14089, update smb_version module to use select instead of filter for backwards compatibility 2020-09-07 15:45:04 +01:00
James Lee a870b1df71 Fix user path on newer Windows 2020-09-05 10:43:41 -05:00
bwatters e592736833 Land #13992, Add module for CVE-2020-9839, LPE for macOS <= 10.15.4 
Merge branch 'land-13992' into upstream-master
 2020-09-04 15:53:17 -05:00
Spencer McIntyre 1b77d01f23 Fix a payload cache size generation issue and bump the gem 2020-09-04 15:43:55 -04:00
Adam Galway 242656bc07 Land #13978, proxy support for Python Meterpreter 2020-09-04 10:50:41 +01:00
Tim W 7b1f5c1728 add documentation 2020-09-04 17:42:30 +08:00
Erik Geiser efaeb1b80e Use select in smb_version scanner for ruby <= 2.5 
Use Array.select! instead of Array.filter! (which is an alias for the
former) in the smb_version scanner module to be compatible with ruby
versions <= 2.5.
 2020-09-04 10:54:20 +02:00
bwatters 8fb8b00539 Land #14075, Add support for ZIP file generation in zip_slip exploit 
Merge branch 'land-14075' into upstream-master
 2020-09-02 17:15:27 -05:00
bwatters 149566b30e Run rubocop 2020-09-02 17:14:30 -05:00
gwillcox-r7 20e4b3e71f Land #14083, Update enum_patches.rb to include the patch installation date 2020-09-02 15:21:14 -05:00
Arjun G b2bd40ef03 Updated module description 
Changed string description to call out the modified WMI query that now also pulls in the InstalledOn metadata for a given KB.
 2020-09-02 11:33:50 -07:00
Niboucha Redouane 6d1a905206 Add url reference to a writeup on implementing the module 2020-09-02 20:19:03 +02:00
Arjun G ca846fa8c1 Changing print statements to follow Ruby style 
In response to PR feedback
 2020-09-02 10:59:15 -07:00
Spencer McIntyre c2d49384c0 Land #13980, Reflective PE Payloads Added 2020-09-02 13:22:30 -04:00
Spencer McIntyre 67df4ea672 Adjust verbiage and whitespace, remove a buggy asm instruction 2020-09-02 13:20:50 -04:00
ggkitsas 62d3d9bc9a fix: reverts misuse of in zip_slip exploit 2020-09-01 21:49:55 +01:00
bwatters b135367730 Land #14068, Update smb_enum_gpp to use RubySMB 
Merge branch 'land-14068' into upstream-master
 2020-09-01 09:33:15 -05:00
Arjun G fb4acd53b5 Include KB installation date in enum_patches 
Currently, the output of this module only lists the KB packages installed on a Windows PC. 

This change improves the module by also having it output when a given patch package was installed (this information can also be retrieved from the WMI query); this will provide insight into how regularly and reliably a PC (and by extension, environment) patches - for example, are they late in installing patches by months, when did they last patch etc.
 2020-08-31 17:38:02 -07:00
Ege Balcı 84b229d393 Major changes on x64 PE loader and several improvments 2020-08-31 21:35:59 +03:00