adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
58,004 Commits 27 Branches 1,043 Tags
5eb2884c7eaef633a6b2dc4e01a0640929ca2ebf
Commit Graph

14579 Commits

Author SHA1 Message Date
gwillcox-r7 593945ee61 Update module documentation with more detail r.e affected versions and the fact that the use of UNC paths could cause an issue if they are not typed in correctly. Also update the module documentation to use the output from recent tests to reflect recent changes. Shortern the module description and update its stability rating. Finally add in a reliability rating for the exploit module. 2020-09-10 11:32:45 -05:00
gwillcox-r7 16b27ae270 Add in version checking to ensure we only check if the target has the 'Enable insecure guest logons' enabled if their build number is greater than or equal to 10.0.16299.0, which was the build where this change first was implemented. 2020-09-10 11:32:45 -05:00
gwillcox-r7 45480373a9 Fix up the exploit module so that it will not wait for AV if a UNC path is used, as there is no chance the AV on the host can remove the file on the UNC share, and the UNC share won't be accessed until the exact moment it is needed 2020-09-10 11:32:45 -05:00
gwillcox-r7 7e1560ff26 Update documentation with the installation instructions I mentioned in the GitHub comments. Also RuboCop the exploit module code. 2020-09-10 11:32:18 -05:00
gwillcox-r7 0d493bbc54 Add in extra code to handle cases where the loops may enter a infinte loop state. New code should prevent this from happening 2020-09-10 11:32:18 -05:00
gwillcox-r7 a94d36248b Add in the AVTIMEOUT option to allow the module to check if any AV or other processes deleted the uploaded DLL file, thereby preventing a situation where the DNS server is unable to restart. Also add in some warning's r.e when we enter the danger section and when we exit it so that users at more aware of when this is happening. 2020-09-10 11:32:18 -05:00
gwillcox-r7 78dc43efa5 Fix up incorrect regex within the check method to fix a logic bug 2020-09-10 11:32:18 -05:00
ide0x90 c4d463e921 Added option to generate standalone DLL. 2020-09-10 11:32:18 -05:00
ide0x90 53f3b70b33 Changed DLL so that it doesn't block the DNS service from stopping after the module executes. 
Added OS check (>= Server 2003 is vulnerable so far).
Now cleans up dropped DLL and modified registry value.
 2020-09-10 11:32:18 -05:00
ide0x90 7701ea1bc8 Compile DLL so that the DNS service doesn't crash when the module is run. 2020-09-10 11:32:18 -05:00
ide0x90 151fdb7ea5 Reduced exploit ranking and added check to see if session is elevated. 2020-09-10 11:32:18 -05:00
ide0x90 d1e9039af4 Initial module and documentation for Microsoft Windows DNS ServerLevelPluginDll abuse 2020-09-10 11:31:51 -05:00
bwatters e592736833 Land #13992, Add module for CVE-2020-9839, LPE for macOS <= 10.15.4 
Merge branch 'land-13992' into upstream-master
 2020-09-04 15:53:17 -05:00
Tim W 7b1f5c1728 add documentation 2020-09-04 17:42:30 +08:00
bwatters 149566b30e Run rubocop 2020-09-02 17:14:30 -05:00
ggkitsas 62d3d9bc9a fix: reverts misuse of in zip_slip exploit 2020-09-01 21:49:55 +01:00
ggkitsas 788244150c Add support for zip generation in zip_slip exploit 2020-08-31 13:18:14 +01:00
adfoster-r7 62d45870dc Land #14040, Use CheckModule auxiliary/scanner/misc/java_rmi_server in exploit/multi/misc/java_rmi_server 2020-08-28 10:22:35 +01:00
Tim W c069d940a9 fix restoring of /etc/pam.d/login 2020-08-27 19:04:43 +08:00
William Vu f08349982d Use CheckModule scanner in java_rmi_server exploit 2020-08-24 10:11:03 -05:00
Brendan Coles 786d59d360 Use AutoCheck mixin and prefer cc over gcc 2020-08-24 11:47:50 +00:00
Tim W eabc59e5ed fix disown 2020-08-19 00:04:14 +08:00
Shelby Pace 6e2a7001a9 Land #13994, add Dlink Wifi manager rce 2020-08-18 09:34:19 -05:00
Shelby Pace d79ad5efca minor rubocop fix 2020-08-18 09:33:32 -05:00
Tim W dce83ad859 cleanup properly 2020-08-18 17:42:56 +08:00
Tim W 6fad6f8e8d fix check method 2020-08-18 15:56:05 +08:00
Tim W 0e4fcd7379 CVE-2020-9839 2020-08-18 15:56:01 +08:00
Niboucha Redouane 0a20a217dc Fix description of the vulnerability 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-08-17 21:06:46 +02:00
Niboucha Redouane 602865ef70 refactor if in check method 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-08-17 21:01:34 +02:00
William Vu de5f335618 Fix formatting 2020-08-17 11:53:39 -05:00
William Vu 0c34c2559e Remove no-op Nokogiri::XML pretty printing 
ea1f3d60f1
 2020-08-17 11:16:11 -05:00
gwillcox-r7 27ae6c4edd Land #13986, Add CVE-2020-16205 exploit for Geutebruck G-CAM 2020-08-17 09:24:32 -05:00
Spencer McIntyre ea1f3d60f1 Adjust XML whitespace and add commands to the setup docs 2020-08-17 10:03:44 -04:00
William Vu eda222434f Execute commands in a shell 2020-08-14 21:46:34 -05:00
William Vu 22cf22fe53 Fix ARCH_CMD payload 
Currently, we're not invoking within a shell.
 2020-08-14 21:46:34 -05:00
William Vu f151c511bc Explain what we're doing in the check 2020-08-14 21:46:34 -05:00
William Vu d3febe3284 Set SSL as a DefaultOption and update RPORT 2020-08-14 21:46:34 -05:00
William Vu 46b6368597 Add Apache OFBiz XML-RPC Java deserialization 2020-08-14 21:46:34 -05:00
William Vu 4a8b64a12f Use WritableDir in execute_cmdstager, too 2020-08-14 21:07:08 -05:00
ddouhine 93fa66bfc5 Update geutebruck_testaction_exec.rb 
And a fix for the fix ;)
I guess now everything will work as intended !
 2020-08-15 00:56:53 +02:00
gwillcox-r7 1da359ee01 Merge with last fix. This fix just fixes a issue with a method call as I tried calling the nonexistant method .true? 2020-08-14 17:49:02 -05:00
gwillcox-r7 896c8aacae Add in AutoCheck mixin so that we ensure targets are vulnerable before attempting to exploit them. 2020-08-14 17:27:39 -05:00
gwillcox-r7 898f94320c Add in fixes to check method so that the code will return the correct status if the connection fails 2020-08-14 17:18:31 -05:00
ddouhine f3fdcf4343 Update geutebruck_testaction_exec.rb 
Oops sorry, don't know what this "return true" was doing there.
 2020-08-14 23:56:21 +02:00
ddouhine f726967ba7 Update geutebruck_testaction_exec.rb 
with the updated check using `Gem::Version`
 2020-08-14 23:17:26 +02:00
h00die cd41d9c3c9 Land #13911, iphone 4 on ios 7.1.2 safari jit for root 2020-08-14 16:01:14 -04:00
William Vu a6f7c0c0de Backport miscellaneous fixes to my modules 2020-08-14 13:40:23 -05:00
Tod Beardsley f401f48138 Update vbulletin module with correct CVE 
Apparently someone snarfed the CVE for this out from under me. Since they were faster
to publish, we should use that number instead of the one out of our block.
 2020-08-14 08:25:57 -05:00
gwillcox-r7 0dc53c46d4 Apply Rubocop fixes I forgot about and update the module description to add in missing information about affected parameters 2020-08-13 15:23:09 -05:00
gwillcox-r7 c59b3835f9 Fix up module description to have better sentence structure and English and to also include the actual versions of the products that were affected in addition to the firmware versions. This prevents people from having to read the documentation to find affected targets 2020-08-13 15:18:10 -05:00