adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
58,004 Commits 27 Branches 1,043 Tags
5eb2884c7eaef633a6b2dc4e01a0640929ca2ebf
Commit Graph

1116 Commits

Author SHA1 Message Date
Shelby Pace 6e2a7001a9 Land #13994, add Dlink Wifi manager rce 2020-08-18 09:34:19 -05:00
Shelby Pace d79ad5efca minor rubocop fix 2020-08-18 09:33:32 -05:00
Niboucha Redouane 0a20a217dc Fix description of the vulnerability 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-08-17 21:06:46 +02:00
Niboucha Redouane 602865ef70 refactor if in check method 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-08-17 21:01:34 +02:00
William Vu a6f7c0c0de Backport miscellaneous fixes to my modules 2020-08-14 13:40:23 -05:00
Niboucha Redouane 1a468fa210 remove unneeded include, left from an attempt to execute native payloads 2020-08-13 15:51:09 +02:00
Niboucha Redouane 66d3b1cd59 Add exploit for CVE-2019-13372 2020-08-13 15:07:11 +02:00
gwillcox-r7 17c26b098b Ninja edit to make sure that if we fail to authenticate to the server, we return CheckCode::Unknown rather than CheckCode::Safe 2020-07-29 16:08:51 -05:00
Spencer McIntyre 4fa657d6eb Fix a bunch of documentation typos and minor code cleanups 2020-07-29 16:30:44 -04:00
Spencer McIntyre 7af4297e86 Add the exploit for CVE-2020-1147 2020-07-29 11:58:38 -04:00
h00die 5a40c6dc00 move config_changes 2020-07-27 15:35:05 -04:00
Shelby Pace bf4d0bf6ee Land #13828, add Zentao Pro rce 2020-07-22 09:42:11 -05:00
Shelby Pace be95c0e17e include autocheck 2020-07-22 09:40:25 -05:00
Shelby Pace 6c066a97ed add bcoles suggestions 2020-07-22 09:39:17 -05:00
Erik Wynter 368adc26ef Update zentao_pro_rce.rb 2020-07-17 18:12:27 -04:00
bwatters eb863048f0 Land #13741, CVE-2020-5741: Plex rce on Windows 
Merge branch 'land-13741' into upstream-master
 2020-07-16 10:20:50 -05:00
Shelby Pace 9c32b45ca2 remove CheckCode returns in login 2020-07-15 20:06:15 -05:00
Tod Beardsley 637b9ab51d Add CVE-2020-7361 reference 2020-07-15 15:40:51 -05:00
kalba-security 2d3588c0ad Add suggestions from code review 2020-07-13 12:51:57 -04:00
kalba-security 1f631e20ad Add zentao_pro_rce Windows exploit and docs 2020-07-08 15:13:45 -04:00
h00die 456bf6b948 update escapes 2020-07-07 01:17:26 -04:00
h00die 89332d0056 native python for plex unpickle 2020-07-03 19:37:18 -04:00
Alan Foster b841246536 Update autocheck to use prepend instead of include, add ForceExploit functionality 2020-06-30 11:40:46 +01:00
h00die a99a3c2d75 working albumn_name length thanks to acammack 2020-06-30 00:28:57 -04:00
h00die 94cc286689 update docs and 401 handling code 2020-06-24 21:05:23 -04:00
adfoster-r7 fceb96e659 Land #13608, update elog calls to be consistent across 2020-06-23 09:47:01 +01:00
Adam Galway 1a2bf98222 creates standard elog & updates exisiting usages 2020-06-22 12:48:39 +01:00
h00die 533bed6b51 pre review updates 2020-06-22 06:30:44 -04:00
h00die 9defe33d9a docs and working module 2020-06-20 00:06:46 -04:00
h00die 9f424a8cbb cleanup getting through it 2020-06-19 22:59:19 -04:00
h00die 40e6551b8b works with cmd payload calc 2020-06-19 21:16:55 -04:00
h00die c2c931030f review comments 2020-06-17 11:47:11 -04:00
Tod Beardsley 655a323467 Add CVE-2020-7356 for Cayin xPost 2020-06-17 09:57:29 -05:00
h00die aec1f77b70 wip 2020-06-10 20:42:22 -04:00
h00die b5c90ea20c xpost working 2020-06-09 13:07:00 -04:00
William Vu d6aea635c7 Update authors in Netsweeper/myLittleAdmin modules 
Edits for accuracy and precision.
 2020-05-22 17:05:12 -05:00
William Vu afe7ef5d9a Bump WfsDelay for first exploit attempt 2020-05-22 09:32:22 -05:00
William Vu e471efa399 Whitelist :certutil and :vbs CmdStagers 
These worked for @smcintyre-r7 on Windows Server 2019.
 2020-05-22 09:24:16 -05:00
William Vu 16886fa41e Move generate_viewstate_payload to mixin 2020-05-21 18:37:13 -05:00
William Vu d1a07e9403 Use ViewState mixin in module 2020-05-21 18:37:13 -05:00
William Vu 11030dff84 Add CVE references (they weren't there before) 2020-05-21 18:12:57 -05:00
William Vu 889a4cd6e0 Add Plesk/myLittleAdmin ViewState deserialization 2020-05-21 18:12:57 -05:00
William Vu 12d4ad68e3 Fix things in ThinkPHP and ManageEngine exploits 
Current pattern is print_good instead of vprint_good for this particular
message directly or indirectly called by execute_command.

CmdStagerFlavor is checked at the top level, but it is also checked per
target. Moving this to where it's more appropriate.
 2020-05-20 22:47:03 -05:00
William Vu 655088bb0d Fix punctuation typo in exchange_ecp_viewstate 2020-05-20 09:47:11 -05:00
Spencer McIntyre 30b17c6323 Remove some whitespace for msftidy compliance 2020-05-04 10:14:00 -04:00
Spencer McIntyre 7fb17ecf17 Update some module metadata for the Kentico RCE exploit 2020-05-04 10:12:21 -04:00
Spencer McIntyre c128a3ba92 Add CmdStager and Powershell targets to the Kentico RCE exploit 2020-05-04 10:07:10 -04:00
Patrick Webster 60b83d536e Update modules/exploits/windows/http/kentico_staging_syncserver.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2020-05-04 09:26:14 -04:00
Patrick Webster c5adcbfd43 Update modules/exploits/windows/http/kentico_staging_syncserver.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2020-05-04 09:26:13 -04:00
Patrick Webster 0679f1b317 Update modules/exploits/windows/http/kentico_staging_syncserver.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2020-05-04 09:26:13 -04:00