adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
62,839 Commits 27 Branches 1,043 Tags
60de839b60f214ed264f64343293e60bd00a8096
Commit Graph

2721 Commits

Author SHA1 Message Date
Spencer McIntyre 60de839b60 Update Log4Shell references and VCenter URI 2021-12-17 15:55:02 -05:00
bwatters fd2f27aa94 Land #15958, Log4Shell HTTP Scanner 
Merge branch 'land-15958' into upstream-master
 2021-12-16 10:45:23 -06:00
Grant Willcox 304648ea2e Land #15953, wps_hide_login module CVE-2021-24917 2021-12-15 17:13:29 -06:00
Spencer McIntyre 4cde008953 Add VMWare VCenter Log4Shell scan support 2021-12-15 15:13:46 -05:00
Spencer McIntyre a694381ab1 Allow templatized URIs 2021-12-15 11:58:41 -05:00
Spencer McIntyre b06b96731d Support scanning multiple HTTP headers 2021-12-15 08:45:24 -05:00
Grant Willcox fd6f2e183c Land #15936, Update tomcat_mgr_default_userpass.txt 2021-12-14 10:35:27 -06:00
Cristiano Maruti 0305983be2 Update tomcat_mgr_default_users.txt 2021-12-14 09:25:52 +01:00
Cristiano Maruti d1fb2a7bde Update tomcat_mgr_default_pass.txt 2021-12-14 09:25:00 +01:00
h00die 6c10ad460c wps_hide_login module 2021-12-11 14:25:07 -05:00
Cristiano Maruti 0a4e2b7c90 Update tomcat_mgr_default_pass.txt 2021-12-09 21:21:19 +01:00
Cristiano Maruti 8709b92966 Update tomcat_mgr_default_users.txt 2021-12-09 21:19:39 +01:00
Spencer McIntyre 1915b1395e Land #15742, Added module for CVE-2021-40444 2021-12-08 17:46:02 -05:00
Spencer McIntyre 2f6710e02e Remove the Not_Hosted target 
It's not currently working and Metasploit should just handle everything
 2021-12-08 17:22:44 -05:00
bwatters 852230c739 Fix bug brought in by importing Msf::Post::File 
Split out javascript to a file and deobfuscate it
Update documentation for new targets
Fix other small suggestions
 2021-12-08 10:36:27 -06:00
Christophe De La Fuente 389fd55952 Land #15808, Fix #15804 powershell read_file on Windows Server 2012 2021-12-07 11:59:11 +01:00
Grant Willcox f0841c8fb9 Land #15933, Add April fools module help banner 2021-12-06 15:59:07 -06:00
Cristiano Maruti 6c52cc6402 Update tomcat_mgr_default_userpass.txt 2021-12-06 15:33:00 +01:00
adfoster-r7 bfce4dcc3a Add April fools module help banner 2021-12-04 15:32:38 +00:00
bwatters 18cc2ef516 Add support for aarch64 Ubuntu versions 2021-12-01 14:54:48 -06:00
bwatters b1f6937542 Updated exploit to compile on target, added control over directory creation 
Added a method to get source code for the write and compile method
 2021-12-01 14:54:47 -06:00
bwatters bf1b3b377c Add cve-2021-3493 module 2021-12-01 14:54:47 -06:00
Tim W e10eaec84c fix ssl connection on Windows Server 2012 2021-11-30 06:30:59 +00:00
Tim W 47eec52f06 minor powerfun improvements 2021-11-30 06:30:58 +00:00
Grant Willcox 9f9942feb6 Make adjustments to dllmain.c from reviews and recompile the DLL again 2021-11-09 10:49:14 -06:00
Grant Willcox 780a9370a2 First draft of code, documentation, and exploit DLL plus exploit code 2021-11-09 10:36:40 -06:00
space-r7 1dd26bca03 Land #15802, add OMIGOD LPE 2021-11-09 10:30:50 -06:00
RAMELLA Sébastien 38973510f7 update modules (auxiliary and exploit) 2021-11-09 15:18:58 +04:00
Christophe De La Fuente 836422f9ac Land #15776, Wordpress automatic plugin aux module 2021-11-05 12:47:27 +01:00
space-r7 0681c8780e Land #15761, add pie-register code exec 2021-11-02 09:17:50 -05:00
Spencer McIntyre 278d940fee Update the Python exploit code to fix a bug 2021-11-02 10:10:18 -04:00
h00die 46c2d343bd duplicator add check_plugin line 2021-10-29 17:22:12 -04:00
Spencer McIntyre 9635110050 Add documentation for CVE-2021-38648 2021-10-27 12:06:01 -04:00
Spencer McIntyre ae56ffa934 Initial exploit for CVE-2021-38648 2021-10-27 12:05:56 -04:00
h00die 165acca028 wp_automatic_plugin 2021-10-17 13:04:38 -04:00
h00die b29bf9e499 update wp-exploitable-plugins 2021-10-12 18:47:30 -04:00
h00die f6a024fc74 update wp-exploitable-plugins 2021-10-11 15:27:49 -04:00
surya 4d4b51d158 => Added .gitignore 
=> Added Deobfuscated HTML Payload
=> Removed Extra Author Credits
=> Made SRVHOST AND SRVPORT MANDATORY
=> generate_uri replaced with builtin get_uri
 2021-10-08 02:50:27 +05:30
surya 3461c7aef6 Added module for CVE-2021-40444 2021-10-05 01:44:34 +05:30
sjanusz 2c7aa022d4 Add PoC for CVE-2021-22555 Netfilter Priv Escalation 2021-10-04 16:48:23 +01:00
Jack Heysel b7f7c30f2b Land #15594, a wordpress scanner enhancement 
This adds options to the wordpress scanner to allow the user
to only scan for plugins or themes that metasploit has
modules for.
 2021-09-24 15:51:07 -04:00
Spencer McIntyre 6acdced3f0 Land #15506, Add evasion module syscall_inject 2021-09-22 10:17:13 -04:00
Spencer McIntyre d4834631c3 Add the generated YSoSerial gadget chain 2021-09-14 09:10:44 -04:00
kensh1ro c1868d94cd add base64 encoding to shellcode 2021-09-12 17:00:24 +03:00
bwatters a7d99ebbfc Land # 15611, ProxyShell Improvements 
Merge branch 'land-15611' into upstream-master
 2021-09-07 11:47:13 -05:00
h00die 3c82f43644 only scan exploitable wordpress things 2021-09-06 11:56:32 -04:00
kensh1ro 1adde377ec Replace XOR with CHACHA and remove unnecassary code 2021-09-06 12:23:46 +03:00
bwatters ff50a94348 Land #15567, Add in Exploit for CVE-2021-3490 
Merge branch 'land-15567' into upstream-master
 2021-08-31 18:46:25 -05:00
Grant Willcox 3bca3b0bcb Update exploit code to use & after the command to execute as root so it executes in the background and doesn't hang Metasploit. Also update the logic of the code to check the response from executing the exploit and respond accordingly and update the documentation to match 2021-08-31 15:07:37 -05:00
Spencer McIntyre 6c01a0dbea Work off of the system mailbox 2021-08-27 14:32:26 -04:00