adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
64,141 Commits 27 Branches 1,043 Tags
653e48eb3ca3752b00a80d803a83d536d88636f0
Commit Graph

32526 Commits

Author SHA1 Message Date
Jack Heysel 51f255127e Land #16531, Fix login crash for pihole modules 
Fixes a crash in various Pi-hole modules when login
authentication is required
 2022-05-06 14:08:22 -06:00
dwelch-r7 1f4ee19c05 Expose options for logging to a file in mettle 2022-05-06 14:36:55 +01:00
Grant Willcox 3e5c8d6d4b Land #16538, Update meterpreter encryptor loader to support python 3.4 2022-05-05 14:09:10 -05:00
adfoster-r7 e7db0aec99 Update meterpreter encryptor loader to support python 3.4 2022-05-05 19:18:20 +01:00
space-r7 e2cefe0750 Land #16514, add ZoneMinder exploit module 2022-05-04 17:37:08 -05:00
space-r7 dd0b124e84 fix typo in docs, check some responses 2022-05-04 17:28:37 -05:00
Jack Heysel 481699ed8f Land #16530, PiHole module to not wait for sudo 
Update PiHole pihole_remove_commands_lpe module
to no wait for sudo input
 2022-05-04 14:57:29 -07:00
adfoster-r7 53052af988 Fix login crash for pihole modules 2022-05-04 19:42:39 +01:00
sjanusz bc489fef91 Update PiHole module to not wait for sudo input 2022-05-04 17:24:43 +01:00
krastanoel 115dad7193 Why do i keep forgeting that res can be nil 2022-05-04 20:23:42 +07:00
krastanoel 10c1c75337 Fail the exploit when the target is not Zoneminder but the user enable the ForceExploit 2022-05-04 20:13:40 +07:00
krastanoel 54f6e270fe Make sure the target is a Zoneminder before parse the version, and check if the version is not nil 2022-05-04 20:02:37 +07:00
adfoster-r7 35271b40e7 Land #16445, Add support for Windows Meterpreter logging to file 2022-05-04 11:01:23 +01:00
krastanoel 4c231ba226 Apply suggestions from code review 
Remove unnecessary check for content-type response

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2022-05-04 16:37:20 +07:00
William Vu 6532365dc8 Deregister VHOST 2022-05-03 11:52:50 -05:00
William Vu 8c0cd40a19 Fix VMware Workspace ONE Access CVE-2022-22954 2022-05-03 10:39:58 -05:00
dwelch-r7 a76600f4a9 Land #16462, add support for armle/aarch64 architectures 2022-05-03 15:48:50 +01:00
krastanoel 8408f28967 checking status code response for successful exploitation 2022-05-03 20:47:36 +07:00
krastanoel c582f4277f res can be nil due to a timeout or other reason 2022-05-03 20:09:58 +07:00
krastanoel 4e6dddd735 Fail if the response is nil or the body is blank 2022-05-03 19:41:06 +07:00
krastanoel a1dcbb8004 Make sure the response content-type is json before parsing 2022-05-03 19:31:38 +07:00
krastanoel b4733afe2c Modify cookie jar, login and responses 
- use keep_cookies instead of grabbing and set manually
- separate login code to its own method
- check response is not nil before calling get_html_document method
- clear cookie jar in exploit method and authenticate if user disable AutoCheck option
 2022-05-03 17:54:59 +07:00
William Vu b2994aa8d8 Add words 2022-05-03 01:13:45 -05:00
William Vu 9a980d068d Link to freemarker.template.utility.Execute docs 2022-05-03 01:00:46 -05:00
William Vu 612e3d6f13 Add another tested SSTI param 2022-05-03 00:30:12 -05:00
William Vu 333681b6da Add other tested SSTI URIs 2022-05-03 00:02:21 -05:00
William Vu a71ded0da8 Update PoC credit 2022-05-02 23:41:43 -05:00
William Vu fa09487ee1 Refactor code, once more with feeling 2022-05-02 22:27:52 -05:00
William Vu 135a81ebc2 Refactor code 2022-05-02 21:53:17 -05:00
William Vu bf7d3e1c32 Add VMware Workspace ONE Access CVE-2022-22954 2022-05-02 18:51:46 -05:00
krastanoel 4e2328fc89 Return safe checkcode when authentication failed to benefit from autocheck module 2022-04-30 03:45:06 +07:00
krastanoel dbc49c67e6 Use nokogiri over regex to parse csrf_magic value 2022-04-30 03:16:37 +07:00
krastanoel 538e3569f4 No need to use rescue block on check method for supported ruby version 2022-04-30 03:12:27 +07:00
krastanoel a7670b1bfe Fix Inconsistent indentation detected. 2022-04-30 01:46:13 +07:00
krastanoel f1f0ec5435 Apply suggestions from code review 
Remove RPORT option and rescue block

Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2022-04-30 01:18:56 +07:00
krastanoel e27627fbbf Assign check result to an instance variable 2022-04-29 23:01:15 +07:00
krastanoel ae23be355b Remove rand method 2022-04-29 22:34:34 +07:00
dwelch-r7 3a8fb2b480 Update cached sizes 2022-04-29 15:41:57 +01:00
dwelch-r7 1a551138cd Bump payloads version 2022-04-29 15:09:05 +01:00
dwelch-r7 2e44a91b39 Refactor debugging config options to a common location 2022-04-29 15:04:12 +01:00
dwelch-r7 db1d42237b Refactor debugging config options 2022-04-29 15:04:12 +01:00
dwelch-r7 e93253fb38 Conditionally send log path configuration for meterpreter 2022-04-29 15:04:11 +01:00
dwelch-r7 ec9f0b5242 Add log path session config option 2022-04-29 15:04:11 +01:00
Spencer McIntyre c994f8e933 Land #16507, Add WSO2 file upload RCE module 2022-04-29 09:58:55 -04:00
krastanoel 328448e8d4 Get current language before resetting it 2022-04-29 20:52:58 +07:00
krastanoel 7816ffb7c3 Remove checkcode in exploit method and use fail_with instead, no need to use rand method 2022-04-29 19:45:51 +07:00
krastanoel e58fff1ac3 Remove fail_with in check method and return both checkcode and message instead of print 2022-04-29 19:36:36 +07:00
Jack Heysel 2b8ea72e51 Added autocheck fixed execute_payload method 2022-04-28 08:55:17 -07:00
krastanoel 7c371b65ee Add Zoneminder Language rce module 2022-04-28 20:59:53 +07:00
jvoisin f30c797293 Fix two simple typo 2022-04-27 21:58:02 +02:00