adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
64,141 Commits 27 Branches 1,043 Tags
653e48eb3ca3752b00a80d803a83d536d88636f0
Commit Graph

1902 Commits

Author SHA1 Message Date
William Vu 6532365dc8 Deregister VHOST 2022-05-03 11:52:50 -05:00
William Vu 8c0cd40a19 Fix VMware Workspace ONE Access CVE-2022-22954 2022-05-03 10:39:58 -05:00
William Vu b2994aa8d8 Add words 2022-05-03 01:13:45 -05:00
William Vu 9a980d068d Link to freemarker.template.utility.Execute docs 2022-05-03 01:00:46 -05:00
William Vu 612e3d6f13 Add another tested SSTI param 2022-05-03 00:30:12 -05:00
William Vu 333681b6da Add other tested SSTI URIs 2022-05-03 00:02:21 -05:00
William Vu a71ded0da8 Update PoC credit 2022-05-02 23:41:43 -05:00
William Vu fa09487ee1 Refactor code, once more with feeling 2022-05-02 22:27:52 -05:00
William Vu 135a81ebc2 Refactor code 2022-05-02 21:53:17 -05:00
William Vu bf7d3e1c32 Add VMware Workspace ONE Access CVE-2022-22954 2022-05-02 18:51:46 -05:00
Jack Heysel 4417a335ff Land #16379, Make SSH defaults widely used 
Refactored a number of modules to use ssh_client_defaults
 2022-04-19 22:08:45 -07:00
Grant Willcox a756df5400 Add in missing RuboCop note sections 2022-04-19 16:40:57 -05:00
Brendan Coles 94ed9ae28b Modules: Prefer CVE references over cve.mitre.org URL references 2022-04-19 20:42:23 +00:00
Heyder Andrade bf849eb2a2 Making SSH defaults widely used 2022-04-14 17:27:19 +02:00
Heyder Andrade c4700c9e64 Rubocop 2022-04-14 17:25:48 +02:00
Heyder Andrade 1305baf6f6 Module should use ssh_defaults 2022-04-13 18:51:43 +02:00
Ashley Donaldson 1576fd720e Remove another redundant cleanup 2022-03-11 12:17:30 +11:00
Ashley Donaldson 9761d68c19 Rename stop_service to cleanup_service for services that use reference counting 2022-03-10 10:28:25 +11:00
bwatters ecaf8b1ba9 Land #16204, Hikvision Unauthenticated RCE (CVE-2021-36260) 
Merge branch 'land-16204' into upstream-master
 2022-02-25 16:37:08 -06:00
Grant Willcox 217afa0f3b Land #16190, Axis Camera App RCE (No CVE) 2022-02-25 11:35:03 -06:00
Grant Willcox 1e0db45f1d Add small note about ARMLE stager for future travelers 2022-02-25 11:34:31 -06:00
Jake Baines 2bec5c425f Change CheckCode to Appears 2022-02-25 08:32:06 -08:00
Jake Baines 1facfe4a2f Alter upload filename. 2022-02-25 02:53:52 -08:00
Jake Baines d055a7d811 Altered some randomization, the json extracted by check, and fixed some wording 2022-02-24 18:48:21 -08:00
Jake Baines 48072b6554 Fix rubcop complaint introduced in suggestion commit 2022-02-24 18:28:38 -08:00
Jake Baines 454eba2438 Apply suggestions from code review 
Added changes suggested by @gwillcox-r7

Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2022-02-24 21:25:09 -05:00
Jake Baines 9f05a7d11a Removed unneeded custom timeout 2022-02-24 08:13:04 -08:00
Jake Baines 3739dad470 Updated to use print_bad instead of fail_with for application removal errors. Also included instructions on how to manually remove the application 2022-02-24 07:44:34 -08:00
Jake Baines e1616a520f Fixed a couple of typos. Changed a CheckCode. Randomized the replaced tmp file name 2022-02-24 06:38:36 -08:00
Jake Baines 4cd3563bc7 Initial commit of exploit for CVE-2021-36260 2022-02-19 13:13:24 -08:00
h00die d5ba1afbec fix URLs not resolving 
fix URLs not resolving

add csv export to references

fix URLs not resolving

pdf not pd

missed a url change

remove extra recirectedfrom fields

remove extra file

fix ovftool url accidental replacement
 2022-02-16 17:22:40 -06:00
Jake Baines 5ac3330802 Initial commit of Axis camera app install exploit 2022-02-14 17:54:18 -08:00
space-r7 db00991f26 Land #16150, add nagios xi web shell upload 2022-02-11 11:45:06 -06:00
Jake Baines e1da95243f Always clean up the created job 2022-02-10 17:39:07 -08:00
Jake Baines e18492a88a Update modules/exploits/linux/http/nagios_xi_autodiscovery_webshell.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2022-02-09 15:35:38 -05:00
Jake Baines 0a78dd78ec Used suggested method for defining user webshell, used suggested depth configuration, and used vars_get in a couple of places 2022-02-08 18:20:03 -08:00
space-r7 bed067dda0 Land #16125, add ARCH_CMD for GXV3140 support 2022-02-08 12:24:42 -06:00
Jake Baines 0fcc7e7733 Fixed spelling errors in descriptions 2022-02-06 02:55:17 -08:00
Jake Baines 2e0915fbd4 Fix the Claroty team name 2022-02-06 02:47:43 -08:00
Jake Baines 9758251278 Initial commit of CVE-2021-37343 2022-02-05 18:21:18 -08:00
Spencer McIntyre 274b954c58 Land #16123, fix reference URL in cisco_ucs_rce 2022-02-01 17:06:59 -05:00
Spencer McIntyre 06fb748402 Add the missing full disclosure URL reference 2022-02-01 17:06:37 -05:00
space-r7 837fdf7c5e Land #16128, add cisco rv unauth rce 2022-02-01 10:34:57 -06:00
Jake Baines ccedcfefab Added exploit for CVE-2021-1472/CVE-2021-1473 2022-01-29 18:56:53 -08:00
Brendan Coles feebf25ad4 Add support for GXV3140 models and ARCH_CMD busybox telnetd payload 2022-01-29 19:38:57 +00:00
Brendan Coles a4fcddca8e Rename to grandstream_gxv31xx_settimezone_unauth_cmd_exec 2022-01-29 19:24:09 +00:00
swapnil shinde 70d4013610 fix faulty URL ref #16078 removed faulty url 
fix faulty URL ref #16078 , i searched for FULL_DISC tool in Cisco but i cant find anything related to this so i removed it. if that is meant by the issue.
 2022-01-29 22:33:33 +05:30
Grant Willcox 44f040ad78 Land #16056, Exploit Module for Grandstream UCM62xx IP PBX (CVE-2020-5722) 2022-01-24 21:03:46 -06:00
Grant Willcox 15751a0f78 Minor langauge fix and final typo 2022-01-24 21:01:34 -06:00
Jake Baines 04d06a2df1 Switched to proper fail_with calls in exploit failure 2022-01-24 04:13:43 -08:00