adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
64,141 Commits 27 Branches 1,043 Tags
653e48eb3ca3752b00a80d803a83d536d88636f0
Commit Graph

2442 Commits

Author SHA1 Message Date
Jack Heysel 2b8ea72e51 Added autocheck fixed execute_payload method 2022-04-28 08:55:17 -07:00
Jack Heysel 5b82a978ea Added reference removed default payload 2022-04-27 09:48:21 -07:00
Jack Heysel 253cb8580a Responded to comments added retry_until_true 2022-04-27 09:45:18 -07:00
Jack Heysel a941fea26a Removed unused import added target_uri 2022-04-26 14:11:10 -07:00
Jack Heysel a8ae08d138 Updated authors 2022-04-26 13:55:59 -07:00
Jack Heysel 86ff080d31 Merge branch 'wso2-file-upload-rce' of github.com:jheysel-r7/metasploit-framework into wso2-file-upload-rce 2022-04-26 13:53:17 -07:00
Jack Heysel 1879a7568f Updated authors 2022-04-26 13:52:59 -07:00
jheysel-r7 266d3bb9ca Apply suggestions from @bcoles code review 
Co-authored-by: bcoles <bcoles@gmail.com>
 2022-04-26 13:40:25 -07:00
Jack Heysel 691d9fe001 Added Reliability section to Notes 2022-04-26 13:19:34 -07:00
Jack Heysel 76c8e0b65f Added Notes section to module 2022-04-26 13:01:38 -07:00
Jack Heysel 37c8fff523 Rubocop offenses 2022-04-26 12:51:12 -07:00
Jack Heysel ca0be9c145 Add WSO2 file upload RCE module 2022-04-26 12:29:12 -07:00
Brendan Coles 94ed9ae28b Modules: Prefer CVE references over cve.mitre.org URL references 2022-04-19 20:42:23 +00:00
Spencer McIntyre 211626e7ce Fix the check method, add docs 2022-03-31 09:01:08 -04:00
Spencer McIntyre 94cf23e4cf Finish the Spring Cloud Function exploit 2022-03-30 18:38:41 -04:00
Grant Willcox bf88b7f618 Land #16325 - Replace IO read on binary files with File binread 2022-03-24 10:08:40 -05:00
adfoster-r7 03d645016c Land #16250, Update service mixins for NAT options 2022-03-23 00:13:20 +00:00
Spencer McIntyre 86aed4928e Add the HttpListenerBindPort to the log4shell exploit 2022-03-22 09:06:22 -04:00
Spencer McIntyre 6ec530a5ee Improve some error handling 2022-03-21 15:22:00 -04:00
Spencer McIntyre 49aff227c5 Fix character escaping in the apisix exploit 2022-03-21 15:06:03 -04:00
sjanusz bbf9e3163a Fix file reads on Windows for binary files 2022-03-21 12:47:39 +00:00
Ashley Donaldson 1349a7c486 More redundant cleanup calls 2022-03-11 12:22:27 +11:00
Ashley Donaldson d5373a7278 Removed redundant cleanup calls which exploit_driver will call anyway 2022-03-11 12:08:51 +11:00
Ashley Donaldson 9761d68c19 Rename stop_service to cleanup_service for services that use reference counting 2022-03-10 10:28:25 +11:00
Spencer McIntyre 42e0c027ab Land #16248, Added Apache APISIX RCE module 2022-03-07 09:47:04 -05:00
Spencer McIntyre 422f96fbbe Fix a plugin name reference 
The plugin is actually "batch-requests", change the reference to be more
clear.
 2022-03-07 09:46:15 -05:00
Heyder Andrade d7c992f402 Need to use POST to check whether the batch request is enabled or not 2022-03-04 21:00:32 +01:00
Spencer McIntyre 9ef50a2d23 Fixup typos 2022-03-04 12:34:14 -05:00
Heyder Andrade ca4ed9affe Added logic to treat the two ways of execute command 
If we have the API token we can execute command using the parameter
`filter_func` or `script`, and if there is an IP restriction
enabled by the plugin ip-restriction we can bypass this restiction if
the plugin batch-request is also enabled.
 2022-03-04 02:13:09 +01:00
Heyder Andrade 460584b079 Improved server header validation 2022-03-03 12:48:37 +01:00
Heyder Andrade a0afba45aa Remove unnecessary stuffs 2022-03-03 02:00:51 +01:00
Heyder Andrade 0d8933d162 Removed else statements from check in favor of implicit return 2022-03-02 22:42:08 +01:00
Heyder Andrade 41236232e2 WIP - add clean up function 2022-03-02 17:47:58 +01:00
Heyder Andrade 7aa9547e05 WIP - improvements on the request body 2022-03-02 01:43:04 +01:00
Heyder Andrade abd03d592e WIP - adding bypass the IP restriction (CVE-2022-24112) 2022-03-01 19:00:59 +01:00
Heyder Andrade ea2b29661f Fix typo 2022-03-01 17:13:20 +01:00
Heyder Andrade ad7bd6d623 Added Apache APISIX default API Token RCE module 
Added module that laverage the default admin API token for Apache APISIX
to add malicious route which leads to the remote LUA code execution
through the script parameter added in the 2.x version.
 2022-02-28 18:09:18 +01:00
h00die d5ba1afbec fix URLs not resolving 
fix URLs not resolving

add csv export to references

fix URLs not resolving

pdf not pd

missed a url change

remove extra recirectedfrom fields

remove extra file

fix ovftool url accidental replacement
 2022-02-16 17:22:40 -06:00
bwatters 0239ef1cc6 Land #16117, Updates for Log4Shell 2022-02-15 16:39:00 -06:00
Spencer McIntyre e2c91ebf30 Land #16010, zabbix_script_exec improvements 
This updates the zabbix_script_exec module to work with versions 5.0 and
newer as well as adds a new item-based execution technique.
 2022-02-04 15:13:13 -05:00
Spencer McIntyre ae278d0568 Cleanup some minor typos 2022-02-04 15:12:57 -05:00
lap1nou 8838d9cb66 Added timeout system, fixed a bug with TLS_PSK, linted 2022-02-04 04:01:23 -08:00
Spencer McIntyre 965493191f Add and use a Log4Shell mixin 2022-02-03 16:09:49 -05:00
lap1nou 645ef5e71f Fixed few bugs 2022-02-02 14:30:02 -08:00
lap1nou 7bf08a28ea Modified default stager 2022-02-02 12:34:07 -08:00
lap1nou de32cc0e97 Linted with Rubocop, factorized API call, fixed some grammmar 2022-02-01 13:29:30 -08:00
Spencer McIntyre d46822184f Updates for Log4Shell 2022-01-28 14:56:44 -05:00
Spencer McIntyre 458d584f83 Add details to check codes and PR feedback 2022-01-21 09:40:23 -05:00
Spencer McIntyre 579627f5c7 Update docs, note OS X support 2022-01-20 10:47:11 -05:00
Spencer McIntyre ba469a4b2c Add version detection to the Unifi exploit 2022-01-20 09:26:48 -05:00