adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
64,141 Commits 27 Branches 1,043 Tags
653e48eb3ca3752b00a80d803a83d536d88636f0
Commit Graph

7238 Commits

Author SHA1 Message Date
Spencer McIntyre 8e2bd3c5a9 Land #16475, ManageEngine ADSelfService Plus RCE 2022-04-20 15:22:36 -04:00
Spencer McIntyre bf1f786813 Title case the target name 2022-04-20 15:22:07 -04:00
Jake Baines aba48a6905 Improve JSON cleanup, fix jjs specific wording, and moved JJS_PATH to defaultoptions 2022-04-20 06:27:43 -07:00
Jack Heysel 4417a335ff Land #16379, Make SSH defaults widely used 
Refactored a number of modules to use ssh_client_defaults
 2022-04-19 22:08:45 -07:00
Brendan Coles 94ed9ae28b Modules: Prefer CVE references over cve.mitre.org URL references 2022-04-19 20:42:23 +00:00
Jake Baines ae54c8c3d9 Initial implementation of authenticated RCE against ManageEngine ADSelfService Plus (CVE-2022-28810) 2022-04-19 10:33:54 -07:00
Jack Heysel 37e334f95d Rubocop 2022-04-18 09:36:52 -07:00
Spencer McIntyre a4a9bc033a Fix building the SessionSetup request for MS17-010 
RubySMB commit 8035d9c2 broke the exploit's SessionSetup request.
 2022-04-12 10:45:17 -04:00
Spencer McIntyre 5de966cfb1 Land #16382, CVE-2022-26904 SuperProfile LPE 2022-04-07 12:52:39 -04:00
Grant Willcox 51e37bbe42 Add in process kill off code for Meterpreter sessions, seems I forgot to include this 2022-04-07 10:48:08 -05:00
Grant Willcox 4638067723 Fix RuboCop errors 2022-04-06 09:18:05 -05:00
Grant Willcox c8c91fcaf3 Add in fix to ensure that we can spawn sessions automatically on Windows 10 20H2 and other systems were we hit a bug with UAC prompts from the exploit DLL itself not triggering the payload 2022-04-05 19:16:48 -05:00
usiegl00 27c8210b27 Update smb_shadow module to fix rubocop errors 
Use msftidy to fix the rubocop errors.
 2022-04-06 07:12:46 +09:00
usiegl00 8495bff61c Merge master and update the smb_shadow module 
Add comments detailing the technique used to attack SMBv3. Remove some
comments that are no longer needed. Fix Gemfile.lock conflict.
 2022-04-06 07:06:45 +09:00
usiegl00 09ae52fecd Update smb_shadow and shadow_mitm_dispatcher 
Remove duplicated print_status messages. Use respond_to? instead of
methods.include?. Simplify payload generation. Fix naming for the rst
capture thread.
 2022-04-05 20:03:14 +09:00
Grant Willcox db4b22df5e Update the exploit code to output errors in a better format, and fix a potential issue when trying to delete folders recursively. Also update exploit module to try kill msiexec.exe if its still running to prevent it holding onto handles when it shouldn't be. 2022-04-04 17:58:52 -05:00
Grant Willcox bba40bcd21 Add in fixes from code review 2022-04-04 12:05:21 -05:00
Grant Willcox 7e5123cd24 Add initial code from Hajap Zairy Al-Sharif 2022-04-04 11:56:14 -05:00
usiegl00 7e010cbde2 Merge master and update smb_shadow + dispatcher 
The smb_shadow module can confirm the server smb version supported with
the ConfirmServerDialect option. The shadow_mitm_dispatcher closes each
stream before opening a new one to prevent leaking file descriptors.
 2022-04-02 10:39:02 +09:00
Grant Willcox 57473850c1 Fix up RuboCop errors as last change made it so that we had an unless elsif statement which isn't valid in Ruby 2022-03-31 12:52:16 -05:00
Grant Willcox 743138abed Add in initial fixes from review and remove extra BREAKAWAY_FROM_JOB code changes not directly related to this PR as we'll raise a separate PR for those 2022-03-31 12:13:29 -05:00
Grant Willcox 51df37de87 Add in documentation and also update the module to handle NarratorQuickstart.exe which sometimes comes up and can lead to visual indicators 2022-03-28 17:53:53 -05:00
Grant Willcox bd3e0c1b53 Add in support for exploiting domain joined systems 2022-03-28 16:14:19 -05:00
Grant Willcox b408197cb7 Another round of RuboCop 2022-03-25 17:37:05 -05:00
Grant Willcox 393765a2f0 Add in UAC checks to ensure PromptOnSecureDesktop is set appropriately before attempting to exploit. Also clean up some of the extra code to prevent unneeded cmd level commands from running 2022-03-25 17:26:48 -05:00
Grant Willcox 56e21ae3a2 Update check code to now use cmd_exe as other call was hanging forever, and also update the check code to use Meterpreter functions if available vs always running shell commands. 2022-03-25 15:25:48 -05:00
Grant Willcox f7c271aaf4 Add in fixes from Spencer's quick initial review of module to address typos and proper check code return values 2022-03-25 14:14:56 -05:00
Grant Willcox e82c25841c RuboCop module to pass tests 2022-03-25 12:45:00 -05:00
Grant Willcox 561c5d513e Update module's on_new_session code 2022-03-25 12:16:44 -05:00
Grant Willcox 8e73710843 Add in on_new_session method to do automatic cleanup with supported session types. Think this is only Meterpreter at the moment 2022-03-24 14:36:29 -05:00
Grant Willcox e5c0259723 Add CREATE_BREAKAWAY_FROM_JOB flag to source files related to DLL generation, update the exploit source to denote how to clean up in case the payload can't clean up 2022-03-23 19:38:32 -05:00
Grant Willcox b1ce05f97c Add in updated Ruby code and also update the DLLs and prepend_migrate.rb to use the CREATE_BREAKAWAY_FROM_JOB flag with CreateProcess to break away from the job if the job has the JOB_OBJECT_LIMIT_BREAKAWAY_OK limit set to allow breakaway jobs 2022-03-23 17:47:25 -05:00
Grant Willcox 715082a960 Update exploit and module with new delay timing and latest copy of DLL 2022-03-21 12:05:48 -05:00
sjanusz bbf9e3163a Fix file reads on Windows for binary files 2022-03-21 12:47:39 +00:00
Grant Willcox 1bfc0feedb Remove default options from HttpUsername and HttpPassword as blank strings are still considered setting the option when it comes to OptString, and this leads to falsely assuming the strings are set by the user when they are not 2022-03-17 11:29:06 -05:00
Grant Willcox 6ee0ef0c8a Add in appropriate warning message in case we hit a snag, might help people out who hit a similar issue. Issue is highly tempermental and sometimes goes away for no reason so its hard to pin down but logging in this way should help. I tried doing things manually in code but it didn't seem to help and I don't want to block the code from working on something like this. 2022-03-17 11:29:05 -05:00
Grant Willcox ce062973cb Make changes from review process, redo code for module to make it make less requests, and generally improve overal operations. 2022-03-17 11:29:05 -05:00
Grant Willcox 1f53e9d1c4 Rubocop and fix a mistake on commenting too much of the code out from testing 2022-03-17 11:29:00 -05:00
Grant Willcox 269cd5cfed Add in Exchange Version mixin and module example 2022-03-17 11:28:53 -05:00
bwatters b4de9fa92a Land #16344, Add module for CVE-2022-21999 and More Railgun Definitions 
Merge branch 'land-16344' into upstream-master
 2022-03-16 08:37:05 -05:00
Shelby Pace 381b91de45 change wording in arch check 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-03-15 16:45:36 -05:00
space-r7 e96ec401bf add arch check, fix logic error, add aka note 2022-03-15 12:58:39 -05:00
space-r7 99664efed7 use full user name, add test output to docs 2022-03-14 09:15:36 -05:00
adfoster-r7 a62ca2259e Land #16316, deref services correctly 2022-03-11 12:08:42 +00:00
Ashley Donaldson 1349a7c486 More redundant cleanup calls 2022-03-11 12:22:27 +11:00
space-r7 07e6eef201 rename module, modify check 2022-03-10 17:02:58 -06:00
space-r7 bc9f64f043 use default printer in case target is server 
clean up code, add EnumPrinters definitions
 2022-03-10 16:45:20 -06:00
Ashley Donaldson 9761d68c19 Rename stop_service to cleanup_service for services that use reference counting 2022-03-10 10:28:25 +11:00
adfoster-r7 3b524360ed Explicitly specify server/client versions, fix logger crash, and specify jtr format 2022-03-09 01:37:22 +00:00
adfoster-r7 22f88f9ab7 Add docs 2022-03-08 23:52:24 +00:00