adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

3412 Commits

Author SHA1 Message Date
Spencer McIntyre 837e503170 Refactor the MsSamr mixin to split it out 2024-04-22 13:45:20 -04:00
Spencer McIntyre a008288e05 Readd support for multiple ports 2024-04-22 13:45:20 -04:00
Spencer McIntyre f5046d0c2a Fix the return value of a few methods 2024-04-19 09:06:48 -04:00
Spencer McIntyre 727849202d Land #19087, chore: remove repetitive words 2024-04-17 09:59:46 -04:00
Jack Heysel 84ea514180 Land #19026, Add pgadmin exploit CVE-2024-2044 
This adds an exploit for pgAdmin <= 8.3 which is a path traversal
vulnerability in the session management that allows a Python pickle
object to be loaded and deserialized. This also adds a new Python
deserialization gadget chain to execute the code in a new thread so the
target application doesn't block the HTTP request.
 2024-04-16 14:12:41 -07:00
fanqiaojun 6b2bdc893b chore: remove repetitive words 
Signed-off-by: fanqiaojun <fanqiaojun@yeah.net>
 2024-04-15 11:06:50 +08:00
Dean Welch 463200cfb3 Add ldap acceptance tests 2024-04-11 14:40:19 +01:00
Jack Heysel 7f62dd2143 Responded to comments 2024-04-04 13:39:22 -07:00
Jack Heysel 03fced404a Apache Solr Backup Restore RCE 
Writing file to disk working

working on linux

wip authentcaiton

Consolodated conf folders into one

Renamed conf1 to conf in msf data dir

Randomize the configuration name

Docs plus finishing touches

rubocop

Updated exploit file location

Removed unused external dir

Reduced conf folder
 2024-04-02 11:33:52 -07:00
Spencer McIntyre 2292da9164 Add the UNC loading technique too 2024-03-29 09:33:47 -04:00
Jack Heysel 31cf0e2633 Land #18764, Add unauth Jenkins file read module 
This PR adds a new module to exploit CVE-2024-23897, an unauth arbitrary
(first 2 lines) file read on Jenkins.
 2024-03-28 13:29:39 -07:00
jheysel-r7 14938a2d77 Apply suggestions from code review 2024-03-28 14:41:25 -04:00
Dean Welch f132bdbe30 Enforce single module stance 2024-03-25 11:53:23 +00:00
adfoster-r7 55dd5aa9c0 Land #18899, update ysoserial viewstate tool 2024-03-14 00:12:38 +00:00
Spencer McIntyre 9b8b7045ff Land #18715, Add Splunk library 2024-03-05 16:17:30 -05:00
Gaurav Jain 985b0ba47f Add reviewed changes to splunk library 2024-03-06 01:32:57 +05:30
Spencer McIntyre b30f264630 Land #18844, fix #file_dropper_exist? for Window 
Bugfix Msf::Exploit::FileDropper#file_dropper_exist? for Windows sessions
 2024-03-05 15:01:20 -05:00
h00die a524682f63 x11 screenshot module progress 2024-03-04 17:40:01 -05:00
sjanusz-r7 3c8f43e23e Align SQL sessions peerhost and peerport 2024-03-04 13:11:32 +00:00
h00die 69b89c5d95 WIP x11 screenshots and lib 2024-03-01 15:15:39 -05:00
h00die bd956e7aef WIP x11 screenshots and lib 2024-03-01 15:14:43 -05:00
adfoster-r7 d8abd2bcc2 Land #18898, Add rex proto mysql client wrapper 2024-02-29 10:13:47 +00:00
dwelch-r7 a4543b0f41 Land #18897, Update smb login to support additional configuration 2024-02-29 10:07:02 +00:00
adfoster-r7 131585235b Update SMB Login to support additional configuration 2024-02-28 20:24:06 +00:00
sjanusz-r7 b423241e6b Use Rex Post MySQL Client for lib, specs & modules 2024-02-28 18:19:50 +00:00
sjanusz-r7 55a8d6732f Add Rex Proto MySQL Client 2024-02-28 18:19:46 +00:00
Spencer McIntyre 8bc6705557 Move viewstate signing logic into Rex 2024-02-27 14:37:55 -05:00
h00die 75d007b44c WIP x11 screenshots and lib 2024-02-27 12:52:22 -05:00
Spencer McIntyre 4a51e028d8 Print multiple attributes on individual rows 2024-02-26 17:28:41 -05:00
h00die 453f8bbeff more x11 progress, now working on screenshots, WIP 2024-02-26 15:16:47 -05:00
Spencer McIntyre 4b7f4e2b0d Just show the DN, commas and all 
This way the DN can just be copy-pasted into locations where a DN is
expected.
 2024-02-22 17:36:30 -05:00
h00die e7ca9485ed working xspy code 2024-02-22 15:34:20 -05:00
h00die 794e304cee working but ugly code 2024-02-22 15:31:16 -05:00
h00die 7292877b18 more progress, broke up lib x11 into different files/folders 2024-02-22 15:30:14 -05:00
sjanusz-r7 1b7c2bbaec SQL sessions consolidation 2024-02-21 16:16:14 +00:00
h00die f4b698b080 more progress, broke up lib x11 into different files/folders 2024-02-20 16:11:36 -05:00
sfewer-r7 60bc412026 file_dropper_exist? needs to test if teh path if either a file or a directory, the logic for shell sessions on wqindows is testing if a path if a file and not a directory. this is wrong. Origionally FileDropper only supported cleaningup files, so this logic made sense (it was copied over from teh File post moduile) but FileDropper has since supported directories so teh logic here neds to reflect that. 2024-02-19 09:12:17 +00:00
sjanusz-r7 fc963bd8bb Add Proxies support to creating a session with postgres_login 2024-02-16 14:45:17 +00:00
sfewer-r7 3483419d50 file_dropper_exist? was broken on the windows platform, so files registered for cleanup were not being deleted. We must call session.shell_command_token 2024-02-16 10:09:07 +00:00
adfoster-r7 7b56d012e8 Land #18678, add LDAP capture capabilities 2024-02-15 22:11:04 +00:00
h00die f5a6d7d835 Update x11.rb 2024-02-15 12:46:48 -05:00
h00die 424c55fdae Update x11.rb 2024-02-15 09:22:33 -05:00
h00die c39d04622f Update and rename X11.rb to x11.rb 2024-02-15 09:22:06 -05:00
adfoster-r7 1d406cfc2a Land #18809, DNS command improvements 2024-02-14 22:12:30 +00:00
Christophe De La Fuente fc5a12431c Land #18664, Add an SMB-based fetch payload for Windows 2024-02-14 14:57:32 +01:00
Zach Goldman d18520adc6 update rhost and rport calls 2024-02-13 13:00:38 -06:00
Zach Goldman c05c6773df adjust session logic in modules 2024-02-13 11:59:09 -06:00
h00die b22cafb6a1 Update X11.rb 2024-02-13 10:47:08 -05:00
h00die faa80dc850 Create lib for X11.rb 2024-02-13 10:46:16 -05:00
Zach Goldman 94223f05fc update relevant modules to work with sessions 
separate out optional session logic

fixing session handling
 2024-02-09 13:18:49 -06:00