adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

38478 Commits

Author SHA1 Message Date
Spencer McIntyre 5d9add4450 Merge pull request #19640 from jheysel-r7/pyload_js2py_cve_2024_39205 
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
 2024-11-15 09:24:37 -05:00
adfoster-r7 d039bead93 Merge pull request #19601 from sjanusz-r7/add-teamcity-login-scanner 
Add JetBrains TeamCity HTTP Login Scanner
 2024-11-15 12:49:10 +00:00
sfewer-r7 e520ca7ee9 comment the intent of this code block 2024-11-15 12:29:31 +00:00
sfewer-r7 2ec5778405 get_cert_subject_item may return nil, so test for that here 2024-11-15 12:28:25 +00:00
sfewer-r7 51ad7ad0bf improve the send_packet logic to fail gracefully if bad data is recieved 2024-11-15 12:27:33 +00:00
Heyder Andrade 0f969f1dd6 Clean-up 2024-11-15 11:53:59 +01:00
sfewer-r7 c3bd4792ec rename SSLClientCert and SSLClientKey to ClientCert and ClientKey. This then matcheds up with ClientSerialNumber and ClientPlatform, which is clearer IMHO. Also, we explicitly create a Rex TCP socket, so these param names no longer collide with what a mixin would use 2024-11-15 09:44:50 +00:00
sfewer-r7 6eb15d5b66 add a helper method get_cert_subject_item 2024-11-15 09:42:59 +00:00
sfewer-r7 91587ce30b this message can be on a single line 2024-11-15 09:42:06 +00:00
sfewer-r7 e89c27fa3b fix some typos. Make msftidy happy. Add comments to the external references. 2024-11-15 08:54:32 +00:00
Ashley Donaldson 717940590a Clearer datastore option description 2024-11-15 11:11:41 +11:00
Jack Heysel 92e42a63ea Rubocop 2024-11-14 12:47:35 -08:00
Jack Heysel 4e1f33336c Ofuscation and Gemfile update 2024-11-14 12:44:19 -08:00
h00die 6962d828ac primefaces exploit v2 2024-11-14 14:14:02 -05:00
h00die 7a8e72f9b8 primefaces exploit v1 2024-11-14 14:12:13 -05:00
sfewer-r7 47f924bb8f add in the initial work on the FortiManager exploit. 2024-11-14 18:53:12 +00:00
Jack Heysel 526451fed5 Responded to comments 2024-11-14 10:46:11 -08:00
Heyder Andrade 09d84eaabb Added module for WSO2 API Manager Documentation File Upload Remote Code Execution 
Closes #19646

on-behalf-of: @redwaysecurity <info@redwaysecurity.com>
 2024-11-14 18:34:11 +01:00
Ashley Donaldson 715fa3c559 Msftidy fixes 2024-11-14 17:58:00 +11:00
Ashley Donaldson 67c33fa95f Fix bug: DCSync only once, rather than once per DC that exists in the domain 
- Also only DCSync each user once (if they're specified multiple times in KRB_USERS)
- Also be resilient to spaces in the comma-sepration
 2024-11-14 15:13:59 +11:00
Jack Heysel 2ba8a6c08d Responded to comments 2024-11-13 17:23:08 -08:00
Jack Heysel 497ce5e9da Linting and Rex::RandomIdentifier update 2024-11-13 08:28:52 -08:00
adfoster-r7 2a022b8215 Merge pull request #19635 from adfoster-r7/update-kerberos-enumusers-description 
Update Kerberos enumusers description
 2024-11-13 15:50:53 +00:00
Ashley Donaldson 1705203ad8 Support DCSyncing by group too 2024-11-13 17:22:11 +11:00
h4x-x0r 37c148cc7c CVE-2024-47407 
CVE-2024-47407
 2024-11-13 03:55:17 +00:00
h4x-x0r afdddf2e43 updated 2024-11-13 03:40:22 +00:00
Jack Heysel d2ef3cb6a9 Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397) 2024-11-12 16:05:07 -08:00
Brendan 19e182ce65 Land #19557, Add Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module 
Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module
 2024-11-12 16:42:06 -06:00
Christophe De La Fuente 24e19e4ebb Update the ESC8 relay module to use the new helper 
It also fixes some unrelated minor issues found in the module and the documentation
 2024-11-12 18:23:31 +01:00
h4x-x0r 6f6f92823a fixed typo 
fixed typo
 2024-11-12 15:15:15 +00:00
h4x-x0r fb102ec409 Update modules/exploits/linux/http/paloalto_expedition_rce.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-12 09:03:22 -06:00
adfoster-r7 ffa12f6ba5 Update Kerberos enumusers description 2024-11-12 13:45:47 +00:00
Ashley Donaldson 6c3e13a31f Able to query just a subset of users 2024-11-12 17:04:40 +11:00
Ashley Donaldson d396d06e35 Enable adding Users, not just computers (if permissions allow) 
Also added extra error handling for when password is wrong or expired
 2024-11-12 12:33:29 +11:00
h00die 4ebc6f1ff1 peer review 2024-11-11 17:37:33 -05:00
h00die 594c3a82ea peer review 2024-11-11 17:32:49 -05:00
remmons-r7 720312ba1c Create cups_ipp_remote_code_execution.rb 2024-11-11 15:51:09 -06:00
bwatters-r7 03928a56bd Add staging file delete and code cleanup 2024-11-11 14:42:19 -06:00
Jack Heysel 3068511b66 CVE-2023:4220: Chamilo v1.11.24 Unrestricted File Upload 2024-11-11 11:33:34 -08:00
Ashley Donaldson 8891c56211 Give likely Windows versions for SMB v2-3 2024-11-11 14:00:53 +11:00
bwatters-r7 0308f46f74 Stage cmd payloads to a file before executing 2024-11-08 19:27:58 -06:00
vultza 39243fc52f minor fixes 2024-11-07 22:37:47 +00:00
Jack Heysel 81b83f2fd6 Updated docs and check 2024-11-06 09:13:51 -08:00
Jack Heysel 5bc3e046eb Update check 2024-11-05 15:34:25 -08:00
Jack Heysel 7a5bc60aab Windows Access Mode Mismatch LPE in ks.sys [CVE-2024-35250] 2024-11-05 15:31:44 -08:00
Spencer McIntyre e709a18128 Merge pull request #19404 from bwatters-r7/smb2http_relay 
SMB to NTLM HTTP Relay with ESC8 module
 2024-11-05 14:12:08 -05:00
vultza 1348275ff7 fix lax check 2024-11-04 23:07:32 +00:00
h00die 0de93eedb7 asterisk ami auth rce 2024-11-04 16:27:58 -05:00
h00die 773355f0e8 making bcenter lpe progress 2024-11-04 16:26:08 -05:00
bwatters-r7 be21e2d4c6 Switch print to call out available templates 2024-11-04 13:37:23 -06:00