adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
54,859 Commits 27 Branches 1,043 Tags
703dc797101fa4a2fed65e87cccbe13e9dbf2c57
Commit Graph

2400 Commits

Author SHA1 Message Date
Alan Foster 4dcb2fbd96 Land #12889, Add OpenSMTPD MAIL FROM RCE 2020-02-07 11:43:18 +00:00
William Vu e053ed7a1e Add Msf::Exploit::Expect mixin and refactor again 2020-02-05 21:16:24 -06:00
William Vu 95fa8602bc Refactor modules that use Expect 2020-02-05 21:16:21 -06:00
s1kr10s de25920f30 The written word "through" is modified 2020-02-05 11:53:51 -03:00
s1kr10s 25c23073c8 Modify disclosure URL, remove printf... 
...  as stager flavor and silence msftidy error.
 2020-02-04 15:20:57 -03:00
s1kr10s 5f7004cf7c Remove 'HttpClient', 'Payload' and 'RHOST'; ... 
... replace 'Targets' for a new option, and format 'header', as suggested in the review.
 2020-02-04 14:04:23 -03:00
s1kr10s 8e0e21d337 Exploit for CVE-2019-20215 
Staged, uses meterpreter
 2020-01-28 16:15:24 -03:00
Tim W cfffb65a21 Land #12859, update AF_PACKET chocobo_root linux LPE 2020-01-24 17:30:13 +08:00
Brent Cook 6f6cc00871 Land #12751, add Linux RDS socket NP deref privesc 2020-01-22 07:08:47 -06:00
Shelby Pace e7e42b7a59 Land #12768, add dlink command injection module 2020-01-21 07:37:43 -06:00
Brendan Coles 19b1f567b2 Update AF_PACKET chocobo_root Privilege Escalation module 2020-01-19 11:51:01 +00:00
Brendan Coles 36b6ceb56f Add rds_atomic_free_op_null_pointer_deref_priv_esc (CVE-2018-5333) 2020-01-18 08:34:52 +00:00
Brent Cook 7f74d28245 Land #12845, check for SSL when SSL is not enabled 2020-01-16 16:12:53 -06:00
William Vu 60b787bde1 Use new immutable? method in modules 2020-01-16 15:05:11 -06:00
William Vu a31e4034c8 Check SSL in exploit/linux/http/webmin_backdoor 2020-01-16 14:49:13 -06:00
William Vu 6712458dbd Land #12758, attributes and immutable? methods 2020-01-16 14:01:29 -06:00
Dave York 7b14442ab0 replace strings with bools 2020-01-14 20:47:27 -05:00
William Vu 491c36ccaa Land #12827, credit updates to Citrix exploit 2020-01-14 10:54:57 -06:00
William Vu eaeaae7607 Reformat credit 2020-01-14 10:46:04 -06:00
Jeffrey Martin 1cd75d9f40 document additional PoC authors 2020-01-14 10:22:26 -06:00
Shelby Pace 429329c45d Land #12801, add WePresent cmd injection module 2020-01-14 08:29:40 -06:00
Jacob Baines 009ec162de Use string interpolation and removed rundant namespace and return statement 2020-01-14 07:52:30 -05:00
Jacob Baines ea6263e6bb Removed redundant return statement 2020-01-14 06:52:24 -05:00
Jacob Baines ecb825ea71 Remove redundant parameters. 2020-01-14 06:40:40 -05:00
Jacob Baines fa661e58ca Unified the POST request into one function. Fixed hardcoding of SSL. Fixed Author formatting. Fixed connection failure check in check function 2020-01-14 06:22:00 -05:00
Jacob Baines 0308f76bbd Switched to vars_post in send_request_cgi and removed unnecessary documentation 2020-01-14 05:42:06 -05:00
William Vu 5c4189fdb4 Move unix/webapp/webmin_backdoor to linux/http 2020-01-14 00:50:04 -06:00
William Vu 3a8b630262 Set a sane default HttpClientTimeout 
Totally forgot I did this for Pulse Secure.
 2020-01-13 22:26:26 -06:00
William Vu cd65efb259 Revert tuned timeout in favor of HttpClientTimeout 
Bad habit!
 2020-01-13 22:02:12 -06:00
William Vu c71a75950a Make cmd/unix/generic timeout configurable 2020-01-13 21:35:10 -06:00
William Vu 93c69b3a96 Bump send_request_cgi timeout to 3.5s for shells 2020-01-13 21:29:28 -06:00
William Vu a635676604 Update wording in module description 2020-01-13 21:04:07 -06:00
William Vu af4505f007 Clean up module 2020-01-13 20:48:18 -06:00
William Vu 04084f84f7 Run rubocop -a 2020-01-13 20:25:07 -06:00
William Vu a45821b706 Rename module 2020-01-13 20:25:07 -06:00
secenv 1429a496da Remove _telnet from filename 
No need to keep it, it drops meterpreter as payload now.
 2020-01-13 13:18:43 -03:00
secenv eab0bd5755 Randomize "Callback" header URL 2020-01-13 11:39:23 -03:00
Jacob Baines caa02c7d2e Added exploit module for CVE-2019-3929 2020-01-09 08:03:52 -05:00
secenv 0d592a3fca Replace send_request_cgi with send_request_raw 
msftidy complains about not using vars_get... Which won't work in this case.
 2019-12-31 13:36:09 -03:00
secenv b6731a6d1c Remove printf as flavor 
There is no printf in this router.
 2019-12-31 13:10:59 -03:00
secenv bedb1132b7 Convert to staged exploit 
Works with meterpreter now :D
 2019-12-31 13:08:51 -03:00
secenv 5f2c29946c Remove the prompt variable + some EOL spaces; modify rand() 
As suggested by @bcoles
 2019-12-31 11:19:59 -03:00
secenv 2eec026a28 D-Link DIR-859 Unauthenticated RCE (CVE-2019-17621) 
Exploits a vulnerability in the /gena.cgi UPnP endpoint in D-Link DIR-859 (and potentially other) SOHO routers. CVE ID: 2019-17621.
Code based on modules/exploits/linux/http/dlink_dir300_exec_telnet.rb
 2019-12-30 19:22:04 -03:00
Brent Cook 8061cdf974 Land #12760, improvements to linux/local/bpf_priv_esc module 2019-12-26 13:43:54 -06:00
Brendan Coles a7b63557db Notify operator that cleanup of crontab is required 2019-12-26 16:21:44 +00:00
Brendan Coles d449a93b44 Add Msf::Post::File.attributes method 2019-12-25 07:34:44 +00:00
Brent Cook ce991071e4 Land #12524, update most python code with python 3 compatibility 2019-12-23 14:49:08 -06:00
h00die 4f8382fc98 Land #12744, rds lpe updates and improvements 2019-12-22 10:21:03 -05:00
h00die 4e1e8d344f rds reliability, stability notes 2019-12-22 10:20:00 -05:00
h00die 7a027216cc Land #12701 linux priv esc on reptile_cmd rootkit 2019-12-21 15:50:07 -05:00