adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
56,955 Commits 27 Branches 1,043 Tags
755d2d3261ee2f4c2d4b2bdf45fc8e6d8eabe45f
Commit Graph

28984 Commits

Author SHA1 Message Date
William Vu 755d2d3261 Use subpar regex validation on LEAK_FILE 2020-06-30 11:17:26 -05:00
Alan Foster b841246536 Update autocheck to use prepend instead of include, add ForceExploit functionality 2020-06-30 11:40:46 +01:00
Shelby Pace 2b1af9acaa Land #13610, add atutor auth dir trav / rce 2020-06-29 11:58:34 -05:00
Shelby Pace ad48170a18 replace forceexploit with autocheck 2020-06-29 11:54:01 -05:00
Shelby Pace f2c79ca1ef add changes for linux 2020-06-29 10:43:26 -05:00
William Vu 3ba619acee Land #13521, Bolt CMS authenticated RCE 2020-06-28 23:50:53 -05:00
William Vu 156eea4292 Fix cleanup blocking on payload execution 2020-06-28 23:07:10 -05:00
William Vu b81629d099 Clean up module 2020-06-28 23:07:10 -05:00
Shelby Pace 2f6847c321 move login to its own method 2020-06-26 14:50:34 -05:00
William Vu 03b171f7f1 RuboCop more aggressively 2020-06-26 11:25:38 -05:00
gwillcox-r7 ad47a2e9c9 Land #13770, Update IBM DRM modules with URL and correct versions 2020-06-26 10:34:12 -05:00
Pedro Ribeiro 6e8178735f Update ibm_drm_rce.rb 2020-06-26 11:38:55 +07:00
Pedro Ribeiro 0af3b57013 Update ibm_drm_download.rb 2020-06-26 11:38:29 +07:00
Pedro Ribeiro 2ba8573ef9 Update IBM DRM rce module 2020-06-26 11:31:10 +07:00
Pedro Ribeiro 34fd858265 Update IBM DRM SSH module 2020-06-26 11:28:21 +07:00
Pedro Ribeiro b42f99b652 Add IBM links to download module 2020-06-26 11:24:12 +07:00
William Vu 7273ac1a92 Move module to unix/webapp 2020-06-25 12:44:42 -05:00
William Vu c03c580d12 Merge remote-tracking branch 'upstream/master' into pr/13521 2020-06-25 12:21:57 -05:00
Christophe De La Fuente 77276ee3e2 Land #13604, Ignition Automation RCE module 2020-06-25 18:14:57 +02:00
Pedro Ribeiro 432a9acfcd Update modules/exploits/multi/scada/inductive_ignition_rce.rb 
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>
 2020-06-25 22:43:12 +07:00
gwillcox-r7 0dde85f562 Land #13739, Cisco AnyConnect Priv Esc via Path Traversal 2020-06-24 17:47:52 -05:00
gwillcox-r7 15de510623 Add in RuboCop and msftidy_docs.rb fixes 2020-06-24 17:19:21 -05:00
Christophe De La Fuente 5f64444d4f Update module and documentation from code review 2020-06-24 23:34:26 +02:00
kalba-security d0509fecf4 Improve the method of setting the cmdstager flavor 2020-06-24 06:50:00 -04:00
William Vu b28d9517bc Exclude multi from automatic PAYLOAD selection 2020-06-23 16:12:28 -05:00
kalba-security 18926e874c Fix file_traversal_path check 2020-06-23 15:26:14 -04:00
adfoster-r7 fceb96e659 Land #13608, update elog calls to be consistent across 2020-06-23 09:47:01 +01:00
Christophe De La Fuente 3997dbdade Updates from code review 2020-06-22 16:06:09 +02:00
dwelch-r7 ef86fb95e8 Land #13748, replace off with false in instructions 2020-06-22 13:55:15 +01:00
Pedro Ribeiro 68b48f7a6d add advisory url 2020-06-22 19:39:57 +07:00
Pedro Ribeiro 61806242be add requested changes 2020-06-22 19:06:42 +07:00
Adam Galway 1a2bf98222 creates standard elog & updates exisiting usages 2020-06-22 12:48:39 +01:00
h00die 6e93dcf8c2 Land #13645, Trend Micro WebSecurity RCE 2020-06-22 06:51:26 -04:00
h00die c61857be96 off to false 2020-06-21 16:21:40 -04:00
h00die 6a3633c2c0 fixing up some styles and such 2020-06-20 12:05:48 -04:00
Christophe De La Fuente 2e33241a90 Update module and add documentation 2020-06-19 20:17:11 +02:00
mdisec 260607e8f9 Adding check on exploit method 2020-06-19 19:00:52 +03:00
mdisec 7ab5474175 Change check method and regex for cookie 2020-06-19 16:15:11 +03:00
kalba-security d1792bdf51 Add extra suggestion from code review 2020-06-18 16:48:46 -04:00
kalba-security 57f40053da Improve autoselect (incorporate suggestions from code review) 2020-06-18 16:39:11 -04:00
Shelby Pace 738dd4b5ce Land #12277, add Agent Tesla panel rce module 2020-06-18 15:06:15 -05:00
Shelby Pace 1d6e7313ce remove ForceExploit option 2020-06-18 15:05:02 -05:00
Brendan Coles b068b717d4 Land #13605, ibm_openadmin_tool_soap_welcomeserver_exec: b64 encode payload 
Ensure the payload is sent base64 encoded then base64 decoded upon execution.
This mitigates potential payload corruption issues due to quoting or URL
encoding of request data on the server side.
 2020-06-18 18:08:32 +00:00
mdisec 229760a826 Fixing document file and module improvements 2020-06-18 20:11:55 +03:00
Shelby Pace db4006e9f6 Land #13607, add Cayin exploit modules 2020-06-18 10:33:49 -05:00
gwillcox-r7 199d7db222 Fix up items mentioned by @space-r7 during her review 2020-06-18 09:56:20 -05:00
gwillcox-r7 275ed6429e Fix up rubocop errors in the module 2020-06-17 15:11:55 -05:00
gwillcox-r7 eebacb8fbb Make adjustments so that this module only supports Windows so that we can land this for now. Linux support may be added in the future. 2020-06-17 14:56:40 -05:00
h00die 17bef31bc6 check shodan API key 2020-06-17 14:22:07 -04:00
gwillcox-r7 c29cf491ed Add idea for trying to fix up not being able to write to disk, may need further improvements 2020-06-17 12:36:00 -05:00