adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
57,151 Commits 27 Branches 1,043 Tags
77526bd6f45bea54ca8c06da930eddbd2c19e370
Commit Graph

2636 Commits

Author SHA1 Message Date
adfoster-r7 7e7881fbfa Land #13730, Add Pandora FMS Events Remote Code Execution (CVE-2020-13851) module and docs 2020-07-11 13:10:47 +01:00
Jeffrey Martin c61f34ed16 Land #13596, [GSoC] SQLi library with support to MySQL (and MariaDB) 2020-07-10 13:45:47 -05:00
kalba-security 957042f0a3 Nuke redundant force-exploit advanced option 2020-07-09 17:24:19 -04:00
kalba-security df42399f61 Add installation instructions to docs 2020-07-09 17:20:07 -04:00
kalba-security dc34acd070 Push to test autocheck issue 2020-07-09 16:43:18 -04:00
kalba-security 6bb20f41d8 Code review changes 2020-07-09 15:21:13 -05:00
kalba-security 36397a3e8f Add cmdstager support 2020-07-09 15:21:12 -05:00
kalba-security 3ac3dcb3cf Incorporate suggestios from code review 2020-07-09 15:21:12 -05:00
kalba-security c2abb40890 Fix HTTP timeout 2020-07-09 15:21:12 -05:00
kalba-security 3eceeca911 Add Pandora FMS Events Remote Code Execution module and docs 2020-07-09 15:21:12 -05:00
William Vu 398c13a1b2 Add Mikhail Klyuchnikov's writeup as a reference 2020-07-08 14:36:42 -05:00
William Vu ee240393f4 Credit Mikhail Klyuchnikov for CVE-2019-19781 2020-07-08 14:35:16 -05:00
William Vu d726a2cdcb Fix a few final things 2020-07-07 12:06:05 -05:00
William Vu c8176b803a Add version information to the description 2020-07-06 16:24:22 -05:00
William Vu 7ef4cb64ad Tweak timeouts to avoid a race condition 2020-07-06 14:30:27 -05:00
William Vu be90526d5f Add vuln discovery credit and reference 2020-07-06 14:26:52 -05:00
William Vu 41bb4d3a8d Add dir_trav method back in 
I was wondering why I refactored it away. Oh, I needed it.
 2020-07-05 18:23:45 -05:00
William Vu 1f765d0e1f Upgrade CheckCodes, since the dir traversal passed 2020-07-05 16:29:53 -05:00
William Vu 6e7701ba21 Add rudimentary check method 2020-07-05 16:18:03 -05:00
William Vu 0417e88ff2 Add F5 BIG-IP TMUI RCE (CVE-2020-5902) 2020-07-05 15:22:15 -05:00
William Vu 36b5d237fa Make cmd/unix target types consistent to :unix_cmd 
There were some using :unix_command, and it was just an oversight.
 2020-07-05 11:16:47 -05:00
William Vu 01899d4843 Land #13787, AutoCheck mixin refactor with prepend 2020-07-01 14:49:03 -05:00
William Vu 08c1402be9 Land #13733, AnyDesk GUI CVE-2020-13160 exploit 2020-07-01 14:47:07 -05:00
William Vu ffc07d6c8f Merge remote-tracking branch 'upstream/master' into pr/13787 2020-07-01 14:42:16 -05:00
Spencer McIntyre a27bf9df38 Fix some grammatical mistakes and set a default target for anydesk 2020-07-01 15:27:33 -04:00
wvu-r7 e0fbc9fd05 Correct whitespace change 
Seems like a typo.
 2020-07-01 11:00:04 -05:00
Shelby Pace e2f6330755 Land #13725, fix error / clean up atutor exploit 2020-06-30 13:32:34 -05:00
William Vu 755d2d3261 Use subpar regex validation on LEAK_FILE 2020-06-30 11:17:26 -05:00
Alan Foster b841246536 Update autocheck to use prepend instead of include, add ForceExploit functionality 2020-06-30 11:40:46 +01:00
Niboucha Redouane 2c4ca04dca Rename the factory method for SQLi classes, and add a check on the class to instanciate 2020-06-27 14:51:54 +02:00
Jeffrey Martin aa6c037dbd refactor mixin as factory for sqli classes 2020-06-26 15:09:01 -05:00
Spencer McIntyre bb33bc9c62 Randomize the bad unicode character used to trigger the vulnerability 2020-06-26 13:05:43 -04:00
Pedro Ribeiro 6e8178735f Update ibm_drm_rce.rb 2020-06-26 11:38:55 +07:00
Pedro Ribeiro 2ba8573ef9 Update IBM DRM rce module 2020-06-26 11:31:10 +07:00
Pedro Ribeiro 34fd858265 Update IBM DRM SSH module 2020-06-26 11:28:21 +07:00
Spencer McIntyre fb4ec60a30 Apply rubocop linting and add an Ubuntu 20.04 target 2020-06-25 16:18:17 -04:00
Niboucha Redouane 8b7ad94168 Fix error message, SqliDelay instead of SQLI_SLEEP 2020-06-24 00:48:07 +02:00
Niboucha Redouane f89f80be47 add default value for options of SQLi constructors, and fix eyesofnetwork module 2020-06-24 00:38:13 +02:00
adfoster-r7 fceb96e659 Land #13608, update elog calls to be consistent across 2020-06-23 09:47:01 +01:00
Niboucha Redouane fba2d2e7be inject the datastore into the SQLi library, and register advanced options 2020-06-22 17:36:38 +02:00
Adam Galway 1a2bf98222 creates standard elog & updates exisiting usages 2020-06-22 12:48:39 +01:00
h00die 6e93dcf8c2 Land #13645, Trend Micro WebSecurity RCE 2020-06-22 06:51:26 -04:00
h00die 6a3633c2c0 fixing up some styles and such 2020-06-20 12:05:48 -04:00
mdisec 260607e8f9 Adding check on exploit method 2020-06-19 19:00:52 +03:00
Niboucha Redouane 9d36076264 Add option to specify the range of characters to retrieve 2020-06-19 16:41:57 +02:00
mdisec 7ab5474175 Change check method and regex for cookie 2020-06-19 16:15:11 +03:00
mdisec 229760a826 Fixing document file and module improvements 2020-06-18 20:11:55 +03:00
Shelby Pace db4006e9f6 Land #13607, add Cayin exploit modules 2020-06-18 10:33:49 -05:00
Niboucha Redouane 305dbe9e2f refactor structure, get rid of prefix and suffix 2020-06-18 17:21:10 +02:00
h00die 7bd2ba3aed remove debugging 2020-06-17 12:04:18 -04:00