adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
57,151 Commits 27 Branches 1,043 Tags
77526bd6f45bea54ca8c06da930eddbd2c19e370
Commit Graph

3460 Commits

Author SHA1 Message Date
William Vu 5ec31d2e41 Update recent modules to use prepend 2020-07-01 14:43:15 -05:00
Alan Foster b841246536 Update autocheck to use prepend instead of include, add ForceExploit functionality 2020-06-30 11:40:46 +01:00
Shelby Pace 2b1af9acaa Land #13610, add atutor auth dir trav / rce 2020-06-29 11:58:34 -05:00
Shelby Pace ad48170a18 replace forceexploit with autocheck 2020-06-29 11:54:01 -05:00
Shelby Pace f2c79ca1ef add changes for linux 2020-06-29 10:43:26 -05:00
Shelby Pace 2f6847c321 move login to its own method 2020-06-26 14:50:34 -05:00
Christophe De La Fuente 77276ee3e2 Land #13604, Ignition Automation RCE module 2020-06-25 18:14:57 +02:00
Pedro Ribeiro 432a9acfcd Update modules/exploits/multi/scada/inductive_ignition_rce.rb 
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>
 2020-06-25 22:43:12 +07:00
kalba-security d0509fecf4 Improve the method of setting the cmdstager flavor 2020-06-24 06:50:00 -04:00
William Vu b28d9517bc Exclude multi from automatic PAYLOAD selection 2020-06-23 16:12:28 -05:00
kalba-security 18926e874c Fix file_traversal_path check 2020-06-23 15:26:14 -04:00
adfoster-r7 fceb96e659 Land #13608, update elog calls to be consistent across 2020-06-23 09:47:01 +01:00
Pedro Ribeiro 68b48f7a6d add advisory url 2020-06-22 19:39:57 +07:00
Pedro Ribeiro 61806242be add requested changes 2020-06-22 19:06:42 +07:00
Adam Galway 1a2bf98222 creates standard elog & updates exisiting usages 2020-06-22 12:48:39 +01:00
kalba-security d1792bdf51 Add extra suggestion from code review 2020-06-18 16:48:46 -04:00
kalba-security 57f40053da Improve autoselect (incorporate suggestions from code review) 2020-06-18 16:39:11 -04:00
Shelby Pace 738dd4b5ce Land #12277, add Agent Tesla panel rce module 2020-06-18 15:06:15 -05:00
Shelby Pace 1d6e7313ce remove ForceExploit option 2020-06-18 15:05:02 -05:00
gwillcox-r7 199d7db222 Fix up items mentioned by @space-r7 during her review 2020-06-18 09:56:20 -05:00
gwillcox-r7 275ed6429e Fix up rubocop errors in the module 2020-06-17 15:11:55 -05:00
gwillcox-r7 eebacb8fbb Make adjustments so that this module only supports Windows so that we can land this for now. Linux support may be added in the future. 2020-06-17 14:56:40 -05:00
gwillcox-r7 c29cf491ed Add idea for trying to fix up not being able to write to disk, may need further improvements 2020-06-17 12:36:00 -05:00
gwillcox-r7 25f32d68d5 Add in some RuboCop fixes 2020-06-17 11:15:10 -05:00
gwillcox-r7 c7bcd9152c Add in support to detect if the PHP payload was not uploaded successfully. 2020-06-17 11:13:24 -05:00
gwillcox-r7 3787849a6b Fix cleanup code for Windows, should now have good working Windows code 2020-06-16 14:49:09 -05:00
gwillcox-r7 cc0ab19dea Clear up release date and add more comments explaining purpose of some of the resource links 2020-06-16 12:17:13 -05:00
gwillcox-r7 b6dfbe926c Simplify the Description field of the exploit 2020-06-16 11:58:51 -05:00
RAMELLA Sébastien 876836bcce update doc and fix module syntax. 2020-06-16 10:47:51 -05:00
RAMELLA Sébastien fbffefbdb2 add. original module edb reference. 2020-06-16 10:47:50 -05:00
RAMELLA Sébastien 1ab77af898 fix. remove setup function initialization 2020-06-16 10:47:50 -05:00
RAMELLA Sébastien 624c69bebf add. authenticated exploitation 2020-06-16 10:47:50 -05:00
RAMELLA Sébastien 1a9431d965 fix. json parser and add random number into sqli 2020-06-16 10:47:49 -05:00
RAMELLA Sébastien c704dba44c add. agent tesla panel rce exploit module 2020-06-16 10:47:49 -05:00
kalba-security b5ad7a8511 Use session_created, update documentation 2020-06-15 13:37:59 -04:00
kalba-security 8bc35859ff Remove comment left from testing 2020-06-15 13:22:06 -04:00
kalba-security 546dcdbeef Add register_file_for_cleanup 2020-06-15 13:13:52 -04:00
Pedro Ribeiro dad6f0a007 Update modules/exploits/multi/scada/inductive_ignition_rce.rb 
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>
 2020-06-15 16:16:09 +07:00
Pedro Ribeiro 0688b27247 Update modules/exploits/multi/scada/inductive_ignition_rce.rb 
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>
 2020-06-15 16:16:02 +07:00
Pedro Ribeiro 6b71c1930e Update modules/exploits/multi/scada/inductive_ignition_rce.rb 
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>
 2020-06-15 16:15:54 +07:00
kalba-security e4351d37b8 Add ATutor 2.2.4 directory traversal / RCE module and docs 2020-06-12 16:02:00 -04:00
Pedro Ribeiro 815a7c8185 fix typo 2020-06-12 12:59:31 +07:00
l0ss 49eb1efd40 Base64 enc payload to bypass escaping quotes etc. 
The second step (POST with payload) of this module wasn't working as-written as the server was escaping out quotes etc.

Added b64 decoding/encoding to injected code in step 1 and step 2 payload to bypass server-side escaping of quotes etc.
 2020-06-12 13:44:00 +08:00
Pedro Ribeiro dc19dc96d2 Rename ignition_automation_rce.rb to inductive_ignition_rce.rb 2020-06-12 11:30:36 +07:00
Pedro Ribeiro 4ad9f5543e Create ignition_automation_rce.rb 2020-06-12 11:19:42 +07:00
Shelby Pace 51fca24a38 Land #13545, add drag / drop file upload rce 2020-06-04 10:35:03 -05:00
Shelby Pace 329ba1091f add session_created, fix typo 2020-06-04 10:32:17 -05:00
h00die 0df1a2a502 more error handling 2020-06-04 06:45:29 -04:00
William Vu 8ad7b71829 Land #13552, WebLogic CVE-2020-2883 exploit 2020-06-03 19:52:52 -05:00
h00die 434a1f587f rubocop 2020-06-03 10:44:48 -04:00