adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
59,036 Commits 27 Branches 1,043 Tags
7e99025dd3eb4f5b6e134dfd2a804fc8e2afbe07
Commit Graph

1642 Commits

Author SHA1 Message Date
William Vu e52084242f Remove unused vprint_status conditional 2020-12-09 22:45:41 -06:00
William Vu 399c8dbb79 Don't be lazy about sending the request 
Don't telegraph our command injection _quite_ so much. We still
"complete" the initial command line to minimize disruption.

I am now backgrounding ssh-keygen to improve the speed of the exploit.
 2020-12-09 22:07:08 -06:00
William Vu f73a88a39c Land #14396, hadoop_unauth_exec clarification 2020-11-16 12:44:13 -06:00
Tod Beardsley 06a0634828 Describe the Hadoop vuln as not-a-vuln clearly 2020-11-16 11:31:59 -06:00
A Galway 0328e3f815 Land #14359, gives preference to default target options 2020-11-13 14:44:13 +00:00
William Vu fcb507e412 Fix AutoCheck 
I'm a big dummy.
 2020-11-11 15:57:38 -06:00
William Vu 42bdae919b Add SaltStack Salt REST API RCE (CVE-2020-16846) 
Leveraging CVE-2020-25592.
 2020-11-11 13:09:26 -06:00
Alan Foster 5b438fd933 Preference target values when registering options 2020-11-05 23:16:37 +00:00
Grant Willcox 2c391e9edc Fix up last of the module that had incorrect disclosure dates 2020-10-07 12:09:35 -05:00
Alan Foster 30809787c4 Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
Alan Foster 26ff912291 Fix invalid disclosure date formats 2020-10-02 12:20:05 +01:00
Christophe De La Fuente 2d1b378a18 Land #14122, Jenkins Deserialization RCE (CVE-2017-1000353) 2020-09-22 12:32:09 +02:00
Shelby Pace 2ae50e9304 Land #14025, add Artica Proxy auth bypass / rce 2020-09-21 15:27:53 -05:00
Shelby Pace 18fa28f96b change date format / default payload 2020-09-21 15:26:39 -05:00
Shelby Pace 74669f4052 Land #14135, add tp-link command injection 2020-09-18 09:47:02 -05:00
Pietro Oliva 5f204257a5 Remove unnecessary comma, fix docs 2020-09-18 10:15:23 -04:00
Pietro Oliva e2c169d7d3 Remove unnecessarily setting SSL via datastore 2020-09-18 09:32:45 -04:00
0xsysenter 3144a1aede Add SSL in DefaultOptions 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-09-18 15:31:23 +02:00
Pietro Oliva d3f68d0fe4 Fix double shell issue 2020-09-18 09:23:02 -04:00
Shelby Pace 09c5b906af change notes and primary command stager flavor 2020-09-17 13:25:14 -05:00
Shelby Pace 8c1968e01c use more generic regex for versioning 
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>
 2020-09-17 09:12:20 -05:00
Pietro Oliva 072f35c270 -Updated module to work using CmdStager 
-Updated documentation accordingly
-Removed unnecessary includes and simplified code
 2020-09-16 19:51:15 -04:00
Pietro Oliva c396ad0436 Fix compatibility issue resulting in no shell on some devices 2020-09-16 13:38:34 -04:00
Pietro Oliva c6b6021df3 Tidy up code with rubocop and msftidy 2020-09-14 21:13:09 -04:00
Pietro Oliva 963a4d29ec Removed unnecessary "begin, end" 2020-09-14 19:53:18 -04:00
Niboucha Redouane 3a09337935 Remove AUTH_BYPASS target 2020-09-15 01:51:34 +02:00
0xsysenter 201385f111 Update modules/exploits/linux/http/tp_link_ncxxx_bonjour_command_injection.rb 
Remove unnecessary comma

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-09-15 01:23:00 +02:00
0xsysenter a9e45dc0a1 Update modules/exploits/linux/http/tp_link_ncxxx_bonjour_command_injection.rb 
remove unnecessary comma

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-09-15 01:17:01 +02:00
0xsysenter 9c5f64d692 Update modules/exploits/linux/http/tp_link_ncxxx_bonjour_command_injection.rb 
fix disclosure date format

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-09-15 01:15:53 +02:00
Pietro Oliva f10ed189e9 Add module for TP-Link Cameras Command Injection (CVE-2020-12109) 2020-09-14 14:20:42 -04:00
Niboucha Redouane ca32a15f8d Remove trailing comma after the URL reference 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-09-14 19:03:57 +02:00
Niboucha Redouane 69ed4be81d Remove trailing comma after :auth_bypass 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-09-14 19:03:37 +02:00
Brendan Coles febe38e1ce resolve qa comments 2020-09-11 17:16:10 +00:00
Shelby Pace d86f9427c9 change version check and add sleep 2020-09-11 11:49:14 -05:00
Shelby Pace e5c9439974 rubocop and metadata additions 2020-09-10 18:32:30 -05:00
Shelby Pace 8474462458 add command stager usage 2020-09-10 18:02:07 -05:00
Shelby Pace 4d9f5e14e8 remove pry statement and comments 2020-09-02 13:41:33 -05:00
Shelby Pace 1e90d10531 add functionality for channel setup 2020-09-02 13:37:41 -05:00
Niboucha Redouane 314fb755c0 update comment on Author metadata 2020-09-02 19:43:06 +02:00
Niboucha Redouane 1b09ecfd04 make auth_bypass return a checkcode 2020-09-02 17:50:09 +02:00
Niboucha Redouane 1d4c0bedfc base64-encode the command in the check method 2020-09-01 20:58:37 +02:00
Niboucha Redouane 9d3981723b use hex encoding in command injection 2020-09-01 18:26:25 +02:00
Niboucha Redouane cd38077974 Add the non-encoded serialized object in the script, to make it more readable 2020-08-31 15:15:52 +02:00
Niboucha Redouane 82d8b92e24 add module documentation 2020-08-30 16:57:01 +02:00
Niboucha Redouane f96ad15dfa minor fix / refactoring 2020-08-30 16:31:04 +02:00
Brendan Coles 9d33ebd54a Add Mida Solutions eFramework ajaxreq.php Command Injection 2020-08-30 12:46:00 +00:00
Niboucha Redouane efdbf5716c avoid printing on methods called from check, and remove autocheck 2020-08-30 13:53:55 +02:00
Niboucha Redouane 2fde21a621 add check method, and address feedback from bcoles 2020-08-30 12:45:40 +02:00
Niboucha Redouane 7a120ef60b Add EDB and PACKETSTORM references 
Co-authored-by: bcoles <bcoles@gmail.com>
 2020-08-30 12:44:12 +02:00
Niboucha Redouane 43501cc92c rubocop / remove newline at EOF 2020-08-20 15:50:18 +02:00