adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
50,621 Commits 27 Branches 1,043 Tags
7f5fdff8b3ffd38d6d814affcbf43b4e86e8d9f0
Commit Graph

2029 Commits

Author SHA1 Message Date
Wei Chen a380bb6df1 Land #11239, Add check for writable and nosuid WritableDir 2019-02-08 19:14:54 -06:00
Wei Chen 18a4af1d1d Land #11279, improve imap_open exploit to be more robust 2019-02-08 18:28:08 -06:00
Tod Beardsley daa3076d42 Add CVE-2018-1000999 to MailCleaner module 
See PR #11148

This adds the new CVE assigned by DWF for this vulnerability.

Note that [CVE-2018-10933](https://www.cvedetails.com/cve/CVE-2018-10933/)
describes a vulnerability in libssh, but this one describes the issue as
it pertains to MailCleaner specifically.
 2019-01-23 09:27:12 -06:00
Shelby Pace 2ae6142de7 Land #11243, Add ASan SUID Privesc 2019-01-22 15:50:53 -06:00
Brendan Coles 060d20694d Attribution 2019-01-20 09:18:43 +00:00
h00die f47060870a horde imp h3 imap_open 2019-01-18 19:43:45 -05:00
h00die 2585e4b708 horde imp h3 imap_open 2019-01-18 19:38:30 -05:00
h00die 5d49f04948 not working horde imp imap_open 2019-01-17 19:55:42 -05:00
h00die a73fe9433b land #11169 blueman priv esc on linux 2019-01-15 10:32:46 -05:00
bcoles 8c636f27d5 Update check method to confirm vulnerability 2019-01-15 11:31:31 +11:00
Wei Chen 47f8738f74 Add Imran Rashid to CVE-2018-11770 credit 2019-01-14 15:28:08 -06:00
Wei Chen 52ff0a8b75 Update exploits/linux/http/spark_unauth_rce as CVE-2018-11770 2019-01-14 15:10:29 -06:00
Brendan Coles c6f4eda7f9 Add ASan SUID Executable Privilege Escalation module 2019-01-12 09:14:20 +00:00
Brendan Coles fe6956d7f7 Use mixins 2019-01-11 22:46:58 +00:00
Brendan Coles 20fd6b6134 Add check for writable and nosuid WritableDir 2019-01-11 22:41:14 +00:00
Brendan Coles 24f807490f revisionism 2019-01-10 19:19:14 +00:00
h00die 799a79b715 ueb priv esc suggestion 2019-01-09 20:28:53 -05:00
Jacob Robles 16b8cf7059 Land #11148, Adding Module MailCleaner RCE 2019-01-08 14:10:31 -06:00
Jacob Robles a0acfa79d7 Target payloads 2019-01-08 13:27:26 -06:00
Mehmet İnce 4e8ad22a7a Adding CVE number 2018-12-26 13:15:36 +03:00
Mehmet İnce fa542b9691 Adding platform and arch to top level 2018-12-25 15:56:25 +03:00
Brendan Coles 98dc59728e Add blueman set_dhcp_handler D-Bus Privilege Escalation 2018-12-24 08:03:55 +00:00
Brent Cook b9742802aa Land #11137, Clean up linux/local/vmware_alsa_config exploit module 2018-12-21 17:04:11 -06:00
Mehmet İnce 9481ad04f2 Adding support for ARCH_CMD and updating docs 2018-12-20 12:12:01 +03:00
Mehmet İnce 68ceb08957 Fixing minor issues such as err codes 2018-12-19 22:17:34 +03:00
Mehmet İnce e5c8c18ded Adding Mailcleaner exec 2018-12-19 17:35:40 +03:00
Brent Cook fc2d217c0a Land #11135, strip comments from source code before uploading it to the target 2018-12-17 21:23:29 -06:00
Shelby Pace 2fc501d260 Land #11112, Fix bpf_priv_esc exploit module 2018-12-17 10:00:50 -06:00
Brendan Coles d973a58052 Clean up linux/local/vmware_alsa_config 2018-12-17 08:01:34 +00:00
Brendan Coles fcb512878c Add strip_comments method to Linux local exploits 2018-12-16 14:11:54 +00:00
Brendan Coles b8e134b95d Update version check 2018-12-15 05:39:50 +00:00
Auxilus 6c9fafb9d5 Delete unused variable 
I suppose the variable 'f' was for Name in https://github.com/rapid7/metasploit-framework/blob/06720ee18b2d661aa5ea695ed80e4daa88fbf20c/modules/exploits/linux/smtp/haraka.py#L70

I'm not sure, should it be 'f' at https://github.com/rapid7/metasploit-framework/blob/06720ee18b2d661aa5ea695ed80e4daa88fbf20c/modules/exploits/linux/smtp/haraka.py#L70 or just the way it is atm?
 2018-12-14 22:27:11 +05:30
William Vu cb5648a1c7 Add WEBUI_PORT to hp_van_sdn_cmd_inject exploit 2018-12-13 12:22:36 -06:00
William Vu e69f006992 Remove CommandShell mixin in exploits 
This was cargo culting. Exploits use handler instead of start_session.
 2018-12-12 15:43:13 -06:00
Brendan Coles 68d451711b Fix bpf_priv_esc module 2018-12-12 17:23:12 +00:00
Brent Cook bc6356a2cd Land #11090, update code and style for exploit/linux/local/glibc_origin_expansion_priv_esc 2018-12-10 09:59:03 -06:00
Brendan Coles 237d3c86c4 Code cleanup and update style 2018-12-09 07:26:51 +00:00
Brendan Coles a9c0a5d53d Use ::File::binread for exploit_data file read 2018-12-09 04:09:56 +00:00
Brendan Coles d8ab6a552b Add lkrg_installed? checks 2018-12-08 13:37:12 +00:00
Brendan Coles 275c043cfd Add kernel_config checks 2018-12-07 03:28:17 +00:00
Tod Beardsley 140833215f Add CVE as issued by DWF 
See discussion on #10987.

Now that I said that out loud, I realize that the original PR for this
module is a really funny PR number.
 2018-12-06 14:59:05 -06:00
Jacob Robles dec08a0b43 Land #10954, apache spark unauth rce module 2018-11-29 13:56:21 -06:00
Jacob Robles 01af176679 Change delay implementation 2018-11-29 10:05:47 -06:00
Jacob Robles ed6c2896e3 Remove duplicate check 2018-11-29 10:04:51 -06:00
Jacob Robles 8508824cc2 Modify check logic 2018-11-29 10:04:05 -06:00
Green-m 4888ec0c29 Delete unused variable. 2018-11-29 10:48:25 +08:00
Green-m ca0a2684f5 Randomize payload main class. 2018-11-28 11:26:51 +08:00
Brent Cook b3ad4a0358 Land #11033, update refs for imap_open vulnerability 2018-11-27 20:23:46 -06:00
h00die e3e7285288 Land #9946 a UEB local priv escalation 2018-11-27 21:19:34 -05:00
h00die 38a99ac90a ueb privesc updates 2018-11-27 21:18:05 -05:00