adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
75,371 Commits 27 Branches 1,043 Tags
8158cf5bae2eadf1a2fa8b73b7a4e34ac0aaa44b
Commit Graph

37010 Commits

Author SHA1 Message Date
Ashley Donaldson 8158cf5bae Add Reset and Change_NTLM actions 2024-11-20 12:13:41 +11:00
Ashley Donaldson 479078a5f2 Adding changing/resetting password module 2024-11-19 17:44:59 +11:00
Ashley Donaldson 717940590a Clearer datastore option description 2024-11-15 11:11:41 +11:00
Ashley Donaldson 715fa3c559 Msftidy fixes 2024-11-14 17:58:00 +11:00
Ashley Donaldson 67c33fa95f Fix bug: DCSync only once, rather than once per DC that exists in the domain 
- Also only DCSync each user once (if they're specified multiple times in KRB_USERS)
- Also be resilient to spaces in the comma-sepration
 2024-11-14 15:13:59 +11:00
Ashley Donaldson 1705203ad8 Support DCSyncing by group too 2024-11-13 17:22:11 +11:00
Ashley Donaldson 6c3e13a31f Able to query just a subset of users 2024-11-12 17:04:40 +11:00
Spencer McIntyre e709a18128 Merge pull request #19404 from bwatters-r7/smb2http_relay 
SMB to NTLM HTTP Relay with ESC8 module
 2024-11-05 14:12:08 -05:00
bwatters-r7 be21e2d4c6 Switch print to call out available templates 2024-11-04 13:37:23 -06:00
Spencer McIntyre 006ed90f1c Move the ESC8 module and document the attack 2024-11-04 09:37:12 -05:00
Spencer McIntyre 7d8baee574 Add some error handling and more logging 2024-11-04 09:37:12 -05:00
Spencer McIntyre 316a967414 Update the ESC8 module for the new changes 2024-11-04 09:37:08 -05:00
Spencer McIntyre 3b0195918c Merge pull request #19529 from NtAlexio2/pipe_dcerpc_auditor_rport 
Allow settings the RPORT option for pipe_dcerpc_auditor
 2024-11-01 11:11:45 -04:00
dwelch-r7 1bfa0755a8 Land #19518, Add support for RISC-V 32-bit / 64-bit Little Endian payloads 2024-11-01 11:18:30 +00:00
Brendan ff521464f3 Land #19528, Add Python exec payload 
Add a python/exec payload to execute OS commands
 2024-10-31 15:23:25 -05:00
jheysel-r7 ea45d83562 Land #19499, Adds SolarWinds Help Desk Backdoor module 
This adds a new module which exploits a backdoor in SolarWinds Web Help Desk (CVE-2024-28987) <= v12.8.3 which enables attackers to retrieve all tickets currently logged in the application.
 2024-10-31 12:17:32 -04:00
jheysel-r7 2e8892cb01 Land #19517, Add WooCommerce SQLi module 
This adds a new auxiliary module that exploits an unauthenticated SQL injection vulnerability in the TI WooCommerce Wishlist plugin for WordPress (versions <= 2.8.2). The vulnerability allows attackers to execute SQL queries via the order parameter which can be used to dump usernames and their hashed passwords.
 2024-10-31 12:09:55 -04:00
Jack Heysel 3456293da5 Lint 2024-10-31 11:56:55 -04:00
jheysel-r7 f01b01a62c Update modules/auxiliary/scanner/http/wp_ti_woocommerce_wishlist_sqli.rb 2024-10-31 11:36:19 -04:00
jheysel-r7 f24c0148f8 Update modules/auxiliary/gather/solarwinds_webhelpdesk_backdoor.rb 2024-10-31 10:56:56 -04:00
adfoster-r7 afbf9af930 Merge pull request #19600 from adfoster-r7/mark-enum-chrome-as-superseded 
Mark older browser modules for windows as superceded
 2024-10-31 11:33:03 +00:00
h4x-x0r c34d20db68 updated 
updated
 2024-10-30 21:51:32 +00:00
bwatters-r7 a2e97b3e38 Update payload cache sizes for... some reason. 2024-10-30 16:19:59 -05:00
jheysel-r7 222df0bfdf Land #19527 Add bypass for GiveWP RCE (CVE-2024-8353) 
This updates the exploit module wp_giveup_rce_bypass to incorporate the bypass CVE, allowing the payload to work on all affected versions of the GiveWP plugin.
 2024-10-30 16:29:14 -04:00
Jack Heysel f643aee5a4 Lint 2024-10-30 16:17:36 -04:00
jheysel-r7 9c0dc56aa6 Update modules/exploits/multi/http/wp_givewp_rce.rb 2024-10-30 16:04:28 -04:00
adfoster-r7 5e217fb93a Mark enum_chrome as superceded 2024-10-30 16:21:05 +00:00
adfoster-r7 7b745b2dcb Merge pull request #19506 from xaitax/enum_browsers 
Add Browser Data Extraction for Chromium- and Gecko-based Browsers
 2024-10-30 15:30:56 +00:00
jheysel-r7 d107ac8470 Land #19488 Add aux module for unauth SQLi in Ultimate Member plugin 2024-10-30 09:06:17 -04:00
jheysel-r7 094250f7e7 Land #19489 Add WordPress wp-automatic SQLi to RCE module 2024-10-30 09:05:03 -04:00
jheysel-r7 87af327507 Merge branch 'master' into wp_ultimate_member_sorting_sqli 2024-10-29 16:34:10 -04:00
Chocapikk bcd1fab0b8 Add suggestions 2024-10-29 20:42:13 +01:00
Chocapikk 7ccb2991f6 Improve nonce detection, fix bug 2024-10-29 19:41:47 +01:00
adfoster-r7 6e1ea9297f Merge pull request #19360 from gardnerapp/osx_daemon_privesc 
Add LaunchDaemon Persistence to exploits/osx/local/persistence.rb
 2024-10-25 22:42:38 +01:00
Spencer McIntyre 27d5c95323 Refactor into an SMB server relay mixin 2024-10-24 16:25:40 -04:00
Spencer McIntyre 8ba0019ca0 Refactor the existing relay target client code 2024-10-24 16:25:40 -04:00
bwatters-r7 a18b2b3671 code cleanup and documentation 2024-10-24 15:23:10 -05:00
bwatters dff4a8ba7c Updates per Spencer 2024-10-24 15:23:10 -05:00
bwatters 30b0e0ad29 Update debug prints and fix create_csr parameter 2024-10-24 15:23:10 -05:00
bwatters c4c1aae565 Update smb thread logging, fix control flow, use RELAY_TARGET, other suggestions 2024-10-24 15:23:10 -05:00
bwatters 74f6bc7d13 Remove Rescues and Rubocop 2024-10-24 15:23:10 -05:00
bwatters 6dcf63267b Fix rescue clauses 2024-10-24 15:23:10 -05:00
bwatters 0b94fdf75f Fix up suggestions from Spencer et al. 2024-10-24 15:23:10 -05:00
bwatters 1fb0b728a8 Fix timeout, add query_only mode and allow skipping the termplate query 2024-10-24 15:23:10 -05:00
bwatters 4c598c1981 Move ESC8 logic to module and limit debug printing 2024-10-24 15:23:09 -05:00
bwatters 5b1746f73f Add support for multiple certs 2024-10-24 15:23:09 -05:00
bwatters 2c760bd842 Tracking down hash issues 2024-10-24 15:23:09 -05:00
bwatters 7d86c99ba6 Currently getting a bad username/password message 2024-10-24 15:23:09 -05:00
Alex 6fb49a27e0 [Added] Improvements after review 2024-10-24 13:48:50 +02:00
adfoster-r7 9ac3f57a17 Merge pull request #19536 from GhostlyBox/patch-1 
Update enum_unattend.rb
 2024-10-24 10:10:08 +01:00