adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
54,797 Commits 27 Branches 1,043 Tags
81c8a810ba5f4ed9619e61516e7b3d3de9f00a82
Commit Graph

27864 Commits

Author SHA1 Message Date
William Vu 22a75c7bee Revert "Fix style" 
This reverts commit 9f81aeb4ad.
 2020-02-04 10:10:46 -06:00
William Vu 7175126319 Update title for smb_doublepulsar_rce 2020-02-03 11:19:20 -06:00
William Vu fa6573f8e7 Note arch in supported target 2020-02-03 11:16:16 -06:00
William Vu a3717e13f6 Unf*ck PAYLOAD being set for neutralization 2020-02-03 11:16:16 -06:00
William Vu e12d993027 Move SMB DOPU module to match new naming scheme 2020-02-03 11:16:16 -06:00
William Vu f49ee7c60e Prefer exploit.rb's rand_text wrapper 2020-02-03 11:16:16 -06:00
William Vu d64eb10b17 Update credit 2020-02-03 11:16:16 -06:00
William Vu 548529e1d4 Clean up parsing 2020-02-03 11:16:16 -06:00
William Vu 9e690414a1 Update ping response parsing with new information 
Found the struct that corresponds to the ping response!
 2020-02-03 11:16:16 -06:00
William Vu 6241555531 Fix service pack 2020-02-03 11:16:16 -06:00
William Vu 2ce49456a7 Fix arch detection and add product type 
Thanks to @tsellers-r7 for testing XP and producing output to compare
against. Without a 32-bit test, the architecture guess was incorrect.
Additionally, product type had yet to be determined. The trailing bytes
were indeed significant! Thanks, Tom!
 2020-02-03 11:16:16 -06:00
William Vu 992a386ece Use build_data_tpdu and note channelJoinConfirm 2020-02-03 11:16:16 -06:00
William Vu 4d21b0e88e Update prints in check for visibility 
vprint_good should be print_warning, and most vprints should be print,
even if in check, since check is critical functionality.
 2020-02-03 11:16:16 -06:00
William Vu 7ba7221a8f Parse ping response into version, build, and arch 2020-02-03 11:16:16 -06:00
William Vu db1a201885 Add RDP DOUBLEPULSAR RCE module 2020-02-03 11:16:16 -06:00
dwelch-r7 97f5f37344 Land #12807, Install OpenSSH for Windows 2020-02-03 14:50:30 +00:00
Christophe De La Fuente 394e99fbe9 Land #12568, Fix exploit/windows/local/ms16_032_secondary_logon_handle_privesc 2020-01-30 11:57:56 +01:00
wvu-r7 bf68730c76 Land #12885, URL reference fix 2020-01-29 23:21:58 -06:00
cdelafuente-r7 9da4555509 Move clean-up code to cleanup method (#2) 
Move clean-up code to cleanup method
 2020-01-29 17:11:07 +01:00
Tim W d4bd195a3d Land #12871, fix osx/local/persistence removal commands and payload options 2020-01-28 17:39:02 +08:00
Daniel Streefkerk 9314e8b65b Reference URL is broken 
The URL http://www.fishnetsecurity.com/6labs/blog/post-exploitation-using-netntlm-downgrade-attacks redirects to the www.optiv.com homepage.

The correct current URL is https://www.optiv.com/blog/post-exploitation-using-netntlm-downgrade-attacks
 2020-01-28 20:35:57 +11:00
Tim W 0b0d4c8633 add x64 option to osx/local/persistence and update removal commands 2020-01-28 17:18:23 +08:00
cdelafuente-r7 3491da7da0 Add a random sentinel to close channel when terminates (#1) 
* Add a random sentinel to close channel when terminates

* Replace spaces with tabs to be consistent

* Remove unnecessary escaped quotes and use include? instead of regex
 2020-01-25 23:30:49 +01:00
bwatters-r7 0d8d17c63d Land #12736, Add support for PPID spoofing 2020-01-24 08:49:51 -06:00
Tim W cfffb65a21 Land #12859, update AF_PACKET chocobo_root linux LPE 2020-01-24 17:30:13 +08:00
William Vu 355ddba6c9 Prefer exploit.rb's rand_text wrapper 2020-01-22 16:37:36 -06:00
Brent Cook 6f6cc00871 Land #12751, add Linux RDS socket NP deref privesc 2020-01-22 07:08:47 -06:00
Francesco Soncina 06843d0ea5 update removal commands for osx/local/persistence 
fixes #12870
 2020-01-21 16:53:11 +01:00
Shelby Pace ccc7b7747f Land #12773, add NVMS directory traversal 2020-01-21 08:44:14 -06:00
Shelby Pace 231c858383 add target_uri to request 2020-01-21 08:43:19 -06:00
Shelby Pace e7e42b7a59 Land #12768, add dlink command injection module 2020-01-21 07:37:43 -06:00
Dhiraj Mishra 60b5a1791f removing def data 
Thanks bcoles
 2020-01-20 15:39:45 +04:00
bluesentinelsec 5d7c50e3ed updated to use Msf::Post::Windows::Powershell mixin 2020-01-19 19:51:44 -05:00
Brendan Coles 19b1f567b2 Update AF_PACKET chocobo_root Privilege Escalation module 2020-01-19 11:51:01 +00:00
Brendan Coles 36b6ceb56f Add rds_atomic_free_op_null_pointer_deref_priv_esc (CVE-2018-5333) 2020-01-18 08:34:52 +00:00
Dhiraj Mishra 256855b152 Adding TARGETURI 2020-01-18 13:56:13 +05:30
Brent Cook 7f74d28245 Land #12845, check for SSL when SSL is not enabled 2020-01-16 16:12:53 -06:00
William Vu 60b787bde1 Use new immutable? method in modules 2020-01-16 15:05:11 -06:00
William Vu a31e4034c8 Check SSL in exploit/linux/http/webmin_backdoor 2020-01-16 14:49:13 -06:00
William Vu 7646e43ccf Land #12776, PROTOCOL option for sunrpc_portmapper 2020-01-16 14:21:22 -06:00
William Vu bb583672bf Fix style 2020-01-16 14:21:09 -06:00
William Vu 6712458dbd Land #12758, attributes and immutable? methods 2020-01-16 14:01:29 -06:00
Adam Cammack 4ee92a1554 Land #12823, Fix Lua bind payloads 2020-01-16 13:13:01 -06:00
bwatters-r7 ee5e9dc922 Land #12832, DisablePayloadHandler replace strings with bools 
Merge branch 'land-12832' into upstream-master
 2020-01-16 12:10:34 -06:00
h00die c4d6feb0aa Land #12721, windows post module docs 2020-01-16 08:50:19 -05:00
Spencer McIntyre 033a0d1868 Land #12782, add the Plantronics LPE module 2020-01-15 11:17:41 -05:00
Dave York 7b14442ab0 replace strings with bools 2020-01-14 20:47:27 -05:00
William Vu 0760319ddf Check for whitespace in [global] directive 2020-01-14 11:21:03 -06:00
William Vu 491c36ccaa Land #12827, credit updates to Citrix exploit 2020-01-14 10:54:57 -06:00
William Vu eaeaae7607 Reformat credit 2020-01-14 10:46:04 -06:00