adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
72,291 Commits 27 Branches 1,043 Tags
862194d63fa8a1344d04b2b574f23bca4b91237d
Commit Graph

35423 Commits

Author SHA1 Message Date
Jack Heysel 862194d63f Documentation and rubocop changes 2023-12-11 19:01:35 -05:00
Jack Heysel 61414fab27 Refactored module to use mixin 2023-12-11 18:24:37 -05:00
Jack Heysel 397b9971a3 Clean up started 2023-11-22 21:06:55 -05:00
Jack Heysel c0be4c2f72 working end to end unix confluence 7.18 2023-11-22 19:49:38 -05:00
Jack Heysel e6e2106140 Auth bypass, auth, shell upload, working 2023-11-21 22:14:27 -05:00
Jack Heysel 1da4333611 Land #18434, Add module for Zoneminder RCE 
This PR adds an RCE module for the Zoneminder video
surveillance software system (CVE-2023-26035).
 2023-11-10 15:15:01 -05:00
Wolfgang Hotwagner 9ce3fdc557 added empty line after guard clause 2023-11-09 22:23:27 +00:00
whotwagner 4919291ec8 Update modules/exploits/unix/webapp/zoneminder_snapshots.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-11-09 23:21:39 +01:00
whotwagner 21340d0fd8 Update modules/exploits/unix/webapp/zoneminder_snapshots.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-11-09 23:21:26 +01:00
whotwagner 87cb12731e Update modules/exploits/unix/webapp/zoneminder_snapshots.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-11-09 23:20:57 +01:00
whotwagner e4005feb30 Update modules/exploits/unix/webapp/zoneminder_snapshots.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-11-09 23:20:33 +01:00
whotwagner 110cea8cc9 Update modules/exploits/unix/webapp/zoneminder_snapshots.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-11-09 23:20:17 +01:00
bwatters b5aeab0c9f Merge #18491, Add Module for PL/SQL Developer to gather credentials 
Merge branch 'land-18491' into upstream-master
 2023-11-09 11:18:52 -06:00
Jemmy Wang 893da00c6a Modify Table DisplayName and password matching regex 2023-11-09 13:58:14 +08:00
Jemmy Wang a4750b11bc Optimize AES key 2023-11-09 05:26:20 +08:00
Jemmy Wang 9c23f86d83 Add support for v15 new encryption algorithm 2023-11-09 05:08:27 +08:00
bwatters 77a93e452f Land #18507, Exploit & Auxiliary modules for CVE-2023-20198 and CVE-2023-20273 (Cisco IOS XE) 
Merge branch 'land-18507' into upstream-master
 2023-11-08 09:05:40 -06:00
Jack Heysel 06369281b9 Land #18503, Apache Nifi Cred Stealer Post Module 
This PR adds a post module to steal config and credential
information for Apache NiFi.
 2023-11-07 20:05:10 -05:00
jheysel-r7 7331db43dd Update print statement 2023-11-07 18:55:42 -05:00
Jemmy Wang d4166098a8 Update to be compatible for PL/SQL 14 2023-11-08 01:15:22 +08:00
h00die 87cd4aac5e spelling fix 2023-11-07 05:04:31 -05:00
sfewer-r7 2a56c3f28b remove redundant \d in check regex 2023-11-07 09:21:04 +00:00
h00die f1317fa050 review comments 2023-11-06 18:34:36 -05:00
h00die 0ce7b03397 update nifi credentials post module 2023-11-06 14:50:02 -05:00
sfewer-r7 25ef7d1272 add the RCE exploit 2023-11-06 17:12:40 +00:00
bwatters e8d45b00ba Land #18501, Exploit module for CVE-2023-46604 - Apache ActiveMQ 
Merge branch 'land-18501' into upstream-master
 2023-11-06 09:30:48 -06:00
sfewer-r7 b28668790d allow user to explicitly specify a CLI mode. Valid modes are 'user', 'privileged', and 'global'. 2023-11-06 11:40:22 +00:00
sfewer-r7 10ee87c712 Add an optional CISCO_ADMIN_USERNAME and CISCO_ADMIN_PASSWORD options. If set these admin creds are used to leverage CVE-2023-20273. If not set, then CVE-2023-20198 is used to create a new temp admin account before leveraging CVE-2023-20273 2023-11-06 10:20:07 +00:00
sfewer-r7 ea21036995 reduce nesting in the check routine 2023-11-06 09:42:59 +00:00
sfewer-r7 4272678938 reduce the indentation in on_request_uri 2023-11-06 09:36:20 +00:00
sfewer-r7 fa8c40072c ensure the payload doesnt contain a CDATA closing tag, if found then fail before we attempt exploitation 2023-11-06 09:36:20 +00:00
Christophe De La Fuente 1cde6198b5 Land #18481, MagnusBilling unauthenticated RCE [CVE-2023-30258] 2023-11-03 20:42:27 +01:00
sfewer-r7 a55132b36f strip out "**CLI Line # " from the results and use print_line instead of print_status for cleaner output. 2023-11-03 17:09:08 +00:00
sfewer-r7 c8121ebd8e mention dropping to User EXEC mode via two exit keywords 2023-11-03 16:43:21 +00:00
Jack Heysel ce5188a76c Land #18218, improve Windows checkvm post module 
This PR includes a number of enhancements to the windows
checkvm post module, including reducing the number of requests
set to the targets among other things.
 2023-11-03 12:17:06 -04:00
sfewer-r7 17420289dc Add two auxiliary modules for the recent Cisco IOS XE exploit chain bugs (CVE-2023-20198 and CVE-2023-20273). This allows for unauthenticated remote CLI or OS command execution. 2023-11-03 15:38:35 +00:00
jheysel-r7 23110e2ee3 Update modules/post/windows/gather/checkvm.rb 2023-11-03 11:18:55 -04:00
Jack Heysel 8bb7b98ce9 Land #18506, Fix stability issue for f5 2023-46747 
This PR fixes a statbility issue with the
f5_bigip_tmui_rce_cve_2023_46747 module. Prior to this fix
occasionally the module would fail on login as things were
running too quickly, the module now retrys loging in.
 2023-11-03 10:51:04 -04:00
Spencer McIntyre e5790f8d6e Fix a stability issue with the module 
Occassionally the module will fail on login if things are running too
quickly. Fix it by retrying like update_user_password does.
 2023-11-02 17:10:20 -04:00
adfoster-r7 eef0527668 Land #18504, add date and link on grafana dir traversal module 2023-11-02 19:13:31 +00:00
Jack Heysel c27412a1ac Land #18494, Add AjaxPro Deserialization RCE 
This PR adds a module which leverages an insecure
deserialization of data to get remote code execution
on the target OS in the context of the user running
the website which utilized AjaxPro.
 2023-11-02 13:54:17 -04:00
Jemmy Wang f83f183fe2 Apply Code Suggestions from review 2023-11-03 00:04:20 +08:00
Jack Heysel 17f7d5c253 Land #18497, Add Exploit For F5 CVE-2023-46747 
This module exploits a flaw in F5s BIG-IP Traffic Management User
Interface (TMUI) that enables an external, unauthenticated
attacker to create an administrative user. The attacker can then use
the admin user to execute arbitrary code in the context of the root user.
 2023-11-02 11:46:15 -04:00
Spencer McIntyre 27d86be456 Remove the REPEATABLE_SESSION tag 
The module is generally reliable, but may fail after it's been run multiple
times.
 2023-11-02 11:11:36 -04:00
Spencer McIntyre cea4c1f326 Feedback from module review 2023-11-02 10:17:45 -04:00
Spencer McIntyre d26742a266 Add check code annotations, update AJP link 2023-11-02 08:53:56 -04:00
h00die c55290a44a date and link on grafana dir traversal module 2023-11-02 07:43:01 -04:00
h00die 42cf28dbbe nifi creds stealer 2023-11-02 06:56:33 -04:00
sfewer-r7 24810183ca add in a unix target as ActiveMQ can run on OSX 2023-11-02 10:25:45 +00:00
sfewer-r7 94b5211525 set exploit Stance to Agressive 2023-11-02 09:32:36 +00:00