adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
42,217 Commits 27 Branches 1,043 Tags
8ac5d2d37762161966fc3a74e29dd596fa796812
Commit Graph

1421 Commits

Author SHA1 Message Date
Adam Cammack 18d95b6625 Land #8346, Templatize shims for external modules 2017-05-10 18:15:54 -05:00
Brent Cook fede672a81 further revise templates 2017-05-08 14:26:24 -05:00
William Vu b794bfe5db Land #8335, rank fixes for the msftidy god 2017-05-07 21:20:33 -05:00
Bryan Chu 88bef00f61 Add more ranks, remove module warnings 
../vmware_mount.rb
Rank = Excellent
Exploit uses check code for target availability,
the vulnerability does not require user action,
and the exploit uses privilege escalation to run
arbitrary executables

../movabletype_upgrade_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../uptime_file_upload_2.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../zpanel_information_disclosure_rce.rb
Rank = ExcellentRanking
Exploit allows remote code execution,
implements version check for pChart

../spip_connect_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../wp_optimizepress_upload.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../wing_ftp_admin_exec.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../novell_mdm_lfi.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../run_as.rb
Rank = ExcellentRanking
Exploit utilizes command injection,
checks system type, and does not require user action
 2017-05-07 15:41:26 -04:00
Jeffrey Martin 05bf16e91e Land #8331, Adding module CryptoLog Remote Code Execution 2017-05-05 18:24:14 -05:00
Mehmet Ince 720a02f5e2 Addressing Spaces at EOL issue reported by Travis 2017-05-05 11:05:17 +03:00
Mehmet Ince 58d2e818b1 Merging multiple sqli area as a func 2017-05-05 10:49:05 +03:00
darkbushido 81bcf2ca70 updating all LHOST to use the new opt type 2017-05-04 12:57:50 -05:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings 
Also fixed rex requires.
 2017-05-03 15:44:51 -05:00
Mehmet Ince d04e7cba10 Rename the module as well as title 2017-05-03 19:18:46 +03:00
Mehmet Ince ae8035a30f Fixing typo and using shorter sqli payload 2017-05-03 16:45:17 +03:00
Mehmet Ince db2a2ed289 Removing space at eof and self.class from register_options 2017-05-03 01:31:13 +03:00
Mehmet Ince 77acbb8200 Adding cryptolog rce 2017-05-03 01:05:40 +03:00
Adam Cammack 494711ee65 Land #8307, Add lib for writing Python modules 2017-05-02 15:53:13 -05:00
Brent Cook 037fdf854e move common json-rpc bits to a library 2017-04-26 18:08:08 -05:00
Brent Cook a60e5789ed update mettle->meterpreter references in modules 2017-04-26 17:55:10 -05:00
William Vu bbee7f86b5 Land #8263, Mercurial SSH exec module 2017-04-26 01:38:01 -05:00
William Vu f60807113b Clean up module 2017-04-26 01:37:49 -05:00
wchen-r7 e333cb65e5 Restore require 'msf/core' 2017-04-24 17:09:02 -05:00
Matthias Brun d3aba846b9 Make minor changes 2017-04-24 23:35:36 +02:00
h00die 8e4c093a22 added version numbers 2017-04-22 09:45:55 -04:00
Matthias Brun 714ada2b66 Inline execute_cmd function 2017-04-21 15:32:15 +02:00
Matthias Brun 8218f024e0 Add WiPG-1000 Command Injection module 2017-04-20 16:32:23 +02:00
Jonathan Claudius f5430e5c47 Revert Msf::Exploit::Remote::Tcp 2017-04-18 19:27:35 -04:00
Jonathan Claudius 9a870a623d Make use of Msf::Exploit::Remote::Tcp 2017-04-18 19:17:48 -04:00
Jonathan Claudius 03e3065706 Fix MSF tidy issues 2017-04-18 18:56:42 -04:00
Jonathan Claudius 32f0b57091 Fix new line issues 2017-04-18 18:52:53 -04:00
Jonathan Claudius bfca4da9b0 Add mercurial ssh exec 2017-04-18 16:33:23 -04:00
Tod Beardsley 1fcc1f7417 Trailing comma. Why isn't this Lua? 2017-04-18 14:27:44 -05:00
Tod Beardsley 4ec71f9272 Add a reference to the original PR 
This was the source of first public disclosure, so may as well include
it.
 2017-04-18 14:20:25 -05:00
Nate Caroe 92e7183a74 Small typo fix 
Running msfconsole would generate an Ubuntu crash report (?). This seems to be the culprit.
 2017-04-17 11:14:51 -06:00
Ahmed S. Darwish e21504b22d huawei_hg532n_cmdinject: Use send_request_cgi() 'vars_get' key 
Instead of rolling our own GET parameters implementation.

Thanks @wvu-r7!
 2017-04-17 09:11:50 +02:00
Ahmed S. Darwish 7daec53106 huawei_hg532n_cmdinject: Improve overall documentation 
- Add section on compiling custom binaries for the device
- Add documentation for Huawei's wget flavor (thanks @h00die)
- Abridge the module's info hash contents (thanks @wwebb-r7)
- Abridge the module's comments; reference documentation (@h00die)
 2017-04-17 08:00:51 +02:00
Ahmed S. Darwish 8a302463ab huawei_hg532n_cmdinject: Use minimum permissions for staged binary 
Use u+rwx permissions only, instead of full 777, while staging the
wget binary to target. As suggested by @wvu-r7 and @busterb.
 2017-04-17 03:27:57 +02:00
Ahmed S. Darwish 7ca7528cba huawei_hg532n_cmdinject: Spelling fixes suggested by @wvu-r7 2017-04-17 03:23:20 +02:00
Ahmed S. Darwish 7b8e5e5016 Add Huawei HG532n command injection exploit 2017-04-15 21:01:47 +02:00
bwatters-r7 64c06a512e Land #8020, ntfs-3g local privilege escalation 2017-04-04 09:48:15 -05:00
Brent Cook 4c0539d129 Land #8178, Add support for non-Ruby modules 2017-04-02 21:02:37 -05:00
h00die 0092818893 Land #8169 add exploit rank where missing 2017-04-02 20:59:25 -04:00
Bryan Chu 151ed16c02 Re-ranking files 
../exec_shellcode.rb
Rank Great -> Excellent

../cfme_manageiq_evm_upload_exec.rb
Rank Great -> Excellent

../hp_smhstart.rb
Rank Average -> Normal
 2017-04-02 18:33:46 -04:00
h00die e80b8cb373 move sploit.c out to data folder 2017-03-31 20:51:33 -04:00
Adam Cammack 6910cb04dd Add first exploit written in Python 2017-03-31 17:07:55 -05:00
dmohanty-r7 1ce7bf3938 Land #8126, Add SolarWind LEM Default SSH Pass/RCE 2017-03-31 11:21:32 -05:00
dmohanty-r7 c445a1a85a Wrap ssh.loop with begin/rescue 2017-03-31 11:16:10 -05:00
Bryan Chu 5e31a32771 Add missing ranks 
../exec_shellcode.rb
Rank = Great
This exploit is missing autodetection and version checks,
but should be ranked Great due to high number of possible targets

../cfme_manageiq_evm_upload_exec.rb
Rank = Great
This exploit implements a check to assess target availability,
and the vulnerability does not require any user action

../dlink_dcs_930l_authenticated_remote_command_execution
Rank = Excellent
Exploit utilizes command injection

../efw_chpasswd_exec
Rank = Excellent
Exploit utilizes command injection

../foreman_openstack_satellite_code_exec
Rank = Excellent
Exploit utilizes code injection

../nginx_chunked_size
Rank = Great
Exploit has explicit targets with nginx version auto-detection

../tp_link_sc2020n_authenticated_telnet_injection
Rank = Excellent
See dlink_dcs_930l_authenticated_remote_command_execution,
exploit uses OS Command Injection

../hp_smhstart
Rank = Average
Must be specific user to exploit, no autodetection,
specific versions only
 2017-03-31 02:39:44 -04:00
Pearce Barry 9db2e9fbcd Land #8146, Add Default Secret & Deserialization Exploit for Github Enterprise 2017-03-24 14:38:47 -05:00
William Webb e04f01ed6b Land #7778, RCE on Netgear WNR2000v5 2017-03-23 15:34:16 -05:00
wchen-r7 3b062eb8d4 Update version info 2017-03-23 13:46:09 -05:00
wchen-r7 fdb52a6823 Avoid checking res.code to determine RCE success 
Because it's not accurate
 2017-03-23 13:39:45 -05:00
wchen-r7 39682d6385 Fix grammar 2017-03-23 13:23:30 -05:00