adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
69,533 Commits 27 Branches 1,043 Tags
8aef054dfdfe83d73674bb15df2411e237120bf2
Commit Graph

2117 Commits

Author SHA1 Message Date
Matthew Dunn 52fa2e5be6 Add example for version 5.5.6 with CVE-2021-25297 2023-02-07 14:18:53 -06:00
Grant Willcox 489ab24876 Add in additional case documentation for the various targets and CVEs and fix a bug in the code 2023-02-07 14:18:45 -06:00
Grant Willcox 7c30889784 Refactor code to handle unsigned licenses in one central function 2023-02-07 14:18:39 -06:00
Grant Willcox b14bcd40a2 Fix incorrect match logic grabbing the wrong entry from results for NSP 2023-02-07 14:18:38 -06:00
Grant Willcox 425da60b15 Add in missing case 5 check 2023-02-07 14:18:38 -06:00
Matthew Dunn 90e07ef5ed Switch to match over scan and add troubleshooting steps 2023-02-07 14:18:37 -06:00
Matthew Dunn 8cddf56238 Verify auth_cookies before use 2023-02-07 14:18:37 -06:00
Matthew Dunn a276659681 Use more encompassing single regex 2023-02-07 14:18:36 -06:00
Matthew Dunn 7554b5e4fd Add failure condition for nsp's that fail to match the regex 2023-02-07 14:18:36 -06:00
Matthew Dunn 1cb06b11ac Adjust exploit and docs to support versions 5.5.6-5.7.5 2023-02-07 14:18:09 -06:00
Matthew Dunn 87176f9d7f Address Review Comments and add CVE-2021-25297 coverage 2023-02-07 14:18:06 -06:00
Matthew Dunn c5914d8c99 Insert randomized strings to fix exploit with plugin_output_len 2023-02-07 14:18:05 -06:00
Matthew Dunn 990db5372f Remove extra payload details, add config check 2023-02-07 14:18:05 -06:00
Matthew Dunn b042e71b2a Make Module work for both target url parameters 2023-02-07 14:18:04 -06:00
Matthew Dunn b606d1ff6b Add Documentation for Module 
Fix CVE format

Add Documentation
 2023-02-07 14:18:04 -06:00
Matthew Dunn 5846d95b25 Create nagios_xi_configwizards_authenticated_rce.rb 
Add initial module
 2023-02-07 14:18:03 -06:00
adfoster-r7 bbf17c167c Land #17511, add exploit for CVE-2022-44877 command injection in CentOS Control Web Panel 2023-01-31 14:05:19 +00:00
Spencer McIntyre f81195d0cc Fix a typo 2023-01-25 13:45:18 -05:00
space-r7 153af9fb68 Land #17407, add Cacti unauth command injection 2023-01-23 13:06:46 -06:00
space-r7 58cd5bb003 specify command stager flavors 2023-01-23 11:53:19 -06:00
Spencer McIntyre 6fe0933c1e Add exploit for CVE-2022-44877 2023-01-20 09:04:24 -05:00
Grant Willcox 7e23c34e6c Apply fixes per code review 2023-01-17 12:44:22 -06:00
h00die-gr3y 541dab9365 simplified messaging 2023-01-17 12:44:20 -06:00
h00die-gr3y 77687bff3f init module 2023-01-17 12:44:20 -06:00
ErikWynter 8472efed02 fix typos, add reference, don't use methods to wrap datastore options 2023-01-13 14:53:29 +02:00
Grant Willcox f39973de86 Fix up missing option in documentation and also add some additional validation on server response. 2023-01-04 17:02:05 -06:00
h00die-gr3y 11b95b2094 added additional response check 2023-01-04 17:02:04 -06:00
h00die-gr3y c7b59b4815 updates based on gwillcox-r7 review comments 2023-01-04 17:02:04 -06:00
h00die-gr3y f9ecaa92ae updated references section 2023-01-04 17:02:03 -06:00
h00die-gr3y 4db15346e1 init commit module 2023-01-04 17:01:58 -06:00
Christophe De La Fuente 20d70799a7 Land #17298, Add opentsdb_yrange_cmd_injection module and docs 2022-12-23 13:38:58 +01:00
Christophe De La Fuente 83b11a69a8 Make rubocop happy 2022-12-23 13:38:16 +01:00
ErikWynter 7fa557805e add final code review suggestions 2022-12-23 11:29:29 +02:00
ErikWynter 8f96746551 fix typo and add credit for discovery 2022-12-23 11:11:31 +02:00
ErikWynter 4c2dfe0279 add cacti_unauthenticated_cmd_injection 2022-12-22 17:55:45 +02:00
Christophe De La Fuente e7e2849f6d Land #17183, Zimbra fixes 2022-12-06 15:38:37 +01:00
Christophe De La Fuente ddaf5a3f0d Remove unecessary return statement 2022-12-06 15:07:28 +01:00
bcoles 431804ef15 Fix typos: Replace 'the the' with 'the' 2022-12-04 17:41:24 +11:00
ErikWynter 78dfaa12ef add opentsdb_yrange_cmd_injection module and docs 2022-11-24 21:37:24 +02:00
Spencer McIntyre 6350daf2d8 Land #17273, F5 exploit module CVE-2022-41800 
F5 exploit module CVE-2022-41800 (authenticated RCE in RPM code)
 2022-11-23 17:57:18 -05:00
Ron Bowes b7cf112d42 Fix an issue where the session handler would close too early on Zimbra modules 2022-11-23 13:09:47 -08:00
Ron Bowes ffbf8b303a Change a 'return 0' to 'fail_with', per Christophe's request 2022-11-23 12:51:51 -08:00
Ron Bowes 28a68ede8c Merge branch 'master' into zimbra-fixes 2022-11-23 12:50:56 -08:00
Ron Bowes cbb50ed902 Remove non-functioning Arch'es 2022-11-23 10:42:07 -08:00
space-r7 8b30ff3dce remove CmdStager inclusion 2022-11-18 16:18:25 -06:00
Ron Bowes 7ebf84c66b Add URLs 2022-11-16 12:20:37 -08:00
Ron Bowes 20e6c1b55e Add URLs 2022-11-16 12:19:16 -08:00
Ron Bowes d0e109b842 Check in exploit module for CVE-2022-41800 2022-11-16 12:04:18 -08:00
Ron Bowes 99e661cfcf Check in exploit script for CVE-2022-41622 (CSRF into SOAP) 2022-11-16 11:58:15 -08:00
h00die-gr3y 70669f3fea addressed code improvement suggestions 2022-11-12 10:21:43 +00:00