adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
49,800 Commits 27 Branches 1,043 Tags
92feeea0ca44ada89b8d6188effbc1d702bdb12e
Commit Graph

1994 Commits

Author SHA1 Message Date
Brent Cook bc6356a2cd Land #11090, update code and style for exploit/linux/local/glibc_origin_expansion_priv_esc 2018-12-10 09:59:03 -06:00
Brendan Coles 237d3c86c4 Code cleanup and update style 2018-12-09 07:26:51 +00:00
Brendan Coles a9c0a5d53d Use ::File::binread for exploit_data file read 2018-12-09 04:09:56 +00:00
Brendan Coles d8ab6a552b Add lkrg_installed? checks 2018-12-08 13:37:12 +00:00
Brendan Coles 275c043cfd Add kernel_config checks 2018-12-07 03:28:17 +00:00
Tod Beardsley 140833215f Add CVE as issued by DWF 
See discussion on #10987.

Now that I said that out loud, I realize that the original PR for this
module is a really funny PR number.
 2018-12-06 14:59:05 -06:00
Jacob Robles dec08a0b43 Land #10954, apache spark unauth rce module 2018-11-29 13:56:21 -06:00
Jacob Robles 01af176679 Change delay implementation 2018-11-29 10:05:47 -06:00
Jacob Robles ed6c2896e3 Remove duplicate check 2018-11-29 10:04:51 -06:00
Jacob Robles 8508824cc2 Modify check logic 2018-11-29 10:04:05 -06:00
Green-m 4888ec0c29 Delete unused variable. 2018-11-29 10:48:25 +08:00
Green-m ca0a2684f5 Randomize payload main class. 2018-11-28 11:26:51 +08:00
Brent Cook b3ad4a0358 Land #11033, update refs for imap_open vulnerability 2018-11-27 20:23:46 -06:00
h00die e3e7285288 Land #9946 a UEB local priv escalation 2018-11-27 21:19:34 -05:00
h00die 38a99ac90a ueb privesc updates 2018-11-27 21:18:05 -05:00
h00die 4af5ab3089 ueb privesc updates 2018-11-27 21:14:05 -05:00
h00die 63125bbc1a update imap_open refs 2018-11-27 20:31:57 -05:00
Brendan Coles 180876d8fc Add check for SMAP 2018-11-27 23:24:02 +00:00
Brent Cook b05bb616bf Land #10987, add exploit for PHP imap_open function against various web apps 2018-11-27 16:44:51 -06:00
Brent Cook 66cae6240f Land #10994, Added exploit for CVE-2018-18955 2018-11-27 16:12:05 -06:00
Brendan Coles 398987e94a ::File.binread 2018-11-27 18:58:05 +00:00
Brendan Coles 45ca248568 chmod 2018-11-27 18:39:03 +00:00
Brendan Coles aae86241ef Update version check 2018-11-27 18:13:29 +00:00
William Vu befca0f2fe Land #10949, ForceExploit for Linux local exploits 2018-11-27 11:23:03 -06:00
Brent Cook 0fddb8e31c Land #10768, Exploit for Netgear CVE-2016-1555 2018-11-26 11:45:10 -06:00
h00die e2d58afe13 cleaned up code, added custom 2018-11-25 10:59:53 -05:00
Brendan Coles debf79416b Replace WsfDelay with WfsDelay - Fixes #11018 2018-11-25 04:22:11 +00:00
Brendan Coles 01ed57cbb3 Remove check for nosuid 2018-11-25 01:53:07 +00:00
Brendan Coles ff23a006b7 cleanup 2018-11-25 00:16:39 +00:00
h00die 945755b058 add custom php_imap target 2018-11-24 14:18:13 -05:00
h00die 45f2c5beb2 update php_imap_open docs 2018-11-24 07:26:42 -05:00
h00die e36cef3b96 e107 exploitable now 2018-11-23 20:16:53 -05:00
Green-m 2197da4cd9 Fix code as jrobles suggest. 2018-11-21 11:24:50 +08:00
h00die acf421ffb0 remove eol spaces 2018-11-20 19:45:17 -05:00
h00die 31ad58fb91 edb and author 2018-11-20 19:30:43 -05:00
h00die 4111a61e1a fix module description 2018-11-20 18:35:20 -05:00
h00die 4c59a271e2 added suitecrm to imap_open exploit 2018-11-20 18:33:42 -05:00
Brendan Coles eb17c45000 Add Linux Nested User Namespace idmap Limit Local Privilege Escalation module 2018-11-20 14:10:28 +00:00
Green-m 9884bea84e Update the reference link. 2018-11-20 17:39:01 +08:00
Green-m 9f573d6f27 Fix code as jrobles suggest. 2018-11-20 16:54:22 +08:00
h00die a28feed7d8 fix normalize and date 2018-11-19 04:00:58 -05:00
h00die 4b09584047 php_imap_open_rce 2018-11-18 21:28:19 -05:00
William Vu 90b9204703 Update DisclosureDate to ISO 8601 in my modules 
Basic msftidy fixer:

diff --git a/tools/dev/msftidy.rb b/tools/dev/msftidy.rb
index 9a21b9e398..e9ff2b21e5 100755
--- a/tools/dev/msftidy.rb
+++ b/tools/dev/msftidy.rb
@@ -442,6 +442,8 @@ class Msftidy
     # Check disclosure date format
     if @source =~ /["']DisclosureDate["'].*\=\>[\x0d\x20]*['\"](.+?)['\"]/
       d = $1  #Captured date
+      File.write(@full_filepath, @source.sub(d, Date.parse(d).to_s))
+      fixed('Probably updated traditional DisclosureDate to ISO 8601')
       # Flag if overall format is wrong
       if d =~ /^... (?:\d{1,2},? )?\d{4}$/
         # Flag if month format is wrong
 2018-11-16 12:18:28 -06:00
Green-m f43aaac290 Clean code. 2018-11-14 16:48:39 +08:00
Green-m 7cc4d09a92 Clean code. 2018-11-14 10:35:38 +08:00
Green-m 388aebc335 Add exploit module for spark unauthenticated rce. 2018-11-12 17:07:50 +08:00
Imran E. Dawoodjee 16d146fd59 Fixing indentation. 2018-11-12 13:24:00 +08:00
Imran E. Dawoodjee 3e4df06500 Some more modifications 
Placed contents of request_post into execute_command
Randomized fingerprint with rand_text_alpha(12)
Spaces at EOL fixed
Normalized target URI
 2018-11-12 13:04:42 +08:00
Imran E. Dawoodjee 818cb37aca Implemented changes recommended by @bcoles. 2018-11-12 12:26:23 +08:00
Brendan Coles 40bc44d2b6 Add ForceExploit to Linux local modules 2018-11-11 09:37:56 +00:00