adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

1446 Commits

Author SHA1 Message Date
Jeffrey Martin 578bf9999f Land #12955, Update logic for ForceExploit in modules 2020-02-21 15:45:12 -06:00
Christophe De La Fuente f9077bcd8d Land #12704, OpenNetAdmin 18.1.1 Remote Code Execution exploit 2020-02-21 15:49:26 +01:00
Christophe De La Fuente 5e4b83581a Fix indentation issue 2020-02-21 15:47:32 +01:00
Onur ER f483b80849 Changed to vars_post 2020-02-21 03:48:12 +03:00
Onur ER 695f6869df Update opennetadmin_ping_cmd_injection.rb 2020-02-21 03:13:44 +03:00
Onur ER f90d605c21 Update modules/exploits/unix/webapp/opennetadmin_ping_cmd_injection.rb 
Co-Authored-By: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>
 2020-02-21 03:07:27 +03:00
William Vu 7dc1315dac Update logic for ForceExploit in my modules 
This lets the user opt out of running check completely.
 2020-02-19 01:06:50 -06:00
Brent Cook 8489bcdfd9 This fixes broken links to the community.rapid7.com blog 
Performed mechanically with sed, spot-checked that the new blog can consume these links.
 2020-02-18 09:06:11 -06:00
Adam Galway 65521270ea Land #12853, InfiniteWP exploit & mixin upgrades 2020-02-10 11:33:49 +00:00
William Vu eab1245eef Update module doc 2020-02-07 12:30:00 -06:00
William Vu a9ae212b27 Replace ForceExploit with AutoCheck mixin 2020-02-07 12:04:57 -06:00
wvu-r7 2ad8a02fd7 Fix version check 
Co-Authored-By: adamgalway-r7 <54621924+adamgalway-r7@users.noreply.github.com>
 2020-02-07 10:10:28 -06:00
William Vu 763dbf5d5d Check WordPress version 2020-02-07 03:14:17 -06:00
William Vu 6c59d7c37c Refactor module 2020-02-07 01:38:11 -06:00
William Vu 62c98710ad Reword vulnerable commit range 2020-02-06 11:03:20 -06:00
William Vu e053ed7a1e Add Msf::Exploit::Expect mixin and refactor again 2020-02-05 21:16:24 -06:00
William Vu 95fa8602bc Refactor modules that use Expect 2020-02-05 21:16:21 -06:00
William Vu 81f9fc7608 Refactor arbitrary payload support 2020-02-05 17:01:54 -06:00
William Vu dae06ab0c9 Reword comments in morris_sendmail_debug 
Not sure why I used singular, but it was probably reading too much RFC.
 2020-02-05 14:23:29 -06:00
RageLtMan e2d0d8f011 Cleanup module and permit alternate payload scheme 
The original Qualys exploit uses an inline-shell for loop to read
and thereby consume lines from the input stream preceeding the
intended script for execution in the body section. Payloads which
do not contain bad characters (encoded or coincidentally simple)
can be placed directly into the FROM field and executed in place
of the original for loop filter.
 2020-02-01 15:04:22 -05:00
RageLtMan 312a3466ee Update 2020-7247 to execute from body 
Using method from
https://www.openwall.com/lists/oss-security/2020/01/28/3

Attempted several other line readers via awk, while, for. Tried
without pipes or `>` in the strings. It appears other characters
are also illegal (conditional brackets likely culprits).

Initial testing on wide-open-configured opensmtpd on OpenBSD 6.6
libvirt Vagrant image produces shells, python meterpreter sessions,
and executes generic commands.
 2020-01-31 04:32:03 -05:00
William Vu 81b8d5b58a Add OpenSMTPD MAIL FROM RCE 2020-01-29 05:10:43 -06:00
William Vu 972cb545f0 Restore the original PLUGIN_FILE contents 2020-01-18 14:57:41 -06:00
William Vu cbd949927d Add WordPress InfiniteWP Client plugin exploit 2020-01-17 20:12:21 -06:00
William Vu 5c4189fdb4 Move unix/webapp/webmin_backdoor to linux/http 2020-01-14 00:50:04 -06:00
William Vu 01b6bc112d Rescue EOFError for good measure 2019-12-23 19:02:13 -06:00
William Vu 81f8f4f67f Add ForceExploit to 4.3BSD (VAX) exploits 2019-12-23 18:17:09 -06:00
Onur ER 548abf4364 Rename modules/exploits/multi/http/opennetadmin_ping_cmd_injection.rb to modules/exploits/unix/webapp/opennetadmin_ping_cmd_injection.rb 2019-12-14 16:26:19 +03:00
dwelch-r7 41569b78ba Land #12503, Add exploit module for Ajenti 2.1.31 2019-12-01 16:13:06 +00:00
Christophe De La Fuente 373d147efd Land #12555 - Wordpress Plainview Activity Monitor RCE 2019-11-29 11:10:24 +01:00
leo-lb 1cf9a2eb53 Update wp_plainview_activity_monitor_rce.rb 2019-11-28 20:13:21 +01:00
leo-lb 2372f7e40d Update wp_plainview_activity_monitor_rce.rb 2019-11-28 20:10:17 +01:00
leo-lb 853fea736d Update wp_plainview_activity_monitor_rce.rb 2019-11-27 22:28:33 +01:00
leo-lb 60b98fd20c Update wp_plainview_activity_monitor_rce.rb 2019-11-27 21:59:54 +01:00
leo-lb 9b5265f49a Update wp_plainview_activity_monitor_rce.rb 2019-11-27 21:57:24 +01:00
Onur ER fa1647190e Update ajenti_auth_username_cmd_injection.rb 2019-11-20 19:09:24 +03:00
Onur ER 841e524b6f Update modules/exploits/unix/webapp/ajenti_auth_username_cmd_injection.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-11-20 18:08:33 +03:00
Onur ER af59efa4cd Update modules/exploits/unix/webapp/ajenti_auth_username_cmd_injection.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-11-20 18:08:23 +03:00
sinn3r 5c6686a105 Land #12532, Add FusionPBX Command exec.php Command Execution 
Add FusionPBX Command exec.php Command Execution
 2019-11-13 11:33:21 -06:00
sinn3r 66ad5deb47 Land #12531, Add FusionPBX Operator Panel exec.php Command Execution 
Add FusionPBX Operator Panel exec.php Command Execution
 2019-11-13 11:31:30 -06:00
lle-bout 1d7cdac421 Add Wordpress Plainview Activity Monitor RCE 
Description:

```
Plainview Activity Monitor Wordpress plugin is vulnerable to OS
command injection which allows an attacker to remotely execute
commands on underlying system. Application passes unsafe user supplied
data to ip parameter into activities_overview.php.
Privileges are required in order to exploit this vulnerability, but
this plugin version is also vulnerable to CSRF attack and Reflected
XSS. Combined, these three vulnerabilities can lead to Remote Command
Execution just with an admin click on a malicious link.
```
 2019-11-10 08:27:45 +01:00
William Vu 2b3c2b6af5 Land #12535, module traits for some local exploits 2019-11-07 10:00:39 -06:00
Brendan Coles 38498305d3 Add module notes for Reliability and Stability 2019-11-03 00:33:24 +00:00
Brendan Coles c2b40d2924 Add FusionPBX Command exec.php Command Execution 2019-11-01 23:38:51 +00:00
Brendan Coles 9346013974 Use bg_system API command 2019-11-01 22:17:26 +00:00
Brendan Coles 08d51acd18 Update targets 2019-11-01 20:33:23 +00:00
Brendan Coles 1e3705e47d Add FusionPBX Operator Panel exec.php Command Execution 2019-11-01 20:11:55 +00:00
Onur ER 379fb3b65c Targets version fixed 2019-10-29 23:04:42 +03:00
Onur ER e07289c71a Update Ajenti Command Injection module 
Module name changed.
Removed space.
Check module issues fixed.
random_password moved into json_body.
 2019-10-29 22:49:11 +03:00
Onur ER 89e56cf26d Rename ajenti_login_rce.rb to ajenti_auth_username_cmd_exec.rb 2019-10-29 22:19:59 +03:00