adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

1005 Commits

Author SHA1 Message Date
Mzack9999 af4eb0fbe3 Corrected shellcode 2017-06-20 00:55:18 +02:00
Mzack9999 0b04dc0584 Correct EDB Number 2017-06-20 00:52:29 +02:00
Mzack9999 bc826cb824 Easy Chat Server From 2.0 to 3.1 - Buffer Overflow (SEH) exploit 2017-06-20 00:36:59 +02:00
Mzack9999 7fb36edd50 corrected msftidy warnings 2017-06-17 22:58:47 +02:00
Mzack9999 31a5cc94b2 Easy File Sharing HTTP Server 7.2 - Post Overflow exploit 2017-06-17 22:35:21 +02:00
Jeffrey Martin 0e145573fc more httpClient modules use store_valid_credential 2017-05-30 14:56:05 -05:00
wchen-r7 2835c165d7 Land #8390, Add module to execute powershell on Octopus Deploy server 2017-05-25 17:33:07 -05:00
wchen-r7 330526af72 Update check method 2017-05-25 17:30:58 -05:00
William Webb 467f1ce0ca Land #8411, Buffer overflow in VXSearch Enterprise v9.5.12 2017-05-22 07:37:31 -05:00
Daniel Teixeira c1624d0967 VX Search Enterprise GET Buffer Overflow 2017-05-18 17:12:47 +01:00
wchen-r7 c0bf2cc6e7 Land #8401, Buffer Overflow on Sync Breeze Enterprise 9.4.28 2017-05-17 23:39:50 -05:00
Daniel Teixeira ad8788cc74 Update syncbreeze_bof.rb 2017-05-17 11:33:24 +01:00
Daniel Teixeira 5329ce56c4 Sync Breeze Enterprise GET Buffer Overflow 2017-05-17 10:53:28 +01:00
William Webb 7e2dab4ddc Land #8303, Buffer Overflow on Dupscout Enterprise v9.5.14 2017-05-17 01:04:59 -05:00
wchen-r7 77a9676efb Land #8347, Add Serviio Media Server checkStreamUrl Command Execution 2017-05-16 16:20:39 -05:00
james-otten 3c4dfee4f5 Module to execute powershell on Octopus Deploy server 
This is not a bug, but a feature which gives users with the correct
permissions the ability to take over a host running Octopus Deploy.

During an automated deployment initiated by this module, a powershell
based payload is executed in the context of the Octopus Deploy server,
which is running as either Local System or a custom domain account.
This is done by creating a release that contains a single script step
that is run on the Octopus Deploy server. The said script step is
deleted after the deployment is started. Though the script step will
not be visible in the Octopus Deploy UI, it will remain in the server's
database (with lot's of other interesting data).

Options for authenticating with the Octopus Deploy server include
username and password combination or an api key. Accounts are handled
by Octopus Deploy (stored in database) or Active Directory.

More information about Octopus Deploy:
https://octopus.com
 2017-05-15 18:57:38 -05:00
Brendan Coles 42c7d64b28 Update style 2017-05-10 06:37:09 +00:00
Brendan Coles 32dafb06af Replace NoTarget with NotVulnerable 2017-05-08 22:29:44 +00:00
William Vu b794bfe5db Land #8335, rank fixes for the msftidy god 2017-05-07 21:20:33 -05:00
Bryan Chu 88bef00f61 Add more ranks, remove module warnings 
../vmware_mount.rb
Rank = Excellent
Exploit uses check code for target availability,
the vulnerability does not require user action,
and the exploit uses privilege escalation to run
arbitrary executables

../movabletype_upgrade_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../uptime_file_upload_2.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../zpanel_information_disclosure_rce.rb
Rank = ExcellentRanking
Exploit allows remote code execution,
implements version check for pChart

../spip_connect_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../wp_optimizepress_upload.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../wing_ftp_admin_exec.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../novell_mdm_lfi.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../run_as.rb
Rank = ExcellentRanking
Exploit utilizes command injection,
checks system type, and does not require user action
 2017-05-07 15:41:26 -04:00
Brendan Coles 0eacf64324 Add Serviio Media Server checkStreamUrl Command Execution 2017-05-05 07:54:00 +00:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings 
Also fixed rex requires.
 2017-05-03 15:44:51 -05:00
Sara Perez 18fa411189 Updated with Egypt's suggestion, also changed the target name to include other versions 2017-04-27 13:19:44 +01:00
Daniel Teixeira a3a4ba7605 Buffer Overflow on Dup Scout Enterprise v9.5.14 2017-04-26 15:19:00 +01:00
Daniel Teixeira 47898717c9 Minor documentation improvements 
Space after ,
 2017-04-24 14:47:25 +01:00
DanielRTeixeira f1c51447c1 Add files via upload 
Buffer Overflow on Disk Sorter Enterprise
 2017-04-19 10:57:41 +01:00
Sara Perez 178d68003e version check, as the name for the api key call changes on 11.0. Line 130 2017-04-18 10:32:28 +01:00
Brent Cook bb140b9581 fix deprecated target ARCH 2017-03-03 13:38:16 -06:00
William Webb d76e80bc44 Land #7424, Ektron Webservices XSLT Remote Code Execution 2017-03-03 12:12:21 -06:00
wchen-r7 5d0b532b20 Fix #8002, Use post/windows/manage/priv_migrate instead of migrate -f 
Because migrate -f uses a meterpreter script, and meterpreter scripts
are deprecated, we should be replacing with a post module

Fix #8002
 2017-02-23 17:04:36 -06:00
Maurice Popp d5fd620fbb Add files via upload 2017-02-14 11:21:36 +01:00
Gabor Seljan bda464fd6b Increase output 2017-01-21 10:51:58 +01:00
Gabor Seljan e3043b0889 Use random string as egg 2017-01-21 10:28:47 +01:00
Gabor Seljan c47f087c83 Fix check code 2017-01-21 09:39:09 +01:00
Gabor Seljan 905213cc41 Add module for DiskSavvy Enterprise (EDB-40854) 2017-01-19 20:34:00 +01:00
Gabor Seljan 483865b815 Fix reference 2017-01-11 23:28:23 +01:00
Gabor Seljan 24014d8465 Minor code formatting 2017-01-10 22:59:42 +01:00
Gabor Seljan 9162374ae3 Add automatic targeting 2017-01-08 11:23:18 +01:00
Gabor Seljan d2472712f3 Add module for DiskBoss Enterprise (EDB-40869) 2017-01-07 19:44:38 +01:00
Brent Cook f313389be4 Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch 2016-11-20 19:08:56 -06:00
Chris Higgins 4e9802786c Removed spaces causing build to fail 2016-11-13 21:46:24 -06:00
OJ 57eabda5dc Merge upstream/master 2016-10-29 13:54:31 +10:00
Chris Higgins c153686465 Added Disk Pulse Enterprise Login Buffer Overflow 2016-10-27 21:49:17 -05:00
OJ 1d617ae389 Implement first pass of architecture/platform refactor 2016-10-28 07:16:05 +10:00
Brent Cook ed35bf5011 remove unneeded badchars from payload specification 2016-10-26 04:47:33 -05:00
David Maloney 6b77f509ba fixes bad file refs for cmdstagers 
when moving to the rex-exploitation gem some of the
file references were missed, partially due to silly differences
between how each file was referenced

Fixes #7466
 2016-10-21 12:31:18 -05:00
Catatonic Prime da307a5312 Adding description of the module 2016-10-10 06:22:11 +00:00
Catatonic Prime 467f9e700d msftidy fixes for title & removing unused dependency 2016-10-10 06:11:29 +00:00
Catatonic Prime 6cbae172f8 Adding Ektron 8.5 Web Service XSLT RCE 2016-10-10 05:21:45 +00:00
Pearce Barry 226ded8d7e Land #6921, Support basic and form auth at the same time 2016-08-25 16:31:26 -05:00