adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

13654 Commits

Author SHA1 Message Date
Jacob Robles 8a0f5c12f2 Move setup info, remove accessors 2018-09-21 07:47:22 -05:00
Jacob Robles 981fb38d52 Remove additional unused code 2018-09-20 07:04:41 -05:00
Jacob Robles ee604e1d23 Remove unused code 2018-09-20 07:01:58 -05:00
Jacob Robles f99df75719 Remove uploading payload dll to disk 2018-09-19 21:24:22 -05:00
Jacob Robles c76f095cd0 Inject Payload to Memory First 2018-09-19 21:13:49 -05:00
Jacob Robles 42ccc37bca Added description to module 2018-09-19 10:22:51 -05:00
Jacob Robles 8a20e0e702 Specific target, add process option 2018-09-19 08:49:54 -05:00
Hubert Lin 22c57d1bf0 chmod 644 2018-09-19 18:19:12 +08:00
Hubert Lin 36fa8f2ffc Added exploit module for Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow. 2018-09-19 15:28:46 +08:00
Hubert Lin 827219aff3 Revert "Added exploit module for Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow" 
This reverts commit d06587caef.
 2018-09-19 15:22:12 +08:00
Hubert Lin d06587caef Added exploit module for Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow 2018-09-19 15:09:40 +08:00
Hubert Lin 5b6938e942 Revert "Added exploit module for Delta Electronics Delta Industrial Automation COMMGR 1.08 Buffer Overflow" 
This reverts commit 1a9aa8ac3b.

Need to branch it.
 2018-09-19 13:20:00 +08:00
William Vu 1d091408f7 Make msftidy happy 2018-09-18 20:00:08 -05:00
William Vu 6a63feced4 Merge remote-tracking branch 'upstream/master' into pr/10418 2018-09-18 19:54:44 -05:00
asoto-r7 fd8ad6f4d8 struts2_namespace_ognl: Added verbose messages for errors with Tomcat >= 7.0.88 2018-09-18 15:26:28 -05:00
asoto-r7 4933f47ac5 struts2_namespace_ognl: Remove debugging code 2018-09-18 14:46:41 -05:00
asoto-r7 a9e6257891 struts2_namespace_ognl multishot OGNL payloads for Windows Meterpreter support 2018-09-18 14:27:47 -05:00
Brendan Coles 4fb223b293 Add Solaris RSH Stack Clash Privilege Escalation module 2018-09-18 17:38:59 +00:00
Hubert Lin 1a9aa8ac3b Added exploit module for Delta Electronics Delta Industrial Automation COMMGR 1.08 Buffer Overflow 2018-09-18 16:09:05 +08:00
Brendan Coles 0108e41b04 Move AKA reference to Notes hash 2018-09-18 08:00:44 +00:00
Brendan Coles 2f5bd4b714 Add Solaris 'EXTREMEPARR' dtappgather Privilege Escalation module 2018-09-18 07:23:10 +00:00
Brent Cook 6126a627cc Land #10570, AKA Metadata Refactor 2018-09-17 22:29:20 -05:00
Brent Cook a814899dc2 Land #10660, deregister RHOSTS as well as RHOST 2018-09-17 22:26:37 -05:00
Brent Cook 1aabf8d83f deregister RHOSTS as well 2018-09-17 22:26:16 -05:00
Jacob Robles 83af598e6a Updated VS solution and module 2018-09-17 17:38:19 -05:00
h00die 5089c19453 Land #10620 Solaris 10 LPE for libnspr 2018-09-17 18:10:16 -04:00
Erin Bleiweiss 011c25ed59 Merge changes from master (ghostscript) 2018-09-17 13:57:28 -05:00
Brendan Coles 83039781de Background payload execution 2018-09-17 08:42:04 +00:00
Brendan Coles c8906f8772 Add check for Solaris system patch revision 2018-09-17 08:32:52 +00:00
William Vu 4c036e70c1 Fix http://seclists.org links to https:// 
I have no idea how this happened in my own code. I was seeing https://.
 2018-09-15 18:54:45 -05:00
Brendan Coles 1f4a1a388e Update gcc path 2018-09-15 18:16:03 +00:00
bwatters-r7 f38e6f45ce Redo dllinjection 2018-09-14 17:47:53 -05:00
asoto-r7 4cf344dd83 WIP: Initial CVE-2018-8440 / ALPC-TaskSched-LPE 2018-09-13 18:00:20 -05:00
bwatters-r7 2fbbf88ea9 Land #10560, ms17_010_eternalblue: use SMBDomain value when provided 
instead of ignoring it

Merge branch 'land-10560' into upstream-master
 2018-09-13 10:08:54 -05:00
Brendan Coles a8c459db18 Update description with correct patched release 2018-09-13 08:22:13 +00:00
Brendan Coles 0db1c34c40 Add check for Solaris system patches 2018-09-12 07:36:54 +00:00
Quentin Kaiser 479b09962c Awind stuff. 2018-09-11 15:16:23 +02:00
h00die 354803185c fix msftidy warning 2018-09-11 05:24:01 -04:00
Brendan Coles e75b5592f7 Add ForceExploit option 2018-09-11 09:23:50 +00:00
Brendan Coles 1582dacb0e Check WritableDir is writable 2018-09-11 09:06:15 +00:00
Brendan Coles d658ccf653 Add Solaris libnspr NSPR_LOG_FILE Privilege Escalation module 2018-09-11 08:11:11 +00:00
h00die d8f2d08058 finish up docs and 10 exploit 2018-09-10 21:08:30 -04:00
h00die 589fb4bf3b first try at ueb mix 2018-09-09 22:41:01 -04:00
Wei Chen 718aaca0f4 Land #10546, Add Apache Struts exploit: CVE-2018-11776 2018-09-07 14:54:23 -05:00
Wei Chen bd50e00ccc Make some small changes: 
Changes made:

* DisclosureDate
* Privileged to false
* Remove gsub for ';'
* Set cmd/unix/generic as the default payload for ARCH_CMD (linux)
 2018-09-07 14:48:33 -05:00
William Vu b3cd4a89ad Move CVE ref to top as per ~standard~ 2018-09-07 14:33:25 -05:00
Adam Cammack 68ca771764 Add CVE reference to ghostscript_failed_restore.rb 2018-09-07 14:24:15 -05:00
asoto-r7 99ca6cef49 Quote-block cleanup and improved error handling 2018-09-07 11:43:04 -05:00
asoto-r7 3671f8f6b0 Handling for Tomcat namespace issues, 'allowStaticMethodAccess' settings, and payload output 
Depending on the configuration of the Tomcat server, `allowStaticMethodAccess` may already be set.  We now try to detect this as part of `profile_target`.  But that check might fail.  If so, we'll try our best and let the user control whether we prepend OGNL to enable `allowStaticMethodAccess` via the 'ENABLE_OGNL' option.

Additionally, sometimes enabling `allowStaticMethodAccess` will cause the OGNL query to fail.

Additionally additionally, some Tomcat configurations won't provide output from the payload.  We'll detect that the payload ran successfully, but tell the user there was no output.
 2018-09-06 17:56:42 -05:00
asoto-r7 7eb06b4592 Address travis errors: Updated metadata and target OS logic 2018-09-06 12:43:56 -05:00