adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

13654 Commits

Author SHA1 Message Date
Leo Le Bouter 756879d3d6 Fix msftidy 2020-01-06 18:14:58 +01:00
leo-lb f1ae217bb0 Single-core machines are safe from this exploit. 2020-01-06 05:21:51 +01:00
Brendan Coles 326fd26219 Check for nil response due to connection failure 2020-01-05 21:39:34 +00:00
Brendan Coles c8fb76182c Use PROGRAMDATA environment variable 2020-01-03 20:32:01 +00:00
Brendan Coles b3e9d9aee9 Add Plantronics Hub SpokesUpdateService Privilege Escalation 2020-01-03 20:13:27 +00:00
secenv 0d592a3fca Replace send_request_cgi with send_request_raw 
msftidy complains about not using vars_get... Which won't work in this case.
 2019-12-31 13:36:09 -03:00
secenv b6731a6d1c Remove printf as flavor 
There is no printf in this router.
 2019-12-31 13:10:59 -03:00
secenv bedb1132b7 Convert to staged exploit 
Works with meterpreter now :D
 2019-12-31 13:08:51 -03:00
secenv 5f2c29946c Remove the prompt variable + some EOL spaces; modify rand() 
As suggested by @bcoles
 2019-12-31 11:19:59 -03:00
secenv 2eec026a28 D-Link DIR-859 Unauthenticated RCE (CVE-2019-17621) 
Exploits a vulnerability in the /gena.cgi UPnP endpoint in D-Link DIR-859 (and potentially other) SOHO routers. CVE ID: 2019-17621.
Code based on modules/exploits/linux/http/dlink_dir300_exec_telnet.rb
 2019-12-30 19:22:04 -03:00
Brent Cook e8cd136e56 Land #12712, add OpenBSD Dynamic Loader chpass privesc 2019-12-27 03:56:02 -06:00
Brent Cook 8061cdf974 Land #12760, improvements to linux/local/bpf_priv_esc module 2019-12-26 13:43:54 -06:00
Brendan Coles a7b63557db Notify operator that cleanup of crontab is required 2019-12-26 16:21:44 +00:00
Brendan Coles d449a93b44 Add Msf::Post::File.attributes method 2019-12-25 07:34:44 +00:00
wvu-r7 e89a596e5c Land #12754, ForceExploit for 4.3BSD exploits 2019-12-23 19:13:42 -06:00
William Vu 01b6bc112d Rescue EOFError for good measure 2019-12-23 19:02:13 -06:00
William Vu 81f8f4f67f Add ForceExploit to 4.3BSD (VAX) exploits 2019-12-23 18:17:09 -06:00
Brent Cook ce991071e4 Land #12524, update most python code with python 3 compatibility 2019-12-23 14:49:08 -06:00
h00die 4f8382fc98 Land #12744, rds lpe updates and improvements 2019-12-22 10:21:03 -05:00
h00die 4e1e8d344f rds reliability, stability notes 2019-12-22 10:20:00 -05:00
Brendan Coles 4c0fc3a505 Add OpenBSD Dynamic Loader chpass Privilege Escalation (CVE-2019-19726) 2019-12-22 08:46:43 +00:00
h00die 7a027216cc Land #12701 linux priv esc on reptile_cmd rootkit 2019-12-21 15:50:07 -05:00
Shelby Pace 894927d960 Land #12693, add Comahawk privilege escalation 2019-12-18 15:40:51 -06:00
bwatters-r7 b36c191fc7 With feeling... 2019-12-18 14:33:13 -06:00
bwatters-r7 f9fbe96145 more bcoles suggestions 2019-12-18 14:25:43 -06:00
Brendan Coles c0da9e2202 Rename exploit/linux/local/rds_priv_esc -> exploit/linux/local/rds_rds_page_copy_user_priv_esc 2019-12-18 20:05:19 +00:00
Francesco Soncina 671f80896a Update payload_inject.rb 2019-12-18 16:06:26 +01:00
Tim W 58bf71d555 simplify amsi resource url 2019-12-17 17:35:29 +08:00
Francesco Soncina 664b196388 Update payload_inject.rb 2019-12-17 01:35:24 +01:00
Francesco Soncina 64c1f557c6 add support for PPID spoofing to payload_inject 2019-12-17 01:19:45 +01:00
Brent Cook fde942bc37 Land #12517, replace CheckScanner mixin with CheckModule, which works with anything 2019-12-16 17:40:10 -06:00
bwatters-r7 66dcbc5d99 Stupid typo... 2019-12-16 12:54:48 -06:00
bwatters-r7 06bcef3670 bcoles suggested chganges 2019-12-16 12:50:41 -06:00
Brent Cook 9cc02cb51f Land #12643, add additional example exploit modules 2019-12-16 11:34:33 -06:00
Brent Cook e1e668d7da Land #12651, add OpenMRS deserialization exploit 2019-12-16 11:31:24 -06:00
Christophe De La Fuente 42a60034f2 Land #12725, Bash profile persistence module 2019-12-16 09:19:08 +01:00
h00die 1ff925eac9 Land #12727, netfilter_priv_esc_ipv4 improvements 2019-12-15 07:07:40 -05:00
Brendan Coles dd41892123 Update netfilter_priv_esc_ipv4 exploit 2019-12-15 07:17:42 +00:00
bluesentinelsec c43330934b New module: Bash Profile Persistence 2019-12-14 21:40:18 -05:00
Francesco Soncina a3a25b193e serve AMSI/SBL bypass separately 2019-12-14 19:49:53 +01:00
Onur ER 548abf4364 Rename modules/exploits/multi/http/opennetadmin_ping_cmd_injection.rb to modules/exploits/unix/webapp/opennetadmin_ping_cmd_injection.rb 2019-12-14 16:26:19 +03:00
Onur ER 44636f4975 Update opennetadmin_ping_cmd_injection.rb 2019-12-14 16:24:27 +03:00
h00die 5fc561e916 Land #12661, more docs 2019-12-13 17:42:36 -05:00
bwatters-r7 6538a4188d Space-suggested updates 2019-12-13 15:25:01 -06:00
Onur ER 7730c5359d Update modules/exploits/multi/http/opennetadmin_ping_cmd_injection.rb 
Co-Authored-By: acammack-r7 <adam_cammack@rapid7.com>
 2019-12-13 16:39:17 +03:00
bwatters-r7 6be4729a02 Land #12391, Add shellcode_inject post module 
Merge branch 'land-12391' into upstream-master
 2019-12-12 15:20:51 -06:00
Brendan Coles d7f1c9a4a9 Land #12696, Add AKA references to several modules 2019-12-12 15:28:21 +00:00
bwatters-r7 0257861c4f Remove debug statements and extra c/ruby libraries 2019-12-11 18:42:36 -06:00
William Vu f31930748b Remove RHOST from solarwinds_lem_exec 
This doubles as a test.
 2019-12-11 13:42:41 -06:00
Rob Fuller 5eb90d758f Update modules/exploits/linux/ssh/solarwinds_lem_exec.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-12-11 13:44:37 -05:00