adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

13654 Commits

Author SHA1 Message Date
Quentin Kaiser 44025a6b68 Missing disclosure date. 2018-08-11 13:08:18 +02:00
Quentin Kaiser 75f127d6e0 Add email addresses. 2018-08-11 12:41:04 +02:00
Quentin Kaiser de59e1a07e Add email addresses. 2018-08-11 12:39:59 +02:00
Quentin Kaiser 559983de32 Hashicorp Consul RCE via Services API. 2018-08-10 22:45:42 +02:00
Quentin Kaiser dce03a74c1 Credit where it is due :) 2018-08-10 22:35:54 +02:00
Quentin Kaiser 374e531d8a Hashicorp Consul RCE via rexec API. 2018-08-10 21:35:28 +02:00
Wei Chen d9fc99ec4a Correct false negative post_auth? status 2018-08-09 23:34:03 -05:00
Wei Chen 9122c5945e Add a comment explaining the last sleep(10) 2018-08-09 14:51:56 -05:00
James Cook c5903dc767 Travis and Format fixes 
Fixed some formating issues pointed out by @Green-m.
Changed disclosure date format for travis.
 2018-08-09 10:29:34 -07:00
Jacob Robles 66e5685ed2 Moved to exploit/windows 2018-08-09 11:35:14 -05:00
Jacob Robles 228bd4c3ab Add weblogic_deserialize module CVE-2018-2628 2018-08-08 17:55:41 -05:00
Wei Chen 6223685c37 Update auth requirement for json metadata 2018-08-07 16:42:00 -05:00
James Cook f2d2e0fce6 Add webdav delivery module 
This module simplifies the rundll32.exe Application Whitelisting Bypass technique.
The module creates a webdav server that hosts a dll file. When the user types the provided rundll32
command on a system, rundll32 will load the dll remotly and execute the provided export function.
The export function needs to be valid, but the default meterpreter function can be anything.
The process does write the dll to C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV
but does not load the dll from that location. This file should be removed after execution.
The extension can be anything you'd like, but you don't have to use one. Two files will be
written to disk. One named the requested name and one with a dll extension attached.
 2018-08-07 11:56:54 -07:00
Green-m 9cd3ad9895 Not finished module for spark unauth remote code execution. 2018-08-06 05:31:37 -04:00
Brent Cook ae48ba635a Land #10417, Update check method of Hadoop exploit 2018-08-04 07:28:45 -05:00
Mumbai 4a88d643ba adding reflective Potato 2018-08-03 02:09:24 -04:00
Green-m d2c53e1c88 Update the check method. 2018-08-03 01:39:37 -04:00
Tim W 8785ec21b6 Land #9884, add linux ufo priv esc module 2018-08-02 17:53:36 +08:00
Tim W ff418afd1a add a default payload 2018-08-02 17:48:44 +08:00
Tim W cbe85acef5 fix bad link in bpf priv esc 2018-08-02 17:28:22 +08:00
Tim W 1c810249b1 ufo privesc is x64 only 2018-08-02 17:24:44 +08:00
Adam Cammack 41fdb75502 Land #10405, Cleanup dropped files for CMSMS 2018-08-01 14:44:33 -05:00
William Vu 4eef9e64ea Implement dropper target in axis_srv_parhand_rce 2018-07-31 21:43:29 -05:00
Jacob Robles 6c11d5800f Register files on same line 2018-07-31 10:03:59 -05:00
Jacob Robles 569ddd9d59 Remove files from application 2018-07-31 09:47:39 -05:00
Wei Chen bcfb3d099b Land #10255, Adding Micro Focus Secure Messaging Gateway RCE 2018-07-30 21:07:02 -05:00
Mehmet İnce 48a903f0b3 Fixing r and sql variables use same object issue 2018-07-31 00:57:32 +03:00
William Vu 129fd44350 Land #10305, SonicWall XML-RPC RCE 2018-07-30 14:14:26 -05:00
William Vu 38f6b8aada Clean up module 2018-07-30 14:06:33 -05:00
Jacob Robles 4ed2cc8189 Land #10397, Added line in psexec_psh to support SMB2 2018-07-30 13:06:00 -05:00
bwatters-r7 cdefb88770 Added line to support SMB2 2018-07-30 12:37:06 -05:00
Jacob Robles 952ab801e8 Land #10060, vTiger CRM v6.3.0 Upload RCE 2018-07-30 12:32:24 -05:00
Jacob Robles 62f663207b Change option type 2018-07-30 12:15:59 -05:00
Jacob Robles fe9315dc89 Update module, Add documentation 2018-07-30 12:11:08 -05:00
Wei Chen 32384cf850 Land #10387, Update mov_ss and add mov_ss_dll 2018-07-27 14:52:21 -05:00
bwatters-r7 6d4c70d019 ughhhhh EOL 2018-07-27 11:35:31 -05:00
bwatters-r7 036e2b2247 shut up, Rubocop 2018-07-27 11:11:32 -05:00
bwatters-r7 b4792e08a4 Combine the modules and update the binaries 2018-07-27 11:08:04 -05:00
bwatters-r7 aaf1a22c7c Rubocop changes 2018-07-27 10:15:45 -05:00
bwatters-r7 eab62c18c6 Update mov_ss and add mov_ss_dll 2018-07-27 09:40:34 -05:00
Wei Chen 1bcf2f9b37 Land #10383, Add WP Responsive Thumbnail Slider Plugin Exploit Module 2018-07-26 23:53:25 -05:00
Wei Chen 72d634b10b Update module and its documentation 2018-07-26 23:08:20 -05:00
Shelby Pace be1bf8b1fc modified status 2018-07-26 15:41:19 -05:00
Shelby Pace 6accca4181 added documentation and check method 2018-07-26 15:32:37 -05:00
Shelby Pace ed4c4046ba parsing for uploaded file, gets session 2018-07-26 14:23:24 -05:00
Wei Chen 2dff66aacb Check nil 2018-07-26 11:23:16 -05:00
Shelby Pace c23ffcbf62 successfully uploads payload and gets a session 2018-07-26 11:09:01 -05:00
Brent Cook e78337d59a Land #10374, Net::SSH::CommandStream fixes 2018-07-25 18:21:39 -05:00
Wei Chen 6c2e8f2402 Land #10300, Add root exploit for Axis network cameras 2018-07-25 14:46:04 -05:00
Wei Chen f169afff6a Add documentation and a new reference 2018-07-25 14:44:44 -05:00