adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

13654 Commits

Author SHA1 Message Date
William Vu 4f2cab4cf1 Add references 2019-11-11 17:33:10 -06:00
bwatters-r7 3b57705a1f Land #11390, Add exploit module for Xorg X11 Server Local Privilege Escalation on AIX 
Merge branch 'land-11390' into upstream-master
 2019-11-11 15:42:54 -06:00
Wei Chen 717a31c7c3 Fix typos and format 2019-11-11 14:47:56 -06:00
bwatters-r7 820aa4f46c Update documents with vimeo video example and update SideEffects value 
in the module cache.
 2019-11-11 14:28:07 -06:00
bwatters-r7 ef6ae90ca6 Add case statement for admin check 2019-11-11 09:00:11 -06:00
lle-bout 1d7cdac421 Add Wordpress Plainview Activity Monitor RCE 
Description:

```
Plainview Activity Monitor Wordpress plugin is vulnerable to OS
command injection which allows an attacker to remotely execute
commands on underlying system. Application passes unsafe user supplied
data to ip parameter into activities_overview.php.
Privileges are required in order to exploit this vulnerability, but
this plugin version is also vulnerable to CSRF attack and Reflected
XSS. Combined, these three vulnerabilities can lead to Remote Command
Execution just with an admin click on a malicious link.
```
 2019-11-10 08:27:45 +01:00
zerosum0x0 01d84c5654 remove syscall hook 2019-11-08 19:44:52 -07:00
bwatters-r7 f426206246 update code from bcoles suggestions. 2019-11-07 15:30:53 -06:00
William Vu 2b3c2b6af5 Land #12535, module traits for some local exploits 2019-11-07 10:00:39 -06:00
h00die 9cf62d02f9 land #12492 coldfusion rds updates 2019-11-07 05:16:29 -05:00
dwelch-r7 876a307816 Land #9396, Linux net snmpd rw access 2019-11-07 02:52:47 +00:00
h00die f0443deb2a resolved merge conflicts for payload 1.3.79 integration 2019-11-06 21:15:11 -05:00
dwelch-r7 2ab1b9071f remove unsupported check 2019-11-07 01:34:16 +00:00
dwelch-r7 61dc3ad487 Replace manual escaping with shellescape function 2019-11-07 01:33:42 +00:00
Shelby Pace 3d14b88a50 Land #12507, add rConfig Command Injection module 2019-11-06 13:45:15 -06:00
Shelby Pace a337567101 add check method 2019-11-06 12:40:45 -06:00
Tim W 55ebfe6c2d remove unnecessary override 2019-11-06 15:27:40 +08:00
Tim W 5711effa24 update comments 2019-11-06 14:59:49 +08:00
h00die 06f7027fd8 udapted docs 2019-11-06 15:57:33 +09:00
Shelby Pace f898c73e49 add module skeleton 2019-11-05 11:27:35 -06:00
Wei Chen 553601210a Add CVE-2019-16113: Bludit Directory Traversal Image Upload Exploit 2019-11-05 08:57:15 -06:00
Francesco Soncina a449941615 use PSH-EncodedCommand for EncodedCommand in launcher 
Since `Powershell::encode_final_payload` and `Powershell::encode_inner_payload` are already used in `cmd_psh_payload`, so it's better to have a dedicated option for the encoded launcher.
 2019-11-05 13:12:00 +01:00
Francesco Soncina 12c92342ef Use DefaultOptions instead of redefining them 2019-11-05 12:54:29 +01:00
Tim W 812409a491 Use a random apk name 2019-11-05 15:55:20 +08:00
Francesco Soncina bbe36ebfee remove debug prints 2019-11-05 00:25:55 +01:00
Francesco Soncina 53ee43bccb Update web_delivery.rb 2019-11-05 00:24:47 +01:00
h00die cb1caaca94 add cleanup 2019-11-04 23:31:45 +09:00
h00die 4f2fab797f janus upgrades 2019-11-04 23:31:45 +09:00
Brendan Coles 38498305d3 Add module notes for Reliability and Stability 2019-11-03 00:33:24 +00:00
scanu92 1ae2f66c7c Apply suggestions from code review 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-11-03 00:33:17 +01:00
scanu92 8a3f7a6b21 Apply suggestions from code review 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-11-03 00:32:55 +01:00
scanu92 1850cfd0c1 Apply suggestions from code review 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-11-03 00:32:32 +01:00
Brendan Coles f239b5db8f Add FreeSWITCH Event Socket Command Execution 2019-11-02 22:03:02 +00:00
scanu92 632e423236 Update cmsms_object_injection_rce.rb 2019-11-02 21:31:08 +01:00
scanu92 33303746f8 Update cmsms_object_injection_rce.rb 2019-11-02 21:29:38 +01:00
Cristina c9948c037d Apply suggestions from code review 
- Change executable in shebang from python3 to python
- Revert changes to files that will only run as python2

Co-Authored-By: acammack-r7 <adam_cammack@rapid7.com>
 2019-11-01 19:20:22 -07:00
Brendan Coles c2b40d2924 Add FusionPBX Command exec.php Command Execution 2019-11-01 23:38:51 +00:00
Brendan Coles 9346013974 Use bg_system API command 2019-11-01 22:17:26 +00:00
Brendan Coles 08d51acd18 Update targets 2019-11-01 20:33:23 +00:00
Brendan Coles 1e3705e47d Add FusionPBX Operator Panel exec.php Command Execution 2019-11-01 20:11:55 +00:00
scanu92 beffab0787 Update cmsms_object_injection_rce.rb 2019-11-01 15:26:02 +01:00
scanu92 7cc1175287 Update cmsms_object_injection_rce.rb 
Add NormalRanking to cmsms_object_injection_rce module
 2019-11-01 15:15:49 +01:00
sk4 af0761bcfd Add CMS Made Simple object injection exploit module 2019-11-01 12:11:38 +01:00
Brendan Coles 294cbcffb6 Land #12382, Add Linux Micro Focus (HPE) Data Protector omniresolve Privesc (CVE-2019-11660) 2019-11-01 08:06:01 +00:00
bcoles b08e031863 Update module description 2019-11-01 17:11:33 +11:00
bcoles c6e739c76d Code cleanup 2019-11-01 16:30:37 +11:00
Cristina Muñoz 10b5df1c4f Change all python2.7 shebangs to python3. 
Remove utf-8 encoding declarations, as this is the default for python3.
 2019-10-31 15:10:58 -07:00
Cristina Muñoz 8563a29003 Convert all python code to python3. Fixes #12506. 2019-10-31 14:16:14 -07:00
Francesco Soncina 9fc2df5ea8 move force_tls12 to rex-powershell 2019-10-31 16:28:59 +01:00
William Vu f5ce31519c Fix style, once more with feeling 2019-10-31 09:59:35 -05:00