adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

13654 Commits

Author SHA1 Message Date
bwatters-r7 64c06a512e Land #8020, ntfs-3g local privilege escalation 2017-04-04 09:48:15 -05:00
Christian Mehlmauer 30c4a665f4 update iis exploit 2017-04-03 20:06:16 +02:00
Brent Cook 4c0539d129 Land #8178, Add support for non-Ruby modules 2017-04-02 21:02:37 -05:00
h00die 0092818893 Land #8169 add exploit rank where missing 2017-04-02 20:59:25 -04:00
Bryan Chu 151ed16c02 Re-ranking files 
../exec_shellcode.rb
Rank Great -> Excellent

../cfme_manageiq_evm_upload_exec.rb
Rank Great -> Excellent

../hp_smhstart.rb
Rank Average -> Normal
 2017-04-02 18:33:46 -04:00
h00die e80b8cb373 move sploit.c out to data folder 2017-03-31 20:51:33 -04:00
Adam Cammack 6910cb04dd Add first exploit written in Python 2017-03-31 17:07:55 -05:00
dmohanty-r7 1ce7bf3938 Land #8126, Add SolarWind LEM Default SSH Pass/RCE 2017-03-31 11:21:32 -05:00
dmohanty-r7 c445a1a85a Wrap ssh.loop with begin/rescue 2017-03-31 11:16:10 -05:00
Bryan Chu 5e31a32771 Add missing ranks 
../exec_shellcode.rb
Rank = Great
This exploit is missing autodetection and version checks,
but should be ranked Great due to high number of possible targets

../cfme_manageiq_evm_upload_exec.rb
Rank = Great
This exploit implements a check to assess target availability,
and the vulnerability does not require any user action

../dlink_dcs_930l_authenticated_remote_command_execution
Rank = Excellent
Exploit utilizes command injection

../efw_chpasswd_exec
Rank = Excellent
Exploit utilizes command injection

../foreman_openstack_satellite_code_exec
Rank = Excellent
Exploit utilizes code injection

../nginx_chunked_size
Rank = Great
Exploit has explicit targets with nginx version auto-detection

../tp_link_sc2020n_authenticated_telnet_injection
Rank = Excellent
See dlink_dcs_930l_authenticated_remote_command_execution,
exploit uses OS Command Injection

../hp_smhstart
Rank = Average
Must be specific user to exploit, no autodetection,
specific versions only
 2017-03-31 02:39:44 -04:00
dmchell 8b3fe0ac06 Merge branch 'dmchell-cve-2017-7269' into iis_6_sc-dev 2017-03-28 19:33:37 +01:00
dmchell 697d3978af Update iis_webdav_scstoragepathfromurl.rb 2017-03-28 19:14:32 +01:00
Carter d7bed334b0 Add Metasploit header 2017-03-28 12:07:57 -05:00
Carter ebbed949c2 Get rid of double header 2017-03-28 12:05:44 -05:00
Carter d1c269e5e8 Update iis_webdav_scstoragepathfromurl.rb 2017-03-28 11:54:52 -05:00
Carter 4972b510d1 Use HttpClient instead of Tcp 2017-03-28 11:37:40 -05:00
Carter c203fa71d1 Create iis_webdav_scstoragepathfromurl.rb 2017-03-28 11:34:11 -05:00
dmchell ffdd5fb471 Update iis_webdav_scstoragepathfromurl.rb 
converted to Msf::Exploit::Remote::HttpClient
 2017-03-28 17:16:35 +01:00
dmchell ed90971489 Update iis_webdav_scstoragepathfromurl.rb 2017-03-28 16:16:51 +01:00
dmchell 1552cc4cac Update iis_webdav_scstoragepathfromurl.rb 2017-03-28 16:11:44 +01:00
dmchell b301a8d0c0 Update iis_webdav_scstoragepathfromurl.rb 2017-03-28 16:07:12 +01:00
dmchell 20a9b88eb6 Update and rename iis_webdav_ScStoragePathFromUrl.rb to iis_webdav_scstoragepathfromurl.rb 2017-03-28 15:53:18 +01:00
dmchell f7cecaf31e Update and rename cve-2017-7269.rb to iis_webdav_ScStoragePathFromUrl.rb 2017-03-28 15:47:20 +01:00
dmchell 9e8ec532a2 Create cve-2017-7269.rb 
Exploit for cve-2017-7269.rb
 2017-03-28 15:33:20 +01:00
Pearce Barry 9db2e9fbcd Land #8146, Add Default Secret & Deserialization Exploit for Github Enterprise 2017-03-24 14:38:47 -05:00
William Webb e04f01ed6b Land #7778, RCE on Netgear WNR2000v5 2017-03-23 15:34:16 -05:00
wchen-r7 3b062eb8d4 Update version info 2017-03-23 13:46:09 -05:00
wchen-r7 fdb52a6823 Avoid checking res.code to determine RCE success 
Because it's not accurate
 2017-03-23 13:39:45 -05:00
wchen-r7 39682d6385 Fix grammar 2017-03-23 13:23:30 -05:00
wchen-r7 ee21377d23 Credit Brent & Adam 2017-03-23 11:22:49 -05:00
wchen-r7 196a0b6ac4 Add Default Secret & Deserialization Exploit for Github Enterprise 2017-03-23 10:40:31 -05:00
Mehmet Ince d37966f1bb Remove old file 2017-03-23 12:53:08 +03:00
Mehmet Ince 8a43a05c25 Change name of the module 2017-03-23 12:49:31 +03:00
bwatters-r7 a93aef8b7a Land #8086, Add Module Logsign Remote Code Execution 2017-03-22 11:33:49 -05:00
William Vu 1a8e8402ae Land #8113, SysGauge SMTP server validation sploit 2017-03-21 16:45:42 -05:00
wchen-r7 d10b3da6ec Land #8132, Support Python 2 & 3 for web_delivery 2017-03-21 13:48:27 -05:00
wchen-r7 6b3cfe0a98 Support both Python 2 and Python 3 in one line 
Tested on:

* Python 2.7.13 on Windows
* Python 3.5.3 on Windows
 2017-03-21 13:47:07 -05:00
James Lee 2e096be869 Remove debugging output 2017-03-21 11:26:02 -05:00
Swiftb0y ffe77c484e fixed spacing 2017-03-20 16:37:35 +01:00
Swiftb0y e51063aa56 added the python3 syntax to the web_delivery script 2017-03-20 16:08:08 +01:00
h00die 7bcd53d87d Land #8079, exploit and aux for dnaLims 2017-03-20 11:08:05 -04:00
h00die fd5345a869 updates per pr 2017-03-20 10:40:43 -04:00
h00die fe5167bf26 changes to file per pr 2017-03-20 10:16:42 -04:00
h00die 84e4b8d596 land #8115 which adds a CVE reference to IMSVA 2017-03-18 09:51:52 -04:00
Mehmet Ince 6aa42dcf08 Add solarwinds default ssh user rce 2017-03-17 21:54:35 +03:00
Brent Cook 52cea93ea2 Merge remote-tracking branch 'upstream/master' into land-8118- 2017-03-17 12:39:30 -05:00
Chris Higgins 7a12e446a0 Updated documentation and fixed module header. Whoops, copy/paste fail. 2017-03-16 21:28:24 -05:00
Dallas Kaman 80c33fc27f adding '-' to rails deserialization regex for cookie matching 2017-03-16 10:54:32 -05:00
Thomas Reburn 59c7de671e Updated rails_secret_deserialization to add '.' regex for cookie matching. 2017-03-16 10:45:43 -05:00
Chris Higgins f4bb1d6a37 Updated based on @wvu's comments 2017-03-15 19:15:12 -05:00