adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

13654 Commits

Author SHA1 Message Date
William Webb 2ff170a1fa Land #7820, Exploit for TrueOnline Billion 5200W-T 2017-01-31 11:33:56 -06:00
William Webb f167358540 Land #7821, Command Injection Exploit for TrueOnline ZyXEL P660HN 2017-01-31 11:28:46 -06:00
William Webb b3521dfb69 Land #7822, Command Injection Exploit for TrueOnline P660HN v2 2017-01-31 11:22:49 -06:00
Mehmet Ince c666ac93f5 Adding xff header 2017-01-31 14:37:22 +03:00
Mehmet Ince 40108c2374 first commit 2017-01-31 14:15:46 +03:00
Pedro Ribeiro 0aceb0b1cb Fix whitespace, thanks msftidy! 2017-01-30 10:16:42 +00:00
Pedro Ribeiro 5fd31e621e Add CVE number 2017-01-30 10:03:46 +00:00
William Webb dd60fc3598 move cisco_webex_ext to exploits/windows/browser/ 2017-01-27 16:59:20 -06:00
William Webb 94f9971300 add module doc and remove the word EXPLOIT from document title 2017-01-26 13:36:18 -06:00
William Webb d87cb4b085 nfi why i didnt set ssl by default 2017-01-25 21:02:34 -06:00
William Webb ad0e2c7d95 remove extraneous warning alerts 2017-01-25 18:53:54 -06:00
William Webb d2bc8c7f7e msftidy complaints 2017-01-25 18:24:10 -06:00
William Webb 10066e0c16 get your targets straight son 2017-01-25 18:21:58 -06:00
William Webb d4b18bb3b9 initial commit of webex rce mod 2017-01-25 18:03:19 -06:00
William Vu 48ed8a72c2 Add helpful comment 2017-01-24 20:03:39 -06:00
William Vu ec8add6caa Always check and print status 2017-01-24 20:00:17 -06:00
William Vu 42a8e2a113 Remove extraneous variable 2017-01-24 19:50:31 -06:00
William Vu 97050a6c47 Fix nil bug in scan 2017-01-24 19:49:23 -06:00
wchen-r7 f4db90edeb Land #7852, Firefox nsSMILTimeContainer::NotifyTimeChange() rce 2017-01-23 11:56:01 -06:00
wchen-r7 04648888b3 Be conservative and do NormalRanking 2017-01-23 11:55:30 -06:00
Brent Cook ff2b8dcf99 Revert "Land #7605, Mysql privilege escalation, CVE-2016-6664" - premature merge 
This reverts commit 92a1c1ece4, reversing
changes made to 9b16cdf602.
 2017-01-22 19:16:33 -06:00
Brent Cook 92a1c1ece4 Land #7605, Mysql privilege escalation, CVE-2016-6664 2017-01-22 17:17:28 -06:00
Brent Cook 836da6177f Cipher::Cipher is deprecated 2017-01-22 10:20:03 -06:00
Brent Cook f69b4a330e handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations 2017-01-22 10:20:03 -06:00
Mehmet Ince 58c1f6f67d Merge branch 'master' of https://github.com/rapid7/metasploit-framework into trend_micro_imsva_exec 2017-01-22 11:18:34 +03:00
Gabor Seljan bda464fd6b Increase output 2017-01-21 10:51:58 +01:00
Gabor Seljan e3043b0889 Use random string as egg 2017-01-21 10:28:47 +01:00
Gabor Seljan c47f087c83 Fix check code 2017-01-21 09:39:09 +01:00
William Webb 0eb5342d83 disclosure date 2017-01-20 11:57:50 -06:00
William Webb d8f04ccc18 address msftidy complaints 2017-01-20 11:56:11 -06:00
William Webb fb74b2d8f3 initial commit of finished product 2017-01-20 11:01:36 -06:00
Gabor Seljan 905213cc41 Add module for DiskSavvy Enterprise (EDB-40854) 2017-01-19 20:34:00 +01:00
Mehmet Ince c2c352c2ac Adding Trend Micro IMSVA module 2017-01-18 11:34:16 +03:00
Pedro Ribeiro 2dca53e19a Add full disclosure link 2017-01-17 11:09:44 +00:00
Pedro Ribeiro 1160a47b55 Add full disclosure link 2017-01-17 11:09:29 +00:00
Pedro Ribeiro c2cd26a6e1 Add full disclosure link 2017-01-17 11:09:11 +00:00
bwatters_r7 64550a188a Land #7797, Add module for DiskBoss Enterprise (EDB-40869) 2017-01-13 08:55:24 -06:00
notivan 6c0450fe95 add check for jenkins ldap exploit 
we just check for X-Jenkins <= 2.31. this is not completely correct because the exploit probably doesn't work on some earlier versions.
 2017-01-13 12:40:33 +00:00
Pedro Ribeiro 7fafade128 fix msftidy stuff v2 2017-01-12 18:06:13 +00:00
Pedro Ribeiro ba8dfbd9f1 fix msftidy stuff 2017-01-12 18:05:54 +00:00
Pedro Ribeiro f88e68da25 fix msftidy stuff 2017-01-12 18:04:58 +00:00
Pedro Ribeiro 2274e38925 fix msftidy stuff 2017-01-12 18:03:12 +00:00
Pedro Ribeiro b863db9d02 add billion sploit 2017-01-12 17:51:24 +00:00
Pedro Ribeiro 2827a7ea1a add 660v2 sploit 2017-01-12 17:50:57 +00:00
Pedro Ribeiro af2516d074 add 660v1 sploit 2017-01-12 17:49:28 +00:00
notivan 036328df5c Fix msftidy issue 2017-01-12 13:26:41 +00:00
notivan e09b7a96f1 Add YSOSerial command options 2017-01-12 13:21:58 +00:00
notivan 0b32af8d43 Remove duplicate validation 2017-01-12 09:59:55 +00:00
notivan 0a30e775d1 Fix msftidy issues 2017-01-11 23:43:01 +00:00
notivan 08690e5e11 Exploit for CVE-2016-9299 (Jenkins CLI Ldap Deser) 
This is based on Matthias Kaiser's presentation at deepsec. We build a chain that connects back to our LDAP server and trigger it over the CLI HTTP interface. The LDAP server then serves a second chain based on YSOSerial commons-collection which triggers Runtime.exec. The second chain doesn't run with Jenkin's class filtering so succeeds.
 2017-01-11 23:23:02 +00:00