adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

13654 Commits

Author SHA1 Message Date
wvu-r7 dc62ea080b Fix style 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-10-31 09:54:18 -05:00
Shelby Pace 0b4a0b3148 Land #12476, add Nostromo dir traversal RCE 2019-10-31 08:24:41 -05:00
Shelby Pace 99fd254348 add reference 2019-10-31 08:23:57 -05:00
Quentin Kaiser ca81793860 Forgot to put ForceExploit in registered options. 2019-10-31 10:25:26 +01:00
William Vu 81da0d18c6 Add blurb about pre-auth file read 2019-10-30 20:41:57 -05:00
bwatters-r7 340b73f3c6 Add Windows Escalate UAC Protection Bypass (Via dot net profiler) 2019-10-30 20:38:44 -05:00
William Vu f3a6aeea60 Add true post_auth? definition 2019-10-30 20:31:58 -05:00
William Vu 77c26e9a70 Add Pulse Secure VPN arbitrary command execution 2019-10-30 20:08:02 -05:00
Onur ER 379fb3b65c Targets version fixed 2019-10-29 23:04:42 +03:00
Onur ER e07289c71a Update Ajenti Command Injection module 
Module name changed.
Removed space.
Check module issues fixed.
random_password moved into json_body.
 2019-10-29 22:49:11 +03:00
Onur ER 89e56cf26d Rename ajenti_login_rce.rb to ajenti_auth_username_cmd_exec.rb 2019-10-29 22:19:59 +03:00
Onur ER 9b9d3013a4 Module name changed. 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-10-29 22:18:36 +03:00
Brendan Coles 5c17dc6a74 Add rConfig install Command Execution exploit 2019-10-29 15:53:59 +00:00
Quentin Kaiser 0531dd7bb9 Hash rocket alignment. 2019-10-29 12:28:39 +01:00
Quentin Kaiser bc0c2bf721 check function rewrite. 2019-10-29 12:27:15 +01:00
Quentin Kaiser 436d6781c1 Fix description. 2019-10-29 12:25:01 +01:00
Quentin Kaiser b357db22cf Fix description. 2019-10-29 12:24:22 +01:00
Quentin Kaiser 8bbb33c483 Generic name. 2019-10-29 12:24:00 +01:00
Quentin Kaiser b6dd30302a Rewriting of command stager, based on exploits/unix/webapp/webmin_backdoor. 2019-10-29 12:23:19 +01:00
Onur ER bbf405bf92 Added EDB number instead of url 2019-10-28 22:09:01 +03:00
Onur ER 5dea40f43b Added Ajenti 2.1.31 exploit 
Ajenti is an open source, web-based control panel that can be used for a large variety of server management tasks. It can install packages and run commands, and you can view basic server information such as RAM in use, free disk space, etc. All this can be accessed from a web browser.

This module exploits a command injection in Ajenti <= 2.1.31.
By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.
 2019-10-28 21:39:13 +03:00
William Vu ec0974222c Fix module title again 2019-10-27 11:48:50 -05:00
William Vu e010f48a3b Move module to coldfusion_rds_auth_bypass 2019-10-27 11:25:56 -05:00
William Vu 2cc5f23915 Fix module title 2019-10-27 11:25:40 -05:00
bwatters-r7 3483c50a86 Add Windows backup system sdclt uac bypass module 2019-10-25 15:01:56 -05:00
William Vu a0d1f02fd1 Fix failed login check for ColdFusion 9.something 
It was merely "ColdFusion Administrator" for the version I tested.
 2019-10-24 17:07:45 -05:00
Shelby Pace fcc9ad628c Land #12473, add xscreensaver log privesc 2019-10-23 13:27:45 -05:00
Brendan Coles 991ccdbda5 Land #12106, Add Linux PTRACE_TRACEME local root exploit 2019-10-23 14:01:14 +00:00
Tim W 8c93b219d1 fix compile.rb and rubocop 2019-10-23 20:54:42 +08:00
Tim W 7ff71819e9 add architecture check to check method 2019-10-23 20:38:55 +08:00
Tim W 3b5d0b98e7 add a basic check method using loginctl 2019-10-23 19:50:19 +08:00
Tim W 7d25e321ef add some more comments 2019-10-23 14:45:32 +08:00
Brendan Coles ab9d1470d2 Use workaround for horrific command tokenisation 2019-10-23 06:37:30 +00:00
h00die 2d829f9d46 first upgrade on futex 2019-10-22 21:05:55 -04:00
Shelby Pace e8469dca93 Land #11025, add Xorg SUID Modulepath Privesc 2019-10-22 14:11:00 -05:00
Shelby Pace f4a54df262 change location of rescue, method name 2019-10-22 09:31:43 -05:00
Brendan Coles 39db3be145 Update tested versions 2019-10-22 06:35:57 +00:00
Shelby Pace 1fd09b6a81 add solaris targets and Metasm usage 2019-10-21 16:13:10 -05:00
William Vu 3565b0efb8 Land #12365, Total.js CMS widget creation RCE 2019-10-21 15:22:09 -05:00
Quentin Kaiser d76ea0ca59 Initial module version for Nostromo RCE (CVE-2019-16278). 2019-10-21 18:11:44 +02:00
Brendan Coles 84430c2a66 Add Solaris xscreensaver log Privilege Escalation module 2019-10-21 06:14:50 +00:00
RAMELLA Sébastien 25f60b07ed compliance for the framework 2019-10-18 15:51:58 +04:00
Tim W 37011c5ec0 update author and add documentation 2019-10-17 22:28:17 +08:00
Wei Chen 0ebc971d29 Use CmdStager mixin 2019-10-15 14:00:58 -05:00
Wei Chen bb7c42b2ce Arch and disclosure date 2019-10-15 10:25:20 -05:00
Wei Chen a3331dba9f Move totaljs cms module and doc 2019-10-15 10:11:14 -05:00
Shelby Pace ec9ea4ce0d Land #12366, fix nil check in atutor module 2019-10-14 18:14:06 -05:00
Francesco Soncina 1878ff8017 move AMSI/SBL bypass in inner payload, force TLSv1.2 support 
see https://github.com/rapid7/rex-powershell/pull/19
 2019-10-13 02:33:49 +02:00
Francesco Soncina 16a85f2cfa Add support for AMSI/SBL bypass to PSH web_delivery 
Related to https://github.com/rapid7/rex-powershell/pull/17
 2019-10-12 16:55:08 +02:00
Tim W 4d4754a389 feedback from bcoles 2019-10-10 13:30:31 +08:00