adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

27999 Commits

Author SHA1 Message Date
scanu92 7cc1175287 Update cmsms_object_injection_rce.rb 
Add NormalRanking to cmsms_object_injection_rce module
 2019-11-01 15:15:49 +01:00
Shelby Pace 1717001be1 attribution 2019-11-01 09:01:14 -05:00
sk4 af0761bcfd Add CMS Made Simple object injection exploit module 2019-11-01 12:11:38 +01:00
Brendan Coles 294cbcffb6 Land #12382, Add Linux Micro Focus (HPE) Data Protector omniresolve Privesc (CVE-2019-11660) 2019-11-01 08:06:01 +00:00
bcoles b08e031863 Update module description 2019-11-01 17:11:33 +11:00
bcoles c6e739c76d Code cleanup 2019-11-01 16:30:37 +11:00
Cristina Muñoz 10b5df1c4f Change all python2.7 shebangs to python3. 
Remove utf-8 encoding declarations, as this is the default for python3.
 2019-10-31 15:10:58 -07:00
Cristina Muñoz 8563a29003 Convert all python code to python3. Fixes #12506. 2019-10-31 14:16:14 -07:00
William Vu 128b9cd44b Reword related module info 2019-10-31 13:07:41 -05:00
William Vu df535676a7 Add related module info 2019-10-31 12:48:52 -05:00
Shelby Pace 8bb1c5102b opt for inline asm instead of pre-compiled object 2019-10-31 11:55:40 -05:00
Francesco Soncina 9fc2df5ea8 move force_tls12 to rex-powershell 2019-10-31 16:28:59 +01:00
William Vu f5ce31519c Fix style, once more with feeling 2019-10-31 09:59:35 -05:00
wvu-r7 dc62ea080b Fix style 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-10-31 09:54:18 -05:00
Shelby Pace 0b4a0b3148 Land #12476, add Nostromo dir traversal RCE 2019-10-31 08:24:41 -05:00
Shelby Pace 99fd254348 add reference 2019-10-31 08:23:57 -05:00
Quentin Kaiser ca81793860 Forgot to put ForceExploit in registered options. 2019-10-31 10:25:26 +01:00
William Vu 81da0d18c6 Add blurb about pre-auth file read 2019-10-30 20:41:57 -05:00
bwatters-r7 340b73f3c6 Add Windows Escalate UAC Protection Bypass (Via dot net profiler) 2019-10-30 20:38:44 -05:00
William Vu f3a6aeea60 Add true post_auth? definition 2019-10-30 20:31:58 -05:00
William Vu 77c26e9a70 Add Pulse Secure VPN arbitrary command execution 2019-10-30 20:08:02 -05:00
William Vu a86388b53f Add module traits 2019-10-30 18:55:16 -05:00
William Vu 5d71af2dc5 Clarify dumped files are looted regardless 2019-10-29 23:10:57 -05:00
William Vu b55af213aa Set PRINT to true now that it's limited to manual 2019-10-29 22:59:26 -05:00
William Vu 1f5f720058 Rewrite module 2019-10-29 22:21:31 -05:00
William Vu 52ed19f5b8 Merge remote-tracking branch 'upstream/master' into pr/12220 2019-10-29 21:30:37 -05:00
Onur ER 379fb3b65c Targets version fixed 2019-10-29 23:04:42 +03:00
Onur ER e07289c71a Update Ajenti Command Injection module 
Module name changed.
Removed space.
Check module issues fixed.
random_password moved into json_body.
 2019-10-29 22:49:11 +03:00
Onur ER 89e56cf26d Rename ajenti_login_rce.rb to ajenti_auth_username_cmd_exec.rb 2019-10-29 22:19:59 +03:00
Onur ER 9b9d3013a4 Module name changed. 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-10-29 22:18:36 +03:00
Brendan Coles 5c17dc6a74 Add rConfig install Command Execution exploit 2019-10-29 15:53:59 +00:00
Shelby Pace a04291678f add require, fix module context generate 2019-10-29 08:35:04 -05:00
Quentin Kaiser 0531dd7bb9 Hash rocket alignment. 2019-10-29 12:28:39 +01:00
Quentin Kaiser bc0c2bf721 check function rewrite. 2019-10-29 12:27:15 +01:00
Quentin Kaiser 436d6781c1 Fix description. 2019-10-29 12:25:01 +01:00
Quentin Kaiser b357db22cf Fix description. 2019-10-29 12:24:22 +01:00
Quentin Kaiser 8bbb33c483 Generic name. 2019-10-29 12:24:00 +01:00
Quentin Kaiser b6dd30302a Rewriting of command stager, based on exploits/unix/webapp/webmin_backdoor. 2019-10-29 12:23:19 +01:00
Brent Cook 04c3b68820 fix no-creds case, don't print table and creds unless we found some 2019-10-29 04:31:12 -05:00
Brent Cook 99ed2b7bf2 merge modules and documentation 2019-10-29 04:27:25 -05:00
Brent Cook 4abee63936 only loot config files with passwords 2019-10-29 04:18:08 -05:00
Brent Cook 4c1f117566 add auto targeting from grub.d and FILENAME option 2019-10-29 04:17:47 -05:00
Brent Cook 0ebcda3aaa merge credits 2019-10-29 04:17:26 -05:00
Brent Cook 4d8e9bad26 expand file list from grub_cred 2019-10-29 03:42:23 -05:00
Brent Cook bd76e1f2cb initial tidy pass w/rubocop 2019-10-29 03:42:01 -05:00
Brent Cook c6ecef3dc7 Merge #11426, other grub password extraction module 2019-10-29 03:34:36 -05:00
Onur ER bbf405bf92 Added EDB number instead of url 2019-10-28 22:09:01 +03:00
Onur ER 5dea40f43b Added Ajenti 2.1.31 exploit 
Ajenti is an open source, web-based control panel that can be used for a large variety of server management tasks. It can install packages and run commands, and you can view basic server information such as RAM in use, free disk space, etc. All this can be accessed from a web browser.

This module exploits a command injection in Ajenti <= 2.1.31.
By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.
 2019-10-28 21:39:13 +03:00
Brendan Coles e9a7ceaf1c Use CheckCode.message - Fix #12499 2019-10-28 03:24:20 +00:00
William Vu ec0974222c Fix module title again 2019-10-27 11:48:50 -05:00