adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

55054 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Shelby Pace 99fd254348 add reference 2019-10-31 08:23:57 -05:00
Quentin Kaiser 4a6c1d824b Merge branch 'CVE-2019-16278' of github.com:QKaiser/metasploit-framework into CVE-2019-16278 2019-10-31 10:26:16 +01:00
Quentin Kaiser ca81793860 Forgot to put ForceExploit in registered options. 2019-10-31 10:25:26 +01:00
Christian Mehlmauer a36886301b Land #12513, migrate to alpine 3.10 and fix ruby reference 2019-10-31 08:20:29 +01:00
William Vu 81da0d18c6 Add blurb about pre-auth file read 2019-10-30 20:41:57 -05:00
bwatters-r7 340b73f3c6 Add Windows Escalate UAC Protection Bypass (Via dot net profiler) 2019-10-30 20:38:44 -05:00
William Vu f3a6aeea60 Add true post_auth? definition 2019-10-30 20:31:58 -05:00
William Vu 77c26e9a70 Add Pulse Secure VPN arbitrary command execution 2019-10-30 20:08:02 -05:00
William Vu a86388b53f Add module traits 2019-10-30 18:55:16 -05:00
ducksecops 2f26ddf156 Updated Dockerfile to Alpine 3.10 with Ruby 2.6.5 2019-10-30 22:16:03 +00:00
Quentin Kaiser a55c5c6765 Update documentation/modules/exploit/multi/http/nostromo_code_exec.md 
s/Nostrom/Nostromo/

Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2019-10-30 15:38:50 +01:00
William Vu ac7a28d91d Add module doc 2019-10-29 23:14:53 -05:00
William Vu 5d71af2dc5 Clarify dumped files are looted regardless 2019-10-29 23:10:57 -05:00
William Vu b55af213aa Set PRINT to true now that it's limited to manual 2019-10-29 22:59:26 -05:00
William Vu 1f5f720058 Rewrite module 2019-10-29 22:21:31 -05:00
William Vu 52ed19f5b8 Merge remote-tracking branch 'upstream/master' into pr/12220 2019-10-29 21:30:37 -05:00
William Vu b268feda73 Allow partial response due to timeout 2019-10-29 21:25:21 -05:00
Onur ER 379fb3b65c Targets version fixed 2019-10-29 23:04:42 +03:00
Onur ER e07289c71a Update Ajenti Command Injection module 
Module name changed.
Removed space.
Check module issues fixed.
random_password moved into json_body.
 2019-10-29 22:49:11 +03:00
Metasploit b7acbfe8b6 automatic module_metadata_base.json update 2019-10-29 14:36:15 -05:00
Brent Cook 5169744fd8 Land #12505, enhance grub_creds module from grub_password module 2019-10-29 14:28:43 -05:00
Onur ER 89e56cf26d Rename ajenti_login_rce.rb to ajenti_auth_username_cmd_exec.rb 2019-10-29 22:19:59 +03:00
Onur ER 9b9d3013a4 Module name changed. 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-10-29 22:18:36 +03:00
Metasploit 352e7a83ac Bump version of framework to 5.0.58 2019-10-29 14:09:13 -05:00
Adam Cammack de845214d1 Add module check result tracking to RPC API 
This adds a few sets and a hash to the Msf::Simple::Framework that help
keep track of running checks and their eventual results.
 2019-10-29 12:45:09 -05:00
Brendan Coles f3bc8580c0 Add documentation 2019-10-29 15:59:18 +00:00
Brendan Coles 5c17dc6a74 Add rConfig install Command Execution exploit 2019-10-29 15:53:59 +00:00
Quentin Kaiser f03f5e4904 Documentation updated based on latest module version. 2019-10-29 16:13:25 +01:00
Shelby Pace a04291678f add require, fix module context generate 2019-10-29 08:35:04 -05:00
Quentin Kaiser 0531dd7bb9 Hash rocket alignment. 2019-10-29 12:28:39 +01:00
Quentin Kaiser bc0c2bf721 check function rewrite. 2019-10-29 12:27:15 +01:00
Quentin Kaiser 436d6781c1 Fix description. 2019-10-29 12:25:01 +01:00
Quentin Kaiser b357db22cf Fix description. 2019-10-29 12:24:22 +01:00
Quentin Kaiser 8bbb33c483 Generic name. 2019-10-29 12:24:00 +01:00
Quentin Kaiser b6dd30302a Rewriting of command stager, based on exploits/unix/webapp/webmin_backdoor. 2019-10-29 12:23:19 +01:00
Brent Cook 04c3b68820 fix no-creds case, don't print table and creds unless we found some 2019-10-29 04:31:12 -05:00
Brent Cook 99ed2b7bf2 merge modules and documentation 2019-10-29 04:27:25 -05:00
Brent Cook 4abee63936 only loot config files with passwords 2019-10-29 04:18:08 -05:00
Brent Cook 4c1f117566 add auto targeting from grub.d and FILENAME option 2019-10-29 04:17:47 -05:00
Brent Cook 0ebcda3aaa merge credits 2019-10-29 04:17:26 -05:00
Brent Cook 4d8e9bad26 expand file list from grub_cred 2019-10-29 03:42:23 -05:00
Brent Cook bd76e1f2cb initial tidy pass w/rubocop 2019-10-29 03:42:01 -05:00
Metasploit 5543692f2b automatic module_metadata_base.json update 5.0.57 2019-10-29 03:36:02 -05:00
Brent Cook c6ecef3dc7 Merge #11426, other grub password extraction module 2019-10-29 03:34:36 -05:00
Brent Cook effc8cbe72 Land #12500, Use check_code.message, not .second 2019-10-29 03:26:38 -05:00
Shelby Pace f65c5a30b2 use SecureRandom, bail if no db present 2019-10-28 16:25:28 -05:00
Shelby Pace c9dc2141a0 use stdlib flag instead of nostartfiles 2019-10-28 16:06:21 -05:00
Shelby Pace 041b91961f handle nil nonce 2019-10-28 15:39:37 -05:00
Onur ER bbf405bf92 Added EDB number instead of url 2019-10-28 22:09:01 +03:00
Onur ER 5dea40f43b Added Ajenti 2.1.31 exploit 
Ajenti is an open source, web-based control panel that can be used for a large variety of server management tasks. It can install packages and run commands, and you can view basic server information such as RAM in use, free disk space, etc. All this can be accessed from a web browser.

This module exploits a command injection in Ajenti <= 2.1.31.
By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.
 2019-10-28 21:39:13 +03:00