adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

55054 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
blurbdust 5f6c9a265f Fix puts to print_error 2020-02-03 16:11:23 -06:00
Metasploit a34ef6fc92 automatic module_metadata_base.json update 2020-02-03 14:07:28 -06:00
Spencer McIntyre a8dc535b2a Land #12903, add the RDP DOUBLEPULSAR module 2020-02-03 14:58:23 -05:00
blurbdust f3e6f562a1 add docs, fix module location 2020-02-03 13:16:53 -06:00
Adam Galway 375b13733c cleans up contributer guide 2020-02-03 17:29:58 +00:00
William Vu 7175126319 Update title for smb_doublepulsar_rce 2020-02-03 11:19:20 -06:00
William Vu fa6573f8e7 Note arch in supported target 2020-02-03 11:16:16 -06:00
William Vu a3717e13f6 Unf*ck PAYLOAD being set for neutralization 2020-02-03 11:16:16 -06:00
William Vu e12d993027 Move SMB DOPU module to match new naming scheme 2020-02-03 11:16:16 -06:00
William Vu 4ba0762089 Update module doc with service pack 2020-02-03 11:16:16 -06:00
William Vu f49ee7c60e Prefer exploit.rb's rand_text wrapper 2020-02-03 11:16:16 -06:00
William Vu d64eb10b17 Update credit 2020-02-03 11:16:16 -06:00
William Vu 548529e1d4 Clean up parsing 2020-02-03 11:16:16 -06:00
William Vu 9e690414a1 Update ping response parsing with new information 
Found the struct that corresponds to the ping response!
 2020-02-03 11:16:16 -06:00
William Vu 6241555531 Fix service pack 2020-02-03 11:16:16 -06:00
William Vu 3074e5bece Update module doc once more 2020-02-03 11:16:16 -06:00
William Vu 2ce49456a7 Fix arch detection and add product type 
Thanks to @tsellers-r7 for testing XP and producing output to compare
against. Without a 32-bit test, the architecture guess was incorrect.
Additionally, product type had yet to be determined. The trailing bytes
were indeed significant! Thanks, Tom!
 2020-02-03 11:16:16 -06:00
William Vu 992a386ece Use build_data_tpdu and note channelJoinConfirm 2020-02-03 11:16:16 -06:00
William Vu 4d21b0e88e Update prints in check for visibility 
vprint_good should be print_warning, and most vprints should be print,
even if in check, since check is critical functionality.
 2020-02-03 11:16:16 -06:00
William Vu 51ab58f7c9 Add module doc 2020-02-03 11:16:16 -06:00
William Vu 7ba7221a8f Parse ping response into version, build, and arch 2020-02-03 11:16:16 -06:00
William Vu db1a201885 Add RDP DOUBLEPULSAR RCE module 2020-02-03 11:16:16 -06:00
Adam Galway 2ce3cb9e86 updated description 2020-02-03 17:09:56 +00:00
Shelby Pace 1ef34283eb obtain session unreliably 2020-02-03 11:07:36 -06:00
Adam Galway 6b229177f1 Add crosschex buffer overflow exploit 2020-02-03 17:02:04 +00:00
Metasploit fc1451303a automatic module_metadata_base.json update 2020-02-03 08:59:57 -06:00
dwelch-r7 97f5f37344 Land #12807, Install OpenSSH for Windows 2020-02-03 14:50:30 +00:00
blurbdust 47b3e9cd94 Add new post module for CVE-2019-18988 
https://whynotsecurity.com/blog/teamviewer/
 2020-02-03 00:15:24 -06:00
mattaberegg 6f453a0f83 Module rewrite to include Cron exploitation 2020-02-02 17:29:39 -08:00
RageLtMan e2d0d8f011 Cleanup module and permit alternate payload scheme 
The original Qualys exploit uses an inline-shell for loop to read
and thereby consume lines from the input stream preceeding the
intended script for execution in the body section. Payloads which
do not contain bad characters (encoded or coincidentally simple)
can be placed directly into the FROM field and executed in place
of the original for loop filter.
 2020-02-01 15:04:22 -05:00
Brendan Coles 34621c0adc Add Windscribe WindscribeService Named Pipe Privilege Escalation 2020-02-01 00:41:07 +00:00
Shelby Pace 8d4637a42b can now add printers 2020-01-31 15:07:56 -06:00
tperry-r7 3ffc79aa85 Land #12878, msftidy_docs 
Land #12878, msftidy_docs
 2020-01-31 11:59:50 -06:00
RageLtMan 312a3466ee Update 2020-7247 to execute from body 
Using method from
https://www.openwall.com/lists/oss-security/2020/01/28/3

Attempted several other line readers via awk, while, for. Tried
without pipes or `>` in the strings. It appears other characters
are also illegal (conditional brackets likely culprits).

Initial testing on wide-open-configured opensmtpd on OpenBSD 6.6
libvirt Vagrant image produces shells, python meterpreter sessions,
and executes generic commands.
 2020-01-31 04:32:03 -05:00
h00die 7ee4d28751 Land #12706, apache userdir docs 2020-01-30 13:48:56 -05:00
h00die b9b6b64f0c cleanup apache userdir docs 2020-01-30 13:48:09 -05:00
Metasploit 2a6409a1bc Bump version of framework to 5.0.73 2020-01-30 12:04:05 -06:00
h00die 2907f4ae16 add default un to my/mssql login 2020-01-30 12:43:18 -05:00
Shelby Pace b05fe7453f add improved check method 2020-01-30 11:40:24 -06:00
Metasploit dca17a8922 automatic module_metadata_base.json update 5.0.72 2020-01-30 05:09:31 -06:00
Christophe De La Fuente 394e99fbe9 Land #12568, Fix exploit/windows/local/ms16_032_secondary_logon_handle_privesc 2020-01-30 11:57:56 +01:00
Metasploit 3f4585e401 automatic module_metadata_base.json update 2020-01-29 23:30:19 -06:00
wvu-r7 bf68730c76 Land #12885, URL reference fix 2020-01-29 23:21:58 -06:00
Spencer McIntyre bf31fb7ca8 Land #12883, add the listm and clearm commands 2020-01-29 17:36:12 -05:00
Spencer McIntyre a1f3834e08 Fix a bug in popm and tweak status messages 2020-01-29 17:35:37 -05:00
cdelafuente-r7 9da4555509 Move clean-up code to cleanup method (#2) 
Move clean-up code to cleanup method
 2020-01-29 17:11:07 +01:00
William Vu 81b8d5b58a Add OpenSMTPD MAIL FROM RCE 2020-01-29 05:10:43 -06:00
h00die bd48588fd5 catch false positive spaces at eol from code indent 2020-01-28 14:28:18 -05:00
s1kr10s 63612e9647 Add documentation for CVE-2019-20215 exploit 2020-01-28 16:21:34 -03:00
s1kr10s 8e0e21d337 Exploit for CVE-2019-20215 
Staged, uses meterpreter
 2020-01-28 16:15:24 -03:00