adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46,254 Commits 27 Branches 1,043 Tags
94de5a4e42cfb1dc0fdfc1233707f71b6d9a628b
Commit Graph

2578 Commits

Author SHA1 Message Date
Nicky Bloor 6568d29b67 Add BMC Server Automation RSCD Agent RCE exploit module. 2018-01-14 01:12:55 +00:00
Kevin Kirsche 04e4ff6b3c Use stop_service to avoid cleanup overload 2018-01-11 19:14:26 -05:00
Kevin Kirsche 40f54df129 Feedback updates 2018-01-11 18:54:58 -05:00
Kevin Kirsche 172ffdfea1 Use geturi instead of building it ourselves 2018-01-11 18:27:56 -05:00
Kevin Kirsche d4056e72da Lower the default timeout for CHECK 2018-01-11 17:38:30 -05:00
Kevin Kirsche 3617a30e34 Add URIPATH random URI 2018-01-11 17:33:14 -05:00
Kevin Kirsche a28d4a4b5b Add check and update for some style considerations 2018-01-11 17:28:09 -05:00
Kevin Kirsche 0d9a40d2e5 Use target['Platform'] instead of target_platform 2018-01-11 15:44:07 -05:00
Kevin Kirsche c490d642e2 Was missing a comma 2018-01-11 09:42:24 -05:00
Kevin Kirsche 3132566d8f Fix OptFloat error 2018-01-11 09:22:16 -05:00
Kevin Kirsche c05b440f26 Fix additional feedback 
This
* uses ternary operators
* uses an `RPORT` option shortcut
* removes the `xml_payload` variable and instead more explicitly uses the method directly
* Uses `OptFloat` for the timeout option to allow partial seconds
 2018-01-11 08:17:13 -05:00
Kevin Kirsche ab89e552ed Remove accidental trailing space 2018-01-08 14:42:03 -05:00
Kevin Kirsche 2252490e62 Fix using arbitrary keys to instead use "URL" 2018-01-08 14:30:03 -05:00
Kevin Kirsche e80ca348cf Add Exploit-DB ID 2018-01-08 10:55:46 -05:00
Kevin Kirsche 6beeece708 Re-add timeout value 2018-01-07 20:21:29 -05:00
Kevin Kirsche eefd432161 Make sure Platforms match our actual target list 2018-01-06 08:31:30 -05:00
Kevin Kirsche 4bd196f8b2 Fix missing single quotes and remove comma 2018-01-06 08:30:48 -05:00
Kevin Kirsche 867b32415d Fix feedback from wvu-r7 
Fixes feedback from wvu-r7

- Consolidates payload to single method
- Replaces gsub! with standard encode method
- Note exploit discovery and proof of concept code used in authors (still seems weird to include the discovery as an author...)
- Change link
- Use `ARCH_CMD` instead of `[ARCH_CMD]`
- Remove Linux target as it's only Windows or Unix
- Remove timeout as I don't know how to pass it to `send_request_cgi`
 2018-01-06 08:12:43 -05:00
Brendan Coles 6665a4f735 Use register_dir_for_cleanup 2018-01-06 10:55:29 +00:00
Kevin Kirsche 744f20304c Remove hardcoded user-agent from the headers 
Remove hardcoded user-agent from the headers allowing for `send_request_cgi` to control this
 2018-01-05 18:22:27 -05:00
Kevin Kirsche 2478de934b Add CVE-2017-10271 / Oracle WebLogic wls-wsat RCE 2018-01-05 15:05:21 -05:00
William Vu 366a20a4a4 Fix #9215, minor style nitpick 2018-01-03 23:11:51 -06:00
William Vu a1d43c8f33 Land #9215, new Drupageddon vector 2018-01-03 14:45:32 -06:00
William Vu caae33b417 Land #9170, Linux UDF for mysql_udf_payload 2017-12-21 20:48:24 -06:00
Brent Cook 210f137b7b Merge branch 'upstream-master' into land-9296- 2017-12-20 12:07:53 -06:00
William Vu e9b9c80841 Fix #9307, credit to @r0610205 2017-12-18 03:55:01 -06:00
William Vu 76823e9fe6 Land #9183, Jenkins Groovy XStream RCE 2017-12-18 03:38:27 -06:00
Tim c4e20e01e3 iOS meterpreter 2017-12-12 23:23:21 +08:00
bwatters-r7 4ca595eb15 wvu-suggested fix 2017-12-05 11:55:17 -06:00
bwatters-r7 d1d8e3a678 Let's not rescue everything..... 2017-12-01 10:58:18 -06:00
bwatters-r7 6752770695 Shut up rubocop 2017-11-30 20:45:11 -06:00
bwatters-r7 e3dc17dd92 Add some extra targets 2017-11-30 16:16:34 -06:00
bwatters-r7 3b2a0be200 First swing at osx x64 meterpreter support 2017-11-30 14:47:46 -06:00
WhiteWinterWolf bfd5c2d330 Keep the initial option name 'ADMIN_ROLE' 2017-11-22 22:03:56 +01:00
WhiteWinterWolf 2be3433bdb Update references URLs 2017-11-17 13:27:35 +01:00
WhiteWinterWolf a636380e4b Merge the new method into drupal_drupageddon.rb 2017-11-17 13:00:15 +01:00
WhiteWinterWolf 704514a420 New exploit method for Drupageddon (CVE-2014-3704) 
This new script exploits the same vulnerability as
 *exploits/multi/http/drupal_drupageddon.rb*, but in a more efficient way.
 2017-11-16 20:47:44 +01:00
Adam Cammack 4219959c6d Bump ranking to Excellent 2017-11-15 15:00:47 -06:00
Steven Patterson df2b62dc27 Add Mako Server CMD injection Linux support, update docs, move to multi 2017-11-10 16:28:39 -05:00
attackdebris 500bde1150 get_vars tweak 2017-11-09 04:16:34 -05:00
attackdebris a04bc0a25b Add get_vars, remove a https instance 2017-11-08 16:30:59 -05:00
Patrick Webster 2f6da89674 Change author name to nick. 2017-11-09 03:00:24 +11:00
attackdebris 7173e7f4b4 Add CVE to module description 2017-11-07 11:05:14 -05:00
attackdebris 371f3c333a This commit adds the jenkins_xstream_deserialize module 2017-11-07 09:46:42 -05:00
Brent Cook cfeb0b7bda prefer threadsafe sleep here 2017-11-06 01:37:09 -06:00
Brent Cook 897b5b5dd1 revert passive handler stance 2017-11-06 01:37:09 -06:00
h00die 697031eb36 mysql UDF now multi 2017-11-03 05:26:05 -04:00
Jeffrey Martin 43b67fe80b remove errant bracket, formatting update 2017-10-26 15:01:53 -05:00
Jeffrey Martin f2cba8d920 Land #8933, Web_Delivery - Merge regsvr32_applocker_bypass_server & Add PSH(Binary) 
This restores the original PR
 2017-10-25 16:29:11 -05:00
Jeffrey Martin ca28abf2a2 Revert "Land #8933, Web_Delivery - Merge regsvr32_applocker_bypass_server & Add PSH(Binary)" 
This reverts commit 4999606b61, reversing
changes made to 4274b76473.
 2017-10-25 16:19:14 -05:00