adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
59,194 Commits 27 Branches 1,043 Tags
992bcbfac488e5337ff8e8dbf02eabd34f258ac0
Commit Graph

2215 Commits

Author SHA1 Message Date
bwatters 54f5e565fa Land #14330, SpamTitan Gateway Remote Code Execution 
Merge branch 'land-14330' into upstream-master
 2021-01-04 12:14:12 -06:00
Grant Willcox 7de662c807 Land #14521, Struts2 Multi Eval OGNL RCE 2020-12-23 11:40:16 -06:00
Grant Willcox 70f8ff31f8 Update documentation to include missing extra options I forgot to document, edit the wording on the module to match the documentation, and do final touch ups. 2020-12-23 10:50:22 -06:00
Grant Willcox 799b451324 Add in updates to documentation to fix spelling mistakes and to also add in missing documentation for some options, plus to make some explanations a bit clearer. 2020-12-22 17:33:40 -06:00
Grant Willcox 4a449f97d3 Land #14522, Replace hard-coded Shiro default key with ENC_KEY 2020-12-22 09:26:49 -06:00
Grant Willcox 24e8aeffe5 Incorporate review feedback and update the associated documentation. 2020-12-21 17:29:21 -06:00
William Vu 39110d04f0 Add note about needing an Oracle account 2020-12-18 21:20:29 -06:00
William Vu 4d85602fae Fix incorrect scenario header in module doc 
I retested in VirtualBox and updated the output but not the header.
 2020-12-18 21:15:05 -06:00
Christophe De La Fuente dc6b67f4c6 Land #14509, Fixes for Solr RCE 2020-12-18 21:51:06 +01:00
Spencer McIntyre 9b8b4621df Land #14368, Pulse Connect Secure gzip RCE: cve-2020-8260 2020-12-17 17:43:55 -05:00
Spencer McIntyre 87dacce2cd Land #14446, Add Oracle Solaris SunSSH PAM parse_user_name() exploit (CVE-2020-14871) 2020-12-16 16:01:32 -05:00
Christophe De La Fuente c586bde50d Update documentation to add SNMPPORT option description 2020-12-16 15:20:10 +01:00
Christophe De La Fuente 60bcc95edc Fix documentation 2020-12-16 15:15:27 +01:00
Christophe De La Fuente 298deae709 Add documentation 2020-12-16 15:15:27 +01:00
Spencer McIntyre 3d7ed70cec Tweak the check method and add module docs 2020-12-15 19:49:29 -05:00
Spencer McIntyre 246c455c96 Reformat the struts2_namespace_ognl module docs 2020-12-15 09:13:06 -05:00
Tim W a30cdfc892 Fix #14254, Add CVE-2020-1054, win32k DrawIconEx OOB Write LPE 2020-12-14 14:54:54 +00:00
Christophe De La Fuente 98d6364248 Land #14482, Use CVE-2020-5752 path traversal bypass for CVE-2019-3999 2020-12-14 15:10:09 +01:00
James Lee f255724e01 Changes to support older Solr (tested 5.3.0) 
Use a new parameter instead of a header because older versions don't
have access to the request object.

There was an issue where the exploit would fail if the exec returned -1
despite the payload otherwise working, fixed by not trying to return
output in that case.

Also updates the documentation to reflect that we have a Java target now
and quoting is no longer a concern.
 2020-12-13 19:05:47 -06:00
William Vu ba125c1c64 Merge remote-tracking branch 'upstream/master' into feature/solaris 2020-12-11 14:25:05 -06:00
Shelby Pace 83943adf8b Land #14466, add Aerospike UDF rce 2020-12-10 11:07:56 -06:00
Brendan Coles a9e231ad0a Use CVE-2020-5752 path traversal bypass for CVE-2019-3999 2020-12-10 12:14:47 +00:00
William Vu 9452c1dcfa Fix merge conflict from #14202, in linear history 2020-12-09 17:24:29 -06:00
Shelby Pace d337d832b8 Land #14422, add GitLab file read/rce 2020-12-09 11:34:14 -06:00
Tim W fb9b1c5de4 Land #14409, add weak services technique to the service permissions LPE 2020-12-09 17:16:53 +00:00
Spencer McIntyre 6d7c6c054a Update the module docs with more details for the registry technique 2020-12-08 17:39:34 -05:00
Shelby Pace 8e1cab0131 Land #14339, add flexdotnetcms rce 2020-12-07 14:28:01 -06:00
Spencer McIntyre d208e441ba Update the documentation 2020-12-07 10:54:20 -05:00
William Vu a69269a101 Update module doc 2020-12-07 01:35:59 -06:00
William Vu af27d91eea Fix download link 
I was logged in.
 2020-12-07 01:35:13 -06:00
William Vu 9ac5725ce3 Show how to find libc base 2020-12-07 01:35:13 -06:00
William Vu 0211c2c6e8 Add module doc 2020-12-07 01:35:13 -06:00
alanfoster 835059f00c [CVE-2020-10977] Gitlab arbitrary file read to RCE 2020-12-07 01:26:54 +00:00
Brendan Coles 6cdb484d7c Add Aerospike Database UDF Lua Code Execution exploit 2020-12-05 14:15:22 +00:00
Tim W 87eba681e0 Land #14365, Update TP-Link AC1750 Pwn2Own 2019 module 2020-11-26 19:55:00 +00:00
Pedro Ribeiro a99ce581dd Update TP-Link AC1750 Pwn2Own 2019 module 2020-11-26 12:56:02 +00:00
Graeme Robinson 8e534ffc22 Split scenarios to separate blocks for each target 
As suggested in https://github.com/rapid7/metasploit-framework/pull/14216#discussion_r512868894.
 2020-11-26 13:46:01 +01:00
Graeme Robinson 536e1a1a02 Fix typo in documentation 2020-11-26 13:46:01 +01:00
Graeme Robinson c280bb67e7 Wrap at 140 characters to appease msftidy_docs.rb. 2020-11-26 13:46:01 +01:00
Graeme Robinson 4dc564e62b Added documentation for module. 2020-11-26 13:46:01 +01:00
Spencer McIntyre 95665e916c Land #14416, wordpress plugin 'simple file list' rce 2020-11-25 09:58:26 -05:00
Spencer McIntyre 94c157bc95 Tweak the documentation and module output just a little for clarity 2020-11-25 09:58:07 -05:00
cgranleese-r7 31426576e0 Land #14264, Add exploit/multi/http/kong_gateway_admin_api_rce 2020-11-25 11:09:02 +00:00
Grant Willcox efdc7f062e Land #14241, OpenMediaVault 5.5.11 Authenticated Remote Code Execution 2020-11-24 13:42:53 -06:00
h00die 92c92f1573 simple file list rce 2020-11-21 08:51:07 -05:00
Spencer McIntyre 1031b12c57 Land #14206, Rockwell FactoryTalk CVE-2020-12027 RCE 2020-11-20 08:49:39 -05:00
Spencer McIntyre cbc5899edf Add module docs for the Service Permissions LPE module 2020-11-19 14:17:20 -05:00
Pedro Ribeiro e7196256d4 Update rockwell_factorytalk_rce.md 2020-11-19 17:53:25 +07:00
William Vu d3f16c7061 Land #14361, COOKIE for sharepoint_ssi_viewstate 2020-11-18 15:55:19 -06:00
William Vu dcd8ec1d70 Lock JDK to 8u131 to be safe 2020-11-18 15:17:12 -06:00