adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
59,500 Commits 27 Branches 1,043 Tags
9beec65ef34c4e90a00a41ee1c8de0f9e6effd2a
Commit Graph

1160 Commits

Author SHA1 Message Date
Julien Bedel b9800b087f Change notification name 
From "Exploit" to a random alphanumeric String in order to make it less fingerprintable.

Co-authored-by: acammack-r7 <adam_cammack@rapid7.com>
 2021-01-21 18:32:05 +01:00
JulienBedel 14f24b258d Add PRTG Network Monitor RCE (CVE-2018-9276) 2021-01-18 12:01:44 +01:00
Spencer McIntyre 367c5e747f Land #14470, Fix ssi template for some sharepoint versions 2020-12-09 16:23:34 -05:00
adfoster-r7 85a9accbee Land #14202, Add initial zeitwerk autoloader approach for lib/msf/core 2020-12-08 12:53:02 +00:00
Shelby Pace 8e1cab0131 Land #14339, add flexdotnetcms rce 2020-12-07 14:28:01 -06:00
Shelby Pace cd900a0507 fix comment 2020-12-07 14:27:07 -06:00
S3cur3Th1ssh1t 6c1ac7f9a2 Fix ssi template for some sharepoint versions 2020-12-07 14:34:09 +01:00
dwelch-r7 1617b3ec9b Use zeitwerk for lib/msf/core folder 2020-12-07 10:31:45 +00:00
kalba-security 9417266d21 replace Checkcode:Unknown with Detected in check(), skip cleanup unless required 2020-11-23 08:17:44 -05:00
William Vu d3f16c7061 Land #14361, COOKIE for sharepoint_ssi_viewstate 2020-11-18 15:55:19 -06:00
chmod750 5ec0556abd Update modules/exploits/windows/http/sharepoint_ssi_viewstate.rb 
CamelCase update

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-11-06 23:26:40 +01:00
chmod750 7a968fcd39 Update modules/exploits/windows/http/sharepoint_ssi_viewstate.rb 
CamelCase update

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-11-06 23:20:12 +01:00
chmod750 22b0fae73c Update sharepoint_ssi_viewstate.rb 2020-11-06 16:40:16 +01:00
chmod750 8356b44892 Add cookie header functionnality 2020-11-06 16:16:59 +01:00
Alan Foster 5b438fd933 Preference target values when registering options 2020-11-05 23:16:37 +00:00
kalba-security 31237258e5 Add Rubocop changes 2020-11-05 07:27:51 -05:00
kalba-security 0a9589166f Add CVE ID 2020-11-05 06:55:37 -05:00
kalba-security ea70c15b56 Implement suggestions from code review 2020-11-04 09:49:27 -05:00
kalba-security 8aceea1872 Add flexdotnetcms_upload_exec module and docs 2020-11-03 09:50:28 -05:00
William Vu e4fb76d74f Add version check to exchange_ecp_dlp_policy 
And update modules/exploits/windows/http/sharepoint_ssi_viewstate.rb.
 2020-10-20 14:32:43 -05:00
William Vu 3970b69734 Land #14229, Telerik UI for ASP.NET AJAX exploit 
CVE-2017-11317 && CVE-2019-18935
 2020-10-20 13:24:35 -05:00
Spencer McIntyre b58ed7f909 Update the Telerik RAU module metadata and add the TARGETURI option 2020-10-20 13:48:59 -04:00
Spencer McIntyre 57aef4367c Adjust the exploit timeout and set the default RPORT for Telerik RAU 2020-10-19 19:31:14 -04:00
William Vu 253928570b Update module doc 2020-10-19 11:18:00 -05:00
Spencer McIntyre a05f8a721b Print what the web.config loot path is 2020-10-19 10:27:41 -04:00
William Vu 4cb08f7426 Address outstanding issues 2020-10-15 13:24:08 -05:00
William Vu 1a341ae931 Add SharePoint SSI and ViewState RCE 
CVE-2020-16952
 2020-10-14 17:45:15 -05:00
Grant Willcox 443f26410e Fix up disclosure date 2020-10-08 15:30:56 -05:00
Spencer McIntyre 99bd146428 Fix version-related logic for the Telerik RAU module 2020-10-07 15:03:11 -04:00
Spencer McIntyre fb569a24ee Add module documentation for Telerik RAU Deserialization 2020-10-07 13:40:10 -04:00
Grant Willcox a2675c13e8 Land #14213, Add disclosure date rubocop linting rule - enforce iso8601 disclosure dates 2020-10-07 12:09:59 -05:00
Spencer McIntyre 2edf0390f7 Apply rubocop fixes 2020-10-07 11:11:25 -04:00
Spencer McIntyre adfc8f89c4 Implement version enumeration and report CVE-2017-11317 for Telerik 2020-10-07 10:27:50 -04:00
Spencer McIntyre efc8485c86 Fill out module metadata and improve the check method 2020-10-06 18:00:13 -04:00
Spencer McIntyre 4e2093d860 Initial Telerik UI RAU module 2020-10-05 16:42:05 -04:00
bwatters 3a6293357e Land #14190, Add the DOMAIN option to the CVE-2020-0688 Exploit 
Merge branch 'land-14190' into upstream-master
 2020-10-05 12:12:21 -05:00
Alan Foster 30809787c4 Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
Spencer McIntyre e7d2b73600 Add a DOMAIN option to CVE-2020-0688 for consistency with other modules 2020-09-28 09:24:39 -04:00
William Vu 5bda3b4b9d Revert "Make User-Agent consistent across requests" 
This reverts commit 0ec97aa447.
 2020-09-16 13:24:18 -05:00
William Vu da4e960eb0 Revert "Fix HttpUserAgent to UserAgent" 
This reverts commit 3c8390a1c7.
 2020-09-16 13:24:14 -05:00
William Vu 3c8390a1c7 Fix HttpUserAgent to UserAgent 
Payload vs. HttpClient. Whoops.
 2020-09-16 13:03:55 -05:00
William Vu 0ec97aa447 Make User-Agent consistent across requests 2020-09-16 12:59:17 -05:00
William Vu 03e0b9098c Add more words about Exchange role groups 2020-09-16 12:55:08 -05:00
William Vu e118ff1509 Add Microsoft Exchange Server DLP Policy RCE 
CVE-2020-16875
 2020-09-16 02:41:08 -05:00
Shelby Pace 6e2a7001a9 Land #13994, add Dlink Wifi manager rce 2020-08-18 09:34:19 -05:00
Shelby Pace d79ad5efca minor rubocop fix 2020-08-18 09:33:32 -05:00
Niboucha Redouane 0a20a217dc Fix description of the vulnerability 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-08-17 21:06:46 +02:00
Niboucha Redouane 602865ef70 refactor if in check method 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-08-17 21:01:34 +02:00
William Vu a6f7c0c0de Backport miscellaneous fixes to my modules 2020-08-14 13:40:23 -05:00
Niboucha Redouane 1a468fa210 remove unneeded include, left from an attempt to execute native payloads 2020-08-13 15:51:09 +02:00