adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
59,173 Commits 27 Branches 1,043 Tags
a0b26429a6777f09d58e50b652debbadeebdd5c2
Commit Graph

3894 Commits

Author SHA1 Message Date
Grant Willcox 7de662c807 Land #14521, Struts2 Multi Eval OGNL RCE 2020-12-23 11:40:16 -06:00
Grant Willcox 70f8ff31f8 Update documentation to include missing extra options I forgot to document, edit the wording on the module to match the documentation, and do final touch ups. 2020-12-23 10:50:22 -06:00
Grant Willcox 799b451324 Add in updates to documentation to fix spelling mistakes and to also add in missing documentation for some options, plus to make some explanations a bit clearer. 2020-12-22 17:33:40 -06:00
Grant Willcox 4a449f97d3 Land #14522, Replace hard-coded Shiro default key with ENC_KEY 2020-12-22 09:26:49 -06:00
Grant Willcox 24e8aeffe5 Incorporate review feedback and update the associated documentation. 2020-12-21 17:29:21 -06:00
Grant Willcox 2c66beac17 Land #14429, Create shodan_host.rb, a module to grab ports from a given IP using Shodan 2020-12-21 15:58:17 -06:00
Grant Willcox 12277d3020 Apply RuboCop changes to the exploit module and also make final adjustments to the exploit code to handle some edge cases and fix review comments 2020-12-21 15:26:48 -06:00
William Vu 39110d04f0 Add note about needing an Oracle account 2020-12-18 21:20:29 -06:00
William Vu 4d85602fae Fix incorrect scenario header in module doc 
I retested in VirtualBox and updated the output but not the header.
 2020-12-18 21:15:05 -06:00
Spencer McIntyre 11faafa4e9 Land #14474, Wordpress 2-day: easy-wp-smtp arbitrary wordpress user password reset 2020-12-18 17:07:46 -05:00
Spencer McIntyre 764efbeac3 Fixup a typo, an unnecessary statement and clarify a statement 2020-12-18 17:07:16 -05:00
h00die 3cb39c2fca Land #14497, wordpress uplicator plugin arbitrary file read 2020-12-18 17:05:40 -05:00
Christophe De La Fuente dc6b67f4c6 Land #14509, Fixes for Solr RCE 2020-12-18 21:51:06 +01:00
h00die 9e6d20a83c create aggressive mode and some review 2020-12-18 15:30:45 -05:00
Spencer McIntyre 9b8b4621df Land #14368, Pulse Connect Secure gzip RCE: cve-2020-8260 2020-12-17 17:43:55 -05:00
h00die a1702e8b53 rubocop and minor adjustments 2020-12-17 06:39:43 -05:00
Spencer McIntyre 87dacce2cd Land #14446, Add Oracle Solaris SunSSH PAM parse_user_name() exploit (CVE-2020-14871) 2020-12-16 16:01:32 -05:00
Spencer McIntyre 3d7ed70cec Tweak the check method and add module docs 2020-12-15 19:49:29 -05:00
Spencer McIntyre 246c455c96 Reformat the struts2_namespace_ognl module docs 2020-12-15 09:13:06 -05:00
Natto fc96ae0583 Create shodan_host.md 2020-12-15 10:30:58 +08:00
Tim W a30cdfc892 Fix #14254, Add CVE-2020-1054, win32k DrawIconEx OOB Write LPE 2020-12-14 14:54:54 +00:00
Christophe De La Fuente 98d6364248 Land #14482, Use CVE-2020-5752 path traversal bypass for CVE-2019-3999 2020-12-14 15:10:09 +01:00
SunCSR Team 910463b492 Update wp_duplicator_file_read.md 2020-12-13 21:13:33 -05:00
James Lee f255724e01 Changes to support older Solr (tested 5.3.0) 
Use a new parameter instead of a header because older versions don't
have access to the request object.

There was an issue where the exploit would fail if the exec returned -1
despite the payload otherwise working, fixed by not trying to return
output in that case.

Also updates the documentation to reflect that we have a Java target now
and quoting is no longer a concern.
 2020-12-13 19:05:47 -06:00
SunCSR Team cbc99363e9 Update wp_duplicator_file_read.md 2020-12-12 22:55:44 +07:00
SunCSR Team d35d5f1061 Update wp_duplicator_file_read.md 2020-12-12 21:30:56 +07:00
William Vu ba125c1c64 Merge remote-tracking branch 'upstream/master' into feature/solaris 2020-12-11 14:25:05 -06:00
SunCSR Team 477c09a7ed Create wp_duplicator_file_read.md 
Duplicator 1.3.24 & 1.3.26 - Unauthenticated Arbitrary File Download
 2020-12-11 01:15:52 -05:00
Shelby Pace 83943adf8b Land #14466, add Aerospike UDF rce 2020-12-10 11:07:56 -06:00
Brendan Coles a9e231ad0a Use CVE-2020-5752 path traversal bypass for CVE-2019-3999 2020-12-10 12:14:47 +00:00
William Vu 9452c1dcfa Fix merge conflict from #14202, in linear history 2020-12-09 17:24:29 -06:00
Shelby Pace d337d832b8 Land #14422, add GitLab file read/rce 2020-12-09 11:34:14 -06:00
Tim W fb9b1c5de4 Land #14409, add weak services technique to the service permissions LPE 2020-12-09 17:16:53 +00:00
Spencer McIntyre 59339f3337 Land #14418, Wordpress plugin Email Subscribers & Newsletters sqli (CVE-2019-20361) 2020-12-09 10:29:32 -05:00
Spencer McIntyre 90a99ae7c3 Land #14423, Expand wordpress_scanner to look for themes & plugins 2020-12-09 09:12:28 -05:00
h00die e3e3895ec5 forgot an R 2020-12-08 20:58:29 -05:00
h00die 13967a40d2 updates to easy wp smtp module 2020-12-08 20:51:54 -05:00
Spencer McIntyre 6d7c6c054a Update the module docs with more details for the registry technique 2020-12-08 17:39:34 -05:00
Shelby Pace 8e1cab0131 Land #14339, add flexdotnetcms rce 2020-12-07 14:28:01 -06:00
Spencer McIntyre d208e441ba Update the documentation 2020-12-07 10:54:20 -05:00
William Vu a69269a101 Update module doc 2020-12-07 01:35:59 -06:00
William Vu af27d91eea Fix download link 
I was logged in.
 2020-12-07 01:35:13 -06:00
William Vu 9ac5725ce3 Show how to find libc base 2020-12-07 01:35:13 -06:00
William Vu 0211c2c6e8 Add module doc 2020-12-07 01:35:13 -06:00
alanfoster 835059f00c [CVE-2020-10977] Gitlab arbitrary file read to RCE 2020-12-07 01:26:54 +00:00
Brendan Coles 6cdb484d7c Add Aerospike Database UDF Lua Code Execution exploit 2020-12-05 14:15:22 +00:00
h00die b21fccebaa updates from review 2020-12-04 21:50:31 -05:00
Grant Willcox 5961bf700d Land #14314, Pulse Secure Connect Client Credentials Gatherer 2020-12-04 10:04:43 -06:00
bwatters 5d7014bf39 Land #14298, Windows post-exploitation gather module - Memory dumping via Avast AvDump utility 
Merge branch 'land-14298' into upstream-master
 2020-12-02 08:30:38 -06:00
dwelch-r7 3824f3923f Land #14394, Apache Tomcat - AJP 'Ghostcat' File Read/Inclusion 
Apache Tomcat - AJP 'Ghostcat' File Read/Inclusion
 2020-11-30 05:15:29 +00:00