adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
58,574 Commits 27 Branches 1,043 Tags
a169e01aff80ac5adbcacd8a421e49809b984c19
Commit Graph

6711 Commits

Author SHA1 Message Date
Alan Foster 902297d199 Add service stub encoder validation 2020-10-27 15:27:24 +00:00
Brendan Coles 6258d5b561 Land #14296, Move mercury_login module docs to documentation directory 2020-10-22 13:24:54 +00:00
Spencer McIntyre 3dc232aa9a Land #14289, Add version check to exploit/windows/http/exchange_ecp_dlp_policy 2020-10-21 17:52:38 -04:00
h00die 5890bc45b5 move docs out of exploits folder 2020-10-21 16:37:02 -04:00
adfoster-r7 a362b6785d Land #14290, set pid to nil for MS17-010 SMB1 clients 2020-10-21 16:20:08 +01:00
Spencer McIntyre b457191eaa Set pid to nil for MS17-010 SMB1 clients 2020-10-20 17:09:51 -04:00
William Vu e4fb76d74f Add version check to exchange_ecp_dlp_policy 
And update modules/exploits/windows/http/sharepoint_ssi_viewstate.rb.
 2020-10-20 14:32:43 -05:00
William Vu 3970b69734 Land #14229, Telerik UI for ASP.NET AJAX exploit 
CVE-2017-11317 && CVE-2019-18935
 2020-10-20 13:24:35 -05:00
Spencer McIntyre b58ed7f909 Update the Telerik RAU module metadata and add the TARGETURI option 2020-10-20 13:48:59 -04:00
Spencer McIntyre 57aef4367c Adjust the exploit timeout and set the default RPORT for Telerik RAU 2020-10-19 19:31:14 -04:00
William Vu 253928570b Update module doc 2020-10-19 11:18:00 -05:00
Spencer McIntyre 0f344b0661 Land #14265, Add SharePoint Server-Side Include (SSI) and ViewState RCE (CVE-2020-16952) 2020-10-19 10:27:58 -04:00
Spencer McIntyre a05f8a721b Print what the web.config loot path is 2020-10-19 10:27:41 -04:00
William Vu 4cb08f7426 Address outstanding issues 2020-10-15 13:24:08 -05:00
Grant Willcox 59f74438da Rename the LPE exploit to a more appropriate name since their could be future bugs in NtUserMessageCall and also update the description info a bit more 2020-10-15 10:59:44 -05:00
Grant Willcox 7c08a42401 Revamp the check method so that it will check across a lot more versions of Windows and provide full coverage for CVE-2019-1458 2020-10-15 10:59:44 -05:00
Grant Willcox f2899186e4 Add in first round of initial updates to fix review comments 2020-10-15 10:59:40 -05:00
Tim W dcc322436b Update documentation files and module description to more accurately describe what the cause of the LPE bug for CVE-2019-1458 is. also apply RuboCop edits. 2020-10-15 10:58:58 -05:00
Tim W c38064b022 Apply rubocop edits and update documentation 2020-10-15 10:58:38 -05:00
Tim W cf5ca76b5e fix check function 2020-10-15 10:58:07 -05:00
Tim W 12c5f4f916 CVE-2019-1458 chrome sandbox escape initial commit 2020-10-15 10:57:46 -05:00
William Vu 1a341ae931 Add SharePoint SSI and ViewState RCE 
CVE-2020-16952
 2020-10-14 17:45:15 -05:00
Grant Willcox 443f26410e Fix up disclosure date 2020-10-08 15:30:56 -05:00
Spencer McIntyre 3431d97c64 Remove modules whose deprecation date has past 2020-10-08 10:56:37 -04:00
Spencer McIntyre 99bd146428 Fix version-related logic for the Telerik RAU module 2020-10-07 15:03:11 -04:00
Spencer McIntyre fb569a24ee Add module documentation for Telerik RAU Deserialization 2020-10-07 13:40:10 -04:00
Grant Willcox a2675c13e8 Land #14213, Add disclosure date rubocop linting rule - enforce iso8601 disclosure dates 2020-10-07 12:09:59 -05:00
Spencer McIntyre 2edf0390f7 Apply rubocop fixes 2020-10-07 11:11:25 -04:00
Spencer McIntyre adfc8f89c4 Implement version enumeration and report CVE-2017-11317 for Telerik 2020-10-07 10:27:50 -04:00
Spencer McIntyre efc8485c86 Fill out module metadata and improve the check method 2020-10-06 18:00:13 -04:00
Spencer McIntyre 4e2093d860 Initial Telerik UI RAU module 2020-10-05 16:42:05 -04:00
bwatters 3a6293357e Land #14190, Add the DOMAIN option to the CVE-2020-0688 Exploit 
Merge branch 'land-14190' into upstream-master
 2020-10-05 12:12:21 -05:00
Alan Foster 30809787c4 Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
bwatters 3aeeede4a6 Land #14187, Added CVE-2020-3433 module 
Merge branch 'land-14187' into upstream-master
 2020-09-29 13:41:33 -05:00
bwatters 81fd2ea8a8 rubocop changes 2020-09-29 13:38:31 -05:00
Spencer McIntyre e7d2b73600 Add a DOMAIN option to CVE-2020-0688 for consistency with other modules 2020-09-28 09:24:39 -04:00
Shelby Pace f0f4da2b1e Land #14157, Windows update orchestrator privesc 2020-09-25 16:07:27 -05:00
Antoine GOICHOT fef88f27eb Added CVE-2020-3433 module 2020-09-25 23:04:58 +02:00
bwatters 2ed72007e0 Typos and cleanup 2020-09-25 12:27:55 -05:00
bwatters 7e68c42876 Rubocop, fix check method, clean up c code 2020-09-22 07:45:02 -05:00
bwatters 534e945cd0 First attempt at CVE-2020-1313 2020-09-18 15:39:12 -05:00
Shelby Pace c04e8d73c3 Land #14023, spooler svc privesc (PrinterDemon) 2020-09-17 16:06:29 -05:00
Shelby Pace 8b75401fcf remove requires 2020-09-17 16:04:56 -05:00
William Vu 5bda3b4b9d Revert "Make User-Agent consistent across requests" 
This reverts commit 0ec97aa447.
 2020-09-16 13:24:18 -05:00
William Vu da4e960eb0 Revert "Fix HttpUserAgent to UserAgent" 
This reverts commit 3c8390a1c7.
 2020-09-16 13:24:14 -05:00
William Vu 3c8390a1c7 Fix HttpUserAgent to UserAgent 
Payload vs. HttpClient. Whoops.
 2020-09-16 13:03:55 -05:00
William Vu 0ec97aa447 Make User-Agent consistent across requests 2020-09-16 12:59:17 -05:00
William Vu 03e0b9098c Add more words about Exchange role groups 2020-09-16 12:55:08 -05:00
bwatters d8df8a3422 Change description and fix typo 2020-09-16 11:17:39 -05:00
bwatters dcd0918694 Fixed cleanup and check 2020-09-16 11:17:39 -05:00