adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
68,090 Commits 27 Branches 1,043 Tags
a3eee73efb45b162deb5d3dae7287cdfe718c60f
Commit Graph

5178 Commits

Author SHA1 Message Date
Jack Heysel 60c21da50e Land #17009, Add MobaXterm cred gather module 
This module determines if MobaXterm is installed and if
it is dumps all saved session information from the target
 2022-10-05 14:14:27 -04:00
Jack Heysel 0145264046 Land #17093, add Enlightenment priv esc module 
This PR adds a local priv esc for Enlightenment on Ubuntu
which exploit a simple cmd injection
 2022-10-04 14:09:18 -04:00
space-r7 63af4e3702 Land #17067, add remote mouse rce 2022-10-04 11:40:33 -05:00
Jack Heysel edc0c622fc Land #17099, Wordpress Elementor plugin RCE 
This PR adds a new authenticated exploit module against
3 versions of Elementor, a plugin for Wordpress.
 2022-10-03 16:59:38 -04:00
h00die b7073df1e0 review comments 2022-10-03 16:53:14 -04:00
bwatters 052d233bd9 Land #17006, Gather_RedisDesktopManager_Password 
Merge branch 'land-17006' into upstream-master
 2022-10-03 15:10:30 -05:00
h00die 68b2aec6fb review comments 2022-10-03 15:25:53 -04:00
h00die c6e18ee469 cve-2022-1329 2022-10-02 15:59:58 -04:00
h00die e78babea90 cve-2022-37706 2022-10-01 11:24:29 -04:00
Jack Heysel 9ad513dade Land #16933, Thycotic Secret Server post module 
This PR adds a post exploitation module that exports
and decrypts Thycotic Secret Server credentials
 2022-09-30 13:16:05 -04:00
bwatters 9e74b9887d Land #17048, enum_tokens: Cleanup 
Merge branch 'land-17048' into upstream-master
 2022-09-29 15:58:46 -05:00
jheysel-r7 e06acc7df0 Update documentation/modules/post/windows/gather/credentials/thycotic_secretserver_dump.md 2022-09-29 13:59:01 -04:00
jheysel-r7 e8d4bcdcc6 Update documentation/modules/post/windows/gather/credentials/thycotic_secretserver_dump.md 2022-09-29 13:58:37 -04:00
jheysel-r7 713d63654b Update documentation/modules/post/windows/gather/credentials/thycotic_secretserver_dump.md 2022-09-29 13:58:22 -04:00
bwatters 76c6632305 Land #16673, qdPM 9.1 - Authenticated Remote Code Execution (CVE-2020-7246) 
Merge branch 'land-16673' into upstream-master
 2022-09-29 09:46:27 -05:00
Jack Heysel 379f303ea8 Land #17061, Mobile Mouse Server RCE 
This PR includes a module that uses default
configuration in Unified Remote to spawn a
run prompt and return a shell.
 2022-09-28 10:48:41 -04:00
bwatters e27dbd2787 Land #16794,Add exploit for CVE-2022-34918 
Merge branch 'land-16794' into upstream-master
 2022-09-27 16:37:52 -05:00
h00die 391a27b08c remote mouse rce 2022-09-27 16:37:42 -04:00
bwatters 3170eac829 Land #16981, enum_domain_tokens: Cleanup and fix group member retrieval 
Merge branch 'land-16981' into upstream-master
 2022-09-27 09:47:34 -05:00
h00die a39b1c9fe5 msftidy_docs 2022-09-26 15:56:43 -04:00
h00die 61f576d3e1 mobile mouse server exploit 2022-09-26 15:45:42 -04:00
Grant Willcox a48c2d9e72 Land #17033, hikvision password reset via inproper authorization logic - CVE-2017-7921 2022-09-23 15:01:04 -05:00
Grant Willcox 0908006466 Land #16985, wifi mouse rce - CVE-2022-3218 2022-09-23 14:46:49 -05:00
Grant Willcox b62f163696 Update documentation on module and exploit a little more to make things a bit clearer 2022-09-23 14:08:18 -05:00
Grant Willcox 2958a43a6a Update to reflect fact that bug is an improper authentication logic bug and to randomize password for auth parameter since it is ignored 2022-09-23 12:19:29 -05:00
Jack Heysel 2b5e85cd27 Land #17012, Veritas Backup Agent RCE 
This module exploits a chain of the vulnerabilities CVE-2021-27876,
CVE-2021-27877 and CVE-2021-27878 in Veritas Backup Exec Agent which
leads to remote code execution with privileges of system or root user
 2022-09-23 12:31:46 -04:00
h00die-gr3y f2d357eda1 updated documentation with camera specifications 2022-09-23 09:38:37 -05:00
Grant Willcox edc37835e5 Add more nil checks in, update some of the check code to catch an edge case, update notes to account for indicators of compromise, and fix some extra issues noticed on second round of review 2022-09-23 09:38:35 -05:00
Grant Willcox 3ca34568c2 Clean up some of the documentation and module code and descriptions 2022-09-23 09:38:12 -05:00
h00die-gr3y 5ed7ff7f52 init commit module and documentation 2022-09-23 09:38:05 -05:00
alex d5dcca899d Fix description scenario 2022-09-23 10:51:36 +03:00
cgranleese-r7 c74f480177 Land #17049, enum_domain_group_users module clean up 2022-09-22 17:51:12 +01:00
cgranleese-r7 0029628db8 Land #17051, wmic_command module cleanup 2022-09-22 16:17:33 +01:00
Jack Heysel 12f3325f3e Land #16732, VIDIdial Multiple SQLi 
This PR adds a module which exploits several
authenticated sqli in VICIdial
 2022-09-22 10:47:42 -04:00
bcoles ce48afd0db wmic_command: Cleanup 2022-09-23 00:25:13 +10:00
bcoles 9eab7eadab enum_domain_group_users: Cleanup 2022-09-22 17:05:19 +10:00
bcoles eef42884e0 enum_tokens: Cleanup 2022-09-22 12:04:24 +10:00
h00die 6d608ea41e vicidial sqli module docs update 2022-09-21 16:57:18 -04:00
h00die eb516f402e wifi mouse doc updates 2022-09-21 16:38:50 -04:00
h00die 32402c0e6d wifi mouse doc updates 2022-09-21 16:35:08 -04:00
Grant Willcox 605db0160d Fix up documentation 2022-09-21 15:02:04 -05:00
Spencer McIntyre 415383b48d Land #17042, Add exploit for CVE-2022-36804 2022-09-21 13:07:32 -04:00
Christophe De La Fuente 4943d86ec6 Land #16989, Unified Remote RCE 2022-09-21 14:06:33 +02:00
space-r7 f2e003cdb0 add documentation 2022-09-20 18:45:48 -05:00
Grant Willcox bd4a062e5f Land #17023, Fix #16999 by using a compatible default action 2022-09-19 17:33:01 -05:00
Grant Willcox 5d7c7b0a09 Update documentation and change up the code to use action.name vs datastore['ACTION'] since that is no longer populated 2022-09-19 17:31:51 -05:00
bwatters 88f14950a0 Land #16688, Add Mimipenguin 
Merge branch 'land-16688' into upstream-master
 2022-09-19 12:43:16 -05:00
h00die 271171f6d2 unified now with invisible feature 2022-09-18 19:02:59 -04:00
Spencer McIntyre eae1adb8bb Add getsystem module docs 2022-09-16 14:59:50 -04:00
cn-kali-team 35a33c9710 rename,delete useless code 2022-09-16 11:38:48 +08:00