adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
67,211 Commits 27 Branches 1,043 Tags
a727ebbf5ec9bc5f34374b07b3901ac536d3c31e
Commit Graph

32825 Commits

Author SHA1 Message Date
PazFi a727ebbf5e Adding detection of I-AM responses sent in unicast form. 2022-08-01 15:11:57 +03:00
PazFi f2a70c43cb Removing unnecessary lines of code. 2022-08-01 13:55:38 +03:00
PazFi baa686f5e0 Using Rex::Socket::Udp instead of packetfu. 
Adding report_note in case user does not have privileges to write to file.
Added sleeping time between outputs.
Removed LHOST from options, since it is not needed.
Replaced print_bad with fail_with.
 2022-07-31 16:50:52 +03:00
PazFi 362318c95b Fixing rubocop issues. 2022-07-31 08:44:40 +03:00
PazFi 665bde7f60 Enforcing regex input validation on local IP. 2022-07-25 08:17:39 +03:00
PazFi a6bdc5ea29 -Validating md file with msftidy_docs. 
-Removing global variables, and calling data stored in datastore when required.
-Calling methods or variables instead of calling terminal commands.
-Some indentations.
-Using heredocs when handling multiple strings.
-Handling the case where LHOST does not contain IP address.
 2022-07-24 18:51:53 +03:00
PazFi 28c3dd5739 A SCADA scanner module for BACnet protocol. 
The scanner discovers BACnet devices on the network by broadcasting
Who-is packets, extracts model name, software version, firmware
revision and description from the discovered devices by sending
specific read-property packets. After parsing the data the module saves
it to a local xml file.
Because devices can be nested, every address can have multiple devices.
 2022-07-19 17:02:35 +03:00
Spencer McIntyre ebb15ee9e7 Land #16598, Add in LDAP Query Module 2022-07-19 09:51:00 -04:00
bwatters e3e6afbaa3 Land #16753, ms03_007_ntdll_webdav: Cleanup and add additional offsets 
Merge branch 'land-16753' into upstream-master
 2022-07-19 08:48:06 -05:00
Spencer McIntyre 2eaccd657f Use an OptPath for QUERY_FILE_PATH 
This adds tab completion and an extra check to make sure it exists.
 2022-07-19 09:48:03 -04:00
Grant Willcox dcd4caf977 Remove excess error handling that was causing issues 2022-07-19 08:10:53 -05:00
Jack Heysel 2af8042bfa Land #16761, clean up ms01_023_printer 
Adds additional offsets for various Windows 2000 targets.
Replaces raw socket TCP with HttpClient. This works fine in testing.
Fixes default payload, adds docs and notes.
 2022-07-16 17:56:59 -04:00
jheysel-r7 adecb0d94b Merge branch 'master' into ms02_065_msadc 2022-07-16 17:26:23 -04:00
Jack Heysel 77be219bc2 Land #16754, add offsets to ms02_065 
Adds additional offsets for various Windows 2000
Professional targets, adds  docs, fixes default
payload and resolves rubocop violations.
 2022-07-16 16:43:47 -04:00
Spencer McIntyre 25f50e607c Reduce code, be more permissive 
This makes a few changes that should enable the module to function
better should it be dropped into a fresh MSF installation on its own.
 2022-07-15 16:29:17 -05:00
Grant Willcox 2a8d95c121 Default to having a near empty custom file so that we can still update the default queries without issues vs preventing updates from occuring. If users want to override the defaults, then they accept the risk of not getting updates. Update documentation to also note this. 2022-07-15 16:29:12 -05:00
Grant Willcox 1e05630d26 Make sure that we load ACTIONs from the user's custom file at startup if they have changed anything or added any new ACTIONs 2022-07-15 16:29:12 -05:00
Grant Willcox 2d1acc0369 Refactor code and also add in proper fail_with error codes where needed. Also fix up module and documentation descriptions to be a bit clearer. 2022-07-15 16:29:01 -05:00
Grant Willcox 03ebbaf2d0 Add in RUN_SINGLE_QUERY and associated options, and then update the code and documentation accordingly. This will allow users to run single queries with associated attribute filters if they want to test out single queries at a time without changing YAML files 2022-07-15 16:29:00 -05:00
Grant Willcox 32e5884589 Update error description to be more helpful when debugging. Also update DefaultAction to default to first entry in the list or RUN_QUERY_FILE if no other action is available 2022-07-15 16:28:50 -05:00
Grant Willcox c5f2507ee0 Fix up usage of the word columns where attributes was more appropriate. Also update the multi query logic to match new data format as it was broken before as a result of changes to file format. Finally remove extra parameters that are no longer needed. 2022-07-15 16:28:43 -05:00
Grant Willcox 8c236e789e Rename files to follow proper format. Add in documentation for examples. Then update code so we use Msf::Config.get_config_root to store the config file that we parse to get the actions outside of a Git tracked location. We will still use the default file to populate this non-git tracked location if its not already populated though. 2022-07-15 16:28:43 -05:00
Grant Willcox 3c56e272a1 Remove default actions and move them to default.yaml, then update code accordingly. Also update the initialization code so it will now load the possible actions dynamically from default.yaml. 2022-07-15 16:28:37 -05:00
Grant Willcox 438b4b1bf8 Rework the logic for output and make it a lot neater. Also redo the query logic thanks to help from Alan David Foster so the query itself will specify what fields we need vs us having to manually filter this out later on. Makes it a lot quicker and easier to work with 2022-07-15 16:28:31 -05:00
Grant Willcox 2a1a8aa632 Add in CSV reporting formatting thanks to some help from Alan David Foster 2022-07-15 16:28:30 -05:00
Grant Willcox d4809219b9 Add in JSON output option 2022-07-15 16:28:23 -05:00
Grant Willcox 515bfd296e Add in YAML query file implementation 2022-07-15 16:28:23 -05:00
Grant Willcox 65b9e1cb13 Push initial copy of work up 2022-07-15 16:27:56 -05:00
bcoles 59685f82f8 ms02_065_msadc: Cleanup and add additional offsets 2022-07-15 00:15:56 +10:00
Jack Heysel 662c8bbd87 Land #16742, add NetScaler decrypt aux module 
This aux module allows users to decrypt secrets
in Citrix NetScaler appliance configuration files
 2022-07-13 14:00:43 -04:00
Jack Heysel 8f3a0e3856 Land #16742, add NetScaler decrypt aux module 
This aux module allows users to decrypt secrets
in Citrix NetScaler appliance configuration files
 2022-07-13 12:11:02 -04:00
Jack Heysel 819d1fa2dd Land #16762, Sourcegraph RCE module 
This module exploits a vuln in the gitserver
component of sourcegraph that results in OS
command execution in the context of gitserver.
 2022-07-13 10:09:06 -04:00
npm-cesium137-io 9a6013b153 citrix_netscaler_config_decrypt refinements 
Refactor error handling when composing KEK fragments to be more
streamlined.

Various tweaks and optimizations.

Updates to documentatation.
 2022-07-13 08:36:18 -04:00
npm-cesium137-io 443920850c Update modules/auxiliary/admin/citrix/citrix_netscaler_config_decrypt.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2022-07-13 07:56:41 -04:00
npm-cesium137-io d227f0aaa2 Update modules/auxiliary/admin/citrix/citrix_netscaler_config_decrypt.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2022-07-13 07:56:12 -04:00
space-r7 ccef129807 Land #16727, set tftphost option 2022-07-12 15:29:42 -05:00
Jack Heysel fdd7a863c8 Land #16736, fix confluence_widget_connector crash 
This change fixes a bug in the confluence_widget_connector 
exploit module to prevent it from crashing when the HTTP
response body received in the get_java_property method is
empty or does not match expected regex.
 2022-07-12 12:27:40 -04:00
Jack Heysel 52fd45b7ab Land #16744 Jboss EAP/AS RCE module 
This module exploits a Java deserialization vulnerability
in JBOSS EAP/AS Remoting Unified Invoker interface for
versions 6.1.0 and prior.
 2022-07-12 10:49:22 -04:00
Jack Heysel 7df6d73741 Added new line to end of file 2022-07-12 09:08:19 -04:00
Jack Heysel 44abcfcb28 Added flavour to fix linux_dropper 2022-07-12 09:06:06 -04:00
Spencer McIntyre 439606b2ac Use a more reliable check method 
The check method will not work regardless of whether or not there is a
cloned repository. The response can be analyzed using a random,
non-existant repo.
 2022-07-11 09:48:08 -04:00
Spencer McIntyre 48cefee585 Cleanup the module based on feedback 2022-07-11 09:09:25 -04:00
adfoster-r7 3e66fc8f4e Fix crash in ms04-007-killbill 2022-07-10 00:07:26 +01:00
Spencer McIntyre 9d979fdf4f Finish up the sourcegraph RCE module 2022-07-08 17:27:22 -04:00
Spencer McIntyre 27ad62c964 Add a decent check method 2022-07-08 16:40:42 -04:00
bcoles 83bc954e9d ms01_023_printer: cleanup; use HttpClient; add additional targets 2022-07-09 01:36:10 +10:00
Spencer McIntyre 781597bc0e Land #16617, fix race condition in short ranges 2022-07-08 09:56:51 -04:00
Spencer McIntyre 728cf97f6e Land #16718, Fix run_as module on x64 systems 2022-07-08 09:22:22 -04:00
Heyder Andrade 2f7cf90b7f mixin didn't work with linux_dropper payload 
- Fixed exception handling variable attribution
- Tried to change JavaDeserialization Util to JavaDeserialization mixin
instead
- Changed the fail reason when the connection is unsuccessful
 2022-07-08 02:30:26 +02:00
space-r7 f958b0a053 Land #16738, correct CVE/lint for weblogic module 2022-07-07 18:08:13 -05:00