adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
61,479 Commits 27 Branches 1,043 Tags
a7bed49e8abf8bd4d34d079e7c0f3d514b56fd6a
Commit Graph

3000 Commits

Author SHA1 Message Date
William Vu 6a6c08c773 Fix edge case in method overloading 2021-07-12 20:29:56 -05:00
William Vu d29532d4c4 Add VMware vCenter Server CVE-2021-21985 exploit 2021-07-12 13:07:05 -05:00
William Vu 6fbaecf919 Backport print changes to recent modules 2021-07-08 21:26:35 -05:00
Grant Willcox 570ba091f6 Update some typos in the documentation and also update the exploit module to handle various cases whereby the dbus-send command might end up timing out due to TIMEOUT being too low and to fix some final issues found during testing 2021-07-08 16:24:01 -05:00
Grant Willcox 9f88ef0954 Fix up review comments 2021-07-08 16:22:29 -05:00
Jack Heysel 54ee8f7ae7 Added cmd_delay nil check, updated title 2021-07-08 16:20:45 -05:00
Jack Heysel 0f67dd5212 Fixed get_cmd_delay, reponded to comments 2021-07-08 16:20:38 -05:00
Jack Heysel 9a07039e7e Updated docs 2021-07-08 16:09:15 -05:00
Jack Heysel fdbf669da2 Fixed check for /bin/su 2021-07-08 16:09:12 -05:00
Jack Heysel 285a6338fa Print error instead of failwith when exploit commands unsuccessful 2021-07-08 16:09:12 -05:00
Jack Heysel f797f30651 Fixed call to write directory 2021-07-08 16:09:04 -05:00
Jack Heysel 1a73cfbe25 Updated check method 2021-07-08 16:09:03 -05:00
Jack Heysel c5a9ecd45b WritableDir as advanced opt 2021-07-08 16:09:03 -05:00
Jack Heysel f87f831aba Module updates + Docs 2021-07-08 16:09:02 -05:00
Jack Heysel 8d2d445699 Send one large command over many of smaller size 2021-07-08 16:08:36 -05:00
Jack Heysel e7608d79f6 Polkit authentication bypass 2021-07-08 16:08:33 -05:00
Spencer McIntyre dc9c0035ab Land #15371, check if apport-cli is in $PATH 
Fixes #15370
 2021-07-08 09:28:35 -04:00
Spencer McIntyre 636b790acb Update to using the AutoCheck mixin 2021-07-08 09:03:42 -04:00
William Vu af986380d3 Fix CheckCode 
It's closer to CheckCode::Appears than CheckCode::Vulnerable.
 2021-07-06 22:22:27 -05:00
Christophe De La Fuente daa5b32393 Update from review 
- Remove `MeterpreterTryToFork` option logic
- Add `Prepend` code directly under `Payload` info
- Rebase to use the updated `PrependFork`
- Add logic to verify that shells specified in the options really exist
  on the remote host
 2021-06-30 18:13:35 +02:00
Christophe De La Fuente eca20bec92 Update from code review 
- Fix documentation typos
- Rename `MeterpreterBackground` Mettle option to `MeterpreterTryToFork`
 2021-06-30 11:02:11 +02:00
Christophe De La Fuente ccaedd6c9a Last additions and improvements 
- add binaries
- add documentation
- backup `runc` binary in the exploit C file
- add `MeterpreterBackground` options to set Mettle `background` option
- add `WsfDelay` logic
- refactor code
- add cleanup logic
- add restore `runc` binary logic
 2021-06-30 11:02:11 +02:00
Christophe De La Fuente 1b59b8c83e Rebase and fix conflicts in lib/msf/core/post/common.rb 2021-06-30 11:02:11 +02:00
Brendan Coles d40656b852 apport_abrt_chroot_priv_esc: check if apport-cli is in $PATH 2021-06-25 11:48:16 +00:00
Shelby Pace 3c7d96695e Land #15349, add rConfig vendors auth rce 2021-06-24 10:43:18 -05:00
Shelby Pace 9f864df5f1 use Rex::Version instead of Gem::Version 2021-06-24 10:14:17 -05:00
Shelby Pace df1faf85ff rename files, change version check, use cookie jar 2021-06-24 09:47:38 -05:00
Yann Castel 1d2e3212d3 using MIME + added some guards 2021-06-18 10:43:30 +02:00
Hakyac 7781d9ff1e Update modules/exploits/linux/http/rconfig_authenticated_rce.rb 
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2021-06-18 10:22:11 +02:00
Hakyac 1e7737f8b4 Update modules/exploits/linux/http/rconfig_authenticated_rce.rb 
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2021-06-18 10:17:52 +02:00
Hakyac f4bd18c5a3 Update modules/exploits/linux/http/rconfig_authenticated_rce.rb 
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2021-06-18 09:21:00 +02:00
Spencer McIntyre 397c9ef140 Land #15333, Cisco HyperFlex File Upload RCE 2021-06-17 13:40:39 -04:00
Jack Heysel 281fce0c94 Cisco HyperFlex File Upload RCE module 
beta draft

RCE working with linux/x64/meterpreter_reverse_tcp

rubocop

Updated title, removed newlines

Responded to comments

Rubo cop offenses

Update documentation/modules/exploit/linux/http/cisco_hyperflex_file_upload_rce.md

Co-authored-by: wvu <wvu-r7@users.noreply.github.com>

Update modules/exploits/linux/http/cisco_hyperflex_file_upload_rce.rb

Co-authored-by: wvu <wvu-r7@users.noreply.github.com>

Update modules/exploits/linux/http/cisco_hyperflex_file_upload_rce.rb

Co-authored-by: wvu <wvu-r7@users.noreply.github.com>

Update modules/exploits/linux/http/cisco_hyperflex_file_upload_rce.rb

Co-authored-by: wvu <wvu-r7@users.noreply.github.com>

Update modules/exploits/linux/http/cisco_hyperflex_file_upload_rce.rb

Co-authored-by: wvu <wvu-r7@users.noreply.github.com>

Responded to comments

Rubocop offenses

Added support for Java Dropper

Made changes to Linux Dropper

Rubocop

Improved check method, changed to default staged paylod, removed TODO

Switched to single-quoted strings
 2021-06-17 12:38:47 -04:00
Yann Castel dca4f3f471 fix download link 2021-06-17 15:19:42 +02:00
Yann Castel 0fda6b348d initial commit 2021-06-17 15:15:59 +02:00
Grant Willcox e3a0228f79 Adjust exploit module title for rubocop compliance 2021-06-10 16:54:35 -05:00
Grant Willcox de8180b666 Update module title to correct state affected versions 2021-06-10 09:42:26 -05:00
MucahitSaratar ea7eaba7a9 added cve 
Signed-off-by: MucahitSaratar <trregen222@gmail.com>
 2021-06-10 09:35:42 -05:00
MucahitSaratar 4796779a29 Add more fixes to the module and documentation 2021-06-10 09:35:10 -05:00
Grant Willcox 038d0b1334 Add in autocheck compatability, update the documentation and output to be clearer, minimize traffic sent, fix up invalid scoping of variables, randomize data where possible, and add in exploit notes 2021-06-10 09:34:52 -05:00
MucahitSaratar 83caaccc6a adding backup 
Signed-off-by: MucahitSaratar <trregen222@gmail.com>
 2021-06-10 09:34:47 -05:00
MucahitSaratar 8e16d4a1c7 ipfire 2.25 core 156 remote code execution 
Signed-off-by: MucahitSaratar <trregen222@gmail.com>
 2021-06-10 09:34:13 -05:00
Grant Willcox 69690ef09e Fix RuboCop issues with sudo_baron_samedit.rb that were causing failures in some builds 2021-06-04 12:03:13 -05:00
Spencer McIntyre 78f97d2fa7 Land #15281, Add Cisco HyperFlex exploit 2021-06-03 17:24:27 -04:00
Shelby Pace 8b737c2c60 Land #15231, add SuiteCRM log file rce 2021-06-03 09:11:00 -05:00
William Vu 6efd312430 Add Cisco HyperFlex HX Data Platform exploit 
CVE-2021-1497
CVE-2021-1498
 2021-06-03 00:43:56 -05:00
William Vu 37a7ee2e28 Clean up f5_icontrol_rest_ssrf_rce 
Escalate a warning and prefer a variable.
 2021-06-02 20:32:47 -05:00
mcorybillington d2b539e3c9 authentication fix from add cookie jar merge 2021-06-02 16:54:09 -05:00
Shelby Pace 3056e8f946 add cookie jar and AutoCheck 2021-06-02 13:09:33 -05:00
pingport80 fe8e586b22 fall to shell when meterpreter fails get_processes 
shift `pidof` to `Msf::Post::Process`
 2021-06-01 18:51:39 +05:30