adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
49,964 Commits 27 Branches 1,043 Tags
a7e44e39f1f6abbcede0a96dbb4e893bd7400db6
Commit Graph

1224 Commits

Author SHA1 Message Date
William Vu cb5648a1c7 Add WEBUI_PORT to hp_van_sdn_cmd_inject exploit 2018-12-13 12:22:36 -06:00
William Vu e69f006992 Remove CommandShell mixin in exploits 
This was cargo culting. Exploits use handler instead of start_session.
 2018-12-12 15:43:13 -06:00
Tod Beardsley 140833215f Add CVE as issued by DWF 
See discussion on #10987.

Now that I said that out loud, I realize that the original PR for this
module is a really funny PR number.
 2018-12-06 14:59:05 -06:00
Jacob Robles dec08a0b43 Land #10954, apache spark unauth rce module 2018-11-29 13:56:21 -06:00
Jacob Robles 01af176679 Change delay implementation 2018-11-29 10:05:47 -06:00
Jacob Robles ed6c2896e3 Remove duplicate check 2018-11-29 10:04:51 -06:00
Jacob Robles 8508824cc2 Modify check logic 2018-11-29 10:04:05 -06:00
Green-m 4888ec0c29 Delete unused variable. 2018-11-29 10:48:25 +08:00
Green-m ca0a2684f5 Randomize payload main class. 2018-11-28 11:26:51 +08:00
h00die 63125bbc1a update imap_open refs 2018-11-27 20:31:57 -05:00
Brent Cook b05bb616bf Land #10987, add exploit for PHP imap_open function against various web apps 2018-11-27 16:44:51 -06:00
Brent Cook 0fddb8e31c Land #10768, Exploit for Netgear CVE-2016-1555 2018-11-26 11:45:10 -06:00
h00die e2d58afe13 cleaned up code, added custom 2018-11-25 10:59:53 -05:00
Brendan Coles debf79416b Replace WsfDelay with WfsDelay - Fixes #11018 2018-11-25 04:22:11 +00:00
h00die 945755b058 add custom php_imap target 2018-11-24 14:18:13 -05:00
h00die 45f2c5beb2 update php_imap_open docs 2018-11-24 07:26:42 -05:00
h00die e36cef3b96 e107 exploitable now 2018-11-23 20:16:53 -05:00
Green-m 2197da4cd9 Fix code as jrobles suggest. 2018-11-21 11:24:50 +08:00
h00die acf421ffb0 remove eol spaces 2018-11-20 19:45:17 -05:00
h00die 31ad58fb91 edb and author 2018-11-20 19:30:43 -05:00
h00die 4111a61e1a fix module description 2018-11-20 18:35:20 -05:00
h00die 4c59a271e2 added suitecrm to imap_open exploit 2018-11-20 18:33:42 -05:00
Green-m 9884bea84e Update the reference link. 2018-11-20 17:39:01 +08:00
Green-m 9f573d6f27 Fix code as jrobles suggest. 2018-11-20 16:54:22 +08:00
h00die a28feed7d8 fix normalize and date 2018-11-19 04:00:58 -05:00
h00die 4b09584047 php_imap_open_rce 2018-11-18 21:28:19 -05:00
William Vu 90b9204703 Update DisclosureDate to ISO 8601 in my modules 
Basic msftidy fixer:

diff --git a/tools/dev/msftidy.rb b/tools/dev/msftidy.rb
index 9a21b9e398..e9ff2b21e5 100755
--- a/tools/dev/msftidy.rb
+++ b/tools/dev/msftidy.rb
@@ -442,6 +442,8 @@ class Msftidy
     # Check disclosure date format
     if @source =~ /["']DisclosureDate["'].*\=\>[\x0d\x20]*['\"](.+?)['\"]/
       d = $1  #Captured date
+      File.write(@full_filepath, @source.sub(d, Date.parse(d).to_s))
+      fixed('Probably updated traditional DisclosureDate to ISO 8601')
       # Flag if overall format is wrong
       if d =~ /^... (?:\d{1,2},? )?\d{4}$/
         # Flag if month format is wrong
 2018-11-16 12:18:28 -06:00
Green-m f43aaac290 Clean code. 2018-11-14 16:48:39 +08:00
Green-m 7cc4d09a92 Clean code. 2018-11-14 10:35:38 +08:00
Green-m 388aebc335 Add exploit module for spark unauthenticated rce. 2018-11-12 17:07:50 +08:00
Imran E. Dawoodjee 16d146fd59 Fixing indentation. 2018-11-12 13:24:00 +08:00
Imran E. Dawoodjee 3e4df06500 Some more modifications 
Placed contents of request_post into execute_command
Randomized fingerprint with rand_text_alpha(12)
Spaces at EOL fixed
Normalized target URI
 2018-11-12 13:04:42 +08:00
Imran E. Dawoodjee 818cb37aca Implemented changes recommended by @bcoles. 2018-11-12 12:26:23 +08:00
Brendan Coles 1f14a9846d Land #10767, Add Cisco Prime Infrastructure remote root exploit 2018-11-10 17:08:16 +00:00
Green-m 981893a8bf Merge branch 'master' into sparkrce 2018-11-09 14:12:33 +08:00
Pedro Ribeiro 7464d81c01 Add warning about JSP deletion 2018-11-05 00:52:34 +09:00
Spencer McIntyre caf76a6555 Add applicable notes to my exploit modules 2018-10-27 20:54:14 -04:00
Imran E. Dawoodjee c86f68cb60 Minor changes to module, updated documentation. 2018-10-09 20:39:00 +06:30
Imran E. Dawoodjee 4332c4cffd Increased linemax from 128 to 2048. 2018-10-09 15:35:47 +06:30
Imran E. Dawoodjee 97b398963b Suggestions by @bcoles implemented, randomized MAC 2018-10-09 14:02:56 +06:30
Pedro Ribeiro 9bbd90f978 Style fixes and add full disc URL 2018-10-09 13:38:13 +07:00
Imran E. Dawoodjee 78624b7020 Updated documentation and fixed the code (mostly). 2018-10-09 10:52:06 +06:30
Imran E. Dawoodjee 0fe989b42f Code streamlining. 2018-10-08 21:12:27 +06:30
Imran E. Dawoodjee 4cc2c22026 Used a command stager, improved upon vulnerability detection and 
generally attempted to streamline most of the code. Hardcoded one
vulnerable URI since it's the most likely to be present in all versions
of the vulnerable firmwares.
 2018-10-08 20:51:58 +06:30
Imran E. Dawoodjee b552b803bb Still working on the HTTP stager. 2018-10-08 15:18:47 +06:30
Imran E. Dawoodjee fcb0b90d7a Fixed numbering in the documentation steps, offed some whitespace, 
streamlined the send_request_cgi, removed the conn_check.
 2018-10-08 15:04:32 +06:30
Pedro Ribeiro 22d0325d33 Add placeholder for full disclosure URL 2018-10-08 12:33:36 +07:00
Pedro Ribeiro 743a72dff6 Remove header from my own repo 2018-10-08 12:17:11 +07:00
Pedro Ribeiro f0443bbb57 Create cisco prime exploit 2018-10-08 12:16:24 +07:00
Imran E. Dawoodjee 3340cf529c Fixed duplicate output for check. 2018-10-08 11:19:24 +06:30