adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
44,717 Commits 27 Branches 1,043 Tags
a87ae41d81d680b3ea202ff3c59ff3c052d273a7
Commit Graph

1629 Commits

Author SHA1 Message Date
Tod Beardsley ddac5600e3 Reference TR-064, not TR-069 2016-12-02 08:45:15 -06:00
William Vu 1d6ee7192a Land #7427, new options for nagios_xi_chained_rce 2016-11-30 17:11:02 -06:00
William Vu 3e8cdd1f36 Polish up USER_ID and API_TOKEN options 2016-11-30 17:10:52 -06:00
Tod Beardsley 43cd788350 Switch back to echo as cmdstager flavor 2016-11-30 10:18:09 -06:00
Tod Beardsley b75fbd454a Add missing peer in vprint_error 2016-11-30 07:59:41 -06:00
Tod Beardsley 657d52951b Linemax 63, switch to printf 2016-11-30 07:51:36 -06:00
Tod Beardsley 08b9684c1a Add a FORCE_EXPLOIT option for @FireFart 2016-11-29 16:37:13 -06:00
Tod Beardsley 57d156a5e2 Revert "XML encode the command passed" 
This reverts commit 9952c0ac6f.
 2016-11-29 16:24:26 -06:00
Tod Beardsley b7904fe0cc Oh silly delimiters and lack thereof 2016-11-29 15:53:05 -06:00
Tod Beardsley 9952c0ac6f XML encode the command passed 2016-11-29 15:49:55 -06:00
Tod Beardsley 851aae3f15 Oops, wrong module 
This reverts commit d55d2099c5.
 2016-11-29 15:15:18 -06:00
Tod Beardsley d55d2099c5 Just one platform thanks 2016-11-29 15:08:45 -06:00
Tod Beardsley 4d6b2dfb46 Use CmdStager instead 
Oh, and this is totally untested as of this commit.
 2016-11-29 15:03:38 -06:00
Tod Beardsley 8de17981c3 Get rid of the WiFi key stealer 2016-11-29 14:48:04 -06:00
Tod Beardsley 75bcf82a09 Never set DefaultPaylod, reverse target options 2016-11-29 14:43:10 -06:00
Tod Beardsley f55f578f8c Title, desc, authors, refs 2016-11-29 14:39:38 -06:00
Tod Beardsley d691b86443 First commit of Kenzo's original exploit 
This is a work in progress, and is merely the copy-paste
of the original PoC exploit from:

https://devicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/
 2016-11-29 09:13:52 -06:00
x2020 6f70323460 Minor misspelling mistakes and corrected the check of the mysqld process 2016-11-25 19:03:23 +00:00
x2020 1119dc4abe Targets set to automatic 
removed targets and set only automatic
the targets weren't used so there's no funcionallity loss
 2016-11-25 17:35:28 +00:00
Brent Cook 59f3c9e769 Land #7579, rename netfilter_priv_esc to rename netfilter_priv_esc_ipv4 2016-11-21 17:59:29 -06:00
Prateep Bandharangshi 8869ebfe9b Fix incorrect disclosure date for OpenNMS exploit 
Disclosure date was Nov 2015, not Nov 2014
 2016-11-21 16:44:36 +00:00
William Webb 6c6221445c Land #7543, Create exploit for CVE-2016-6563 / Dlink DIR HNAP Login 2016-11-21 09:59:50 -06:00
Brent Cook 005d34991b update architecture 2016-11-20 19:09:33 -06:00
Brent Cook f313389be4 Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch 2016-11-20 19:08:56 -06:00
x2020 acfd214195 Mysql privilege escalation 
Documentation, compiled binary and final implementation.
Completed the documentation, added the missing compiled binary and a
final and tested implementation of the module.
 2016-11-19 11:24:29 +00:00
h00die cfd31e32c6 renaming per @bwatters-r7 comment in #7491 2016-11-18 13:52:09 -05:00
wchen-r7 4596785217 Land #7450, PowerShellEmpire Arbitrary File Upload 2016-11-17 17:47:15 -06:00
Brendan 18bafaa2e7 Land #7531, Fix drb_remote_codeexec and create targets 2016-11-16 12:58:22 -06:00
Brent Cook b56b6a49ac Land #7328, Extend lsa_transname_heap exploit to MIPS 2016-11-15 07:37:19 -06:00
Jeffrey Martin c458d662ed report correct credential status as successful 2016-11-14 12:27:22 -06:00
Jeffrey Martin 4ae90cbbef Land #7191, Add exploit for CVE-2016-6267 - Trend Micro Smart Protection Server authenticated RCE. 2016-11-14 12:06:02 -06:00
Pedro Ribeiro 908713ce68 remove whitespace at end of module name 2016-11-14 08:35:34 +00:00
Pearce Barry 9eb9d612ca Minor typo fixups. 2016-11-11 16:54:16 -06:00
Pearce Barry 1dae206fde Land #7379, Linux Kernel BPF Priv Esc (CVE-2016-4557) 2016-11-11 16:50:20 -06:00
Pedro Ribeiro 50f578ba79 Add full disclosure link 2016-11-08 22:15:19 +00:00
Pedro Ribeiro 95bd950133 Point to proper link on github 2016-11-07 17:59:29 +00:00
Pedro Ribeiro f268c28415 Create dlink_hnap_login_bof.rb 2016-11-07 17:45:37 +00:00
William Vu da356e7d62 Remove Compat hash to allow more payloads 2016-11-04 13:57:05 -05:00
William Vu f0c89ffb56 Refactor module and use FileDropper 2016-11-04 13:57:05 -05:00
William Vu 6d7cf81429 Update references 2016-11-04 13:57:05 -05:00
William Vu 009d6a45aa Update description 2016-11-04 13:57:05 -05:00
William Vu bf7936adf5 Add instance_eval and syscall targets 2016-11-04 13:57:05 -05:00
Brendan dae1f26313 Land #7521, Modernize TLS protocol configuration for SMTP / SQL Server 2016-11-03 12:56:50 -05:00
William Vu eca4b73aab Land #7499, check method for pkexec exploit 2016-11-03 10:59:06 -05:00
William Vu 1c746c0f93 Prefer CheckCode::Detected 2016-11-03 11:14:48 +01:00
William Vu 2cdff0f414 Fix check method 2016-11-03 11:14:48 +01:00
William Webb 31b593ac67 Land #7402, Add Linux local privilege escalation via overlayfs 2016-11-01 12:46:40 -05:00
Brent Cook f8912486df fix typos 2016-11-01 05:43:03 -05:00
OJ 3c56f1e1f7 Remove commented x64 arch from sock_sendpage 2016-11-01 01:29:11 +10:00
Alex Flores 45d6012f2d fix check method 2016-10-30 14:57:42 -04:00