adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
44,717 Commits 27 Branches 1,043 Tags
a87ae41d81d680b3ea202ff3c59ff3c052d273a7
Commit Graph

2503 Commits

Author SHA1 Message Date
Brent Cook 294a8e0ada Land #9413, Expand the number of class names searched when checking for an exploitable JMX server 2018-01-24 17:12:43 -06:00
Brent Cook 512192d3b0 Land #9267, Add targets to sshexec 2018-01-24 17:12:12 -06:00
William Vu 366a20a4a4 Fix #9215, minor style nitpick 2018-01-03 23:11:51 -06:00
William Vu a1d43c8f33 Land #9215, new Drupageddon vector 2018-01-03 14:45:32 -06:00
William Vu caae33b417 Land #9170, Linux UDF for mysql_udf_payload 2017-12-21 20:48:24 -06:00
Brent Cook 210f137b7b Merge branch 'upstream-master' into land-9296- 2017-12-20 12:07:53 -06:00
William Vu e9b9c80841 Fix #9307, credit to @r0610205 2017-12-18 03:55:01 -06:00
William Vu 76823e9fe6 Land #9183, Jenkins Groovy XStream RCE 2017-12-18 03:38:27 -06:00
Tim c4e20e01e3 iOS meterpreter 2017-12-12 23:23:21 +08:00
WhiteWinterWolf bfd5c2d330 Keep the initial option name 'ADMIN_ROLE' 2017-11-22 22:03:56 +01:00
WhiteWinterWolf 2be3433bdb Update references URLs 2017-11-17 13:27:35 +01:00
WhiteWinterWolf a636380e4b Merge the new method into drupal_drupageddon.rb 2017-11-17 13:00:15 +01:00
WhiteWinterWolf 704514a420 New exploit method for Drupageddon (CVE-2014-3704) 
This new script exploits the same vulnerability as
 *exploits/multi/http/drupal_drupageddon.rb*, but in a more efficient way.
 2017-11-16 20:47:44 +01:00
Adam Cammack 4219959c6d Bump ranking to Excellent 2017-11-15 15:00:47 -06:00
Steven Patterson df2b62dc27 Add Mako Server CMD injection Linux support, update docs, move to multi 2017-11-10 16:28:39 -05:00
attackdebris 500bde1150 get_vars tweak 2017-11-09 04:16:34 -05:00
attackdebris a04bc0a25b Add get_vars, remove a https instance 2017-11-08 16:30:59 -05:00
Patrick Webster 2f6da89674 Change author name to nick. 2017-11-09 03:00:24 +11:00
attackdebris 7173e7f4b4 Add CVE to module description 2017-11-07 11:05:14 -05:00
attackdebris 371f3c333a This commit adds the jenkins_xstream_deserialize module 2017-11-07 09:46:42 -05:00
Brent Cook cfeb0b7bda prefer threadsafe sleep here 2017-11-06 01:37:09 -06:00
Brent Cook 897b5b5dd1 revert passive handler stance 2017-11-06 01:37:09 -06:00
h00die 697031eb36 mysql UDF now multi 2017-11-03 05:26:05 -04:00
Jeffrey Martin 43b67fe80b remove errant bracket, formatting update 2017-10-26 15:01:53 -05:00
Jeffrey Martin f2cba8d920 Land #8933, Web_Delivery - Merge regsvr32_applocker_bypass_server & Add PSH(Binary) 
This restores the original PR
 2017-10-25 16:29:11 -05:00
Jeffrey Martin ca28abf2a2 Revert "Land #8933, Web_Delivery - Merge regsvr32_applocker_bypass_server & Add PSH(Binary)" 
This reverts commit 4999606b61, reversing
changes made to 4274b76473.
 2017-10-25 16:19:14 -05:00
Jeffrey Martin 0a858cdaa9 Revert "fix my comments from #8933" 
This reverts commit 02a2839577.
 2017-10-25 16:13:00 -05:00
Jeffrey Martin 02a2839577 fix my comments from #8933 2017-10-25 14:46:41 -05:00
Jeffrey Martin 4999606b61 Land #8933, Web_Delivery - Merge regsvr32_applocker_bypass_server & Add PSH(Binary) 2017-10-25 12:44:04 -05:00
Jeffrey Martin cfaa34d2a4 more style cleanup for tomcat_jsp_upload_bypass 2017-10-11 15:53:35 -05:00
Jeffrey Martin 9885dc07f7 updates for style 2017-10-11 15:29:47 -05:00
root 03e7797d6c fixed msftidy errors and added documentation 2017-10-11 07:57:01 -04:00
peewpw facc38cde1 set timeout for DELETE request 2017-10-09 21:53:31 -04:00
peewpw be8680ba3d Create tomcat_jsp_upload_bypass.rb 
Created a module for CVE-2017-12617 which uploads a jsp payload and executes it.
 2017-10-08 21:48:47 -04:00
h00die 7535fe255f land #8736 RCE for orientdb 2017-10-06 14:35:42 -04:00
William Vu 98ae054b06 Land #8931, Node.js debugger exploit 2017-09-25 14:00:13 -05:00
g0tmi1k 1ee590ac07 Move over to rex-powershell and version bump 
Version bump for:
- https://github.com/rapid7/rex-powershell/pull/10
- https://github.com/rapid7/rex-powershell/pull/11
 2017-09-25 13:45:06 +01:00
Tod Beardsley 5f66b7eb1a Land #8940, @h00die's second round of desc fixes 
One ninja edit along the way as well.
 2017-09-11 13:05:13 -05:00
Patrick Thomas 2966fb7c8c Accept @shawizard suggestion for formatting msg_body 2017-09-10 11:23:52 -07:00
Brent Cook 54a62976f8 update versions and add quick module docs 2017-09-08 13:59:29 -05:00
William Vu 978fdb07b0 Comment out PSH target and explain why 
I hope we can fix the PSH target in the future, but the Windows dropper
works today, and you can specify a custom EXE if you really want.
 2017-09-08 13:41:06 -05:00
Pearce Barry 2ebf53b647 Minor tweaks... 2017-09-08 10:04:47 -05:00
h00die 00c593e0a2 55 pages of spelling done 2017-09-07 21:18:50 -04:00
William Vu a9a307540f Assign cmd to entire case and use encode for XML 
Hat tip @acammack-r7. Forgot about that first syntax!
 2017-09-07 19:36:08 -05:00
William Vu 8f1e353b6e Add Apache Struts 2 REST Plugin XStream RCE 2017-09-07 19:30:48 -05:00
g0tmi1k accb77d268 Add PSH (Binary) as a target to web_delivery 2017-09-07 10:55:29 +01:00
Patrick Thomas 5d009c8d0b remove dead code 2017-09-06 23:21:56 -07:00
Patrick Thomas 048316864c remove redundant return 2017-09-06 23:01:13 -07:00
Patrick Thomas 97d08e0da4 fix reviewer comments 2017-09-06 22:53:02 -07:00
Patrick Thomas d71f7876b8 initial commit of nodejs debugger eval exploit 2017-09-06 22:29:24 -07:00