adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
69,453 Commits 27 Branches 1,043 Tags
ac9caa88946571d0733b321ecab0ec1de00a8f90
Commit Graph

5450 Commits

Author SHA1 Message Date
cgranleese-r7 80dbbca020 Land #17371, Lenovo Diagnostics Driver Privilege Escalation (CVE-2022-3699) 2023-02-03 13:43:04 +00:00
Jack Heysel 6ab7e177f4 Land #17392, add F5 Big-IP priv esc module 
Add a privilege escalation module for F5 that uses
the unsecured MCP socket to create a new root account
 2023-02-02 15:10:33 -05:00
Jack Heysel f4ad778bd0 Added missing session types 2023-02-02 13:29:43 -05:00
Jack Heysel af2ef53462 Land #17415, macOS dirty cow priv esc 2023-02-02 12:15:19 -05:00
Jack Heysel 4de5e44bda Documentation 2023-02-02 10:38:26 -05:00
adfoster-r7 6870efc34a Land #17426, Update all references to old Wiki to point to new docs site 2023-02-01 23:49:20 +00:00
Jack Heysel c90a6f9068 Land #17406, veeam_credential_dump post module 
Veeam Backup & Recovery and Veeam ONE Monitor credential
capture post module for versions 9.x and 11.x.
 2023-02-01 17:29:05 -05:00
Ron Bowes cf172d22c8 Get rid of #String.hash in favour of UnixCrypt 2023-02-01 11:02:04 -08:00
Ron Bowes 1094221468 Merge branch 'rapid7:master' into f5-createuser-privesc 2023-02-01 10:20:43 -08:00
Ron Bowes 638a1c519d Update documentation/modules/exploit/linux/local/f5_create_user.md 
Better demo exploit

Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-02-01 10:14:25 -08:00
h00die 5a374533af cve-2022-1043 2023-01-31 16:02:25 -05:00
h00die 8d58eb6279 cve-2022-1043 2023-01-31 16:02:25 -05:00
Jack Heysel 022760d24a Land #17300, linux LPE cve-2022-22942 module 
This PR adds a linux priv esc against VMWare virtual machines
 with kernel 4.14-rc1 - 5.17-rc1 due to a VMWare driver bug.
 2023-01-31 14:07:55 -05:00
adfoster-r7 bbf17c167c Land #17511, add exploit for CVE-2022-44877 command injection in CentOS Control Web Panel 2023-01-31 14:05:19 +00:00
adfoster-r7 433099e539 Land #17563, modules/exploits/multi/local: Resolve Rubocop and msftidy_docs violations 2023-01-30 22:16:41 +00:00
Spencer McIntyre 902eaa2562 Add new queries and attributes for ldap_query 2023-01-30 16:24:23 -05:00
adfoster-r7 c68ab9b77f Add Metasploit prompt color highlighting to docs 2023-01-28 22:43:33 +00:00
bcoles e11aaa8027 modules/exploits/multi/local: Resolve Rubocop and msftidy_docs violations 2023-01-28 15:02:24 +11:00
Grant Willcox 6043d0ffba Update all links from Wiki site to new docs site. 2023-01-27 09:58:53 -06:00
adfoster-r7 672fb9ce9f Land #17460, add support for feature kerberos authentication 2023-01-26 17:47:27 +00:00
adfoster-r7 2d30909a2f Change option name namespacing convention 2023-01-26 16:17:50 +00:00
Spencer McIntyre f81195d0cc Fix a typo 2023-01-25 13:45:18 -05:00
dwelch-r7 4f574d141a Land #17533, Combine pkinit_login with get_ticket 2023-01-25 15:43:12 +00:00
Spencer McIntyre c7ba117fed Land #17534, Update kerberos cipher negotiattion 
Update kerberos to negotiate rc4 if aes256 is disabled
 2023-01-25 10:19:40 -05:00
Spencer McIntyre dbe9ee3a77 Update documentation 2023-01-25 08:39:52 -05:00
Spencer McIntyre a5e2c5b3b7 Unify pkinit_login with get_ticket 2023-01-25 08:36:26 -05:00
adfoster-r7 4c50456b6a Update docs to support links with anchors 2023-01-25 12:16:15 +00:00
adfoster-r7 d18beb486d Update kerberos to negotiate rc4 if aes256 is disabled 2023-01-25 00:27:00 +00:00
space-r7 153af9fb68 Land #17407, add Cacti unauth command injection 2023-01-23 13:06:46 -06:00
Spencer McIntyre 6fe0933c1e Add exploit for CVE-2022-44877 2023-01-20 09:04:24 -05:00
adfoster-r7 4c17b93ca8 Update get ticket module to use aes_key and username convention 2023-01-20 10:47:35 +00:00
Jack Heysel 4da94325f3 Rubocop 2023-01-19 13:52:58 -05:00
Christophe De La Fuente 1e94adc3ab Land #17479, Wordpress paid membership pro unauthenticated sqli (CVE-2023-23488) 2023-01-19 15:36:00 +01:00
Jack Heysel 63d9445911 Fix for Win Server 2022 and 2019 2023-01-19 00:52:38 -05:00
Grant Willcox 82fe7120d4 Update ADCS to be AD CS so we have appropriate spelling 2023-01-18 17:07:48 -06:00
Spencer McIntyre ebfcfd4cb9 Land #17066, Add module for Certifried 
Add exploit module for Certifried exploit
 2023-01-18 14:51:03 -05:00
npm-cesium137-io 8ed4f59c60 veeam_credential_dump refinement 
Fixed stupid typo in markdown.

Fixed a bug in the export code that prevented the disposition column
from being exported.
 2023-01-18 14:27:28 -05:00
Christophe De La Fuente 2072111713 Fix from code review & some improvments 
- Improve option validation
- Always request an impersonated TGS for `cifs/...` SPN
- SPN option now is used to request an additional TGS for another SPN
- Add exception handling for Kerberos errors
- Only remove the computer account if it has been created
 2023-01-18 19:28:06 +01:00
adfoster-r7 c55fcb6ca6 Add additional kerberos documentation 2023-01-18 16:58:34 +00:00
Jack Heysel 2c2bfec4a0 Tested on Windows Build 19044, 19045 and 22000 2023-01-18 01:41:30 -05:00
bwatters 607dd9f081 Land #17348, New exploit for CVE-2022-46770 Mirage firewall DoS 
Merge branch 'land-17348' into upstream-master
 2023-01-17 16:52:38 -06:00
h00die be7ca91a8f cve-2022-22942 2023-01-17 15:30:36 -05:00
Grant Willcox 7e23c34e6c Apply fixes per code review 2023-01-17 12:44:22 -06:00
h00die-gr3y da3ae22135 added documentation 2023-01-17 12:44:20 -06:00
h00die 1888264d4d wordpress paid membership pro 2023-01-14 08:34:10 -05:00
h00die 0ac4d3d2e6 doc how to set permissions on service 2023-01-13 17:07:17 -05:00
Spencer McIntyre 3ddcf73c2b Remove the QUICK option altogether 
Use blocks to check whether each service is exploitable as they are
enumerated. With this change, it is the service and path enumeration
halts once an exploitable one is found that yields a session.

Also all files are registered for cleanup.
 2023-01-13 17:06:42 -05:00
h00die 90a12cf3b0 unquoted service path tweaks 2023-01-13 17:06:42 -05:00
h00die c52eb09cbb unquoted service path tweaks 2023-01-13 17:06:42 -05:00
adfoster-r7 eddac9321c Merge 6.2.36 master into kerberos feature branch 2023-01-13 17:31:02 +00:00