adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
61,306 Commits 27 Branches 1,043 Tags
aebdc0ddfca89f89840e9ff98c345eb84d0f3fa3
Commit Graph

4346 Commits

Author SHA1 Message Date
William Vu 2164d7ed5a Add log IOC 2021-07-12 20:54:54 -05:00
William Vu 1812a71d3d Add module doc 2021-07-12 13:07:05 -05:00
Tim W 39455827aa Land #15254, use obfuscated powershell protection bypasses 2021-07-12 12:20:17 +01:00
Grant Willcox 02ecc22751 Land #15386, Add module for CVE-2021-35464; pre-auth RCE in ForgeRock AM (and OpenAM) server 2021-07-09 17:01:25 -05:00
Grant Willcox 5c8aa9b802 Add in ForgeRock demonstration and fix up some last minor issues with the documentation to make it more accurate 2021-07-09 16:43:25 -05:00
Spencer McIntyre fba838f4e8 Update docs, pin version and fix the check method 2021-07-09 16:39:58 -04:00
Christophe De La Fuente 8b4bce35ca Fix issues from rubocop and msftidy_docs.rb 2021-07-09 15:47:11 +02:00
Christophe De La Fuente 5a71e7b0ee Merge remote-tracking branch 'upstream/pr/15154' into HEAD 2021-07-09 15:32:04 +02:00
William Vu 6fbaecf919 Backport print changes to recent modules 2021-07-08 21:26:35 -05:00
Grant Willcox 570ba091f6 Update some typos in the documentation and also update the exploit module to handle various cases whereby the dbus-send command might end up timing out due to TIMEOUT being too low and to fix some final issues found during testing 2021-07-08 16:24:01 -05:00
Grant Willcox 9f88ef0954 Fix up review comments 2021-07-08 16:22:29 -05:00
Jack Heysel 0f67dd5212 Fixed get_cmd_delay, reponded to comments 2021-07-08 16:20:38 -05:00
Jack Heysel 9a07039e7e Updated docs 2021-07-08 16:09:15 -05:00
Jack Heysel f87f831aba Module updates + Docs 2021-07-08 16:09:02 -05:00
Grant Willcox e9c748cccc Land #15385, Add Module For CVE-2021-1675 / CVE-2021-34527 AKA PrintNightmare 2021-07-07 17:05:40 -05:00
Grant Willcox 70fd9376e3 Final documentation improvements to explain SMB setup and improvements to module to fix one minor error output 2021-07-07 17:05:22 -05:00
Spencer McIntyre f42aa3742c Automatically reconnect to the named pipe 2021-07-07 13:25:51 -04:00
William Vu 8cd00bcb91 Update module doc 2021-07-06 22:25:35 -05:00
Spencer McIntyre d5d48949b2 Update PrintNightmare module docs 2021-07-06 16:30:51 -04:00
Spencer McIntyre a0bd903b50 Update module docs and the TARGETURI option 2021-07-06 15:52:50 -04:00
Spencer McIntyre bfc45359ff More documentation updates and address PR feedback 2021-07-06 11:27:06 -04:00
agalway-r7 410493f729 Land #15318, NSClient priv esc post module 2021-07-06 16:07:30 +01:00
Spencer McIntyre deb78275d0 Make the requested documentation changes 2021-07-06 09:55:19 -04:00
bwatters 0a43ec7e4a Add module for CVE-2021-35464; pre-auth RCE in ForgeRock OpenAM server 2021-07-02 16:05:39 -05:00
Spencer McIntyre 9c6b023b0d Add PrintNightmare module docs 2021-07-02 16:00:39 -04:00
Christophe De La Fuente eca20bec92 Update from code review 
- Fix documentation typos
- Rename `MeterpreterBackground` Mettle option to `MeterpreterTryToFork`
 2021-06-30 11:02:11 +02:00
Christophe De La Fuente ccaedd6c9a Last additions and improvements 
- add binaries
- add documentation
- backup `runc` binary in the exploit C file
- add `MeterpreterBackground` options to set Mettle `background` option
- add `WsfDelay` logic
- refactor code
- add cleanup logic
- add restore `runc` binary logic
 2021-06-30 11:02:11 +02:00
Shelby Pace a2a1b91a69 Land #15341, add wpdiscuz exploit 2021-06-25 16:22:02 -05:00
Shelby Pace 6d13f0627e formatting changes 2021-06-25 16:20:42 +02:00
Shelby Pace 1194e7d0f3 add guards, adjust formatting, add docs 2021-06-25 16:20:42 +02:00
Spencer McIntyre 9cc17095d4 Land #15282, CVE-2019-15975 Cisco DCNM auth bypass 2021-06-24 11:59:21 -04:00
Shelby Pace 3c7d96695e Land #15349, add rConfig vendors auth rce 2021-06-24 10:43:18 -05:00
Spencer McIntyre fe6b725d3f Update the documentation and fix a couple of bugs 2021-06-24 11:19:26 -04:00
Yann Castel 5ac025477a parent e7983c3b6f 
author Yann Castel <yann.castel@orange.com> 1622466490 +0200
committer Spencer McIntyre <Spencer_McIntyre@rapid7.com> 1624547674 -0400

Add an exploit for CVE-2019-15975 (Cisco DCNM)

add documentation

passed rubocop

edit documentation

set ssl to true by default

edit documentation

rubocop again

int return code was replaced by symbols

Update modules/auxiliary/admin/networking/cisco_dcnm_auth_bypass.rb

Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>

rubocop ok

various changes

Update modules/auxiliary/admin/networking/cisco_dcnm_auth_bypass.rb

Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>

Update modules/auxiliary/admin/networking/cisco_dcnm_auth_bypass.rb

Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>

various changes 2

various changes

Update modules/auxiliary/admin/networking/cisco_dcnm_auth_bypass.rb

Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>

adding some guards + module notes
 2021-06-24 11:19:25 -04:00
Shelby Pace df1faf85ff rename files, change version check, use cookie jar 2021-06-24 09:47:38 -05:00
Spencer McIntyre 397c9ef140 Land #15333, Cisco HyperFlex File Upload RCE 2021-06-17 13:40:39 -04:00
Jack Heysel 281fce0c94 Cisco HyperFlex File Upload RCE module 
beta draft

RCE working with linux/x64/meterpreter_reverse_tcp

rubocop

Updated title, removed newlines

Responded to comments

Rubo cop offenses

Update documentation/modules/exploit/linux/http/cisco_hyperflex_file_upload_rce.md

Co-authored-by: wvu <wvu-r7@users.noreply.github.com>

Update modules/exploits/linux/http/cisco_hyperflex_file_upload_rce.rb

Co-authored-by: wvu <wvu-r7@users.noreply.github.com>

Update modules/exploits/linux/http/cisco_hyperflex_file_upload_rce.rb

Co-authored-by: wvu <wvu-r7@users.noreply.github.com>

Update modules/exploits/linux/http/cisco_hyperflex_file_upload_rce.rb

Co-authored-by: wvu <wvu-r7@users.noreply.github.com>

Update modules/exploits/linux/http/cisco_hyperflex_file_upload_rce.rb

Co-authored-by: wvu <wvu-r7@users.noreply.github.com>

Responded to comments

Rubocop offenses

Added support for Java Dropper

Made changes to Linux Dropper

Rubocop

Improved check method, changed to default staged paylod, removed TODO

Switched to single-quoted strings
 2021-06-17 12:38:47 -04:00
Yann Castel dca4f3f471 fix download link 2021-06-17 15:19:42 +02:00
Yann Castel 0fda6b348d initial commit 2021-06-17 15:15:59 +02:00
Grant Willcox 62f9d15ba3 Land #15314, Add Exploit for CVE-2021-31181 (SharePoint RCE) 2021-06-16 10:39:49 -05:00
Grant Willcox 464dcdf578 Land #15239, ipfire <= 2.25 Core Update 156 pakfire.cgi Authenticated RCE 2021-06-14 18:01:24 -05:00
Grant Willcox 537a7763f5 Land #15337, Update apache_activemq_upload_jsp.rb to fix missing checks and add missing slashes to some requests 2021-06-14 15:28:40 -05:00
Grant Willcox 5b274770ef Update exploit code to add missing slashes to certain important parts of the code where the exploit might fail if a custom path is supplied, and also improve the error handling in the code overall 2021-06-14 15:02:38 -05:00
adfoster-r7 e40fcafbf1 Land #15339, fix typo in wp_admin_shell_upload.md 2021-06-14 18:04:30 +01:00
adfoster-r7 fb0e0f88a9 Land #15215, HashiCorp Nomad exec RCE 2021-06-14 17:49:36 +01:00
Spencer McIntyre d1be69eae6 Implement changes based on PR feedback 2021-06-14 10:15:27 -04:00
Florian CASAGRANDE 6e3e27984b Update wp_admin_shell_upload.md 2021-06-13 13:53:08 +02:00
h00die 0f16c1a633 Land #14836, emby ssrf module and scanner for cve-2020-26948 2021-06-12 15:18:12 -04:00
h00die 65bbe021bc updated docs 2021-06-12 15:08:53 -04:00
Spencer McIntyre edee95bbb2 Update the check to not fail if a COOKIE is used 2021-06-10 11:29:07 -04:00