adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
68,567 Commits 27 Branches 1,043 Tags
b7b1df23eaefb69a331ecb74a30ff6cd744c6d1a
Commit Graph

99 Commits

Author SHA1 Message Date
Christophe De La Fuente d1a7170020 Land #17021, Gitea Git fetch RCE module - CVE-2022-30781 2022-11-17 12:28:29 +01:00
krastanoel 645a1c25a3 Update method documentation and indentation 2022-11-09 16:27:31 +07:00
krastanoel 13bb31feeb Update module 
- move repository migration to execute_command.
NOTE: the stageless payload is still unsuccessfull but keep this anyway for christophe to review.
 2022-11-09 04:52:18 +07:00
krastanoel a50cca27e6 remove cookie_jar manipulation 2022-11-09 00:48:23 +07:00
krastanoel 52d867bbc7 follow Ruby coding convetions 
- combine gitea_version into get_gitea_version for the check method
- validate empty username
 2022-11-09 00:41:30 +07:00
krastanoel c980f4f9ee add more custom error exception 2022-11-09 00:27:12 +07:00
krastanoel 540984804d Apply suggestions from code review 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-11-08 14:09:31 +07:00
Jack Heysel 45ddcf02c9 Remove unused mix in, add low bound to check 2022-11-01 10:42:43 -05:00
jheysel-r7 af9175325b Update lib/msf/core/exploit/remote/http/webmin/login.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2022-11-01 10:42:42 -05:00
Jack Heysel ad5b03ed96 Finished TODOs and added docs 2022-11-01 10:40:00 -05:00
h00die 06aefb630a string true to bool true 2022-10-03 19:50:04 -04:00
krastanoel aa0dc86bd8 get csrf from the html body instead 2022-10-01 19:59:23 +07:00
krastanoel 02b5f8678c add repository error class 2022-10-01 17:43:42 +07:00
krastanoel e9d8068078 update and tidy the lib comments 2022-10-01 16:22:21 +07:00
krastanoel cc2db82886 add repository create and migrate helpers 2022-10-01 01:13:28 +07:00
krastanoel 29944a0a1b add repository create and migrate url 2022-10-01 01:12:54 +07:00
krastanoel c5d3867980 add migration error class 2022-10-01 01:11:58 +07:00
krastanoel 88e4261a88 Add common lib for Gitea repository 2022-10-01 01:10:55 +07:00
krastanoel cbff63958c Move version check and login to common library 2022-09-30 22:09:01 +07:00
adfoster-r7 f65119b353 Support OpenSSL3 and run Ubuntu 22.04 in test matrix 2022-08-03 15:49:53 +01:00
Jack Heysel 04f042ae47 Land #16221, a wordpress_scanner bug fix 
Adjust wordpress_url_rest_api definition to support
sites that don't place REST API under /index.php/
 2022-04-13 14:22:17 -07:00
Grant Willcox ce062973cb Make changes from review process, redo code for module to make it make less requests, and generally improve overal operations. 2022-03-17 11:29:05 -05:00
Grant Willcox c1d6dced8d Update library code to read exchange versions from exchange_versions.json and populate exchange_versions.json with initial info 2022-03-17 11:29:01 -05:00
Grant Willcox 419c9ea554 Fix review comments to simplify regex, and also add in new is_exchange? function to check if a target is running Exchange Server or not. 2022-03-17 11:29:00 -05:00
Grant Willcox 1f53e9d1c4 Rubocop and fix a mistake on commenting too much of the code out from testing 2022-03-17 11:29:00 -05:00
Grant Willcox 269cd5cfed Add in Exchange Version mixin and module example 2022-03-17 11:28:53 -05:00
Grant Willcox 94ca15686f Fix issue hwereby some sites don't expose the WordPress API under the /index.php/ directory but instead under the root directory. This allows us to expand support for these websites. 2022-02-24 11:39:17 -06:00
Jake Baines 9758251278 Initial commit of CVE-2021-37343 2022-02-05 18:21:18 -08:00
h00die 990e4a1e7a pihole new module and lib 2022-01-02 11:48:41 -05:00
h00die c3e0f455ec some cleanup for rubocop 2021-12-30 15:35:22 -05:00
alanfoster 9346a43e4a Improve kube exec reliability 2021-11-05 02:38:44 +00:00
adfoster-r7 b306641755 Print token claims 2021-10-21 11:05:51 +01:00
adfoster-r7 f28ced60ee Correctly store extracted loot 2021-10-21 11:02:10 +01:00
adfoster-r7 adbe6070ab PR feedback 2021-10-21 11:02:09 +01:00
adfoster-r7 c0ba4bd619 Add kubernetes enum module 2021-10-21 11:01:25 +01:00
adfoster-r7 2f86b332f5 Land #15733, Add Module For Kubernetes Pod Authenticated Code Execution 2021-10-21 10:46:20 +01:00
Spencer McIntyre d8f2b18649 Implement review feedback 2021-10-01 14:44:13 -04:00
Spencer McIntyre 32540247cb Move the Kubernetes client into a library file 2021-10-01 10:32:12 -04:00
h00die 65aae010ce more libs for moodle and teacher priv esc to rce module 2021-09-04 13:31:11 -04:00
h00die 77dff0fc13 working admin shell 2021-09-01 17:49:17 -04:00
h00die 3580920dde moving more to libs 2021-09-01 17:36:38 -04:00
h00die 5e17074259 moodle_teacher_enrollement_priv_esc working but not full exploit chain 2021-08-31 16:52:08 -04:00
h00die 176c1f0751 moodle lib and module 2021-08-29 10:50:25 -04:00
A Galway 5e732ddd42 changes parse to take an origin and updates tests 2021-08-03 18:22:23 +01:00
A Galway ff111ecd13 remove silent catches of http-cookie argument errs 2021-07-30 17:33:04 +01:00
agalway-r7 3668230d44 reposition self return in add 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2021-07-30 16:16:12 +01:00
agalway-r7 33a34af0df improve error handling 
Co-authored-by: dwelch-r7 <Dean_Welch@rapid7.com>
 2021-07-30 16:06:53 +01:00
A Galway c7d4155511 add origin to httpcookie and supporting tests 2021-07-28 14:04:48 +01:00
A Galway 80f809bc78 handled cookies without valid domain value 2021-07-26 14:29:03 +01:00
A Galway e3dbd3a990 fixes bug caused by attrs with string keys 2021-07-20 15:02:41 +01:00