adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
42,876 Commits 27 Branches 1,043 Tags
b9f5ebcf663934fd95eb4f144e883a7ea4ab628f
Commit Graph

921 Commits

Author SHA1 Message Date
Pearce Barry a2602bf514 Land #8600, Add GoAutoDial 3.3 RCE Command Injection / SQL injection module 2017-06-30 17:32:51 -05:00
Pearce Barry dd530a2953 Minor indentation tweaks. 2017-06-30 17:29:43 -05:00
Brent Cook d20036e0fb revise spelling, add heartbleed and tidy checks 2017-06-28 18:50:20 -04:00
Brent Cook 461ab4501d add 'Also known as', AKA 'AKA', to module references 2017-06-28 15:53:00 -04:00
dmohanty-r7 18410d8230 Land #8540, Add Symantec Messaging Gateway RCE 2017-06-22 19:00:32 -05:00
Brent Cook 4fdd77f19a Land #8051, Add Netgear DGN2200v1/v2/v3/v4 Command Injection Module 2017-06-22 11:46:40 -05:00
Brent Cook a4e8cdfa6e msftidy fixes 2017-06-22 11:44:40 -05:00
Jin Qian b51fc0a34e Land #8489, more httpClient modules use store_valid_credential 2017-06-21 17:18:34 -05:00
mccurls 8c23769cbc Updated module to use an instance variable for using HTTP session tokens across functions. 2017-06-18 12:59:34 +10:00
mccurls 19ceb53304 Modified payload handling and uploaded documentation 2017-06-18 02:04:22 +10:00
mccurls 07051d1f00 Removed whitespace 2017-06-17 09:59:46 +10:00
mccurls 8eb59eac3f Stuffed up regex.. left some random $ characters floating around and have now removed them. 2017-06-17 08:03:09 +10:00
mccurls 6363a319d2 Fixed Typo 2017-06-17 07:32:17 +10:00
mccurls b34bf76fea Adding GoAutoDial RCE module 2017-06-17 07:22:41 +10:00
Tod Beardsley 49383f8f3a Update and fix grammar to the CryptoLog module 
After talking to the vendor, it appears that the PHP version of CryptoLog has been EOL'ed since 2009. It has since been replaced with an ASP.NET version, which, obviously, is no longer vulnerable to these PHP exposures.
 2017-06-15 13:00:44 -05:00
Mehmet Ince c147779097 Add CVE number to the symantec-messaging-gateway-exec module 2017-06-14 23:07:58 +03:00
Mehmet Ince 6ae540d889 Adding Symantec messaging gateway rce 2017-06-10 12:23:12 +03:00
Brent Cook bac17a8e80 Land #8053, Add DC/OS Marathon UI Exploit 2017-06-06 09:29:26 -05:00
Jeffrey Martin 0e145573fc more httpClient modules use store_valid_credential 2017-05-30 14:56:05 -05:00
wolfthefallen 9c93aae412 Removed self.class from register 2017-05-30 10:07:07 -04:00
wolfthefallen bac23757a4 Updated based on busterb comments 2017-05-30 09:33:03 -04:00
James Lee e3f4cc0dfd Land #8345, WordPress PHPMailer Exim injection 
CVE-2016-10033
 2017-05-16 15:07:21 -05:00
William Vu 35670713ff Remove budding anti-patterns to avoid copypasta 
While it offers a better OOBE, don't set a default LHOST. Force the user
to think about what they're setting it to. Also, RequiredCmd is largely
unnecessary and difficult to determine ahead of time unless the target
is a virtual appliance or something else "shipped."
 2017-05-15 12:56:14 -05:00
William Vu 231510051c Fix uri_str for exploit 2017-05-11 16:30:10 -05:00
Jeffrey Martin 05bf16e91e Land #8331, Adding module CryptoLog Remote Code Execution 2017-05-05 18:24:14 -05:00
Mehmet Ince 720a02f5e2 Addressing Spaces at EOL issue reported by Travis 2017-05-05 11:05:17 +03:00
Mehmet Ince 58d2e818b1 Merging multiple sqli area as a func 2017-05-05 10:49:05 +03:00
darkbushido 81bcf2ca70 updating all LHOST to use the new opt type 2017-05-04 12:57:50 -05:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings 
Also fixed rex requires.
 2017-05-03 15:44:51 -05:00
Mehmet Ince d04e7cba10 Rename the module as well as title 2017-05-03 19:18:46 +03:00
Mehmet Ince ae8035a30f Fixing typo and using shorter sqli payload 2017-05-03 16:45:17 +03:00
Mehmet Ince db2a2ed289 Removing space at eof and self.class from register_options 2017-05-03 01:31:13 +03:00
Mehmet Ince 77acbb8200 Adding cryptolog rce 2017-05-03 01:05:40 +03:00
Brent Cook a60e5789ed update mettle->meterpreter references in modules 2017-04-26 17:55:10 -05:00
wchen-r7 e333cb65e5 Restore require 'msf/core' 2017-04-24 17:09:02 -05:00
Matthias Brun d3aba846b9 Make minor changes 2017-04-24 23:35:36 +02:00
h00die 8e4c093a22 added version numbers 2017-04-22 09:45:55 -04:00
Matthias Brun 714ada2b66 Inline execute_cmd function 2017-04-21 15:32:15 +02:00
Matthias Brun 8218f024e0 Add WiPG-1000 Command Injection module 2017-04-20 16:32:23 +02:00
Tod Beardsley 1fcc1f7417 Trailing comma. Why isn't this Lua? 2017-04-18 14:27:44 -05:00
Tod Beardsley 4ec71f9272 Add a reference to the original PR 
This was the source of first public disclosure, so may as well include
it.
 2017-04-18 14:20:25 -05:00
Ahmed S. Darwish e21504b22d huawei_hg532n_cmdinject: Use send_request_cgi() 'vars_get' key 
Instead of rolling our own GET parameters implementation.

Thanks @wvu-r7!
 2017-04-17 09:11:50 +02:00
Ahmed S. Darwish 7daec53106 huawei_hg532n_cmdinject: Improve overall documentation 
- Add section on compiling custom binaries for the device
- Add documentation for Huawei's wget flavor (thanks @h00die)
- Abridge the module's info hash contents (thanks @wwebb-r7)
- Abridge the module's comments; reference documentation (@h00die)
 2017-04-17 08:00:51 +02:00
Ahmed S. Darwish 8a302463ab huawei_hg532n_cmdinject: Use minimum permissions for staged binary 
Use u+rwx permissions only, instead of full 777, while staging the
wget binary to target. As suggested by @wvu-r7 and @busterb.
 2017-04-17 03:27:57 +02:00
Ahmed S. Darwish 7ca7528cba huawei_hg532n_cmdinject: Spelling fixes suggested by @wvu-r7 2017-04-17 03:23:20 +02:00
Ahmed S. Darwish 7b8e5e5016 Add Huawei HG532n command injection exploit 2017-04-15 21:01:47 +02:00
Bryan Chu 151ed16c02 Re-ranking files 
../exec_shellcode.rb
Rank Great -> Excellent

../cfme_manageiq_evm_upload_exec.rb
Rank Great -> Excellent

../hp_smhstart.rb
Rank Average -> Normal
 2017-04-02 18:33:46 -04:00
Bryan Chu 5e31a32771 Add missing ranks 
../exec_shellcode.rb
Rank = Great
This exploit is missing autodetection and version checks,
but should be ranked Great due to high number of possible targets

../cfme_manageiq_evm_upload_exec.rb
Rank = Great
This exploit implements a check to assess target availability,
and the vulnerability does not require any user action

../dlink_dcs_930l_authenticated_remote_command_execution
Rank = Excellent
Exploit utilizes command injection

../efw_chpasswd_exec
Rank = Excellent
Exploit utilizes command injection

../foreman_openstack_satellite_code_exec
Rank = Excellent
Exploit utilizes code injection

../nginx_chunked_size
Rank = Great
Exploit has explicit targets with nginx version auto-detection

../tp_link_sc2020n_authenticated_telnet_injection
Rank = Excellent
See dlink_dcs_930l_authenticated_remote_command_execution,
exploit uses OS Command Injection

../hp_smhstart
Rank = Average
Must be specific user to exploit, no autodetection,
specific versions only
 2017-03-31 02:39:44 -04:00
Pearce Barry 9db2e9fbcd Land #8146, Add Default Secret & Deserialization Exploit for Github Enterprise 2017-03-24 14:38:47 -05:00
William Webb e04f01ed6b Land #7778, RCE on Netgear WNR2000v5 2017-03-23 15:34:16 -05:00