adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,775 Commits 27 Branches 1,043 Tags
ba2f786bbba7775dec47cd325b428e39e7eaecf2
Commit Graph

2474 Commits

Author SHA1 Message Date
gwillcox-r7 c151b93ba4 Fix up clarity and spelling issues in module and documentation 2020-04-13 16:28:39 -05:00
Mehmet İnce b7a1fbdde2 Fixed documentation and login method 2020-04-13 18:55:56 +03:00
Mehmet İnce 706a395bc0 Fixed 2nd round of suggested changes 2020-04-13 11:22:02 +03:00
Mehmet İnce d906c3dc77 Fixed reviews suggestions 2020-04-11 14:38:19 +03:00
Mehmet İnce eb7d2f821d Adding CVE number 
Signed-off-by: Mehmet İnce <mehmet@mehmetince.net>
 2020-04-11 12:22:17 +03:00
Mehmet İnce 5d04c2b4a5 Adding documentation and module description 
Signed-off-by: Mehmet İnce <mehmet@mehmetince.net>
 2020-04-11 12:22:17 +03:00
Mehmet İnce 7c2f65da36 Adding vestacp exec 
Signed-off-by: Mehmet İnce <mehmet@mehmetince.net>
 2020-04-11 12:22:17 +03:00
Shelby Pace 7934d1de09 Land #13098, add Pandora FMS module 2020-04-06 11:42:24 -05:00
Shelby Pace a3c07b7cc1 use nospace opt, fix regex, iterate id_agente 2020-04-06 11:34:13 -05:00
Green-m 92fb321f9f Satify the msftidy_docs. 2020-03-28 11:46:55 +08:00
Green-m 4b1762081f Renane module to redis_extension_cmd_exec. 
Fix #12143
 2020-03-28 11:37:18 +08:00
Shelby Pace 5f0c9942d2 Land #12756, add dlink dwl2600 exploit 2020-03-27 12:38:35 -05:00
Shelby Pace 8aa4d7a944 remove mixins, add CVE 2020-03-27 12:37:40 -05:00
Nicholas Starke bb21c8f6d8 Finishing Touches on DLINK DWL 2600 Module 
These last finishing touches complete the DLINK DWL 2600 Module.  The
fixes include making renaming token to @token and adding the noconcat
CmdStager option.
 2020-03-26 20:13:55 -05:00
Shelby Pace dc9e215318 remove unused code / add option 2020-03-26 16:05:56 -05:00
Shelby Pace f191eb00c9 add command stager 2020-03-26 16:05:56 -05:00
Adam Cammack 5ce4929834 Fix has_check? conflict in redis_unauth_exec 
Importing `Msf::Auxiliary::Scanner` at all will override the default
`has_check?` check and add a its own `check` method. This redefines
`has_check?` to allow usage of the Redis mixin while using an
exploit-style `check` method.

Fixes #13095
 2020-03-25 10:07:08 -05:00
Onur ER 9954fae7ff Update pandora_ping_cmd_exec.rb 2020-03-23 21:44:33 +03:00
Onur ER b1fb946533 Update modules/exploits/linux/http/pandora_ping_cmd_exec.rb 
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-03-23 17:29:23 +03:00
Onur ER 8ba7b05eb7 Update modules/exploits/linux/http/pandora_ping_cmd_exec.rb 
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-03-23 17:27:00 +03:00
Onur ER 5ccda4b567 Added Pandora FMS 7.0NG exploit 
Pandora FMS (for Pandora Flexible Monitoring System) is software for
monitoring computer networks. Pandora FMS allows monitoring in a visual
way the status and performance of several parameters from different
operating systems, servers, applications and hardware systems such
as firewalls, proxies, databases, web servers or routers.

This module exploits a vulnerability found in Pandora FMS 7.0 NG and lower.
The vulnerability exists on the `net_tools.php` component, due to the insecure
usage of the `system()` PHP function.
 2020-03-19 22:50:00 +03:00
Shelby Pace 922f1ec708 Land #12901, add Centreon poller rce 2020-03-17 12:16:29 -05:00
Shelby Pace 2717683825 change message 2020-03-17 12:15:06 -05:00
Shelby Pace 98f4642c2d remove comments / check 2020-03-17 10:33:12 -05:00
Alan Foster 5d9d3926e4 Land #13066, add rConfig 3.9 RCE module 2020-03-16 11:18:59 +00:00
RAMELLA Sébastien 0efe53d869 fix somes code review comments. 2020-03-15 13:30:23 +04:00
Viking ff2421163b Fix Travis-CI errors 2020-03-13 10:42:40 +01:00
Viking 5bbabd6f2a Add tips to description. 2020-03-13 10:03:27 +01:00
Viking 7874308fae Last typo fixes. No priv required on webapp. 2020-03-13 09:18:50 +01:00
Viking a8e881452b Add greetz to my colleagues who tested this module 2020-03-13 06:42:48 +01:00
Viking 885c8b8a56 Fix formatting issues, and add EDB link for SQLi 2020-03-12 16:17:53 +01:00
Viking e6b9610841 Update modules/exploits/linux/http/rconfig_ajaxarchivefiles_rce.rb 
Co-Authored-By: acammack-r7 <adam_cammack@rapid7.com>
 2020-03-12 15:59:09 +01:00
Viking 2cac8f4e3a Update modules/exploits/linux/http/rconfig_ajaxarchivefiles_rce.rb 
Co-Authored-By: acammack-r7 <adam_cammack@rapid7.com>
 2020-03-12 15:58:38 +01:00
Viking 3f7aed3c0a Fix Travis-CI errors 2020-03-12 13:44:47 +01:00
Viking 60d86cf25d Update rconfig_ajaxarchivefiles_rce.rb 2020-03-12 11:44:05 +01:00
Viking 94f082fe4a Create rconfig_ajaxarchivefiles_rce.rb 2020-03-12 11:41:12 +01:00
Christophe De La Fuente 7c54066b0e Land #13004, Nagios XI RCE module 2020-03-09 15:57:58 +01:00
kalba-security 96ae2cf9a2 Incorporate additional suggestions from code review. 2020-03-09 11:56:15 +02:00
kalba-security 8b778bffc0 Incorporate suggestions from code review 2020-03-06 15:50:34 +02:00
Alan Foster 3a046f01da Run rubocop -a on subset of files 2020-03-06 10:41:45 +00:00
Shelby Pace 12faf3fad5 Land #12959, add eyes of network rce module 2020-03-02 15:22:51 -06:00
Shelby Pace c16edad4e6 add verify_api method, checks on data 2020-03-02 15:10:46 -06:00
kalba-security f60f60db7f Set stance to aggressive to prevent the HTTPServer mixing from trying to make this a job 2020-02-28 13:01:51 +02:00
kalba-security 5ee7fcaf4a Add simple changes suggested in code review. 2020-02-28 12:14:38 +02:00
kalba-security 99ed3afab3 Change filenames for consistency with existing modules 2020-02-27 17:08:23 +02:00
kalba-security 280d1767b4 Add Nagios XI < 5.6.6. exploit module and documentation 2020-02-27 16:58:15 +02:00
Alan Foster af9d2a28de Fix msftidy warnings 2020-02-26 14:56:08 +00:00
Alan Foster 6bac1ec2aa Remove executable flags from exploit files 2020-02-26 10:39:50 +00:00
Jeffrey Martin 578bf9999f Land #12955, Update logic for ForceExploit in modules 2020-02-21 15:45:12 -06:00
Christophe De La Fuente f484e6c83c Land #12862, Apache James 2.3.2 arbitrary file write exploit module 2020-02-20 10:41:13 +01:00