adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,838 Commits 27 Branches 1,043 Tags
baae9db092a4eaa4e6f3df65d22eded18d5fd20c
Commit Graph

6419 Commits

Author SHA1 Message Date
bwatters-r7 9474b5fda1 Land #13187, Add LPE Exploit For CVE-2020-0796 (AKA: SMBGhost) (take2) 
Merge branch 'land-13187' into upstream-master
 2020-04-03 11:25:48 -05:00
bwatters-r7 182bd67287 Land #13187, Add LPE Exploit For CVE-2020-0796 (AKA: SMBGhost) 
Merge branch 'land-13187' into upstream-master
 2020-04-03 11:19:50 -05:00
Spencer McIntyre 94f18cc67a Add the AKA reference to CoronaBlue for accuracy 2020-04-03 11:01:43 -04:00
Spencer McIntyre 126b9e2172 Address PR comments for CVE-2020-0796 2020-04-03 08:56:53 -04:00
Spencer McIntyre 276475c308 Check compression in the check method for SMBGhost 2020-04-02 17:35:17 -04:00
Spencer McIntyre 3392fa18d4 Add the x64 LPE exploit for CVE-2020-0796 2020-04-02 17:22:00 -04:00
Adam Galway e8d134fc56 Land #12096, DNN cookie desrialization exploit 2020-04-02 15:57:46 +01:00
bwatters-r7 beb53254c7 Land #13122, Add Exploit Module For CVE-2020-0646 (SharePoint Workflows XOML RCE) 
Merge branch 'land-13122' into upstream-master
 2020-03-25 11:24:15 -05:00
Spencer McIntyre 54edd201e4 Cleanup cmdstager options 2020-03-24 17:14:47 -04:00
Spencer McIntyre a69f3eb946 Use the correct its instead of it's 2020-03-24 16:44:18 -04:00
Spencer McIntyre a0cd00dac7 Cleanup module doc and comments for CVE-2020-0646 2020-03-24 10:15:58 -04:00
h00die 0b4c047411 doc cleanup 2020-03-24 08:47:21 -04:00
Spencer McIntyre 0832604131 Finish up the CVE-2020-0646 SharePoint RCE 2020-03-23 18:14:28 -04:00
Spencer McIntyre 6c24ed4c96 Initial SharePoint WorkFlows XOML RCE module 2020-03-20 17:57:54 -04:00
William Vu ddefafab78 Revert "Patch serialVersionUID in the library" 
This reverts commit eaf8554e69.
 2020-03-13 17:36:40 -05:00
Spencer McIntyre 2a5c43302b Land #13071, add ManageEngine Desktop Central RCE 2020-03-13 15:20:57 -04:00
William Vu 02e2072a87 Update module traits after joint testing 2020-03-13 14:01:54 -05:00
William Vu eaf8554e69 Patch serialVersionUID in the library 2020-03-13 13:17:26 -05:00
William Vu c11be38e1c Default to certutil CmdStager 2020-03-13 12:38:07 -05:00
William Vu 03ff32210e Fix CmdStager target 2020-03-13 12:26:45 -05:00
William Vu 0806e9ef42 Add CmdStager target back in so we can debug it 2020-03-13 11:17:37 -05:00
William Vu 4f6720f962 Add TARGETURI back in 2020-03-13 11:05:14 -05:00
dwelch-r7 b1225d4d72 Land #13062, Remove preceeding whitespace from module name 2020-03-13 13:08:50 +00:00
William Vu 83387212a7 Update language to address different patches 2020-03-12 17:50:13 -05:00
William Vu 0b117849d0 Note specific patch versions 
Hat tip @sranjit-r7.
 2020-03-12 17:40:46 -05:00
William Vu a908ceb58a Add ManageEngine Desktop Central exploit 2020-03-12 17:36:53 -05:00
Christophe De La Fuente f7d8c43722 Land #13040, SQL Server Reporting Services ViewState deserialization RCE 2020-03-12 18:26:01 +01:00
Alan Foster 54878d3f68 Remove preceding whitespace from module name 2020-03-12 01:12:00 +00:00
Spencer McIntyre f3d38e147d Replace another use with the target type 2020-03-09 11:43:26 -04:00
Spencer McIntyre b148e9da30 Land #13042, use VHOST when creating the full URI 2020-03-09 10:40:03 -04:00
Brent Cook b19ed20d0a Land #12990, Add initial rubocop rules to consistently format modules 2020-03-09 09:24:46 -05:00
Brent Cook a10f51e1f9 manually realign shellcode. Note below: 
The linter here indents strangely only in the case where you have a
standalone string literal without an assignment nor a return or
function/method call. In all other cases it aligns properly. Given that
this really is easy to work around, with what looks like beneficial code
changes, this is still far worth the benefit.

See https://github.com/rapid7/metasploit-framework/pull/12990#pullrequestreview-369907902
 2020-03-09 09:22:01 -05:00
Spencer McIntyre 9bd6fb9e76 Update cve-2020-0618 based on feedback 2020-03-09 09:18:44 -04:00
t0-n1 fe8cd52c9d Use VHOST instead of RHOST 
The 'vhost_uri: true' enables the successfully exploitation of this vulnerability in environments where you can't use an IP address (RHOST) to access the OWA web page.
 2020-03-07 10:43:51 +01:00
Spencer McIntyre 4c004d51a7 Add an exploit for CVE-2020-0618 2020-03-06 16:21:37 -05:00
Alan Foster 3a046f01da Run rubocop -a on subset of files 2020-03-06 10:41:45 +00:00
dwelch-r7 4fe7678b01 Land #12910, Add exploit module for apache activemq traversal 2020-03-05 15:05:13 +00:00
dwelch-r7 c7ca43b585 reformat date to iso standard 2020-03-05 15:03:05 +00:00
kalba-security 633899402c Split up description 2020-03-04 17:02:34 +02:00
kalba-security a87a1ae1b4 Split up description 2020-03-04 16:57:36 +02:00
William Vu ba924b3047 Land #13014, Exchange ECP ViewState exploit 2020-03-03 17:23:17 -06:00
William Vu 4759f7d39d Check for nil res 2020-03-03 17:17:28 -06:00
William Vu 573b8302ec Fix missing var and change default target 2020-03-03 17:15:19 -06:00
Spencer McIntyre a4feaec188 Implement a check method for cve-2020-0688 2020-03-03 14:22:27 -05:00
kalba-security cd6c01ae9d Add suggestions from code review. 2020-03-03 20:17:13 +02:00
Spencer McIntyre 5574eaa591 Make a new .NET serialization lib 2020-03-03 10:41:59 -05:00
Spencer McIntyre 167f1027c4 Address initial PR feedback 2020-03-02 12:21:24 -05:00
Spencer McIntyre b3867dc200 Finish up the cve-2020-0688 module 2020-03-02 10:51:25 -05:00
Spencer McIntyre 203b2486ae Commit some work on the module for a milestone 2020-03-01 11:07:32 -05:00
Spencer McIntyre 29608d13bf Save some work before changing context 2020-02-28 08:30:59 -05:00