adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
67,755 Commits 27 Branches 1,043 Tags
bc948d0412e2bd3c005ae77475dfb7baaee9bea5
Commit Graph

1974 Commits

Author SHA1 Message Date
space-r7 a11569fc53 Land #16944, add Apach Spark RCE 2022-09-07 13:02:27 -05:00
space-r7 65906bbb87 add curl cmd stager flavor 2022-09-07 12:45:13 -05:00
space-r7 1a9e33265a fix typos 2022-09-07 11:27:56 -05:00
h00die-gr3y 6c1f7c2d8c removed unnecessary code 2022-09-07 09:40:11 +00:00
h00die-gr3y 797e450f4a updated timer code 2022-09-06 19:08:27 +00:00
H00die.Gr3y 19a396304d Update modules/exploits/linux/http/apache_spark_rce_cve_2022_33891.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-09-03 20:28:49 +04:00
Christophe De La Fuente 8ba621a291 Land #16923, Cisco ASA-X with FirePOWER Services Authenticated Command Injection (CVE-2022-20828) 2022-09-02 18:37:37 +02:00
Jake Baines 320bd944f0 Updated default creds. Properly used fail_with. Set meterpreter to fork. Some wording and code cleanup. 2022-09-02 08:44:04 -07:00
h00die-gr3y d38494498a added linux dropper and code review suggestions 2022-08-27 17:45:47 +00:00
H00die.Gr3y b8a514bb55 Update modules/exploits/linux/http/apache_spark_rce_cve_2022_33891.rb 
Co-authored-by: bcoles <bcoles@gmail.com>
 2022-08-27 11:08:32 +04:00
H00die.Gr3y 3164967e07 Update modules/exploits/linux/http/apache_spark_rce_cve_2022_33891.rb 
Co-authored-by: bcoles <bcoles@gmail.com>
 2022-08-27 10:39:43 +04:00
h00die-gr3y 21c4e3ce3d commit module and documentation 2022-08-26 15:05:39 +00:00
Grant Willcox 6a71daac44 Land #16918, End the session when an HTTP/200 is received 2022-08-25 16:55:54 -05:00
h00die-gr3y 14aad14b57 rubocop fix update 2022-08-25 17:54:53 +00:00
Ron Bowes abd392c372 Add in changes from review 2022-08-23 11:44:03 -05:00
Ron Bowes 97f8ec9367 Documentation, output cleanup 2022-08-23 11:43:51 -05:00
Ron Bowes 24460efb77 Iniital import of working exploit 2022-08-23 11:43:51 -05:00
Jake Baines b4fe31757d Added module for CVE-2022-20828 2022-08-19 12:29:37 -07:00
Ron Bowes 5fd211acd6 End the session when an HTTP/200 is received 2022-08-17 10:19:36 -07:00
Jack Heysel 06f0fffc20 Land #16856, Webmin package updates RCE module 
This module exploits an arbitrary command injection
in Webmin versions prior to 1.997.
 2022-08-09 16:13:19 -04:00
Christophe De La Fuente 38b845f247 Fix from code review 
- Documentation typos
- Adding ARM64 support
 2022-08-09 15:09:25 +02:00
Christophe De La Fuente 9c6a198453 Land #16796, Path traversal vulnerability in RARLAB UnRAR < 6.12 with Zimbra RCE module 2022-08-04 19:44:57 +02:00
Ron Bowes d8faa4dd37 Fix a blank line that I thought I'd fixed 2022-08-04 08:24:32 -07:00
Ron Bowes 26eee72512 Only print_status once, so it doesn't make a mess in the background 2022-08-04 08:02:28 -07:00
Ron Bowes a314423e81 Some changes requested by @cdelafuente-r7 2022-08-03 14:51:51 -07:00
Christophe De La Fuente 449a7b71d5 Add module exploit and docs for the Webmin package updates RCE 2022-08-03 12:01:41 +02:00
bwatters d71350dfe6 Remove superfluous code and add extra check 2022-08-02 11:04:13 -05:00
Ron Bowes c66f98bae6 Make lint happy 2022-08-01 10:03:35 -07:00
Ron Bowes 7ee0a78ffc Change to using monotonic clock 2022-08-01 10:02:00 -07:00
Ron Bowes e7edafbcfb Throw errors in the rar-generator library rather than returning nil 2022-08-01 09:54:31 -07:00
Ron Bowes 110e9ddeee Set stance 2022-08-01 09:47:58 -07:00
Jake Baines b00cadfbeb Initial commit of MobileIron Core Log4Shell exploitation (CVE-2021-44228) 2022-07-29 10:31:15 -07:00
Ron Bowes e76ef61452 Move a warning into the exploit function 2022-07-27 12:48:56 -07:00
Ron Bowes f279e8d6ca Split the CVE-2022-30333 unrar module into two different modules with a shared mixin to generate the file 2022-07-27 12:45:47 -07:00
Grant Willcox 72b1dbfeee Remove code that could cause check method to fail, fix up some documentation errors and add in scenario, and generally address some review comments 2022-07-25 13:05:04 -05:00
Nuri Çilengir 8b42e893b1 Update roxy_wi_exec.rb 2022-07-25 16:45:44 +00:00
Nuri Çilengir eca8af4e2a Update roxy_wi_exec.rb 2022-07-25 16:13:14 +00:00
Nuri Çilengir b16da0fe92 Update roxy_wi_exec.rb 2022-07-25 16:05:20 +00:00
Nuri Çilengir bc0b27e1e2 Apply suggestions from code review 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2022-07-22 12:58:46 +00:00
Nuri Çilengir fc3b08fb8b Apply suggestions from code review 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2022-07-22 12:51:40 +00:00
Grant Willcox e91beedc4a Rubocop fixes 2022-07-21 17:01:56 -05:00
Nuri Çilengir ebe61b50a7 Fixed parameter quotes 2022-07-21 12:25:29 +00:00
Nuri Çilengir d23c175f28 Added AutoCheck and CmdStager 2022-07-21 11:39:58 +00:00
Grant Willcox a7b379f292 Fix up check code segment that would never be reached due to if/else statement above 2022-07-19 16:03:44 -05:00
Grant Willcox 59ea337c6b Fix up CVE format, add in Notes section 2022-07-19 15:58:11 -05:00
Grant Willcox 336a1feaf7 Fix up naming of module and documentation and fix most of the RuboCop and formatting errors 2022-07-19 15:44:52 -05:00
Nuri Çilengir d2769ef82b Add Roxy-WI exec 2022-07-19 21:08:45 +03:00
Spencer McIntyre 439606b2ac Use a more reliable check method 
The check method will not work regardless of whether or not there is a
cloned repository. The response can be analyzed using a random,
non-existant repo.
 2022-07-11 09:48:08 -04:00
Spencer McIntyre 48cefee585 Cleanup the module based on feedback 2022-07-11 09:09:25 -04:00
Spencer McIntyre 9d979fdf4f Finish up the sourcegraph RCE module 2022-07-08 17:27:22 -04:00