adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,293 Commits 27 Branches 1,043 Tags
bd835e8f2d30ea08026f67d6663deef54933f932
Commit Graph

2439 Commits

Author SHA1 Message Date
William Vu 79142cf445 Move module to unix/webapp 2020-04-02 17:22:34 -05:00
William Vu f9c8f62491 Fix PHP payload so we can get a session 
It's ENCODER, not ENCODE, so the payload wasn't being encoded, leaving
semicolons unencoded and causing a 500 error on the server.

Also preferred payload.encoded over payload.encode and removed a stray
brace that wasn't causing any issues.
 2020-04-02 17:16:19 -05:00
Spencer McIntyre 3e166f2d3f Grammatical changes for docs and status updates 2020-04-02 10:26:50 -05:00
Touhid M Shaikh b87ed645d9 Updated to use php payload 
Now, this module will work on the Windows platform also because it's not dependent on the OS now.
 2020-03-31 01:16:20 +05:30
touhidshaikh 22e3d732a5 Fixes formatting issues 
Fixes formatting issues
 2020-03-13 01:04:37 +05:30
Touhid M Shaikh 5fc0ad0008 Updated Name 
Updated Title and Added URL
 2020-03-12 19:00:35 +05:30
touhidshaikh ab4257eaf2 playsms_pre_auth_rce 2020-03-12 17:50:16 +05:30
Christophe De La Fuente 7c54066b0e Land #13004, Nagios XI RCE module 2020-03-09 15:57:58 +01:00
kalba-security 96ae2cf9a2 Incorporate additional suggestions from code review. 2020-03-09 11:56:15 +02:00
kalba-security 8b778bffc0 Incorporate suggestions from code review 2020-03-06 15:50:34 +02:00
Alan Foster 3a046f01da Run rubocop -a on subset of files 2020-03-06 10:41:45 +00:00
Shelby Pace 12faf3fad5 Land #12959, add eyes of network rce module 2020-03-02 15:22:51 -06:00
Shelby Pace c16edad4e6 add verify_api method, checks on data 2020-03-02 15:10:46 -06:00
kalba-security f60f60db7f Set stance to aggressive to prevent the HTTPServer mixing from trying to make this a job 2020-02-28 13:01:51 +02:00
kalba-security 5ee7fcaf4a Add simple changes suggested in code review. 2020-02-28 12:14:38 +02:00
kalba-security 99ed3afab3 Change filenames for consistency with existing modules 2020-02-27 17:08:23 +02:00
kalba-security 280d1767b4 Add Nagios XI < 5.6.6. exploit module and documentation 2020-02-27 16:58:15 +02:00
Alan Foster af9d2a28de Fix msftidy warnings 2020-02-26 14:56:08 +00:00
Alan Foster 6bac1ec2aa Remove executable flags from exploit files 2020-02-26 10:39:50 +00:00
Jeffrey Martin 578bf9999f Land #12955, Update logic for ForceExploit in modules 2020-02-21 15:45:12 -06:00
Christophe De La Fuente f484e6c83c Land #12862, Apache James 2.3.2 arbitrary file write exploit module 2020-02-20 10:41:13 +01:00
kalba-security c2f13d906b fix sqli get request syntax 2020-02-20 11:38:43 +02:00
mattaberegg a861ad3f21 Payload handler/cleanup improvement 2020-02-19 18:57:08 -08:00
Shelby Pace db8555e007 Land #12942, add Diamorphine privilege escalation 2020-02-19 10:36:39 -06:00
kalba-security 9980a96917 Move documentation to correct directory 2020-02-19 16:57:38 +02:00
kalba-security 0d0bd865c8 add eyesofnetwork module and docs 2020-02-19 16:33:04 +02:00
William Vu 7dc1315dac Update logic for ForceExploit in my modules 
This lets the user opt out of running check completely.
 2020-02-19 01:06:50 -06:00
Brent Cook 8489bcdfd9 This fixes broken links to the community.rapid7.com blog 
Performed mechanically with sed, spot-checked that the new blog can consume these links.
 2020-02-18 09:06:11 -06:00
Brendan Coles ac6d0e4391 Add Diamorphine Rootkit Signal Privilege Escalation module 2020-02-16 14:53:16 +00:00
mattaberegg a0b6584d19 Added password randomization 2020-02-07 19:14:56 -08:00
mattaberegg e2f2d55ecc Updated check message 2020-02-07 18:34:27 -08:00
mattaberegg cb372a54f4 Added info to cleanup message 2020-02-07 16:41:27 -08:00
mattaberegg a05611d756 Improve cleanup functionality 2020-02-07 16:13:25 -08:00
Alan Foster 4dcb2fbd96 Land #12889, Add OpenSMTPD MAIL FROM RCE 2020-02-07 11:43:18 +00:00
William Vu e053ed7a1e Add Msf::Exploit::Expect mixin and refactor again 2020-02-05 21:16:24 -06:00
William Vu 95fa8602bc Refactor modules that use Expect 2020-02-05 21:16:21 -06:00
mattaberegg edb3aa30f8 Minor style and performance edits 2020-02-05 15:19:06 -08:00
s1kr10s de25920f30 The written word "through" is modified 2020-02-05 11:53:51 -03:00
s1kr10s 25c23073c8 Modify disclosure URL, remove printf... 
...  as stager flavor and silence msftidy error.
 2020-02-04 15:20:57 -03:00
s1kr10s 5f7004cf7c Remove 'HttpClient', 'Payload' and 'RHOST'; ... 
... replace 'Targets' for a new option, and format 'header', as suggested in the review.
 2020-02-04 14:04:23 -03:00
mattaberegg 6f453a0f83 Module rewrite to include Cron exploitation 2020-02-02 17:29:39 -08:00
s1kr10s 8e0e21d337 Exploit for CVE-2019-20215 
Staged, uses meterpreter
 2020-01-28 16:15:24 -03:00
Tim W cfffb65a21 Land #12859, update AF_PACKET chocobo_root linux LPE 2020-01-24 17:30:13 +08:00
Brent Cook 6f6cc00871 Land #12751, add Linux RDS socket NP deref privesc 2020-01-22 07:08:47 -06:00
Shelby Pace e7e42b7a59 Land #12768, add dlink command injection module 2020-01-21 07:37:43 -06:00
mattaberegg c1b66aac77 Updated check function and description 2020-01-20 17:16:45 -08:00
mattaberegg 4af14109f5 Grammar change in exploit name 2020-01-19 14:15:11 -08:00
mattaberegg d91a166034 Made changes from comments on PR #12858 2020-01-19 13:46:47 -08:00
Brendan Coles 19b1f567b2 Update AF_PACKET chocobo_root Privilege Escalation module 2020-01-19 11:51:01 +00:00
mattaberegg fc1b337c58 Add Apache James 2.3.2 Insecure User Creation Command Injection exploit module. 2020-01-18 19:05:27 -08:00