adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,293 Commits 27 Branches 1,043 Tags
bd835e8f2d30ea08026f67d6663deef54933f932
Commit Graph

1407 Commits

Author SHA1 Message Date
William Vu 79142cf445 Move module to unix/webapp 2020-04-02 17:22:34 -05:00
William Vu f9c8f62491 Fix PHP payload so we can get a session 
It's ENCODER, not ENCODE, so the payload wasn't being encoded, leaving
semicolons unencoded and causing a 500 error on the server.

Also preferred payload.encoded over payload.encode and removed a stray
brace that wasn't causing any issues.
 2020-04-02 17:16:19 -05:00
Spencer McIntyre 3e166f2d3f Grammatical changes for docs and status updates 2020-04-02 10:26:50 -05:00
Touhid M Shaikh b87ed645d9 Updated to use php payload 
Now, this module will work on the Windows platform also because it's not dependent on the OS now.
 2020-03-31 01:16:20 +05:30
touhidshaikh 22e3d732a5 Fixes formatting issues 
Fixes formatting issues
 2020-03-13 01:04:37 +05:30
Touhid M Shaikh 5fc0ad0008 Updated Name 
Updated Title and Added URL
 2020-03-12 19:00:35 +05:30
touhidshaikh ab4257eaf2 playsms_pre_auth_rce 2020-03-12 17:50:16 +05:30
Christophe De La Fuente 7c54066b0e Land #13004, Nagios XI RCE module 2020-03-09 15:57:58 +01:00
kalba-security 96ae2cf9a2 Incorporate additional suggestions from code review. 2020-03-09 11:56:15 +02:00
kalba-security 8b778bffc0 Incorporate suggestions from code review 2020-03-06 15:50:34 +02:00
Shelby Pace 12faf3fad5 Land #12959, add eyes of network rce module 2020-03-02 15:22:51 -06:00
Shelby Pace c16edad4e6 add verify_api method, checks on data 2020-03-02 15:10:46 -06:00
kalba-security f60f60db7f Set stance to aggressive to prevent the HTTPServer mixing from trying to make this a job 2020-02-28 13:01:51 +02:00
kalba-security 5ee7fcaf4a Add simple changes suggested in code review. 2020-02-28 12:14:38 +02:00
kalba-security 99ed3afab3 Change filenames for consistency with existing modules 2020-02-27 17:08:23 +02:00
kalba-security 280d1767b4 Add Nagios XI < 5.6.6. exploit module and documentation 2020-02-27 16:58:15 +02:00
Alan Foster af9d2a28de Fix msftidy warnings 2020-02-26 14:56:08 +00:00
kalba-security c2f13d906b fix sqli get request syntax 2020-02-20 11:38:43 +02:00
kalba-security 9980a96917 Move documentation to correct directory 2020-02-19 16:57:38 +02:00
kalba-security 0d0bd865c8 add eyesofnetwork module and docs 2020-02-19 16:33:04 +02:00
William Vu 7dc1315dac Update logic for ForceExploit in my modules 
This lets the user opt out of running check completely.
 2020-02-19 01:06:50 -06:00
Brent Cook 8489bcdfd9 This fixes broken links to the community.rapid7.com blog 
Performed mechanically with sed, spot-checked that the new blog can consume these links.
 2020-02-18 09:06:11 -06:00
William Vu a31e4034c8 Check SSL in exploit/linux/http/webmin_backdoor 2020-01-16 14:49:13 -06:00
William Vu 491c36ccaa Land #12827, credit updates to Citrix exploit 2020-01-14 10:54:57 -06:00
William Vu eaeaae7607 Reformat credit 2020-01-14 10:46:04 -06:00
Jeffrey Martin 1cd75d9f40 document additional PoC authors 2020-01-14 10:22:26 -06:00
Shelby Pace 429329c45d Land #12801, add WePresent cmd injection module 2020-01-14 08:29:40 -06:00
Jacob Baines 009ec162de Use string interpolation and removed rundant namespace and return statement 2020-01-14 07:52:30 -05:00
Jacob Baines ea6263e6bb Removed redundant return statement 2020-01-14 06:52:24 -05:00
Jacob Baines ecb825ea71 Remove redundant parameters. 2020-01-14 06:40:40 -05:00
Jacob Baines fa661e58ca Unified the POST request into one function. Fixed hardcoding of SSL. Fixed Author formatting. Fixed connection failure check in check function 2020-01-14 06:22:00 -05:00
Jacob Baines 0308f76bbd Switched to vars_post in send_request_cgi and removed unnecessary documentation 2020-01-14 05:42:06 -05:00
William Vu 5c4189fdb4 Move unix/webapp/webmin_backdoor to linux/http 2020-01-14 00:50:04 -06:00
William Vu 3a8b630262 Set a sane default HttpClientTimeout 
Totally forgot I did this for Pulse Secure.
 2020-01-13 22:26:26 -06:00
William Vu cd65efb259 Revert tuned timeout in favor of HttpClientTimeout 
Bad habit!
 2020-01-13 22:02:12 -06:00
William Vu c71a75950a Make cmd/unix/generic timeout configurable 2020-01-13 21:35:10 -06:00
William Vu 93c69b3a96 Bump send_request_cgi timeout to 3.5s for shells 2020-01-13 21:29:28 -06:00
William Vu a635676604 Update wording in module description 2020-01-13 21:04:07 -06:00
William Vu af4505f007 Clean up module 2020-01-13 20:48:18 -06:00
William Vu 04084f84f7 Run rubocop -a 2020-01-13 20:25:07 -06:00
William Vu a45821b706 Rename module 2020-01-13 20:25:07 -06:00
Jacob Baines caa02c7d2e Added exploit module for CVE-2019-3929 2020-01-09 08:03:52 -05:00
William Vu 263c7bf235 Use CheckModule in pulse_secure_cmd_exec 2019-12-03 10:39:58 -06:00
Shelby Pace baf27f9654 Land #12542, add Bludit File Upload Exploit 2019-11-12 15:44:34 -06:00
William Vu 3c1fa90a75 Land #12515, Pulse Secure VPN RCE 2019-11-12 02:55:01 -06:00
William Vu a267ad9d64 Reference env(1) as the reason we have useful RCE 2019-11-12 02:17:58 -06:00
William Vu 8df559eceb Update print to warning 2019-11-12 02:09:43 -06:00
wvu-r7 0c4580f254 Calibrate timeout for hax 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-11-12 02:03:52 -06:00
William Vu de72ed8545 Print our glorious success 2019-11-12 02:02:53 -06:00
William Vu 238c931fd3 Don't fail module if blocking through timeout 2019-11-12 01:55:56 -06:00