adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41,816 Commits 27 Branches 1,043 Tags
bf7db3dfdfca5ade092126427bb93ddeaef5891c
Commit Graph

10170 Commits

Author SHA1 Message Date
bwatters-r7 64c06a512e Land #8020, ntfs-3g local privilege escalation 2017-04-04 09:48:15 -05:00
Brent Cook 4c0539d129 Land #8178, Add support for non-Ruby modules 2017-04-02 21:02:37 -05:00
h00die 0092818893 Land #8169 add exploit rank where missing 2017-04-02 20:59:25 -04:00
Bryan Chu 151ed16c02 Re-ranking files 
../exec_shellcode.rb
Rank Great -> Excellent

../cfme_manageiq_evm_upload_exec.rb
Rank Great -> Excellent

../hp_smhstart.rb
Rank Average -> Normal
 2017-04-02 18:33:46 -04:00
h00die e80b8cb373 move sploit.c out to data folder 2017-03-31 20:51:33 -04:00
Adam Cammack 6910cb04dd Add first exploit written in Python 2017-03-31 17:07:55 -05:00
dmohanty-r7 1ce7bf3938 Land #8126, Add SolarWind LEM Default SSH Pass/RCE 2017-03-31 11:21:32 -05:00
dmohanty-r7 c445a1a85a Wrap ssh.loop with begin/rescue 2017-03-31 11:16:10 -05:00
Bryan Chu 5e31a32771 Add missing ranks 
../exec_shellcode.rb
Rank = Great
This exploit is missing autodetection and version checks,
but should be ranked Great due to high number of possible targets

../cfme_manageiq_evm_upload_exec.rb
Rank = Great
This exploit implements a check to assess target availability,
and the vulnerability does not require any user action

../dlink_dcs_930l_authenticated_remote_command_execution
Rank = Excellent
Exploit utilizes command injection

../efw_chpasswd_exec
Rank = Excellent
Exploit utilizes command injection

../foreman_openstack_satellite_code_exec
Rank = Excellent
Exploit utilizes code injection

../nginx_chunked_size
Rank = Great
Exploit has explicit targets with nginx version auto-detection

../tp_link_sc2020n_authenticated_telnet_injection
Rank = Excellent
See dlink_dcs_930l_authenticated_remote_command_execution,
exploit uses OS Command Injection

../hp_smhstart
Rank = Average
Must be specific user to exploit, no autodetection,
specific versions only
 2017-03-31 02:39:44 -04:00
Pearce Barry 9db2e9fbcd Land #8146, Add Default Secret & Deserialization Exploit for Github Enterprise 2017-03-24 14:38:47 -05:00
William Webb e04f01ed6b Land #7778, RCE on Netgear WNR2000v5 2017-03-23 15:34:16 -05:00
wchen-r7 3b062eb8d4 Update version info 2017-03-23 13:46:09 -05:00
wchen-r7 fdb52a6823 Avoid checking res.code to determine RCE success 
Because it's not accurate
 2017-03-23 13:39:45 -05:00
wchen-r7 39682d6385 Fix grammar 2017-03-23 13:23:30 -05:00
wchen-r7 ee21377d23 Credit Brent & Adam 2017-03-23 11:22:49 -05:00
wchen-r7 196a0b6ac4 Add Default Secret & Deserialization Exploit for Github Enterprise 2017-03-23 10:40:31 -05:00
Mehmet Ince d37966f1bb Remove old file 2017-03-23 12:53:08 +03:00
Mehmet Ince 8a43a05c25 Change name of the module 2017-03-23 12:49:31 +03:00
bwatters-r7 a93aef8b7a Land #8086, Add Module Logsign Remote Code Execution 2017-03-22 11:33:49 -05:00
William Vu 1a8e8402ae Land #8113, SysGauge SMTP server validation sploit 2017-03-21 16:45:42 -05:00
wchen-r7 d10b3da6ec Land #8132, Support Python 2 & 3 for web_delivery 2017-03-21 13:48:27 -05:00
wchen-r7 6b3cfe0a98 Support both Python 2 and Python 3 in one line 
Tested on:

* Python 2.7.13 on Windows
* Python 3.5.3 on Windows
 2017-03-21 13:47:07 -05:00
James Lee 2e096be869 Remove debugging output 2017-03-21 11:26:02 -05:00
Swiftb0y ffe77c484e fixed spacing 2017-03-20 16:37:35 +01:00
Swiftb0y e51063aa56 added the python3 syntax to the web_delivery script 2017-03-20 16:08:08 +01:00
h00die 7bcd53d87d Land #8079, exploit and aux for dnaLims 2017-03-20 11:08:05 -04:00
h00die fd5345a869 updates per pr 2017-03-20 10:40:43 -04:00
h00die fe5167bf26 changes to file per pr 2017-03-20 10:16:42 -04:00
h00die 84e4b8d596 land #8115 which adds a CVE reference to IMSVA 2017-03-18 09:51:52 -04:00
Mehmet Ince 6aa42dcf08 Add solarwinds default ssh user rce 2017-03-17 21:54:35 +03:00
Brent Cook 52cea93ea2 Merge remote-tracking branch 'upstream/master' into land-8118- 2017-03-17 12:39:30 -05:00
Chris Higgins 7a12e446a0 Updated documentation and fixed module header. Whoops, copy/paste fail. 2017-03-16 21:28:24 -05:00
Dallas Kaman 80c33fc27f adding '-' to rails deserialization regex for cookie matching 2017-03-16 10:54:32 -05:00
Thomas Reburn 59c7de671e Updated rails_secret_deserialization to add '.' regex for cookie matching. 2017-03-16 10:45:43 -05:00
Chris Higgins f4bb1d6a37 Updated based on @wvu's comments 2017-03-15 19:15:12 -05:00
Mehmet Ince f706c4d7f6 Removing prefix 2017-03-16 00:49:55 +03:00
Mehmet Ince 60186f6046 Adding CVE number 2017-03-16 00:31:21 +03:00
Brent Cook 8995629037 Land #7061, allow chaining the service stub with other encoders 2017-03-15 13:56:09 -05:00
Chris Higgins b3fbbbee34 Spelling is hard 2017-03-14 23:34:00 -05:00
Chris Higgins cc4f18e6c5 Add sysgauge_client_bof module and documentation 2017-03-14 23:29:19 -05:00
William Webb e96013cd0f Land #7781, IBM Websphere Java Deserialization RCE 2017-03-14 17:21:18 -05:00
wchen-r7 1736332638 Land #8103, Add CVE-2017-5638, Struts2 Content-Type OGNL injection 2017-03-14 16:10:49 -05:00
wchen-r7 9201f5039d Use vprint for check because of rules 2017-03-14 15:02:54 -05:00
James Lee f429b80c4e Forgot to rm this when i combined 2017-03-14 12:18:11 -05:00
William Vu 01ea5262b8 Land #8070, msftidy vars_get fixes 2017-03-14 12:05:24 -05:00
William Vu 5c436f2867 Appease msftidy in tr064_ntpserver_cmdinject 
Also s/"/'/g.
 2017-03-14 11:52:21 -05:00
William Vu 5d6a159ba9 Use query instead of uri in mvpower_dvr_shell_exec 
I should have caught this in #7987, @bcoles, but I forgot. Apologies.
This commit finishes what @itsmeroy2012 attempted to do in #8070.
 2017-03-14 11:51:55 -05:00
itsmeroy2012 79331191be msftidy error updated 2.5 2017-03-14 22:02:59 +05:30
itsmeroy2012 67fc43a0a1 msftidy error updated 2.4 2017-03-14 21:33:53 +05:30
James Lee 53c9caa013 Allow native payloads 2017-03-13 20:10:02 -05:00