adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,514 Commits 27 Branches 1,043 Tags
bf8a1fc706cdee342a91ccfc201aa0cdcf683d6b
Commit Graph

28227 Commits

Author SHA1 Message Date
William Vu 8010da8c04 Land #13141, cmd/unix/reverse_tclsh payload 2020-03-27 14:34:40 -05:00
Shelby Pace 5f0c9942d2 Land #12756, add dlink dwl2600 exploit 2020-03-27 12:38:35 -05:00
Shelby Pace 8aa4d7a944 remove mixins, add CVE 2020-03-27 12:37:40 -05:00
Nicholas Starke bb21c8f6d8 Finishing Touches on DLINK DWL 2600 Module 
These last finishing touches complete the DLINK DWL 2600 Module.  The
fixes include making renaming token to @token and adding the noconcat
CmdStager option.
 2020-03-26 20:13:55 -05:00
Shelby Pace dc9e215318 remove unused code / add option 2020-03-26 16:05:56 -05:00
Shelby Pace f191eb00c9 add command stager 2020-03-26 16:05:56 -05:00
Alan Foster 077d7af6a9 Land #13143, fix broken redis_unauth_exec check in msfconsole 2020-03-26 12:21:26 +00:00
bcoles 4f026bbf84 Adjust CachedSize 2020-03-26 20:27:01 +11:00
Brent Cook 346b593a18 Land #13130, Transport and pivot fixes for meterpreter 2020-03-25 15:10:47 -05:00
bwatters-r7 beb53254c7 Land #13122, Add Exploit Module For CVE-2020-0646 (SharePoint Workflows XOML RCE) 
Merge branch 'land-13122' into upstream-master
 2020-03-25 11:24:15 -05:00
Adam Cammack 5ce4929834 Fix has_check? conflict in redis_unauth_exec 
Importing `Msf::Auxiliary::Scanner` at all will override the default
`has_check?` check and add a its own `check` method. This redefines
`has_check?` to allow usage of the Redis mixin while using an
exploit-style `check` method.

Fixes #13095
 2020-03-25 10:07:08 -05:00
Brendan Coles 2bf1f3e9e1 Add cmd/unix/reverse_tclsh 2020-03-25 14:26:09 +00:00
bwatters-r7 d5107a1f79 Land #13030, New Windows post module: install_python 
Merge branch 'land-13030' into upstream-master
 2020-03-25 09:08:04 -05:00
bwatters-r7 37caf96ae9 Add TLS to web request in download script 2020-03-25 07:30:05 -05:00
bwatters-r7 17d78ecb4b Land #13059, Limit Option Sizes When Appropriate 
Merge branch 'land-13059' into upstream-master
 2020-03-24 17:01:21 -05:00
Spencer McIntyre 54edd201e4 Cleanup cmdstager options 2020-03-24 17:14:47 -04:00
Spencer McIntyre a69f3eb946 Use the correct its instead of it's 2020-03-24 16:44:18 -04:00
Spencer McIntyre b3b6450958 Land #12988, use the API for users and groups 
This adds and uses the functionality to leverage the Windows API for
managing users and groups via meterpreter sessions. This replaces
relevant functionality in a few modules which previously relied on shell
commands.Merge branch 'pr/12988' into upstream-master
 2020-03-24 16:06:52 -04:00
Spencer McIntyre d92d1448ef Minor whitespace and verbage cleanups 2020-03-24 16:03:40 -04:00
tperry-r7 d32640d179 Land #13133 clean up module documentation 
Land #13133 clean up module documentation
 2020-03-24 12:29:27 -05:00
Spencer McIntyre a0cd00dac7 Cleanup module doc and comments for CVE-2020-0646 2020-03-24 10:15:58 -04:00
h00die 0b4c047411 doc cleanup 2020-03-24 08:47:21 -04:00
Brent Cook 4c93933b6e HTTP pivot fixes for Meterpreter 2020-03-24 05:40:02 -05:00
Spencer McIntyre 0832604131 Finish up the CVE-2020-0646 SharePoint RCE 2020-03-23 18:14:28 -04:00
Srikanth Suresh 005601f76e Changing from Remote to Local 
Using https://github.com/rapid7/metasploit-framework/issues/13116 as the reference
 2020-03-23 20:40:25 +03:00
Shelby Pace fd8ceb0db2 Land #13082, add Horde Groupware Webmail RCE 2020-03-23 07:32:53 -05:00
Shelby Pace 475c24361d randomize file name 2020-03-23 07:28:04 -05:00
bluesentinel 597c97da45 Refactored and added support for specifying Python versions 2020-03-22 14:10:06 -04:00
Shelby Pace c6eebe4ca3 replace equality with include? 2020-03-20 21:19:29 -05:00
Spencer McIntyre 6c24ed4c96 Initial SharePoint WorkFlows XOML RCE module 2020-03-20 17:57:54 -04:00
cn-kali-team 3fd1a2cee1 remove default completely 2020-03-21 03:00:01 +08:00
cn-kali-team 10d5eda489 Check domain first on domain_mode 2020-03-21 01:34:03 +08:00
cn-kali-team f9af8ed184 get_domain with api 2020-03-20 14:15:39 +08:00
cn-kali-team a2f7551aa7 get_domain with api 2020-03-20 14:15:18 +08:00
cn-kali-team 9bff7de41b Fix moving the keyword argument to the end 2020-03-20 14:12:01 +08:00
cn-kali-team 62e60fbc81 Fix checking if the group already exists. 2020-03-20 12:08:24 +08:00
Spencer McIntyre 5b2f744cd8 Land #13070, fix Cisco DCNM directory search regex 2020-03-19 13:17:27 -04:00
Adam Galway f165527e88 Land #12851, DOS attack on Tautulli <=2.1.9 2020-03-19 16:42:07 +00:00
Andrea Cardaci 40d6dd14c4 Remove the check method 2020-03-18 20:29:49 +01:00
Andrea Cardaci 19e9848592 Remove trailing spaces 2020-03-17 19:06:57 +01:00
Andrea Cardaci bbb152a6d8 Update modules/exploits/multi/http/horde_csv_rce.rb 
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-03-17 19:02:34 +01:00
Andrea Cardaci eccee07e8b Update modules/exploits/multi/http/horde_csv_rce.rb 
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-03-17 19:02:07 +01:00
Andrea Cardaci a60652898f Update modules/exploits/multi/http/horde_csv_rce.rb 
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-03-17 19:01:03 +01:00
Andrea Cardaci a4ff847170 Update modules/exploits/multi/http/horde_csv_rce.rb 
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-03-17 18:57:06 +01:00
Shelby Pace 922f1ec708 Land #12901, add Centreon poller rce 2020-03-17 12:16:29 -05:00
Shelby Pace 2717683825 change message 2020-03-17 12:15:06 -05:00
Shelby Pace 98f4642c2d remove comments / check 2020-03-17 10:33:12 -05:00
Alan Foster 5d9d3926e4 Land #13066, add rConfig 3.9 RCE module 2020-03-16 11:18:59 +00:00
RAMELLA Sébastien 0efe53d869 fix somes code review comments. 2020-03-15 13:30:23 +04:00
Andrea Cardaci 126f5ca05d Add 'Horde CSV import arbitrary PHP code execution' (CVE-2020-8518) 2020-03-14 16:07:51 +01:00