adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,514 Commits 27 Branches 1,043 Tags
bf8a1fc706cdee342a91ccfc201aa0cdcf683d6b
Commit Graph

3302 Commits

Author SHA1 Message Date
h00die 0b4c047411 doc cleanup 2020-03-24 08:47:21 -04:00
Shelby Pace fd8ceb0db2 Land #13082, add Horde Groupware Webmail RCE 2020-03-23 07:32:53 -05:00
Shelby Pace 475c24361d randomize file name 2020-03-23 07:28:04 -05:00
Shelby Pace c6eebe4ca3 replace equality with include? 2020-03-20 21:19:29 -05:00
Spencer McIntyre 5b2f744cd8 Land #13070, fix Cisco DCNM directory search regex 2020-03-19 13:17:27 -04:00
Andrea Cardaci 40d6dd14c4 Remove the check method 2020-03-18 20:29:49 +01:00
Andrea Cardaci 19e9848592 Remove trailing spaces 2020-03-17 19:06:57 +01:00
Andrea Cardaci bbb152a6d8 Update modules/exploits/multi/http/horde_csv_rce.rb 
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-03-17 19:02:34 +01:00
Andrea Cardaci eccee07e8b Update modules/exploits/multi/http/horde_csv_rce.rb 
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-03-17 19:02:07 +01:00
Andrea Cardaci a60652898f Update modules/exploits/multi/http/horde_csv_rce.rb 
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-03-17 19:01:03 +01:00
Andrea Cardaci a4ff847170 Update modules/exploits/multi/http/horde_csv_rce.rb 
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-03-17 18:57:06 +01:00
Andrea Cardaci 126f5ca05d Add 'Horde CSV import arbitrary PHP code execution' (CVE-2020-8518) 2020-03-14 16:07:51 +01:00
bwatters-r7 c21b90ea61 Land #13063, Add PSH-AmsiBypassURI option to allow persistent web_delivery 
Merge branch 'land-13063' into upstream-master
 2020-03-13 09:52:25 -05:00
debifrank dfe70ca3fc Cisco DCNM Module upload directory location regex filter corrected to allow for paths such as C:\Cisco System\ 2020-03-12 17:08:33 -04:00
Spencer McIntyre 71f2e4c26c Land #13035, update PHP web_delivery to SSL context 
Update the PHP command from web_delivery to ignore invalid SSL
certificates which is required for newer versions of PHP when a
self-signed certificate is used.
 2020-03-12 16:35:12 -04:00
Tim W 67aefb372e fix rapid7/metasploit-framework#13046 2020-03-12 15:21:00 +08:00
Adam Galway 0e163c69ab Land #12975, exploits RCE backdoor in PHPStudy 2020-03-10 11:56:26 +00:00
Spencer McIntyre c75780350e Land #13038, clean up the socket when checking 2020-03-06 13:00:42 -05:00
Christophe De La Fuente e5f2b48274 Ensure client is disconnected when leaving the check method 2020-03-06 17:38:37 +01:00
Tim W 63f2da278d fix #7366, ignore the ssl cert on PHP web_delivery 2020-03-06 12:32:57 +08:00
William Vu 9840951f0d Land #12574, Chrome CVE-2019-5825 exploit 2020-03-05 13:44:40 -06:00
William Vu 87b8182131 Land #12384, Chrome CVE-2018-17463 exploit 2020-03-05 13:44:27 -06:00
Spencer McIntyre eb90bee4a7 Land #12863, add exploit for PHP-FPM Underflow RCE 2020-03-05 11:43:43 -05:00
Christophe De La Fuente 8d6468e725 Fix comments 2020-03-05 13:28:28 +01:00
airevan 630add538f set default index.php 2020-03-05 10:24:22 +08:00
Tim W 9f55e4163f add documentation 2020-03-04 21:31:14 +08:00
Tim W 7f6f7fea3e add osx as a target 2020-03-04 13:37:19 +08:00
Tim 9f56867f6c Apply suggestions from code review 
Co-Authored-By: adamgalway-r7 <54621924+adamgalway-r7@users.noreply.github.com>
 2020-03-04 11:55:33 +07:00
Tim W 196c354ede chrome 80 jscreate rce 2020-02-29 18:41:04 +08:00
airevan 5a58fbb0e5 Remove space 2020-02-23 14:45:53 +08:00
airevan d102f3e48f Remove space 2020-02-23 13:03:13 +08:00
airevan adaa9e239a Add phpstudy backdoor exploit module 2020-02-23 10:23:32 +08:00
airevan bb7ed355f0 Add phpstudy backdoor exploit module 2020-02-22 22:55:45 +08:00
airevan 6a07160bd5 Add phpstudy backdoor exploit module 2020-02-22 19:53:06 +08:00
William Vu 7dc1315dac Update logic for ForceExploit in my modules 
This lets the user opt out of running check completely.
 2020-02-19 01:06:50 -06:00
Tim W aa1fdb2075 Land #12724, server AMSI and SBL separately from psh stager in web_delivery 2020-02-19 09:33:25 +08:00
Brent Cook 8489bcdfd9 This fixes broken links to the community.rapid7.com blog 
Performed mechanically with sed, spot-checked that the new blog can consume these links.
 2020-02-18 09:06:11 -06:00
Christophe De La Fuente 1b54d27301 Update code #2 
- Make error message more descriptive
- Use `Rex.sleep` in stead of `sleep`
- Update `detect_qsl` logic
- Change the first `Exploit::CheckCode` to `Unknown` for the `Check` method
 2020-02-17 19:04:32 +01:00
Christophe De La Fuente 828d974db5 Update code and documentation 
- Add `OperationMaxRetries` option documentation
- Add default value to `TARGETURI` and update the documentation
- Remove `PosOffset` advanced option and hardcode the value
- Update `Description`
- Move URI encoding logic to `send_crafted_request`
- Refactor `send_crafted_request` to handle the HTTP parameter and final & (%26)
 2020-02-17 18:25:10 +01:00
Christophe De La Fuente 0e9c637364 Randomize filename and HTTP parameter 2020-02-17 15:58:21 +01:00
Christophe De La Fuente 226f4b0a53 Line wrap to 80 columns and small fix 
- Line wrap documentation to 80 columns
- Line wrap `Description` field to 80 columns
- Remove unnecessary unless statement
 2020-02-17 13:06:32 +01:00
Tim W f630990b3b use random amsi resource url 2020-02-17 10:07:18 +08:00
Tim W 3a89bef6c4 improve description 2020-02-15 10:37:15 +08:00
Christophe De La Fuente 351c0d1651 Small improvements 2020-02-14 17:16:27 -06:00
Tim W d95391b7f4 minor refactor 2020-02-15 06:10:52 +08:00
Tim W 55d5e55c5e use simpler wasm code 2020-02-15 06:10:52 +08:00
Tim W 4b92403bba fix? 2020-02-15 06:10:52 +08:00
Tim W 5420007dff add support for osx and windows using wasm rwx region 2020-02-15 06:10:52 +08:00
Tim W f6343f35aa attempt to speed up pop_r9 gadget search 2020-02-15 06:10:52 +08:00
Tim W bb4007747b fix 2020-02-15 06:10:52 +08:00