adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
51,372 Commits 27 Branches 1,043 Tags
c0b4e7701fcaa86e72defb313af91efa4e7669f7
Commit Graph

2074 Commits

Author SHA1 Message Date
William Vu e164c2350c Properly encode command input with XML entities 
REXML would make this less ghetto.
 2019-04-03 19:10:27 -05:00
todb-r7 9e3984ea51 Remove duplicate CVE for Mailcleaner module 
See #11304
 2019-04-02 12:51:09 -05:00
Brent Cook 0a24266029 Land #11482, RV320 Unauthenticated RCE 2019-03-28 17:53:05 -05:00
bcoles 5e470a538d return unless res 2019-03-23 19:38:14 +11:00
Brendan Coles ccc8d9cdab return unless res 2019-03-23 08:51:25 +00:00
blightzero 9bb7f11897 Unregister SSLCert option since it is never used in thisHTTPServer module. 2019-03-20 14:21:40 +01:00
blightzero 1e00c28701 Checked the functionality of module. Added ability to connect via HTTPS. 2019-03-14 15:54:02 +01:00
William Vu 50f89321a0 Land #11419, systemd user service persistence 2019-03-06 01:39:58 -06:00
William Vu 31ba073009 Add per-target SHELLPATH defaults 2019-03-06 00:07:17 -06:00
William Vu c539951311 Clean up method 2019-03-05 23:17:34 -06:00
William Vu 715409496e Fix #11210, imperva_securesphere_exec options 2019-03-05 22:01:24 -06:00
William Vu 4e31f53ca2 Fix required USERNAME and PASSWORD 
Somehow I forgot to commit this? Strange.
 2019-03-05 21:57:42 -06:00
William Vu c48dec7331 Land #11210, imperva_securesphere_exec exploit 2019-03-05 21:52:13 -06:00
William Vu 4e76eeceb7 Clean up module 2019-03-05 21:37:55 -06:00
William Vu 1f5695de07 Fix TrailingCommaInArrayLiteral in my modules 2019-03-05 21:02:39 -06:00
blightzero 0551f3df3c Refactored code to return early. Untested. 2019-03-05 17:55:34 +01:00
William Vu 502f63c0c4 Indent SOAP requests and prefer $() over `` 2019-03-04 19:10:33 -06:00
William Vu 1dd243b8bd Improve positive/negative prints in check method 2019-03-04 19:08:47 -06:00
William Vu 225e0549c0 Revert CheckCode::Vulnerable to CheckCode::Appears 2019-03-04 18:38:44 -06:00
William Vu 4100f1cfeb Revert vprint_status to vprint_good 2019-03-04 18:22:12 -06:00
William Vu 40ff708306 Refactor check method and address review comments 2019-03-04 17:49:09 -06:00
rsp3ar b5587b926c Add ForceExploit and fix code ident 2019-02-26 19:59:31 -08:00
blightzero 5f8f49ebcb Removed all Warnings and Fixed Date Format. 2019-02-26 09:20:04 +01:00
terrorbyte 24fa3a367d Added directory creation to all the paths from systemd.unit(5) 2019-02-25 23:40:30 -06:00
terrorbyte f6a402c999 Fix tabs in the previous commit and fix style issues. 2019-02-25 21:24:13 -06:00
blightzero f64e517b73 Cisco RV32x RCE added reference IDs, some beautifications. 2019-02-25 15:51:14 +01:00
blightzero de5a5ea805 Cisco RV32x RCE added reference IDs, some beautifications. 2019-02-25 15:51:14 +01:00
Benjamin 9d0b434f35 Initial commit Cisco RV320 and RV325 remote code execution 2019-02-25 15:51:05 +01:00
Nicholas Starke 7c7a233d67 Addressing PR Comments 2019-02-23 14:41:11 -06:00
Nicholas Starke 6bd1489f62 Adding version checking to wemo module 
Addresses Github Issue 11452 by parsing out the version
information returned in /setup.xml. New code then performs
a version check, and then alerts the user to whether or not
it is likely the remote host is vulnerable given that version
check.
 2019-02-23 12:06:57 -06:00
William Vu fc9245fa66 Fix author names in a couple modules 
It me.
 2019-02-22 17:02:15 -06:00
William Vu 194881a8b2 Add NOCVE 2019-02-22 13:26:53 -06:00
William Vu c76714ccc6 Add Reliability REPEATABLE_SESSION to Wemo exploit 
Notes copied from auxiliary/admin/wemo/crockpot where it didn't apply.
 2019-02-22 13:11:59 -06:00
terrorbyte 449307c7df Additional style fixes 2019-02-20 15:33:33 -06:00
terrorbyte 364460a787 Fixed heredoc and advanced options casing. 2019-02-20 14:42:56 -06:00
William Vu 0c8b260737 Revert ARCH_CMD payload to cmd/unix/generic 
There is no telnetd, so cmd/unix/bind_busybox_telnetd won't work.
 2019-02-19 13:23:25 -06:00
William Vu bad53aeaf1 Genericize exploit (less Crock-Pot verbiage) 2019-02-19 12:13:08 -06:00
terrorbyte 99ae0d125f Added systemd lower privlege service persistence 
Update the module to support systemd --user as a target for the
service_persistence module. This creates a file in a set of "supported"
local directories and triggers the systemctl calls with --user. The unit
files in question can be seen documented in systemd.unit(5)
 2019-02-15 15:04:03 -06:00
William Vu 1be838d1fd Add Belkin Wemo UPnP RCE (tested on Crock-Pot) 2019-02-14 12:45:36 -06:00
Wei Chen a380bb6df1 Land #11239, Add check for writable and nosuid WritableDir 2019-02-08 19:14:54 -06:00
Wei Chen 18a4af1d1d Land #11279, improve imap_open exploit to be more robust 2019-02-08 18:28:08 -06:00
Tod Beardsley daa3076d42 Add CVE-2018-1000999 to MailCleaner module 
See PR #11148

This adds the new CVE assigned by DWF for this vulnerability.

Note that [CVE-2018-10933](https://www.cvedetails.com/cve/CVE-2018-10933/)
describes a vulnerability in libssh, but this one describes the issue as
it pertains to MailCleaner specifically.
 2019-01-23 09:27:12 -06:00
Shelby Pace 2ae6142de7 Land #11243, Add ASan SUID Privesc 2019-01-22 15:50:53 -06:00
Brendan Coles 060d20694d Attribution 2019-01-20 09:18:43 +00:00
h00die f47060870a horde imp h3 imap_open 2019-01-18 19:43:45 -05:00
h00die 2585e4b708 horde imp h3 imap_open 2019-01-18 19:38:30 -05:00
h00die 5d49f04948 not working horde imp imap_open 2019-01-17 19:55:42 -05:00
rsp3ar 2577160449 update print_error, add PrependFork and adjust timeout 2019-01-16 23:20:06 -08:00
h00die a73fe9433b land #11169 blueman priv esc on linux 2019-01-15 10:32:46 -05:00
bcoles 8c636f27d5 Update check method to confirm vulnerability 2019-01-15 11:31:31 +11:00