adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,480 Commits 27 Branches 1,043 Tags
c23c848d2eeffa5a01dfdcdafa63340002b06eb9
Commit Graph

355 Commits

Author SHA1 Message Date
Simon Janusz d497156f84 Merge pull request #20258 from zeroSteiner/fix/issue/20251 
Update the ldap options for shadow credentials
 2025-06-03 17:45:18 +01:00
Simon Janusz 043f8cb6b4 Merge pull request #20260 from zeroSteiner/fix/issue/20252 
Update the ldap/change_password module
 2025-06-03 17:44:26 +01:00
Spencer McIntyre 3057f80a1b Update the ldap options for shadow credentials 2025-06-03 12:29:04 -04:00
bwatters-r7 e282bbda99 Update datastore option names in module and docs 2025-05-28 09:23:36 -05:00
Spencer McIntyre dae8c9b43a Update the ldap/change_password module 2025-05-28 10:19:30 -04:00
jheysel-r7 08e227faca Merge pull request #19934 from sfewer-r7/bugfix-cisco-iosxe-rce 
Improve exploit/linux/misc/cisco_ios_xe_rce (CVE-2023-20198 + CVE-2023-20273)
 2025-03-27 16:51:16 -07:00
sfewer-r7 efb0d5da4c fix typo, C1000v should be CSR1000v. Be consistant with IOS XE and not IOS-XE. 2025-03-04 09:09:32 +00:00
jheysel-r7 b1d0eedc26 Merge pull request #19712 from smashery/naa_creds 
NAA creds from SCCM
 2025-03-03 13:50:31 -08:00
sfewer-r7 45dfa5fda9 update docs for auxiliary/admin/http/cisco_ios_xe_cli_exec_cve_2023_20198 to show it working on C1000v and C8000v targets. 2025-03-03 20:23:55 +00:00
sfewer-r7 e71a851e3f mention that the C8000v series appliance version 17.6.5 was observed to not be vulnerable to CVE-2023-20273. Inspecting the Lua code shows this appliance has additional command injection filtering in place (see pexec_setsid in /usr/binos/openresty/nginx/conf/pexec.lua) which prevents the injection from working 2025-03-03 20:22:46 +00:00
h4x-x0r 41a0e089ea CVE-2025-24865 & CVE-2025-22896 
CVE-2025-24865 & CVE-2025-22896
 2025-02-08 02:22:11 +00:00
Ashley Donaldson 556e52d1d2 Add missing option docs 2024-12-17 17:01:27 +11:00
Ashley Donaldson c2495aff58 Properly support there being no NAA creds 2024-12-17 17:01:27 +11:00
Ashley Donaldson d52874ac46 Allow sessions to be not required. Added documentation. 2024-12-17 17:01:26 +11:00
Spencer McIntyre f36d786736 Merge pull request #19696 from smashery/add_user_module 
Add user module
 2024-12-10 11:26:49 -05:00
Spencer McIntyre f05145dd1e Tweak the documentation verbiage slightly 2024-12-10 10:58:17 -05:00
Spencer McIntyre 8b93f1a087 Merge branch 'master' into smb_change_pw 2024-12-09 09:37:45 -05:00
Spencer McIntyre 909476ee64 Merge pull request #19671 from smashery/ldap_change_pw 
LDAP Change Password module
 2024-12-06 17:13:50 -05:00
Ashley Donaldson 75a334ca0a Changes from code review 2024-12-06 16:05:53 +11:00
Ashley Donaldson 7c46d4d02d Updated text to be clearer about the AES kerberos behaviour 2024-12-06 14:28:44 +11:00
Ashley Donaldson d5b2d760e8 Updated ancillary documentation 2024-12-06 07:53:19 +11:00
h00die 1906646e67 peer review 2024-11-28 13:18:47 -05:00
Ashley Donaldson cd780e4339 Added documentation 2024-11-22 13:12:38 +11:00
Ashley Donaldson afc735f4a4 Add documentation 2024-11-20 15:36:36 +11:00
Ashley Donaldson d396d06e35 Enable adding Users, not just computers (if permissions allow) 
Also added extra error handling for when password is wrong or expired
 2024-11-12 12:33:29 +11:00
h00die 2b593bcf54 wp_post_smtp_acct_takeover peer review 2024-11-03 13:52:55 -05:00
h00die 65efd07935 docs for wp_post_smtp 2024-10-30 15:38:46 -04:00
Christophe De La Fuente ae213813b5 Updates from code review 2024-10-22 14:41:02 +02:00
Spencer McIntyre 6ca0bb74fd Add workflow docs 2024-10-17 11:23:31 -04:00
Spencer McIntyre 2e4315b3c9 Add support to icpr_cert for ESC15 2024-10-17 11:23:31 -04:00
jheysel-r7 05ff8359b8 Merge pull request #19436 from h4x-x0r/CVE-2024-6670 
WhatsUp Gold SQL Injection (CVE-2024-6670) Module
 2024-09-26 17:04:30 -04:00
jheysel-r7 d11c2be4ea Merge pull request #19375 from h4x-x0r/CVE-2024-20419 
Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419) Module
 2024-09-24 12:19:54 -04:00
h4x-x0r 64f595c431 cleanup, version check, documentation 
cleanup, version check, documentation
 2024-09-02 15:41:08 +01:00
bwatters 4af2294709 Land #19386, Ivanti Virtual Traffic Manager (vTM) Authentication Bypass (CVE-2024-7593) Module 
Merge branch 'land-19386' into upstream-master
 2024-08-27 09:39:10 -05:00
bwatters 84431b0a4e Land #19380, Control iD iDSecure Authentication Bypass (CVE-2023-6329) Module 
Merge branch 'land-19380' into upstream-master
 2024-08-26 18:09:09 -05:00
h4x-x0r 9c72a85134 Verified more versions 
Verified exploit against more affected versions
 2024-08-14 06:33:45 +01:00
h4x-x0r 75201b0892 Updated references 
references, affected versions, credits
 2024-08-14 05:15:36 +01:00
h4x-x0r 7bfc386973 Updated 
added error handling, documentation, version check, store_valid_credential
 2024-08-14 04:57:08 +01:00
h4x-x0r 26d6347919 Code cleanup 
Code cleanup
 2024-08-11 06:15:24 +01:00
h4x-x0r 5fa18a66ee Control iD iDSecure Authentication Bypass (CVE-2023-6329) Module 
Control iD iDSecure Authentication Bypass (CVE-2023-6329) Module
 2024-08-11 05:41:07 +01:00
h4x-x0r 8a72124e9d Code cleanup and error handling added 
Code cleanup and error handling added
 2024-08-09 21:11:20 +01:00
h4x-x0r 4384d32c83 Cisco SSM On-Prem Account Takeover (CVE-2024-20419) 
Cisco SSM On-Prem Account Takeover (CVE-2024-20419)
 2024-08-09 18:59:54 +01:00
Spencer McIntyre 733c014223 Land #19115, read/write registry key SD 
Module to read/write registry key security descriptor remotely
 2024-05-13 15:41:54 -04:00
Spencer McIntyre 69d603e6fc Switch to an enum option for the signing 2024-05-03 10:27:10 -04:00
Christophe De La Fuente 91be90c43e Add registry_security_descriptor module and documentation 2024-04-30 20:57:32 +02:00
Ashley Donaldson 631e4e34db Update LDAP doco with current options 2024-04-24 15:40:11 +10:00
fanqiaojun 6b2bdc893b chore: remove repetitive words 
Signed-off-by: fanqiaojun <fanqiaojun@yeah.net>
 2024-04-15 11:06:50 +08:00
Ashley Donaldson 4557de9a72 Changes from code review 2024-04-08 11:47:09 +10:00
Ashley Donaldson b1d0918074 Add documentation for module and functions 2024-04-08 11:32:53 +10:00
bwatters 3dc638909f Land #18906, Add template data files for ESC2 and ESC3 
Merge branch 'land-18906' into upstream-master
 2024-03-29 15:29:52 -05:00