adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,480 Commits 27 Branches 1,043 Tags
c23c848d2eeffa5a01dfdcdafa63340002b06eb9
Commit Graph

237 Commits

Author SHA1 Message Date
bcoles 5aa91bd57c Rubocop: Resolve Rubocop Style/RedundantRegexpArgument violations 2025-05-24 13:34:32 +10:00
Brendan 13d18f2c83 Update lib/msf/core/exploit/remote/http/wordpress/login.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2025-05-13 17:32:48 -05:00
bwatters-r7 ce8ceaddbc Change check for redirect to be less specific 2025-05-13 10:59:16 -05:00
Spencer McIntyre d95146e315 Use retry to speed things up but also wait longer 2025-05-05 11:06:09 -04:00
Spencer McIntyre 6ab275a120 Remove a couple of debug prints 2025-05-05 10:58:41 -04:00
Jack Heysel 4a746a3963 Relocate find_management_point method 2025-05-01 20:35:41 -07:00
jheysel-r7 ca3c4a1362 Merge branch 'master' into get_naa_creds_via_relay 2025-04-01 09:34:35 -07:00
Jack Heysel 87a17424af Suggestions from code review 2025-03-21 10:34:08 -07:00
Jack Heysel fdf4531c10 Add SMB to HTTP relay support for get_naa_creds 2025-03-13 10:59:59 -07:00
sfewer-r7 60a496eec9 bugfix the URI to work as expected for both HTTP and HTTPS, also some appliences (C8000v) need the _http portion of this URI path to be cchanges from all lowercase for CVE-2023-20198 to work as expected. 2025-03-03 20:20:26 +00:00
jheysel-r7 c4b7954f15 Land #19596, Wordpress Plugin Post SMTP Account Takeover 2024-11-29 09:05:03 -08:00
h00die-gr3y 18c4e9c2f6 moved get_machine_info to the acronis_cyber mixin 2024-11-26 16:10:14 +00:00
h00die-gr3y b6595eeaf0 added acronis cyber mixin 2024-11-26 15:49:57 +00:00
h00die 2b593bcf54 wp_post_smtp_acct_takeover peer review 2024-11-03 13:52:55 -05:00
h00die 41ed44864f wp_post_smtp_acct_takeover 2024-10-29 16:44:20 -04:00
h00die 4feb12ab4a untested code 2024-10-29 16:44:20 -04:00
Diego Ledda d2b4175f49 Land #19497, add Wordpress SQLi Mixin 
Land #19497, add Wordpress SQLi Mixin
 2024-10-14 13:13:52 +02:00
Valentin Lobstein c259ce090a Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-10-09 17:22:33 +02:00
Valentin Lobstein c15f186311 Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-10-09 00:04:54 +02:00
Valentin Lobstein fb35f6709a Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-10-09 00:04:44 +02:00
Valentin Lobstein 94145eafe9 Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-10-09 00:04:32 +02:00
Valentin Lobstein 6c048df53f Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-10-09 00:04:23 +02:00
Valentin Lobstein de5324e160 Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-10-09 00:04:13 +02:00
Valentin Lobstein 3987a761e7 Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-10-09 00:04:01 +02:00
Valentin Lobstein 31a66d537b Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-10-09 00:03:52 +02:00
Valentin Lobstein c1521633f4 Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-10-09 00:03:42 +02:00
Valentin Lobstein 8cbe572f49 Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-10-09 00:03:32 +02:00
Valentin Lobstein d01e8d4dd5 Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-10-09 00:03:23 +02:00
Chocapikk 05c579fd65 Add report_host, report_service and report_vuln 2024-10-03 16:12:37 +02:00
Chocapikk f52cd8ba57 Add coding: binary header 2024-09-30 13:01:25 +02:00
Chocapikk 1e95cba5f2 Randomize values 2024-09-25 18:55:26 +02:00
Valentin Lobstein 22443b53d6 Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-09-25 16:39:09 +02:00
Valentin Lobstein 0409d4ec9c Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-09-25 16:38:36 +02:00
Chocapikk a5d9a06b9a Fix with datastore['RHOST'] 2024-09-25 04:43:27 +02:00
Chocapikk 2d6862ccd4 Add recommendations 2024-09-25 03:57:17 +02:00
Chocapikk a1b4106260 Fix wordpress_sqli_get_users_credentials and rename wordpress_sqli_initialize 2024-09-25 01:57:46 +02:00
Chocapikk fa0d54eaf2 Add Metasploit::Credential::Creation to use create_credential 2024-09-25 01:00:48 +02:00
Chocapikk 3da638e37e Using dynamic prefix in table 2024-09-25 00:58:09 +02:00
Chocapikk 14f1d6a786 Add Msf::Exploit::Remote::HTTP::Wordpress::SQLi 2024-09-25 00:33:19 +02:00
jvoisin 9f4fa3ba67 Make lib/msf/core/exploit/remote/http/wordpress/admin.rb a tad more portable 
- Randomize the license header, based on examples from
  https://developer.wordpress.org/plugins/plugin-basics/header-requirements/,
  as plugins developers are likely copy-pasting them in their own plugins.
- Use the php_preamble/php_system_block combo instead of hardcoding
  system/base64, as `system` might not be available on some WordPress
  deployments, and the combo has some low-hanging evasions for this case.
 2024-09-17 21:53:27 +02:00
dledda-r7 6e696e24e5 Land #19457, WP Plugin LiteSpeed Cache Account Take Over Module 2024-09-17 06:30:33 -04:00
Jack Heysel 84a8eb7273 Respond to comments 2024-09-16 09:46:57 -07:00
Chocapikk 43fabb07e5 Update doc + module + (mixin see #19444) 2024-09-08 06:56:13 +02:00
Chocapikk 37042d837e Add spip_plugin_version function to retrieve plugin version from config.txt or Composed-By header 2024-09-04 22:17:06 +02:00
Chocapikk 586cf482ce Refactoring SPIP Modules for Windows Compatibility and Incorporating SPIP Mixin 2024-08-30 20:37:32 +02:00
Dean Welch d86e85aeea Remove whitespace from spip version regex 2024-08-30 11:42:55 +01:00
Dean Welch 6532107eb4 Remove whitespace from spip version regex 2024-08-30 11:33:15 +01:00
jvoisin 2c79c3d02f Add a mixin to get SPIP version and make use of it 2024-08-28 17:17:53 +02:00
adeherdt-r7 a3a24418a8 MS-9517 Jenkins Login Scanner 
Jenkins does not implement Authentication challenges.

By default, Jenkins responds with a HTTP 403 FORBIDDEN response, and does not include the `WWW-Authenticate` header.
This causes problems with the underlying http client, as this one expects the challenge to come forward and resend
the request with the auth header.

By changing the code to look for the HTTP 403 response, and setting the default URL to the correct login validation endpoint
Pro will have an easier time to investigate whether Jenkins can be bruteforced or not.

The original code checks for a 401 response only.
Overwriting the behavior for Jenkins allows us to handle this use-case properly and report the correct behavior.
 2024-08-13 11:16:01 +02:00
bcoles 4eecb8ee96 Moodle::Login.moodle_login: fix login success verification regex 2024-06-03 01:49:04 +10:00