adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
50,629 Commits 27 Branches 1,043 Tags
c48a6ddbdfc02bf92b8d4e247dbe89bdfba4e821
Commit Graph

2029 Commits

Author SHA1 Message Date
William Webb f167358540 Land #7821, Command Injection Exploit for TrueOnline ZyXEL P660HN 2017-01-31 11:28:46 -06:00
William Webb b3521dfb69 Land #7822, Command Injection Exploit for TrueOnline P660HN v2 2017-01-31 11:22:49 -06:00
Mehmet Ince c666ac93f5 Adding xff header 2017-01-31 14:37:22 +03:00
Mehmet Ince 40108c2374 first commit 2017-01-31 14:15:46 +03:00
Pedro Ribeiro 0aceb0b1cb Fix whitespace, thanks msftidy! 2017-01-30 10:16:42 +00:00
Pedro Ribeiro 5fd31e621e Add CVE number 2017-01-30 10:03:46 +00:00
Brent Cook ff2b8dcf99 Revert "Land #7605, Mysql privilege escalation, CVE-2016-6664" - premature merge 
This reverts commit 92a1c1ece4, reversing
changes made to 9b16cdf602.
 2017-01-22 19:16:33 -06:00
Brent Cook 92a1c1ece4 Land #7605, Mysql privilege escalation, CVE-2016-6664 2017-01-22 17:17:28 -06:00
Brent Cook 836da6177f Cipher::Cipher is deprecated 2017-01-22 10:20:03 -06:00
Mehmet Ince c2c352c2ac Adding Trend Micro IMSVA module 2017-01-18 11:34:16 +03:00
Pedro Ribeiro 2dca53e19a Add full disclosure link 2017-01-17 11:09:44 +00:00
Pedro Ribeiro 1160a47b55 Add full disclosure link 2017-01-17 11:09:29 +00:00
Pedro Ribeiro c2cd26a6e1 Add full disclosure link 2017-01-17 11:09:11 +00:00
notivan 6c0450fe95 add check for jenkins ldap exploit 
we just check for X-Jenkins <= 2.31. this is not completely correct because the exploit probably doesn't work on some earlier versions.
 2017-01-13 12:40:33 +00:00
Pedro Ribeiro 7fafade128 fix msftidy stuff v2 2017-01-12 18:06:13 +00:00
Pedro Ribeiro ba8dfbd9f1 fix msftidy stuff 2017-01-12 18:05:54 +00:00
Pedro Ribeiro f88e68da25 fix msftidy stuff 2017-01-12 18:04:58 +00:00
Pedro Ribeiro 2274e38925 fix msftidy stuff 2017-01-12 18:03:12 +00:00
Pedro Ribeiro b863db9d02 add billion sploit 2017-01-12 17:51:24 +00:00
Pedro Ribeiro 2827a7ea1a add 660v2 sploit 2017-01-12 17:50:57 +00:00
Pedro Ribeiro af2516d074 add 660v1 sploit 2017-01-12 17:49:28 +00:00
notivan 036328df5c Fix msftidy issue 2017-01-12 13:26:41 +00:00
notivan e09b7a96f1 Add YSOSerial command options 2017-01-12 13:21:58 +00:00
notivan 0b32af8d43 Remove duplicate validation 2017-01-12 09:59:55 +00:00
notivan 0a30e775d1 Fix msftidy issues 2017-01-11 23:43:01 +00:00
notivan 08690e5e11 Exploit for CVE-2016-9299 (Jenkins CLI Ldap Deser) 
This is based on Matthias Kaiser's presentation at deepsec. We build a chain that connects back to our LDAP server and trigger it over the CLI HTTP interface. The LDAP server then serves a second chain based on YSOSerial commons-collection which triggers Runtime.exec. The second chain doesn't run with Jenkin's class filtering so succeeds.
 2017-01-11 23:23:02 +00:00
Pedro Ribeiro c0880985bc fix duplicate entry for platform 2017-01-10 01:17:44 +00:00
wchen-r7 74cea5dd04 Use Linux payloads instead of cmd/unix/interact 
As of now, cmd/unix/interact causes msfconsole to freeze, so
we can't use this.
 2017-01-09 11:11:17 -06:00
wchen-r7 e331066d6d Add CVE-2016-6433 Cisco Firepower Management Console UserAdd Exploit 2017-01-06 17:05:25 -06:00
Pedro Ribeiro 13bca2ebc7 add httpusername and password for auto auth 2017-01-06 16:33:51 +00:00
William Vu 19319f15d4 Land #7626, Eir D1000 modem exploit 2017-01-04 17:02:39 -06:00
Pedro Ribeiro d95a3ff2ac made changes suggested 2017-01-04 23:02:10 +00:00
William Vu b0e79076fe Switch to wget CmdStager and tune timing 
We don't want to trample the device with requests.
 2017-01-04 16:42:53 -06:00
William Vu 94d76cfb06 Merge remote-tracking branch 'upstream/master' into tr-069-ntpserver-command-injection 2017-01-03 17:04:04 -06:00
Adam Cammack fe0a3c8669 Update themoon exploit to use wget command stager 2017-01-03 15:50:57 -06:00
phroxvs a9a83bc21c fix for uninitialized constant in Net::SSH on OS X 2017-01-03 06:16:07 -05:00
phroxvs 3c2486b9f5 initial version of CVE-2016-7456 exploit 2017-01-03 03:39:22 -05:00
phroxvs 589084896a initial version of CVE-2016-7456 exploit 2017-01-03 03:36:49 -05:00
Pedro Ribeiro 9d3e90e8e5 cleanup 2017-01-02 17:32:38 +00:00
Pedro Ribeiro 4c29d23c8a further cleaning 2016-12-31 17:02:34 +00:00
Pedro Ribeiro 956602cbfe add final wnr2000 sploits 2016-12-31 16:49:05 +00:00
William Vu 9d0ada9b83 Land #7749, make drb_remote_codeexec great again 2016-12-28 06:11:48 -06:00
William Vu cfca4b121c Clean up module 2016-12-28 06:10:46 -06:00
William Vu afd8315e1d Remove apache_continuum_cmd_exec CmdStager flavor 
It is inferred from the platform, and we don't want to override it
needlessly. :bourne is what worked during testing, but it won't always
work. Now we can override the flavor with CMDSTAGER::FLAVOR.
 2016-12-27 16:24:16 -06:00
Pedro Ribeiro 870e8046b5 add sploits 2016-12-27 21:12:35 +00:00
joernchen of Phenoelit 679ebf31bd Minor fix to make dRuby great again 2016-12-23 15:12:22 +01:00
joernchen of Phenoelit d69acd116d Make dRuby great again 2016-12-22 15:37:16 +01:00
Tod Beardsley a4f681ae35 Add quoted hex encoding 2016-12-06 09:05:35 -06:00
Tod Beardsley d549c2793f Fix module filename to be TR-064 2016-12-02 08:49:21 -06:00
Tod Beardsley 9e4e9ae614 Add a reference to the TR-064 spec 2016-12-02 08:48:09 -06:00