adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
67,451 Commits 27 Branches 1,043 Tags
c54658b035df0fbdb1e074a6500a1080f6885751
Commit Graph

5037 Commits

Author SHA1 Message Date
Jack Heysel c54658b035 Land #16878, Clean up enum_logged_on_users 
Adds support for non-Meterpreter sessions, fixes
rubo-cop and msftidy_docs violations
 2022-08-10 14:17:50 -04:00
Jack Heysel 06f0fffc20 Land #16856, Webmin package updates RCE module 
This module exploits an arbitrary command injection
in Webmin versions prior to 1.997.
 2022-08-09 16:13:19 -04:00
Jack Heysel 0be211025e Land #16873, Cleanup and support non-meterpreter 
This PR cleans up and adds support for non-meterpreter
sessions as well as adds documentation and error-handling
 2022-08-09 15:34:21 -04:00
bwatters a8e73d9fa9 Land #16807, New module for 0-day Zimbra privilege escalation 
Merge branch 'land-16807' into upstream-master
 2022-08-09 11:18:21 -05:00
Christophe De La Fuente 38b845f247 Fix from code review 
- Documentation typos
- Adding ARM64 support
 2022-08-09 15:09:25 +02:00
bcoles b2683981dc enum_logged_on_users: Cleanup 2022-08-08 01:50:36 +10:00
bcoles 6380c69775 enum_artifacts: Cleanup and support non-meterpreter sessions 2022-08-07 16:01:45 +10:00
Jeffrey Martin c45262cd46 Land #16800, Add support for OpenSSL 3 2022-08-05 14:20:51 -05:00
Ron Bowes be25e1fc77 Add documentation 2022-08-05 13:55:05 -05:00
bwatters 74eff9ffac Land #16851, Add Cassandra Web file read auxiliary module 
Merge branch 'land-16851' into upstream-master
 2022-08-05 13:04:07 -05:00
space-r7 0334beada2 Land #16758, add ManageEngine ADAudit Plus exploit 2022-08-05 12:19:42 -05:00
space-r7 4202502992 make some prints vprints, add steps 2022-08-05 11:34:46 -05:00
Ron Bowes 7c21c57564 Merge branch 'master' into manageengine-adauditplus-cve-2022-28219 2022-08-04 14:07:50 -07:00
Christophe De La Fuente 9c6a198453 Land #16796, Path traversal vulnerability in RARLAB UnRAR < 6.12 with Zimbra RCE module 2022-08-04 19:44:57 +02:00
Spencer McIntyre c244399f1f Land #16857, Add auxiliary gather module for Cisco PVC2300 camera information disclosure 2022-08-04 11:46:07 -04:00
ErikWynter af712d4a89 add docs, fix typo in module description 2022-08-04 16:58:39 +03:00
bwatters 163d4d5b11 Land #16854, Add CVE-2022-31660 VMware Workspace ONE Access LPE 
Merge branch 'land-16854' into upstream-master
 2022-08-03 16:50:12 -05:00
Christophe De La Fuente fd2b325e44 Land #16788, SCADA scanner module for BACnet protocol 2022-08-03 19:46:03 +02:00
adfoster-r7 f65119b353 Support OpenSSL3 and run Ubuntu 22.04 in test matrix 2022-08-03 15:49:53 +01:00
Christophe De La Fuente 449a7b71d5 Add module exploit and docs for the Webmin package updates RCE 2022-08-03 12:01:41 +02:00
bwatters a54d2402dc Land #16844, Cleanup and support non-Meterpreter sessions 
Merge branch 'land-16844' into upstream-master
 2022-08-02 16:30:42 -05:00
Jack Heysel 82182f7815 Land #16852, Zoho PMP XML-RPC Unauth RCE module 
Add in exploit module for CVE-2022-35405 aka Zoho
Password Manager Pro XML-RPC Unauthenticated RCE
 2022-08-02 17:18:28 -04:00
Spencer McIntyre 8ed4293e9c Add module docs for CVE-2022-31660 2022-08-02 16:42:08 -04:00
Grant Willcox ada3be8f7b Update options section in documentation 2022-08-02 14:13:25 -05:00
Grant Willcox f0e62de46a Add CVE-2022-35405 docs and module 2022-08-02 11:57:56 -05:00
krastanoel 9a4a590b27 Add Cassandra Web file read auxiliary module 2022-08-02 23:40:40 +07:00
PazFi 1f7b3319a9 Changing readme file accordingly. 2022-08-01 13:43:26 +03:00
bcoles 11a00fa1f2 post/multi/gather/env: Cleanup and support non-Meterpreter sessions 2022-08-01 13:37:15 +10:00
Jake Baines b00cadfbeb Initial commit of MobileIron Core Log4Shell exploitation (CVE-2021-44228) 2022-07-29 10:31:15 -07:00
Ron Bowes 4e4a1da4e4 Add module docs for the split-up unrar modules 2022-07-27 13:24:29 -07:00
Ron Bowes b4b5f31c3d Add documentation 2022-07-26 10:48:18 -07:00
Ron Bowes 860cd38bbb Add documentation 2022-07-26 10:23:24 -07:00
Grant Willcox 74496c1a29 Add in updated scenario documentation 2022-07-25 14:14:52 -05:00
Grant Willcox 72b1dbfeee Remove code that could cause check method to fail, fix up some documentation errors and add in scenario, and generally address some review comments 2022-07-25 13:05:04 -05:00
Nuri Çilengir 1094ce95c0 Update roxy_wi_exec.md 2022-07-25 17:14:02 +00:00
Nuri Çilengir bdf8defe53 Apply suggestions from code review 2022-07-25 16:03:09 +00:00
PazFi a6bdc5ea29 -Validating md file with msftidy_docs. 
-Removing global variables, and calling data stored in datastore when required.
-Calling methods or variables instead of calling terminal commands.
-Some indentations.
-Using heredocs when handling multiple strings.
-Handling the case where LHOST does not contain IP address.
 2022-07-24 18:51:53 +03:00
Nuri Çilengir bc0b27e1e2 Apply suggestions from code review 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2022-07-22 12:58:46 +00:00
Nuri Çilengir fc3b08fb8b Apply suggestions from code review 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2022-07-22 12:51:40 +00:00
Nuri Çilengir 420e67aca9 Apply suggestions from code review 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2022-07-22 12:24:43 +00:00
Nuri Çilengir 628f5970b1 Apply suggestions from code review 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2022-07-22 12:24:26 +00:00
Nuri Çilengir 135a25be4d Tested and fixed problems 2022-07-21 11:42:18 +00:00
Grant Willcox 336a1feaf7 Fix up naming of module and documentation and fix most of the RuboCop and formatting errors 2022-07-19 15:44:52 -05:00
Nuri Çilengir d2769ef82b Add Roxy-WI exec 2022-07-19 21:08:45 +03:00
PazFi 28c3dd5739 A SCADA scanner module for BACnet protocol. 
The scanner discovers BACnet devices on the network by broadcasting
Who-is packets, extracts model name, software version, firmware
revision and description from the discovered devices by sending
specific read-property packets. After parsing the data the module saves
it to a local xml file.
Because devices can be nested, every address can have multiple devices.
 2022-07-19 17:02:35 +03:00
Spencer McIntyre ebb15ee9e7 Land #16598, Add in LDAP Query Module 2022-07-19 09:51:00 -04:00
bwatters e3e6afbaa3 Land #16753, ms03_007_ntdll_webdav: Cleanup and add additional offsets 
Merge branch 'land-16753' into upstream-master
 2022-07-19 08:48:06 -05:00
Jack Heysel 2af8042bfa Land #16761, clean up ms01_023_printer 
Adds additional offsets for various Windows 2000 targets.
Replaces raw socket TCP with HttpClient. This works fine in testing.
Fixes default payload, adds docs and notes.
 2022-07-16 17:56:59 -04:00
Jack Heysel 77be219bc2 Land #16754, add offsets to ms02_065 
Adds additional offsets for various Windows 2000
Professional targets, adds  docs, fixes default
payload and resolves rubocop violations.
 2022-07-16 16:43:47 -04:00
Grant Willcox 2a8d95c121 Default to having a near empty custom file so that we can still update the default queries without issues vs preventing updates from occuring. If users want to override the defaults, then they accept the risk of not getting updates. Update documentation to also note this. 2022-07-15 16:29:12 -05:00