adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
68,231 Commits 27 Branches 1,043 Tags
cd656ecdbba353ac3bb2cc40d07d47196d5eb742
Commit Graph

3421 Commits

Author SHA1 Message Date
Christophe De La Fuente 4cfbae63ac Land #17114, Add exploit for CVE-2022-41352 (zimbra cpio) 2022-10-20 15:10:42 +02:00
Ron Bowes 56d6f7747b Remove some old code and update documentation with version info 2022-10-19 10:02:29 -07:00
Christophe De La Fuente c43272985e Land #17141, Zimbra Postfix priv esc 2022-10-19 10:33:37 +02:00
Ron Bowes 9a35a5c8dd Post patch info 2022-10-18 10:12:54 -07:00
Ron Bowes 6bdf0da994 Add a sanity check before generating the payload - prevents a confusing error if the server is down 2022-10-18 10:09:51 -07:00
Heyder Andrade 1804e5ab60 Update modules/exploits/linux/http/fortinet_authentication_bypass_cve_2022_40684.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-10-18 00:51:28 +02:00
Ron Bowes dea3f72f6b Resolve feedback - get rid of unnecessary directory, add CVE number, let the user choose the path 2022-10-17 15:00:56 -07:00
Heyder Andrade 67bd118dd5 Update modules/exploits/linux/http/fortinet_authentication_bypass_cve_2022_40684.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-10-17 22:49:48 +02:00
Heyder Andrade 7cdf8e181f Update modules/exploits/linux/http/fortinet_authentication_bypass_cve_2022_40684.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-10-17 22:49:34 +02:00
Heyder Andrade b3a0d70688 Added prefer admin 
- One can now say whether the auto-detect user method should prefer to return the admin or other random one.
 2022-10-17 15:16:16 +02:00
Heyder Andrade 5d99428c1d Changed SSH key algorithm and fix bug on cleanup 
- Prefer to use EC over RSA, only because it is smaller
- When there was no previous ssh key for such user the cleanup method was trying to overwrite the one on the index 0
 2022-10-17 14:40:51 +02:00
Heyder Andrade 71a1c60d49 Sticking to the striced needed 
The port in the Forwarded HTTP header can be random.
 2022-10-17 13:01:13 +02:00
Heyder Andrade 422675a0c0 Fixed code-style offenses 2022-10-17 01:08:57 +02:00
Heyder Andrade 6140f0bc4d Added method to auto-detect target user 2022-10-17 00:44:46 +02:00
Heyder Andrade 9241c515d7 Try to cleanup only if there was ssh connection 2022-10-16 18:50:39 +02:00
Heyder Andrade 6cfb277c90 Added cleanup method 2022-10-16 15:09:45 +02:00
Heyder Andrade 45149c144c Code cleanup and ssh key password 
- cleaned up some unecessary code
- add option to the user set an encrypted custom ssh key
 2022-10-16 13:32:25 +02:00
Heyder Andrade 95b1bffdea Do not overwrite the first two keys 2022-10-15 19:04:53 +02:00
Heyder Andrade 47f6971651 It is working but need some improvements 2022-10-15 04:10:12 +02:00
Ron Bowes a2a2dcbf6f Check in zimbra_postfix_priv_esc.rb 2022-10-14 13:21:41 -07:00
Heyder Andrade 31404116a5 Rename module 2022-10-14 22:19:43 +02:00
Heyder Andrade f643bba09a Added module for CVE-2022-40684 2022-10-14 18:36:18 +02:00
Grant Willcox 487a26ee0f Add in some missing info to examples, set default port, and update IOCs to note we include some IOCs in the logs 2022-10-12 11:19:47 -05:00
Ayantaker e75438d0b2 Documentation fix and minor fixes 
Fixed the documentation according to msftidy's suggestion and removed a few unessary parts of code
 2022-10-11 18:17:52 -04:00
Grant Willcox 45aa09411e First round of edits from review 2022-10-11 15:46:04 -05:00
Ayan Saha f67a7f395f Modified unix_cmd payload as per suggestion 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-10-08 02:26:11 +05:30
Ayan Saha ec57260c66 Adding suggested code 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-10-08 02:25:35 +05:30
Ayantaker 32db330ff6 Fixing the rubocop issue 2022-10-07 11:08:01 -04:00
Ayantaker 910ee931c2 Fixing the description of the module 2022-10-06 15:55:32 -04:00
Ayantaker c8cd6a7864 Adding CVE-2022-22947 Spring Cloud Gateway RCE Exploit 
CVE-2022-22947 exploits Spring Cloud Gateway. The module has been tested with Spring Cloud gateway version 3.1.0 on Linux kali 5.18.0-kali5-amd64
 2022-10-06 15:48:36 -04:00
Ron Bowes 48dd4693df Add docs for CVE-2022-41352 (zimbra cpio), and fix some text 2022-10-06 10:46:48 -07:00
Ron Bowes 08c29f7f28 Add exploit for CVE-2022-41352 (zimbra cpio) 2022-10-06 10:23:53 -07:00
adfoster-r7 46910b9390 Land #17105, set keep_cookies value to boolean true instead of string true 2022-10-05 11:37:37 +01:00
Jack Heysel 0145264046 Land #17093, add Enlightenment priv esc module 
This PR adds a local priv esc for Enlightenment on Ubuntu
which exploit a simple cmd injection
 2022-10-04 14:09:18 -04:00
h00die 06aefb630a string true to bool true 2022-10-03 19:50:04 -04:00
h00die b7073df1e0 review comments 2022-10-03 16:53:14 -04:00
h00die de184226f6 repeatable sessions 2022-10-01 11:30:21 -04:00
h00die e78babea90 cve-2022-37706 2022-10-01 11:24:29 -04:00
bcoles 5f92d9418d Modules: Fix Stability/SideEffects/Reliability notes for several modules 2022-10-01 17:54:59 +10:00
bwatters 89ef91c9cd Update ranking for nft_set_elem_init 2022-09-30 09:57:54 -05:00
bwatters e27dbd2787 Land #16794,Add exploit for CVE-2022-34918 
Merge branch 'land-16794' into upstream-master
 2022-09-27 16:37:52 -05:00
space-r7 dd11156922 add new reference to bitbucket module 2022-09-22 16:14:18 -05:00
Redouane NIBOUCHA 8b601c9b17 If ForceExploit is set, skip calling module_check 2022-09-22 17:33:24 +02:00
Niboucha Redouane 93cad400e8 Update error message if the kernel offsets are not supported 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-09-22 17:28:36 +02:00
space-r7 8d2b182c7b add cmd stager flavors and bad characters 2022-09-21 10:54:32 -05:00
space-r7 77d1328c43 add module description 2022-09-21 08:38:18 -05:00
space-r7 34a6671c2d update module to support auth & additional target 2022-09-20 18:45:14 -05:00
space-r7 9738f23b51 add cmdstager 2022-09-20 10:37:10 -05:00
space-r7 391e5cc891 add check method, repo search 2022-09-19 17:28:17 -05:00
Christophe De La Fuente 52ff168c5e Land #16914, Add PAN-OS auth command injection module (CVE-2020-2038) 2022-09-15 17:58:07 +02:00