adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
54,914 Commits 27 Branches 1,043 Tags
cfd41c49ec14b7ca6b56c42e409edcbbd6cedf6a
Commit Graph

13614 Commits

Author SHA1 Message Date
dwelch-r7 07954c0ce2 Land #12902, Add exploit module for crosschex buffer overflow 2020-02-13 15:48:10 +00:00
dwelch-r7 0e55e20c9c Land #12902, Add exploit module for crosschex buffer overflow 2020-02-13 15:43:38 +00:00
Adam Galway 2ca2b5c7bb replaces magic numbers with target fields 2020-02-13 14:17:23 +00:00
Adam Galway cbcf8a2a68 adds to_i and removes default options 2020-02-12 12:04:15 +00:00
Adam Galway 8fd3b483d3 improves option descriptions & timeout handling 2020-02-11 15:05:24 +00:00
Adam Galway 946e244c8c Updates docs and adds basic options 2020-02-11 13:40:51 +00:00
Adam Galway a7a80e08a8 Updated docs with platform info 2020-02-11 12:55:07 +00:00
Adam Galway 3395b91c83 adds module documentation 2020-02-10 16:45:44 +00:00
Adam Galway 65521270ea Land #12853, InfiniteWP exploit & mixin upgrades 2020-02-10 11:33:49 +00:00
William Vu eab1245eef Update module doc 2020-02-07 12:30:00 -06:00
William Vu a9ae212b27 Replace ForceExploit with AutoCheck mixin 2020-02-07 12:04:57 -06:00
wvu-r7 2ad8a02fd7 Fix version check 
Co-Authored-By: adamgalway-r7 <54621924+adamgalway-r7@users.noreply.github.com>
 2020-02-07 10:10:28 -06:00
Alan Foster 4dcb2fbd96 Land #12889, Add OpenSMTPD MAIL FROM RCE 2020-02-07 11:43:18 +00:00
William Vu 763dbf5d5d Check WordPress version 2020-02-07 03:14:17 -06:00
William Vu 6c59d7c37c Refactor module 2020-02-07 01:38:11 -06:00
bwatters-r7 7f3c0c9314 Land #12906, Add module for CVE-2019-19363 
Merge branch 'land-12906' into upstream-master
 2020-02-06 15:22:17 -06:00
Shelby Pace 9a8d9c6c88 check arch 2020-02-06 14:11:42 -06:00
Shelby Pace e736588795 change method of exploitation for reliability 
This commit changes a few things:
  1. The module first writes the dll to a
     temp location.
  2. The module writes a batch file to a
     temp location.
  3. The batch file copies the dll until
     the copy command fails (presumably
     because the dll is now in use by
     PrintIsolationHost.exe).
  4. The dropped files are deleted.
  5. Docs updated to reflect changes.
 2020-02-06 12:51:36 -06:00
William Vu 62c98710ad Reword vulnerable commit range 2020-02-06 11:03:20 -06:00
William Vu e053ed7a1e Add Msf::Exploit::Expect mixin and refactor again 2020-02-05 21:16:24 -06:00
William Vu 95fa8602bc Refactor modules that use Expect 2020-02-05 21:16:21 -06:00
William Vu 81f9fc7608 Refactor arbitrary payload support 2020-02-05 17:01:54 -06:00
William Vu dae06ab0c9 Reword comments in morris_sendmail_debug 
Not sure why I used singular, but it was probably reading too much RFC.
 2020-02-05 14:23:29 -06:00
Shelby Pace a154efa250 Land #12887, add dlink ssdpcgi cmd inject 2020-02-05 13:19:05 -06:00
bwatters-r7 9db6b5184b Land #12894, Add Windscribe WindscribeService Named Pipe Privilege Escalation 
Merge branch 'land-12894' into upstream-master
 2020-02-05 12:37:34 -06:00
Adam Galway ddec8a58a1 disables payload padding and describes shell code 2020-02-05 18:09:39 +00:00
s1kr10s de25920f30 The written word "through" is modified 2020-02-05 11:53:51 -03:00
s1kr10s 25c23073c8 Modify disclosure URL, remove printf... 
...  as stager flavor and silence msftidy error.
 2020-02-04 15:20:57 -03:00
s1kr10s 5f7004cf7c Remove 'HttpClient', 'Payload' and 'RHOST'; ... 
... replace 'Targets' for a new option, and format 'header', as suggested in the review.
 2020-02-04 14:04:23 -03:00
William Vu 22a75c7bee Revert "Fix style" 
This reverts commit 9f81aeb4ad.
 2020-02-04 10:10:46 -06:00
Adam Galway d76546f8ee clarifies inserted shell code's function 2020-02-04 15:14:36 +00:00
Adam Galway 671f2e9616 msfTidy: set disclosure date to proper format 2020-02-04 11:55:39 +00:00
Adam Galway 37065f5ffe PR Changes: More Cleanup 2020-02-04 10:59:02 +00:00
Adam Galway 4fd865f3a9 PR Changes: Comments, fail_with, and cleanup 2020-02-04 10:57:41 +00:00
Shelby Pace 303bddbb37 add cleanup code and modified options 2020-02-03 16:24:48 -06:00
William Vu 7175126319 Update title for smb_doublepulsar_rce 2020-02-03 11:19:20 -06:00
William Vu fa6573f8e7 Note arch in supported target 2020-02-03 11:16:16 -06:00
William Vu a3717e13f6 Unf*ck PAYLOAD being set for neutralization 2020-02-03 11:16:16 -06:00
William Vu e12d993027 Move SMB DOPU module to match new naming scheme 2020-02-03 11:16:16 -06:00
William Vu f49ee7c60e Prefer exploit.rb's rand_text wrapper 2020-02-03 11:16:16 -06:00
William Vu d64eb10b17 Update credit 2020-02-03 11:16:16 -06:00
William Vu 548529e1d4 Clean up parsing 2020-02-03 11:16:16 -06:00
William Vu 9e690414a1 Update ping response parsing with new information 
Found the struct that corresponds to the ping response!
 2020-02-03 11:16:16 -06:00
William Vu 6241555531 Fix service pack 2020-02-03 11:16:16 -06:00
William Vu 2ce49456a7 Fix arch detection and add product type 
Thanks to @tsellers-r7 for testing XP and producing output to compare
against. Without a 32-bit test, the architecture guess was incorrect.
Additionally, product type had yet to be determined. The trailing bytes
were indeed significant! Thanks, Tom!
 2020-02-03 11:16:16 -06:00
William Vu 992a386ece Use build_data_tpdu and note channelJoinConfirm 2020-02-03 11:16:16 -06:00
William Vu 4d21b0e88e Update prints in check for visibility 
vprint_good should be print_warning, and most vprints should be print,
even if in check, since check is critical functionality.
 2020-02-03 11:16:16 -06:00
William Vu 7ba7221a8f Parse ping response into version, build, and arch 2020-02-03 11:16:16 -06:00
William Vu db1a201885 Add RDP DOUBLEPULSAR RCE module 2020-02-03 11:16:16 -06:00
Adam Galway 2ce3cb9e86 updated description 2020-02-03 17:09:56 +00:00