adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
60,213 Commits 27 Branches 1,043 Tags
d020b2fb5fa3c19360bff5d694e5446d6f331bd4
Commit Graph

6933 Commits

Author SHA1 Message Date
Christophe De La Fuente 401a4ff8c7 Land #14975, Fix uninitialized constant in cve_2020_1054_drawiconex_lpe 2021-04-02 17:23:03 +02:00
Shelby Pace 71914a1ddb Land #14813, additional dup scout bof targets 2021-04-01 13:03:57 -05:00
William Vu 51200c4b22 Remove CmdStagerFlavor from a couple modules 
Not strictly necessary. We need a better way to limit by platform.
 2021-03-31 12:08:46 -05:00
Tim W 70c8e802d8 Fix #14974, fix uninitialized constant in cve_2020_1054_drawiconex_lpe 2021-03-31 12:06:15 +01:00
ryanpohlner d92d0e59d8 Fixed generic cmd payload not echoing 2021-03-29 20:06:12 -04:00
ryanpohlner c55303863a Fixed payload triggering twice 2021-03-29 18:27:25 -04:00
Spencer McIntyre 9d85af51cb Land #14945, Proxylogon RCE (Praetorian update) 2021-03-29 12:04:19 -04:00
Spencer McIntyre 11f4946817 Tweak some ProxyLogon verbiage for clarity 2021-03-29 10:07:43 -04:00
RAMELLA Sébastien 02b240b22a code review 2021-03-29 14:23:39 +04:00
RAMELLA Sébastien c64b1b200e remove ClientID, seem useless 2021-03-26 16:37:08 +04:00
William Vu b517372e4d Fix sharepoint_ssi_viewstate, too 2021-03-26 01:32:46 -05:00
William Vu a6df15c8c2 Fix the rest of the optional method 2021-03-26 01:29:47 -05:00
William Vu 0b8ac121d4 Fix fail_with usage in advantech_iview_unauth_rce 
Brain fart. Should be print_warning so as not to fail the session.
 2021-03-25 11:33:41 -05:00
Grant Willcox 784927a389 Land #14941, Force smb_relay module to use the Rex SMB client over ruby_smb 2021-03-25 10:55:07 -05:00
RAMELLA Sébastien 75041c5837 update proxylogon rce 2021-03-25 19:46:58 +04:00
bwatters 6505f9ccbd Land #14830, Adding FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (CVE-2021-3378) 
Merge branch 'land-14830' into upstream-master
 2021-03-24 17:41:10 -05:00
bwatters 5394464932 Fix rubocop complaint 2021-03-24 17:38:11 -05:00
dwelch-r7 a69d76d7b5 Force smb_relay module to use the Rex SMB client over ruby_smb 2021-03-24 17:36:50 +00:00
Christophe De La Fuente 2dcd0fad04 Land #14860, Auxiliary/Exploit Scanner/Gather/RCE for Exchange ProxyLogon (CVE-2021-26855) 2021-03-23 13:10:15 +01:00
Christophe De La Fuente a6cd7c9b30 Rubocop update - JSON Unnecessary symbol conversion 2021-03-23 10:58:03 +01:00
RAMELLA Sébastien 37b0552803 last code review before land 2021-03-22 23:20:40 +04:00
William Vu 4dc860cce3 Update Spencer credit 2021-03-22 14:14:12 -05:00
Spencer McIntyre 8605fe4529 Use POST for the check method and write the module docs 2021-03-22 15:04:21 -04:00
RAMELLA Sébastien 09b844653b remove DisablePayloadHandler and add x86 support 2021-03-22 00:30:01 +04:00
RAMELLA Sébastien c543b44fc2 fix: CmdStagerFlavor, add: Powershell target, ... 2021-03-21 22:47:27 +04:00
William Vu 30629c2405 Remove JSP stub to-do 
Spencer looked into this more thoroughly. The JSP stub is good.
 2021-03-19 17:17:01 -05:00
William Vu 66d9cab44d Fix some things 2021-03-19 16:52:24 -05:00
William Vu ba58f41558 Sneak Spencer into credits 2021-03-19 16:52:15 -05:00
RAMELLA Sébastien f5c807590c a last round of review + rubocop 2021-03-20 01:23:43 +04:00
Spencer McIntyre 69a2eb4e43 Add a check method that relies on the version number 2021-03-19 16:48:33 -04:00
William Vu a012eddd1f Add Advantech iView CVE-2021-22652 exploit 2021-03-19 13:51:14 -05:00
RAMELLA Sébastien a81a9617fa add. aspnet_client as altenate write path 2021-03-19 22:01:41 +04:00
RAMELLA Sébastien ac573d0957 all modules code review. 2021-03-19 17:35:55 +04:00
RAMELLA Sébastien fa2fdc9b8a add. X-vDirObjectId header 2021-03-19 12:35:29 +04:00
RAMELLA Sébastien 6e34a80693 fix. OAB + code review 2021-03-19 10:19:57 +04:00
bwatters 2c1869f9df Land #14907, Add exploit for CVE-2021-1732 
Merge branch 'land-14907' into upstream-master
 2021-03-18 14:29:59 -05:00
RAMELLA Sébastien c76e04e92b adjust SID 2021-03-18 15:23:21 +04:00
Wes 42df4495a7 abb_wserver_exec - add CVE reference 
add the cve for this

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5620
https://nvd.nist.gov/vuln/detail/CVE-2019-5620

cve was assigned years after public exploit code
 2021-03-17 15:58:21 -04:00
RAMELLA Sébastien 7f80422272 replace module into a good dir 2021-03-17 23:45:13 +04:00
Wes 34674ce174 Update abb_wserver_exec.rb 
update advisory link 

#2708
 2021-03-17 09:59:15 -04:00
Spencer McIntyre 0bff88c0c0 Update the module metadata and add module docs 2021-03-16 10:40:34 -04:00
RAMELLA Sébastien 72a4b58f4b add. missing headers 2021-03-16 00:08:56 +04:00
bwatters ae5d31cb39 Land # 14776, Add Window Server 2012 SrClient DLL Hijacking local exploit module 
Merge branch 'land-14776' into upstream-master
 2021-03-15 14:34:35 -05:00
Spencer McIntyre 2e3d98a36a Move the DLL injection code into a reusable function 2021-03-15 11:47:02 -04:00
RAMELLA Sébastien d2df432eff fix. SID regex match 2021-03-15 19:38:53 +04:00
RAMELLA Sébastien 90dc3cdceb add. autodiscover check, and remove useless SID condition 2021-03-15 16:09:24 +04:00
kalba-security 98c04eae6c Remove TODO comment, update documentaton to include WAIT_FOR_TIWORKER option. 2021-03-15 07:51:12 -04:00
RAMELLA Sébastien e5c76bfe13 pass. rubocop 2021-03-15 01:16:34 +04:00
RAMELLA Sébastien 59955f0a32 add. timeout and fix. CmdStagerFLavor 2021-03-15 01:10:56 +04:00
RAMELLA Sébastien dcf2b69d6d add. exploitation module doc and some changes 2021-03-14 22:49:41 +04:00