adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
68,776 Commits 27 Branches 1,043 Tags
d15ed9d2bdf710857faaeeb671fdf8916aff38fc
Commit Graph

5325 Commits

Author SHA1 Message Date
Christophe De La Fuente 2a28af208d Land #16992, Syncovery For Linux - Auth. RCE (CVE-2022-36534) 2022-12-14 13:43:00 +01:00
Christophe De La Fuente 9582411554 Land #16991, Syncovery For Linux - Insecure Session Token Generation (CVE-2022-36536) 2022-12-14 11:30:47 +01:00
Christophe De La Fuente d6a5590c06 Land #17265, Add Exploit for CVE-2020-25736 2022-12-13 18:49:56 +01:00
space-r7 6885e576ed add note about uninstalling the helper tool 2022-12-12 16:35:44 -06:00
Spencer McIntyre 024fc87b4c Land #17272, Add F5 MCP post module 
Add F5 MCP post module
 2022-12-12 14:20:31 -05:00
whoot 771b7c58f9 change brute-forcer 2022-12-09 12:33:13 +01:00
Jan Rude 005d43f7d1 Merge branch 'rapid7:master' into syncovery_craftable_token 2022-12-09 09:34:42 +01:00
JustAnda7 293a203a03 Added path option to cmd payloads 2022-12-08 12:19:31 -06:00
Tod Beardsley 97a9fb6650 Update docs for Acronis module 
Note that uninstalling the module doesn't necessarily uninstall the vulnerable service, so call that out to people who are testing this module so they have a chance to do more thorough cleanup after testing.
 2022-12-06 11:08:31 -06:00
Christophe De La Fuente e7e2849f6d Land #17183, Zimbra fixes 2022-12-06 15:38:37 +01:00
Grant Willcox d48319a867 Land #17242, Add Gather Module for WP BookingPress Plugin unauth SQLi (CVE-2022-0739) 2022-12-05 15:04:31 -06:00
Grant Willcox cb68c255bb Fix up issues from review 2022-12-05 14:17:43 -06:00
Grant Willcox 1fec75621c Fix up documentation from review 2022-12-05 14:04:22 -06:00
Jack Heysel f29b4fad75 Add Gather Module for WP BookingPress Plugin SQLi (CVE-2022-0739) 2022-12-05 14:04:03 -06:00
bwatters 37540572e0 Land #17214, add database functionality to vcenter post module 
Merge branch 'land-17214' into upstream-master
 2022-12-05 12:50:14 -06:00
bwatters 54cd055276 Land #17286, CVE-2021-22015 vCenter priv esc 
Merge branch 'land-17286' into upstream-master
 2022-12-05 09:31:01 -06:00
Christophe De La Fuente 6e7d4edf02 Land #16990, Syncovery for Linux - Login brute-force utility 2022-12-05 14:39:29 +01:00
bcoles d90dee8235 enum_proxy: Cleanup and support non-Meterpreter sessions 2022-12-04 15:10:47 +11:00
whoot 04e5aa3033 apply suggestions 2022-12-02 16:05:01 +01:00
whoot b32ec581d8 apply suggestions 2022-12-02 10:33:25 +01:00
Christophe De La Fuente d3057f15b2 Land #17275, Add Exploit For CVE-2022-41082 (ProxyNotShell) 2022-11-30 18:16:19 +01:00
Spencer McIntyre d491c10d22 Store service credentials in the database 2022-11-30 11:59:10 -05:00
bwatters 3462dc6bf4 Land #17087, remote control collection rce 
Merge branch 'land-17087' into upstream-master
 2022-11-28 14:29:52 -06:00
Spencer McIntyre 009c6c5350 Add the MaxBackendRetries datastore option 2022-11-28 09:45:04 -05:00
adfoster-r7 0aa0884e26 Land #17296, add warning about external links 2022-11-24 10:30:44 +00:00
Spencer McIntyre 6350daf2d8 Land #17273, F5 exploit module CVE-2022-41800 
F5 exploit module CVE-2022-41800 (authenticated RCE in RPM code)
 2022-11-23 17:57:18 -05:00
Ron Bowes 28a68ede8c Merge branch 'master' into zimbra-fixes 2022-11-23 12:50:56 -08:00
Jeffrey Martin 453cfc5939 spelling change per review 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2022-11-23 13:26:19 -06:00
Ron Bowes 4fd22226fe Combine into one module with options to turn features on/off 2022-11-23 11:10:34 -08:00
Jeffrey Martin cb8e023734 add warning about external links 
Links to external resources not controlled by the project maintainers
are subject to bitrot and malicious take over. Warnings seem appropriate.
 2022-11-23 12:08:05 -06:00
Spencer McIntyre 3f58bfe11e Check that the target is Exchange Server 2019 2022-11-23 10:47:10 -05:00
h00die 181b8e4eea review comments 2022-11-21 15:53:37 -05:00
h00die d4536b24a6 remote control collection rce 2022-11-21 15:53:37 -05:00
Spencer McIntyre ed99f2f67f Bypass EEMS M1 2022-11-21 11:13:16 -05:00
h00die 6877304bac exploit for cve-2021-22015 vcenter priv esc 2022-11-20 11:29:49 -05:00
bcoles ad36f28ec1 enum_psk: Cleanup 2022-11-21 00:28:34 +11:00
h00die 7a795c5adb docs 2022-11-19 10:37:36 -05:00
h00die 9a19c4411d wrap up module additions 2022-11-19 10:37:36 -05:00
Grant Willcox 8ca7550062 Land #17257, Adding exploit for ChurchInfo 1.2.13-1.3.0 RCE (CVE-2021-43258) 2022-11-18 19:27:10 -06:00
Grant Willcox 237eb904d4 Add in fixes for documentation examples and then update the code to fix some bugs 2022-11-18 18:30:07 -06:00
Grant Willcox 713323f2cb Add in Docker setup documentation 2022-11-18 18:22:11 -06:00
Grant Willcox 85a6770973 Add additional checks, a check method, and fix up some doc errors 2022-11-18 18:22:06 -06:00
m4lwhere b9ecdb3bc2 Use TARGETURI, registered cleanup, implment cookie_jar, and perform response checks and documentation 2022-11-18 18:21:27 -06:00
m4lwhere a33a313544 Adding exploit for ChurchInfo 1.3.0 2022-11-18 18:21:08 -06:00
Spencer McIntyre bc89721d7a Add module docs, fix ProxyShell versions 2022-11-18 17:42:27 -05:00
space-r7 3d5708e3e6 Land #17271, add f5 big-ip csrf exploit 2022-11-18 16:19:09 -06:00
space-r7 162b0daf3b add new options and usage of pre-compiled exploit 
also updates documentation with new option
descriptions
 2022-11-17 17:20:41 -06:00
Christophe De La Fuente d1a7170020 Land #17021, Gitea Git fetch RCE module - CVE-2022-30781 2022-11-17 12:28:29 +01:00
Ron Bowes 944fd07502 Add three post-modules and a mixin for communicating with F5's MCP 2022-11-16 12:09:58 -08:00
Ron Bowes d0e109b842 Check in exploit module for CVE-2022-41800 2022-11-16 12:04:18 -08:00