adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
68,776 Commits 27 Branches 1,043 Tags
d15ed9d2bdf710857faaeeb671fdf8916aff38fc
Commit Graph

19335 Commits

Author SHA1 Message Date
Christophe De La Fuente 9582411554 Land #16991, Syncovery For Linux - Insecure Session Token Generation (CVE-2022-36536) 2022-12-14 11:30:47 +01:00
adfoster-r7 f6ed9ef12d Extract db command helpers to standalone module 2022-12-13 17:01:49 +00:00
Spencer McIntyre 024fc87b4c Land #17272, Add F5 MCP post module 
Add F5 MCP post module
 2022-12-12 14:20:31 -05:00
adfoster-r7 2ea880c799 Show ssh key with verbose creds command 2022-12-10 00:08:54 +00:00
Grant Willcox c84b2a67d7 Land #17345, Update report api to return nil when no active db 2022-12-09 14:02:28 -06:00
Grant Willcox b65b0a7bc5 Land #17352, Fixes crash in meterp when file_version asks for a file that doesn't exist 2022-12-09 12:10:29 -06:00
Grant Willcox e29d9effba Land #17346, Update rspec thread counting logic 2022-12-09 10:32:55 -06:00
whoot 771b7c58f9 change brute-forcer 2022-12-09 12:33:13 +01:00
Ashley Donaldson 99e576d023 Fixes crash in meterp when file_version asks for a file that doesn't exist 2022-12-09 11:55:29 +11:00
Metasploit 06b72a0b1c Bump version of framework to 6.2.31 2022-12-08 12:12:22 -06:00
Spencer McIntyre 2fc8b0a7a6 Add GitHub refereces to the patch details 2022-12-08 10:47:44 -05:00
adfoster-r7 aba9cba9dd Update rspec thread counting logic 2022-12-08 00:28:00 +00:00
adfoster-r7 8f22d24577 Update report api to return nil when no active db 2022-12-07 23:09:59 +00:00
Grant Willcox e7b20ad155 Add in monkey patch to the search method of Net::LDAP::Connection to allow us to use controls when search whilst we await an upstream patch in Net::LDAP 2022-12-07 15:17:52 -06:00
bwatters 37540572e0 Land #17214, add database functionality to vcenter post module 
Merge branch 'land-17214' into upstream-master
 2022-12-05 12:50:14 -06:00
Christophe De La Fuente 6e7d4edf02 Land #16990, Syncovery for Linux - Login brute-force utility 2022-12-05 14:39:29 +01:00
adfoster-r7 7a46cff0a1 Land #17305, Adds support to RPC for automatically choosing module payload defaults 2022-12-05 12:59:21 +00:00
cgranleese-r7 4e539df3c3 Adds support to find default payloads 2022-12-05 11:52:11 +00:00
bcoles 431804ef15 Fix typos: Replace 'the the' with 'the' 2022-12-04 17:41:24 +11:00
whoot b32ec581d8 apply suggestions 2022-12-02 10:33:25 +01:00
h00die 7ec7cdfb97 fix vcenter spec error 2022-12-01 16:43:58 -05:00
Metasploit fbc842693f Bump version of framework to 6.2.30 2022-12-01 12:10:26 -06:00
Christophe De La Fuente d3057f15b2 Land #17275, Add Exploit For CVE-2022-41082 (ProxyNotShell) 2022-11-30 18:16:19 +01:00
Spencer McIntyre 8ea8e2410d Land #17299, Fixes #17227 
Fixes #17227 - polkit_dbus_auth_bypass module when run from a command…
 2022-11-28 16:22:52 -05:00
Spencer McIntyre f24df8a051 Change an exception class and drop DOMAIN passing 2022-11-28 10:06:14 -05:00
Spencer McIntyre 009c6c5350 Add the MaxBackendRetries datastore option 2022-11-28 09:45:04 -05:00
Ashley Donaldson 638a1c8f78 Prevent double-delimiter situations in general 2022-11-25 15:32:55 +11:00
Metasploit ed954eec0c Bump version of framework to 6.2.29 2022-11-24 12:09:06 -06:00
Ron Bowes e981dde15f Move the mcp-objects out of the class and into a data/ file (per Jeffrey's request) 2022-11-23 12:49:00 -08:00
Spencer McIntyre 3805a79079 Add support for Exchange Data Access Group (DAG) 
This updates the HttpSsrf class to retry requests to the Powershell
backend when they fail because they were routed to a new server. Now
when the transport is initialized, it will store the backend used by the
first successful request.
 2022-11-23 15:37:58 -05:00
Spencer McIntyre 45391b1714 Land #17279, ducky-script format for msfvenom 
ducky-script format for msfvenom (flipper zero compatible)
 2022-11-23 09:05:57 -05:00
Spencer McIntyre 2265370c5f Land #17288, Add #bit_names to MsDtypAccessMask 
Support for Windows Access mask to MsDtypAccessMask
 2022-11-22 09:01:16 -05:00
JustAnda7 28157b677b Support for Access Mask in MsDtypAccess 2022-11-22 04:50:54 -05:00
h00die 637ad5f809 make ducky more psh friendly 2022-11-21 17:55:48 -05:00
h00die 40f97995f8 review comment 2022-11-19 10:37:36 -05:00
h00die f12c660652 review comments 2022-11-19 10:37:36 -05:00
h00die 9a19c4411d wrap up module additions 2022-11-19 10:37:36 -05:00
h00die dff9b35d56 add database stuff to vcenter post module 2022-11-19 10:37:36 -05:00
h00die 29b7fa5336 ducky_script format for msfvenom 2022-11-18 17:02:52 -05:00
Spencer McIntyre 29d57dde66 Consolidate into ProxyMaybeShell 2022-11-18 17:01:01 -05:00
adfoster-r7 7dcf65d7c3 Fix python reverse http stager crash 2022-11-18 14:32:36 +00:00
Metasploit 39da40e4b5 Bump version of framework to 6.2.28 2022-11-17 12:21:32 -06:00
Christophe De La Fuente d1a7170020 Land #17021, Gitea Git fetch RCE module - CVE-2022-30781 2022-11-17 12:28:29 +01:00
Ron Bowes 944fd07502 Add three post-modules and a mixin for communicating with F5's MCP 2022-11-16 12:09:58 -08:00
Spencer McIntyre b4f285d9b2 Land #17243, Improve railgun tlv packet logging 
Improve tlv packet logging for railgun
 2022-11-16 09:26:07 -05:00
Jeffrey Martin fa125e1943 Land #17261, Fix Port Forwarding For Ruby 3 2022-11-15 08:27:00 -06:00
Spencer McIntyre 2459371a47 Print the portfwd relay more descriptively 
Closes #17158

This updates the output of the portfwd command to show if it's a forward
(normal) portforward or if it's a reverse port forward where the
compromised host is the one listening.
 2022-11-15 08:50:23 -05:00
Spencer McIntyre 218e8c2d0c Fix a Ruby 3 syntax issue 
Closes #17124

This fixes a Ruby 3 syntax issue in how the parameters are passed. The
issue caused TcpServerChannels to fail to enqueue new client
connections.
 2022-11-14 17:01:51 -05:00
Spencer McIntyre eff9a16e00 Use the access mask data type 
Also switch from bit16 to uint16 so it's little endian.
 2022-11-14 12:27:38 -05:00
cgranleese-r7 ef28a963bf Adds error handling for users who do not have git available on their machine 2022-11-11 13:33:39 +00:00