adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
68,776 Commits 27 Branches 1,043 Tags
d15ed9d2bdf710857faaeeb671fdf8916aff38fc
Commit Graph

33645 Commits

Author SHA1 Message Date
Grant Willcox d15ed9d2bd Land #17370, force mixin to utilize ruby_smb 2022-12-14 13:13:04 -06:00
Christophe De La Fuente 2a28af208d Land #16992, Syncovery For Linux - Auth. RCE (CVE-2022-36534) 2022-12-14 13:43:00 +01:00
Christophe De La Fuente 9582411554 Land #16991, Syncovery For Linux - Insecure Session Token Generation (CVE-2022-36536) 2022-12-14 11:30:47 +01:00
whoot 0f1e228f50 finalization 2022-12-14 08:59:53 +01:00
whoot 1f1b04e009 finalization 2022-12-14 08:38:20 +01:00
Jan Rude 0ae824e169 Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-12-14 08:07:55 +01:00
Jan Rude e16e689308 Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-12-14 08:07:45 +01:00
Jan Rude d6ba30adcf Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-12-14 08:07:35 +01:00
Jan Rude 911431c63b Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-12-14 08:07:24 +01:00
Christophe De La Fuente d6a5590c06 Land #17265, Add Exploit for CVE-2020-25736 2022-12-13 18:49:56 +01:00
Shelby Pace 0596620de7 Update modules/exploits/osx/local/acronis_trueimage_xpc_privesc.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-12-13 09:49:59 -06:00
Jan Rude 03a640fcec Update modules/auxiliary/scanner/http/syncovery_linux_token_cve_2022_36536.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-12-13 16:06:42 +01:00
Jan Rude f158cfaadd Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-12-13 16:05:56 +01:00
Jan Rude c8e301224b Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-12-13 16:05:45 +01:00
Jan Rude 53cde6d2ef Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-12-13 16:04:45 +01:00
Spencer McIntyre d09aef7dc5 Land #17350, Remove unnecesary sleep 
Remove unnecesary sleep in several bypassuac modules
 2022-12-12 17:45:10 -05:00
Jeffrey Martin 0eec36200c force mixin to utilize ruby_smb 
When refactored recently the new code expects a `RubySMB` object
this ensures the client returned meets that expectation.
 2022-12-12 16:14:09 -06:00
space-r7 13a557013c support 2021 version of software 
specifically, the exploit will now search
for com.acronis.helpertool in addtion to the
2020 helper tool name. This also updates the
check() method to return CheckCode::Detected
for when we find the vulnerable service but
can't detect the build number
 2022-12-12 15:53:35 -06:00
Spencer McIntyre 5a66666b4d Fix check methods by using #present? 2022-12-12 16:53:34 -05:00
Spencer McIntyre 024fc87b4c Land #17272, Add F5 MCP post module 
Add F5 MCP post module
 2022-12-12 14:20:31 -05:00
whoot 771b7c58f9 change brute-forcer 2022-12-09 12:33:13 +01:00
Jan Rude 005d43f7d1 Merge branch 'rapid7:master' into syncovery_craftable_token 2022-12-09 09:34:42 +01:00
whoot c1d090334c apply suggestions 2022-12-09 09:31:20 +01:00
Ashley Donaldson 8d097e0fd0 Fixes bug in s4u_persistence module 2022-12-09 11:24:16 +11:00
Ashley Donaldson c54109586c Remove unnecesary sleep in several bypassuac modules 2022-12-09 11:09:19 +11:00
JustAnda7 293a203a03 Added path option to cmd payloads 2022-12-08 12:19:31 -06:00
Grant Willcox 77bda68932 Add in more constants for the SCAL flags and use them to make the code easier to read 2022-12-07 10:48:07 -06:00
Grant Willcox e7d72e0ecf Allow multiple controls to be specified 2022-12-06 23:21:48 -06:00
Grant Willcox fd8bdf4daf Make sure we use the LDAP_SERVER_SD_FLAGS_OID flag and set it to 7 when retrieving entries so that we don't retrieve the SACL, which cannot be retrieved by nonadmin users. 2022-12-06 22:54:03 -06:00
space-r7 9c7355388c add attackerkb link 2022-12-06 11:19:05 -06:00
Christophe De La Fuente e7e2849f6d Land #17183, Zimbra fixes 2022-12-06 15:38:37 +01:00
Christophe De La Fuente ddaf5a3f0d Remove unecessary return statement 2022-12-06 15:07:28 +01:00
Christophe De La Fuente aaef7726db Land #17330, Fix enumerating emails via ProxyShell 2022-12-06 14:02:53 +01:00
Grant Willcox d48319a867 Land #17242, Add Gather Module for WP BookingPress Plugin unauth SQLi (CVE-2022-0739) 2022-12-05 15:04:31 -06:00
Grant Willcox cb68c255bb Fix up issues from review 2022-12-05 14:17:43 -06:00
Redouane NIBOUCHA 4b008d6ea8 revert the identify_hash line 2022-12-05 14:17:39 -06:00
Redouane NIBOUCHA 41edc92d5d Update wp_bookingpress_category_services_sqli to use the SQLi library 2022-12-05 14:17:31 -06:00
Grant Willcox 1fec75621c Fix up documentation from review 2022-12-05 14:04:22 -06:00
Jack Heysel f29b4fad75 Add Gather Module for WP BookingPress Plugin SQLi (CVE-2022-0739) 2022-12-05 14:04:03 -06:00
bwatters 37540572e0 Land #17214, add database functionality to vcenter post module 
Merge branch 'land-17214' into upstream-master
 2022-12-05 12:50:14 -06:00
bwatters 54cd055276 Land #17286, CVE-2021-22015 vCenter priv esc 
Merge branch 'land-17286' into upstream-master
 2022-12-05 09:31:01 -06:00
Christophe De La Fuente 6e7d4edf02 Land #16990, Syncovery for Linux - Login brute-force utility 2022-12-05 14:39:29 +01:00
cgranleese-r7 8e9e8468f2 Land #17338, Lint modules 2022-12-05 13:17:40 +00:00
adfoster-r7 0d3c1dc122 Land #17333, Fix typos: Replace 'the the' with 'the' 2022-12-05 11:46:27 +00:00
adfoster-r7 14d05c9c6c Lint modules 2022-12-05 10:41:31 +00:00
bcoles c1ff9337c8 dnn_cookie_deserialization_rce: Remove empty 'Payload' Hash key 2022-12-04 17:50:24 +11:00
bcoles 431804ef15 Fix typos: Replace 'the the' with 'the' 2022-12-04 17:41:24 +11:00
bcoles d90dee8235 enum_proxy: Cleanup and support non-Meterpreter sessions 2022-12-04 15:10:47 +11:00
Spencer McIntyre 96da805014 Fix enumerating emails via ProxyShell 
The ResolveNames endpoint used to gather emails addresses for targeting
only returns 100 at a time. This updates the module to check if the
search result contains all entries and when it does, it recurses into
itself with a refined search prefix. All results are returned to match
the original functionality instead of enumerating and halting once one
that's suitable for exploitation has been found.
 2022-12-02 15:58:50 -05:00
whoot 04e5aa3033 apply suggestions 2022-12-02 16:05:01 +01:00