adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
64,212 Commits 27 Branches 1,043 Tags
d210d2fd2be3e7bbfcf61a660cf79a5bfc40d4a0
Commit Graph

3252 Commits

Author SHA1 Message Date
Grant Willcox 93334b56ef Properly credit Azeria and also include blog post at her request 2022-05-11 18:43:27 -05:00
Grant Willcox 8dbd6f3334 Change default target to 1 so we get benefit of avoiding some timeout issues since Unix Command may still cause server's REST API to time out at times. 2022-05-11 16:43:37 -05:00
Grant Willcox 196aac6b42 Add in PrependFork and MeterpreterTryToFork options as default to fix timeout issues and potential failure cases due to server not responding 2022-05-11 16:43:36 -05:00
Grant Willcox 27169c4ae1 Add in missing CmdStager library, add some more attribution, and add in PoC link 2022-05-11 16:43:36 -05:00
Grant Willcox 6354d7a055 Redo explanation of exploit in documentation to appropriately account for various nuances. Also update exploit title and description accordingly. 2022-05-11 16:43:36 -05:00
Heyder Andrade 1bc2616c19 Update modules/exploits/linux/http/f5_icontrol_rce.rb 
Co-authored-by: wvu <4551878+wvu@users.noreply.github.com>
 2022-05-11 16:43:13 -05:00
Heyder Andrade 208367d735 Improved check method reliability 
Extra modifications:
- Promote advanced options HttpUsername and HttpPassword
	- password is not really necessary, but if one have credential, can
	  use this module as an exec
- Fixed print statement on check
- Splitted execute_command in two, because we also send a command on the check
  methods, however we don't need the checks that are in the execute_command
 2022-05-11 16:43:12 -05:00
Heyder Andrade 55163b86d6 Improvements 
- Change module name and description
- Added author from the PoC
- Added reference
- Added payloads, targets and notes
- Removed headers used during the tests
 2022-05-11 16:43:11 -05:00
Heyder Andrade 77f60eb21e Added module and documentation for f5 icontrol RCE (CVE-2022-1388) 2022-05-11 16:43:00 -05:00
Grant Willcox 1c934b87b4 Land #16169, Add sploit for Cisco RV340 SSL VPN - CVE-2022-20699 2022-05-11 10:15:08 -05:00
Grant Willcox 68fdb103fe Add in final touch ups to documentation to fix a typo or two for formatting. Also update exploit ranking since this exploit doesn't retrieve version information before exploiting and is not 100% reliable so Excellent ranking isn't appropriate 2022-05-11 09:39:47 -05:00
Jack Heysel 481699ed8f Land #16530, PiHole module to not wait for sudo 
Update PiHole pihole_remove_commands_lpe module
to no wait for sudo input
 2022-05-04 14:57:29 -07:00
sjanusz bc489fef91 Update PiHole module to not wait for sudo input 2022-05-04 17:24:43 +01:00
William Vu 6532365dc8 Deregister VHOST 2022-05-03 11:52:50 -05:00
William Vu 8c0cd40a19 Fix VMware Workspace ONE Access CVE-2022-22954 2022-05-03 10:39:58 -05:00
William Vu b2994aa8d8 Add words 2022-05-03 01:13:45 -05:00
William Vu 9a980d068d Link to freemarker.template.utility.Execute docs 2022-05-03 01:00:46 -05:00
William Vu 612e3d6f13 Add another tested SSTI param 2022-05-03 00:30:12 -05:00
William Vu 333681b6da Add other tested SSTI URIs 2022-05-03 00:02:21 -05:00
William Vu a71ded0da8 Update PoC credit 2022-05-02 23:41:43 -05:00
William Vu fa09487ee1 Refactor code, once more with feeling 2022-05-02 22:27:52 -05:00
William Vu 135a81ebc2 Refactor code 2022-05-02 21:53:17 -05:00
William Vu bf7d3e1c32 Add VMware Workspace ONE Access CVE-2022-22954 2022-05-02 18:51:46 -05:00
Jake Baines 1b119a845c Fixed handling of victim response 2022-04-26 12:34:45 -07:00
Jake Baines ec37ebc617 Update modules/exploits/linux/redis/redis_debian_sandbox_escape.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2022-04-26 14:43:03 -04:00
Jake Baines d20fd996bd Fix spelling mistakes 2022-04-26 03:38:23 -07:00
Jake Baines 71a4023c0d Initial commit of Redis sandbox escape CVE-2022-0543 2022-04-26 03:32:11 -07:00
Grant Willcox e2c6c36b2b Land #1642, Add module for cve-2022-0995 2022-04-21 09:12:47 -05:00
bwatters 9cba9576cd Keep code reusable and fix some logical complexities 2022-04-21 07:44:40 -05:00
Grant Willcox 69b54c8448 Add in additional validation to check methods to address bcoles's comments and also to prevent issues with fail_with being used inside a check method 2022-04-20 19:50:08 -05:00
Grant Willcox f33e3f45c1 RuboCop compliance for PacketStorm 2022-04-20 19:09:14 -05:00
Grant Willcox 78d4ac8592 Update module reliability and also fix issues from bcoles's review 2022-04-20 19:04:27 -05:00
bwatters 26f9175816 Update c source with argc check and CRASH notes for module 2022-04-20 17:37:48 -05:00
bwatters d9a241defb Fix overzealous source code edit and some version copy/pasta errors 2022-04-20 14:31:32 -05:00
Jack Heysel 4417a335ff Land #16379, Make SSH defaults widely used 
Refactored a number of modules to use ssh_client_defaults
 2022-04-19 22:08:45 -07:00
Grant Willcox a756df5400 Add in missing RuboCop note sections 2022-04-19 16:40:57 -05:00
Brendan Coles 94ed9ae28b Modules: Prefer CVE references over cve.mitre.org URL references 2022-04-19 20:42:23 +00:00
Heyder Andrade fd6c8aa3d5 Lint msftidy 2022-04-18 23:36:23 +02:00
Heyder Andrade b363a7e403 Merge branch 'fix/ssh_defaults_usage' of github.com:heyder/metasploit-framework into fix/ssh_defaults_usage 2022-04-18 20:19:36 +02:00
Heyder Andrade 4252fe01e6 Rubocop 2022-04-18 20:17:44 +02:00
Heyder Andrade 9e54830f93 Making SSH defaults widely used 2022-04-18 20:16:34 +02:00
Heyder Andrade bdc69d8399 Rubocop 2022-04-18 20:14:57 +02:00
Heyder Andrade 83793b6df7 Making SSH defaults widely used 2022-04-18 20:12:04 +02:00
Heyder Andrade 91c08b3fac Rubocop 2022-04-18 20:09:52 +02:00
Heyder Andrade 244d04fa4f Making SSH defaults widely used 2022-04-18 20:08:27 +02:00
Heyder Andrade 42d7e4f3b7 Rubocop 2022-04-18 20:05:46 +02:00
Heyder Andrade fcef6dd515 Making SSH defaults widely used 2022-04-18 19:46:51 +02:00
Heyder Andrade 0058a3aef0 Rubocop 2022-04-18 19:43:16 +02:00
Heyder Andrade 5388ac5613 Making SSH defaults widely used 2022-04-18 19:36:37 +02:00
Heyder Andrade 6f1a6ce712 Rubocop 2022-04-18 19:34:49 +02:00