adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
63,733 Commits 27 Branches 1,043 Tags
d3d9acf1e4dca483bf09c3cb57dff60ab962cf47
Commit Graph

3177 Commits

Author SHA1 Message Date
adfoster-r7 a62ca2259e Land #16316, deref services correctly 2022-03-11 12:08:42 +00:00
Ashley Donaldson 1576fd720e Remove another redundant cleanup 2022-03-11 12:17:30 +11:00
space-r7 b747e55dda Land #16303, add Dirty Pipe exploit 2022-03-10 11:16:28 -06:00
space-r7 872b9c9a7c modify docs to reflect changes, remove 'return' 2022-03-10 10:39:32 -06:00
space-r7 2f86c78c91 remove check mode, check by kernel version only 2022-03-10 10:02:05 -06:00
Tim W 472c26924a fix kernel version check 2022-03-10 07:47:58 +00:00
Ashley Donaldson 9761d68c19 Rename stop_service to cleanup_service for services that use reference counting 2022-03-10 10:28:25 +11:00
bwatters 5505d05d04 Maybe actually fix arch check this time... 2022-03-09 11:06:26 -06:00
Tim W 955cc9c986 fix cross compiling 2022-03-09 06:59:25 +00:00
Tim W b5e88f24df feedback from space 2022-03-09 06:06:53 +00:00
bwatters ae0f1729c1 Update arch check 2022-03-08 18:21:34 -06:00
bwatters fb7f2ba326 Fix arch check and on_session cd 2022-03-08 13:16:32 -06:00
Tim W a195c65121 change default suid binary from /usr/bin/sudo to /bin/passwd 2022-03-08 16:37:07 +00:00
Tim W 300ab51079 feedback from jvoisin 2022-03-08 16:22:31 +00:00
Tim W 0c7806222f msftidy 2022-03-08 10:28:04 +00:00
Tim W a614f9c2aa add a description and PrependFork 2022-03-08 10:17:06 +00:00
Tim W 7ca6a28c05 embed payload inside exploit and add check method 2022-03-08 09:51:49 +00:00
Tim W 5bd48d0a7d initial commit of dirtypipe 2022-03-07 15:49:27 +00:00
adfoster-r7 ad2fab6fee Land #16153, read full response on smtp send/recv 2022-03-04 01:24:46 +00:00
Spencer McIntyre 6be3443680 Land #16103, LPE in polkit's pkexec (CVE-2021-4034) 2022-03-03 09:24:11 -05:00
Spencer McIntyre 0463373756 Simplify finding pkexec 2022-03-03 09:19:45 -05:00
bwatters e649fe3f69 Fix some markdown issues, update docs and add arch check for payloads 2022-03-02 16:30:52 -06:00
bwatters 06e897436c Add Fedora results to docs and some minor final cleanup 2022-03-02 09:12:01 -06:00
bwatters 58aed837b2 Update docs and options 2022-03-01 14:48:48 -06:00
bwatters 0516badd8e Change the way we cd after new session is created 2022-03-01 14:20:07 -06:00
bwatters ecaf8b1ba9 Land #16204, Hikvision Unauthenticated RCE (CVE-2021-36260) 
Merge branch 'land-16204' into upstream-master
 2022-02-25 16:37:08 -06:00
Grant Willcox 217afa0f3b Land #16190, Axis Camera App RCE (No CVE) 2022-02-25 11:35:03 -06:00
Grant Willcox 1e0db45f1d Add small note about ARMLE stager for future travelers 2022-02-25 11:34:31 -06:00
Jake Baines 2bec5c425f Change CheckCode to Appears 2022-02-25 08:32:06 -08:00
Jake Baines 1facfe4a2f Alter upload filename. 2022-02-25 02:53:52 -08:00
Jake Baines d055a7d811 Altered some randomization, the json extracted by check, and fixed some wording 2022-02-24 18:48:21 -08:00
Jake Baines 48072b6554 Fix rubcop complaint introduced in suggestion commit 2022-02-24 18:28:38 -08:00
Jake Baines 454eba2438 Apply suggestions from code review 
Added changes suggested by @gwillcox-r7

Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2022-02-24 21:25:09 -05:00
Jake Baines 9f05a7d11a Removed unneeded custom timeout 2022-02-24 08:13:04 -08:00
Jake Baines 3739dad470 Updated to use print_bad instead of fail_with for application removal errors. Also included instructions on how to manually remove the application 2022-02-24 07:44:34 -08:00
Jake Baines e1616a520f Fixed a couple of typos. Changed a CheckCode. Randomized the replaced tmp file name 2022-02-24 06:38:36 -08:00
Jake Baines 4cd3563bc7 Initial commit of exploit for CVE-2021-36260 2022-02-19 13:13:24 -08:00
bwatters f311bd4fce Remove duplicate warning 2022-02-18 16:31:35 -06:00
bwatters 3ea032472d Updated exploit with better check method, added OnSessionCmd option 
to run a command when a session is bootstrapped, added more
documentation.
 2022-02-18 16:30:47 -06:00
h00die d5ba1afbec fix URLs not resolving 
fix URLs not resolving

add csv export to references

fix URLs not resolving

pdf not pd

missed a url change

remove extra recirectedfrom fields

remove extra file

fix ovftool url accidental replacement
 2022-02-16 17:22:40 -06:00
Jake Baines 5ac3330802 Initial commit of Axis camera app install exploit 2022-02-14 17:54:18 -08:00
Jeffrey Martin af3fa09896 refactor smtp delivery to support continuation 
When dealing with SMTP servers the communication needs to flow
a known protocol. To ensure the socket is in the correct state
after a send and receive it needs to be read until a line return
a response code followed by a `space` and additional data and `\r\n`
or the response code immediately followed by `\r\n` is returned.
 2022-02-14 16:55:49 -06:00
Dhiraj Mishra 3f2d6b6c22 adding authors and removing C exploit reference 2022-02-12 11:52:23 +04:00
bwatters 74521c8ced Update check for supported CentOS, Ubuntu, and Debian Targets 2022-02-11 20:30:05 -06:00
space-r7 db00991f26 Land #16150, add nagios xi web shell upload 2022-02-11 11:45:06 -06:00
Jake Baines e1da95243f Always clean up the created job 2022-02-10 17:39:07 -08:00
bwatters 9635fde12d Add support and templates for aarch64 targets 2022-02-10 10:49:02 -06:00
Jake Baines e18492a88a Update modules/exploits/linux/http/nagios_xi_autodiscovery_webshell.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2022-02-09 15:35:38 -05:00
Jake Baines 0a78dd78ec Used suggested method for defining user webshell, used suggested depth configuration, and used vars_get in a couple of places 2022-02-08 18:20:03 -08:00
bwatters d1ba43e4c8 Remove hard-coded values 2022-02-08 16:00:20 -06:00