adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
45,007 Commits 27 Branches 1,043 Tags
d78f2e7bbda0f85d65c8790b9a1300a70046e97e
Commit Graph

1527 Commits

Author SHA1 Message Date
William Vu 012de0f6b1 Land #10038, struts_code_exec_parameters EXE fix 2018-05-17 08:16:33 -07:00
William Vu cbac801b88 Land #8727, CVE-2017-9791 exploit 2018-05-17 08:16:33 -07:00
Jacob Robles b2b97db28b Land #9878, Add MSF module for EDB 6768, Mantis <= v1.1.3 Post-auth RCE 2018-05-09 17:48:53 -07:00
Jacob Robles dcbc871883 Land #9988, playsms_uploadcsv_exec 2018-05-07 09:35:08 -07:00
Jacob Robles 75196b4fc6 Land #9944, playsms_filename_exec.rb 2018-05-07 09:35:08 -07:00
Jacob Robles 8739befa70 Land #9821, osCommerce 2.3.4.1 - Remote Code Execution 2018-05-03 09:21:02 -07:00
Chris Higgins ded6a50883 Land #8539, ProcessMaker Plugin Upload exploit 2018-04-04 19:06:18 -07:00
William Vu b870091380 Land #9423, PSH for jenkins_xstream_deserialize 2018-03-27 14:21:47 -05:00
h00die c56e571b18 Land #9702 exploit for clipbucket 2018-03-27 13:55:43 -05:00
Aaron Soto 395320ba97 Land #9379, Oracle Weblogic RCE exploit and documentation 2018-01-26 18:08:56 -06:00
William Vu 366a20a4a4 Fix #9215, minor style nitpick 2018-01-03 23:11:51 -06:00
William Vu a1d43c8f33 Land #9215, new Drupageddon vector 2018-01-03 14:45:32 -06:00
William Vu e9b9c80841 Fix #9307, credit to @r0610205 2017-12-18 03:55:01 -06:00
William Vu 76823e9fe6 Land #9183, Jenkins Groovy XStream RCE 2017-12-18 03:38:27 -06:00
WhiteWinterWolf bfd5c2d330 Keep the initial option name 'ADMIN_ROLE' 2017-11-22 22:03:56 +01:00
WhiteWinterWolf 2be3433bdb Update references URLs 2017-11-17 13:27:35 +01:00
WhiteWinterWolf a636380e4b Merge the new method into drupal_drupageddon.rb 2017-11-17 13:00:15 +01:00
WhiteWinterWolf 704514a420 New exploit method for Drupageddon (CVE-2014-3704) 
This new script exploits the same vulnerability as
 *exploits/multi/http/drupal_drupageddon.rb*, but in a more efficient way.
 2017-11-16 20:47:44 +01:00
Adam Cammack 4219959c6d Bump ranking to Excellent 2017-11-15 15:00:47 -06:00
Steven Patterson df2b62dc27 Add Mako Server CMD injection Linux support, update docs, move to multi 2017-11-10 16:28:39 -05:00
attackdebris 500bde1150 get_vars tweak 2017-11-09 04:16:34 -05:00
attackdebris a04bc0a25b Add get_vars, remove a https instance 2017-11-08 16:30:59 -05:00
attackdebris 7173e7f4b4 Add CVE to module description 2017-11-07 11:05:14 -05:00
attackdebris 371f3c333a This commit adds the jenkins_xstream_deserialize module 2017-11-07 09:46:42 -05:00
Jeffrey Martin cfaa34d2a4 more style cleanup for tomcat_jsp_upload_bypass 2017-10-11 15:53:35 -05:00
Jeffrey Martin 9885dc07f7 updates for style 2017-10-11 15:29:47 -05:00
root 03e7797d6c fixed msftidy errors and added documentation 2017-10-11 07:57:01 -04:00
peewpw facc38cde1 set timeout for DELETE request 2017-10-09 21:53:31 -04:00
peewpw be8680ba3d Create tomcat_jsp_upload_bypass.rb 
Created a module for CVE-2017-12617 which uploads a jsp payload and executes it.
 2017-10-08 21:48:47 -04:00
h00die 7535fe255f land #8736 RCE for orientdb 2017-10-06 14:35:42 -04:00
Tod Beardsley 5f66b7eb1a Land #8940, @h00die's second round of desc fixes 
One ninja edit along the way as well.
 2017-09-11 13:05:13 -05:00
Brent Cook 54a62976f8 update versions and add quick module docs 2017-09-08 13:59:29 -05:00
William Vu 978fdb07b0 Comment out PSH target and explain why 
I hope we can fix the PSH target in the future, but the Windows dropper
works today, and you can specify a custom EXE if you really want.
 2017-09-08 13:41:06 -05:00
Pearce Barry 2ebf53b647 Minor tweaks... 2017-09-08 10:04:47 -05:00
h00die 00c593e0a2 55 pages of spelling done 2017-09-07 21:18:50 -04:00
William Vu a9a307540f Assign cmd to entire case and use encode for XML 
Hat tip @acammack-r7. Forgot about that first syntax!
 2017-09-07 19:36:08 -05:00
William Vu 8f1e353b6e Add Apache Struts 2 REST Plugin XStream RCE 2017-09-07 19:30:48 -05:00
Tod Beardsley 86db2a5771 Land #8888 from @h00die, with two extra fixes 
Fixes spelling and grammar in a bunch of modules. More to come!
 2017-08-31 14:37:02 -05:00
Brent Cook 202c936868 Land #8826, git submodule remote command execution 2017-08-29 18:11:32 -05:00
Brent Cook 46eeb1bee0 update style 2017-08-29 17:44:39 -05:00
Tim 39299c0fb8 randomize submodule path 2017-08-29 16:54:08 +08:00
h00die a40429158f 40% done 2017-08-28 20:17:58 -04:00
n00py 8f17d536a7 Update phpmailer_arg_injection.rb 
Removed second parameter as it was not necessary.  Only changed needed was to change "send_request_cgi" to "send_request_cgi!"
 2017-08-24 00:29:28 -06:00
n00py c49b72a470 Follow 301 re-direct 
I found that in some cases, the trigger URL cannot be accessed directly.  For example, if the uploaded file was example.php, browsing to "example.php" would hit a 301 re-direct to "/example".  It isn't until hitting "/example" that the php is executed.  This small change will just allow the trigger to follow one 301 redirect.
 2017-08-23 18:53:54 -06:00
Brent Cook eabe4001c2 Land #8492, Add IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution module 2017-08-20 18:48:22 -05:00
Tim 7881a7ddc4 git submodule command exec 2017-08-13 11:47:44 +08:00
thesubtlety 7e860571ae fix bug where api_token auth was being used without token being set 2017-08-09 12:30:26 -04:00
thesubtlety 9bb102d72d add jenkins v2 cookie support 2017-08-09 12:29:31 -04:00
Ricardo Almeida 4845b4b1fa Orientdb 2.2.x RCE - Fix regular expression for version detection 2017-07-26 14:35:05 +01:00
Ricardo Almeida 30664924c8 Orientdb 2.2.x RCE - Reverted to send_request_raw due to issues exploiting windows boxes 2017-07-26 13:59:14 +01:00