adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
68,493 Commits 27 Branches 1,043 Tags
ddaf5a3f0db40d40ecb21ed0983e24efd3fc31e6
Commit Graph

3467 Commits

Author SHA1 Message Date
Christophe De La Fuente ddaf5a3f0d Remove unecessary return statement 2022-12-06 15:07:28 +01:00
Ron Bowes b7cf112d42 Fix an issue where the session handler would close too early on Zimbra modules 2022-11-23 13:09:47 -08:00
Ron Bowes ffbf8b303a Change a 'return 0' to 'fail_with', per Christophe's request 2022-11-23 12:51:51 -08:00
Ron Bowes 28a68ede8c Merge branch 'master' into zimbra-fixes 2022-11-23 12:50:56 -08:00
Christophe De La Fuente 494c9601ca Land #17222, Pre-authenticated Remote Code Execution in VMware NSX Manager using XStream [CVE-2021-39144] 2022-11-15 14:16:14 +01:00
h00die 59535b6799 remove 'is' 2022-11-12 16:19:50 -05:00
h00die-gr3y 70669f3fea addressed code improvement suggestions 2022-11-12 10:21:43 +00:00
H00die.Gr3y 72080910e7 Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-11-12 09:22:06 +01:00
H00die.Gr3y 85b4512292 Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-11-12 09:21:55 +01:00
H00die.Gr3y 5d314e5799 Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-11-12 09:21:42 +01:00
H00die.Gr3y 04d6a310af Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-11-12 09:16:46 +01:00
H00die.Gr3y 1ce8695401 Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-11-12 09:16:30 +01:00
H00die.Gr3y e38138d69e Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-11-12 09:16:17 +01:00
H00die.Gr3y 967388eba7 Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb 
Agreed !

Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-11-12 09:15:42 +01:00
h00die-gr3y da189041b4 randomized endpoint url 2022-11-07 08:16:54 +00:00
h00die-gr3y bf0ed5b513 fixed some typos in documentation 2022-11-05 15:36:42 +00:00
h00die-gr3y 642a83bd0d Updated module and added documentation 2022-11-05 15:14:31 +00:00
h00die-gr3y 71d1c971a7 init commit module 2022-11-04 13:31:27 +00:00
space-r7 197b37751b Land #17174, add FLIR AX8 command injection module 2022-11-01 12:41:01 -05:00
Jack Heysel 45ddcf02c9 Remove unused mix in, add low bound to check 2022-11-01 10:42:43 -05:00
Jack Heysel 2ed8dbc08d Rubocop 2022-11-01 10:42:43 -05:00
Jack Heysel 4587691d64 Fixed module to work over SSL 2022-11-01 10:42:42 -05:00
Jack Heysel 3b645ad9f4 Moved get variables from uri to vars_get 2022-11-01 10:42:42 -05:00
jheysel-r7 c810a1f5aa Update modules/exploits/linux/http/webmin_file_manager_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2022-11-01 10:42:42 -05:00
jheysel-r7 ebf7496ee2 Update modules/exploits/linux/http/webmin_file_manager_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2022-11-01 10:42:41 -05:00
jheysel-r7 0ede1ca94f Update modules/exploits/linux/http/webmin_file_manager_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2022-11-01 10:40:01 -05:00
Jack Heysel d79515c3fe Fix file cleanup 2022-11-01 10:40:00 -05:00
Jack Heysel d1e1350ef9 Updated author 2022-11-01 10:40:00 -05:00
Jack Heysel ad5b03ed96 Finished TODOs and added docs 2022-11-01 10:40:00 -05:00
Jack Heysel 9af689e130 draft module no docs 2022-11-01 10:40:00 -05:00
Jack Heysel c400a97b63 beta commit 2022-11-01 10:39:59 -05:00
Ron Bowes 4624031aec Remove errant puts 2022-10-25 10:21:47 -07:00
Ron Bowes 4979c0b74f Add a check to the cve-2022-30333 module for Zimbra that aborts before generating artifacts if the server cannot be reached 2022-10-25 10:05:16 -07:00
h00die-gr3y 3d8e18c1cb updated module with code suggestions space-r7 2022-10-25 16:38:15 +00:00
h00die-gr3y 3e78229fc0 updated module and documentation 2022-10-25 13:33:52 +00:00
bwatters 9902e9a1e4 Land #17110, check files exist before doing other things 
Merge branch 'land-17110' into upstream-master
 2022-10-24 14:20:16 -05:00
Jack Heysel 3bf4bd7d7d Land #17162, add RCE module for CVE-2022-35914 
This PR adds an RCE module for the php code injection
present in GLPI versions 10.0.2 and below
 2022-10-24 12:18:34 -04:00
jheysel-r7 3bbd05a11a Update modules/exploits/linux/http/glpi_htmlawed_php_injection.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-10-24 11:48:33 -04:00
h00die-gr3y 1c393dc596 init commit module and documentation 2022-10-21 12:50:46 +00:00
Christophe De La Fuente 4cfbae63ac Land #17114, Add exploit for CVE-2022-41352 (zimbra cpio) 2022-10-20 15:10:42 +02:00
bwatters 6039e54b75 For real, this time 2022-10-19 17:23:16 -05:00
bwatters 78e8de826b Sure; I can spell 2022-10-19 17:22:29 -05:00
bwatters 238aa9058f Fix Cmdstager flavor, complete info hash 2022-10-19 17:18:20 -05:00
bwatters 56b8bf6302 Working draft for CVE-2022-35914 2022-10-19 14:33:33 -05:00
Ron Bowes 56d6f7747b Remove some old code and update documentation with version info 2022-10-19 10:02:29 -07:00
Christophe De La Fuente c43272985e Land #17141, Zimbra Postfix priv esc 2022-10-19 10:33:37 +02:00
Ron Bowes 9a35a5c8dd Post patch info 2022-10-18 10:12:54 -07:00
Ron Bowes 6bdf0da994 Add a sanity check before generating the payload - prevents a confusing error if the server is down 2022-10-18 10:09:51 -07:00
Heyder Andrade 1804e5ab60 Update modules/exploits/linux/http/fortinet_authentication_bypass_cve_2022_40684.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-10-18 00:51:28 +02:00
Ron Bowes dea3f72f6b Resolve feedback - get rid of unnecessary directory, add CVE number, let the user choose the path 2022-10-17 15:00:56 -07:00