adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
60,728 Commits 27 Branches 1,043 Tags
e0f6700a7edb71ddb9cda4a2bcf6e065fa485adf
Commit Graph

2916 Commits

Author SHA1 Message Date
adfoster-r7 ac2c467121 Land #15011, Enhance analyze command API to understand modules' needs 2021-05-14 14:30:33 +01:00
William Vu 637e9cff48 Update vmware_vrops_mgr_ssrf_rce documentation 2021-05-06 18:30:20 -05:00
Mehmet INCE bf0551979f Fix the module according to the review 2021-05-03 12:29:00 +03:00
Mehmet INCE 06157601df Remove SCREEN_EFFECTS from sideeffects 2021-05-03 11:14:43 +03:00
Mehmet INCE 9e04805c0e Adding check method to gravcms exec 2021-05-03 11:14:43 +03:00
Mehmet INCE e3d05395de Add GravCMS exec 2021-05-03 11:14:42 +03:00
William Vu d433c0fd12 Fix typo 2021-04-30 23:29:24 -05:00
Shelby Pace 0535489703 Land #14947, add IGEL OS RCE 2021-04-30 15:49:11 -05:00
Shelby Pace de22236902 add AutoCheck and update docs output 2021-04-30 15:38:57 -05:00
Rob V 41fe16463d switching to CmdStager 
- had to switch away from python payload to appease CmdStager
- removed systemd service adjustments preferring to use sleep to avoid rate limits
- updated check function to accomodate more current vulnerable version information in vendor advisory
 2021-04-30 12:53:33 -04:00
Spencer McIntyre 994825dcc9 Land #15090, Add exploit for CVE-2021-22502 2021-04-29 14:09:28 -04:00
Spencer McIntyre b2142aada7 Land #15086, Add exploit for CVE-2020-11857 2021-04-29 11:47:17 -04:00
Spencer McIntyre 4373b464ce Update the markdown module docs a bit 2021-04-29 11:46:40 -04:00
Shelby Pace a4af80d3e1 Land #15005, add VMware vRealize SSRF RCE 2021-04-27 09:19:55 -05:00
Shelby Pace 363db0e271 Land #14977, add Apache Druid js rce 2021-04-26 12:01:19 -05:00
Pedro Ribeiro 07d82cde93 fix timeout errors in rubocop 2021-04-23 22:10:38 +07:00
Pedro Ribeiro 02ce5a1724 Update modules/exploits/linux/http/microfocus_obr_cmd_injection.rb 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2021-04-23 22:01:05 +07:00
Pedro Ribeiro 58e00b582e Update modules/exploits/linux/http/microfocus_obr_cmd_injection.rb 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2021-04-23 22:00:55 +07:00
Pedro Ribeiro 651a34af53 add sploit for MF OBR cmd injection 2021-04-23 21:04:36 +07:00
Pedro Ribeiro 02656a2c31 add clarification - it's for linux only 2021-04-23 19:23:18 +07:00
Pedro Ribeiro 9a779fef79 add ZDI id 2021-04-23 15:15:09 +07:00
Pedro Ribeiro 30c333b30d fix typo in shrboadmin 2021-04-23 15:03:34 +07:00
Pedro Ribeiro 71f5955b42 add OBR SSH module 2021-04-23 15:00:06 +07:00
William Vu a62d1dfbcd Add some details back in 2021-04-21 16:02:21 -05:00
William Vu 5111caf536 Address @gwillcox-r7 review 
New words from @gwillcox-r7.
 2021-04-21 13:10:21 -05:00
William Vu 22433d5b2c Add clarifying comment 2021-04-21 10:42:10 -05:00
William Vu 08907a5e3a Add VMware vRealize Operations Manager SSRF RCE 
CVE-2021-21975 + CVE-2021-21983
 2021-04-21 10:42:10 -05:00
Grant Willcox 7b7e521d6c Fix up a wrong type field value and set it back to 1 from 2 in the send_exploit() function, since this was causing the exploit to fail 2021-04-20 17:45:51 -05:00
Grant Willcox e0f13e44d1 Land #14699, Add Nagios XI snmptrap RCE and docs (CVE-2020-5792) 2021-04-20 14:30:45 -05:00
Grant Willcox f241a050b8 Apply review comments and fixes to documentation and the module 2021-04-20 12:38:34 -05:00
Grant Willcox fcdd47e8f5 Land #15064 - Fix Rex::Socket::SSHFactory NameError in exploit/linux/ssh/f5_bigip_known_privkey 2021-04-20 10:41:42 -05:00
William Vu 8d71cfc024 Fix SSHFactory NameError in f5_bigip_known_privkey 
This could probably be refactored to use Msf::Exploit::Remote::SSH.
 2021-04-19 17:07:26 -05:00
Grant Willcox d60cdbebb3 Add in Regex fix to ensure that really old versions of NagiosXI will still be detected as vulnerable despite unusual version naming convention 2021-04-19 14:17:05 -05:00
Grant Willcox 4ac9304ca2 Land #14968 - Add Nagios XI Mibs.php Authenticated RCE module and docs (CVE-2020-5791) 2021-04-16 14:37:15 -05:00
Grant Willcox 496e074ec8 Add in fixes to documentation and module from review 2021-04-16 13:14:17 -05:00
William Vu 9e6f425427 Move exploit/linux/http/citrix_dir_traversal_rce 
To exploit/freebsd/http/citrix_dir_traversal_rce. It's actually FreeBSD.
 2021-04-15 19:13:25 -05:00
Grant Willcox 832ca92f42 Land #14700, Add Nagios XI Plugins Filename Authenticate RCE module and docs (CVE-2020-35578) 2021-04-14 16:58:55 -05:00
Grant Willcox 61395f3cb1 Update scenarios in documentation and also update the module to handle cases where the version number may not be in a format that Rex::Text can immediately handle. 2021-04-14 16:32:53 -05:00
Grant Willcox 76353efada Fix minor RuboCop error 2021-04-14 15:38:06 -05:00
Grant Willcox 154e237edd Add in fixes to documentation and module that were covered in the review process 2021-04-14 15:33:42 -05:00
Grant Willcox a59e7e196d Land #14701, Rename Nagios XI authenticated RCE module and integrate Nagios XI mixin 2021-04-13 18:58:29 -05:00
Grant Willcox d766cf9b96 Change module title to be more descriptive and remove bad characters 2021-04-13 17:33:34 -05:00
Grant Willcox 0aada27128 Update the documentation to account for the fact that the plugin name has to be check_ping and also update the module to randomize some of the fields where possible. 2021-04-13 17:15:34 -05:00
Grant Willcox ead9d73dc5 Add in fixes from review to documentation and module 2021-04-13 16:34:13 -05:00
William Vu e842c3ecab Fix Gem::Package NameError with Rex::Tar::Writer 2021-04-12 18:50:31 -05:00
Rob V 1ba22f9b0c leveraging Udp mixin for version check 2021-04-09 15:21:38 -04:00
Rob V 3ecd97f8bc using Rex::Version over more manual process 2021-04-09 14:39:32 -04:00
Rob V ffcec1f3b4 adding comment header 2021-04-09 14:16:20 -04:00
Shelby Pace a36030bcb7 add AutoCheck and usage of TARGETURI option 
remove CheckCmd from docs
 2021-04-09 12:08:25 -05:00
robvinson 85176f4385 style change using unless instead of if not 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-04-09 09:17:58 -05:00