adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
58,920 Commits 27 Branches 1,043 Tags
e26d6ca683cf309d255a016de18cafcb66076216
Commit Graph

589 Commits

Author SHA1 Message Date
Spencer McIntyre 1031b12c57 Land #14206, Rockwell FactoryTalk CVE-2020-12027 RCE 2020-11-20 08:49:39 -05:00
Pedro Ribeiro e7196256d4 Update rockwell_factorytalk_rce.md 2020-11-19 17:53:25 +07:00
William Vu 20a90557bf Update module doc 2020-11-18 15:08:12 -06:00
Brendan Coles 6258d5b561 Land #14296, Move mercury_login module docs to documentation directory 2020-10-22 13:24:54 +00:00
h00die 5890bc45b5 move docs out of exploits folder 2020-10-21 16:37:02 -04:00
William Vu e4fb76d74f Add version check to exchange_ecp_dlp_policy 
And update modules/exploits/windows/http/sharepoint_ssi_viewstate.rb.
 2020-10-20 14:32:43 -05:00
William Vu 3970b69734 Land #14229, Telerik UI for ASP.NET AJAX exploit 
CVE-2017-11317 && CVE-2019-18935
 2020-10-20 13:24:35 -05:00
William Vu 253928570b Update module doc 2020-10-19 11:18:00 -05:00
Spencer McIntyre 0f344b0661 Land #14265, Add SharePoint Server-Side Include (SSI) and ViewState RCE (CVE-2020-16952) 2020-10-19 10:27:58 -04:00
William Vu 4cb08f7426 Address outstanding issues 2020-10-15 13:24:08 -05:00
Tim W 87104a7236 Update docs and make them msftidy_docs.rb compliant 2020-10-15 10:59:46 -05:00
Grant Willcox 59f74438da Rename the LPE exploit to a more appropriate name since their could be future bugs in NtUserMessageCall and also update the description info a bit more 2020-10-15 10:59:44 -05:00
Grant Willcox f2899186e4 Add in first round of initial updates to fix review comments 2020-10-15 10:59:40 -05:00
Tim W dcc322436b Update documentation files and module description to more accurately describe what the cause of the LPE bug for CVE-2019-1458 is. also apply RuboCop edits. 2020-10-15 10:58:58 -05:00
Tim W 00d209425b add documentation 2020-10-15 10:58:08 -05:00
William Vu 1a341ae931 Add SharePoint SSI and ViewState RCE 
CVE-2020-16952
 2020-10-14 17:45:15 -05:00
Pedro Ribeiro 9fe5e4d036 Create docs 2020-10-12 14:29:46 +07:00
Spencer McIntyre fb569a24ee Add module documentation for Telerik RAU Deserialization 2020-10-07 13:40:10 -04:00
bwatters 3a6293357e Land #14190, Add the DOMAIN option to the CVE-2020-0688 Exploit 
Merge branch 'land-14190' into upstream-master
 2020-10-05 12:12:21 -05:00
h00die 15bb690308 fix vulnerability spelling 2020-10-04 13:00:48 -04:00
bwatters 3aeeede4a6 Land #14187, Added CVE-2020-3433 module 
Merge branch 'land-14187' into upstream-master
 2020-09-29 13:41:33 -05:00
Spencer McIntyre e7d2b73600 Add a DOMAIN option to CVE-2020-0688 for consistency with other modules 2020-09-28 09:24:39 -04:00
Shelby Pace f0f4da2b1e Land #14157, Windows update orchestrator privesc 2020-09-25 16:07:27 -05:00
Antoine GOICHOT fef88f27eb Added CVE-2020-3433 module 2020-09-25 23:04:58 +02:00
Shelby Pace 2111865acf remove stray backtick 2020-09-25 16:04:46 -05:00
bwatters 2ed72007e0 Typos and cleanup 2020-09-25 12:27:55 -05:00
bwatters 6cf3c0491f Add documentation 2020-09-22 12:16:29 -05:00
Shelby Pace c04e8d73c3 Land #14023, spooler svc privesc (PrinterDemon) 2020-09-17 16:06:29 -05:00
William Vu 03e0b9098c Add more words about Exchange role groups 2020-09-16 12:55:08 -05:00
bwatters 198f3905ae Logic errors and typos 2020-09-16 11:17:39 -05:00
bwatters ce8033714d remove copy/pasta code and fix version check 2020-09-16 11:17:39 -05:00
bwatters c2e2a4fe2c More Rubocop, add documentation, and typo fix 2020-09-16 11:17:39 -05:00
William Vu e118ff1509 Add Microsoft Exchange Server DLP Policy RCE 
CVE-2020-16875
 2020-09-16 02:41:08 -05:00
gwillcox-r7 593945ee61 Update module documentation with more detail r.e affected versions and the fact that the use of UNC paths could cause an issue if they are not typed in correctly. Also update the module documentation to use the output from recent tests to reflect recent changes. Shortern the module description and update its stability rating. Finally add in a reliability rating for the exploit module. 2020-09-10 11:32:45 -05:00
gwillcox-r7 7e1560ff26 Update documentation with the installation instructions I mentioned in the GitHub comments. Also RuboCop the exploit module code. 2020-09-10 11:32:18 -05:00
gwillcox-r7 d0fe87fbf6 Update documentation with some updated info about potentially bad situations the module could run into, and also include some new documentation on the new option we have added in to try to prevent this from happening 2020-09-10 11:32:18 -05:00
ide0x90 c4d463e921 Added option to generate standalone DLL. 2020-09-10 11:32:18 -05:00
ide0x90 53f3b70b33 Changed DLL so that it doesn't block the DNS service from stopping after the module executes. 
Added OS check (>= Server 2003 is vulnerable so far).
Now cleans up dropped DLL and modified registry value.
 2020-09-10 11:32:18 -05:00
ide0x90 7701ea1bc8 Compile DLL so that the DNS service doesn't crash when the module is run. 2020-09-10 11:32:18 -05:00
ide0x90 151fdb7ea5 Reduced exploit ranking and added check to see if session is elevated. 2020-09-10 11:32:18 -05:00
ide0x90 d1e9039af4 Initial module and documentation for Microsoft Windows DNS ServerLevelPluginDll abuse 2020-09-10 11:31:51 -05:00
Shelby Pace 6e2a7001a9 Land #13994, add Dlink Wifi manager rce 2020-08-18 09:34:19 -05:00
Niboucha Redouane aec83d54cd fix case of first character of sentence 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-08-17 21:06:18 +02:00
Niboucha Redouane 5487552afd Fix some ponctuation, and character case 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-08-17 21:05:58 +02:00
Niboucha Redouane df3107a99f fix typo: privileged instead of privilegied 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-08-17 21:05:16 +02:00
William Vu a6f7c0c0de Backport miscellaneous fixes to my modules 2020-08-14 13:40:23 -05:00
Niboucha Redouane 3df276230a write whole FTP link, looks like some browsers dropped FTP support, and markdown does not render it as a link 2020-08-13 15:19:33 +02:00
Niboucha Redouane 66d3b1cd59 Add exploit for CVE-2019-13372 2020-08-13 15:07:11 +02:00
gwillcox-r7 7797a52bd2 Ninja edit for msftidy_docs.rb compliance purposes 2020-08-06 12:33:22 -05:00
Spencer McIntyre 06702abec0 Update the documentaiton for PsExec 2020-08-06 11:36:22 -04:00