adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
58,920 Commits 27 Branches 1,043 Tags
e26d6ca683cf309d255a016de18cafcb66076216
Commit Graph

29977 Commits

Author SHA1 Message Date
Grant Willcox e26d6ca683 Land #14458, Add auxiliary support to autocheck mixin 2020-12-05 23:54:41 -06:00
cgranleese-r7 96c62aea20 Lands #14411 Fixes eternalblue-win8 to run only with python3 2020-12-05 14:22:32 +00:00
Grant Willcox 5961bf700d Land #14314, Pulse Secure Connect Client Credentials Gatherer 2020-12-04 10:04:43 -06:00
A Galway c83c21bcea additional string to byte conversions 2020-12-03 16:21:55 +00:00
Spencer McIntyre 2b48c4234c Land #14442, fix the session cookie for the Simple PHP Blog exploit 2020-12-03 08:47:20 -05:00
Quentin Kaiser e8ea9e56ee Print a status message when no credentials are found. 2020-12-03 10:19:56 +01:00
Quentin Kaiser c8f534e420 Merge branch 'enum_pulsesecure' of github.com:QKaiser/metasploit-framework into enum_pulsesecure 2020-12-03 10:12:54 +01:00
Quentin Kaiser 4f947ac2cb Properly close files that we open and properly capture file open error in get_username. 2020-12-03 10:12:33 +01:00
Alan Foster 76e967353e Add auxiliary support to autocheck mixin 2020-12-03 01:09:06 +00:00
bwatters 9abf199fbe Lands #14337, Ref #14336 : Fix Windows PingBack_Reverse_TCP Payload 
Merge branch 'land-14337' into upstream-master
 2020-12-02 16:39:19 -06:00
Quentin Kaiser 585bc99903 Proper return values 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2020-12-02 21:34:56 +01:00
Quentin Kaiser f4bb5f7e10 Uniform error handling applied to all functions interacting with 'session' object. 2020-12-02 20:51:29 +01:00
Quentin Kaiser 94af390649 Document Ruby construct that might be unclear to newcomers. 2020-12-02 20:43:39 +01:00
Quentin Kaiser dbd3f2e1bf Revert back on AutoCheck. 2020-12-02 20:42:05 +01:00
Spencer McIntyre a322647913 Change the cookie to PHPSESSID from my_id for the Simple PHP blog exploit 2020-12-02 10:09:05 -05:00
bwatters 5d7014bf39 Land #14298, Windows post-exploitation gather module - Memory dumping via Avast AvDump utility 
Merge branch 'land-14298' into upstream-master
 2020-12-02 08:30:38 -06:00
Quentin Kaiser bf0d4b4c3f Better regular expression for version line. 2020-12-02 10:05:17 +01:00
Quentin Kaiser 5d89b32f58 prepend class rather than import it 2020-12-02 10:03:38 +01:00
Quentin Kaiser 8edcae4bb7 Handle a case where Pulse Secure is installed but no saved entry exists in the registry. Handle a case where the session runs as system on an affected version. 2020-12-02 09:57:28 +01:00
adfoster-r7 2cb2e38c49 Land #14443, Add explicit requires for python payloads to avoid NameError exceptions 2020-11-30 09:50:36 +00:00
dwelch-r7 c92d97ef7d Add requires for python payloads 2020-11-30 05:36:30 +00:00
dwelch-r7 3824f3923f Land #14394, Apache Tomcat - AJP 'Ghostcat' File Read/Inclusion 
Apache Tomcat - AJP 'Ghostcat' File Read/Inclusion
 2020-11-30 05:15:29 +00:00
SunCSR Team 3fbe851d71 Update tomcat_ghostcat.rb 2020-11-30 08:33:32 +07:00
justinopatrny c200a274b2 Corrected headers check for retrieved cookie 
Previous get_cookies method not working properly
 2020-11-29 19:07:44 -06:00
Quentin Kaiser 7842d746d3 Wrong return code when Pulse is not installed. 2020-11-27 16:19:52 +01:00
Quentin Kaiser 0ed2b0d253 Fix active record issue when realm is blank due to empty path. 2020-11-27 16:18:21 +01:00
Quentin Kaiser 013a1e4312 Username was not found when running the module just after the connection creation. Turns out it was saved in .tmp rather than .dat or .bak. 2020-11-27 15:11:14 +01:00
Tim W 6de55b3d79 Land #14433, fix typo in exploits/windows/local/bypassuac_comhijack.rb 2020-11-26 20:13:42 +00:00
Tim W 87eba681e0 Land #14365, Update TP-Link AC1750 Pwn2Own 2019 module 2020-11-26 19:55:00 +00:00
Pedro Ribeiro a99ce581dd Update TP-Link AC1750 Pwn2Own 2019 module 2020-11-26 12:56:02 +00:00
Graeme Robinson f6f78d4710 Make changes suggested in code review 2020-11-26 13:46:02 +01:00
Graeme Robinson 7fa10a0684 Update modules/exploits/multi/http/apache_nifi_processor_rce.rb 
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>
 2020-11-26 13:46:02 +01:00
Graeme Robinson 5dc7e8f04e Update modules/exploits/multi/http/apache_nifi_processor_rce.rb 
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>
 2020-11-26 13:46:02 +01:00
Graeme Robinson 78c042cbb7 Update modules/exploits/multi/http/apache_nifi_processor_rce.rb 
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>
 2020-11-26 13:46:01 +01:00
Graeme Robinson 7894f1eb9a Update modules/exploits/multi/http/apache_nifi_processor_rce.rb 
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>
 2020-11-26 13:46:01 +01:00
Graeme Robinson fcde932e1b Update modules/exploits/multi/http/apache_nifi_processor_rce.rb 
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>
 2020-11-26 13:46:01 +01:00
Graeme Robinson 2a9898df25 Update modules/exploits/multi/http/apache_nifi_processor_rce.rb 
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>
 2020-11-26 13:46:01 +01:00
Graeme Robinson 9a35a5fdee Remove frozen_string_literal directive 
Remove directive that was added by `rubocop -A`, as suggested in review.

Note that this results in an additional offense being reported by rubocop
 2020-11-26 13:46:01 +01:00
Graeme Robinson e33a2ca463 Use cleanup method to perform cleanup 2020-11-26 13:46:01 +01:00
Graeme Robinson f6d39147af Removed pointless comment. 2020-11-26 13:46:01 +01:00
Graeme Robinson 2de77b6e8a Refactored code. Primarily line length increased. 2020-11-26 13:46:01 +01:00
Graeme Robinson 012b040fc1 Reformat code layout to satisfy msftidy 2020-11-26 13:46:01 +01:00
Graeme Robinson 41ff86178b Add new module exploit module 
Add new module /exploits/multi/http/apache_nifi_processor_rce.rb
 2020-11-26 13:46:01 +01:00
Jan Bucher 6d6c71bc2a Fix another typo in the bypassuac_comhijack module 2020-11-26 13:14:36 +01:00
Jan Bucher 9757c68f9b Fix typo in modules/exploits/windows/local/bypassuac module 
Correct small typo in the output to the msfconsole.
 2020-11-26 12:55:29 +01:00
SunCSR Team 4dce7c070b Update tomcat_ghostcat.rb 2020-11-26 16:24:49 +07:00
Grant Willcox 63a98adff0 Land #14427, phpstudy_backdoor_rce.rb TARGETURI handling and default value modifications 2020-11-25 10:32:53 -06:00
Grant Willcox ca28f59ac4 Update the description of the TARGETURI option to reflect the recent changes 2020-11-25 10:32:17 -06:00
Spencer McIntyre 95665e916c Land #14416, wordpress plugin 'simple file list' rce 2020-11-25 09:58:26 -05:00
Spencer McIntyre 94c157bc95 Tweak the documentation and module output just a little for clarity 2020-11-25 09:58:07 -05:00