adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
68,258 Commits 27 Branches 1,043 Tags
e2d052322d68ce4976bae22e4537ea4bea419fc8
Commit Graph

33365 Commits

Author SHA1 Message Date
space-r7 35e4d829d8 Land #17164, add THEME_DIR option to wp_crop_rce 2022-10-25 12:23:50 -05:00
space-r7 7c64b0ba93 add option in documentation and add notes 2022-10-25 12:22:00 -05:00
r3nt0n 982cfb97c2 Refactor: check for THEME_DIR as ternary 
Suggested by @space-r7
 2022-10-25 17:38:30 +02:00
bwatters 9902e9a1e4 Land #17110, check files exist before doing other things 
Merge branch 'land-17110' into upstream-master
 2022-10-24 14:20:16 -05:00
Jack Heysel 3bf4bd7d7d Land #17162, add RCE module for CVE-2022-35914 
This PR adds an RCE module for the php code injection
present in GLPI versions 10.0.2 and below
 2022-10-24 12:18:34 -04:00
jheysel-r7 3bbd05a11a Update modules/exploits/linux/http/glpi_htmlawed_php_injection.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-10-24 11:48:33 -04:00
r3nt0n 08721ccf73 Adding THEME_DIR option to wp_crop_rce exploit 2022-10-20 16:37:21 +02:00
Christophe De La Fuente 43f7d7b73e Land #17098, Hikvision camera unauthenticated information disclosure 2022-10-20 16:20:12 +02:00
Christophe De La Fuente 4cfbae63ac Land #17114, Add exploit for CVE-2022-41352 (zimbra cpio) 2022-10-20 15:10:42 +02:00
bwatters 6039e54b75 For real, this time 2022-10-19 17:23:16 -05:00
bwatters 78e8de826b Sure; I can spell 2022-10-19 17:22:29 -05:00
bwatters 238aa9058f Fix Cmdstager flavor, complete info hash 2022-10-19 17:18:20 -05:00
bwatters 56b8bf6302 Working draft for CVE-2022-35914 2022-10-19 14:33:33 -05:00
Ron Bowes 56d6f7747b Remove some old code and update documentation with version info 2022-10-19 10:02:29 -07:00
Christophe De La Fuente 15d81ca04c Land #17135, Add namespace to identify.rb 2022-10-19 10:48:25 +02:00
Christophe De La Fuente c43272985e Land #17141, Zimbra Postfix priv esc 2022-10-19 10:33:37 +02:00
Ron Bowes 9a35a5c8dd Post patch info 2022-10-18 10:12:54 -07:00
Ron Bowes 6bdf0da994 Add a sanity check before generating the payload - prevents a confusing error if the server is down 2022-10-18 10:09:51 -07:00
Matthew Dunn c0403af25e Address two more imports, use described_class per review 2022-10-18 08:47:24 -04:00
Heyder Andrade 1804e5ab60 Update modules/exploits/linux/http/fortinet_authentication_bypass_cve_2022_40684.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-10-18 00:51:28 +02:00
Ron Bowes dea3f72f6b Resolve feedback - get rid of unnecessary directory, add CVE number, let the user choose the path 2022-10-17 15:00:56 -07:00
Matthew Dunn 1e50ba3415 Move to Hashes module, address requested changes 
Fix rubocop

Move identify to hashes module up one layer, use full reference to identify_hash instead of full include

Fix SMTP require

Remove hashes require statement

Remove hashes require statement

Remove hashes require statement

Remove hashes require statement

Address remaining requested changes, reference constants directly

Add all the missing direct references

Co-Authored-By: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2022-10-17 17:28:31 -04:00
Matthew Dunn 8b5223f53b Modularize Identify, Update referenced use cases 
Modularize Identity.rb

Include new module style Identify

Update juniper.rb

Fix inadvertent change

Add new module to identify spec

Put the require back

Put back require line for juniper
 2022-10-17 17:28:30 -04:00
Heyder Andrade 67bd118dd5 Update modules/exploits/linux/http/fortinet_authentication_bypass_cve_2022_40684.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-10-17 22:49:48 +02:00
Heyder Andrade 7cdf8e181f Update modules/exploits/linux/http/fortinet_authentication_bypass_cve_2022_40684.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-10-17 22:49:34 +02:00
H00die.Gr3y 4615e2f9fb Update modules/auxiliary/gather/hikvision_info_disclosure_cve_2017_7921.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-10-17 19:54:26 +04:00
H00die.Gr3y bc6d63e6e8 Update modules/auxiliary/gather/hikvision_info_disclosure_cve_2017_7921.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-10-17 19:54:18 +04:00
Heyder Andrade b3a0d70688 Added prefer admin 
- One can now say whether the auto-detect user method should prefer to return the admin or other random one.
 2022-10-17 15:16:16 +02:00
Heyder Andrade 5d99428c1d Changed SSH key algorithm and fix bug on cleanup 
- Prefer to use EC over RSA, only because it is smaller
- When there was no previous ssh key for such user the cleanup method was trying to overwrite the one on the index 0
 2022-10-17 14:40:51 +02:00
Heyder Andrade 71a1c60d49 Sticking to the striced needed 
The port in the Forwarded HTTP header can be random.
 2022-10-17 13:01:13 +02:00
Heyder Andrade 422675a0c0 Fixed code-style offenses 2022-10-17 01:08:57 +02:00
Heyder Andrade 6140f0bc4d Added method to auto-detect target user 2022-10-17 00:44:46 +02:00
Heyder Andrade 9241c515d7 Try to cleanup only if there was ssh connection 2022-10-16 18:50:39 +02:00
Heyder Andrade 6cfb277c90 Added cleanup method 2022-10-16 15:09:45 +02:00
Heyder Andrade 45149c144c Code cleanup and ssh key password 
- cleaned up some unecessary code
- add option to the user set an encrypted custom ssh key
 2022-10-16 13:32:25 +02:00
Heyder Andrade 95b1bffdea Do not overwrite the first two keys 2022-10-15 19:04:53 +02:00
h00die-gr3y ab6ede8ded version based on cdelafuente-r7 comments 2022-10-15 10:45:40 +00:00
Heyder Andrade 47f6971651 It is working but need some improvements 2022-10-15 04:10:12 +02:00
Ron Bowes a2a2dcbf6f Check in zimbra_postfix_priv_esc.rb 2022-10-14 13:21:41 -07:00
Heyder Andrade 31404116a5 Rename module 2022-10-14 22:19:43 +02:00
Heyder Andrade f643bba09a Added module for CVE-2022-40684 2022-10-14 18:36:18 +02:00
H00die.Gr3y 2e9a235ece Update modules/auxiliary/gather/hikvision_info_disclosure_cve_2017_7921.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-10-14 18:47:40 +04:00
H00die.Gr3y 32acf526b0 Update modules/auxiliary/gather/hikvision_info_disclosure_cve_2017_7921.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-10-14 18:14:33 +04:00
H00die.Gr3y ade8b87e26 Update modules/auxiliary/gather/hikvision_info_disclosure_cve_2017_7921.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-10-14 18:12:12 +04:00
adfoster-r7 6a682f4fe6 Land #16982, Update Dell iDRAC login scanner to work with v8 and v9 2022-10-14 01:40:35 +01:00
Grant Willcox a3e32ffafa Add TARGET 0 to documentation 2022-10-12 20:00:33 -05:00
Grant Willcox e9f54aa5b8 Update documentation with better wording, and add randomization of parameter name to module along with cleanup code for deleting uploaded files 2022-10-12 19:16:52 -05:00
Grant Willcox 44271c529f Update code to include defaults that work with standard application 2022-10-12 19:16:52 -05:00
Jack Heysel 9652823393 Reverted check method to upload shell 2022-10-12 19:16:44 -05:00
Jack Heysel f6a36a432c Shortened shellcode 2022-10-12 19:16:43 -05:00