adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
69,996 Commits 27 Branches 1,043 Tags
e2e8568860e381fc09e1ecedd5ddfc6fdfa3ce99
Commit Graph

118 Commits

Author SHA1 Message Date
Grant Willcox 08f07eccb6 Fix initial incorrect parameters in YARD documentation 2023-03-05 20:15:14 -06:00
Spencer McIntyre ac9d60ce9e Land #17281, Added module for CVE-2022-2992 
Added module for CVE-2022-2992 - Gitlab Remote Command Execution via Github import
 2023-02-14 16:57:29 -05:00
space-r7 78ae5f49ce add gitlab prefix back to methods 2023-02-14 15:26:01 -06:00
space-r7 304b90ecc8 split mixins between forms and v4 api used 2023-02-14 12:37:43 -06:00
Spencer McIntyre c3fa924cfa Remove the NGROK_URL option 2023-02-13 14:31:44 -05:00
Spencer McIntyre 210b7a3254 Use #get_json_document instead of JSON.parse 
Also fix typos
 2023-02-13 14:00:13 -05:00
cgranleese-r7 fb196cb378 Testing Ruby 3.2 against CI 2023-01-31 13:19:06 +00:00
Heyder Andrade 8aca86b816 Apply suggestions from code review 2022-12-04 17:29:05 +01:00
Heyder Andrade 5c3ac339d0 Apply suggestions from code review 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2022-12-04 12:13:50 +01:00
bcoles 431804ef15 Fix typos: Replace 'the the' with 'the' 2022-12-04 17:41:24 +11:00
Christophe De La Fuente d3057f15b2 Land #17275, Add Exploit For CVE-2022-41082 (ProxyNotShell) 2022-11-30 18:16:19 +01:00
Heyder Andrade 704cee436b Apply suggestions from code review 2022-11-29 15:25:14 +01:00
Heyder Andrade c1236500f1 Apply suggestions from code review 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2022-11-29 14:12:39 +01:00
Spencer McIntyre f24df8a051 Change an exception class and drop DOMAIN passing 2022-11-28 10:06:14 -05:00
Spencer McIntyre 009c6c5350 Add the MaxBackendRetries datastore option 2022-11-28 09:45:04 -05:00
Spencer McIntyre 3805a79079 Add support for Exchange Data Access Group (DAG) 
This updates the HttpSsrf class to retry requests to the Powershell
backend when they fail because they were routed to a new server. Now
when the transport is initialized, it will store the backend used by the
first successful request.
 2022-11-23 15:37:58 -05:00
Heyder Andrade a05cbdbc30 Impreve error handling 2022-11-20 12:09:05 +01:00
Heyder Andrade f1b97de78d Added Gitlab mixin 2022-11-19 15:19:29 +01:00
Spencer McIntyre 29d57dde66 Consolidate into ProxyMaybeShell 2022-11-18 17:01:01 -05:00
Christophe De La Fuente d1a7170020 Land #17021, Gitea Git fetch RCE module - CVE-2022-30781 2022-11-17 12:28:29 +01:00
krastanoel 645a1c25a3 Update method documentation and indentation 2022-11-09 16:27:31 +07:00
krastanoel 13bb31feeb Update module 
- move repository migration to execute_command.
NOTE: the stageless payload is still unsuccessfull but keep this anyway for christophe to review.
 2022-11-09 04:52:18 +07:00
krastanoel a50cca27e6 remove cookie_jar manipulation 2022-11-09 00:48:23 +07:00
krastanoel 52d867bbc7 follow Ruby coding convetions 
- combine gitea_version into get_gitea_version for the check method
- validate empty username
 2022-11-09 00:41:30 +07:00
krastanoel c980f4f9ee add more custom error exception 2022-11-09 00:27:12 +07:00
krastanoel 540984804d Apply suggestions from code review 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-11-08 14:09:31 +07:00
Jack Heysel 45ddcf02c9 Remove unused mix in, add low bound to check 2022-11-01 10:42:43 -05:00
jheysel-r7 af9175325b Update lib/msf/core/exploit/remote/http/webmin/login.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2022-11-01 10:42:42 -05:00
Jack Heysel ad5b03ed96 Finished TODOs and added docs 2022-11-01 10:40:00 -05:00
h00die 06aefb630a string true to bool true 2022-10-03 19:50:04 -04:00
krastanoel aa0dc86bd8 get csrf from the html body instead 2022-10-01 19:59:23 +07:00
krastanoel 02b5f8678c add repository error class 2022-10-01 17:43:42 +07:00
krastanoel e9d8068078 update and tidy the lib comments 2022-10-01 16:22:21 +07:00
krastanoel cc2db82886 add repository create and migrate helpers 2022-10-01 01:13:28 +07:00
krastanoel 29944a0a1b add repository create and migrate url 2022-10-01 01:12:54 +07:00
krastanoel c5d3867980 add migration error class 2022-10-01 01:11:58 +07:00
krastanoel 88e4261a88 Add common lib for Gitea repository 2022-10-01 01:10:55 +07:00
krastanoel cbff63958c Move version check and login to common library 2022-09-30 22:09:01 +07:00
adfoster-r7 f65119b353 Support OpenSSL3 and run Ubuntu 22.04 in test matrix 2022-08-03 15:49:53 +01:00
Jack Heysel 04f042ae47 Land #16221, a wordpress_scanner bug fix 
Adjust wordpress_url_rest_api definition to support
sites that don't place REST API under /index.php/
 2022-04-13 14:22:17 -07:00
Grant Willcox ce062973cb Make changes from review process, redo code for module to make it make less requests, and generally improve overal operations. 2022-03-17 11:29:05 -05:00
Grant Willcox c1d6dced8d Update library code to read exchange versions from exchange_versions.json and populate exchange_versions.json with initial info 2022-03-17 11:29:01 -05:00
Grant Willcox 419c9ea554 Fix review comments to simplify regex, and also add in new is_exchange? function to check if a target is running Exchange Server or not. 2022-03-17 11:29:00 -05:00
Grant Willcox 1f53e9d1c4 Rubocop and fix a mistake on commenting too much of the code out from testing 2022-03-17 11:29:00 -05:00
Grant Willcox 269cd5cfed Add in Exchange Version mixin and module example 2022-03-17 11:28:53 -05:00
Grant Willcox 94ca15686f Fix issue hwereby some sites don't expose the WordPress API under the /index.php/ directory but instead under the root directory. This allows us to expand support for these websites. 2022-02-24 11:39:17 -06:00
Jake Baines 9758251278 Initial commit of CVE-2021-37343 2022-02-05 18:21:18 -08:00
h00die 990e4a1e7a pihole new module and lib 2022-01-02 11:48:41 -05:00
h00die c3e0f455ec some cleanup for rubocop 2021-12-30 15:35:22 -05:00
alanfoster 9346a43e4a Improve kube exec reliability 2021-11-05 02:38:44 +00:00