adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
69,996 Commits 27 Branches 1,043 Tags
e2e8568860e381fc09e1ecedd5ddfc6fdfa3ce99
Commit Graph

34202 Commits

Author SHA1 Message Date
Jack Heysel b7ac6d45d5 Land #17789, proftpd_modcopy_exec enhancements 
This PR add documentation, notes, a reference URL, and a few
general code improvements to the check and exploit methods.
 2023-03-24 21:08:28 -04:00
space-r7 67ac2dc584 Land #17771, add monitorr file upload rce 2023-03-22 13:00:38 -05:00
space-r7 3fe0801d92 use target_uri.path in requests 2023-03-22 12:50:11 -05:00
adfoster-r7 d6e9e8d3bb Land #17735, fix some incorrect YARD parameters 2023-03-22 15:20:12 +00:00
Spencer McIntyre 835f397f79 Add a missing include so the payloads generate 2023-03-21 16:49:25 -04:00
Jack Heysel 1f2a889d0c Land #17388, Zyxel router RCE 
This module adds a new exploit module for a buffer
overflow in roughly 45 different Zyxel router and VPN models.
 2023-03-21 15:07:04 -04:00
Jack Heysel f5d1aab01a Changed send_request_cgi to raw 2023-03-21 14:26:05 -04:00
bwatters 3b73adf05d Land #17401, Add encoder module x86/xor_poly 
Merge branch 'land-17401' into upstream-master
 2023-03-20 17:48:46 -05:00
h00die-gr3y e3df74ee5b Updates addressing review points of space-r7 2023-03-20 21:04:58 +00:00
H00die.Gr3y 871a251c94 Apply suggestions from code review 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2023-03-20 21:44:11 +01:00
h00die-gr3y 5903addbd6 Updates adressing majority of review points 2023-03-19 15:13:09 +00:00
bcoles 1b7cee4589 exploit/unix/ftp/proftpd_modcopy_exec: Add docs and resolve RuboCop violations 2023-03-19 15:35:36 +11:00
space-r7 9e1be62f06 Land #17462, add WhatsUp Gold credential extractor 2023-03-17 16:44:17 -05:00
Jack Heysel 31a32ccd9b linting and srvhost check fix 2023-03-17 14:39:02 -04:00
jheysel-r7 56761a2f6d Update modules/exploits/linux/misc/zyxel_multiple_devices_zhttp_lan_rce.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-03-17 13:01:02 -04:00
jheysel-r7 6b853b57c6 Update modules/exploits/linux/misc/zyxel_multiple_devices_zhttp_lan_rce.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-03-17 13:00:15 -04:00
jheysel-r7 df365b55a4 Update modules/exploits/linux/misc/zyxel_multiple_devices_zhttp_lan_rce.rb 
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2023-03-17 12:57:06 -04:00
Christophe De La Fuente 0df12fd694 Land #17754, Open web analytics 1.7.3 remote code execution 2023-03-17 10:15:33 +01:00
H00die.Gr3y 04e0fc70bf Apply suggestions from code review 
Co-authored-by: dwelch-r7 <Dean_Welch@rapid7.com>
 2023-03-16 19:25:03 +01:00
Pflegusch 3baa894840 Add DefangedMode to warn the user 2023-03-16 18:07:28 +01:00
Christophe De La Fuente daadb4f523 Land #17775 - Add exploit for Bitbucket env var RCE (CVE-2022-43781) 2023-03-16 11:01:07 +01:00
Pflegusch 027793cce6 Remove unused variable res in check_connection 2023-03-15 19:00:26 +01:00
Pflegusch ac72c12734 Set timeout of 1s to make session available much quicker 2023-03-15 18:59:22 +01:00
Pflegusch d06e2d9e3d Remove nvd url 2023-03-15 18:56:23 +01:00
space-r7 22c05105d3 address review comments 
reduces some code duplication, sets privileged to true,
and modifies documentation to reflect lhost / rhost opts
 2023-03-15 11:18:03 -05:00
Pflegusch ee0334dd40 since file got deleted, one can not trigger the payload anymore by opening the php url 2023-03-15 01:05:10 +01:00
space-r7 fddcae3d93 don't always create repo 2023-03-14 19:03:58 -05:00
Pflegusch 0cbebc8a4c Remove malicious .php file at the end of the exploit 2023-03-15 01:03:20 +01:00
Pflegusch 103def70e4 More detailed error message for failed regex match 2023-03-15 00:07:20 +01:00
Pflegusch d72d47e502 Update Failure Codes and check for nil in the helper functions 2023-03-14 23:59:57 +01:00
Pflegusch 897aaf9572 Use Failure::UnexpectedReply when password cant be changed 2023-03-14 23:41:48 +01:00
Pflegusch 2310b0d942 Use Failure::NotFound when no valid cache file is found 2023-03-14 23:40:29 +01:00
Pflegusch 86f4a16cff Check if cache_request is not nil 2023-03-14 23:38:57 +01:00
Pflegusch e160e51711 Fix typos, update docs with advanced option SearchLimit, implement SearchLimit into module 2023-03-14 23:29:55 +01:00
Pflegusch 887551bf2c Use UnexptectedReply instead of Unknown 2023-03-14 22:29:38 +01:00
Pflegusch 8db10af8c0 check if res is not nil in addition to res.code 2023-03-14 22:28:52 +01:00
Pflegusch dff139d6d7 remove fail_with in check_connection as suggested 2023-03-14 22:24:08 +01:00
Pflegusch 2ce3aeed2b Add CONFIG_CHANGES to the side effects 2023-03-14 22:16:10 +01:00
Pflegusch c0ee250b6b Add some more URL references 2023-03-14 22:14:16 +01:00
Pflegusch cfaad7fb84 prepend AutoCheck 2023-03-14 22:10:44 +01:00
Pflegusch 9e64f02742 Use default values in option declaration instead of DefaultOptions 2023-03-14 22:08:05 +01:00
Pflegusch ac6e94770e use Failure::Unreachable and use unless instead of if/else 2023-03-14 22:03:31 +01:00
Pflegusch 311314984f Remove base64 requirement 2023-03-14 21:47:29 +01:00
Pflegusch cc4e455530 Remove directory datastore option and make username and password required 2023-03-14 21:46:45 +01:00
Grant Willcox c53a22d3fb Land #17750, FortiNAC keyUpload.jsp arbitrary file write CVE-2022-39952 2023-03-14 11:09:40 -05:00
cgranleese-r7 ec7347cd49 Land #17509, tomcat 7 priv esc on rhel based systems (cve-2016-5425) 2023-03-14 10:16:18 +00:00
space-r7 1eeaff255e make username / password opts required 2023-03-13 16:45:48 -05:00
Grant Willcox 3bd4c15704 Correct architecture and do final fixes 2023-03-13 15:46:42 -05:00
space-r7 4bb843fe70 add documentation, adjust method of getting ids 2023-03-13 15:31:41 -05:00
h00die 8dfe58e617 review comment 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
 2023-03-13 14:42:26 -04:00