adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
70,914 Commits 27 Branches 1,043 Tags
e3c97148e8efeff4cdac78eb3e58faee9acebedd
Commit Graph

3720 Commits

Author SHA1 Message Date
space-r7 7af22bfd41 Land #18077, add Symmetricom unauth cmd injection 2023-06-13 17:07:16 -05:00
space-r7 5535401345 add exploit rank 2023-06-13 17:05:30 -05:00
Steve Campbell 37bc9cd5a4 Update symmetricom_syncserver_rce.rb 
Updated info to add allowed SRVPORT and LPORT, and fixed issue with srvport variable not used.
 2023-06-13 16:22:08 -04:00
space-r7 cbf7109c51 add rubocop fixes and some metadata 2023-06-13 13:44:23 -05:00
Steve Campbell ed516faa93 Update modules/exploits/linux/http/symmetricom_syncserver_rce.rb 
Added link to CVE

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2023-06-12 16:34:24 -04:00
Steve Campbell 5b73c8fea1 Update modules/exploits/linux/http/symmetricom_syncserver_rce.rb 
Added CVE

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2023-06-12 16:33:57 -04:00
Steve Campbell 4e4d09862e Update modules/exploits/linux/http/symmetricom_syncserver_rce.rb 
Fixed misspelling

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2023-06-12 16:32:12 -04:00
Steve Campbell bc2fb0c919 Update modules/exploits/linux/http/symmetricom_syncserver_rce.rb 
Updated heading

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2023-06-12 16:31:21 -04:00
h00die-gr3y 4479d94658 Updates based on review comments from space-r7 and jvoisin 2023-06-12 19:28:08 +00:00
h00die-gr3y 7cd3854208 Removed Webshell upload and updated documentation 2023-06-12 13:58:59 +00:00
h00die-gr3y 417c9fa591 init commit module and documentation 2023-06-10 09:42:32 +00:00
space-r7 c9af514be4 Land #18063, add TerraMaster webshell upload 2023-06-09 17:55:32 -05:00
space-r7 c8609d7983 Land #18070, add TerraMaster chained exp module 2023-06-09 12:29:47 -05:00
sfewer-r7 27f5a789c9 rework the exploit to use the new MIPS64 fetch payload adapters. Removed the seperate command and dropper targets in favor of a single default target which can do both thanks to fetch payloads. Removed the redundant IO select() call which was bad copy pasta on my part. 2023-06-09 09:47:57 +01:00
Stephen Fewer a1528556e0 Merge branch 'rapid7:master' into CVE-2023-28771 2023-06-09 09:42:19 +01:00
h00die-gr3y dfc366e022 Latest updates based on reviewers comments 2023-06-08 21:25:40 +00:00
Steve Campbell 229fc0c002 Added symmetricom_syncserver_rce.rb 2023-06-08 12:46:10 -04:00
h00die-gr3y 0bcd930f61 Updated NAS model and version check 2023-06-08 09:12:45 +00:00
h00die-gr3y b3b0cb4ccf Updates based on space-r7 comments 2023-06-08 07:39:44 +00:00
h00die-gr3y 46fcdb76d5 Updates based on jvoisin comments 2023-06-07 08:27:55 +00:00
h00die-gr3y 3e6ae74886 init commit module 2023-06-06 07:07:36 +00:00
h00die-gr3y 00e39eb540 updated CMD stager order 2023-06-05 14:54:31 +00:00
h00die-gr3y 07def1c9f0 init commit module 2023-06-05 11:19:42 +00:00
Spencer McIntyre 9e38ed4459 Land #17929, Linux sudoedit LPE (CVE-2023-22809) 
Linux sudoedit priv esc (CVE-2023-22809)
 2023-05-23 09:30:18 -04:00
sfewer-r7 0205bb36d3 change ranking to GreatRanking as stability is CRASH_SERVICE_RESTARTS 2023-05-22 20:09:11 +01:00
sfewer-r7 6b101b5a4d make rubocop happy 2023-05-22 18:03:58 +01:00
Spencer McIntyre f464401dde Land #17782, Add fetch payloads 
Add http wget cmd based fetch payload for Linux and Windows
 2023-05-18 12:18:27 -04:00
bwatters 548a2d7ab4 Add fetch payloads for Windows and Linux x64 2023-05-18 10:47:29 -05:00
h00die 2ca5ca1f63 stronger grep 2023-05-16 16:18:14 -04:00
h00die 6bee4f56d9 updates from review 2023-05-13 15:49:11 -04:00
Christophe De La Fuente a485a786ef Land #17881, Zyxel chained RCE using LFI and weak password derivation algorithm 2023-05-10 11:49:51 +02:00
h00die-gr3y 4f8024454c Updates based on cdelafuente-r7 latest comments 2023-05-10 07:46:11 +00:00
h00die-gr3y 51ab9746fb Updates based on cdelafuente-r7 comments 2023-05-06 19:05:21 +00:00
h00die e692e927dc review fixes 2023-05-05 16:43:47 -04:00
h00die 95562e04aa sudoedit work 2023-05-02 18:39:59 -04:00
h00die-gr3y cfb21e3de2 Added CVE-2023-28770 reference 2023-04-28 12:51:17 +00:00
Jacob Baines ec5858c198 Added newly assigned CVE identifier 2023-04-27 09:54:48 -04:00
h00die d454b2e195 cve-2023-22809 2023-04-25 20:54:48 -04:00
h00die e7725e7b6d cve-2023-22809 2023-04-25 04:37:33 -04:00
h00die-gr3y c39751094a Updates based on review comments 2023-04-21 11:46:53 +00:00
h00die-gr3y 4131f1abf1 Fixed some bugs in module and added documentation 2023-04-20 08:23:55 +00:00
bwatters 9c9eac28a7 Land #17874, VMware Workspace One Access mr_me Hekate LPE 
Merge branch 'land-17874' into upstream-master
 2023-04-18 19:29:39 -05:00
Jack Heysel bd286dd147 Added missing require builder statement 2023-04-18 18:10:46 -04:00
Jack Heysel de18ed438a Removed unnecessary require statement 2023-04-18 18:05:11 -04:00
Jack Heysel a2c23d18ef Added require builder statement 2023-04-18 16:01:14 -04:00
h00die-gr3y de9cd59ea5 added pwd derivation and report credential function including updates based on review comments 2023-04-18 19:17:00 +00:00
bwatters 6ae00877ed Land #17854, VMware Workspace One Access mr_me Hekate RCE 
Merge branch 'land-17854' into upstream-master
 2023-04-18 09:49:41 -05:00
Jack Heysel cda2e9610b Land #17820, optimising the nagiosxi modules 
This PR refactors the authenticated nagiosxi modules and mixins..
 2023-04-14 16:21:26 -04:00
Jack Heysel ace2f42387 Changed ranking to Good 2023-04-14 15:15:40 -04:00
h00die-gr3y e0926890ab init commit module 2023-04-14 13:07:12 +00:00