adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
67,981 Commits 27 Branches 1,043 Tags
e446fe4e83f623ef20698fc032a10904a4fa5e63
Commit Graph

225 Commits

Author SHA1 Message Date
Grant Willcox 97bce45e69 Land #16915, Add exploit for CVE-2022-23277 (Exchange RCE) 2022-08-19 11:11:46 -05:00
Christophe De La Fuente d49b74d164 Land #16809, Add exploit module for Advantech iView command injection - CVE-2022-2143 2022-08-18 17:19:14 +02:00
Spencer McIntyre 7c1dd17c86 Add a missing verison, fix typos 2022-08-17 17:36:31 -04:00
Spencer McIntyre 62ab42b797 Update vulnerable version numbers and docs 2022-08-17 08:55:46 -04:00
Spencer McIntyre 0e148d6ba4 Update and rename the module 2022-08-09 13:32:09 -04:00
space-r7 0334beada2 Land #16758, add ManageEngine ADAudit Plus exploit 2022-08-05 12:19:42 -05:00
space-r7 4202502992 make some prints vprints, add steps 2022-08-05 11:34:46 -05:00
Grant Willcox ada3be8f7b Update options section in documentation 2022-08-02 14:13:25 -05:00
Grant Willcox f0e62de46a Add CVE-2022-35405 docs and module 2022-08-02 11:57:56 -05:00
Ron Bowes b4b5f31c3d Add documentation 2022-07-26 10:48:18 -07:00
space-r7 e1b0e871b3 add finished module and docs 2022-07-21 18:33:56 -05:00
Jake Baines aba48a6905 Improve JSON cleanup, fix jjs specific wording, and moved JJS_PATH to defaultoptions 2022-04-20 06:27:43 -07:00
Jake Baines ae54c8c3d9 Initial implementation of authenticated RCE against ManageEngine ADSelfService Plus (CVE-2022-28810) 2022-04-19 10:33:54 -07:00
Grant Willcox fddd3f15c2 Fix up code so that it will not block on attempting to delete the configuration on the folder, just in case the configuration doesn't exist in the first place. Instead print a warning and continue. 2022-02-22 17:52:29 -06:00
Grant Willcox a7ace66b3f Use send_request_cgi and update options to use HttpUsername and HttpPassword accordingly. This simplifies code. Also update documentation accordingly 2022-02-14 18:19:00 -06:00
Grant Willcox c49591cf11 Add in changes to use targets array as per Spencer's suggestion so we can now spawn Meterpreter shells. Also remove ACCOUNT_LOCKOUTS and fix a call that should have been .get_xml_document 2022-02-14 17:38:10 -06:00
Grant Willcox 4c1b2478fa Add in exploit and documentation 2022-02-11 13:58:56 -06:00
William Vu d55af3aa00 Add module doc 2021-12-23 12:27:57 -06:00
William Vu 344bdacae4 Remove preferred payload 
We'll add it back to Framework later.
 2021-11-24 10:44:59 -06:00
William Vu d2c322e875 Revert option name styling in module doc 
Bug in our local renderer's styling. GitHub renders it just fine.
 2021-11-23 19:05:26 -06:00
William Vu 053dc70782 Add words to module doc 2021-11-23 19:05:09 -06:00
William Vu a8daed1e79 Add module doc 2021-11-23 19:05:09 -06:00
Grant Willcox 8d55b16ade Fix one more mistake and rename document and module to a more easy to find name 2021-11-11 16:42:58 -06:00
Grant Willcox 27310dc002 Add in exploit and documentation for CVE-2021-42237 2021-11-10 15:52:22 -06:00
adfoster-r7 9f0804cbfb Fix Meterpreter spelling mistake 2021-10-12 23:40:43 +01:00
Spencer McIntyre 56cd43a8b8 Land #15624, Add module for CVE-2020-27955 2021-09-15 14:54:19 -04:00
Jack Heysel abbb994dab Updated docs 2021-09-07 13:55:21 -04:00
Jack Heysel 7fe44583fe Updated docs 2021-09-07 13:32:52 -04:00
Jack Heysel 3c43bd409d Added docs an Git User-Agent FP 2021-09-03 16:15:39 -05:00
Spencer McIntyre 95015f0c2b Update the ProxyShell module docs 2021-08-27 17:50:28 -04:00
wvu bcf00a0d3a Update exchange_proxyshell_rce.md 2021-08-18 14:38:56 -05:00
Spencer McIntyre 75e63992d6 Write an exploit for ProxyShell 2021-08-18 10:50:34 -04:00
William Vu 6fbaecf919 Backport print changes to recent modules 2021-07-08 21:26:35 -05:00
Grant Willcox 62f9d15ba3 Land #15314, Add Exploit for CVE-2021-31181 (SharePoint RCE) 2021-06-16 10:39:49 -05:00
Spencer McIntyre d1be69eae6 Implement changes based on PR feedback 2021-06-14 10:15:27 -04:00
Spencer McIntyre edee95bbb2 Update the check to not fail if a COOKIE is used 2021-06-10 11:29:07 -04:00
agalway-r7 1858b574ec Land #15305, Authenticated RCE module for NSClient++ 2021-06-09 15:38:34 +01:00
Yann Castel 14c5924044 rubocop for documentation is ok 2021-06-09 09:08:19 +02:00
Yann Castel 674eb51f86 add scenario + small changes 2021-06-09 08:59:35 +02:00
Spencer McIntyre 3afe3ebfa3 Add the module docs 2021-06-08 15:23:24 -04:00
Hakyac fd988f7f29 Update documentation/modules/exploit/windows/http/nscp_authenticated_rce.md 
Co-authored-by: bcoles <bcoles@gmail.com>
 2021-06-08 16:35:10 +02:00
Hakyac e1030226de Update documentation/modules/exploit/windows/http/nscp_authenticated_rce.md 
Co-authored-by: bcoles <bcoles@gmail.com>
 2021-06-08 15:17:53 +02:00
Hakyac 0834fa122d Update documentation/modules/exploit/windows/http/nscp_authenticated_rce.md 
Co-authored-by: bcoles <bcoles@gmail.com>
 2021-06-08 15:17:34 +02:00
Hakyac e53ca42570 Update documentation/modules/exploit/windows/http/nscp_authenticated_rce.md 
Co-authored-by: bcoles <bcoles@gmail.com>
 2021-06-08 15:16:12 +02:00
Yann Castel bf96b88446 add default port + set ssl to true 2021-06-07 16:48:16 +02:00
Yann Castel 6a7e30749d initial commit 2021-06-07 14:39:10 +02:00
William Vu 6498554084 Clean up NetMotion Mobility exploit and docs 
Refactor target selection once again.
 2021-06-02 23:47:01 -05:00
William Vu 1f9a3d99bb Add module doc 2021-05-17 13:58:03 -05:00
Shelby Pace 71914a1ddb Land #14813, additional dup scout bof targets 2021-04-01 13:03:57 -05:00
Spencer McIntyre 11f4946817 Tweak some ProxyLogon verbiage for clarity 2021-03-29 10:07:43 -04:00