adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
67,960 Commits 27 Branches 1,043 Tags
e4ed187ec2b4dbf1a2cf600d064c8edf09cefc85
Commit Graph

5146 Commits

Author SHA1 Message Date
bwatters 3170eac829 Land #16981, enum_domain_tokens: Cleanup and fix group member retrieval 
Merge branch 'land-16981' into upstream-master
 2022-09-27 09:47:34 -05:00
Grant Willcox a48c2d9e72 Land #17033, hikvision password reset via inproper authorization logic - CVE-2017-7921 2022-09-23 15:01:04 -05:00
Grant Willcox 0908006466 Land #16985, wifi mouse rce - CVE-2022-3218 2022-09-23 14:46:49 -05:00
Grant Willcox b62f163696 Update documentation on module and exploit a little more to make things a bit clearer 2022-09-23 14:08:18 -05:00
Grant Willcox 2958a43a6a Update to reflect fact that bug is an improper authentication logic bug and to randomize password for auth parameter since it is ignored 2022-09-23 12:19:29 -05:00
Jack Heysel 2b5e85cd27 Land #17012, Veritas Backup Agent RCE 
This module exploits a chain of the vulnerabilities CVE-2021-27876,
CVE-2021-27877 and CVE-2021-27878 in Veritas Backup Exec Agent which
leads to remote code execution with privileges of system or root user
 2022-09-23 12:31:46 -04:00
h00die-gr3y f2d357eda1 updated documentation with camera specifications 2022-09-23 09:38:37 -05:00
Grant Willcox edc37835e5 Add more nil checks in, update some of the check code to catch an edge case, update notes to account for indicators of compromise, and fix some extra issues noticed on second round of review 2022-09-23 09:38:35 -05:00
Grant Willcox 3ca34568c2 Clean up some of the documentation and module code and descriptions 2022-09-23 09:38:12 -05:00
h00die-gr3y 5ed7ff7f52 init commit module and documentation 2022-09-23 09:38:05 -05:00
alex d5dcca899d Fix description scenario 2022-09-23 10:51:36 +03:00
cgranleese-r7 c74f480177 Land #17049, enum_domain_group_users module clean up 2022-09-22 17:51:12 +01:00
cgranleese-r7 0029628db8 Land #17051, wmic_command module cleanup 2022-09-22 16:17:33 +01:00
Jack Heysel 12f3325f3e Land #16732, VIDIdial Multiple SQLi 
This PR adds a module which exploits several
authenticated sqli in VICIdial
 2022-09-22 10:47:42 -04:00
bcoles ce48afd0db wmic_command: Cleanup 2022-09-23 00:25:13 +10:00
bcoles 9eab7eadab enum_domain_group_users: Cleanup 2022-09-22 17:05:19 +10:00
h00die 6d608ea41e vicidial sqli module docs update 2022-09-21 16:57:18 -04:00
h00die eb516f402e wifi mouse doc updates 2022-09-21 16:38:50 -04:00
h00die 32402c0e6d wifi mouse doc updates 2022-09-21 16:35:08 -04:00
Grant Willcox 605db0160d Fix up documentation 2022-09-21 15:02:04 -05:00
Spencer McIntyre 415383b48d Land #17042, Add exploit for CVE-2022-36804 2022-09-21 13:07:32 -04:00
Christophe De La Fuente 4943d86ec6 Land #16989, Unified Remote RCE 2022-09-21 14:06:33 +02:00
space-r7 f2e003cdb0 add documentation 2022-09-20 18:45:48 -05:00
Grant Willcox bd4a062e5f Land #17023, Fix #16999 by using a compatible default action 2022-09-19 17:33:01 -05:00
Grant Willcox 5d7c7b0a09 Update documentation and change up the code to use action.name vs datastore['ACTION'] since that is no longer populated 2022-09-19 17:31:51 -05:00
bwatters 88f14950a0 Land #16688, Add Mimipenguin 
Merge branch 'land-16688' into upstream-master
 2022-09-19 12:43:16 -05:00
h00die 271171f6d2 unified now with invisible feature 2022-09-18 19:02:59 -04:00
Spencer McIntyre eae1adb8bb Add getsystem module docs 2022-09-16 14:59:50 -04:00
Grant Willcox cee6b6a111 Land #17003, enum_patches: Cleanup, print patches as table, store patches as CSV 2022-09-15 18:07:11 -05:00
Grant Willcox d278d6aa81 Add in missing require to make module work, then fix up some minor things observed during review process 2022-09-15 17:44:25 -05:00
Christophe De La Fuente 52ff168c5e Land #16914, Add PAN-OS auth command injection module (CVE-2020-2038) 2022-09-15 17:58:07 +02:00
Grant Willcox a7b049510b Relocate documentation file to proper location and update documentation a little bit to explain some cases 
Update documentation with proper explanation of how to add users since last one was adding users to the wrong table.
 2022-09-13 16:12:21 -05:00
Jack Heysel 6c27c05d10 parent 3892d29cc5 
author Jack Heysel <jack_heysel@rapid7.com> 1658964871 -0400
committer Grant Willcox <gwillcox@rapid7.com> 1663093141 -0500
gpgsig -----BEGIN PGP SIGNATURE-----

 iQIzBAABCgAdFiEEMZiWHhSP9eUn4xpf014FwPK4HoMFAmMgyZUACgkQ014FwPK4
 HoP5RxAAjvQs9/bVQSVJXMNVxa5J3Tefi+BnkJyxUAABsYJR/KpKfHMzGxhdA9ED
 Rc48cKuaGRscorSdNZJPtRMs1JlrvYLbovTomUoOuyZypKInNdkIhjo24WyandBX
 5f4AgmsKFtnfFnxAHQ/jsq25Sa0hgDS/x64q1+aFMupZzm7o9xJrMokqPIu8C1hC
 AhdV1jx3xP7jTpTz2YDOUPM3WNZINFNJHZU5JtdCIfciJX1oCbkEdzUZFiiZg6Ui
 fZEUDAVQrkZfhcTrLYBBTOgalMjmM4gM9q/X0vHTm6XbEuNN69diw7t3Z7Qa2maY
 FU3N8E5mDy2ebpRWF4FOHa3KwEcUwpx17/sIJOfhlFRFazxVDR6DGch4GQg0r5lz
 VVN7GEMPqepyCJcBTaagpeeyw/pM/peysrC04amd5ash/6sQ5whS8xIJW1jeN/nf
 rVTwJs1kzy28t0wLqeHB+j4OZNm+hqZYrZ0A9VcJT5EBArG8Zlgr+xXcFXhONBk8
 GZe/yiMsHPPv+vfSvOo/JVZAbIXpcFRzHjbs1JjFVQq635bWceGWs72xHNEKlssC
 MtaL1h0wzV7BilBL2ohMY0ou/gDTqWao3xYGvqfxgYBy/6IQCcV2SmPYLNel+VEt
 sc7fqO5R+R/HDUWHv1bEfYKebgaX6pqrzgrqaxwGd6vmSHEEslU=
 =BXw+
 -----END PGP SIGNATURE-----

Initial changes

Add in documentation improvements for installation

Update Docker install instructions again and also fix a bug with too strict checking on a cookie

Move module into gather type module, remove the scanner import, and update the documentation accordingly so that the check method can work

Updated docs
 2022-09-13 16:08:57 -05:00
Jack Heysel 1c99daa836 Updated error handling 2022-09-13 12:40:59 -04:00
c0rs efbe06f944 Add module Veritas Backup Exec Agent Remote Code Execution 2022-09-13 18:18:52 +03:00
Christophe De La Fuente 3c9b57c415 Land #16911, enum_ms_product_keys: Cleanup and support non-meterpreter sessions 2022-09-13 16:06:55 +02:00
Spencer McIntyre 6467fb3a8f Land #16906, enum_snmp improvements 
enum_snmp: Cleanup and support non-Meterpreter sessions
 2022-09-13 09:05:15 -04:00
bcoles a0030ac667 enum_snmp: Cleanup and support non-Meterpreter sessions 2022-09-13 17:45:10 +10:00
bcoles ebaca4cd48 enum_patches: Cleanup, print patches as table, store patches as CSV 2022-09-12 13:50:32 +10:00
bcoles 302bcfbc03 enum_domain_tokens: Cleanup and fix group member retrieval 2022-09-10 13:54:39 +10:00
Grant Willcox b5686dc7ca Update documentation to improve some explanations 2022-09-09 15:51:31 -05:00
bcoles 8dc4107bed enum_services: Cleanup and support non-Meterpreter sessions 2022-09-09 15:09:47 -05:00
h00die 66bbe98f5f wifi remote with better cmd stagers 2022-09-09 05:57:36 -04:00
h00die ae91cfa9c5 unified_remote exploit 2022-09-08 17:09:31 -04:00
bcoles 290d70bd19 enum_domain: Cleanup and support non-Meterpreter sessions 2022-09-08 12:34:37 -05:00
bwatters 2af5b22272 Land #16983, firefox_xpi_bootstrapped_addon: Add notes, description, references, docs 
Merge branch 'alnd-16983' into upstream-master
 2022-09-08 08:23:32 -05:00
Grant Willcox 446d891705 Land #16901, killav: Cleanup and support non-meterpreter sessions 2022-09-07 14:02:11 -05:00
space-r7 a11569fc53 Land #16944, add Apach Spark RCE 2022-09-07 13:02:27 -05:00
h00die-gr3y f71ec84f9e updated documentation 2022-09-06 19:36:11 +00:00
h00die c6d453f5b9 fix docs 2022-09-05 08:23:40 -04:00