adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
69,806 Commits 27 Branches 1,043 Tags
e66fd8f5aec3372de3ba7cff9502df80b445a7cc
Commit Graph

34086 Commits

Author SHA1 Message Date
Pflegusch e66fd8f5ae Use rand_text_alphanumeric function 2023-03-09 17:03:48 +01:00
Pflegusch 69839d1924 Remove get_proxy_protocol function 2023-03-09 17:02:10 +01:00
Pflegusch 614f4b6d89 Make installation path of owa configurable 2023-03-09 16:32:28 +01:00
Pflegusch 2de53712bd Use Rex::Version for version comparison 2023-03-09 15:59:42 +01:00
Pflegusch 94ceeb075a Redirect is not necessary - replace with simple send_request_cgi request 2023-03-09 15:41:15 +01:00
Pflegusch ee95eb2883 fix typo: establish_connection 2023-03-09 15:09:32 +01:00
Pflegusch 14b5c08a62 Fix the double slash in the shell url 2023-03-09 14:28:15 +01:00
Pflegusch d59175a463 make it work for https and http and remove the tmp self signed cert bypass 2023-03-09 13:58:56 +01:00
Pflegusch f0dbf54c69 use fail_with in get_cache_content function 2023-03-09 11:04:00 +01:00
Pflegusch 7068d4c3f1 remove LPORT, RPORT and SSL from DefaultOptions 2023-03-09 11:03:24 +01:00
Pflegusch 76b05a7092 Change DisclosureDate according to nvd.nist.gov 2023-03-08 21:52:13 +01:00
Pflegusch b37be28191 Working module open web analytics 1.7.3 rce 2023-03-08 21:30:52 +01:00
Christophe De La Fuente ecbeceb817 Land #17733, Add Gather Wowza Streaming Engine Credentials 2023-03-07 15:27:52 +01:00
bcoles 3f781de8e9 Add Wowza Streaming Engine Manager Login Utility 2023-03-07 23:42:42 +11:00
bcoles 9dcaf93b29 Replace deprecated File.exists? with File.exist? 2023-03-05 14:30:47 +11:00
Grant Willcox 6579dcc977 Land #17723, Fix PHP Base64 encoding 2023-03-03 11:53:46 -06:00
cgranleese-r7 252012f48d Land #17675, Add support for forging inter-realm Kerberos tickets 2023-03-03 14:17:48 +00:00
cgranleese-r7 6259f02051 Land #17684, Add rbcd exploitation documentation to docs site 2023-03-03 13:31:53 +00:00
adfoster-r7 efd79eb638 Add support for forging inter-realm Kerberos tickets 2023-03-03 13:20:39 +00:00
adfoster-r7 0047ce5d3a Add rbcd exploitation documentation to docs site 2023-03-03 13:18:29 +00:00
Grant Willcox 975de9d479 Supply exception message when raising BadcharError and fix typo 2023-03-02 17:46:21 -06:00
jvoisin 5b82c952ba Rubocop pass 2023-03-02 21:43:41 +01:00
jvoisin ae549ce1d4 Fix PHP base64 encoding 2023-03-02 21:40:27 +01:00
bwatters 5b4962e2bd Land #17721, Fix adapted payload stage encoding 
Merge branch 'land-17721' into upstream-master
 2023-03-02 14:03:06 -06:00
Spencer McIntyre a418bd9c65 Land #17638, Lucee Scheduled Job RCE 2023-03-02 08:57:19 -05:00
Spencer McIntyre 088f359cee Make stage encoding optional 2023-03-01 12:24:46 -05:00
Spencer McIntyre 3fabcc3421 Use coldfusion to decode base64 data 
This means we don't need to rely on base64 being in the path. Also
invoke ARCH_CMD payloads on Windows through cmd.exe and not
powershell.exe.
 2023-02-28 17:32:56 -05:00
Spencer McIntyre c8aa491378 Fail with Unreachable when res is nil 2023-02-28 17:05:59 -05:00
Jack Heysel 3abd62076c Land #17624, Oracle E-Business Suite Module 
This pull request adds an exploit module for CVE-2022-21587
an arbitrary file upload vulnerability in Oracle Web Applications
Desktop Integrator as shipped with 12.2.3 through to 12.2.11
which results in RCE
 2023-02-28 17:04:20 -05:00
Spencer McIntyre a916163b49 Cleanup files and fixup messages 2023-02-28 16:41:57 -05:00
space-r7 b3e6767125 Land #17676, add SIS login module 2023-02-28 15:41:24 -06:00
space-r7 380a66916f use print instead of vprint 2023-02-28 15:40:03 -06:00
Spencer McIntyre 2be54376bc Land #17699, Add in SCHANNEL support for LDAP 2023-02-27 16:35:30 -05:00
bwatters 87f046f351 Land #17629, Fix #17629 #query_ldap issues 
Merge branch 'land-17698' into upstream-master
 2023-02-27 14:39:19 -06:00
JBince 8b03f2fda8 Reworked payload execution logic 2023-02-27 11:09:34 -06:00
Imran E. Dawoodjee 2f08cf6c46 Improved version check, review round 1 2023-02-26 17:23:54 +08:00
Grant Willcox f6bfa6a61b Add in SCHANNEL support, and update modules to fix a hang when using to_json instead of get_operation_result. 2023-02-24 13:50:04 -06:00
Spencer McIntyre 26d9026fc2 Fix a filter error 
When FILTER was nil, the check would fail causing `()` to be appended to
the LDAP query filter which would cause it to fail.
 2023-02-24 13:51:58 -05:00
Jack Heysel ca6faed172 Check method enhancement 2023-02-24 13:33:10 -05:00
Jack Heysel 5311a491e9 Froxlor 2.0.7 is actually vulnerable too 2023-02-24 13:18:34 -05:00
Jack Heysel 5749b402af Land #17672, disable ClamAV on Linux 
This PR includes a post module that will disable
ClamAV on Linux systems.
 2023-02-23 21:51:48 -05:00
Jack Heysel 9a874c352b Added missing space in fail_with statement 2023-02-23 20:57:19 -05:00
Jack Heysel 5e2f0965f3 Changed print_bad to fail_with 2023-02-23 17:33:52 -05:00
Jack Heysel 8db255288b Spelling 2023-02-23 16:40:09 -05:00
Jack Heysel 2ed89dda7e Added nc and python cmd techniques 2023-02-23 16:21:09 -05:00
archcloudlabs 10552cbc87 msftidy and notes 2023-02-22 21:48:35 -05:00
archcloudlabs 9ff4cdfd5c updated w/ socat method 2023-02-22 21:40:26 -05:00
archcloudlabs 55371f9363 removing to_str 2023-02-22 20:36:55 -05:00
space-r7 9621f77bac Land #17640, add Froxlor RCE 2023-02-22 12:11:38 -06:00
Jack Heysel bf7884b2dc Removed need to auth twice when AutoCheck enabled 2023-02-22 12:28:28 -05:00