adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,317 Commits 27 Branches 1,043 Tags
ed5dd4dd20d22decbef21937f91ef121bb6f93fb
Commit Graph

28132 Commits

Author SHA1 Message Date
William Vu a908ceb58a Add ManageEngine Desktop Central exploit 2020-03-12 17:36:53 -05:00
William Vu 5e65021914 Land #13054, PPID_NAME fix for Windows migrate 2020-03-12 17:35:39 -05:00
Spencer McIntyre 71f2e4c26c Land #13035, update PHP web_delivery to SSL context 
Update the PHP command from web_delivery to ignore invalid SSL
certificates which is required for newer versions of PHP when a
self-signed certificate is used.
 2020-03-12 16:35:12 -04:00
Christophe De La Fuente f7d8c43722 Land #13040, SQL Server Reporting Services ViewState deserialization RCE 2020-03-12 18:26:01 +01:00
g0t mi1k f301676d04 Grammar fixes 
...I think?
https://www.grammarly.com/blog/into-vs-in-to/
 2020-03-10 13:00:12 +00:00
Adam Galway 0e163c69ab Land #12975, exploits RCE backdoor in PHPStudy 2020-03-10 11:56:26 +00:00
Spencer McIntyre f3d38e147d Replace another use with the target type 2020-03-09 11:43:26 -04:00
Christophe De La Fuente 7c54066b0e Land #13004, Nagios XI RCE module 2020-03-09 15:57:58 +01:00
Spencer McIntyre b148e9da30 Land #13042, use VHOST when creating the full URI 2020-03-09 10:40:03 -04:00
Brent Cook b19ed20d0a Land #12990, Add initial rubocop rules to consistently format modules 2020-03-09 09:24:46 -05:00
Brent Cook a10f51e1f9 manually realign shellcode. Note below: 
The linter here indents strangely only in the case where you have a
standalone string literal without an assignment nor a return or
function/method call. In all other cases it aligns properly. Given that
this really is easy to work around, with what looks like beneficial code
changes, this is still far worth the benefit.

See https://github.com/rapid7/metasploit-framework/pull/12990#pullrequestreview-369907902
 2020-03-09 09:22:01 -05:00
Spencer McIntyre 9bd6fb9e76 Update cve-2020-0618 based on feedback 2020-03-09 09:18:44 -04:00
kalba-security 96ae2cf9a2 Incorporate additional suggestions from code review. 2020-03-09 11:56:15 +02:00
t0-n1 fe8cd52c9d Use VHOST instead of RHOST 
The 'vhost_uri: true' enables the successfully exploitation of this vulnerability in environments where you can't use an IP address (RHOST) to access the OWA web page.
 2020-03-07 10:43:51 +01:00
Spencer McIntyre 4c004d51a7 Add an exploit for CVE-2020-0618 2020-03-06 16:21:37 -05:00
Spencer McIntyre c75780350e Land #13038, clean up the socket when checking 2020-03-06 13:00:42 -05:00
Christophe De La Fuente e5f2b48274 Ensure client is disconnected when leaving the check method 2020-03-06 17:38:37 +01:00
kalba-security 8b778bffc0 Incorporate suggestions from code review 2020-03-06 15:50:34 +02:00
Alan Foster 3a046f01da Run rubocop -a on subset of files 2020-03-06 10:41:45 +00:00
Tim W 63f2da278d fix #7366, ignore the ssl cert on PHP web_delivery 2020-03-06 12:32:57 +08:00
William Vu 9840951f0d Land #12574, Chrome CVE-2019-5825 exploit 2020-03-05 13:44:40 -06:00
William Vu 87b8182131 Land #12384, Chrome CVE-2018-17463 exploit 2020-03-05 13:44:27 -06:00
Spencer McIntyre b0bcfc071b Land #12944, fix a bug in owa_login 2020-03-05 14:05:49 -05:00
bwatters-r7 bbd82865d6 Land #12985, fix the cmd/windows/reverse_powershell payload 
Merge branch 'land-12985' into upstream-master
 2020-03-05 11:02:33 -06:00
Brent Cook 349051531a Land #12984, update local socket parameters when opening channels 2020-03-05 10:52:12 -06:00
Spencer McIntyre eb90bee4a7 Land #12863, add exploit for PHP-FPM Underflow RCE 2020-03-05 11:43:43 -05:00
Brent Cook 40cc170578 bump payload sizes 2020-03-05 10:12:14 -06:00
dwelch-r7 4fe7678b01 Land #12910, Add exploit module for apache activemq traversal 2020-03-05 15:05:13 +00:00
dwelch-r7 c7ca43b585 reformat date to iso standard 2020-03-05 15:03:05 +00:00
Christophe De La Fuente 8d6468e725 Fix comments 2020-03-05 13:28:28 +01:00
airevan 630add538f set default index.php 2020-03-05 10:24:22 +08:00
Shelby Pace 5698f6e51f Land #13003, add OpenSMTPD LPE module 2020-03-04 13:32:25 -06:00
Adam Galway 65c2b68319 Land #12982, fixes broken url in word_unc_injector 2020-03-04 15:59:27 +00:00
kalba-security 633899402c Split up description 2020-03-04 17:02:34 +02:00
kalba-security a87a1ae1b4 Split up description 2020-03-04 16:57:36 +02:00
Adam Galway 83132dd733 Land #13008, module for Chrome 80 JScreate exploit 2020-03-04 14:49:59 +00:00
Tim W 9f55e4163f add documentation 2020-03-04 21:31:14 +08:00
Tim W 7f6f7fea3e add osx as a target 2020-03-04 13:37:19 +08:00
Tim 9f56867f6c Apply suggestions from code review 
Co-Authored-By: adamgalway-r7 <54621924+adamgalway-r7@users.noreply.github.com>
 2020-03-04 11:55:33 +07:00
William Vu 865d15975b Add automatic grammar selection by version number 2020-03-03 18:44:48 -06:00
William Vu 975eb742cb Add old grammar target and refactor check 2020-03-03 17:41:04 -06:00
William Vu 260aa0533a Add check method and reorder mixins for super 
Also fix copypasta'd vulnerable commit.
 2020-03-03 17:41:04 -06:00
William Vu c003b0d293 Add module notes 2020-03-03 17:41:04 -06:00
William Vu 498d01aaa3 Add OpenSMTPD CVE-2020-8794 LPE exploit 2020-03-03 17:41:04 -06:00
William Vu ba924b3047 Land #13014, Exchange ECP ViewState exploit 2020-03-03 17:23:17 -06:00
William Vu 4759f7d39d Check for nil res 2020-03-03 17:17:28 -06:00
William Vu 573b8302ec Fix missing var and change default target 2020-03-03 17:15:19 -06:00
Spencer McIntyre a4feaec188 Implement a check method for cve-2020-0688 2020-03-03 14:22:27 -05:00
kalba-security cd6c01ae9d Add suggestions from code review. 2020-03-03 20:17:13 +02:00
0x44434241 fb00818cab Optionally store enumerated SMB usernames in DB. 
This responds to issue #12359, where it was noted that enumerated
usernames from this module were not being stored in the database. Since
they are not a credential pair of user:pass, I have made it an optional
feature with 'DB_ALL_USERS', which is consistent with other scanning
modules.
 2020-03-03 11:47:28 -06:00