adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,317 Commits 27 Branches 1,043 Tags
ed5dd4dd20d22decbef21937f91ef121bb6f93fb
Commit Graph

1400 Commits

Author SHA1 Message Date
Christophe De La Fuente 7c54066b0e Land #13004, Nagios XI RCE module 2020-03-09 15:57:58 +01:00
kalba-security 96ae2cf9a2 Incorporate additional suggestions from code review. 2020-03-09 11:56:15 +02:00
kalba-security 8b778bffc0 Incorporate suggestions from code review 2020-03-06 15:50:34 +02:00
Shelby Pace 12faf3fad5 Land #12959, add eyes of network rce module 2020-03-02 15:22:51 -06:00
Shelby Pace c16edad4e6 add verify_api method, checks on data 2020-03-02 15:10:46 -06:00
kalba-security f60f60db7f Set stance to aggressive to prevent the HTTPServer mixing from trying to make this a job 2020-02-28 13:01:51 +02:00
kalba-security 5ee7fcaf4a Add simple changes suggested in code review. 2020-02-28 12:14:38 +02:00
kalba-security 99ed3afab3 Change filenames for consistency with existing modules 2020-02-27 17:08:23 +02:00
kalba-security 280d1767b4 Add Nagios XI < 5.6.6. exploit module and documentation 2020-02-27 16:58:15 +02:00
Alan Foster af9d2a28de Fix msftidy warnings 2020-02-26 14:56:08 +00:00
kalba-security c2f13d906b fix sqli get request syntax 2020-02-20 11:38:43 +02:00
kalba-security 9980a96917 Move documentation to correct directory 2020-02-19 16:57:38 +02:00
kalba-security 0d0bd865c8 add eyesofnetwork module and docs 2020-02-19 16:33:04 +02:00
William Vu 7dc1315dac Update logic for ForceExploit in my modules 
This lets the user opt out of running check completely.
 2020-02-19 01:06:50 -06:00
Brent Cook 8489bcdfd9 This fixes broken links to the community.rapid7.com blog 
Performed mechanically with sed, spot-checked that the new blog can consume these links.
 2020-02-18 09:06:11 -06:00
William Vu a31e4034c8 Check SSL in exploit/linux/http/webmin_backdoor 2020-01-16 14:49:13 -06:00
William Vu 491c36ccaa Land #12827, credit updates to Citrix exploit 2020-01-14 10:54:57 -06:00
William Vu eaeaae7607 Reformat credit 2020-01-14 10:46:04 -06:00
Jeffrey Martin 1cd75d9f40 document additional PoC authors 2020-01-14 10:22:26 -06:00
Shelby Pace 429329c45d Land #12801, add WePresent cmd injection module 2020-01-14 08:29:40 -06:00
Jacob Baines 009ec162de Use string interpolation and removed rundant namespace and return statement 2020-01-14 07:52:30 -05:00
Jacob Baines ea6263e6bb Removed redundant return statement 2020-01-14 06:52:24 -05:00
Jacob Baines ecb825ea71 Remove redundant parameters. 2020-01-14 06:40:40 -05:00
Jacob Baines fa661e58ca Unified the POST request into one function. Fixed hardcoding of SSL. Fixed Author formatting. Fixed connection failure check in check function 2020-01-14 06:22:00 -05:00
Jacob Baines 0308f76bbd Switched to vars_post in send_request_cgi and removed unnecessary documentation 2020-01-14 05:42:06 -05:00
William Vu 5c4189fdb4 Move unix/webapp/webmin_backdoor to linux/http 2020-01-14 00:50:04 -06:00
William Vu 3a8b630262 Set a sane default HttpClientTimeout 
Totally forgot I did this for Pulse Secure.
 2020-01-13 22:26:26 -06:00
William Vu cd65efb259 Revert tuned timeout in favor of HttpClientTimeout 
Bad habit!
 2020-01-13 22:02:12 -06:00
William Vu c71a75950a Make cmd/unix/generic timeout configurable 2020-01-13 21:35:10 -06:00
William Vu 93c69b3a96 Bump send_request_cgi timeout to 3.5s for shells 2020-01-13 21:29:28 -06:00
William Vu a635676604 Update wording in module description 2020-01-13 21:04:07 -06:00
William Vu af4505f007 Clean up module 2020-01-13 20:48:18 -06:00
William Vu 04084f84f7 Run rubocop -a 2020-01-13 20:25:07 -06:00
William Vu a45821b706 Rename module 2020-01-13 20:25:07 -06:00
Jacob Baines caa02c7d2e Added exploit module for CVE-2019-3929 2020-01-09 08:03:52 -05:00
William Vu 263c7bf235 Use CheckModule in pulse_secure_cmd_exec 2019-12-03 10:39:58 -06:00
Shelby Pace baf27f9654 Land #12542, add Bludit File Upload Exploit 2019-11-12 15:44:34 -06:00
William Vu 3c1fa90a75 Land #12515, Pulse Secure VPN RCE 2019-11-12 02:55:01 -06:00
William Vu a267ad9d64 Reference env(1) as the reason we have useful RCE 2019-11-12 02:17:58 -06:00
William Vu 8df559eceb Update print to warning 2019-11-12 02:09:43 -06:00
wvu-r7 0c4580f254 Calibrate timeout for hax 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-11-12 02:03:52 -06:00
William Vu de72ed8545 Print our glorious success 2019-11-12 02:02:53 -06:00
William Vu 238c931fd3 Don't fail module if blocking through timeout 2019-11-12 01:55:56 -06:00
William Vu d8e612726c Note that an admin SID is required at present 2019-11-12 01:46:23 -06:00
William Vu 1573664c78 Reduce timeout for when the shell pops 2019-11-12 01:41:19 -06:00
William Vu bc5b0645dd Fix typo 2019-11-12 01:25:36 -06:00
William Vu 2c6c46701c Update DefaultOptions 2019-11-12 01:23:53 -06:00
William Vu 8664ac9dd8 Add target print 2019-11-12 01:17:28 -06:00
William Vu e9fb4a2528 Check for nil 
Oops.
 2019-11-12 01:10:26 -06:00
William Vu f4c7690247 Print cmd/unix/generic command output, minus HTML 2019-11-12 01:08:56 -06:00