adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
50,939 Commits 27 Branches 1,043 Tags
edb94e9ef581c4cb2f856428fe5e05eb470d7fbd
Commit Graph

12360 Commits

Author SHA1 Message Date
William Vu 6ff18828c0 Land #11481, Drupal SA-CORE-2019-003/CVE-2019-6340 2019-03-05 21:09:06 -06:00
William Vu 0de69e776a Add friendly default payloads 2019-03-05 20:25:00 -06:00
William Vu 2f76ad4205 Move print_line for DUMP_OUTPUT 2019-03-05 20:10:32 -06:00
William Vu 84376c30c4 Refactor check methods once again 2019-03-05 19:47:41 -06:00
William Vu 72bb49aca9 Make HTTP method configurable and prefer POST 2019-03-05 17:16:04 -06:00
William Vu d30bfe2cbf Update drupal_drupalgeddon2 2019-03-05 13:26:05 -06:00
William Vu ea7c589b19 Refactor module and address review comments 2019-03-05 13:26:01 -06:00
Wei Chen 6765ed80d6 Land #11077, Improvements and documentation for wing_ftp_admin_exec 2019-03-05 12:42:33 -06:00
William Vu a8a48050f9 Merge remote-tracking branch 'upstream/master' into pr/11481 2019-03-05 11:14:56 -06:00
William Vu 502f63c0c4 Indent SOAP requests and prefer $() over `` 2019-03-04 19:10:33 -06:00
William Vu 1dd243b8bd Improve positive/negative prints in check method 2019-03-04 19:08:47 -06:00
William Vu 225e0549c0 Revert CheckCode::Vulnerable to CheckCode::Appears 2019-03-04 18:38:44 -06:00
William Vu 4100f1cfeb Revert vprint_status to vprint_good 2019-03-04 18:22:12 -06:00
William Vu f8208bf0ef Land #11464, version checking for Wemo exploit 2019-03-04 18:18:02 -06:00
William Vu 40ff708306 Refactor check method and address review comments 2019-03-04 17:49:09 -06:00
rotemreiss 2c2e1f0615 Remove custom imp. in favor of library change 
Remove custom full_uri implementation in favor of a library change in #11485 which adds vhost support in the full_uri method.
 2019-02-26 13:35:32 -05:00
rotemreiss a6148f7733 Code improvements and fixes 2019-02-25 17:24:34 -05:00
rotemreiss edf7c41478 Code smells and documentation 2019-02-25 15:21:46 -05:00
rotemreiss 54ce49c4e6 Feedback from PR fixes 2019-02-25 14:09:07 -05:00
William Vu c769555557 Clarify why WfsDelay was repurposed 2019-02-25 12:19:03 -06:00
William Vu 5c84330c18 Clarify DUMP_OUTPUT description once more 2019-02-25 12:06:20 -06:00
William Vu b5368ed2e4 Add sleep(wfs_delay) back to drupal_drupalgeddon2 
And drop WfsDelay back down to 2. I see why I did it in the first place.
 2019-02-25 12:02:31 -06:00
William Vu cb962a22ef Add WfsDelay back to drupal_drupalgeddon2 
And bump it to 10, though 2 worked in testing.
 2019-02-25 11:44:02 -06:00
William Vu f35a13d795 Fix exploit/multi/http/oracle_ats_file_upload 2019-02-25 11:35:34 -06:00
William Vu f534fd9755 Fix exploit/multi/http/apache_jetspeed_file_upload 2019-02-25 11:32:06 -06:00
William Vu 53bf15b184 Fix exploit/multi/http/struts2_rest_xstream 2019-02-25 11:18:27 -06:00
William Vu 6ecb4bc4a7 Fix exploit/unix/webapp/drupal_drupalgeddon2 2019-02-25 11:18:20 -06:00
bcoles 9249f2a119 Update modules/exploits/unix/webapp/drupal_sa_core_2019_003.rb 
Co-Authored-By: rotemreiss <reiss.r@gmail.com>
 2019-02-25 08:53:19 -05:00
bcoles 8912c1a943 Update modules/exploits/unix/webapp/drupal_sa_core_2019_003.rb 
Co-Authored-By: rotemreiss <reiss.r@gmail.com>
 2019-02-25 08:53:02 -05:00
bcoles d279e092cb Update modules/exploits/unix/webapp/drupal_sa_core_2019_003.rb 
Co-Authored-By: rotemreiss <reiss.r@gmail.com>
 2019-02-25 08:46:30 -05:00
rotemreiss eabd0b485c Update ranking 2019-02-25 08:08:06 -05:00
rotemreiss e93dffb32c Add new exploit for Drupal SA-CORE-2019-003 2019-02-25 07:57:04 -05:00
Nicholas Starke 7c7a233d67 Addressing PR Comments 2019-02-23 14:41:11 -06:00
Nicholas Starke 6bd1489f62 Adding version checking to wemo module 
Addresses Github Issue 11452 by parsing out the version
information returned in /setup.xml. New code then performs
a version check, and then alerts the user to whether or not
it is likely the remote host is vulnerable given that version
check.
 2019-02-23 12:06:57 -06:00
William Vu fc9245fa66 Fix author names in a couple modules 
It me.
 2019-02-22 17:02:15 -06:00
William Vu 194881a8b2 Add NOCVE 2019-02-22 13:26:53 -06:00
William Vu c76714ccc6 Add Reliability REPEATABLE_SESSION to Wemo exploit 
Notes copied from auxiliary/admin/wemo/crockpot where it didn't apply.
 2019-02-22 13:11:59 -06:00
Jacob Robles 5214b90fdf Land #11292, Add exploit for Nuuo CMS SQL injection 2019-02-21 11:05:53 -06:00
Jacob Robles 1cd7dc8bc9 Update rank, add note 2019-02-21 10:12:02 -06:00
Jacob Robles 696640a340 Timeout and cleanup files 2019-02-21 06:48:10 -06:00
Jacob Robles 4a4637d7a3 Move execute shell 2019-02-21 06:48:09 -06:00
Jacob Robles 1acc565335 Land #11290, Add Nuuo CMS file upload exploit 2019-02-20 07:43:37 -06:00
William Vu 0c8b260737 Revert ARCH_CMD payload to cmd/unix/generic 
There is no telnetd, so cmd/unix/bind_busybox_telnetd won't work.
 2019-02-19 13:23:25 -06:00
Jacob Robles 73048edd97 Minor updates 
exploit:nuuo_cms_sqli
 2019-02-19 12:26:31 -06:00
William Vu bad53aeaf1 Genericize exploit (less Crock-Pot verbiage) 2019-02-19 12:13:08 -06:00
Jacob Robles 2b71410807 Minor updates 
exploit:nuuo_cms_fu
 2019-02-19 12:11:50 -06:00
William Vu 1be838d1fd Add Belkin Wemo UPnP RCE (tested on Crock-Pot) 2019-02-14 12:45:36 -06:00
Wei Chen c5bff76dc7 Cosmetic changes for office_exel_slk module and documentation 2019-02-11 12:37:17 -06:00
Wei Chen 18afc8f546 Bring PR 11249 up to date with upstream master 2019-02-11 12:19:21 -06:00
Imran E. Dawoodjee 6d0797986b PowerShell check less strict, updated docs. 2019-02-10 14:26:13 +08:00