adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
50,939 Commits 27 Branches 1,043 Tags
edb94e9ef581c4cb2f856428fe5e05eb470d7fbd
Commit Graph

2042 Commits

Author SHA1 Message Date
William Vu 502f63c0c4 Indent SOAP requests and prefer $() over `` 2019-03-04 19:10:33 -06:00
William Vu 1dd243b8bd Improve positive/negative prints in check method 2019-03-04 19:08:47 -06:00
William Vu 225e0549c0 Revert CheckCode::Vulnerable to CheckCode::Appears 2019-03-04 18:38:44 -06:00
William Vu 4100f1cfeb Revert vprint_status to vprint_good 2019-03-04 18:22:12 -06:00
William Vu 40ff708306 Refactor check method and address review comments 2019-03-04 17:49:09 -06:00
Nicholas Starke 7c7a233d67 Addressing PR Comments 2019-02-23 14:41:11 -06:00
Nicholas Starke 6bd1489f62 Adding version checking to wemo module 
Addresses Github Issue 11452 by parsing out the version
information returned in /setup.xml. New code then performs
a version check, and then alerts the user to whether or not
it is likely the remote host is vulnerable given that version
check.
 2019-02-23 12:06:57 -06:00
William Vu fc9245fa66 Fix author names in a couple modules 
It me.
 2019-02-22 17:02:15 -06:00
William Vu 194881a8b2 Add NOCVE 2019-02-22 13:26:53 -06:00
William Vu c76714ccc6 Add Reliability REPEATABLE_SESSION to Wemo exploit 
Notes copied from auxiliary/admin/wemo/crockpot where it didn't apply.
 2019-02-22 13:11:59 -06:00
William Vu 0c8b260737 Revert ARCH_CMD payload to cmd/unix/generic 
There is no telnetd, so cmd/unix/bind_busybox_telnetd won't work.
 2019-02-19 13:23:25 -06:00
William Vu bad53aeaf1 Genericize exploit (less Crock-Pot verbiage) 2019-02-19 12:13:08 -06:00
William Vu 1be838d1fd Add Belkin Wemo UPnP RCE (tested on Crock-Pot) 2019-02-14 12:45:36 -06:00
Wei Chen a380bb6df1 Land #11239, Add check for writable and nosuid WritableDir 2019-02-08 19:14:54 -06:00
Wei Chen 18a4af1d1d Land #11279, improve imap_open exploit to be more robust 2019-02-08 18:28:08 -06:00
Tod Beardsley daa3076d42 Add CVE-2018-1000999 to MailCleaner module 
See PR #11148

This adds the new CVE assigned by DWF for this vulnerability.

Note that [CVE-2018-10933](https://www.cvedetails.com/cve/CVE-2018-10933/)
describes a vulnerability in libssh, but this one describes the issue as
it pertains to MailCleaner specifically.
 2019-01-23 09:27:12 -06:00
Shelby Pace 2ae6142de7 Land #11243, Add ASan SUID Privesc 2019-01-22 15:50:53 -06:00
Brendan Coles 060d20694d Attribution 2019-01-20 09:18:43 +00:00
h00die f47060870a horde imp h3 imap_open 2019-01-18 19:43:45 -05:00
h00die 2585e4b708 horde imp h3 imap_open 2019-01-18 19:38:30 -05:00
h00die 5d49f04948 not working horde imp imap_open 2019-01-17 19:55:42 -05:00
h00die a73fe9433b land #11169 blueman priv esc on linux 2019-01-15 10:32:46 -05:00
bcoles 8c636f27d5 Update check method to confirm vulnerability 2019-01-15 11:31:31 +11:00
Wei Chen 47f8738f74 Add Imran Rashid to CVE-2018-11770 credit 2019-01-14 15:28:08 -06:00
Wei Chen 52ff0a8b75 Update exploits/linux/http/spark_unauth_rce as CVE-2018-11770 2019-01-14 15:10:29 -06:00
Brendan Coles c6f4eda7f9 Add ASan SUID Executable Privilege Escalation module 2019-01-12 09:14:20 +00:00
Brendan Coles fe6956d7f7 Use mixins 2019-01-11 22:46:58 +00:00
Brendan Coles 20fd6b6134 Add check for writable and nosuid WritableDir 2019-01-11 22:41:14 +00:00
Brendan Coles 24f807490f revisionism 2019-01-10 19:19:14 +00:00
h00die 799a79b715 ueb priv esc suggestion 2019-01-09 20:28:53 -05:00
Jacob Robles 16b8cf7059 Land #11148, Adding Module MailCleaner RCE 2019-01-08 14:10:31 -06:00
Jacob Robles a0acfa79d7 Target payloads 2019-01-08 13:27:26 -06:00
Mehmet İnce 4e8ad22a7a Adding CVE number 2018-12-26 13:15:36 +03:00
Mehmet İnce fa542b9691 Adding platform and arch to top level 2018-12-25 15:56:25 +03:00
Brendan Coles 98dc59728e Add blueman set_dhcp_handler D-Bus Privilege Escalation 2018-12-24 08:03:55 +00:00
Brent Cook b9742802aa Land #11137, Clean up linux/local/vmware_alsa_config exploit module 2018-12-21 17:04:11 -06:00
Mehmet İnce 9481ad04f2 Adding support for ARCH_CMD and updating docs 2018-12-20 12:12:01 +03:00
Mehmet İnce 68ceb08957 Fixing minor issues such as err codes 2018-12-19 22:17:34 +03:00
Mehmet İnce e5c8c18ded Adding Mailcleaner exec 2018-12-19 17:35:40 +03:00
Brent Cook fc2d217c0a Land #11135, strip comments from source code before uploading it to the target 2018-12-17 21:23:29 -06:00
Shelby Pace 2fc501d260 Land #11112, Fix bpf_priv_esc exploit module 2018-12-17 10:00:50 -06:00
Brendan Coles d973a58052 Clean up linux/local/vmware_alsa_config 2018-12-17 08:01:34 +00:00
Brendan Coles fcb512878c Add strip_comments method to Linux local exploits 2018-12-16 14:11:54 +00:00
Brendan Coles b8e134b95d Update version check 2018-12-15 05:39:50 +00:00
Auxilus 6c9fafb9d5 Delete unused variable 
I suppose the variable 'f' was for Name in https://github.com/rapid7/metasploit-framework/blob/06720ee18b2d661aa5ea695ed80e4daa88fbf20c/modules/exploits/linux/smtp/haraka.py#L70

I'm not sure, should it be 'f' at https://github.com/rapid7/metasploit-framework/blob/06720ee18b2d661aa5ea695ed80e4daa88fbf20c/modules/exploits/linux/smtp/haraka.py#L70 or just the way it is atm?
 2018-12-14 22:27:11 +05:30
William Vu cb5648a1c7 Add WEBUI_PORT to hp_van_sdn_cmd_inject exploit 2018-12-13 12:22:36 -06:00
William Vu e69f006992 Remove CommandShell mixin in exploits 
This was cargo culting. Exploits use handler instead of start_session.
 2018-12-12 15:43:13 -06:00
Brendan Coles 68d451711b Fix bpf_priv_esc module 2018-12-12 17:23:12 +00:00
Brent Cook bc6356a2cd Land #11090, update code and style for exploit/linux/local/glibc_origin_expansion_priv_esc 2018-12-10 09:59:03 -06:00
Brendan Coles 237d3c86c4 Code cleanup and update style 2018-12-09 07:26:51 +00:00