adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
60,193 Commits 27 Branches 1,043 Tags
ee8838eea5d4eaebbece686abcaaa51ed307c45c
Commit Graph

30595 Commits

Author SHA1 Message Date
BuildTools ee8838eea5 added validation to make sure the file path is set 2021-04-14 17:47:19 -04:00
BuildTools b42a22c4de Updated documentation 2021-04-01 13:30:39 -04:00
jconnolly80911 c0531f4208 OSX Post exploitation .gitignore retrieval 
This post exploitation module is meant to locate all .gitignore files in a user's home directory as well as retrieve the contents of both the .gitignore as well as the files contained in the .gitignore. There are two modes. Mode 1 finds the .gitignore files. Mode 2 retrieves the file. You must set the FILE path with the gitignore file you'd like to retrieve. This could be used to retrieve potentially sensitive artifacts.

After establishing a meterpreter session:
* use post/osx/gather/gitignore
* set mode 1
* set session n (where n is the session in which you'd like to run the module)
* run

The module will take some time to complete but will recursively search all directories from the user's home directory for .gitignore files and then print the absolute path of each file it finds. Copy the path of whichever gitignore you'd like to read and paste into the FILE variable.

* set mode 2
* set file /path/to/.gitignore
* run

At this point, the module will display the contents of the gitignore file. If it contains something of interest, you can copy the filename and replace it in the absolute path for which you found the .gitignore. 

* set file /path/to/artifact
* run

This will retrieve the contents of the artifact you are looking to read.
 2021-03-31 14:47:48 -04:00
William Vu 51200c4b22 Remove CmdStagerFlavor from a couple modules 
Not strictly necessary. We need a better way to limit by platform.
 2021-03-31 12:08:46 -05:00
Spencer McIntyre 3340593938 Land #14951, Update metasploit_payloads-mettle gem to 1.0.8 2021-03-30 12:16:17 -04:00
ryanpohlner d92d0e59d8 Fixed generic cmd payload not echoing 2021-03-29 20:06:12 -04:00
ryanpohlner c55303863a Fixed payload triggering twice 2021-03-29 18:27:25 -04:00
Spencer McIntyre 8d579ff30c Update the HTTP Title scanner as a demonstration 2021-03-29 13:56:25 -04:00
Spencer McIntyre 9d85af51cb Land #14945, Proxylogon RCE (Praetorian update) 2021-03-29 12:04:19 -04:00
adfoster-r7 4bf5f4a49c Land #14963, Fix cloud_lookup gather module (PublicSuffix) 2021-03-29 15:12:20 +01:00
Spencer McIntyre 11f4946817 Tweak some ProxyLogon verbiage for clarity 2021-03-29 10:07:43 -04:00
RAMELLA Sébastien e09c62a8c2 fix. missing require 2021-03-29 15:56:46 +04:00
RAMELLA Sébastien 02b240b22a code review 2021-03-29 14:23:39 +04:00
Grant Willcox 80ae750df5 Land #14697, Add Nagios XI mixin and auxiliary scanner module and docs 2021-03-26 18:12:16 -05:00
bwatters 11b12e4c63 Land #14869, Add Windows post module for gathering Exchange mailboxes 
Merge branch 'land-14869' into upstream-master
 2021-03-26 15:08:06 -05:00
Grant Willcox 1dbf1656d3 Update to introduce wrapping on some comments and also to fix up the CVE output a bit 2021-03-26 11:46:51 -05:00
Tim W c05ed60dd8 update payloads cached size 2021-03-26 15:25:35 +00:00
RAMELLA Sébastien c64b1b200e remove ClientID, seem useless 2021-03-26 16:37:08 +04:00
William Vu fb387d940d Land #14946, fail_with corrections for two modules 2021-03-26 01:51:14 -05:00
William Vu b517372e4d Fix sharepoint_ssi_viewstate, too 2021-03-26 01:32:46 -05:00
William Vu a6df15c8c2 Fix the rest of the optional method 2021-03-26 01:29:47 -05:00
sophosyaniv d74fe1d6d8 randomize output delimiters 2021-03-25 20:12:58 -07:00
Spencer McIntyre 006faaab9a Land #14924, Add auxiliary and exploit modules for CVE-2020-6207 in SAP Solution Manager 2021-03-25 17:48:56 -04:00
kalba-security 122dbbea1e Add additional supported modules. Align results when printing in scanner. 2021-03-25 15:01:05 -04:00
kalba-security 6d1986e8ca Avoid mixing return types in login.rb 2021-03-25 14:13:55 -04:00
William Vu 0b8ac121d4 Fix fail_with usage in advantech_iview_unauth_rce 
Brain fart. Should be print_warning so as not to fail the session.
 2021-03-25 11:33:41 -05:00
Grant Willcox 784927a389 Land #14941, Force smb_relay module to use the Rex SMB client over ruby_smb 2021-03-25 10:55:07 -05:00
RAMELLA Sébastien 75041c5837 update proxylogon rce 2021-03-25 19:46:58 +04:00
kalba-security 16067d2801 Make sure to always call rce_check correctly 2021-03-25 11:24:25 -04:00
kalba-security 707f163e15 Avoid type mixing as much as possible, add other feedback from code review 2021-03-25 11:19:31 -04:00
Vladimir Ivanov 3b8f3620d2 Minor updates 
Updated action_exec in auxiliary module cve_2020_6207_solman_rce.rb
Updated execute_command in exploit module cve_2020_6207_solman_rs.rb
 2021-03-25 15:37:29 +03:00
Vladimir Ivanov 0487e451cf Updated payload 
Updated make_rce_payload, renamed get_agent_os to check_agent in lib sap_sol_man_eem_miss_auth.rb
Updated action_ssrf, action_exec in auxiliary module cve_2020_6207_solman_rce.rb
Updated execute_command, exploit in exploit module cve_2020_6207_solman_rs.rb
 2021-03-25 14:20:54 +03:00
Vladimir Ivanov 391e013d89 Removed var lhost, lport in exploit module cve_2020_6207_solman_rs.rb 
Changed fail reason if agent_name is nil in lib sap_sol_man_eem_miss_auth.rb
 2021-03-25 11:26:14 +03:00
bwatters 6505f9ccbd Land #14830, Adding FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (CVE-2021-3378) 
Merge branch 'land-14830' into upstream-master
 2021-03-24 17:41:10 -05:00
bwatters 5394464932 Fix rubocop complaint 2021-03-24 17:38:11 -05:00
dwelch-r7 a69d76d7b5 Force smb_relay module to use the Rex SMB client over ruby_smb 2021-03-24 17:36:50 +00:00
Grant Willcox f01b434160 Land #14896, Fix apache_activemq_upload_jsp exploit module for Java 8 2021-03-24 10:22:03 -05:00
Vladimir Ivanov 924f7feb76 Updated Arch in the exploit module cve_2020_6207_solman_rs.rb 
Corrected by rubocop library sap_sol_man_eem_miss_auth.rb
 2021-03-24 16:26:01 +03:00
Vladimir Ivanov 66ce45d833 Added support for CmdStager in the exploit module cve_2020_6207_solman_rs.rb 2021-03-24 16:16:43 +03:00
Vladimir Ivanov d28bcdc821 Updated action_ssrf, action_exec in auxiliary cve_2020_6207_solman_rce.rb 2021-03-24 16:05:34 +03:00
Vladimir Ivanov 567f78c532 Update PAYLOAD_XML, check_response in lib sap_sol_man_eem_miss_auth.rb 
Delete class var agents in auxiliary and exploit modules
 2021-03-24 11:21:57 +03:00
Grant Willcox a77e7390d2 Land #14933, Update metasploit_payloads-mettle gem to 1.0.7 2021-03-23 16:06:43 -05:00
Vladimir Ivanov 8c7a483f6e Delete analyze_error in exploit module cve_2020_6207_solman_rs.rb 2021-03-23 23:59:48 +03:00
Vladimir Ivanov 6aba44c4d5 Delete analyze_error in auxiliary module cve_2020_6207_solman_rce.rb 2021-03-23 23:59:20 +03:00
Vladimir Ivanov 2c18435e6e Update pretty_agents_table in lib sap_sol_man_eem_miss_auth.rb 
Change output in auxiliary and exploit modules
 2021-03-23 23:00:34 +03:00
Vladimir Ivanov 4399fa73fc Update make_rce_payload, make_soap_body in lib sap_sol_man_eem_miss_auth.rb 
Update rce command in auxiliary module cve_2020_6207_solman_rce.rb
 2021-03-23 19:02:59 +03:00
Christophe De La Fuente 2dcd0fad04 Land #14860, Auxiliary/Exploit Scanner/Gather/RCE for Exchange ProxyLogon (CVE-2021-26855) 2021-03-23 13:10:15 +01:00
Vladimir Ivanov 0fae3f4805 Added conditions in options in auxiliary module cve_2020_6207_solman_rce.rb 2021-03-23 14:02:12 +03:00
Vladimir Ivanov d76224066f Rename option URIPATH to TARGETURI 2021-03-23 13:33:39 +03:00
Vladimir Ivanov 113dce79de Move lib/metasploit/framework/sap_solman/client.rb to lib/msf/core/exploit/remote/http/sap_sol_man_eem_miss_auth.rb 2021-03-23 13:20:27 +03:00