adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
63,472 Commits 27 Branches 1,043 Tags
ef4e7b2165ec317aceca4e58f2a2dee87f9918a5
Commit Graph

7170 Commits

Author SHA1 Message Date
bwatters 3f35524c61 Rubocop fixes 2022-03-03 13:02:55 -06:00
bwatters f0878f4d1a Improve check method and add autocheck 2022-03-03 12:52:05 -06:00
bwatters b69db83398 Land #16202, Add exploit for CVE-2022-21882 (Win32k LPE) 
Merge branch 'land-16202' into upstream-master
 2022-02-25 15:55:48 -06:00
Spencer McIntyre 544f8e161a Land #16164, Create Module For CVE-2021-42321 2022-02-24 11:36:12 -05:00
Spencer McIntyre 2b0002031d Fix the minimum build number 
This particular change looks like a mistake. Build 17134 (v1803) is the
oldest that is supported.
 2022-02-24 11:24:20 -05:00
Spencer McIntyre 6d325933a9 Remove the default payload options 2022-02-24 10:55:38 -05:00
Grant Willcox fddd3f15c2 Fix up code so that it will not block on attempting to delete the configuration on the folder, just in case the configuration doesn't exist in the first place. Instead print a warning and continue. 2022-02-22 17:52:29 -06:00
Spencer McIntyre 443bf1249a Remove all the old CVE-2021-1732 data 2022-02-18 15:25:39 -05:00
Spencer McIntyre bcd7cb1122 Writeup the module metadata and docs 2022-02-18 15:23:44 -05:00
Spencer McIntyre d92259f868 One exploit for CVE-2021-1732 and CVE-2022-21882 2022-02-18 15:23:38 -05:00
h00die d5ba1afbec fix URLs not resolving 
fix URLs not resolving

add csv export to references

fix URLs not resolving

pdf not pd

missed a url change

remove extra recirectedfrom fields

remove extra file

fix ovftool url accidental replacement
 2022-02-16 17:22:40 -06:00
Grant Willcox 6700ed7f3c Update module to use built in error handling within send_request_cgi vs doing it ourselves 2022-02-15 18:18:53 -06:00
darrenmartyn 604361b59d Update hp_dataprotector_cmd_exec.rb 
64 bit payloads
 2022-02-15 18:03:13 +00:00
Grant Willcox a7ace66b3f Use send_request_cgi and update options to use HttpUsername and HttpPassword accordingly. This simplifies code. Also update documentation accordingly 2022-02-14 18:19:00 -06:00
Grant Willcox c49591cf11 Add in changes to use targets array as per Spencer's suggestion so we can now spawn Meterpreter shells. Also remove ACCOUNT_LOCKOUTS and fix a call that should have been .get_xml_document 2022-02-14 17:38:10 -06:00
Grant Willcox 058bb33458 Merge me. More Rubocop updates 2022-02-11 17:28:16 -06:00
Grant Willcox 1a3f161ec0 Remove extra comments, randomize an additional parameter, update target section with affected versions 2022-02-11 17:26:42 -06:00
Grant Willcox 862b057277 Fix up RuboCop issues 2022-02-11 14:18:25 -06:00
Grant Willcox 4c1b2478fa Add in exploit and documentation 2022-02-11 13:58:56 -06:00
Grant Willcox 5431d3d0f6 Add in initial check method code 2022-02-09 20:12:41 -06:00
adfoster-r7 a17dfcc849 Rubocop smb relay module 2022-01-26 00:47:19 +00:00
Pedro Ribeiro ea00da0a03 fix NUUO advisory links 2022-01-13 18:54:56 +00:00
Pedro Ribeiro 09d6b1388c fix kaseya links 2022-01-13 18:47:11 +00:00
Christophe De La Fuente a458961631 Move the cleanup instance variables to the begining of #exploit 2022-01-07 20:34:58 +01:00
Christophe De La Fuente 41ebb3aa29 Land #15903, SMB Shadow Module: Direct SMB Session Takeover 2022-01-07 16:57:17 +01:00
usiegl00 3051c5d9f5 Add mutex to cleanup in smb_shadow 
The mutex will prevent multiple calls to cleanup when the module is
stopped with Ctrl-C. Add a Notes section to the documentation which
describes arpspoof usage and such.
 2022-01-07 14:18:15 +09:00
usiegl00 cf6ab21467 Fix disabling of port 445 forwarding in smb_shadow 
Update the iptables invocation to use the FORWARD table, which filters
packets being routed through the device. Add check for STATUS_PENDING
response from the server while creating the service.
 2022-01-06 13:15:30 +09:00
usiegl00 204da6a0b4 Use packet filter anchor for pfctl in smb_shadow 
The packet filter anchor will prevent the flushing of previous packet
filter rules. Using an anchor also allows us to remove the rule, instead
of disabling the filter.
 2021-12-28 20:13:32 +09:00
William Vu 4cd83b5e72 Add ManageEngine ServiceDesk Plus CVE-2021-44077 2021-12-23 12:27:57 -06:00
Spencer McIntyre 1915b1395e Land #15742, Added module for CVE-2021-40444 2021-12-08 17:46:02 -05:00
Spencer McIntyre 2f6710e02e Remove the Not_Hosted target 
It's not currently working and Metasploit should just handle everything
 2021-12-08 17:22:44 -05:00
bwatters 852230c739 Fix bug brought in by importing Msf::Post::File 
Split out javascript to a file and deobfuscate it
Update documentation for new targets
Fix other small suggestions
 2021-12-08 10:36:27 -06:00
usiegl00 609bf4be3c Update smb_shadow module to clean unnecessary code 
Remove the return statement after fail_with which will never be reached.
Add documentation for the module options. Reset the packet forwarding
settings during the module cleanup.
 2021-12-07 08:41:52 +09:00
usiegl00 260ea0725c Update smb_shadow module and docs for review 
Add mutex to module to prevent race condition. Add sleep to after arp
query to prevent arp cache restoration. Add DefangedMode to indicate
system network changes. Change module INTERFACE option to be explicit.
Remove unnecessary module payload parameters. Add module Notes.
 2021-12-03 14:33:40 +09:00
Brendan Coles a60c59c3af ms08_067_netapi: Add nine Windows 2003 SP2 targets for various locales 
* Windows 2003 SP2 Portuguese (NX)
* Windows 2003 SP2 Chinese - Simplified (NX)
* Windows 2003 SP2 Czech (NX)
* Windows 2003 SP2 Dutch (NX)
* Windows 2003 SP2 Hungarian (NX)
* Windows 2003 SP2 Italian (NX)
* Windows 2003 SP2 Russian (NX)
* Windows 2003 SP2 Swedish (NX)
* Windows 2003 SP2 Turkish (NX)
 2021-12-02 16:33:02 +00:00
space-r7 51d85fada5 Land #15914, ms03_026_dcom cleanup 2021-11-30 11:37:43 -06:00
Tim W abb11cf896 Land #15918, add more targets for ms07_029_msdns_zonename 2021-11-30 08:24:03 +00:00
Brendan Coles 28bc460bac ms07_029_msdns_zonename: Add additional Windows 2000/2003 target offsets 2021-11-30 07:38:08 +00:00
bwatters 14064ff3f9 Update module description and remove extra module. 2021-11-29 15:23:02 -06:00
Brendan Coles 8fa73f9e90 ms05_039_pnp: Rename 'Windows 2000 SP4 English/French/German/Dutch' target to 'Windows 2000 SP4 Universal' 2021-11-28 13:39:05 +00:00
Brendan Coles 5fab1da09b ms03_026_dcom: cleanup 2021-11-28 08:25:31 +00:00
usiegl00 bfd57daea7 Update Range Syntax to Support Ruby 2.5 
Change [?..] to [?..-1] to be compatible with older ruby versions. Fix
failing msftidy rubocop linting tests.
 2021-11-25 15:05:39 +09:00
usiegl00 e19511a31c Update documentation for the smb_shadow module. 
Add additional clarity and details to the existing documentation for the
smb_shadow module. Remove some outdated comments and fix some spelling
errors.
 2021-11-25 08:12:13 +09:00
William Vu 344bdacae4 Remove preferred payload 
We'll add it back to Framework later.
 2021-11-24 10:44:59 -06:00
usiegl00 e2734293e1 Add SMB Shadow Module: Direct SMB Session Takeover 
This module intercepts direct SMB connections on the LAN.
Both the SMB Server and Client must be on the LAN.
The SMB Client must be authenticating to the Server as an Administrator.
This module is dependent on an external ARP spoofer.
 2021-11-24 20:05:30 +09:00
William Vu e8e5467b70 Credit mr_me for keytool classloading technique 
Confirmed. :)
 2021-11-23 20:12:05 -06:00
William Vu 3702615003 Improve check precision by matching more stuff 2021-11-23 19:05:09 -06:00
William Vu e2cf3e6706 Clarify working directory for FileDropper 2021-11-23 19:05:09 -06:00
William Vu 2f1bfa738a Add ManageEngine ADSelfService Plus CVE-2021-40539 2021-11-23 19:05:09 -06:00
Grant Willcox 9023c61ac8 Land #15851, User Agent Refresh 2021-11-17 15:08:52 -06:00