adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
63,472 Commits 27 Branches 1,043 Tags
ef4e7b2165ec317aceca4e58f2a2dee87f9918a5
Commit Graph

1319 Commits

Author SHA1 Message Date
Spencer McIntyre 544f8e161a Land #16164, Create Module For CVE-2021-42321 2022-02-24 11:36:12 -05:00
Spencer McIntyre 6d325933a9 Remove the default payload options 2022-02-24 10:55:38 -05:00
Grant Willcox fddd3f15c2 Fix up code so that it will not block on attempting to delete the configuration on the folder, just in case the configuration doesn't exist in the first place. Instead print a warning and continue. 2022-02-22 17:52:29 -06:00
h00die d5ba1afbec fix URLs not resolving 
fix URLs not resolving

add csv export to references

fix URLs not resolving

pdf not pd

missed a url change

remove extra recirectedfrom fields

remove extra file

fix ovftool url accidental replacement
 2022-02-16 17:22:40 -06:00
Grant Willcox 6700ed7f3c Update module to use built in error handling within send_request_cgi vs doing it ourselves 2022-02-15 18:18:53 -06:00
Grant Willcox a7ace66b3f Use send_request_cgi and update options to use HttpUsername and HttpPassword accordingly. This simplifies code. Also update documentation accordingly 2022-02-14 18:19:00 -06:00
Grant Willcox c49591cf11 Add in changes to use targets array as per Spencer's suggestion so we can now spawn Meterpreter shells. Also remove ACCOUNT_LOCKOUTS and fix a call that should have been .get_xml_document 2022-02-14 17:38:10 -06:00
Grant Willcox 058bb33458 Merge me. More Rubocop updates 2022-02-11 17:28:16 -06:00
Grant Willcox 1a3f161ec0 Remove extra comments, randomize an additional parameter, update target section with affected versions 2022-02-11 17:26:42 -06:00
Grant Willcox 862b057277 Fix up RuboCop issues 2022-02-11 14:18:25 -06:00
Grant Willcox 4c1b2478fa Add in exploit and documentation 2022-02-11 13:58:56 -06:00
Grant Willcox 5431d3d0f6 Add in initial check method code 2022-02-09 20:12:41 -06:00
Pedro Ribeiro 09d6b1388c fix kaseya links 2022-01-13 18:47:11 +00:00
William Vu 4cd83b5e72 Add ManageEngine ServiceDesk Plus CVE-2021-44077 2021-12-23 12:27:57 -06:00
William Vu 344bdacae4 Remove preferred payload 
We'll add it back to Framework later.
 2021-11-24 10:44:59 -06:00
William Vu e8e5467b70 Credit mr_me for keytool classloading technique 
Confirmed. :)
 2021-11-23 20:12:05 -06:00
William Vu 3702615003 Improve check precision by matching more stuff 2021-11-23 19:05:09 -06:00
William Vu e2cf3e6706 Clarify working directory for FileDropper 2021-11-23 19:05:09 -06:00
William Vu 2f1bfa738a Add ManageEngine ADSelfService Plus CVE-2021-40539 2021-11-23 19:05:09 -06:00
Grant Willcox 9023c61ac8 Land #15851, User Agent Refresh 2021-11-17 15:08:52 -06:00
Grant Willcox 7e01e33e51 Make the XML generation into a function that accepts an argument and do further cleanup to simplify the code around this 2021-11-11 23:56:11 -06:00
Grant Willcox 8d55b16ade Fix one more mistake and rename document and module to a more easy to find name 2021-11-11 16:42:58 -06:00
Grant Willcox be4fa90f1a Fix up wvu's review comments 2021-11-11 14:39:40 -06:00
Grant Willcox 9d6f0a0eb2 Update XML to reduce it to the bare minimum needed to get the exploit working. Possible I could do more but in my tests it seems everything in here now is needed 2021-11-10 16:25:08 -06:00
Grant Willcox 27310dc002 Add in exploit and documentation for CVE-2021-42237 2021-11-10 15:52:22 -06:00
Ashley Donaldson 527057c700 Updated user agent strings in some modules where it shouldn't impact exploitability 2021-11-10 11:12:38 +11:00
adfoster-r7 28eab4d871 Add Meterpreter compatibility metadata 2021-10-06 13:54:51 +01:00
Spencer McIntyre 56cd43a8b8 Land #15624, Add module for CVE-2020-27955 2021-09-15 14:54:19 -04:00
Spencer McIntyre 1bd3a764a6 Fixup issues from testing 2021-09-14 16:32:25 -04:00
adfoster-r7 46718e3390 Run Rubocop layout rules on modules 2021-09-10 12:53:39 +01:00
bwatters a7d99ebbfc Land # 15611, ProxyShell Improvements 
Merge branch 'land-15611' into upstream-master
 2021-09-07 11:47:13 -05:00
Jack Heysel 99352ad107 Move methods from lfs.rb, fix fail_with types 2021-09-03 16:17:35 -05:00
jheysel-r7 93aea73939 Update modules/exploits/windows/http/git_lfs_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-09-03 16:17:35 -05:00
Jack Heysel 5294c714aa Fix spacing 2021-09-03 16:17:35 -05:00
Jack Heysel f9c4c35431 Update the target_suitable? method 2021-09-03 16:17:35 -05:00
Jack Heysel ba64dce5b7 Rubocop offenses 2021-09-03 16:17:30 -05:00
Jack Heysel 3c43bd409d Added docs an Git User-Agent FP 2021-09-03 16:15:39 -05:00
Jack Heysel 514a37ef2f Removed unecessary gem file + rubocop 2021-09-03 16:15:39 -05:00
Jack Heysel 21d99a74fb beta commit 2021-09-03 16:15:38 -05:00
Spencer McIntyre 33da289a9c Print stderr when it's not blank 2021-08-31 09:18:11 -04:00
Spencer McIntyre 95015f0c2b Update the ProxyShell module docs 2021-08-27 17:50:28 -04:00
Spencer McIntyre 425dcf1f81 Cleanup and refactor the exploit logic 2021-08-27 17:26:40 -04:00
Spencer McIntyre 965dec43ae Delete the draft email 2021-08-27 16:59:17 -04:00
Spencer McIntyre 0b3b0aab7d Fix the UNC path conversion regex 2021-08-27 15:56:58 -04:00
Spencer McIntyre 5e32ca9f56 Improve error checks and dont use whoami 2021-08-27 15:52:34 -04:00
Spencer McIntyre c4cf99795e Remove the requirement on knowing an email address 2021-08-27 15:34:51 -04:00
Spencer McIntyre 845c01f27f Store the enumerated mailbox email addresses 2021-08-27 15:07:13 -04:00
Spencer McIntyre 6c01a0dbea Work off of the system mailbox 2021-08-27 14:32:26 -04:00
adfoster-r7 4a9a15e638 Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
Spencer McIntyre d5fdcb8fcb Add the plumbing to enumerate email addresses 2021-08-27 11:44:27 -04:00