adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
67,686 Commits 27 Branches 1,043 Tags
f158cfaadde837ff3ef495643ffc6afc23d89618
Commit Graph

33042 Commits

Author SHA1 Message Date
Jan Rude f158cfaadd Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-12-13 16:05:56 +01:00
Jan Rude c8e301224b Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-12-13 16:05:45 +01:00
Jan Rude 53cde6d2ef Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-12-13 16:04:45 +01:00
whoot c1d090334c apply suggestions 2022-12-09 09:31:20 +01:00
whoot 04e5aa3033 apply suggestions 2022-12-02 16:05:01 +01:00
jrude 70ccbd8079 inform user about IOC 2022-09-12 09:30:50 +02:00
Jan Rude 90447d1832 Update syncovery_linux_rce_2022_36534.rb 2022-09-07 20:28:10 +02:00
Jan Rude 257d503525 Update syncovery_linux_rce_2022_36534.rb 2022-09-07 20:21:20 +02:00
Jan Rude 868f3d940c use vars_get 2022-09-07 20:16:40 +02:00
Jan Rude 0fb289aa7b Update syncovery_linux_rce_2022_36534.rb 2022-09-07 16:31:54 +02:00
jrude 01556b22d5 Syncovery For Linux - Auth. RCE (CVE-2022-36534) 2022-09-07 13:34:48 +02:00
Christophe De La Fuente 8ba621a291 Land #16923, Cisco ASA-X with FirePOWER Services Authenticated Command Injection (CVE-2022-20828) 2022-09-02 18:37:37 +02:00
Jake Baines 320bd944f0 Updated default creds. Properly used fail_with. Set meterpreter to fork. Some wording and code cleanup. 2022-09-02 08:44:04 -07:00
space-r7 53b25d7d69 Land #16934, support dumping mem by process name 2022-09-01 12:58:01 -05:00
Grant Willcox a41ec9388f Land #16725, Add ManageEngine ADAudit Plus and DataSecurity Plus Xnode enum modules, docs and mixin (CVE-2020–11532) 2022-09-01 08:46:36 -05:00
space-r7 fb28f81700 Land #16750, update jenkins_script_console 2022-08-31 16:59:33 -05:00
Spencer McIntyre 35c2a2cc7a Land #16903, enum_shares Cleanup and shell support 
enum_shares: Cleanup and support non-meterpreter sessions
 2022-08-31 13:21:31 -04:00
Spencer McIntyre 9960fe1393 Fix the constant definition 2022-08-31 12:31:09 -04:00
Spencer McIntyre d545ff0c6d Land #16955, Handle binary data 2022-08-31 08:56:00 -04:00
Spencer McIntyre 6965115c8e Land #16786, Zyxel Firewall LPE (CVE-2022-30526) 2022-08-31 08:40:23 -04:00
Grant Willcox 6b3d3913e7 Update to fix sanitization code due to improper logic 2022-08-30 16:59:30 -05:00
Grant Willcox 76eaa76fb3 Switch over to using Rex::Text.to_hex_ascii to sanitize nonprintable data 2022-08-30 10:32:22 -05:00
Spencer McIntyre b0fe5e1620 Cleanup the code a bit 2022-08-30 11:12:36 -04:00
Spencer McIntyre 69cc144e04 Add module docs 2022-08-30 11:12:36 -04:00
Spencer McIntyre 86804ce5b8 Add specific UPN and DNS support; switch to pipes 2022-08-30 11:12:36 -04:00
Spencer McIntyre cd13039aae Add the initial MS-ICPR module 2022-08-30 11:12:36 -04:00
Grant Willcox 1b1341a55f Rubocop code again 2022-08-29 15:50:18 -05:00
Grant Willcox 2261499142 Remove extra debug statement 2022-08-29 15:43:27 -05:00
Grant Willcox 9dcbf55ea8 Update ldap_query logic to handle binary data 2022-08-29 15:34:18 -05:00
Grant Willcox 6a71daac44 Land #16918, End the session when an HTTP/200 is received 2022-08-25 16:55:54 -05:00
Spencer McIntyre ae5a9bd41b Land #16734, Add rtf support to cve-2022-30190 
Add rtf support to cve-2022-30190 AKA Follina
 2022-08-25 17:26:46 -04:00
Spencer McIntyre 68eae1664e Tweak the follina docs 2022-08-25 17:10:59 -04:00
bwatters 683132242c fix up the uri_space maths 2022-08-25 16:08:26 -05:00
Spencer McIntyre 324fb69735 Resolve rubocop issues 2022-08-25 14:41:30 -04:00
Spencer McIntyre 8a79128ac4 Switch to using Rex::RandomIdentifier 2022-08-25 14:37:37 -04:00
Spencer McIntyre 2e8e15e338 Fail back to the old method using error handling 
Tested successfully on docker image tags:
  * Jenkins 1.565  (pushed 2015-11-14)
  * Jenkins 2.60.3 (pushed 2018-07-17)
Tested unsuccessfully on docker image tags:
  * Jenkins 2.346.3 (pushed 2022-08-10)
    Issue is that login is broken because the URI changed from
    j_acegi_security_check to j_spring_security_check.
 2022-08-25 14:06:47 -04:00
Christophe De La Fuente 1b5338da06 Land #16701, Rewrite of Cisco ASA Clientless VPN Brute-force 2022-08-25 16:04:48 +02:00
Grant Willcox 5a8484fa36 Fix bug introduced with recent changes whereby .first was called where it wasn't needed 2022-08-24 16:15:11 -05:00
Grant Willcox 998a3876a5 Rubocop modules 2022-08-24 15:43:10 -05:00
Spencer McIntyre 3c495770b8 Allow configuring a base_dn prefix 2022-08-24 15:13:16 -04:00
Grant Willcox dc7f602a58 Fix up library code and associated modules so that they always return consistent values and the modules process them appropriately 2022-08-24 13:37:03 -05:00
Grant Willcox 323f279093 Fix up more comments from the review sans some library changes I still need to work through 2022-08-24 11:56:14 -05:00
bcoles 8939d09efa post/windows/gather/memory_dump: Support dumping processes by name 2022-08-24 18:04:29 +10:00
Grant Willcox a249257c27 Remove extra debug statement 2022-08-23 21:00:07 -05:00
Grant Willcox 70e006c493 Initial updates from personal review, sans module adjustments 2022-08-23 20:48:15 -05:00
Christophe De La Fuente 158da155d3 Land #16898, Msf::Post::Windows::Accounts: Add domain_controller? method 2022-08-23 20:16:29 +02:00
Ron Bowes abd392c372 Add in changes from review 2022-08-23 11:44:03 -05:00
Ron Bowes 97f8ec9367 Documentation, output cleanup 2022-08-23 11:43:51 -05:00
Ron Bowes 24460efb77 Iniital import of working exploit 2022-08-23 11:43:51 -05:00
Christophe De La Fuente 847cd97927 Land #16925, Fix a payload bug in unrar_cve_2022_30333 2022-08-23 12:59:37 +02:00