adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
56,099 Commits 27 Branches 1,043 Tags
f2752eab00a4bfa024659b625f75504b8353fc36
Commit Graph

28537 Commits

Author SHA1 Message Date
Tim W f2752eab00 add win32k revision check to check method 2020-05-04 15:04:43 +08:00
Tim W bcf9449b29 add basic check method 2020-05-01 19:02:21 +08:00
Tim W 8e9a162b1b fix 2020-04-30 18:05:00 +08:00
Tim W ea22e34b9c fix description 2020-04-30 17:51:28 +08:00
Tim W 3ca0472b18 fix payload size 2020-04-30 17:47:41 +08:00
Tim W 109f0a01f7 add windows 7 sp1 scenario 2020-04-30 17:19:54 +08:00
Tim W ff0704b316 code review from grant <3 2020-04-30 17:19:54 +08:00
Tim W 5ed871a110 CVE-2019-0808 2020-04-30 17:19:46 +08:00
William Vu 2465cf022d Land #13321, Windows/unknown-friendly GatherProof 2020-04-28 01:40:12 -05:00
William Vu e5857d5544 Comments for the comment god 2020-04-27 20:58:39 -05:00
William Vu 3e9f7d5f0a Comment the absolute path prepended to traversal 2020-04-27 20:57:02 -05:00
William Vu f18ec9929b Remove directory traversal prefix altogether 2020-04-27 20:23:29 -05:00
William Vu 1318faa992 Clarify the quote is from the vendor's advisory 2020-04-27 16:53:34 -05:00
William Vu cefeb9ffde Randomize dir in desktopcentral_deserialization 
Also apply RuboCop.
 2020-04-27 16:13:22 -05:00
Christophe De La Fuente af239303d2 Land #13257, .NET Deserialization Library Improvements 2020-04-27 13:05:38 +02:00
gwillcox-r7 c5136b056a Land #13100, Add MeterpreterDebugLevel support and fixes to OSX stager 2020-04-25 15:38:18 -05:00
gwillcox-r7 9799ec3e44 Land #13330, Update meterpreter payloads to 1.4.1 2020-04-25 14:38:52 -05:00
gwillcox-r7 1bec0a9c19 Land #13291, Update outdated example_linux_priv_esc.rb code 2020-04-24 23:07:38 -05:00
Brent Cook bee800034b Update cached payload sizes 2020-04-24 12:02:45 -05:00
Shelby Pace 640eb77403 Land #13260, add docker wincred module 2020-04-24 10:02:38 -05:00
Shelby Pace df8d6b7af1 add check for vulnerable path 2020-04-24 09:56:42 -05:00
gwillcox-r7 8265759c13 Land #13319, Updates to f5 mgmt module docs and module docs template 2020-04-24 09:08:38 -05:00
h00die 46d76fa4f0 fix review comments 2020-04-24 06:42:49 -04:00
Tim W 5234d6067c add MeterpreterDebugLevel option for osx meterpreter 2020-04-24 15:13:57 +08:00
h00die 81fab8900e ssh windows and warning 2020-04-23 17:31:50 -04:00
h00die 5dd67af6f1 flip gatherpoof 2020-04-23 05:52:05 -04:00
gwillcox-r7 c264d83fba Land #13253, Add VMware vCenter Server vmdir Information Disclosure and Authentication Bypass 2020-04-22 21:50:26 -05:00
William Vu 00b28da98c Move username and password check to top of run 
Check the options first, since they're unrequired. Missed this.
 2020-04-22 20:36:27 -05:00
bwatters-r7 c7670c6594 Land #11967, Add screenshare post module for mouse and keyboard input 
Merge branch 'land-11967' into upstream-master
 2020-04-22 19:37:09 -05:00
bwatters-r7 1c757f90db bcoles suggestions 2020-04-22 18:08:58 -05:00
William Vu ef68c66d31 Persist base_dn value, since the code is stable 
I wasn't sure before. We should be able to rely on @base_dn doing the
right thing now. There is no need to check the value every time.

Practically, I think the base DN will always be dc=vsphere,dc=local.
 2020-04-22 17:38:12 -05:00
William Vu 0c0de73afa Reformat post-RuboCop code, mostly to 80 columns 
Now with more horizontal space!
 2020-04-22 17:38:12 -05:00
William Vu 0dc6ac7133 RuboCop for the RuboCop gods 2020-04-22 17:38:12 -05:00
William Vu 6b44f896b7 Fix it again 
I think this is what I was going for.
 2020-04-22 17:38:12 -05:00
William Vu df5e673cf5 Fix typo 2020-04-22 17:38:12 -05:00
wvu-r7 00949ccfe5 Prefer safe navigation operator with inline block 
Makes the expression a little simpler.

Co-Authored-By: bcoles <bcoles@gmail.com>
 2020-04-22 17:38:12 -05:00
William Vu b810f44fde Remove ill-fated VMware advice 2020-04-22 17:38:12 -05:00
William Vu 2dccfdd864 Reduce false positives when testing any LDAP 2020-04-22 17:38:12 -05:00
William Vu d466f269c3 Dump password and lockout policy from LDAP data 2020-04-22 17:38:12 -05:00
William Vu 676ab353ff Rename aux/gather/vmware_vcenter_vmdir{,_ldap} 2020-04-22 17:38:12 -05:00
William Vu 0bacda8117 Use auxiliary/gather/vmware_vcenter_vmdir as check 2020-04-22 17:38:12 -05:00
William Vu 4fadbfb48e Update auxiliary/gather/vmware_vcenter_vmdir 
It should return CheckCodes now and the base DN when vulnerable.
 2020-04-22 17:38:12 -05:00
William Vu 9d59be8dc6 Add auxiliary/gather/vmware_vcenter_vmdir again 2020-04-22 17:38:11 -05:00
William Vu 9633f5daf4 Exploit an LDAP auth bypass to add an admin user 
Thanks to JJ Lehmann and Ofri Ziv of Guardicore Labs for their work.

https://www.guardicore.com/2020/04/pwning-vmware-vcenter-cve-2020-3952/
 2020-04-22 17:38:11 -05:00
William Vu 8b74fd6605 Move discover_base_dn method to mixin 2020-04-22 17:38:11 -05:00
William Vu 88fcf4b9a2 Add and use new LDAP mixin 2020-04-22 17:38:11 -05:00
William Vu 852ba1d36d Add VMware vCenter vmdir info disclosure module 2020-04-22 17:38:11 -05:00
gwillcox-r7 546333b227 Land #13252, UUID support for OSX x64 reverse_tcp stager 2020-04-22 16:36:10 -05:00
gwillcox-r7 0bd3847cf4 Quick patch to fix the RequiresMidstager values as OSX doesn't use them 2020-04-22 16:34:01 -05:00
William Vu 823c29a127 Update post-RuboCop style in my recent modules 
Mostly 80 columns (yeah, I know) and additional whitespace to complement
the lack of alignment.
 2020-04-22 10:52:00 -05:00