adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
56,099 Commits 27 Branches 1,043 Tags
f2752eab00a4bfa024659b625f75504b8353fc36
Commit Graph

1473 Commits

Author SHA1 Message Date
William Vu 823c29a127 Update post-RuboCop style in my recent modules 
Mostly 80 columns (yeah, I know) and additional whitespace to complement
the lack of alignment.
 2020-04-22 10:52:00 -05:00
William Vu c5df5355ac Update my module documentation to the new standard 
Also update CheckModule to match current style and best practices.
 2020-04-20 20:06:52 -05:00
Alan Foster f2c3fc5f00 Rubocop recently landed modules 2020-04-17 11:55:04 +01:00
gwillcox-r7 d759fbaed3 Land #13259, Miscellaneous fixes for @wvu's modules and documentation 2020-04-16 22:10:10 -05:00
William Vu 966194d2b7 Remove tested admin password from default PASSWORD 2020-04-16 21:45:44 -05:00
bwatters-r7 b5df7e8147 Land #13102, Add UnRAID 6.8.0 Authentication bypass to RCE 
Merge branch 'land-13102' into upstream-master
 2020-04-16 17:18:55 -05:00
bwatters-r7 f0f403b48e Automated Rubocop fixes 2020-04-16 17:17:02 -05:00
William Vu cd9e5260f7 Note post-auth requirements in Nexus exploit 2020-04-15 20:25:05 -05:00
William Vu 4401e3654f Merge remote-tracking branch 'upstream/master' into bug/misc 
So we can grab the Nexus files from master.
 2020-04-15 20:24:44 -05:00
William Vu 0684966dcb Make better comments for the comment god 2020-04-15 18:24:28 -05:00
William Vu b7501c1f0c Add my standard print for CmdStager 
And comment some methods used by it.
 2020-04-15 18:06:48 -05:00
William Vu 6db312636d Add Nexus Repository Manager Java EL Injection RCE 2020-04-15 15:49:33 -05:00
William Vu 66d5f51e51 Remove Nexus content from this branch 
So the remaining changes can be PR'd separately.
 2020-04-15 15:48:09 -05:00
William Vu e8840563be Comment comments 2020-04-15 15:47:51 -05:00
William Vu 65d338d00e Note tested version in module 2020-04-15 15:47:51 -05:00
William Vu 5a91a1e54f Remove res.code == 200 check again 
It really isn't necessary when we're looking for just the header.
 2020-04-15 15:47:51 -05:00
William Vu 7dd3be507f Add wget CmdStager 2020-04-15 15:47:51 -05:00
William Vu e248e2ed43 Consolidate CmdStager flavors to symbols 
As per the API. Strings are fine, but they're supposed to be symbols.
 2020-04-15 15:47:51 -05:00
William Vu 99336f6bd3 Add ARTIFACTS_ON_DISK, since it uses CmdStager 
Whoops, forgot this when I changed it from ARCH_CMD.
 2020-04-15 15:47:51 -05:00
William Vu d9aa80268d Rearrange methods a bit 2020-04-15 15:47:50 -05:00
William Vu e6c42448b2 Add res.code check to match prior commit 2020-04-15 15:47:50 -05:00
William Vu df992bf94b Note compromised user less specifically 
This is just what was configured in the Docker container.
 2020-04-15 15:47:50 -05:00
William Vu ae4af1a4f0 Format Java EL expression nicely 2020-04-15 15:47:50 -05:00
William Vu baae9db092 Fix some more things 2020-04-15 15:47:50 -05:00
William Vu 6275b16b04 Fix some things 2020-04-15 15:47:50 -05:00
wvu-r7 1ce6c310ba Escape double quotes in EL payload 2020-04-15 15:47:50 -05:00
wvu-r7 143d8463ec Prefer include? for NXSESSIONID= 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2020-04-15 15:47:50 -05:00
William Vu 45263b8aa5 Add Nexus Repository Manager Java EL Injection RCE 2020-04-15 15:47:50 -05:00
gwillcox-r7 0858178c09 Add cleanup support and update description 2020-04-14 13:27:25 -05:00
gwillcox-r7 c151b93ba4 Fix up clarity and spelling issues in module and documentation 2020-04-13 16:28:39 -05:00
Mehmet İnce b7a1fbdde2 Fixed documentation and login method 2020-04-13 18:55:56 +03:00
Mehmet İnce 706a395bc0 Fixed 2nd round of suggested changes 2020-04-13 11:22:02 +03:00
Mehmet İnce d906c3dc77 Fixed reviews suggestions 2020-04-11 14:38:19 +03:00
Mehmet İnce eb7d2f821d Adding CVE number 
Signed-off-by: Mehmet İnce <mehmet@mehmetince.net>
 2020-04-11 12:22:17 +03:00
Mehmet İnce 5d04c2b4a5 Adding documentation and module description 
Signed-off-by: Mehmet İnce <mehmet@mehmetince.net>
 2020-04-11 12:22:17 +03:00
Mehmet İnce 7c2f65da36 Adding vestacp exec 
Signed-off-by: Mehmet İnce <mehmet@mehmetince.net>
 2020-04-11 12:22:17 +03:00
Shelby Pace 7934d1de09 Land #13098, add Pandora FMS module 2020-04-06 11:42:24 -05:00
Shelby Pace a3c07b7cc1 use nospace opt, fix regex, iterate id_agente 2020-04-06 11:34:13 -05:00
Shelby Pace 5f0c9942d2 Land #12756, add dlink dwl2600 exploit 2020-03-27 12:38:35 -05:00
Shelby Pace 8aa4d7a944 remove mixins, add CVE 2020-03-27 12:37:40 -05:00
Nicholas Starke bb21c8f6d8 Finishing Touches on DLINK DWL 2600 Module 
These last finishing touches complete the DLINK DWL 2600 Module.  The
fixes include making renaming token to @token and adding the noconcat
CmdStager option.
 2020-03-26 20:13:55 -05:00
Shelby Pace dc9e215318 remove unused code / add option 2020-03-26 16:05:56 -05:00
Shelby Pace f191eb00c9 add command stager 2020-03-26 16:05:56 -05:00
Onur ER 9954fae7ff Update pandora_ping_cmd_exec.rb 2020-03-23 21:44:33 +03:00
Onur ER b1fb946533 Update modules/exploits/linux/http/pandora_ping_cmd_exec.rb 
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-03-23 17:29:23 +03:00
Onur ER 8ba7b05eb7 Update modules/exploits/linux/http/pandora_ping_cmd_exec.rb 
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-03-23 17:27:00 +03:00
Nicolas Chatelain 98fdcedf40 Apply suggestions from space-r7 code review 
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-03-23 14:08:12 +01:00
Nicolas Chatelain 88ea6b527a Apply suggestions from code review 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2020-03-23 09:48:00 +01:00
Nicolas Chatelain 4e81b7b969 Fix indent 2020-03-21 16:12:23 +01:00
Nicolas Chatelain 58780c6db9 Update Unraid 6.8.0 exploit module 
- Changed exploit name
- Set Privileged to true
- Better error handling
- Typo fixes
 2020-03-21 11:44:35 +01:00