adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
69,342 Commits 27 Branches 1,043 Tags
f2e5e77e2700a39bf447300e53bb52eeafdcbea3
Commit Graph

4089 Commits

Author SHA1 Message Date
bcoles e11aaa8027 modules/exploits/multi/local: Resolve Rubocop and msftidy_docs violations 2023-01-28 15:02:24 +11:00
ErikWynter 3c219c8a77 prevent .keys call on nil in log4shell_header_injection 2022-12-15 12:51:30 +02:00
Maik Ro 330cb2944b fix typo 
OptString.new('FILENAME', [true, 'The OpoenOffice Text document name', 'msf.odt']) -> OpoenOffice changed to OpenOffice
 2022-11-30 22:10:18 +01:00
Grant Willcox 8ca7550062 Land #17257, Adding exploit for ChurchInfo 1.2.13-1.3.0 RCE (CVE-2021-43258) 2022-11-18 19:27:10 -06:00
Grant Willcox 237eb904d4 Add in fixes for documentation examples and then update the code to fix some bugs 2022-11-18 18:30:07 -06:00
Grant Willcox 85a6770973 Add additional checks, a check method, and fix up some doc errors 2022-11-18 18:22:06 -06:00
m4lwhere b9ecdb3bc2 Use TARGETURI, registered cleanup, implment cookie_jar, and perform response checks and documentation 2022-11-18 18:21:27 -06:00
m4lwhere a33a313544 Adding exploit for ChurchInfo 1.3.0 2022-11-18 18:21:08 -06:00
Christophe De La Fuente d1a7170020 Land #17021, Gitea Git fetch RCE module - CVE-2022-30781 2022-11-17 12:28:29 +01:00
Christophe De La Fuente 11541a5774 Add comment for details about the string substitutions on Windows 2022-11-17 12:25:52 +01:00
krastanoel 1ddc137f1a Update module 
- adjust execute_command method and add logic for :win_dropper target
- move cmdstager uripath setting into target case statement
- add more cmdstagerflavour for :linux_dropper target
- fix lint msftidy
 2022-11-15 22:30:45 +07:00
krastanoel cbca2a5604 Update modules/exploits/multi/http/gitea_git_fetch_rce.rb 
apply suggestion

Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-11-15 22:17:59 +07:00
krastanoel 639afebe1e Update module 
- handle cleanup method on manual `check`
- adjust targets flavour option
- add :win_dropper target and handle the payload delivery
NOTE: the Windows dropper target is still unsuccessfull but keep this for further review
 2022-11-09 16:12:20 +07:00
krastanoel 13bb31feeb Update module 
- move repository migration to execute_command.
NOTE: the stageless payload is still unsuccessfull but keep this anyway for christophe to review.
 2022-11-09 04:52:18 +07:00
krastanoel bca5138fc8 Update module 
- move cleanup process to its own method and handle the response
- remove timeout and http delay option
- adjust target type location as code review suggestion
 2022-11-09 01:42:27 +07:00
krastanoel a50cca27e6 remove cookie_jar manipulation 2022-11-09 00:48:23 +07:00
krastanoel 52d867bbc7 follow Ruby coding convetions 
- combine gitea_version into get_gitea_version for the check method
- validate empty username
 2022-11-09 00:41:30 +07:00
krastanoel f0b67c8812 fix msftidy 2022-11-08 14:14:45 +07:00
krastanoel 540984804d Apply suggestions from code review 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-11-08 14:09:31 +07:00
Jack Heysel f61136dd6d Fixed powershell taget 2022-11-01 10:55:50 -05:00
jheysel-r7 757c0da639 Review updates 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2022-11-01 10:55:20 -05:00
Jack Heysel b31c0f6987 Added check method, refactored, updated docs 2022-11-01 10:54:27 -05:00
Jack Heysel a0babb354a Apache CouchDB Erlang module initial commit 2022-11-01 10:54:19 -05:00
Jack Heysel c4c2c7c0c1 Beta commit, injection working 2022-11-01 10:54:12 -05:00
Jack Heysel 9c5d82e00f Land #17147, add Vargrant Breakout module 
This PR adds a module that exploits a default
Vagrant shared folder to append a Ruby payload
to the Vagrant project Vagrantfile config file.
 2022-10-26 17:11:03 -04:00
bcoles 01fa2e1041 Add Vagrant Synced Folder Vagrantfile Breakout module 2022-10-26 17:33:44 +11:00
space-r7 7c64b0ba93 add option in documentation and add notes 2022-10-25 12:22:00 -05:00
r3nt0n 982cfb97c2 Refactor: check for THEME_DIR as ternary 
Suggested by @space-r7
 2022-10-25 17:38:30 +02:00
r3nt0n 08721ccf73 Adding THEME_DIR option to wp_crop_rce exploit 2022-10-20 16:37:21 +02:00
Matthew Dunn 1e50ba3415 Move to Hashes module, address requested changes 
Fix rubocop

Move identify to hashes module up one layer, use full reference to identify_hash instead of full include

Fix SMTP require

Remove hashes require statement

Remove hashes require statement

Remove hashes require statement

Remove hashes require statement

Address remaining requested changes, reference constants directly

Add all the missing direct references

Co-Authored-By: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2022-10-17 17:28:31 -04:00
Matthew Dunn 8b5223f53b Modularize Identify, Update referenced use cases 
Modularize Identity.rb

Include new module style Identify

Update juniper.rb

Fix inadvertent change

Add new module to identify spec

Put the require back

Put back require line for juniper
 2022-10-17 17:28:30 -04:00
adfoster-r7 46910b9390 Land #17105, set keep_cookies value to boolean true instead of string true 2022-10-05 11:37:37 +01:00
h00die 06aefb630a string true to bool true 2022-10-03 19:50:04 -04:00
h00die fffc080286 use vars_form_data 2022-10-03 14:43:12 -04:00
krastanoel bd15798be7 support windows platform 2022-10-03 19:57:09 +07:00
h00die c6e18ee469 cve-2022-1329 2022-10-02 15:59:58 -04:00
bcoles 5f92d9418d Modules: Fix Stability/SideEffects/Reliability notes for several modules 2022-10-01 17:54:59 +10:00
bwatters 76c6632305 Land #16673, qdPM 9.1 - Authenticated Remote Code Execution (CVE-2020-7246) 
Merge branch 'land-16673' into upstream-master
 2022-09-29 09:46:27 -05:00
adfoster-r7 a05606ff33 Fix beagent sha auth linting 2022-09-27 16:23:05 +01:00
Jack Heysel 2b5e85cd27 Land #17012, Veritas Backup Agent RCE 
This module exploits a chain of the vulnerabilities CVE-2021-27876,
CVE-2021-27877 and CVE-2021-27878 in Veritas Backup Exec Agent which
leads to remote code execution with privileges of system or root user
 2022-09-23 12:31:46 -04:00
c0rs 425d58dd15 fix check methos output in Veritas BE rce 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2022-09-23 09:46:52 +03:00
c0rs 04c897dbeb Fix description info Veritas BE RCE 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2022-09-23 09:45:18 +03:00
c0rs a8210bfe70 add autocheck to veritas BE RCE 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2022-09-23 09:44:39 +03:00
alex 27744edbb3 Fix dwelch-r7 comments: use fail_with and change return value in tls_enabling 2022-09-15 20:13:25 +03:00
c0rs aa87ce7018 Fix option names 2022-09-15 19:02:25 +03:00
c0rs 0216735a83 Fix option name and description 
Co-authored-by: dwelch-r7 <Dean_Welch@rapid7.com>
 2022-09-15 18:58:32 +03:00
Spencer McIntyre 0fd3a82126 Land #17014, Increase timeout for laravel check 
Increase timeout for laravel rce check method
 2022-09-15 11:41:07 -04:00
adfoster-r7 c39b437f01 Increase timeout for laravel rce check method 2022-09-13 22:36:53 +01:00
Spencer McIntyre 0dcfe72614 Use the standard Linux stager 2022-09-13 16:10:48 -04:00
c0rs 9445731b7e Change author mail 2022-09-13 22:50:00 +03:00