adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
69,342 Commits 27 Branches 1,043 Tags
f2e5e77e2700a39bf447300e53bb52eeafdcbea3
Commit Graph

2548 Commits

Author SHA1 Message Date
ErikWynter 3c219c8a77 prevent .keys call on nil in log4shell_header_injection 2022-12-15 12:51:30 +02:00
Grant Willcox 8ca7550062 Land #17257, Adding exploit for ChurchInfo 1.2.13-1.3.0 RCE (CVE-2021-43258) 2022-11-18 19:27:10 -06:00
Grant Willcox 237eb904d4 Add in fixes for documentation examples and then update the code to fix some bugs 2022-11-18 18:30:07 -06:00
Grant Willcox 85a6770973 Add additional checks, a check method, and fix up some doc errors 2022-11-18 18:22:06 -06:00
m4lwhere b9ecdb3bc2 Use TARGETURI, registered cleanup, implment cookie_jar, and perform response checks and documentation 2022-11-18 18:21:27 -06:00
m4lwhere a33a313544 Adding exploit for ChurchInfo 1.3.0 2022-11-18 18:21:08 -06:00
Christophe De La Fuente d1a7170020 Land #17021, Gitea Git fetch RCE module - CVE-2022-30781 2022-11-17 12:28:29 +01:00
Christophe De La Fuente 11541a5774 Add comment for details about the string substitutions on Windows 2022-11-17 12:25:52 +01:00
krastanoel 1ddc137f1a Update module 
- adjust execute_command method and add logic for :win_dropper target
- move cmdstager uripath setting into target case statement
- add more cmdstagerflavour for :linux_dropper target
- fix lint msftidy
 2022-11-15 22:30:45 +07:00
krastanoel cbca2a5604 Update modules/exploits/multi/http/gitea_git_fetch_rce.rb 
apply suggestion

Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-11-15 22:17:59 +07:00
krastanoel 639afebe1e Update module 
- handle cleanup method on manual `check`
- adjust targets flavour option
- add :win_dropper target and handle the payload delivery
NOTE: the Windows dropper target is still unsuccessfull but keep this for further review
 2022-11-09 16:12:20 +07:00
krastanoel 13bb31feeb Update module 
- move repository migration to execute_command.
NOTE: the stageless payload is still unsuccessfull but keep this anyway for christophe to review.
 2022-11-09 04:52:18 +07:00
krastanoel bca5138fc8 Update module 
- move cleanup process to its own method and handle the response
- remove timeout and http delay option
- adjust target type location as code review suggestion
 2022-11-09 01:42:27 +07:00
krastanoel a50cca27e6 remove cookie_jar manipulation 2022-11-09 00:48:23 +07:00
krastanoel 52d867bbc7 follow Ruby coding convetions 
- combine gitea_version into get_gitea_version for the check method
- validate empty username
 2022-11-09 00:41:30 +07:00
krastanoel f0b67c8812 fix msftidy 2022-11-08 14:14:45 +07:00
krastanoel 540984804d Apply suggestions from code review 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-11-08 14:09:31 +07:00
Jack Heysel f61136dd6d Fixed powershell taget 2022-11-01 10:55:50 -05:00
jheysel-r7 757c0da639 Review updates 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2022-11-01 10:55:20 -05:00
Jack Heysel b31c0f6987 Added check method, refactored, updated docs 2022-11-01 10:54:27 -05:00
Jack Heysel a0babb354a Apache CouchDB Erlang module initial commit 2022-11-01 10:54:19 -05:00
Jack Heysel c4c2c7c0c1 Beta commit, injection working 2022-11-01 10:54:12 -05:00
space-r7 7c64b0ba93 add option in documentation and add notes 2022-10-25 12:22:00 -05:00
r3nt0n 982cfb97c2 Refactor: check for THEME_DIR as ternary 
Suggested by @space-r7
 2022-10-25 17:38:30 +02:00
r3nt0n 08721ccf73 Adding THEME_DIR option to wp_crop_rce exploit 2022-10-20 16:37:21 +02:00
Matthew Dunn 1e50ba3415 Move to Hashes module, address requested changes 
Fix rubocop

Move identify to hashes module up one layer, use full reference to identify_hash instead of full include

Fix SMTP require

Remove hashes require statement

Remove hashes require statement

Remove hashes require statement

Remove hashes require statement

Address remaining requested changes, reference constants directly

Add all the missing direct references

Co-Authored-By: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2022-10-17 17:28:31 -04:00
Matthew Dunn 8b5223f53b Modularize Identify, Update referenced use cases 
Modularize Identity.rb

Include new module style Identify

Update juniper.rb

Fix inadvertent change

Add new module to identify spec

Put the require back

Put back require line for juniper
 2022-10-17 17:28:30 -04:00
adfoster-r7 46910b9390 Land #17105, set keep_cookies value to boolean true instead of string true 2022-10-05 11:37:37 +01:00
h00die 06aefb630a string true to bool true 2022-10-03 19:50:04 -04:00
h00die fffc080286 use vars_form_data 2022-10-03 14:43:12 -04:00
krastanoel bd15798be7 support windows platform 2022-10-03 19:57:09 +07:00
h00die c6e18ee469 cve-2022-1329 2022-10-02 15:59:58 -04:00
bcoles 5f92d9418d Modules: Fix Stability/SideEffects/Reliability notes for several modules 2022-10-01 17:54:59 +10:00
bwatters 76c6632305 Land #16673, qdPM 9.1 - Authenticated Remote Code Execution (CVE-2020-7246) 
Merge branch 'land-16673' into upstream-master
 2022-09-29 09:46:27 -05:00
Spencer McIntyre 0dcfe72614 Use the standard Linux stager 2022-09-13 16:10:48 -04:00
Spencer McIntyre 5e04ece15b Support newer versions of Jenkins 
This retains backwards compatibility
 2022-09-13 15:08:23 -04:00
space-r7 fb28f81700 Land #16750, update jenkins_script_console 2022-08-31 16:59:33 -05:00
Spencer McIntyre 324fb69735 Resolve rubocop issues 2022-08-25 14:41:30 -04:00
Spencer McIntyre 8a79128ac4 Switch to using Rex::RandomIdentifier 2022-08-25 14:37:37 -04:00
Spencer McIntyre 2e8e15e338 Fail back to the old method using error handling 
Tested successfully on docker image tags:
  * Jenkins 1.565  (pushed 2015-11-14)
  * Jenkins 2.60.3 (pushed 2018-07-17)
Tested unsuccessfully on docker image tags:
  * Jenkins 2.346.3 (pushed 2022-08-10)
    Issue is that login is broken because the URI changed from
    j_acegi_security_check to j_spring_security_check.
 2022-08-25 14:06:47 -04:00
Giacomo Casoni 76f6eda5a9 Using FileDropper Mixin 2022-07-27 19:32:50 +02:00
space-r7 ccef129807 Land #16727, set tftphost option 2022-07-12 15:29:42 -05:00
Bojan Zdrnja 3d13dab11e Update jenkins_script_console.rb 2022-07-06 19:08:38 +02:00
Bojan Zdrnja 5db741550b Update jenkins_script_console.rb 
Modern Java disabled the sun.misc.BASE64Decoder class so exploit will fail on any newer version of Jenkins.
The java.util.Base64 class should be used now; the change has been confirmed to work with the latest version of Jenkins (the current exploit silently fails).
 2022-07-06 15:16:01 +02:00
kalba-security 17f82a900e linting for confluence_widget_connecter and add catch for all scenarios where clear_response returns nil 2022-07-01 08:43:47 -04:00
kalba-security f6b6ad4bf1 prevent confluence_widget_connector from crashing when the response body in get_java_property is empty 2022-07-01 07:37:54 -04:00
Spencer McIntyre 1b7d8f1e74 Fix a whitespace issue, restore option naming 2022-06-29 12:24:29 -04:00
bcoles bbbec267b6 exploits: Set tftphost option for modules which use Windows TFTP stager 2022-06-29 19:10:52 +10:00
Erik Schweiss 695e1243b8 Update modules/exploits/multi/http/phpmailer_arg_injection.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-06-28 23:08:20 -10:00
Erik 836970e1ae Update phpmailer_arg_injection.rb 
fixed typo
 2022-06-23 13:45:42 -10:00