adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41,886 Commits 27 Branches 1,043 Tags
f8a94de6710abe3042a26a9dca38dcccff2c93be
Commit Graph

1385 Commits

Author SHA1 Message Date
Pedro Ribeiro 870e8046b5 add sploits 2016-12-27 21:12:35 +00:00
joernchen of Phenoelit 679ebf31bd Minor fix to make dRuby great again 2016-12-23 15:12:22 +01:00
joernchen of Phenoelit d69acd116d Make dRuby great again 2016-12-22 15:37:16 +01:00
Tod Beardsley a4f681ae35 Add quoted hex encoding 2016-12-06 09:05:35 -06:00
Tod Beardsley d549c2793f Fix module filename to be TR-064 2016-12-02 08:49:21 -06:00
Tod Beardsley 9e4e9ae614 Add a reference to the TR-064 spec 2016-12-02 08:48:09 -06:00
Tod Beardsley ddac5600e3 Reference TR-064, not TR-069 2016-12-02 08:45:15 -06:00
William Vu 1d6ee7192a Land #7427, new options for nagios_xi_chained_rce 2016-11-30 17:11:02 -06:00
William Vu 3e8cdd1f36 Polish up USER_ID and API_TOKEN options 2016-11-30 17:10:52 -06:00
Tod Beardsley 43cd788350 Switch back to echo as cmdstager flavor 2016-11-30 10:18:09 -06:00
Tod Beardsley b75fbd454a Add missing peer in vprint_error 2016-11-30 07:59:41 -06:00
Tod Beardsley 657d52951b Linemax 63, switch to printf 2016-11-30 07:51:36 -06:00
Tod Beardsley 08b9684c1a Add a FORCE_EXPLOIT option for @FireFart 2016-11-29 16:37:13 -06:00
Tod Beardsley 57d156a5e2 Revert "XML encode the command passed" 
This reverts commit 9952c0ac6f.
 2016-11-29 16:24:26 -06:00
Tod Beardsley b7904fe0cc Oh silly delimiters and lack thereof 2016-11-29 15:53:05 -06:00
Tod Beardsley 9952c0ac6f XML encode the command passed 2016-11-29 15:49:55 -06:00
Tod Beardsley 851aae3f15 Oops, wrong module 
This reverts commit d55d2099c5.
 2016-11-29 15:15:18 -06:00
Tod Beardsley d55d2099c5 Just one platform thanks 2016-11-29 15:08:45 -06:00
Tod Beardsley 4d6b2dfb46 Use CmdStager instead 
Oh, and this is totally untested as of this commit.
 2016-11-29 15:03:38 -06:00
Tod Beardsley 8de17981c3 Get rid of the WiFi key stealer 2016-11-29 14:48:04 -06:00
Tod Beardsley 75bcf82a09 Never set DefaultPaylod, reverse target options 2016-11-29 14:43:10 -06:00
Tod Beardsley f55f578f8c Title, desc, authors, refs 2016-11-29 14:39:38 -06:00
Tod Beardsley d691b86443 First commit of Kenzo's original exploit 
This is a work in progress, and is merely the copy-paste
of the original PoC exploit from:

https://devicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/
 2016-11-29 09:13:52 -06:00
x2020 6f70323460 Minor misspelling mistakes and corrected the check of the mysqld process 2016-11-25 19:03:23 +00:00
x2020 1119dc4abe Targets set to automatic 
removed targets and set only automatic
the targets weren't used so there's no funcionallity loss
 2016-11-25 17:35:28 +00:00
Brent Cook 59f3c9e769 Land #7579, rename netfilter_priv_esc to rename netfilter_priv_esc_ipv4 2016-11-21 17:59:29 -06:00
Prateep Bandharangshi 8869ebfe9b Fix incorrect disclosure date for OpenNMS exploit 
Disclosure date was Nov 2015, not Nov 2014
 2016-11-21 16:44:36 +00:00
William Webb 6c6221445c Land #7543, Create exploit for CVE-2016-6563 / Dlink DIR HNAP Login 2016-11-21 09:59:50 -06:00
Brent Cook 005d34991b update architecture 2016-11-20 19:09:33 -06:00
Brent Cook f313389be4 Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch 2016-11-20 19:08:56 -06:00
x2020 acfd214195 Mysql privilege escalation 
Documentation, compiled binary and final implementation.
Completed the documentation, added the missing compiled binary and a
final and tested implementation of the module.
 2016-11-19 11:24:29 +00:00
h00die cfd31e32c6 renaming per @bwatters-r7 comment in #7491 2016-11-18 13:52:09 -05:00
wchen-r7 4596785217 Land #7450, PowerShellEmpire Arbitrary File Upload 2016-11-17 17:47:15 -06:00
Brendan 18bafaa2e7 Land #7531, Fix drb_remote_codeexec and create targets 2016-11-16 12:58:22 -06:00
Brent Cook b56b6a49ac Land #7328, Extend lsa_transname_heap exploit to MIPS 2016-11-15 07:37:19 -06:00
Jeffrey Martin c458d662ed report correct credential status as successful 2016-11-14 12:27:22 -06:00
Jeffrey Martin 4ae90cbbef Land #7191, Add exploit for CVE-2016-6267 - Trend Micro Smart Protection Server authenticated RCE. 2016-11-14 12:06:02 -06:00
Pedro Ribeiro 908713ce68 remove whitespace at end of module name 2016-11-14 08:35:34 +00:00
Pearce Barry 9eb9d612ca Minor typo fixups. 2016-11-11 16:54:16 -06:00
Pearce Barry 1dae206fde Land #7379, Linux Kernel BPF Priv Esc (CVE-2016-4557) 2016-11-11 16:50:20 -06:00
Pedro Ribeiro 50f578ba79 Add full disclosure link 2016-11-08 22:15:19 +00:00
Pedro Ribeiro 95bd950133 Point to proper link on github 2016-11-07 17:59:29 +00:00
Pedro Ribeiro f268c28415 Create dlink_hnap_login_bof.rb 2016-11-07 17:45:37 +00:00
William Vu da356e7d62 Remove Compat hash to allow more payloads 2016-11-04 13:57:05 -05:00
William Vu f0c89ffb56 Refactor module and use FileDropper 2016-11-04 13:57:05 -05:00
William Vu 6d7cf81429 Update references 2016-11-04 13:57:05 -05:00
William Vu 009d6a45aa Update description 2016-11-04 13:57:05 -05:00
William Vu bf7936adf5 Add instance_eval and syscall targets 2016-11-04 13:57:05 -05:00
Brendan dae1f26313 Land #7521, Modernize TLS protocol configuration for SMTP / SQL Server 2016-11-03 12:56:50 -05:00
William Vu eca4b73aab Land #7499, check method for pkexec exploit 2016-11-03 10:59:06 -05:00