adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
68,322 Commits 27 Branches 1,043 Tags
fa7d677d452eda59cd712d840e2eee44d22f3af9
Commit Graph

2830 Commits

Author SHA1 Message Date
Spencer McIntyre 7aa62bfecd Land #17071, Add in new LDAP queries 
Add in new LDAP queries to help with various attack paths
 2022-10-24 09:18:41 -04:00
Spencer McIntyre 4bc98c6cc5 Fix a YAML syntax issue 2022-10-24 09:18:10 -04:00
Grant Willcox 01e4701bef Reorder queries alphabetically and fix up errors identified during review 2022-10-21 11:18:23 -05:00
space-r7 a9c3c61aa3 Land #17050, make osx payload fileless 2022-10-20 14:13:32 -05:00
space-r7 5910afadd9 add new binary 2022-10-20 13:47:54 -05:00
adfoster-r7 6a682f4fe6 Land #16982, Update Dell iDRAC login scanner to work with v8 and v9 2022-10-14 01:40:35 +01:00
Grant Willcox abd8ad1d7d Restore ADCS certificate template gathering option and add in some new fields that should prove to be useful 2022-10-07 12:47:19 -05:00
Grant Willcox 33dc2f1109 Add in DNS zone enumeration option 2022-10-07 12:47:12 -05:00
Grant Willcox bbf8017570 Add in references for the various queries 2022-10-07 12:47:10 -05:00
Grant Willcox e7fbda96e3 Add in new LDAP queries to help with various attack paths 2022-10-07 12:47:10 -05:00
h00die c6e18ee469 cve-2022-1329 2022-10-02 15:59:58 -04:00
bwatters c17c78bc0f Land #16995, Add TrustedSec's COFFLoader as Meterpreter Extension 
Merge branch 'land-16995' into upstream-master
 2022-09-30 14:14:39 -05:00
bwatters e27dbd2787 Land #16794,Add exploit for CVE-2022-34918 
Merge branch 'land-16794' into upstream-master
 2022-09-27 16:37:52 -05:00
h00die 0bcdc3fadb idrac login updates 2022-09-20 16:20:24 -04:00
Spencer McIntyre 37d3c296ad Add compiler support when mingw is available 2022-09-15 16:06:25 -04:00
Grant Willcox a41ec9388f Land #16725, Add ManageEngine ADAudit Plus and DataSecurity Plus Xnode enum modules, docs and mixin (CVE-2020–11532) 2022-09-01 08:46:36 -05:00
Grant Willcox 9dcbf55ea8 Update ldap_query logic to handle binary data 2022-08-29 15:34:18 -05:00
Spencer McIntyre ae5a9bd41b Land #16734, Add rtf support to cve-2022-30190 
Add rtf support to cve-2022-30190 AKA Follina
 2022-08-25 17:26:46 -04:00
Grant Willcox 109065e7c7 Fix up LDAP query syntax for some queries 2022-08-24 16:59:13 -05:00
Spencer McIntyre e03f479659 Add a couple of ADCS related queries 2022-08-24 15:13:19 -04:00
Spencer McIntyre 3c495770b8 Allow configuring a base_dn prefix 2022-08-24 15:13:16 -04:00
Grant Willcox 97bce45e69 Land #16915, Add exploit for CVE-2022-23277 (Exchange RCE) 2022-08-19 11:11:46 -05:00
Spencer McIntyre 62ab42b797 Update vulnerable version numbers and docs 2022-08-17 08:55:46 -04:00
bcoles e6d4a80e0f data: powershell: msflag.ps1: Remove "from Metasploit" from flag message 2022-08-12 17:30:40 +10:00
bcoles 4d4f7b8c55 mv scripts/ps/msflag.ps1 data/post/powershell/msflag.ps1 2022-08-08 18:00:36 +10:00
ErikWynter d6dabd4bfb additional code review improvements for xnode auxiliary modules/lib/docs 2022-07-28 15:12:00 +03:00
Redouane NIBOUCHA 78dae84871 Updates to the C source code (execl instead of execve, removal of some old comments) 2022-07-25 22:18:47 +02:00
Grant Willcox 14e3c694ff Fix default LDAP query descriptions due to some typos 2022-07-22 12:13:14 -05:00
Redouane NIBOUCHA 37f1fdd47b Add module docs, add Ubuntu 22.04 offsets, update check method 2022-07-22 03:30:03 +02:00
Redouane NIBOUCHA 73db035e57 Add more offsets to the exploit, clean up the exploit C source, add check method 2022-07-21 01:22:20 +02:00
Redouane NIBOUCHA fe2e413426 Add exploit for CVE-2022-34918 2022-07-20 13:51:22 +02:00
Spencer McIntyre 25f50e607c Reduce code, be more permissive 
This makes a few changes that should enable the module to function
better should it be dropped into a fresh MSF installation on its own.
 2022-07-15 16:29:17 -05:00
Grant Willcox c5f2507ee0 Fix up usage of the word columns where attributes was more appropriate. Also update the multi query logic to match new data format as it was broken before as a result of changes to file format. Finally remove extra parameters that are no longer needed. 2022-07-15 16:28:43 -05:00
Grant Willcox 8c236e789e Rename files to follow proper format. Add in documentation for examples. Then update code so we use Msf::Config.get_config_root to store the config file that we parse to get the actions outside of a Git tracked location. We will still use the default file to populate this non-git tracked location if its not already populated though. 2022-07-15 16:28:43 -05:00
Grant Willcox 3c56e272a1 Remove default actions and move them to default.yaml, then update code accordingly. Also update the initialization code so it will now load the possible actions dynamically from default.yaml. 2022-07-15 16:28:37 -05:00
bwatters ef9f5ca463 Add rtf support to cve-2022-30190 AKA Follina 2022-06-30 17:30:06 -05:00
kalba-security ba83b1bdf5 add manageengine adaudit plus and datasecurity plus xnode enum modles and manageengine_xnode lib 2022-06-10 10:32:25 -04:00
bwatters c751ef46c9 Land #16635, Add 0-day MSWord RCE #Follina CVE-2022-30190 
Merge branch 'land-16635' into upstream-master
 2022-06-06 14:41:31 -05:00
RAMELLA Sébastien 97921b4ed9 fix chmod 644 2022-05-30 22:11:35 +04:00
RAMELLA Sébastien dfc226cf5f add. Supposed 0day MSWord RCE 2022-05-30 21:23:18 +04:00
ssst0n3 246a3604b8 set the org to be 0x400000 2022-05-13 10:50:19 +08:00
bwatters 934f193dc0 Land #16484, Add vcenter_forge_saml_token aux module 
Merge branch 'land-16484' into upstream-master
 2022-05-12 17:36:20 -05:00
npm-cesium137-io 7190a967ce Refactor MKII vcenter_forge_saml_token 2022-04-25 11:44:39 -04:00
npm-cesium137-io 3e07b8c99b Refactor MKI vcenter_forge_saml_token.rb 
Extensive refactoring to move away from directly manipulating datastore
options and use local variables instead.

The initial template generation method has been redesigned to use an
external file via Erubi::Engine which is much cleaner vs. jamming a
multiline string into the module.

Response HTML from vCenter is now parsed with Nokogiri HTML vs. pulling
it out with regex.

Registered options have been reworked, following suggestions and
feedback. The use of VHOST in particular eliminates the need to pass
RHOSTS to the template and makes the module behave more closely to "real"
vCenter (i.e., always uses FQDN for the destination).

Added advanced datastore options to control the token lifetime
NOT_BEFORE and NOT_AFTER skew, in seconds. This also uncovered a bug with
the way I was deriving Zulu time which skewed based on the local system
time zone offset from Zulu; this has been fixed.

Corrected a stupid typo in the validate_fqdn method (don't need to check
for capital letters if the test string is always downcase...)

validate_idp_options now uses File.binread and can process certs in keys
in DER or PEM instead of just PEM.

Code optimization, particularly around error handling; other minor
tweaks based on improved understanding of the Framework's capabilities.

Many style changes and modifications based on suggestions and feedback.

Documentation was updated to reflect reality.
 2022-04-23 19:42:24 -04:00
Grant Willcox e2c6c36b2b Land #1642, Add module for cve-2022-0995 2022-04-21 09:12:47 -05:00
bwatters 26f9175816 Update c source with argc check and CRASH notes for module 2022-04-20 17:37:48 -05:00
space-r7 54f8d44639 add osx binary 2022-04-18 09:42:40 -05:00
bwatters 96d86944da Added precompiled binary and option to strip output, fixed comment-strip bug 2022-04-07 17:09:35 -05:00
Spencer McIntyre 5de966cfb1 Land #16382, CVE-2022-26904 SuperProfile LPE 2022-04-07 12:52:39 -04:00
Grant Willcox 9e2d7f655b Update data to fix more things found during review process 2022-04-05 12:48:11 -05:00