adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
68,322 Commits 27 Branches 1,043 Tags
fa7d677d452eda59cd712d840e2eee44d22f3af9
Commit Graph

4064 Commits

Author SHA1 Message Date
Jack Heysel 9c5d82e00f Land #17147, add Vargrant Breakout module 
This PR adds a module that exploits a default
Vagrant shared folder to append a Ruby payload
to the Vagrant project Vagrantfile config file.
 2022-10-26 17:11:03 -04:00
bcoles 01fa2e1041 Add Vagrant Synced Folder Vagrantfile Breakout module 2022-10-26 17:33:44 +11:00
space-r7 7c64b0ba93 add option in documentation and add notes 2022-10-25 12:22:00 -05:00
r3nt0n 982cfb97c2 Refactor: check for THEME_DIR as ternary 
Suggested by @space-r7
 2022-10-25 17:38:30 +02:00
r3nt0n 08721ccf73 Adding THEME_DIR option to wp_crop_rce exploit 2022-10-20 16:37:21 +02:00
Matthew Dunn 1e50ba3415 Move to Hashes module, address requested changes 
Fix rubocop

Move identify to hashes module up one layer, use full reference to identify_hash instead of full include

Fix SMTP require

Remove hashes require statement

Remove hashes require statement

Remove hashes require statement

Remove hashes require statement

Address remaining requested changes, reference constants directly

Add all the missing direct references

Co-Authored-By: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2022-10-17 17:28:31 -04:00
Matthew Dunn 8b5223f53b Modularize Identify, Update referenced use cases 
Modularize Identity.rb

Include new module style Identify

Update juniper.rb

Fix inadvertent change

Add new module to identify spec

Put the require back

Put back require line for juniper
 2022-10-17 17:28:30 -04:00
adfoster-r7 46910b9390 Land #17105, set keep_cookies value to boolean true instead of string true 2022-10-05 11:37:37 +01:00
h00die 06aefb630a string true to bool true 2022-10-03 19:50:04 -04:00
h00die fffc080286 use vars_form_data 2022-10-03 14:43:12 -04:00
h00die c6e18ee469 cve-2022-1329 2022-10-02 15:59:58 -04:00
bcoles 5f92d9418d Modules: Fix Stability/SideEffects/Reliability notes for several modules 2022-10-01 17:54:59 +10:00
bwatters 76c6632305 Land #16673, qdPM 9.1 - Authenticated Remote Code Execution (CVE-2020-7246) 
Merge branch 'land-16673' into upstream-master
 2022-09-29 09:46:27 -05:00
adfoster-r7 a05606ff33 Fix beagent sha auth linting 2022-09-27 16:23:05 +01:00
Jack Heysel 2b5e85cd27 Land #17012, Veritas Backup Agent RCE 
This module exploits a chain of the vulnerabilities CVE-2021-27876,
CVE-2021-27877 and CVE-2021-27878 in Veritas Backup Exec Agent which
leads to remote code execution with privileges of system or root user
 2022-09-23 12:31:46 -04:00
c0rs 425d58dd15 fix check methos output in Veritas BE rce 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2022-09-23 09:46:52 +03:00
c0rs 04c897dbeb Fix description info Veritas BE RCE 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2022-09-23 09:45:18 +03:00
c0rs a8210bfe70 add autocheck to veritas BE RCE 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2022-09-23 09:44:39 +03:00
alex 27744edbb3 Fix dwelch-r7 comments: use fail_with and change return value in tls_enabling 2022-09-15 20:13:25 +03:00
c0rs aa87ce7018 Fix option names 2022-09-15 19:02:25 +03:00
c0rs 0216735a83 Fix option name and description 
Co-authored-by: dwelch-r7 <Dean_Welch@rapid7.com>
 2022-09-15 18:58:32 +03:00
Spencer McIntyre 0fd3a82126 Land #17014, Increase timeout for laravel check 
Increase timeout for laravel rce check method
 2022-09-15 11:41:07 -04:00
adfoster-r7 c39b437f01 Increase timeout for laravel rce check method 2022-09-13 22:36:53 +01:00
Spencer McIntyre 0dcfe72614 Use the standard Linux stager 2022-09-13 16:10:48 -04:00
c0rs 9445731b7e Change author mail 2022-09-13 22:50:00 +03:00
Spencer McIntyre 5e04ece15b Support newer versions of Jenkins 
This retains backwards compatibility
 2022-09-13 15:08:23 -04:00
c0rs 03441a72c6 RuboCop Fixes for module Veritas Backup Exec Agent Remote Code Execution 2022-09-13 18:27:21 +03:00
c0rs efbe06f944 Add module Veritas Backup Exec Agent Remote Code Execution 2022-09-13 18:18:52 +03:00
bcoles a7d2145e8d firefox_xpi_bootstrapped_addon: Add notes, description, references, docs 2022-09-05 02:23:37 +10:00
space-r7 fb28f81700 Land #16750, update jenkins_script_console 2022-08-31 16:59:33 -05:00
Spencer McIntyre 324fb69735 Resolve rubocop issues 2022-08-25 14:41:30 -04:00
Spencer McIntyre 8a79128ac4 Switch to using Rex::RandomIdentifier 2022-08-25 14:37:37 -04:00
Spencer McIntyre 2e8e15e338 Fail back to the old method using error handling 
Tested successfully on docker image tags:
  * Jenkins 1.565  (pushed 2015-11-14)
  * Jenkins 2.60.3 (pushed 2018-07-17)
Tested unsuccessfully on docker image tags:
  * Jenkins 2.346.3 (pushed 2022-08-10)
    Issue is that login is broken because the URI changed from
    j_acegi_security_check to j_spring_security_check.
 2022-08-25 14:06:47 -04:00
Giacomo Casoni 76f6eda5a9 Using FileDropper Mixin 2022-07-27 19:32:50 +02:00
space-r7 ccef129807 Land #16727, set tftphost option 2022-07-12 15:29:42 -05:00
Jack Heysel fdd7a863c8 Land #16736, fix confluence_widget_connector crash 
This change fixes a bug in the confluence_widget_connector 
exploit module to prevent it from crashing when the HTTP
response body received in the get_java_property method is
empty or does not match expected regex.
 2022-07-12 12:27:40 -04:00
Jack Heysel 52fd45b7ab Land #16744 Jboss EAP/AS RCE module 
This module exploits a Java deserialization vulnerability
in JBOSS EAP/AS Remoting Unified Invoker interface for
versions 6.1.0 and prior.
 2022-07-12 10:49:22 -04:00
Jack Heysel 7df6d73741 Added new line to end of file 2022-07-12 09:08:19 -04:00
Jack Heysel 44abcfcb28 Added flavour to fix linux_dropper 2022-07-12 09:06:06 -04:00
Heyder Andrade 2f7cf90b7f mixin didn't work with linux_dropper payload 
- Fixed exception handling variable attribution
- Tried to change JavaDeserialization Util to JavaDeserialization mixin
instead
- Changed the fail reason when the connection is unsuccessful
 2022-07-08 02:30:26 +02:00
space-r7 52ac281991 change wording in fail_with() 2022-07-07 18:05:56 -05:00
kalba-security 7d32338702 remove ARTIFACTS_ON_DISK from weblogic_deserialize_asyncresponseservice notes 2022-07-07 05:26:59 -07:00
Bojan Zdrnja 3d13dab11e Update jenkins_script_console.rb 2022-07-06 19:08:38 +02:00
Bojan Zdrnja 5db741550b Update jenkins_script_console.rb 
Modern Java disabled the sun.misc.BASE64Decoder class so exploit will fail on any newer version of Jenkins.
The java.util.Base64 class should be used now; the change has been confirmed to work with the latest version of Jenkins (the current exploit silently fails).
 2022-07-06 15:16:01 +02:00
Heyder Andrade 50ca5f0ce2 Add description 2022-07-05 00:25:07 +02:00
Heyder Andrade 0ea033be55 Add module for jboss remoting unified invoker RCE 2022-07-01 21:39:42 +02:00
kalba-security 48598b8c5b correct CVE and add linting for weblogic_deserialize_asyncresponseservice 2022-07-01 10:27:51 -04:00
kalba-security 17f82a900e linting for confluence_widget_connecter and add catch for all scenarios where clear_response returns nil 2022-07-01 08:43:47 -04:00
kalba-security f6b6ad4bf1 prevent confluence_widget_connector from crashing when the response body in get_java_property is empty 2022-07-01 07:37:54 -04:00
Spencer McIntyre 2d6e910078 Land #16721, Phpmailer arg injection update 2022-06-29 13:00:48 -04:00