adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
69,798 Commits 27 Branches 1,043 Tags
fbda738da98a60146a0bef98b68fc8fc595eb8f5
Commit Graph

4139 Commits

Author SHA1 Message Date
Spencer McIntyre a418bd9c65 Land #17638, Lucee Scheduled Job RCE 2023-03-02 08:57:19 -05:00
Spencer McIntyre 3fabcc3421 Use coldfusion to decode base64 data 
This means we don't need to rely on base64 being in the path. Also
invoke ARCH_CMD payloads on Windows through cmd.exe and not
powershell.exe.
 2023-02-28 17:32:56 -05:00
Spencer McIntyre c8aa491378 Fail with Unreachable when res is nil 2023-02-28 17:05:59 -05:00
Spencer McIntyre a916163b49 Cleanup files and fixup messages 2023-02-28 16:41:57 -05:00
JBince 8b03f2fda8 Reworked payload execution logic 2023-02-27 11:09:34 -06:00
JBince 75fb5e883d Exploit update based on feedback 2023-02-19 09:16:56 -06:00
JBince ce9933fc4c Feedback changes + rubocop & msftidy changes 2023-02-17 08:16:49 -06:00
JBince a3a6ae9c4a feedback fixes 2023-02-16 14:33:03 -06:00
Spencer McIntyre ac9d60ce9e Land #17281, Added module for CVE-2022-2992 
Added module for CVE-2022-2992 - Gitlab Remote Command Execution via Github import
 2023-02-14 16:57:29 -05:00
space-r7 78ae5f49ce add gitlab prefix back to methods 2023-02-14 15:26:01 -06:00
space-r7 304b90ecc8 split mixins between forms and v4 api used 2023-02-14 12:37:43 -06:00
JBince 9c3cfd8bdb Added documentation, cleaned up functions, rubocop fixes 2023-02-13 15:19:45 -06:00
Spencer McIntyre c3fa924cfa Remove the NGROK_URL option 2023-02-13 14:31:44 -05:00
Spencer McIntyre 210b7a3254 Use #get_json_document instead of JSON.parse 
Also fix typos
 2023-02-13 14:00:13 -05:00
JBince 2a386981bd Updated Module & Payloads + Rubocop Fixes 2023-02-13 09:03:57 -06:00
JBince f4c5e34a1b Added improved functionality on both Windows and Unix installs 2023-02-12 14:42:22 -06:00
JBince fcfc39296f Added improved functionality on both Windows and Unix installs 2023-02-12 14:39:11 -06:00
JBince d5b7ad30a1 Created module 2023-02-10 17:01:57 -06:00
Frycos e963582e18 Update fortra_goanywhere_rce_cve_2023_0669.rb 
Name typo
 2023-02-09 23:06:59 +01:00
Spencer McIntyre c7279e9a0a Add credit for CVE-2023-0669; fix path in docs 2023-02-09 13:02:40 -05:00
bcoles de8a6e1445 Move fortra_goanywhere_rce_cve_2023_0669 module documentation to documentation directory 2023-02-09 23:12:45 +11:00
cgranleese-r7 508f5c7e52 Land #17619, Run rubocop on exploit modules 2023-02-09 10:11:53 +00:00
Spencer McIntyre c997952d83 Land #17607, Fortra RCE CVE-2023-0669 
Fortra deserialization RCE CVE-2023-0669 (ETR)
 2023-02-08 12:56:09 -05:00
adfoster-r7 656ded4b86 Add module notes 2023-02-08 15:46:07 +00:00
Spencer McIntyre 2b008af097 Move the module to reflect it targets Windows too 2023-02-08 10:24:27 -05:00
adfoster-r7 25ee41df68 Run rubocop on exploit modules 2023-02-08 15:20:32 +00:00
cgranleese-r7 10144a9f13 Land #17615, Add missing module notes for stability reliability and side effects 2023-02-08 12:28:47 +00:00
adfoster-r7 433bafdccf Add missing module notes for stability reliability and side effects 2023-02-08 11:45:17 +00:00
bwatters 8ee67085c8 Land #17556, ManageEngine ADSelfService Plus RCE (CVE-2022-47966) 
Merge branch 'land-17556' into upstream-master
 2023-02-07 16:57:22 -06:00
bwatters 53c67653f5 Land #17527, ManageEngine ServiceDesk Plus RCE (CVE-2022-47966) 
Merge branch 'land-17527' into upstream-master
 2023-02-06 17:37:31 -06:00
adfoster-r7 6870efc34a Land #17426, Update all references to old Wiki to point to new docs site 2023-02-01 23:49:20 +00:00
Christophe De La Fuente f676568d89 Fix CVE 2023-01-30 12:18:08 +01:00
Christophe De La Fuente a5ba1245c2 Fix CVE 2023-01-30 12:15:14 +01:00
bcoles e11aaa8027 modules/exploits/multi/local: Resolve Rubocop and msftidy_docs violations 2023-01-28 15:02:24 +11:00
Christophe De La Fuente 85d5b041aa Add minimum build number check 2023-01-27 18:03:19 +01:00
Grant Willcox 6043d0ffba Update all links from Wiki site to new docs site. 2023-01-27 09:58:53 -06:00
Christophe De La Fuente e01239cf7b Add exploit module and documentation 2023-01-26 21:53:14 +01:00
Christophe De La Fuente ed2dd2fc0c Add randomization in the XML when possible & fix BadChars issue 2023-01-26 18:42:09 +01:00
Christophe De La Fuente 2be22752be Add Linuc specifics and documentation 2023-01-26 16:16:00 +01:00
Christophe De La Fuente 38f0d33d6b Add exploit module 2023-01-24 00:55:45 +01:00
ErikWynter 3c219c8a77 prevent .keys call on nil in log4shell_header_injection 2022-12-15 12:51:30 +02:00
Heyder Andrade cf6d5d3a14 It made the gadgets being used more readable 2022-12-06 17:47:49 +01:00
Heyder Andrade 8aca86b816 Apply suggestions from code review 2022-12-04 17:29:05 +01:00
Maik Ro 330cb2944b fix typo 
OptString.new('FILENAME', [true, 'The OpoenOffice Text document name', 'msf.odt']) -> OpoenOffice changed to OpenOffice
 2022-11-30 22:10:18 +01:00
Heyder Andrade 704cee436b Apply suggestions from code review 2022-11-29 15:25:14 +01:00
Heyder Andrade c1236500f1 Apply suggestions from code review 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2022-11-29 14:12:39 +01:00
Heyder Andrade ff63f0aa32 Added reference 2022-11-28 14:11:07 +01:00
Heyder Andrade 27f8f4fc47 Cleanup 2022-11-23 01:55:06 +01:00
Heyder Andrade 7880530989 The check method should report when finding a vulnerable product. 
I think all exploit modules should "report" in the check method when finding a vulnerable
product. By doing that we can take advantage of all check methods in the exploit module
and use them as a "scanner". That would give the chance for the user to check multiple
simultaneously targets and save the result for further actions.
 2022-11-23 01:29:38 +01:00
Heyder Andrade 0e5f8d49f9 Code cleanup and payload generation improvements 2022-11-23 00:29:10 +01:00