adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
67,147 Commits 27 Branches 1,043 Tags
fdd7a863c8a1ac062086e71cb00a569194d2d313
Commit Graph

4970 Commits

Author SHA1 Message Date
Jack Heysel 52fd45b7ab Land #16744 Jboss EAP/AS RCE module 
This module exploits a Java deserialization vulnerability
in JBOSS EAP/AS Remoting Unified Invoker interface for
versions 6.1.0 and prior.
 2022-07-12 10:49:22 -04:00
Heyder Andrade d6b6f47b09 change doc file 2022-07-08 02:36:18 +02:00
space-r7 f958b0a053 Land #16738, correct CVE/lint for weblogic module 2022-07-07 18:08:13 -05:00
Jack Heysel 4da72a9b01 Land #16735, Fix defaults for aerohive module 
This change sets the MeterpreterTryToFork advanced
payload option to true by default for the Linux target
in the aerohive_netconfig_lfi_log_poison_rce module.
 2022-07-07 16:21:56 -04:00
Jack Heysel 6db340508f Land #16703, add Censys API v2 functionality 
This PR updates the censys_search.rb module to also
make use of the v2 API functionality
 2022-07-07 13:09:31 -04:00
Erik Wynter 3ad42dd153 change option names to H3 for weblogic_deserialize_asyncresponseservice docs 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-07-07 19:04:26 +03:00
space-r7 debf619968 Land #16733, add dfscoerce scanner module 2022-07-06 18:18:00 -05:00
Spencer McIntyre f7209bfc75 Land #16724, Modernize ms01_026_dbldecode 
Use HttpClient; remove meterpreter code; fix stager
 2022-07-05 09:36:58 -04:00
Heyder Andrade bbf56c7f4c Delete jboss_remoting_unified_invoker.md 2022-07-05 00:33:30 +02:00
Heyder Andrade 1ccc91d23c Rename doc file 2022-07-05 00:25:56 +02:00
Heyder Andrade b8834e1534 Added documentation 2022-07-05 00:19:17 +02:00
Christophe De La Fuente 066d01b7b2 Rework censys_search module to use Censys Search API v2 2022-07-04 17:19:16 +02:00
bcoles 04aa05faa2 ms01_026_dbldecode: Use HttpClient; remove meterpreter code; fix stager 2022-07-03 18:22:55 +10:00
Christophe De La Fuente b40dd95d4f Land #16723, Add FreeSwitch Login auxiliary module 2022-07-01 16:57:34 +02:00
kalba-security 12522d1407 fix cve in weblogic_deserialize_asyncresponseservice docs and run msftidy_docs 2022-07-01 10:34:27 -04:00
kalba-security b56242c7a2 enable MeterpreterTryToFork by default for aerohive_netconfig_lfi_log_poison_rce 2022-07-01 06:15:13 -04:00
krastanoel e944196c5c Update documentation 2022-07-01 12:29:17 +07:00
Spencer McIntyre c67432b20d Add the documentation for dfscoerce 2022-06-30 17:25:32 -04:00
Christophe De La Fuente 0d19e47b8d Land #16677, Add module for adding/deleting computers via MS-SAMR 2022-06-30 12:12:26 +02:00
krastanoel a2949c7555 Fix documentation warning 2022-06-30 11:51:03 +07:00
Spencer McIntyre 1b7d8f1e74 Fix a whitespace issue, restore option naming 2022-06-29 12:24:29 -04:00
Spencer McIntyre 41ba2d263b Address PR feedback 
Simplify the application_key usage, update docs and catch another
exception.
 2022-06-28 11:53:05 -04:00
krastanoel da63fbbad4 Add FreeSwitch Login auxiliary module 2022-06-28 20:13:24 +07:00
Erik e9b2fc6ecf Merge branch 'rapid7:master' into master 2022-06-23 12:52:09 -10:00
Erik 84aa9ceeb9 Update phpmailer_arg_injection.md 
Added options to the module docs for the new options
 2022-06-23 12:50:33 -10:00
Spencer McIntyre a96bc36d9c Update the docs with the Windows target 2022-06-15 17:24:44 -04:00
Spencer McIntyre 825604dda9 Add docs and a configurable password 2022-06-15 08:51:47 -04:00
bwatters f6bd8fd020 Land #16571, Vcenter offline mdb extract 
Merge branch 'land-16571' into upstream-master
 2022-06-13 10:32:07 -05:00
Jack Heysel 67ea2bc23c Land #16630 Fix duplicate ntlm hash storage 
Net-NTLM (v1 and v2) hashes were being duplicated when
stored in the database due to the unique data in the challenge
dispite being the same. This fixes that issue
 2022-06-08 14:07:34 -04:00
bwatters 3875db78ae Land #16644, Add Exploit for CVE-2022-26134 (Confluence RCE) 
Merge branch 'land-16644' into upstream-master
 2022-06-07 16:00:37 -05:00
jheysel-r7 2b99967d0c Merge branch 'master' into fix/duplicate-netntlm 2022-06-07 11:42:51 -04:00
Spencer McIntyre 1a06f69f95 Works through v7.18 now too 2022-06-06 22:03:21 -04:00
Spencer McIntyre 2c0e034a18 Fix a couple of typos 2022-06-06 18:14:05 -04:00
bwatters c751ef46c9 Land #16635, Add 0-day MSWord RCE #Follina CVE-2022-30190 
Merge branch 'land-16635' into upstream-master
 2022-06-06 14:41:31 -05:00
Spencer McIntyre 1aec2e8649 Note version in the docs 2022-06-03 18:29:28 -04:00
Spencer McIntyre 600fba7fa1 Add module docs 2022-06-03 17:26:15 -04:00
Christophe De La Fuente 474116d413 Land #16611, DotCMS File Upload to RCE Module (CVE-2022-26352) 2022-06-02 15:30:10 +02:00
RAMELLA Sébastien 3ab06461af fix. second review 2022-06-02 00:58:20 +04:00
RAMELLA Sébastien dd1814903c fix. SRVHOST default value 2022-06-02 00:07:15 +04:00
RAMELLA Sébastien 8c19a02835 fix. first review 2022-06-01 20:15:08 +04:00
Jack Heysel bea4207c62 Land PR #16607 - MyBB RCE Module (CVE-2022-24734) 
This exploit module leverages an improper input validation
vulnerability in MyBB prior to 1.8.30 to execute arbitrary
code in the context of the user running the application.
 2022-05-31 11:59:53 -04:00
Christophe De La Fuente dac355d9cf Land #16492, nfs_mount more intelligent mountability 2022-05-31 11:56:19 +02:00
RAMELLA Sébastien 7f89e92da3 add more informations about 2022-05-31 00:12:30 +04:00
Jack Heysel 2c02a607ee Responded to PR feedback 2022-05-30 14:46:54 -04:00
RAMELLA Sébastien 97921b4ed9 fix chmod 644 2022-05-30 22:11:35 +04:00
RAMELLA Sébastien dfc226cf5f add. Supposed 0day MSWord RCE 2022-05-30 21:23:18 +04:00
Christophe De La Fuente b996f5ee49 Fixes from code review 2022-05-30 16:24:18 +02:00
Spencer McIntyre 1466506069 Update the docs to be accurate 2022-05-27 14:41:06 -04:00
adfoster-r7 d225d4663c Land #16413, update local exploit suggester 2022-05-25 13:24:11 +01:00
sjanusz 6b1faf0e0e Add 'run' commands to Local Exploit Suggester docs 2022-05-25 12:05:06 +01:00