adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
61,563 Commits 27 Branches 1,043 Tags
ff088c67ced58ca8dcd2ca491efb1f5f0af2c72e
Commit Graph

131 Commits

Author SHA1 Message Date
Spencer McIntyre 4373b464ce Update the markdown module docs a bit 2021-04-29 11:46:40 -04:00
Pedro Ribeiro 02656a2c31 add clarification - it's for linux only 2021-04-23 19:23:18 +07:00
Pedro Ribeiro 9a779fef79 add ZDI id 2021-04-23 15:15:09 +07:00
Pedro Ribeiro 30c333b30d fix typo in shrboadmin 2021-04-23 15:03:34 +07:00
Pedro Ribeiro 71f5955b42 add OBR SSH module 2021-04-23 15:00:06 +07:00
William Vu 8d71cfc024 Fix SSHFactory NameError in f5_bigip_known_privkey 
This could probably be refactored to use Msf::Exploit::Remote::SSH.
 2021-04-19 17:07:26 -05:00
Alan Foster 30809787c4 Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
Brendan Coles 6208f8795a vyos_restricted_shell_privesc: support login as admin user 2020-09-18 15:49:25 +00:00
Brendan Coles 485c51c88c Add VyOS restricted-shell Escape and Privilege Escalation 2020-09-11 18:19:25 +00:00
Pedro Ribeiro 34fd858265 Update IBM DRM SSH module 2020-06-26 11:28:21 +07:00
Adam Galway 1a2bf98222 creates standard elog & updates exisiting usages 2020-06-22 12:48:39 +01:00
Pedro Ribeiro 1cb91dcb42 Address review comments 
Update documentation/modules/exploit/linux/ssh/ibm_drm_a3user.md

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update documentation/modules/exploit/linux/ssh/ibm_drm_a3user.md

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update documentation/modules/exploit/linux/ssh/ibm_drm_a3user.md

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update documentation/modules/exploit/linux/ssh/ibm_drm_a3user.md

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update documentation/modules/exploit/linux/ssh/ibm_drm_a3user.md

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update documentation/modules/exploit/linux/ssh/ibm_drm_a3user.md

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update documentation/modules/exploit/linux/ssh/ibm_drm_a3user.md

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update documentation/modules/exploit/linux/ssh/ibm_drm_a3user.md

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update documentation/modules/exploit/linux/ssh/ibm_drm_a3user.md

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update ibm_drm_a3user.md

Update modules/exploits/linux/ssh/ibm_drm_a3user.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/exploits/linux/ssh/ibm_drm_a3user.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/exploits/linux/ssh/ibm_drm_a3user.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/exploits/linux/ssh/ibm_drm_a3user.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/exploits/linux/ssh/ibm_drm_a3user.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/exploits/linux/ssh/ibm_drm_a3user.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/exploits/linux/ssh/ibm_drm_a3user.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/exploits/linux/ssh/ibm_drm_a3user.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/exploits/linux/ssh/ibm_drm_a3user.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/exploits/linux/ssh/ibm_drm_a3user.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/exploits/linux/ssh/ibm_drm_a3user.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/exploits/linux/ssh/ibm_drm_a3user.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

use fail_with
 2020-05-05 10:58:05 -05:00
Pedro Ribeiro dbceec91af add full disclosure URL 2020-05-01 21:00:49 +07:00
Pedro Ribeiro 4b6ef4cb9e fix spaces at eol 2020-05-01 13:30:22 +07:00
Pedro Ribeiro 9d09b3a250 add cve 2020-05-01 10:18:26 +07:00
Pedro Ribeiro c581cb390f remove CVE for merge, will add later 2020-04-30 11:16:09 +07:00
Pedro Ribeiro 714c750c04 apply rubocop changes 2020-04-24 10:23:13 +07:00
Pedro Ribeiro 0bef1757d2 Create ibm_drm_a3user.rb 2020-04-22 12:17:34 +07:00
Brent Cook 8489bcdfd9 This fixes broken links to the community.rapid7.com blog 
Performed mechanically with sed, spot-checked that the new blog can consume these links.
 2020-02-18 09:06:11 -06:00
William Vu f31930748b Remove RHOST from solarwinds_lem_exec 
This doubles as a test.
 2019-12-11 13:42:41 -06:00
Rob Fuller 5eb90d758f Update modules/exploits/linux/ssh/solarwinds_lem_exec.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-12-11 13:44:37 -05:00
Rob Fuller 002b9e5b90 Fix typo and lacking RHOST 
Kinda need a RHOST to use a RCE...
 2019-12-11 12:17:53 -05:00
William Vu 6f58981396 Land #12244, cisco_ucs_scpuser exploit 2019-08-30 13:35:50 -05:00
Pedro Ribeiro e36308e5bb Add FD ref 2019-08-31 00:18:46 +07:00
Pedro Ribeiro 0c1f3f2d03 make some adjustments 2019-08-29 19:50:01 +07:00
Pedro Ribeiro 98efac5bfb Add github link 2019-08-28 11:08:01 +07:00
Pedro Ribeiro 7fd56f5fb3 Add Cisco UCS scpuser exploit 2019-08-28 11:00:08 +07:00
William Vu 901943c90f Move Ubiquiti AirOS exploit from SSH to HTTP 2019-08-22 17:58:20 -05:00
William Vu 32334c2386 Update all module splats from http:// to https:// 2019-08-15 18:10:44 -05:00
William Vu e69f006992 Remove CommandShell mixin in exploits 
This was cargo culting. Exploits use handler instead of start_session.
 2018-12-12 15:43:13 -06:00
William Vu 90b9204703 Update DisclosureDate to ISO 8601 in my modules 
Basic msftidy fixer:

diff --git a/tools/dev/msftidy.rb b/tools/dev/msftidy.rb
index 9a21b9e398..e9ff2b21e5 100755
--- a/tools/dev/msftidy.rb
+++ b/tools/dev/msftidy.rb
@@ -442,6 +442,8 @@ class Msftidy
     # Check disclosure date format
     if @source =~ /["']DisclosureDate["'].*\=\>[\x0d\x20]*['\"](.+?)['\"]/
       d = $1  #Captured date
+      File.write(@full_filepath, @source.sub(d, Date.parse(d).to_s))
+      fixed('Probably updated traditional DisclosureDate to ISO 8601')
       # Flag if overall format is wrong
       if d =~ /^... (?:\d{1,2},? )?\d{4}$/
         # Flag if month format is wrong
 2018-11-16 12:18:28 -06:00
William Vu 6df235062b Land #10505, post-auth and default creds info 2018-08-24 18:08:15 -05:00
William Vu 60c0272270 Make style consistent 2018-08-15 21:27:40 -05:00
Kevin Kirsche cd01f11fd2 Remove verifying host keys for all exploits 2018-08-15 14:54:41 -07:00
Wei Chen d9fc99ec4a Correct false negative post_auth? status 2018-08-09 23:34:03 -05:00
Sonny Gonzalez f5ccdcfcd2 Net SSH CommandStream fixes implemented 
* Net::SSH::CommandStream typos fixed
* Net::SSH::CommandStream cleanup made more robust and refactored
* require 'net/ssh/command_stream' added to various modules
 2018-07-25 11:22:28 -05:00
asoto-r7 1a3a4ef5e4 Revised 88 aux and exploit modules to add CVEs / references 2018-07-12 17:34:52 -05:00
Brent Cook b1d0529161 prefer 'shell' channels over 'exec' channels for ssh 
If a command is not specified to CommandStream, request a "shell"
session rather than running exec. This allows targets that do not have a
true "shell" which supports exec to instead return a raw shell session.
 2018-02-08 02:21:16 -06:00
Brent Cook 1225555125 remove unnecessary require 2017-08-20 17:37:42 -05:00
Brent Cook 840c0d5f56 Land #7808, add exploit for VMware VDP with known ssh private key (CVE-2016-7456) 2017-08-20 17:36:45 -05:00
Brent Cook 4395f194b1 fixup style warnings in f5 bigip privkey exploit 2017-08-01 14:45:05 -05:00
1cph93 9c930aad6e Add space after comma in f5_bigip_known_privkey module to coincide with Ruby style guide 2017-07-25 19:43:29 -04:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
g0tmi1k ef826b3f2c OCD - print_good & print_error 2017-07-19 12:48:52 +01:00
g0tmi1k b8d80d87f1 Remove last newline after class - Make @wvu-r7 happy 2017-07-19 11:19:49 +01:00
g0tmi1k 4720d1a31e OCD fixes - Spaces 2017-07-14 08:46:59 +01:00
William Vu 3e20296cf5 Add service_details for SSH 2017-06-08 13:28:29 -05:00
William Vu e22334343e Use store_valid_credential in my modules 
I used report_note because using the creds API was a pain in the ass.
 2017-06-08 00:57:51 -05:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings 
Also fixed rex requires.
 2017-05-03 15:44:51 -05:00
William Vu f60807113b Clean up module 2017-04-26 01:37:49 -05:00