adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
57,058 Commits 27 Branches 1,043 Tags
ff4db5daeac984845ebccd3ed34db41f8a37e7aa
Commit Graph

2298 Commits

Author SHA1 Message Date
William Vu 89f7be3ef0 Improve error message 2020-07-01 14:20:04 -05:00
William Vu 4b78de5416 Refactor AutoCheck a bit more 2020-06-30 11:58:42 -05:00
Alan Foster b841246536 Update autocheck to use prepend instead of include, add ForceExploit functionality 2020-06-30 11:40:46 +01:00
Adam Galway 1a2bf98222 creates standard elog & updates exisiting usages 2020-06-22 12:48:39 +01:00
Adam Cammack 001910473b Land #13448, Fix relative location redirects 2020-06-04 09:17:45 -05:00
cn-kali-team 1b796aa50b OptString to OptPort 2020-05-30 10:27:48 +08:00
William Vu 16886fa41e Move generate_viewstate_payload to mixin 2020-05-21 18:37:13 -05:00
William Vu c50e242151 Add ViewState mixin 2020-05-21 18:37:11 -05:00
William Vu aa6624e7f8 Land #13436, service encoder fix for psexec 2020-05-14 16:43:07 -05:00
William Vu 6034f48e8f Land #13405, once more with feeling 2020-05-13 11:54:41 -05:00
Clément Notin 91ea692cbe socket_server.rb: better describe "0.0.0.0" 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-13 16:30:00 +02:00
William Vu 44b0ddf2ed Land #13405, OptAddressLocal for SRVHOST 2020-05-13 09:15:42 -05:00
Clément Notin ec33651243 socket_server.rb: SRVHOST can be an interface 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-13 16:14:20 +02:00
Niboucha Redouane a4b316a91e Fix following redirects from send_request_cgi! 2020-05-13 09:54:14 +02:00
Clément Notin 258895f534 Use print_error for error messages 2020-05-12 00:02:52 +02:00
Clément Notin b7d16b1e72 Fix regression in psexec mixing filename and encoder 
Closes #13407
 2020-05-12 00:02:52 +02:00
William Vu 646c10ff02 Disable RuboCop Security/Eval the non-hacky way 
Hat tip @adfoster-r7!
 2020-05-11 12:05:38 -05:00
William Vu f346b1b001 Add SaltStack Salt root key disclosure module 
Also adds a new ZeroMQ mixin, mainly for use with Salt modules.
 2020-05-11 12:05:38 -05:00
William Vu 1214ac17a7 Refactor Msf::Exploit::CmdStager::HTTP 
Minor updates to align with current style.
 2020-05-10 04:12:45 -05:00
Spencer McIntyre 683ecb7b8d Tweak handling of the DnsNote option 2020-05-08 12:21:52 -04:00
Spencer McIntyre 6be4b5431c Remove the TLD wordlist option for now 2020-05-08 12:21:52 -04:00
Spencer McIntyre 0a8cb83e7f Fix TXT records, the DNS port, and messages for cloud_lookup 2020-05-08 12:21:52 -04:00
Spencer McIntyre 715dfc13f8 Refactor the auxiliary mixin to an enumeration exploit mixin 2020-05-08 12:21:52 -04:00
Clément Notin c42db7959b Use OptAddressLocal for SRVHOST to specify by interface name instead of IP 2020-05-06 19:51:13 +02:00
dwelch-r7 8ac04d5312 Land #13367, Surface helpful error messages to users 2020-05-06 14:40:21 +01:00
Alan Foster 2c8b5c2647 Fix edge cases in raising metasploit exceptions 2020-05-05 20:18:04 +01:00
William Vu c27269105e Rename CmdStager to psh_invokewebrequest 2020-05-01 12:31:53 -05:00
William Vu 9adaa08ddd Use new PowerShell Invoke-WebRequest CmdStager 2020-05-01 12:19:12 -05:00
William Vu 9633f5daf4 Exploit an LDAP auth bypass to add an admin user 
Thanks to JJ Lehmann and Ofri Ziv of Guardicore Labs for their work.

https://www.guardicore.com/2020/04/pwning-vmware-vcenter-cve-2020-3952/
 2020-04-22 17:38:11 -05:00
William Vu 8b74fd6605 Move discover_base_dn method to mixin 2020-04-22 17:38:11 -05:00
William Vu 88fcf4b9a2 Add and use new LDAP mixin 2020-04-22 17:38:11 -05:00
William Vu c5df5355ac Update my module documentation to the new standard 
Also update CheckModule to match current style and best practices.
 2020-04-20 20:06:52 -05:00
William Vu ebc8a74496 Update lib/msf/core/exploit/cmdstager/http.rb 
Should be clearer now wtf is going on.
 2020-04-15 15:47:51 -05:00
William Vu 6276247bf8 Move Expect mixin to Msf::Exploit::Remote 
I don't think we'll ever see it used beyond remote exploits.
 2020-04-15 15:47:50 -05:00
William Vu 02ba071b84 Punctuate check prints to match CheckCodes 2020-04-15 15:47:50 -05:00
William Vu 5fbaf87c96 Move ClassLoader to HTTP::ClassLoader 
Also note the SSL workaround.
 2020-04-14 14:01:18 -05:00
William Vu 6f77f27ed5 Move deregister_options from module to mixin 
Whoops, forgot this.
 2020-04-14 14:01:18 -05:00
William Vu 69e1714d9a Don't be lazy anymore and pack lengths as shorts 2020-04-14 14:01:18 -05:00
William Vu 41480a2d88 Clarify classloading is over HTTP 
HTTPS isn't supported by the clients I've tested.
 2020-04-14 14:01:18 -05:00
William Vu db15baa257 Rename to Msf::Exploit::Remote::Java::ClassLoader 2020-04-14 14:01:18 -05:00
William Vu 89610a6325 Add a comment header to the new mixin 2020-04-14 14:01:18 -05:00
William Vu 5904745072 Prefer Java variant of K&R, oops 2020-04-14 14:01:18 -05:00
William Vu 559a79726f Reformat copied Java code 2020-04-14 14:01:18 -05:00
William Vu d7cf08d5f3 Convert Java classloading code into a mixin 2020-04-14 14:01:18 -05:00
Adam Galway 405e7b108b Land #13132, removes EOL spaces 2020-03-30 17:49:18 +01:00
Auxilus 26b2ec3d84 remove spaces at EOL 2020-03-24 18:08:34 +05:30
Mehmet İnce 6d55ca4040 Adding alias of ftp_connect 
Signed-off-by: Mehmet İnce <mehmet@mehmetince.net>
 2020-03-18 17:26:28 +03:00
Spencer McIntyre 4c004d51a7 Add an exploit for CVE-2020-0618 2020-03-06 16:21:37 -05:00
William Vu 4cd52c5f32 Reorder Expect mixin's send_expect parameters 2020-02-27 02:48:11 -06:00
Christophe De La Fuente 071b9598a4 Add support to SMBv2 and remove catch-all exception handler 2020-02-26 11:53:41 +01:00