adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
56,474 Commits 27 Branches 1,043 Tags
ffb681cb79b20d6eb44e2a8f4fcd9e8dd67b2b2f
Commit Graph

1074 Commits

Author SHA1 Message Date
William Vu 12d4ad68e3 Fix things in ThinkPHP and ManageEngine exploits 
Current pattern is print_good instead of vprint_good for this particular
message directly or indirectly called by execute_command.

CmdStagerFlavor is checked at the top level, but it is also checked per
target. Moving this to where it's more appropriate.
 2020-05-20 22:47:03 -05:00
William Vu 655088bb0d Fix punctuation typo in exchange_ecp_viewstate 2020-05-20 09:47:11 -05:00
Spencer McIntyre 30b17c6323 Remove some whitespace for msftidy compliance 2020-05-04 10:14:00 -04:00
Spencer McIntyre 7fb17ecf17 Update some module metadata for the Kentico RCE exploit 2020-05-04 10:12:21 -04:00
Spencer McIntyre c128a3ba92 Add CmdStager and Powershell targets to the Kentico RCE exploit 2020-05-04 10:07:10 -04:00
Patrick Webster 60b83d536e Update modules/exploits/windows/http/kentico_staging_syncserver.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2020-05-04 09:26:14 -04:00
Patrick Webster c5adcbfd43 Update modules/exploits/windows/http/kentico_staging_syncserver.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2020-05-04 09:26:13 -04:00
Patrick Webster 0679f1b317 Update modules/exploits/windows/http/kentico_staging_syncserver.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2020-05-04 09:26:13 -04:00
Patrick Webster 376c61bc46 Added exploit module kentico_staging_syncserver. 2020-05-04 09:26:13 -04:00
William Vu e5857d5544 Comments for the comment god 2020-04-27 20:58:39 -05:00
William Vu 3e9f7d5f0a Comment the absolute path prepended to traversal 2020-04-27 20:57:02 -05:00
William Vu f18ec9929b Remove directory traversal prefix altogether 2020-04-27 20:23:29 -05:00
William Vu 1318faa992 Clarify the quote is from the vendor's advisory 2020-04-27 16:53:34 -05:00
William Vu cefeb9ffde Randomize dir in desktopcentral_deserialization 
Also apply RuboCop.
 2020-04-27 16:13:22 -05:00
Christophe De La Fuente af239303d2 Land #13257, .NET Deserialization Library Improvements 2020-04-27 13:05:38 +02:00
William Vu e248e2ed43 Consolidate CmdStager flavors to symbols 
As per the API. Strings are fine, but they're supposed to be symbols.
 2020-04-15 15:47:51 -05:00
William Vu 6523dd81c9 Add comment clarifying build number 2020-04-15 15:47:51 -05:00
William Vu 3aa95f98eb Move RPORT back to where I prefer it 
It was next to SSL before because I wanted to indicate the port was SSL.
 2020-04-15 15:47:51 -05:00
William Vu 7cf7211b46 Refactor desktopcentral_deserialization check 2020-04-15 15:47:51 -05:00
William Vu 5cf0f888ee Remove notes-level version information 
Not sure I like this. Don't want people ot copypasta it.
 2020-04-15 15:47:51 -05:00
William Vu 02ba071b84 Punctuate check prints to match CheckCodes 2020-04-15 15:47:50 -05:00
William Vu 1fdafc5104 "Correct" Windows platform in ManageEngine exploit 2020-04-15 15:47:50 -05:00
Spencer McIntyre 6ae3df69c6 Update the dnn_cookie_deserialization_rce for the new library 2020-04-15 15:13:42 -04:00
Spencer McIntyre b37adbeeed Update existing modules to use explicit parameters 2020-04-15 15:13:41 -04:00
Adam Galway e8d134fc56 Land #12096, DNN cookie desrialization exploit 2020-04-02 15:57:46 +01:00
Spencer McIntyre 54edd201e4 Cleanup cmdstager options 2020-03-24 17:14:47 -04:00
Spencer McIntyre a69f3eb946 Use the correct its instead of it's 2020-03-24 16:44:18 -04:00
Spencer McIntyre a0cd00dac7 Cleanup module doc and comments for CVE-2020-0646 2020-03-24 10:15:58 -04:00
Spencer McIntyre 0832604131 Finish up the CVE-2020-0646 SharePoint RCE 2020-03-23 18:14:28 -04:00
Spencer McIntyre 6c24ed4c96 Initial SharePoint WorkFlows XOML RCE module 2020-03-20 17:57:54 -04:00
William Vu ddefafab78 Revert "Patch serialVersionUID in the library" 
This reverts commit eaf8554e69.
 2020-03-13 17:36:40 -05:00
William Vu 02e2072a87 Update module traits after joint testing 2020-03-13 14:01:54 -05:00
William Vu eaf8554e69 Patch serialVersionUID in the library 2020-03-13 13:17:26 -05:00
William Vu c11be38e1c Default to certutil CmdStager 2020-03-13 12:38:07 -05:00
William Vu 03ff32210e Fix CmdStager target 2020-03-13 12:26:45 -05:00
William Vu 0806e9ef42 Add CmdStager target back in so we can debug it 2020-03-13 11:17:37 -05:00
William Vu 4f6720f962 Add TARGETURI back in 2020-03-13 11:05:14 -05:00
William Vu 83387212a7 Update language to address different patches 2020-03-12 17:50:13 -05:00
William Vu 0b117849d0 Note specific patch versions 
Hat tip @sranjit-r7.
 2020-03-12 17:40:46 -05:00
William Vu a908ceb58a Add ManageEngine Desktop Central exploit 2020-03-12 17:36:53 -05:00
Christophe De La Fuente f7d8c43722 Land #13040, SQL Server Reporting Services ViewState deserialization RCE 2020-03-12 18:26:01 +01:00
Spencer McIntyre f3d38e147d Replace another use with the target type 2020-03-09 11:43:26 -04:00
Spencer McIntyre b148e9da30 Land #13042, use VHOST when creating the full URI 2020-03-09 10:40:03 -04:00
Brent Cook b19ed20d0a Land #12990, Add initial rubocop rules to consistently format modules 2020-03-09 09:24:46 -05:00
Spencer McIntyre 9bd6fb9e76 Update cve-2020-0618 based on feedback 2020-03-09 09:18:44 -04:00
t0-n1 fe8cd52c9d Use VHOST instead of RHOST 
The 'vhost_uri: true' enables the successfully exploitation of this vulnerability in environments where you can't use an IP address (RHOST) to access the OWA web page.
 2020-03-07 10:43:51 +01:00
Spencer McIntyre 4c004d51a7 Add an exploit for CVE-2020-0618 2020-03-06 16:21:37 -05:00
Alan Foster 3a046f01da Run rubocop -a on subset of files 2020-03-06 10:41:45 +00:00
dwelch-r7 4fe7678b01 Land #12910, Add exploit module for apache activemq traversal 2020-03-05 15:05:13 +00:00
dwelch-r7 c7ca43b585 reformat date to iso standard 2020-03-05 15:03:05 +00:00