adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
56,569 Commits 27 Branches 1,043 Tags
ffc49ccf83ae06ce8a720cb8a3e4fa62ebfc3a6b
Commit Graph

14188 Commits

Author SHA1 Message Date
SecurityBytesMe ffc49ccf83 General cleanup 2020-06-14 15:10:41 -07:00
SecurityBytesMe 34e3e3c9e8 Removal of Exploit:: on CheckCode 2020-06-14 15:06:42 -07:00
SecurityBytesMe ff402ea9ac applied linting and cleaning return checks 
rubocop and msftidy applied
modified check return codes
 2020-06-14 14:55:43 -07:00
ChristopherAnders 63713de14c fix self.class msftidy warning and minor syntax 2020-05-31 18:39:50 -07:00
ChristopherAnders 5ef76ff232 Merge branch 'master' into upstream-master 2020-05-31 16:52:03 -07:00
William Vu f60e569c1b Add Cisco CML and VIRL-PE advisory to Salt modules 
Hat tip @brudis-r7!
 2020-05-29 15:24:00 -05:00
Alan Foster f1c492fa2d Land #13470, Pi-Hole < 4.3.3 dhcp static address RCE 2020-05-28 16:57:22 +01:00
h00die 695f212d26 pihole default payload fix 2020-05-28 09:55:04 -04:00
h00die 513b430f19 no leading 0s on IPs 2020-05-28 08:56:08 -04:00
h00die 2e32c7981d encode token in final stage 2020-05-28 08:22:41 -04:00
h00die 504cd0b4db encode token in final stage 2020-05-28 08:22:04 -04:00
Alan Foster b5f41636b1 Land #13488, Fix memory leak in ms01_026_dbldecode 2020-05-28 10:23:10 +01:00
Brendan Coles ad05cf7870 Update TinyIdentD 2.2 Stack Buffer Overflow module 2020-05-23 04:43:44 +00:00
William Vu d6aea635c7 Update authors in Netsweeper/myLittleAdmin modules 
Edits for accuracy and precision.
 2020-05-22 17:05:12 -05:00
bwatters-r7 cb06a4e731 Land #13455, Pi-Hole < 3.3 whitelist RCE 
Merge branch 'land-13455' into upstream-master
 2020-05-22 15:35:16 -05:00
William Vu 06f9099d7f Add BASE_DN and ROOT_KEY to vmdir and Salt modules 2020-05-22 11:16:58 -05:00
Spencer McIntyre b49dd37614 Land #13494, Add Plesk/myLittleAdmin ViewState .NET deserialization pre-auth RCE 2020-05-22 11:53:41 -04:00
bwatters-r7 2d56931663 Land #13287, CVE-2017-15889 Synology DSM < 5.2-5967-5 authenticated root exploit 
Merge branch 'land-13487' into upstream-master
 2020-05-22 10:07:50 -05:00
William Vu afe7ef5d9a Bump WfsDelay for first exploit attempt 2020-05-22 09:32:22 -05:00
William Vu e471efa399 Whitelist :certutil and :vbs CmdStagers 
These worked for @smcintyre-r7 on Windows Server 2019.
 2020-05-22 09:24:16 -05:00
William Vu 16886fa41e Move generate_viewstate_payload to mixin 2020-05-21 18:37:13 -05:00
William Vu d1a07e9403 Use ViewState mixin in module 2020-05-21 18:37:13 -05:00
William Vu 11030dff84 Add CVE references (they weren't there before) 2020-05-21 18:12:57 -05:00
William Vu 889a4cd6e0 Add Plesk/myLittleAdmin ViewState deserialization 2020-05-21 18:12:57 -05:00
h00die c1996d58ed add forcexploit 2020-05-21 17:39:54 -04:00
Spencer McIntyre ffb681cb79 Land #13485, Update eyesofnetwork_autodiscovery_rce with SQLi auth bypass 2020-05-21 17:24:23 -04:00
Spencer McIntyre ecd3c0f820 Minor doc changes, add module notes and SQLi progress output 2020-05-21 16:31:45 -04:00
William Vu 8473662e32 Land #13463, Oracle WebLogic CVE-2020-2555 exploit 2020-05-20 23:21:07 -05:00
William Vu 12d4ad68e3 Fix things in ThinkPHP and ManageEngine exploits 
Current pattern is print_good instead of vprint_good for this particular
message directly or indirectly called by execute_command.

CmdStagerFlavor is checked at the top level, but it is also checked per
target. Moving this to where it's more appropriate.
 2020-05-20 22:47:03 -05:00
kalba-security 7c2c227ea0 Improve version checks, remove comments from previous testing 2020-05-20 18:06:42 -04:00
William Vu 655088bb0d Fix punctuation typo in exchange_ecp_viewstate 2020-05-20 09:47:11 -05:00
h00die 4721e605d0 5.2 root exploit 2020-05-19 20:19:51 -04:00
Alan Foster bfe47302cf Fix memory leak in ms01_026_dbldecode 2020-05-20 00:48:26 +01:00
h00die e5da35d579 commit for help 2020-05-19 18:40:29 -04:00
h00die cbd0943024 commit for help 2020-05-19 18:39:49 -04:00
Shelby Pace abff1cd731 change true to false 2020-05-19 14:59:47 -05:00
Shelby Pace 378fe767b5 randomize class name 2020-05-19 14:35:36 -05:00
Shelby Pace 8f43ffa8e3 change title 2020-05-19 13:59:27 -05:00
Shelby Pace 6657d3480e remove returns, add autocheck 2020-05-19 13:47:39 -05:00
Shelby Pace 837f307740 rubocop fixes 2020-05-19 13:12:23 -05:00
Shelby Pace d86e008914 Update modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-19 12:29:56 -05:00
Shelby Pace c51a32eaf2 Update modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-19 12:29:41 -05:00
Shelby Pace 5857c80f47 Update modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-19 12:29:17 -05:00
Shelby Pace 4ff4676ab9 Update modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-19 12:28:42 -05:00
Shelby Pace 32386e0947 Update modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-19 12:27:38 -05:00
kalba-security 6d72fe4854 Update eyesofnetwork_autodiscovery_rce module and documentation 2020-05-19 11:48:48 -04:00
Alan Foster c019c06505 Land #13445, Pi-Hole <= 4.4 root RCE CVE-2020-11108 2020-05-18 13:41:57 +01:00
h00die 9851f274a4 remove commented include 2020-05-16 07:57:39 -04:00
h00die a8673e0efc pihole dhcp exec 2020-05-16 01:30:58 -04:00
Shelby Pace 9e813b7e1e add archs 2020-05-15 10:22:08 -05:00