adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
47,482 Commits 27 Branches 1,043 Tags
ffe4dbcc19def7a2e5e6140b83b514b1f30ded98
Commit Graph

1142 Commits

Author SHA1 Message Date
Jacob Robles 6e450973b9 Land #10295, Add QNAP Q'Center change_passwd Command Execution exploit 2018-07-14 10:09:46 -05:00
Jacob Robles 18e65abc54 Fix link 2018-07-14 10:03:01 -05:00
Brendan Coles 4e72dff791 Update module references 2018-07-14 05:03:13 +10:00
William Vu c9001699cd Land #10027, Hadoop unauthed command execution 2018-07-12 21:58:49 -05:00
William Vu 50252c75d6 Clean up module 
With a little rubocop -a.
 2018-07-12 21:58:00 -05:00
Wei Chen e613b2570a Land #10299, Add 88 CVEs to various auxiliary and exploit modules 2018-07-12 18:26:07 -05:00
William Vu 3546286049 Add missed ARCH_CMD to top-level Arch array 
It's not necessary because of targets, but it's required for printing.
 2018-07-12 17:37:06 -05:00
asoto-r7 1a3a4ef5e4 Revised 88 aux and exploit modules to add CVEs / references 2018-07-12 17:34:52 -05:00
Brendan Coles 4b62f41369 Add QNAP Q'Center change_passwd Command Execution exploit 2018-07-12 20:00:17 +00:00
William Vu acb20e5a29 Land #9780, CouchDB auth bypass and RCE 2018-07-12 03:36:17 -05:00
William Vu f53080ee60 Fix exploit and do final cleanup 2018-07-12 02:13:30 -05:00
William Vu 167745c124 Selectively add RuboCop fixes 2018-07-11 22:49:46 -05:00
William Vu ccc3267166 Correct rubocop -a 
We'll update .rubocop.yml later.
 2018-07-11 22:49:46 -05:00
William Vu ca5e496b8f Run rubocop -a 2018-07-11 21:40:19 -05:00
Brent Cook 1af360d7e0 Land #10108, add IBM QRadar SIEM exploit 2018-07-10 11:52:32 -05:00
Wei Chen 5fc5a47cd2 Update CVE references for exploit modules 
These are based on cross references by EDB, OSVDB, module short
name, blog post and BID.
 2018-07-08 18:46:04 -05:00
Brent Cook 05a0d79be7 Land #10219, Add HP VAN SDN Controller exploit 2018-07-05 14:21:44 -05:00
William Vu 53d5d82498 Rename module to match new vector 2018-07-05 13:31:16 -05:00
William Vu 762b4b5e53 Simplify creds auth by checking X-Auth-Token alone 
It's a lot more direct than checking for the redirect.
 2018-07-05 13:20:27 -05:00
William Vu 2b069f45ca Clarify how we're using the auth token for creds 
In the service token's case, the service token *is* the auth token.
 2018-07-05 13:05:23 -05:00
William Vu 41b0adad88 Use uninstall action command injection 2018-07-03 18:07:22 -05:00
William Vu a25a656d28 Add "E" to HP to make HPE for better searches 
We'll stick with calling it HP everywhere else.
 2018-07-03 10:29:09 -05:00
William Vu 1bf94ac448 Spruce up check method and related 2018-07-02 13:59:24 -05:00
William Vu 6e090acc76 Stop joking with timeouts 2018-07-02 13:18:31 -05:00
William Vu 78ca4d4217 Finally use Msf::Util::EXE.to_zip 8) 2018-07-02 13:04:59 -05:00
Green-m aa3fcea377 update check method to print error message normaliy 2018-07-01 23:17:34 -04:00
Green-m c3b71d4642 Update mismatch indentation and others 2018-07-01 22:43:07 -04:00
Pedro Ribeiro 6ace45e312 Add correct IBM CVE 
Turns out IBM decided to revisit the advisory and attribute 3 different CVE numbers intead of 1.
 2018-06-30 12:06:16 +07:00
William Vu 78cefe0528 Clarify original exploit credit 
It's definitely more than a PoC (exploit). It's weaponized.
 2018-06-29 13:02:40 -05:00
William Vu 34f303187f Drop privesc retval, since it's obsoleted by print 2018-06-29 12:53:59 -05:00
Jacob Robles fc3199259b Land #9958, Nagios xi 2 electric 2018-06-29 12:16:18 -05:00
William Vu dbb502ae19 Refactor code and address review comments 2018-06-29 12:13:15 -05:00
Jacob Robles 675a736ab7 Update Docs 2018-06-29 11:08:31 -05:00
Jacob Robles 574c47cba6 Change Ranking 
Command to change the database user
account could cause a DoS condition
if the credentials are incorrect.
 2018-06-29 10:56:18 -05:00
Jacob Robles 57b89444f3 Additional style fixes 2018-06-29 10:53:57 -05:00
Jacob Robles 7532490a1e Style/Whitespace fixes 2018-06-29 07:02:45 -05:00
William Vu 36a37cf6ab Add HP VAN SDN Controller exploit 2018-06-28 02:14:04 -05:00
Pedro Ribeiro d77ee20fc7 Add fix for 7.3.0 2018-05-30 00:59:11 +03:00
Pedro Ribeiro f1663afd53 Change patch level of vulnerable versions 2018-05-30 00:37:29 +03:00
Pedro Ribeiro 476030bbd6 Fix grep with proper Base64 support; IBM bug! 2018-05-29 18:49:52 +03:00
Pedro Ribeiro a3c7ac830f Fix typo in rand 2018-05-29 18:40:50 +03:00
Pedro Ribeiro ac5718d24c Fix whitespace 2018-05-29 15:02:36 +03:00
Pedro Ribeiro 809982b430 Make changes requested by bcoles 2018-05-29 14:48:57 +03:00
Pedro Ribeiro 56dd07639f add vuln versions 2018-05-28 17:37:58 +03:00
Pedro Ribeiro aaaa9c7508 Fix warnings from travis 2018-05-28 17:18:52 +03:00
Pedro Ribeiro e126681814 Changed disclosure date 2018-05-28 17:08:48 +03:00
Pedro Ribeiro cfb7d4c2fe Add github url 2018-05-28 16:53:54 +03:00
Pedro Ribeiro 7db8183bc7 Create file for CVE-2018-1418 2018-05-28 16:39:10 +03:00
lucyoa 6cc1a8dcbd Rubocop fixes 2018-05-22 10:34:05 -04:00
lucyoa 6ae55aadd4 Fixing documentation, improving exploits code 2018-05-20 12:55:46 -04:00