dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
73,454 Commits 10 Branches 885 Tags 1.3 GiB
Commit Graph

73454 Commits

Author SHA1 Message Date
sfewer-r7 0b14d1b495
add a Linux command payload target, tested on version 20.3.31734. We leverage the path traversal CVE-2023-1708 to ensure the dropped ASHX file can be reached. This was blocking the Linux target from working. Also works fine on Windows. We leverage FileDropper mixin to delete this file. 2024-02-22 14:54:45 +00:00
sfewer-r7 8b4fee010c
remove the full stop to make it easier to copy andpast the password (and not accidentaly copy the full stop charachter) 2024-02-22 14:52:18 +00:00
adfoster-r7 d76dd4a7fb Improve visual indentation logic for tables 2024-02-22 14:43:29 +00:00
Gaurav Jain b2cb102c9b
Merge branch 'rapid7:master' into manageengine 2024-02-22 17:20:28 +05:30
Gaurav Jain 51dcd5c971 Update splunk cve-2023-32707 to use reviewed changes 2024-02-22 17:13:44 +05:30
adfoster-r7 4af5c5438f
Land #18830, SQL sessions consolidation 2024-02-22 11:42:11 +00:00
Metasploit c5eb4eb8a9
Bump version of framework to 6.3.58 2024-02-22 03:35:01 -06:00
Christophe De La Fuente a1a0df74eb
Land #18866, Update Windows 11 Mimikatz support - update metasploit-payloads gem to 2.0.166 2024-02-22 09:50:35 +01:00
sfewer-r7 eded0e7788
POST the payload.encoded data when we trigger the ASHX file, this way we dont drop the Metasploit payload to disk. 2024-02-21 23:38:35 +00:00
sjanusz-r7 085071da02 Convert generic SQL mixin into a class 2024-02-21 18:01:55 +00:00
sfewer-r7 f6b1c9b1ce
add in docs 2024-02-21 17:44:16 +00:00
sfewer-r7 e0ee7940d0
CISA has assigned this vulnerability CVE-2024-1709 2024-02-21 17:12:08 +00:00
sfewer-r7 2839683af5
use Rex::RandomIdentifier::Generator to generate identifiers. 2024-02-21 17:08:40 +00:00
Metasploit aefebd996a
automatic module_metadata_base.json update 2024-02-21 11:07:58 -06:00
Jack Heysel 0aa20c73a4
Land #18832, Add exploit module CVE-2023-47218 
The PR adds a module targeting CVE-2023-47218, an
unauthenticated command injection vuln affecting QNAP
QTS and QuTH Hero.
 2024-02-21 08:48:30 -08:00
sjanusz-r7 1b7c2bbaec SQL sessions consolidation 2024-02-21 16:16:14 +00:00
sfewer-r7 10f11c94e1
improve the error description for failure messages 2024-02-21 16:11:50 +00:00
sfewer-r7 9828ffa870
add an in-memory payload target 2024-02-21 16:07:01 +00:00
sfewer-r7 2d8b0f414d
remove redundant slashes in other calls to normalize_uri 2024-02-21 16:04:19 +00:00
sfewer-r7 61c1a513a5
drop the leading forward slash 2024-02-21 15:59:25 +00:00
dwelch-r7 cc565a1731
Land #18871, Fix crash when using webconsole 2024-02-21 14:05:16 +00:00
adfoster-r7 82c2eb9899 Fix crash when using webconsole 2024-02-21 13:53:17 +00:00
sfewer-r7 6d473b2424
remove debug prints 2024-02-21 13:30:06 +00:00
sfewer-r7 c529749f77
fix tabs 2024-02-21 13:14:35 +00:00
cgranleese-r7 7b618d4f41
Land #18817, Improve options display optional session types 2024-02-21 13:03:45 +00:00
Dean Welch bf1608a4ad Show session/rhost options separate from each other 2024-02-21 12:51:11 +00:00
Metasploit f70667124f
automatic module_metadata_base.json update 2024-02-20 17:56:50 -06:00
bwatters d21e4080a9
Land #18792, Ivanti Connect Secure - Unauth RCE (CVE-2024-21893 + CVE-2024-21887) #18792 
Merge branch 'land-18792' into upstream-master
 2024-02-20 17:40:12 -06:00
Spencer McIntyre b79790cff6 Update metasploit-payloads gem to 2.0.166 
Includes changes from:
* rapid7/metasploit-payloads#698
 2024-02-20 13:35:42 -05:00
adfoster-r7 06b3004af4
Land #18864, allias ls and dir commands inside new SMB session type prompt 2024-02-20 18:22:45 +00:00
cgranleese-r7 a30a7f81e5
Land #18865, Consolidate option dumps 2024-02-20 18:09:02 +00:00
Dean Welch e288592beb Add yard docs and small tidy up 2024-02-20 16:15:16 +00:00
Dean Welch 901a972a71 Remove extra CI test run 2024-02-20 14:48:04 +00:00
cgranleese-r7 4fcb4a4e3a
Land #18863, Expose MSSQL initial connection info in client 2024-02-20 14:17:34 +00:00
cgranleese-r7 768ad16d8c Alias ls and dir inside new smb session type prompt 2024-02-20 14:15:30 +00:00
Dean Welch 175d584ff7 Consolidate option dump remove condition datastore condition on tests 2024-02-20 14:09:17 +00:00
sjanusz-r7 200d03c417 Expose MSSQL initial connection info in client 2024-02-20 11:36:10 +00:00
Metasploit a3d8b0f77a
automatic module_metadata_base.json update 2024-02-19 10:41:33 -06:00
cgranleese-r7 e66f6c106b
Land #18847, Add Proxies support to creating a session with postgres_login 2024-02-19 16:20:09 +00:00
cgranleese-r7 3be5988679
Land #18848, Add Proxies support to creating a session with mssql_login 2024-02-19 16:10:37 +00:00
Metasploit 2cc8281db7
automatic module_metadata_base.json update 2024-02-19 08:42:51 -06:00
cgranleese-r7 c2a217efcd
Land #18854, Add Proxies support to creating a session with mysql_login 2024-02-19 14:27:22 +00:00
adfoster-r7 5735c7cb89
Land #18857, Documentation: Updated instructions for setting up msfdb 2024-02-19 13:38:03 +00:00
dwelch-r7 6db865a46c
Land #18850, Fix failing ldap server tests 2024-02-19 12:39:52 +00:00
sjanusz-r7 b2f36e41c4 Add Proxies support to creating a session with mysql_login 2024-02-19 12:22:51 +00:00
sfewer-r7 edf2bae69a
add native java payload support 2024-02-19 11:37:34 +00:00
Metasploit 66696d201b
automatic module_metadata_base.json update 2024-02-19 05:33:15 -06:00
cgranleese-r7 db3b2de3f3
Land #18855, Use database_name for SQL sessions 2024-02-19 11:10:02 +00:00
dwelch-r7 0108f1f214
Land #18861, Removes SessionType values from modules with OptionalSession mixin 2024-02-19 10:57:41 +00:00
cgranleese-r7 de17261926 Removes session types from module with session type mixin 2024-02-19 10:34:16 +00:00