dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
73,108 Commits 10 Branches 885 Tags 1.3 GiB
Commit Graph

73108 Commits

Author SHA1 Message Date
cgranleese-r7 db3b2de3f3
Land #18855, Use database_name for SQL sessions 2024-02-19 11:10:02 +00:00
dwelch-r7 0108f1f214
Land #18861, Removes SessionType values from modules with OptionalSession mixin 2024-02-19 10:57:41 +00:00
cgranleese-r7 de17261926 Removes session types from module with session type mixin 2024-02-19 10:34:16 +00:00
sjanusz-r7 64ab62f2c3 Use database_name for SQL sessions 2024-02-17 03:31:58 +00:00
Metasploit 19c1a35592
automatic module_metadata_base.json update 2024-02-16 14:55:39 -06:00
Jack Heysel 8cddffa3d1
Land #18700, Add Kafka-ui Unauth RCE module 
This PR adds an exploit module for CVE-2023-52251 which
is an unauthenticated rce vulnerability in Kafka's UI.
 2024-02-16 15:38:52 -05:00
Metasploit eef29a5100
automatic module_metadata_base.json update 2024-02-16 14:31:32 -06:00
Jack Heysel a1b0ff0fcf
Land #18681, Update Apache Ofbiz w. Auth-Bypass 
This PR updates the pre-existing apache_ofbiz_deserialization
module to include functionality that will bypass authentication by
using the newly discovered CVE-2023-51467.
 2024-02-16 15:02:34 -05:00
adfoster-r7 94f0d243c7
Land #18846, msftidy_docs.rb add TARGETURI to universal option list 2024-02-16 14:23:33 +00:00
Christophe De La Fuente da9164fcc6
Add targeturi to universal option list 2024-02-16 12:58:49 +01:00
adfoster-r7 bbe1098b13
Land #18842, update docker image bundler args 2024-02-15 23:22:57 +00:00
Metasploit e15fd1a782
automatic module_metadata_base.json update 2024-02-15 16:35:11 -06:00
adfoster-r7 7b56d012e8
Land #18678, add LDAP capture capabilities 2024-02-15 22:11:04 +00:00
adfoster-r7 40701bf59a
Fix auhtentication typo in lib/rex/proto/ldap/auth.rb 2024-02-15 21:26:45 +00:00
upsidedwn 8dcb409d25
Fix BUNDLER_CONFIG_ARGS variable mismatch in Dockerfile 
Previous version of Dockerfile used `set clean 'true'`. However, this no longer works with "newer" versions of Ruby gems (rubygems/rubygems#3271), which now requires a force option when cleaning system gems.

Since there is no way to set the force flag through config, a new ARG (BUNDLER_FORCE_CLEAN) is used to provide the option of whether to run bundle clean --force on system gems.
 2024-02-16 02:16:42 +08:00
Metasploit 1d9a08f405
automatic module_metadata_base.json update 2024-02-15 07:43:02 -06:00
adfoster-r7 e49c6a792a
Land #18770, Extract SMB, PostgreSQL, MySQL and MSSQL optional sessions into their own mixins 2024-02-15 13:19:37 +00:00
Metasploit 8e3daa5179
Bump version of framework to 6.3.57 2024-02-15 03:37:54 -06:00
adfoster-r7 1d406cfc2a
Land #18809, DNS command improvements 2024-02-14 22:12:30 +00:00
h00die-gr3y d716e60cf2 added base64 encoder module of zerosteiner 2024-02-14 21:33:50 +00:00
h00die-gr3y f5c71d09c2 using data/kafka_ui_versions.json for the version check 2024-02-14 20:57:46 +00:00
H00die.Gr3y 8b70cefd83 Update modules/exploits/linux/http/kafka_ui_unauth_rce_cve_2023_52251.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-02-14 20:57:46 +00:00
H00die.Gr3y 996ca8a7c9 Update documentation/modules/exploit/linux/http/kafka_ui_unauth_rce_cve_2023_52251.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-02-14 20:57:46 +00:00
h00die-gr3y f75722ecf2 Small updates to module and documentation 2024-02-14 20:57:46 +00:00
h00die-gr3y dde7e3c5d3 Small tweaks to verbose messages 2024-02-14 20:57:46 +00:00
h00die-gr3y eafdb8495b Added documentation 2024-02-14 20:57:46 +00:00
h00die-gr3y d5f30befbb Second release of module 2024-02-14 20:57:46 +00:00
h00die-gr3y 3db32da70f First release of module. 2024-02-14 20:57:45 +00:00
h00die-gr3y 5f703b2e28 First draft. Not ready for review 2024-02-14 20:57:45 +00:00
Spencer McIntyre eca99e2c77 Refactor resolver types 2024-02-14 14:40:22 -05:00
Spencer McIntyre 27ccb26de1 Adjust the confirmation logic before resetting 2024-02-14 14:27:05 -05:00
Spencer McIntyre a75013e51a
Land #18616, Fix aarch64 elf shared SIGBUS error 
Fix aarch64 elf shared object bus error
 2024-02-14 13:30:29 -05:00
Metasploit 7228a2ad20
automatic module_metadata_base.json update 2024-02-14 10:52:51 -06:00
Christophe De La Fuente 747d328bcb
Land #18786, Fix option collision in `service_persistence` 2024-02-14 17:25:15 +01:00
Dean Welch fa5c4c0193 lowercase session types 2024-02-14 15:45:34 +00:00
Dean Welch 0d4e1ed755 Use mssql option session mixin with mssql modules 2024-02-14 15:37:11 +00:00
Dean Welch 587a8690a1 Use individual session mixins 2024-02-14 15:37:11 +00:00
Dean Welch 08872d0211 Add session type to info hash in the mixin 2024-02-14 15:37:11 +00:00
Dean Welch 0f319bdfb9 Extract SMB and PostgreSQL optional sessions into their own mixins 2024-02-14 15:37:11 +00:00
Spencer McIntyre df81cda304 Bump rex-socket to pull in validation changes 2024-02-14 09:39:51 -05:00
Metasploit 3447ca37ea
automatic module_metadata_base.json update 2024-02-14 08:38:46 -06:00
Christophe De La Fuente fc5a12431c
Land #18664, Add an SMB-based fetch payload for Windows 2024-02-14 14:57:32 +01:00
dwelch-r7 bd78f03c98
Land #18834, Remove redundant require statements in tests 2024-02-14 12:33:33 +00:00
adfoster-r7 0d250c49fa Remove redundant require statements in tests 2024-02-14 12:26:08 +00:00
Metasploit 2409d132ae
automatic module_metadata_base.json update 2024-02-14 05:09:43 -06:00
adfoster-r7 1794a5fbee
Land #18763, Mssql session modules 2024-02-14 10:54:04 +00:00
Zach Goldman d18520adc6 update rhost and rport calls 2024-02-13 13:00:38 -06:00
Metasploit 9b4d6f1219
automatic module_metadata_base.json update 2024-02-13 12:35:36 -06:00
Christophe De La Fuente cb290d8032
Land #18807, Add a base64 ARCH_CMD encoder 2024-02-13 19:11:57 +01:00
Zach Goldman c05c6773df adjust session logic in modules 2024-02-13 11:59:09 -06:00