Spencer McIntyre
146859dc12
Use bash instead of netcat as a default payload
...
Bash is more likely to be installed than netcat and therefore should be
more reliable.
2022-03-02 10:41:57 -05:00
bwatters
06e897436c
Add Fedora results to docs and some minor final cleanup
2022-03-02 09:12:01 -06:00
Tim W
9d1c919094
Land #16257 , add warning for older apktool versions
2022-03-02 10:28:31 +00:00
Brendan Coles
ef135a8440
Msf::Payload::Apk: Print warning if apktool version < 2.5.1
2022-03-02 06:31:43 +00:00
Ashley Donaldson
4c4b0b4f8c
Fix race condition in jobs cleanup that could allow it to clean up twice simultaneously
2022-03-02 14:43:06 +11:00
Heyder Andrade
7aa9547e05
WIP - improvements on the request body
2022-03-02 01:43:04 +01:00
adfoster-r7
9c1b0d197b
Land #16255 , Update metasploit-payloads gem to 2.0.77 - Fix issue with kiwi_cmd arguments
2022-03-01 22:31:08 +00:00
Spencer McIntyre
fa89295fe3
Update metasploit-payloads gem to 2.0.77
2022-03-01 16:17:45 -05:00
bwatters
58aed837b2
Update docs and options
2022-03-01 14:48:48 -06:00
Heyder Andrade
bb2a2e458b
shodan_search default user-agent overwirte - fix #16189 and #16223
...
As the Shodan is checking the UserAgent to decide which content-type it
will deliver, the default user-agent is causing it to reply a html page.
This commit overwrite the default user-agent the the module shodan_search
to 'Wget' that works in on the shodan API.
2022-03-01 21:31:35 +01:00
bwatters
0516badd8e
Change the way we cd after new session is created
2022-03-01 14:20:07 -06:00
space-r7
0c3f0e38f7
Land #16228 , validate payload size if not encoded
2022-03-01 14:04:01 -06:00
adfoster-r7
9694b9ff1d
Add explicit Github action permissions
2022-03-01 19:48:33 +00:00
Heyder Andrade
abd03d592e
WIP - adding bypass the IP restriction (CVE-2022-24112)
2022-03-01 19:00:59 +01:00
Heyder Andrade
ea2b29661f
Fix typo
2022-03-01 17:13:20 +01:00
Metasploit
88888ed2af
automatic module_metadata_base.json update
2022-03-01 10:12:33 -06:00
adfoster-r7
7be128b9d2
Land #16251 , Fix Python Meterpreter race condition when executing subcommands
2022-03-01 15:53:41 +00:00
Jake Baines
e19a92e7a6
Fix disclosure date
2022-03-01 07:12:22 -08:00
Spencer McIntyre
5e5c207864
Update metasploit-payloads gem to 2.0.76
2022-03-01 10:01:07 -05:00
Jake Baines
fbdb6614bc
Initial version of CVE-2021-4191 GitLab user enumeration
2022-03-01 06:57:39 -08:00
sjanusz
869f073a1b
Add setg option to log TLV packets to console or file
2022-03-01 12:50:35 +00:00
Heyder Andrade
a6d33ea98e
Add module documentation
2022-03-01 12:54:17 +01:00
Metasploit
239308824a
automatic module_metadata_base.json update
2022-02-28 14:58:50 -06:00
bwatters
0081811c52
Land #16185 , Firefox CVE-2020-26950 use after free browser exploit
...
Merge branch 'land-16185' into upstream-master
2022-02-28 14:38:23 -06:00
Metasploit
8e32809fcc
automatic module_metadata_base.json update
2022-02-28 12:48:53 -06:00
space-r7
0d10409d67
Land #16131 , add modern events calendar sqli
2022-02-28 12:27:45 -06:00
sjanusz
04ecb347a4
rjust command output
2022-02-28 18:26:31 +00:00
Heyder Andrade
ad7bd6d623
Added Apache APISIX default API Token RCE module
...
Added module that laverage the default admin API token for Apache APISIX
to add malicious route which leads to the remote LUA code execution
through the script parameter added in the 2.x version.
2022-02-28 18:09:18 +01:00
Simon Janusz
6c19b93840
Land #16225 , Add option to ignore loading metasploit during tests
...
Add option to ignore loading metasploit during tests
2022-02-28 14:22:12 +00:00
Simon Janusz
bd1df9109c
Land #16224 , Ignore reload lib spec helper file
...
Ignore reload lib spec helper file
2022-02-28 12:23:04 +00:00
Jake Baines
65e16a1a72
Initial implementation of pfSense auth file creation bug (CVE-2021-41282)
2022-02-27 18:12:54 -08:00
Tim W
da8dcbb563
Land #16235 , fix apk injection for apktool with malformed version string
2022-02-27 07:33:22 +00:00
Brendan Coles
4fe7375341
Msf::Payload::Apk: Fix apktool version check
2022-02-27 05:33:00 +00:00
Tim W
579811418f
update documentation with note about Firefox 82.0.1
2022-02-26 12:35:38 +00:00
space-r7
40bb5e2afa
correct return val for definition, add module
2022-02-25 18:13:49 -06:00
Metasploit
f3228b4af7
automatic module_metadata_base.json update
2022-02-25 16:56:54 -06:00
bwatters
ecaf8b1ba9
Land #16204 , Hikvision Unauthenticated RCE (CVE-2021-36260)
...
Merge branch 'land-16204' into upstream-master
2022-02-25 16:37:08 -06:00
Spencer McIntyre
147837e9b6
Validate payload size even when not encoding
2022-02-25 17:21:59 -05:00
Metasploit
0ac48ea147
automatic module_metadata_base.json update
2022-02-25 16:15:27 -06:00
h00die
9799d87ec9
update exploitable plugins
2022-02-25 17:00:34 -05:00
bwatters
b69db83398
Land #16202 , Add exploit for CVE-2022-21882 (Win32k LPE)
...
Merge branch 'land-16202' into upstream-master
2022-02-25 15:55:48 -06:00
h00die
2195edbb8d
masterstudy privesc
2022-02-25 16:36:47 -05:00
Metasploit
65626bedd4
automatic module_metadata_base.json update
2022-02-25 11:55:20 -06:00
Grant Willcox
217afa0f3b
Land #16190 , Axis Camera App RCE (No CVE)
2022-02-25 11:35:03 -06:00
Grant Willcox
1e0db45f1d
Add small note about ARMLE stager for future travelers
2022-02-25 11:34:31 -06:00
Spencer McIntyre
9f6e3ba543
Set the cached size for adapated payloads
2022-02-25 11:55:48 -05:00
Jake Baines
2bec5c425f
Change CheckCode to Appears
2022-02-25 08:32:06 -08:00
adfoster-r7
09129f086d
Add option to ignore loading metasploit during tests
2022-02-25 12:59:10 +00:00
adfoster-r7
5ee44bcdb7
Ignore reload lib spec helper file
2022-02-25 12:38:03 +00:00
Jake Baines
1facfe4a2f
Alter upload filename.
2022-02-25 02:53:52 -08:00