Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fffff #31

Merged
merged 94 commits into from
Apr 30, 2021
Merged

fffff #31

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
94 commits
Select commit Hold shift + click to select a range
2c83cde
Add PSH generation methods to Util::Exe
Jan 14, 2019
d66aaf9
Fix a very horrible merge mistake
gwillcox-r7 Sep 23, 2020
f91f6cc
Add module Redis extractor
noncenz Feb 1, 2021
c193465
Drop python 3.6 string formatting syntax because the parser is not th…
bwatters-r7 Mar 26, 2021
9776a87
docs
je5442804 Mar 31, 2021
21ec87d
Add Apache Druid CVE-2021-25646 RCE
je5442804 Mar 31, 2021
b6b7956
Add Apache Druid CVE-2021-25646 RCE
je5442804 Mar 31, 2021
2ac30a5
Update modules/exploits/linux/http/apache_druid_js_rce.rb
je5442804 Mar 31, 2021
80f96f0
Update modules/exploits/linux/http/apache_druid_js_rce.rb
je5442804 Apr 3, 2021
76f89dc
Update apache_druid_js_rce.rb
je5442804 Apr 4, 2021
58855af
KOFFEE first commit. This module exploits the Arbitrary Code Executio…
gianpyc Apr 7, 2021
afb263b
Update description
je5442804 Apr 9, 2021
f30a2fd
Update docs
je5442804 Apr 9, 2021
d49b28e
Update docs
je5442804 Apr 9, 2021
d6f1bd7
Update docs-docker setup
je5442804 Apr 9, 2021
58f14a3
Update module-send_request
je5442804 Apr 9, 2021
69b62ce
Update modules/exploits/linux/http/apache_druid_js_rce.rb
je5442804 Apr 9, 2021
2d1b73f
Update apache_druid_js_rce.md
je5442804 Apr 9, 2021
352fedc
Improved
je5442804 Apr 9, 2021
84babda
Adding documentation for KOFFEE exploit
gianpyc Apr 9, 2021
a36030b
add AutoCheck and usage of TARGETURI option
space-r7 Apr 9, 2021
ad9f4c6
Merge pull request #1 from space-r7/druid-changes
je5442804 Apr 10, 2021
942d9e6
Update apache_druid_js_rce.md
je5442804 Apr 10, 2021
e9088cf
Run rubocop and msftidy_docs, both on the module and documentation
gianpyc Apr 12, 2021
cffb82e
Updating KOFFEE module enabling actions that can be selected by a use…
gianpyc Apr 13, 2021
5e495d7
avoid side effects on arguments
jmartin-tech Apr 13, 2021
c4956ce
Updatied the module with the full set of actions
gianpyc Apr 16, 2021
08907a5
Add VMware vRealize Operations Manager SSRF RCE
wvu Apr 3, 2021
d4041cb
Add module doc
wvu Apr 10, 2021
22433d5
Add clarifying comment
wvu Apr 19, 2021
5111caf
Address @gwillcox-r7 review
wvu Apr 21, 2021
a62d1df
Add some details back in
wvu Apr 21, 2021
3c64475
Adding new actions on the module and updated documentation
gianpyc Apr 22, 2021
12cb8b3
Removed not needed require
gianpyc Apr 22, 2021
68ad21c
Adds error handling for NoMethodError
cgranleese-r7 Apr 22, 2021
9bfcbc8
Added string PKey support for ssh module
ctravis-r7 Apr 7, 2021
71f5955
add OBR SSH module
Apr 23, 2021
30c333b
fix typo in shrboadmin
Apr 23, 2021
9a779fe
add ZDI id
Apr 23, 2021
dcf457f
Fix a typo in Eclipse Equinox product name
erran Apr 23, 2021
02656a2
add clarification - it's for linux only
Apr 23, 2021
50873d3
Fix some typos and markdown formatting
smcintyre-r7 Apr 23, 2021
95e59f5
Land #15021, add KOFFEE exploit for CVE-2020-8539
smcintyre-r7 Apr 23, 2021
dc8113f
automatic module_metadata_base.json update
msjenkins-r7 Apr 23, 2021
651a34a
add sploit for MF OBR cmd injection
Apr 23, 2021
58e00b5
Update modules/exploits/linux/http/microfocus_obr_cmd_injection.rb
Apr 23, 2021
02ce5a1
Update modules/exploits/linux/http/microfocus_obr_cmd_injection.rb
Apr 23, 2021
c1c402f
Update modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb
ctravis-r7 Apr 23, 2021
07d82cd
fix timeout errors in rubocop
Apr 23, 2021
6cc800e
Updated logging and documentation
ctravis-r7 Apr 23, 2021
63e14cf
Update method options, method comments, and comment on to_win32pe_psh…
bwatters-r7 Apr 23, 2021
619e01b
Land #11257, Add PSH generation methods to Util::Exe
bwatters-r7 Apr 23, 2021
d742ee0
use python string.format
timwr Apr 23, 2021
16401b0
Land #14953, fix python3.6 string formatting in rdp_web_login
timwr Apr 23, 2021
10c29f7
automatic module_metadata_base.json update
msjenkins-r7 Apr 23, 2021
26ce396
Fix #15091, fix sessions -c to use a subshell
timwr Apr 23, 2021
6b4e5a7
Land PR #15088, Fix a typo in Eclipse Equinox product name
gwillcox-r7 Apr 23, 2021
b177452
automatic module_metadata_base.json update
msjenkins-r7 Apr 23, 2021
9b984dd
Update microfocus_obr_cmd_injection.md
LiHua-Official Apr 25, 2021
71a14ed
Merge pull request #30 from LiHua-Official/patch-1
Apr 25, 2021
363db0e
Land #14977, add Apache Druid js rce
space-r7 Apr 26, 2021
18b354e
automatic module_metadata_base.json update
msjenkins-r7 Apr 26, 2021
8894d4b
Remove leading and trailing spaces from readline input
pingport80 Apr 23, 2021
74624c0
Strip history lines before comparing to ensure more accurate comparis…
gwillcox-r7 Apr 24, 2021
c7b7c6b
Update docs
pingport80 Apr 26, 2021
fcade0e
Land PR #15085, Add history avoidance for command and remove leading …
gwillcox-r7 Apr 26, 2021
a640443
Land #15014, Added string PKey support for ssh module
smashery Apr 27, 2021
6e07bb1
automatic module_metadata_base.json update
msjenkins-r7 Apr 27, 2021
16923f4
Land #15042, avoid side effects on db interaction argument hash
adfoster-r7 Apr 27, 2021
a4af80d
Land #15005, add VMware vRealize SSRF RCE
space-r7 Apr 27, 2021
3ca300f
automatic module_metadata_base.json update
msjenkins-r7 Apr 27, 2021
24d291c
Land #15081, Adds error handling for `mssql_idf` when module has no m…
adfoster-r7 Apr 27, 2021
9e03db5
automatic module_metadata_base.json update
msjenkins-r7 Apr 27, 2021
e6910da
Land #15094, Fix sessions -c to use a subshell
smcintyre-r7 Apr 27, 2021
dc24800
Robustness improvements to Redis extractor module
smashery Apr 27, 2021
54923c9
Use new parsing code in most requests in the module
smashery Apr 28, 2021
b2d5c4e
Added unit test
smashery Apr 28, 2021
06f3785
Various changes from code review
smashery Apr 28, 2021
facb6d9
Fixed unit test failure
smashery Apr 28, 2021
7e24852
Fixes meterpreter tab completion issue
cgranleese-r7 Apr 6, 2021
ecebecb
Land #15050, fix meterpreter tab completion crash
adfoster-r7 Apr 28, 2021
90f1416
Update metasploit-payloads gem to 2.0.44
zeroSteiner Apr 28, 2021
e2bce49
Land #15110, Update metasploit-payloads gem to 2.0.44
timwr Apr 28, 2021
4678790
Fixed Rubocop issues
smashery Apr 29, 2021
78295b6
Land #14702, Add module Redis extractor
smashery Apr 29, 2021
fc725e1
Fix issue in Redis modules when run against authenticated instances.
smashery Apr 29, 2021
e16c1fc
automatic module_metadata_base.json update
msjenkins-r7 Apr 29, 2021
5f57a1a
Land #15114, Fix issue in Redis modules when run against authenticate…
adfoster-r7 Apr 29, 2021
4373b46
Update the markdown module docs a bit
smcintyre-r7 Apr 29, 2021
b2142aa
Land #15086, Add exploit for CVE-2020-11857
smcintyre-r7 Apr 29, 2021
d68f8f6
automatic module_metadata_base.json update
msjenkins-r7 Apr 29, 2021
5637cd4
Bump version of framework to 6.0.43
msjenkins-r7 Apr 29, 2021
994825d
Land #15090, Add exploit for CVE-2021-22502
smcintyre-r7 Apr 29, 2021
904cd66
automatic module_metadata_base.json update
msjenkins-r7 Apr 29, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 13 additions & 13 deletions Gemfile.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
PATH
remote: .
specs:
metasploit-framework (6.0.42)
metasploit-framework (6.0.43)
actionpack (~> 5.2.2)
activerecord (~> 5.2.2)
activesupport (~> 5.2.2)
Expand All @@ -28,7 +28,7 @@ PATH
metasploit-concern (~> 3.0.0)
metasploit-credential (~> 4.0.0)
metasploit-model (~> 3.1.0)
metasploit-payloads (= 2.0.43)
metasploit-payloads (= 2.0.44)
metasploit_data_models (~> 4.1.0)
metasploit_payloads-mettle (= 1.0.9)
mqtt
Expand Down Expand Up @@ -122,13 +122,13 @@ GEM
activerecord (>= 3.1.0, < 7)
ast (2.4.2)
aws-eventstream (1.1.1)
aws-partitions (1.446.0)
aws-partitions (1.449.0)
aws-sdk-core (3.114.0)
aws-eventstream (~> 1, >= 1.0.2)
aws-partitions (~> 1, >= 1.239.0)
aws-sigv4 (~> 1.1)
jmespath (~> 1.0)
aws-sdk-ec2 (1.234.0)
aws-sdk-ec2 (1.235.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-iam (1.52.0)
Expand All @@ -137,7 +137,7 @@ GEM
aws-sdk-kms (1.43.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-s3 (1.93.1)
aws-sdk-s3 (1.94.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.1)
Expand Down Expand Up @@ -208,11 +208,11 @@ GEM
nokogiri (>= 1.5.9)
memory_profiler (1.0.0)
metasm (1.0.4)
metasploit-concern (3.0.1)
metasploit-concern (3.0.2)
activemodel (~> 5.2.2)
activesupport (~> 5.2.2)
railties (~> 5.2.2)
metasploit-credential (4.0.3)
metasploit-credential (4.0.5)
metasploit-concern
metasploit-model
metasploit_data_models (>= 3.0.0)
Expand All @@ -222,12 +222,12 @@ GEM
rex-socket
rubyntlm
rubyzip
metasploit-model (3.1.3)
metasploit-model (3.1.4)
activemodel (~> 5.2.2)
activesupport (~> 5.2.2)
railties (~> 5.2.2)
metasploit-payloads (2.0.43)
metasploit_data_models (4.1.3)
metasploit-payloads (2.0.44)
metasploit_data_models (4.1.4)
activerecord (~> 5.2.2)
activesupport (~> 5.2.2)
arel-helpers
Expand All @@ -239,7 +239,7 @@ GEM
webrick
metasploit_payloads-mettle (1.0.9)
method_source (1.0.0)
mini_portile2 (2.5.0)
mini_portile2 (2.5.1)
minitest (5.14.4)
mqtt (0.5.0)
msgpack (1.4.2)
Expand All @@ -255,7 +255,7 @@ GEM
nokogiri (1.11.3)
mini_portile2 (~> 2.5.0)
racc (~> 1.4)
octokit (4.20.0)
octokit (4.21.0)
faraday (>= 0.9)
sawyer (~> 0.8.0, >= 0.5.3)
openssl-ccm (1.2.2)
Expand Down Expand Up @@ -337,7 +337,7 @@ GEM
rex-arch
rex-ole (0.1.7)
rex-text
rex-powershell (0.1.89)
rex-powershell (0.1.90)
rex-random_identifier
rex-text
ruby-rc4
Expand Down
24 changes: 12 additions & 12 deletions LICENSE_GEMS
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,12 @@ arel, 9.0.0, MIT
arel-helpers, 2.12.0, MIT
ast, 2.4.2, MIT
aws-eventstream, 1.1.1, "Apache 2.0"
aws-partitions, 1.446.0, "Apache 2.0"
aws-partitions, 1.449.0, "Apache 2.0"
aws-sdk-core, 3.114.0, "Apache 2.0"
aws-sdk-ec2, 1.234.0, "Apache 2.0"
aws-sdk-ec2, 1.235.0, "Apache 2.0"
aws-sdk-iam, 1.52.0, "Apache 2.0"
aws-sdk-kms, 1.43.0, "Apache 2.0"
aws-sdk-s3, 1.93.1, "Apache 2.0"
aws-sdk-s3, 1.94.0, "Apache 2.0"
aws-sigv4, 1.2.3, "Apache 2.0"
bcrypt, 3.1.16, MIT
bcrypt_pbkdf, 1.1.0, MIT
Expand Down Expand Up @@ -60,15 +60,15 @@ json, 2.5.1, ruby
loofah, 2.9.1, MIT
memory_profiler, 1.0.0, MIT
metasm, 1.0.4, LGPL-2.1
metasploit-concern, 3.0.1, "New BSD"
metasploit-credential, 4.0.3, "New BSD"
metasploit-framework, 6.0.42, "New BSD"
metasploit-model, 3.1.3, "New BSD"
metasploit-payloads, 2.0.43, "3-clause (or ""modified"") BSD"
metasploit_data_models, 4.1.3, "New BSD"
metasploit-concern, 3.0.2, "New BSD"
metasploit-credential, 4.0.5, "New BSD"
metasploit-framework, 6.0.43, "New BSD"
metasploit-model, 3.1.4, "New BSD"
metasploit-payloads, 2.0.44, "3-clause (or ""modified"") BSD"
metasploit_data_models, 4.1.4, "New BSD"
metasploit_payloads-mettle, 1.0.9, "3-clause (or ""modified"") BSD"
method_source, 1.0.0, MIT
mini_portile2, 2.5.0, MIT
mini_portile2, 2.5.1, MIT
minitest, 5.14.4, MIT
mqtt, 0.5.0, MIT
msgpack, 1.4.2, "Apache 2.0"
Expand All @@ -81,7 +81,7 @@ network_interface, 0.0.2, MIT
nexpose, 7.3.0, "New BSD"
nio4r, 2.5.7, MIT
nokogiri, 1.11.3, MIT
octokit, 4.20.0, MIT
octokit, 4.21.0, MIT
openssl-ccm, 1.2.2, MIT
openssl-cmac, 2.0.1, MIT
openvas-omp, 0.0.4, MIT
Expand Down Expand Up @@ -119,7 +119,7 @@ rex-java, 0.1.6, "New BSD"
rex-mime, 0.1.6, "New BSD"
rex-nop, 0.1.2, "New BSD"
rex-ole, 0.1.7, "New BSD"
rex-powershell, 0.1.89, "New BSD"
rex-powershell, 0.1.90, "New BSD"
rex-random_identifier, 0.1.5, "New BSD"
rex-registry, 0.1.4, "New BSD"
rex-rop_builder, 0.1.4, "New BSD"
Expand Down
Loading