metasploit-framework
metasploit-framework copied to clipboard
rapid7
Metasploit Framework
`Rex::Post::Meterpreter::Extensions::Stdapi::AudioOutput.play_file(path)` opens a channel to play a file `path`. The channel is opened immediately without any prior validation of `path`. Opening the channel is unnecessary if the file does not...
This module exploits an authenticated command injection vulnerability affecting Cisco ASA-X with FirePOWER Services. This exploit is executed through the ASA's ASDM web server and lands in the FirePower Services...
I'm not sure why this script thinks that developers use vBulletin, but I've left those checks in. Also ninja patches a couple of bugs: * `unix/misc/qnx_qconn_exec` has moved to `qnx/qconn/qconn_exec`....
Resolves Rubocop violations. Adds documentation. Adds `Notes` module meta information. Adds support for non-Meterpreter sessions. Add support for WOW64 Meterpreter sessions.
Note: This requires #16928 to be merged first. This fixes a bunch of bugs in the `Msf::Post::Windows::Service` library. See PR description. --- Resolves Rubocop violations. Adds documentation. Adds `Notes` module...
Note: This requires #16921 to be merged first. This makes ExtAPI load failure not fatal. See PR description. --- Tested on Windows 7 SP1 (x64): * windows/meterpreter/reverse_tcp * windows/x64/meterpreter/reverse_tcp *...
Many `Post` libraries contain `shell` methods which are presumed to work on `powershell` sessions. While this is often true, the shell methods do not appropriately escape special characters such as...
Before this PR, ExtAPI load will only fail and return `false` on Meterpreter sessions. On other session types it will crash. After this PR, failed ExtAPI load will return `false`...
Adds a `Msf::Post::Windows::Accounts.domain_controller?` method and removes `is_dc?` methods from several modules in favor of using the new method. `Msf::Post::Windows::Accounts` seemed like the best place to put this. We don't have...