metasploit-framework

metasploit-framework copied to clipboard

Add ManageEngine DataSecurity Plus directory traversal exploit module and docs (CVE-2020-11531)

3

# About This change adds a new exploit module (docs) that exploits CVE-2020-11531 and CVE-2020-11532 against ManageEngine DataSecurity Plus. The change also adds several JSON files that are required for...

ErikWynter

Ascii-8bit to UTF-8 encoding in smb/psexec

20

## Steps to reproduce set smbuser järvalv set smbpass whatever set rhost 192.168.1.10 run ## Current behavior Im getting failure due the character "ä" in smbuser Exploit failed [no-access]: Rex::Proto::SMB::Exceptions::loginError...

Mussu999

apktool execution failed: Unsigned short value out of range: 65577

2

When using a template APK file with msfvenom, injecting the Meterpreter payload may exceed the DEX 64K reference limit. > Android app (APK) files contain executable bytecode files in the...

bcoles

post/multi/gather/chrome_cookies: Post failed: NoMethodError undefined method `type' for nil:NilClass

5

I am getting this type of error when I am executing the run command. Kindly resolve this issue. 

maamirh

`windows/*/reverse_ord_tcp` does not appear to work?

3

Based on the documentation here: https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/payload/windows/shell/reverse_ord_tcp.md I should be doing this right, but the result is no session, and a crashed smb service: ``` msf6 exploit(windows/smb/ms08_067_netapi) > show options Module...

bwatters-r7

Exiting the final session crashes intermediate session in named_pipe pivoted sessions

1

While landing https://github.com/rapid7/metasploit-framework/pull/16653 I noticed that closing the pivoted session brings down the session that the pivoted session went through: ``` msf6 payload(windows/x64/meterpreter/reverse_named_pipe) > sessions -i 4 [*] Starting interaction...

bwatters-r7

exploit/solaris/ssh/pam_username_bof doesn't work in Metasploit recent versions

2

## Steps to reproduce Use exploit/solaris/ssh/pam_username_bof with a recent version of Metasploit. Target version (uname -a): SunOS solaris 5.10 Generic_147148-26 i86pc i386 i86pc ## Were you following a specific guide/tutorial...

frantz45

Update jenkins_script_console.rb to remove deprecated sun.misc.BASE64Decoder class

2

Modern Java disabled the sun.misc.BASE64Decoder class so exploit will fail on any newer version of Jenkins. The java.util.Base64 class should be used now; the change has been confirmed to work...

bojanisc

Fix individual mssql login crashes stopping further login attempts

3

Closes https://github.com/rapid7/metasploit-framework/issues/11341 Before the module would crash:  Now we should log the error and continue ## Verification **Verify** The module can run against a server that doesn't respond: ```...

adfoster-r7

meterpreter doesn't display ipv6 routes

4

I want to bring back #11688. One a Windows 10 target with many IPv6 routes, the meterpreter `route` command shows no IPv6 routes. `rout print -6` on the target shows...

noraj