metasploit-gs

Author	SHA1	Message	Date
cgranleese-r7	75d02b5630	Merge pull request #20414 from adfoster-r7/pin-json-dependency Pin json dependency	2025-07-24 12:06:24 +01:00
jenkins-metasploit	04b08fb545	automatic module_metadata_base.json update	2025-07-24 10:37:43 +00:00
msutovsky-r7	afeded56aa	Land #20384 , adds module for malicious Windows Registration Entries files Add Malicious Windows Registration Entries (.reg) File module	2025-07-24 12:29:34 +02:00
Martin Sutovsky	54c86cfc10	Addressing comments	2025-07-24 12:19:47 +02:00
adfoster-r7	90346ad812	Pin json dependency	2025-07-24 11:11:59 +01:00
Stephen Fewer	899e275155	Make the double quotes optional, reports of Server 2016 not using these, but Server 2019 is. Thanks @w0rk3r for the bug report and fix. Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>	2025-07-23 23:51:42 +01:00
sfewer-r7	b8cf458706	the check routine was getting the /_layouts/15/error.aspx page, this will not be accessable unless Forms Based Authentication (FBA) is enabled on the site. A better choice is /_layouts/15/start.aspx as this is accessible regardless of FBA being enabled. Thanks @alexey-at-work-bc for identifying this and sugesting a fix.	2025-07-23 23:03:43 +01:00
jheysel-r7	9a46ce6628	Merge pull request #20403 from adfoster-r7/dependency-update Dependency update	2025-07-23 13:18:31 -07:00
adfoster-r7	9b330018ad	Dependency update	2025-07-23 20:55:09 +01:00
sfewer-r7	7838e06f4f	reimplement the gadget chain using the Metasploit Msf::Util::DotNetDeserialization routines	2025-07-23 17:36:56 +01:00
sfewer-r7	d2a1f7bae9	add in exploit for CVE-2025-53770 and CVE-2025-53771, Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell)	2025-07-23 12:40:14 +01:00
laptop	9c1b7e94eb	fix(redis_server): Correctly parse multi-word Redis commands	2025-07-23 11:50:34 +08:00
jenkins-metasploit	0a1cbf131d	automatic module_metadata_base.json update	2025-07-22 15:27:53 +00:00
jheysel-r7	05f2012ccc	Merge pull request #20338 from Chocapikk/xorcom Add auxiliary and exploit modules for Xorcom CompletePBX 5.2.35 CVEs (2025-2292, 30004, 30005)	2025-07-22 08:19:36 -07:00
Martin Sutovsky	75f6e6a748	Refactors code, adds description, fixes CVE	2025-07-22 16:24:35 +02:00
Martin Sutovsky	ed5c13330f	Module init	2025-07-21 12:41:38 +02:00
h00die-gr3y	58704e9eab	init module + documentation	2025-07-20 19:06:01 +00:00
Valentin Lobstein	e42af1843b	Lint	2025-07-19 03:22:12 +01:00
Valentin Lobstein	2bb2bbc5bd	Update wp_depicter_sqli_cve_2025_2011.rb	2025-07-19 04:07:22 +02:00
Valentin Lobstein	56f6a65e21	Update lib/msf/core/exploit/remote/http/xorcom_complete_pbx.rb Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>	2025-07-19 04:04:25 +02:00
Valentin Lobstein	4a1f9e541e	Update lib/msf/core/exploit/remote/http/xorcom_complete_pbx.rb Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>	2025-07-19 04:04:14 +02:00
jenkins-metasploit	6dcefab6ab	automatic module_metadata_base.json update	2025-07-18 23:45:22 +00:00
jheysel-r7	00c8c773a3	Merge pull request #20375 from Chocapikk/wp_photo_gallery_sqli WP Photo Gallery by 10Web Unauthenticated SQLi (CVE-2022-0169)	2025-07-18 16:37:14 -07:00
Spencer McIntyre	54c5cdaf61	Update the acceptance tests	2025-07-18 17:29:35 -04:00
Spencer McIntyre	714f667c0f	Finish adding gMSA secret dumping	2025-07-18 17:10:35 -04:00
Spencer McIntyre	68a3f5624c	Define empty NT and LM hash constants	2025-07-18 16:50:54 -04:00
Spencer McIntyre	8928362581	Support formatting passwords without the database	2025-07-18 16:50:33 -04:00
Spencer McIntyre	82610aec24	Initial commit of extracting gMSA secrets from LDAP	2025-07-18 10:59:15 -04:00
h00die-gr3y	abbcdda694	update based on adfoster-r7 comments	2025-07-18 07:22:01 +00:00
Metasploit	b6a04c2b97	Bump version of framework to 6.4.76	2025-07-17 08:28:35 -05:00
Umut	708dcaf36e	Delete unnecessary comments	2025-07-17 15:28:20 +03:00
adfoster-r7	8fe815da6f	Merge pull request #20394 from cgranleese-r7/update-docs-to-reflect-new-default-prompt Updates docs to reflect new default prompt 6.4.75	2025-07-17 12:53:02 +01:00
cgranleese-r7	adff497bd2	Updates msf5 as well	2025-07-17 11:51:29 +01:00
jenkins-metasploit	2601c0720b	automatic module_metadata_base.json update	2025-07-17 10:06:42 +00:00
Diego Ledda	18d61d3763	Merge pull request #20356 from msutovsky-r7/exploit/pandorafms_netflow_rce Add module for authenticated PandoraFMS command injection (CVE-2025-5306)	2025-07-17 11:58:54 +02:00
adfoster-r7	cf134986df	Merge pull request #20395 from sjanusz-r7/bump-rex-socket Bump rex-socket to 0.1.63	2025-07-17 10:47:18 +01:00
Diego Ledda	ca9535e39a	Update pandora_fms_auth_netflow_rce.md	2025-07-17 11:29:07 +02:00
sjanusz-r7	99c9e8c8e7	Fix acceptance tests prompt matching	2025-07-17 10:18:25 +01:00
sjanusz-r7	3bb3429d86	Bump rex-socket to 0.1.63	2025-07-17 10:10:12 +01:00
cgranleese-r7	469f102596	Updates docs to reflect new default prompt	2025-07-17 09:53:40 +01:00
Umut	90d15cbe61	finalize the payload add CachedSize & fix the fifth arg problem & run rubocop	2025-07-17 11:39:44 +03:00
cgranleese-r7	f16de58f5a	Merge pull request #20390 from adfoster-r7/pin-stringio-version Pin StringIO version	2025-07-17 09:33:44 +01:00
cgranleese-r7	73470fece3	Merge pull request #20392 from zeroSteiner/fix/issue/20355 Remove the version from the default prompt	2025-07-17 09:17:49 +01:00
cgranleese-r7	170cb151bb	Merge pull request #20391 from zeroSteiner/fix/issue/20366 Add a missing keyword for option validation	2025-07-17 09:01:45 +01:00
Chocapikk	7431958e5c	Update url reference	2025-07-16 22:59:48 +02:00
Chocapikk	4e70dfe70d	Rename mixin	2025-07-16 22:40:27 +02:00
Chocapikk	1863eddcd4	chore: add magic encoding comment to Ruby files	2025-07-16 22:32:20 +02:00
Chocapikk	1fb6d488a8	Rename file	2025-07-16 22:30:28 +02:00
Chocapikk	ac62c42be8	chore(wp_depicter): remove unused Actions block	2025-07-16 22:20:31 +02:00
Chocapikk	efa49d2aa2	refactor(wp_photo_gallery): drop unused action + guard against LocalJumpError in SQLi helper	2025-07-16 22:04:13 +02:00

... 3 4 5 6 7 ...

78211 Commits