adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
76,630 Commits 27 Branches 1,043 Tags
03f5291bcc6025f19c52896e1f0b38ff407fdc73
Commit Graph

1055 Commits

Author SHA1 Message Date
Stephen Fewer 03f5291bcc Improve the documentation, fix typo in console commands, add comment to wait for DB container to complete setup (Thanks Brendan). 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-04-08 09:41:47 +01:00
Stephen Fewer 16e374750f Improve the documentation, add steps to create /opt/oracle/user_projects (thanks Brendan). 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-04-08 09:40:21 +01:00
sfewer-r7 b44540bc35 update docs to give some more detail on the testing setup 2025-04-02 20:51:39 +01:00
sfewer-r7 dc74b37577 add in a scenario for the Unix Command target to the docs 2025-04-02 15:32:18 +01:00
sfewer-r7 c5d3512659 update docs 2025-04-01 13:05:28 +01:00
sfewer-r7 acafd884b5 add in the initial exploit for CVE-2021-35587, only tested on 12.2.1.4.0 so far. 2025-04-01 12:56:38 +01:00
tastyrce 8479350b3e Update documentation 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
 2025-03-28 03:17:47 +11:00
tastyrce 8423d6ff87 Update removal of default page while installation 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-03-27 22:11:21 +11:00
tastyrce 9bdff3e803 Add extra dependencies during installation 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-03-27 22:10:32 +11:00
tastyrce 162e73a62e add module documentation 2025-03-22 04:57:38 -04:00
Brendan 9bd8590b99 Merge pull request #19793 from sfewer-r7/CVE-2024-55956 
Cleo LexiCom, VLTrader, and Harmony Unauthenticated Remote Code Execution (CVE-2024-55956)
 2025-01-15 15:04:45 -06:00
h00die 1a839c0b33 move acronis_cyber_protect_unauth_rce_cve_2022_3405 inside the http folder 2025-01-09 16:30:51 -05:00
sfewer-r7 3ff685b70e fix three typos 2025-01-06 09:42:21 +00:00
sfewer-r7 fe7334fae2 add in CVE-2024-55956 exploit 2025-01-06 09:26:44 +00:00
jheysel-r7 f436f44d83 Merge pull request #19698 from h00die/obsidian 
obsidian community plugin persistence module
 2024-12-30 09:06:58 -08:00
Martin Sutovsky 531ed162db Land #19733, exploit module for CVE-2022-40471 - unauthenticated RCE 2024-12-18 12:44:34 +01:00
jheysel-r7 6f9982db54 Land #19647 Added module for WSO2 API Manager RCE 
Adds an exploit module for a vulnerability in the 'Add API Documentation' feature of WSO2 API Manager and allows malicious users with specific permissions to upload arbitrary files to a user-controlled server location. This flaw allows for RCE on the target system.
 2024-12-16 07:27:23 -08:00
aaryan-11-x d196591845 Modified documentation 2024-12-16 15:47:30 +05:30
aaryan-11-x 06528abe05 Added documentation 2024-12-16 15:33:29 +05:30
h00die 77d0292be3 additional review for obsidian plugin 2024-12-14 17:38:29 -05:00
Chocapikk e06dd6deea Update documentation 2024-12-12 22:10:11 +01:00
h00die 7cf942ca30 peer review 2024-12-11 17:49:43 -05:00
Chocapikk 7d559e0b34 Add exploit module for CVE-2024-8856 - WP Time Capsule RCE 2024-12-11 01:14:17 +01:00
jheysel-r7 0b5e221620 Land #19533, Update werkzeug rce module 2024-12-09 12:56:35 -08:00
Graeme Robinson 4ce4cf472e Update werkzeug_debug_rce.md 
Added note about python3 version in verification steps because the version may change when a newer docker image becomes available.

Added report.txt as a file because I apparently forgot it before and the containers fail to build without it.
 2024-12-08 21:11:03 +00:00
jheysel-r7 0e5cf3f7ba Land #19649, Primefaces RCE (CVE-2017-1000486) 2024-12-06 16:22:06 -08:00
h00die 6723c585f2 obsidian plugin module 2024-12-05 17:54:07 -05:00
Chocapikk 5290750cca Update doc 2024-12-05 16:19:14 +01:00
Chocapikk a123234141 Add CVE-2024-10924 2024-12-05 16:19:09 +01:00
Heyder Andrade fabced539d Apply suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-12-04 16:44:48 +01:00
h00die-gr3y a945a54fc3 Merge remote-tracking branch 'origin/master' into acronis-rce 2024-11-27 21:50:53 +00:00
h00die 492ccca1aa review 2024-11-23 12:43:35 -05:00
Heyder Andrade dc445ed1ac Apply suggestions from code review 2024-11-23 00:57:08 +01:00
Heyder Andrade 09d84eaabb Added module for WSO2 API Manager Documentation File Upload Remote Code Execution 
Closes #19646

on-behalf-of: @redwaysecurity <info@redwaysecurity.com>
 2024-11-14 18:34:11 +01:00
remmons-r7 b712f9a745 Create cups_ipp_remote_code_execution.md 2024-11-11 15:53:14 -06:00
jheysel-r7 222df0bfdf Land #19527 Add bypass for GiveWP RCE (CVE-2024-8353) 
This updates the exploit module wp_giveup_rce_bypass to incorporate the bypass CVE, allowing the payload to work on all affected versions of the GiveWP plugin.
 2024-10-30 16:29:14 -04:00
h00die-gr3y 6aeb9d130b added the output option to the documentation 2024-10-25 14:13:18 +00:00
h00die-gr3y ae176fdfd5 update based on review comments of adfoster-r7 2024-10-25 14:01:10 +00:00
h00die-gr3y d9f8b66d21 updated documentation with some small tweaks 2024-10-23 17:36:00 +00:00
h00die-gr3y 331a3ad74a second release module and documentation with some small tweaks 2024-10-23 14:40:00 +00:00
h00die-gr3y 82e0b34670 added documentation 2024-10-23 13:11:14 +00:00
Chocapikk 6c099f2b73 Add WordPress wp-automatic SQLi to RCE module (CVE-2024-27956) 2024-10-14 18:13:17 +02:00
Graeme Robinson 5228acb0f1 Update werkzeug_debug_rce docs to show modified output 2024-10-13 23:11:52 +01:00
Graeme Robinson f369a80fcc Satisfy msftidy_docs against werkzeug_debug_rce.md 2024-10-13 22:55:12 +01:00
Graeme Robinson f3bb48f277 Update werkzeug_debug_rce documentation to include new logged messages 2024-10-07 11:56:16 +01:00
Graeme Robinson 97c5afed52 Update werkzeug exploit module documentation 2024-10-06 20:19:48 +01:00
Valentin Lobstein 48e740d1fc Update documentation/modules/exploit/multi/http/wp_givewp_rce.md 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
 2024-10-03 16:34:24 +02:00
Chocapikk 58878db970 update doc 2024-10-02 19:56:22 +02:00
Chocapikk fbb74a6d2d Add bypass for GiveWP RCE (CVE-2024-8353) 2024-10-02 19:53:20 +02:00
dledda-r7 6e696e24e5 Land #19457, WP Plugin LiteSpeed Cache Account Take Over Module 2024-09-17 06:30:33 -04:00