adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
70,214 Commits 27 Branches 1,043 Tags
04df1ef7e8e73fb60dcff2ce1da33cbf2f3be05f
Commit Graph

17333 Commits

Author SHA1 Message Date
bwatters 9c9eac28a7 Land #17874, VMware Workspace One Access mr_me Hekate LPE 
Merge branch 'land-17874' into upstream-master
 2023-04-18 19:29:39 -05:00
Jack Heysel bd286dd147 Added missing require builder statement 2023-04-18 18:10:46 -04:00
Jack Heysel de18ed438a Removed unnecessary require statement 2023-04-18 18:05:11 -04:00
Jack Heysel a2c23d18ef Added require builder statement 2023-04-18 16:01:14 -04:00
bwatters 6ae00877ed Land #17854, VMware Workspace One Access mr_me Hekate RCE 
Merge branch 'land-17854' into upstream-master
 2023-04-18 09:49:41 -05:00
Jack Heysel db853f9a68 Land #17711, SPIP unauth RCE module 
This module exploits a publically accessible endpoint in
SPIP that results in code execution in the context of the
user running the webapp (CVE-2023-27372).
 2023-04-17 15:30:03 -04:00
jvoisin a4e1952da3 Add a module for the latest SPIP vuln 2023-04-17 13:41:03 -04:00
h00die 4b176c8ef5 fix unified_remote_rce docs 2023-04-16 10:11:01 -04:00
Jack Heysel cda2e9610b Land #17820, optimising the nagiosxi modules 
This PR refactors the authenticated nagiosxi modules and mixins..
 2023-04-14 16:21:26 -04:00
Jack Heysel ace2f42387 Changed ranking to Good 2023-04-14 15:15:40 -04:00
Jack Heysel 08788d3d82 Update logging with rc script info 2023-04-13 14:28:15 -04:00
dwelch-r7 f9d5459a9c Land #17872, Ensure identify hashes helper is accessible to modules 2023-04-13 16:20:20 +01:00
adfoster-r7 aef2b8d314 Land #17804, Fix incorrect module metadata CI and add validation automation 2023-04-13 15:11:46 +01:00
Jack Heysel 30cf40a4f1 VMware Workspace One Acces LPE 2023-04-12 15:36:17 -04:00
Jack Heysel bc57131b73 Moving LPE to separate PR 2023-04-12 15:23:51 -04:00
adfoster-r7 8e2169ed47 Ensure identify hashes helper is accessible to modules 2023-04-12 13:28:56 +01:00
Christophe De La Fuente a6b478e046 Land #17832, Two modules for UniRPC - CVE-2023-28502 and CVE-2023-28503 2023-04-12 11:43:13 +02:00
Ron Bowes 7dc1faa689 Better error handling, and fix version detection 2023-04-11 09:34:24 -07:00
Jack Heysel a2d2946007 Rubocop 2023-04-07 13:53:12 -04:00
Jack Heysel 18170babc2 Fix RCE payloads and add autorunscript 2023-04-07 13:35:16 -04:00
Ron Bowes 1a8671311d Move the offsets into a field separate from 'targets' 2023-04-07 10:26:56 -07:00
Ron Bowes 02072418f0 Expand the comment about why we're checking for \xff (since it can't appear in the payload) 2023-04-07 10:10:13 -07:00
Jack Heysel 056b0a0e8b LPE and doc updates 2023-04-07 10:41:10 -04:00
adfoster-r7 42902bb5e5 Land #17851, fix check function which always prints vulnerable 2023-04-07 14:24:45 +01:00
Jack Heysel 665ba4aece Add additional target 2023-04-06 23:41:36 -04:00
Ryuuuuu 9985538846 Update modules/exploits/linux/http/apache_couchdb_cmd_exec.rb 
fix nil exception

Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2023-04-07 09:55:00 +09:00
Jack Heysel 79d4021f31 Replaced janky XML building 2023-04-06 14:58:05 -04:00
Jack Heysel 544fb8ead6 Removed unecessary start_service proc 2023-04-06 14:26:02 -04:00
Ron Bowes ce111f158a Better error handling 2023-04-06 10:35:33 -07:00
Jack Heysel d92fc41d29 Print out what command fails when attempting RCE 2023-04-06 13:31:17 -04:00
Jack Heysel 4984a3e2d3 Edit check method to raise errors instead of returning boolean 2023-04-06 13:25:20 -04:00
Steve E f0189cc886 revert another get_once 2023-04-06 11:43:50 +01:00
Steve E 656c562816 Added notes, revert to get_once 2023-04-06 11:01:32 +01:00
Steve Embling cc79fe039a Merge branch 'rapid7:master' into weblogic-t3s-support 2023-04-06 10:38:29 +01:00
Jack Heysel b7456e20d5 VMware Workspace One Access mr_me Hekate exploit 2023-04-05 23:10:34 -04:00
Ron Bowes 523931aa4c Change target options for stack overflow exploit 2023-04-05 15:24:49 -07:00
Ron Bowes c345fe78b8 Fix up error handling and other comments from the PR 2023-04-05 15:13:35 -07:00
Ron Bowes c07ca83d6c Fix the metadata and add an in-memory target 2023-04-05 14:07:12 -07:00
Ron Bowes 04a9ae7335 Add check methods 2023-04-05 10:55:28 -07:00
cgranleese-r7 e004be00fe Converted to Active Support 2023-04-05 16:53:01 +01:00
Christophe De La Fuente 5d63175b56 Land #17823, php_cgi_arg_injection: Fix check regex match to detect code html tag 2023-04-05 16:44:52 +02:00
cgranleese-r7 c3a7da54d5 reduces code duplication 2023-04-04 10:27:11 +01:00
cgranleese-r7 40e6917b7f tests passing 2023-04-04 10:24:09 +01:00
Ryuuuuu 8b3d799104 fix check function which always prints vulnerable 2023-04-04 10:07:06 +09:00
SubcomandanteMeowcos a54f3d4707 fix broken module references 
doing these "by domain" now, piecemeal.

this PR fixes all broken references to the "insecurety" website, which is long dead.
 2023-04-01 05:17:02 -07:00
manishkumarr1017 812d3c7f35 PR Review Changes for optimizing the nagiosxi modules 2023-04-01 14:28:37 +05:30
Jack Heysel 15d267a233 Land #17826, post module for CVE-2023-21768 
This adds an exploit module for CVE-2023-21768 that
achieves local privilege escalation on Windows 11 2H22.
 2023-03-30 12:27:28 -04:00
jheysel-r7 152ef4a86b Update modules/exploits/windows/local/cve_2023_21768_afd_lpe.rb 2023-03-30 11:28:46 -04:00
jheysel-r7 6f400052b1 Update modules/exploits/windows/local/cve_2023_21768_afd_lpe.rb 2023-03-30 11:00:55 -04:00
Ron Bowes 7cb6213334 Fix an msftidy error 2023-03-29 09:56:04 -07:00