adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
69,785 Commits 27 Branches 1,043 Tags
08788d3d82da6e68f8cd66ea1d32c5caeff43ee5
Commit Graph

2177 Commits

Author SHA1 Message Date
Jack Heysel 08788d3d82 Update logging with rc script info 2023-04-13 14:28:15 -04:00
Jack Heysel bc57131b73 Moving LPE to separate PR 2023-04-12 15:23:51 -04:00
Jack Heysel a2d2946007 Rubocop 2023-04-07 13:53:12 -04:00
Jack Heysel 18170babc2 Fix RCE payloads and add autorunscript 2023-04-07 13:35:16 -04:00
Jack Heysel 056b0a0e8b LPE and doc updates 2023-04-07 10:41:10 -04:00
Jack Heysel 665ba4aece Add additional target 2023-04-06 23:41:36 -04:00
Jack Heysel 79d4021f31 Replaced janky XML building 2023-04-06 14:58:05 -04:00
Jack Heysel 544fb8ead6 Removed unecessary start_service proc 2023-04-06 14:26:02 -04:00
Jack Heysel d92fc41d29 Print out what command fails when attempting RCE 2023-04-06 13:31:17 -04:00
Jack Heysel 4984a3e2d3 Edit check method to raise errors instead of returning boolean 2023-04-06 13:25:20 -04:00
Jack Heysel b7456e20d5 VMware Workspace One Access mr_me Hekate exploit 2023-04-05 23:10:34 -04:00
Jack Heysel 3abd62076c Land #17624, Oracle E-Business Suite Module 
This pull request adds an exploit module for CVE-2022-21587
an arbitrary file upload vulnerability in Oracle Web Applications
Desktop Integrator as shipped with 12.2.3 through to 12.2.11
which results in RCE
 2023-02-28 17:04:20 -05:00
Jack Heysel ca6faed172 Check method enhancement 2023-02-24 13:33:10 -05:00
Jack Heysel 5311a491e9 Froxlor 2.0.7 is actually vulnerable too 2023-02-24 13:18:34 -05:00
space-r7 9621f77bac Land #17640, add Froxlor RCE 2023-02-22 12:11:38 -06:00
Jack Heysel bf7884b2dc Removed need to auth twice when AutoCheck enabled 2023-02-22 12:28:28 -05:00
Jack Heysel 0c8df1a67b Updated docs and module suggetsions 2023-02-22 00:33:40 -05:00
jheysel-r7 42146fc4ec Update modules/exploits/linux/http/froxlor_log_path_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2023-02-21 23:02:49 -05:00
jheysel-r7 80cec400bf Update modules/exploits/linux/http/froxlor_log_path_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2023-02-21 22:59:23 -05:00
jheysel-r7 fc5f4983f6 Update modules/exploits/linux/http/froxlor_log_path_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2023-02-21 22:58:49 -05:00
jheysel-r7 647418745f Update modules/exploits/linux/http/froxlor_log_path_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2023-02-21 22:58:41 -05:00
Jack Heysel e625e2e474 Land #17652, module for pyload js2py exploit 
This adds an exploit for CVE-2023-0297 which is unauthenticated
Javascript injection in pyLoads Click N Load service.
 2023-02-21 16:27:04 -05:00
sfewer-r7 963b9a9952 Merge remote-tracking branch 'origin/CVE-2022-21587' into CVE-2022-21587 2023-02-21 18:02:10 +00:00
sfewer-r7 3854c30a11 more specific testing of the response after upload to ensure it contains the expected EBS response data. infer the relative path traversal depth from the path to the upload folder, thanks @gwillcox-r7 2023-02-21 18:00:17 +00:00
Grant Willcox c713da368d Add in a few fixes from the review 2023-02-17 14:52:57 -06:00
sfewer-r7 73e82274dd changes as per @gwillcox-r7 review 2023-02-17 13:10:53 +00:00
Jack Heysel 44c393e2f1 Fixed netcat session cleanup 2023-02-16 13:14:24 -05:00
Jack Heysel 1c49b002d2 Changed get_csrf to use xpath 2023-02-16 10:47:04 -05:00
Jack Heysel 00d1637f3d Changed check method to use xpath 2023-02-16 10:33:15 -05:00
Spencer McIntyre ecd5ad29a7 Add module docs 2023-02-15 16:29:42 -05:00
Arnout Engelen 5d8b1dc4a6 Link Hadoop YARN exploit to documentation 
This exploit scans for misconfigured installations, link to the documentation
that describes how to properly secure it.
 2023-02-15 21:17:26 +01:00
Spencer McIntyre 557042c91c Initial exploit is working 2023-02-15 14:18:25 -05:00
Jack Heysel 8aed02de3d Linting 2023-02-14 10:39:47 -05:00
Jack Heysel ff159c8760 Updated TODO 2023-02-13 20:24:32 -05:00
Jack Heysel ca0b1ffe05 Documentation fixes 2023-02-13 19:56:23 -05:00
Jack Heysel 2e195b2742 Initial commit Froxlor RCE 2023-02-13 19:39:18 -05:00
Grant Willcox d012145726 Land #17599, Cisco RV LAN Exploit - CVE-2022-20705 and CVE-2022-20707 2023-02-13 17:50:06 -06:00
Stephen Wildow 96fecb6048 Modified BadChars and FailWith codes 2023-02-13 17:49:09 -05:00
Grant Willcox 45e453d687 Fix up remaining review comments 2023-02-13 15:07:25 -06:00
Stephen Wildow 79b1801a4f Rewrote check method to only abuse authentication bypass. Added additional status checks. 2023-02-11 17:43:33 -05:00
sfewer-r7 a3f4dceb5b clean up the check method; avoid using print_message in favor of the CheckCode reason. and use a CheckCode of Safe rather than Unknown if we dont find the expected version string. Thanks @bcoles for the review on this. 2023-02-10 13:03:23 +00:00
sfewer-r7 dc8ee988f5 use Rex::Version in the check method for better version comparisons 2023-02-10 10:45:32 +00:00
sfewer-r7 a19bdde276 pass the 'bne:uueupload' param via the vars_get option 2023-02-10 10:44:21 +00:00
sfewer-r7 54c472ef18 fix typo in the description 2023-02-10 10:43:36 +00:00
Stephen Wildow 036ed7f467 Removed /etc/password. Modified check code and fail_with. Added proper checking for non-vulnerable versions of firmware. 2023-02-09 21:55:40 -05:00
Grant Willcox f2a86327d0 Minor fixes from review 2023-02-09 15:34:25 -06:00
sfewer-r7 d4be663923 add the side effect flag ARTIFACTS_ON_DISK as during extraction of the UUE encoded zip file, some randomly names temp files are left in /u01/install/APPS/fs1/EBSapps/appl/bne/12.0.0/upload 2023-02-09 17:28:15 +00:00
sfewer-r7 86f11b09fb avoid the upto loop when creating jsp_path 2023-02-09 17:18:58 +00:00
sfewer-r7 406574722a satisfy Rubocop 2023-02-09 16:30:30 +00:00
sfewer-r7 b97a288102 add an exploit module for CVE-2022-21587 (Oracle E-Business Suite RCE) 2023-02-09 16:22:30 +00:00