ade984aead
Merge pull request #20793 from Chocapikk/avideo-v2
...
Add AVideo notify.ffmpeg.json.php unauthenticated RCE exploit (CVE-2025-34433)
2026-01-15 17:36:07 -06:00
bb473b6019
Merge pull request #20797 from h00die/remove_persistence_exe
...
persistence modules cleanup
2026-01-14 14:43:33 -08:00
f4a195b88a
persistence modules cleanup
2026-01-14 13:49:29 -05:00
7b092aeedb
Land #20806 , adds module for unauthenticated command injection in Control Web Panel API (CVE-2025-67888)
...
Adds module for Control Web Panel API Command Injection (CVE-2025-67888)
2026-01-14 15:44:25 +01:00
e4f8d4fb13
Merge pull request #20706 from h00die/windows_wmi_persistence
...
Update windows wmi to persistence mixin
2026-01-14 09:37:20 -05:00
b2abdb21de
Fix AVideo lab documentation: update file editing instructions
...
Updated the note to provide a working method to edit configuration.php. Users can enter the container shell or copy the file out for editing.
2026-01-14 00:35:39 +01:00
ae4babbcf1
Fix AVideo lab documentation: remove broken sed command
...
Removed the broken sed command that doesn't work correctly. Updated note to specify editing /var/www/html/AVideo/videos/configuration.php manually with an editor instead.
2026-01-14 00:34:35 +01:00
37f9802b83
Update AVideo lab documentation: remove automatic sed fix, specify file to edit
...
Removed mention of automatic sed fix in docker-entrypoint. Updated note to specify that users should manually edit /var/www/html/AVideo/videos/configuration.php if they encounter redirect issues with webSiteRootURL.
2026-01-14 00:34:10 +01:00
733455eb53
Change port to 80 in AVideo lab documentation
...
Changed HTTP_PORT from 9999 to 80 in the documentation to use the correct URL directly. This fixes the webSiteRootURL issue where AVideo was generating incorrect URLs with the mapped port instead of the container's internal port.
2026-01-14 00:32:43 +01:00
f6430ee093
Fix MariaDB tc.log corruption issue in AVideo lab setup
...
The MariaDB container fails to start with 'Bad magic header in tc log' error
when the data directory has incorrect permissions or was previously corrupted.
This occurs during first-time setup of the AVideo lab environment.
The fix:
- Creates a custom entrypoint script that detects and removes corrupted tc.log
files by checking the magic header (should be 01 00 00 00)
- Modifies Dockerfile.mariadb to integrate the fix script into the original
MariaDB entrypoint using sed
- Ensures the fix runs automatically before MariaDB initialization
This allows the lab to start successfully on first run without manual intervention.
Co-authored-by: bwatters-r7 <bwatters-r7@users.noreply.github.com >
2026-01-13 22:31:38 +01:00
eae97b314a
Land #20810 , adds module for authenticated RCE in n8n (CVE-2025-68613)
...
Adds module for n8n workflow expression RCE (CVE-2025-68613)
2026-01-13 16:51:06 +01:00
10d12570c0
Merge pull request #20791 from Chocapikk/webcheck
...
Add Web-Check screenshot API command injection RCE exploit (CVE-2025-32778)
2026-01-12 17:14:04 -06:00
6491f74d9d
wmi persistence improvements
2026-01-11 07:25:13 -05:00
d45e91b130
typo
2026-01-09 10:48:30 -05:00
472016b753
Land #20796 , moves udev module into persistence category
...
update udev to persistence mixin
2026-01-09 16:14:08 +01:00
b9be6ac259
Merge pull request #20785 from Chocapikk/react2shell-clean
...
Update react2shell module: Add Waku framework support
2026-01-08 17:58:48 -08:00
bb98e855e1
Merge pull request #20751 from h00die/sticky_keys
...
update windows sticky keys to persistence mixin
2026-01-08 16:44:04 -08:00
c289ff44b9
Land #20811 , adds module for Prison Management System 1.0 RCE (CVE-2024-48594)
...
Add Prison Management System 1.0 auth RCE (CVE-2024-48594)
2026-01-08 12:33:00 +01:00
b39e781500
Land #20700 , adds module for Taiga.io RCE (CVE-2025-62368)
...
Adds exploit module for authenticated deserialization vulnerability in Taiga.io (CVE-2025-62368)
2026-01-07 11:53:32 +01:00
0d21fd4cc9
Merge pull request #20692 from msutovsky-r7/persistence/multi/python-site-specific-config-hook
...
Adds module for python site-specific hook persistence
2026-01-06 16:19:31 -08:00
428f31fdd3
review for wmi persistence
2026-01-06 16:36:05 -05:00
bfec7c378b
Update documentation/modules/exploit/windows/persistence/accessibility_features_debugger.md
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2026-01-06 14:00:39 -05:00
be9b2c9491
Add documentation for prison_management_rce
2026-01-06 12:33:49 +02:00
2f4db3bd5f
review for wmi persistence
2026-01-05 17:06:17 -05:00
2cadcfe6ab
add CVE-2025-68613
2025-12-25 11:21:28 -05:00
455275d087
add module for CVE-2025-67888
2025-12-23 19:21:34 -05:00
3ea866c41d
udev persistence
2025-12-21 07:50:48 -05:00
3015c9f962
Merge pull request #20792 from sfewer-r7/hpe_oneview_rce
...
Add unauth RCE exploit module for HPE OneView (CVE-2025-37164)
2025-12-19 17:41:51 -06:00
b12ebc95c0
Merge pull request #20754 from h00die/assist_tech
...
assistive technology persistence
2025-12-19 16:33:21 -06:00
8df7347791
Add AVideo notify.ffmpeg.json.php unauthenticated RCE exploit (CVE-2025-34433)
2025-12-19 21:51:41 +01:00
d40a35acdb
the version logic changes, update the docs
2025-12-19 15:48:07 +00:00
a4dba96712
add in the HPE OneView exploit
2025-12-19 15:30:53 +00:00
6c4a61fa42
Merge pull request #20761 from Chocapikk/acf-extended-rce
...
Add WordPress ACF Extended unauthenticated RCE exploit (CVE-2025-13486)
2025-12-18 16:03:06 -06:00
080f74f862
Update Web-Check documentation with docker-compose.yml setup instructions
2025-12-18 19:19:17 +01:00
5178cdee42
Update Web-Check documentation with git clone command
2025-12-18 18:56:18 +01:00
13f102eb5b
Add Web-Check screenshot API command injection RCE exploit (CVE-2025-32778)
2025-12-18 18:51:12 +01:00
3b407575fa
Update react2shell module: Add Waku framework support
2025-12-17 23:07:01 +01:00
388a967101
Merge pull request #20749 from nakkouchtarek/grav-ssti-rce
...
Add Grav CMS Twig SSTI Sandbox Bypass RCE Exploit Module & Documentation
2025-12-11 16:13:09 -08:00
0c921ea2e7
Merge pull request #20725 from Chocapikk/magento
...
Add Magento SessionReaper (CVE-2025-54236) exploit module
2025-12-10 08:56:47 -08:00
d86c5f0908
Merge pull request #20746 from Chocapikk/king-addons
...
Add WordPress King Addons privilege escalation exploit (CVE-2025-8489)
2025-12-10 08:37:11 -08:00
6a626a855b
Addresses some comments
2025-12-10 17:01:27 +01:00
b4d65afcf5
Add exploit module for WordPress ACF Extended CVE-2025-13486 unauthenticated RCE
2025-12-09 22:02:41 +01:00
e9467cd1e3
Clarify file-based session storage requirements and exploit limitations
...
Co-authored-by: jheysel-r7 <jheysel-r7@users.noreply.github.com >
2025-12-09 19:26:30 +01:00
6bc2bffd8c
Refactor create_admin_user to handle errors internally and remove custom.ini from documentation
2025-12-09 19:20:56 +01:00
17cc68df0f
Update documentation/modules/exploit/multi/http/wp_king_addons_privilege_escalation.md
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2025-12-09 19:14:22 +01:00
1a8e88c054
fix a typo with the use of CVE-2025-55102, it should be CVE-2025-55182
2025-12-09 09:05:59 +00:00
caa672231b
Merge pull request #20736 from sfewer-r7/fortiweb-exploit-rce-v6-support
...
Update the FortiWeb exploit module (CVE-2025-64446 + CVE-2025-58034) to target older unsupported versions 6.x
2025-12-08 17:43:49 -06:00
66279422d1
Merge pull request #20747 from vognik/2025-55182
...
Add CVE-2025-55182 / CVE-2025-66478
2025-12-08 13:41:49 -08:00
bdd7cb5365
upgraded payload
2025-12-08 01:32:43 -08:00
54d47e72ab
sticky keys description update
2025-12-07 07:40:54 -05:00
Brendan