adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
72,088 Commits 27 Branches 1,043 Tags
0cae369a455a1a60ac1265509b849162694de4bc
Commit Graph

3511 Commits

Author SHA1 Message Date
Zach Goldman d960aa522c Land #18348, Splunk account take over (CVE-2023-32707) leading to RCE 2023-10-26 11:34:02 -04:00
Christophe De La Fuente ff9639e6a6 Land #18460, VMWare Aria Operations for Networks (vRealize Network Insight) Static SSH key RCE 2023-10-24 17:32:28 +02:00
h00die 97f9edb5f7 review 2023-10-23 06:35:23 -04:00
Heyder Andrade 1ac0e2dc66 Update splunk_privilege_escalation_cve_2023_32707.md 2023-10-23 11:31:19 +02:00
Christophe De La Fuente da9d04d32d Land #18461, CVE-2023-22515 - Atlassian Confluence unauthenticated RCE 2023-10-19 10:22:57 +02:00
sfewer-r7 c63aaba760 add in documentation for Options 2023-10-18 10:05:05 +01:00
h00die 00b534dbed review 2023-10-17 13:17:10 -04:00
sfewer-r7 1c027ac05c add an RCE exploit for CVE-2023-22515 2023-10-16 20:50:18 +01:00
h00die b94d278003 vmware aria ssh keys exploit 2023-10-16 14:47:04 -04:00
h00die ba82b59ec2 vmware aria ssh keys exploit 2023-10-16 13:43:15 -04:00
h00die f394b4a8ed vmware aria ssh keys exploit 2023-10-16 13:42:58 -04:00
h00die 263eaf7d95 vmware aria ssh keys exploit 2023-10-16 13:42:27 -04:00
h00die b3b1595ef4 vmware aria ssh keys exploit 2023-10-16 13:06:17 -04:00
Spencer McIntyre 05dd2e1473 Land #18351, Apache Superset RCE (CVE-2023-37941) 2023-10-12 17:10:10 -04:00
Spencer McIntyre 86b7ec4518 Address comments from the review 2023-10-12 09:50:19 -04:00
Spencer McIntyre 4f734379d3 Add module docs and print some messages 2023-10-12 09:27:26 -04:00
h00die 7ffc1ca491 undo some spelling fixes when upstream has those issues 2023-10-11 06:30:11 -04:00
h00die 557a15a115 spelling fixes on docs 2023-10-10 14:46:18 -04:00
Jack Heysel fb834b235a Land #18417, Add Kibana Upgrade Assistant RCE 
Kibana before version 7.6.3 suffers from a prototype
pollution bug within the Upgrade Assistant. This PR adds
an exploit module to exploit the bug. There is no CVE
for this issue at the moment.
 2023-10-06 17:29:02 -04:00
jheysel-r7 fe9afc94c7 Update documentation/modules/exploit/linux/http/kibana_upgrade_assistant_telemetry_rce.md 2023-10-06 16:45:52 -04:00
h00die 931a67d290 kibana telemetry rce rewritten to use fetch payloads 2023-10-06 09:55:10 -04:00
h00die 5e0538a239 review comments round 1 2023-10-05 13:12:33 -04:00
sfewer-r7 623b589fb5 When I removed the PowerShell target I forgot to update the documentation, this commit updates the documentation to reflect the changes made to the exploit module. 2023-10-04 17:03:28 +01:00
h00die 88eb44be64 kibana telemetry rce 2023-10-02 16:53:20 -04:00
sfewer-r7 1695a12c9c Explicitly state both the release name (e.g. 2022.0.2) and the version number (e.g. 8.8.2) in a more consistent way. 2023-10-02 17:40:11 +01:00
sfewer-r7 53ed4a632b add in exploit module for CVE-2023-40044 - WS_FTP unauthenticated RCE via .NET deserialization. 2023-10-02 11:42:19 +01:00
Christophe De La Fuente 50155e3d94 Land #18389, Juniper Junos OS PHPRC Manipulation RCE (CVE-2023-36845) 2023-09-29 18:05:28 +02:00
Jack Heysel 2928d47312 Merge branch 'junos_phprc_auto_prepend_file' of github.com:jheysel-r7/metasploit-framework into junos_phprc_auto_prepend_file 2023-09-28 14:43:46 -04:00
Jack Heysel 58642c16c9 Changed WebSocket to SSH 2023-09-28 14:41:03 -04:00
jheysel-r7 4fecb4d2e2 Update documentation/modules/exploit/freebsd/http/junos_phprc_auto_prepend_file.md 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-09-28 14:37:36 -04:00
Jack Heysel 3f15de3995 Responded to Christophes suggestions 2023-09-28 14:26:37 -04:00
Spencer McIntyre e7ab983279 Minor code changes 
Changes include:
  * Remove the PAYLOAD key which didn't do anything
  * Add the missing payload size constraint
  * Use #retry_until_truthy
 2023-09-28 13:19:26 -04:00
sfewer-r7 89940e8b08 use the correct naming convention for normal options. 2023-09-28 16:36:18 +01:00
sfewer-r7 ad7ff705c7 add in a Linux target 2023-09-28 14:57:02 +01:00
sfewer-r7 fbd5e60cfc add in coverage for CVE-2023-42793. Currently only a Windows target. 2023-09-28 12:31:59 +01:00
Christophe De La Fuente 1058291af9 Land #18314, Windows Error Reporting RCE (CVE-2023-36874) 2023-09-27 15:25:06 +02:00
Christophe De La Fuente 2c9932b242 Update documentation - Options section 2023-09-27 15:17:04 +02:00
Jack Heysel 9a1881cbcf jvoisin suggestions 2023-09-26 18:42:14 -04:00
Jack Heysel 09f3a98d13 Finished JAIL_BREAK addition 2023-09-26 16:45:28 -04:00
bwatters 0b84feaf60 updates from code review 2023-09-26 14:03:31 -05:00
Christophe De La Fuente 1e69086d24 Land #18365, TOTOLINK X5000R Wireless GigaBit Router Unauthenticed RCE [CVE-2023-30013] 2023-09-21 11:27:19 +02:00
h00die-gr3y 6e11f4353b Updates addressing cdelafuente-r7 comments 2023-09-20 22:14:48 +00:00
Jack Heysel da8c020d14 Junos OS SRX and EX PHPRC Manipulation RCE 2023-09-20 16:47:05 -04:00
bwatters b4a1bb8fa2 Add docs and support for shell sessions; update exe to work without runtime lib. 2023-09-19 17:50:18 -05:00
Christophe De La Fuente 525c957af2 Land #18333, Lexmark Device Embedded Web Server RCE (CVE-2023-26068) 2023-09-19 10:32:59 +02:00
bwatters bfa876c3a1 Land #18283, Apache Airflow 1.10.10 - Example DAG Remote Code Execution 
CVE-2020-11978 + CVE-2020-13927

Merge branch 'land-18283' into upstream-master
 2023-09-18 17:00:19 -05:00
cgranleese-r7 23dc1a487d Land #18321, Add Ivanti Avalanche MDM Buffer Overflow Exploit (CVE-2023-32560) 2023-09-18 10:43:45 +01:00
Ismail Dawoodjee f9cdfef304 Move module and documentation from multi/http to linux/http 
* Update documentation scenarios for Docker on Debian 10 and Kali Linux 6.4
* Slightly modify the documentation scenario for Docker on Windows 10
 2023-09-17 22:42:26 +08:00
h00die e34ed10eca superset rce more stable 2023-09-15 16:29:05 -04:00
Ismail Dawoodjee d12b1778e5 Merge branch 'rapid7:master' into apache_airflow_dag_rce 2023-09-15 22:06:43 +08:00