adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
75,974 Commits 27 Branches 1,043 Tags
0ff2835bb79e285f1ea7a7b9ca7ca4b992d4491b
Commit Graph

1408 Commits

Author SHA1 Message Date
jheysel-r7 0ff2835bb7 Merge pull request #19770 from h00die-gr3y/netis-unauth-rce 
Netis Router Exploit Chain Reactor [CVE-2024-48455, CVE-2024-48456 and CVE-2024-48457]
 2025-01-07 17:24:37 -08:00
Diego Ledda 7ead96a740 Land #19769, Add Selenium Chrome RCE module (CVE-2022-28108) 
Land #19769, Add Selenium Chrome RCE module (CVE-2022-28108)
 2025-01-07 11:10:37 +01:00
H00die.Gr3y 9a6d074463 Apply suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-01-07 09:25:41 +01:00
jheysel-r7 e70b6c777f Merge pull request #19663 from sfewer-r7/CVE-2024-0012 
Exploit module for PAN-OS management interface unauth RCE (CVE-2024-0012 + CVE-2024-9474)
 2024-12-30 10:29:10 -08:00
Takah1ro bbc282e90c Improve check 2024-12-30 13:36:15 +09:00
h00die-gr3y 862f2ee6c6 Added documentation and some small module updates 2024-12-29 20:05:05 +00:00
Takah1ro 86bd1c2938 Minor improve 
* enable fetch_delete
 * avoid using single quotes
 * update doc
 2024-12-29 12:19:19 +09:00
Takah1ro 7ecc1cb87b Update vulnerable version 2024-12-28 14:39:24 +09:00
Takah1ro e3d68d4164 Update author and fix version detection 2024-12-28 11:18:41 +09:00
Takah1ro 64b1832567 Update not to use selenium-webdriver 2024-12-27 13:00:20 +09:00
Takah1ro 82ebdf1f9d Improve docs 2024-12-26 23:54:47 +09:00
Takah1ro acbcd9f3b1 Fix ubuntu version 2024-12-26 23:51:40 +09:00
Takah1ro 06af9b0b3d Add selenium chrome rce module 2024-12-26 23:44:11 +09:00
Brendan 7ddffc790c Merge pull request #19460 from gardnerapp/game_overlay 
Land #19460, CVE-2023-2640, CVE-2023-32629 Game Overlay Ubuntu Privilege Escalation
 2024-12-18 14:44:57 -06:00
bwatters-r7 b7f477172f Update docs to reflect recent changes 2024-12-18 14:08:10 -06:00
Stephen Fewer 65bb3cc990 typo 2 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-12-17 17:26:20 +00:00
Stephen Fewer 3ed2b5916a fix typo 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-12-17 17:26:00 +00:00
Diego Ledda be30a06af4 Land #19430, Moodle RCE (CVE-2024-43425) Module 
Land #19430, Moodle RCE (CVE-2024-43425) Module
 2024-12-06 12:15:35 +01:00
jheysel-r7 e8911f9129 Land #19402 vCenter Sudo LPE (CVE-2024-37081) 2024-12-04 18:25:05 -08:00
jheysel-r7 21cf475cbb Land #19595 Ivanti Connect Secure auth RCE via OpenSSL (CVE-2024-37404) 2024-12-04 08:26:07 -08:00
Diego Ledda ab2ca41eb8 Land #19629, Chamilo v1.11.24 Unrestricted File Upload (CVE-2023-4220) 
Land #19629, Chamilo v1.11.24 Unrestricted File Upload (CVE-2023-4220)
 2024-12-04 16:49:56 +01:00
jheysel-r7 2d1af7d809 Land #19648 Add exploit module for FortiManager (CVE-2024-47575) 2024-12-02 18:31:25 -08:00
jheysel-r7 a230a353e4 Land #19613 Asterisk authenticated rce via AMI (CVE-2024-42365) 2024-12-02 08:21:35 -08:00
Christophe De La Fuente 3dcb9d58ab Code review 2024-12-02 14:02:07 +01:00
Christophe De La Fuente c943cc6378 Add module and documentation 2024-12-02 14:02:07 +01:00
h00die d13bccca05 peer review 2024-11-28 20:24:25 -05:00
sfewer-r7 000ffb2406 make the check routine return a message for Detected. 2024-11-22 12:37:50 +00:00
jheysel-r7 d95d549992 Land #19531 ProjectSend r1335 - r1605 RCE module 2024-11-21 09:53:36 -08:00
sfewer-r7 41bcf4629f The payload we essentially being encoded twice (thanks for calling this out Brendan), we now supply a suitable BadChars and let the framewrk encode the framework paylaod. We rename the variable payload to bootstrap_payload as this was colliding with the frameworks payload variable which was not the intent. 2024-11-21 17:37:34 +00:00
ostrichgolf 68eb6599fd Create projectsend_unauth_rce 2024-11-21 09:34:58 -08:00
sfewer-r7 d2f6e0e10f As the payload option FETCH_WRITABLE_DIR may not be available if a non fetch based payload is used, we add a new option WRITABLE_DIR to account for this. Update the documentation to reflect the change. 2024-11-21 16:38:09 +00:00
sfewer-r7 f9b099a46d remove the DefaultOption PAYLOAD value, and let the framework pick one for us. Mention I tested the exploit with cmd/linux/http/x64/meterpreter_reverse_tcp 2024-11-21 16:22:02 +00:00
h00die 0f6da56a52 vcenter sudo module 2024-11-21 04:34:15 -05:00
jheysel-r7 afbbba09e8 Land #19584 Judge0 sandbox escape CVE-2024-28185, CVE-2024-28189 2024-11-20 14:35:38 -08:00
Takah1ro da6f8cd552 Add Judge0 module and document 2024-11-20 14:15:38 -08:00
sfewer-r7 2469d4ea23 add in exploit module for the recent PAN-OS RCE, CVE-2024-0012 + CVE-2024-9474 2024-11-19 16:15:06 +00:00
h00die 6bd049e346 operator working 2024-11-18 20:09:13 -05:00
gardnerapp 19770cf870 Remove unneeded file and rudocop corrections 
Update modules/exploits/linux/local/gameoverlay_privesc.rb

Co-authored-by: Brendan <bwatters@rapid7.com>

Give bwatters7 credit, add docs

Experiment with randomized bash copy and Rex::File.join

remove unused line

Add missing parenthesis

fix problem with bash copy

Remove rex::join, call proper method for generating payload

add exploit::exe mixin, bash copy randomization

Rubocop changes

Remove nc
 2024-11-18 17:01:08 -06:00
h00die f38661d6c3 pod user working 2024-11-18 07:30:21 -05:00
sfewer-r7 c58dbbfb61 add in documentation 2024-11-15 17:42:57 +00:00
Spencer McIntyre 5d9add4450 Merge pull request #19640 from jheysel-r7/pyload_js2py_cve_2024_39205 
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
 2024-11-15 09:24:37 -05:00
Jack Heysel d2ef3cb6a9 Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397) 2024-11-12 16:05:07 -08:00
Brendan 19e182ce65 Land #19557, Add Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module 
Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module
 2024-11-12 16:42:06 -06:00
h4x-x0r a09ca39dee Update documentation/modules/exploit/linux/http/paloalto_expedition_rce.md 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-12 09:03:51 -06:00
h4x-x0r 61486cd877 Update documentation/modules/exploit/linux/http/paloalto_expedition_rce.md 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-12 09:03:35 -06:00
h00die 4ebc6f1ff1 peer review 2024-11-11 17:37:33 -05:00
Jack Heysel 27459bb10f Updated docs 2024-11-11 12:40:56 -08:00
Jack Heysel 3068511b66 CVE-2023:4220: Chamilo v1.11.24 Unrestricted File Upload 2024-11-11 11:33:34 -08:00
h00die 0de93eedb7 asterisk ami auth rce 2024-11-04 16:27:58 -05:00
h00die 9cba5dad59 WIP for asterisk rce 2024-11-01 16:28:45 -04:00