adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
76,366 Commits 27 Branches 1,043 Tags
11818c2812626be6b6eaeb63c8cc2342eaf38ff2
Commit Graph

37588 Commits

Author SHA1 Message Date
Spencer McIntyre c49b49bdcd Merge pull request #19893 from bwatters-r7/fix/loadmaster_priv_esc_cve 
Remove errant CVE reference.
 2025-02-26 14:24:09 -05:00
Diego Ledda 8dd032e529 Land #19897, Invoice Ninja unauthenticated RCE (CVE-2024-55555) and Laravel Crypto Killer mixin 
Land #19897, Invoice Ninja unauthenticated RCE (CVE-2024-55555) and Laravel Crypto Killer mixin
 2025-02-25 13:14:18 +01:00
Diego Ledda f046e70b76 Land #19894, SimpleHelp Path Traversal CVE-2024-57727 
Land #19894, SimpleHelp Path Traversal CVE-2024-57727
 2025-02-25 12:00:34 +01:00
msutovsky-r7 576ff2fb5c Land #19878, MyScada MyPro Manager Credential Harverster Module 
mySCADA MyPRO Manager Credential Harvester (CVE-2025-24865 & CVE-2025-22896) Module
 2025-02-25 11:35:59 +01:00
Diego Ledda 33d0c0c9fd Land #19881, NetAlertX File Read (CVE-2024-48766) 
Land #19881, NetAlertX File Read (CVE-2024-48766)
 2025-02-25 10:42:52 +01:00
Martin Sutovsky 183d5823cc Rollback of fix for check method 2025-02-25 10:21:31 +01:00
Jack Heysel e4ee651c9b Updated docs, fixed Notes 2025-02-24 10:26:01 -08:00
h00die-gr3y 79411eace8 added code sugesstions from dledda-r7 2025-02-24 15:51:32 +00:00
Martin Sutovsky fae3d8390a Calling check method fix & Additional documentation 2025-02-24 15:52:00 +01:00
Martin Sutovsky e883da86cc Adding report_vuln 2025-02-24 12:19:59 +01:00
Martin Sutovsky f7342139b4 Code refactor based on PR 2025-02-24 12:05:04 +01:00
h00die-gr3y 41e690445e simplified some code sections 2025-02-23 12:59:52 +00:00
H00die.Gr3y b3a5da976b Apply suggestions from code review 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-02-22 10:35:45 +01:00
h00die-gr3y 47a2079d19 initial module and laravel crypto killer mixin 2025-02-21 18:09:28 +00:00
Jack Heysel fc25e177fc SimpleHelp Path Traversal CVE-2024-57727 2025-02-21 08:15:46 -08:00
h00die-gr3y 215957465c added default options and updated documentation 2025-02-20 13:19:41 -06:00
h00die-gr3y 15c20272ea removed linux dropper code and tested with PR 19850 2025-02-20 13:19:41 -06:00
h00die-gr3y f857e5fe67 fixed code review and updated documentation 2025-02-20 13:19:41 -06:00
H00die.Gr3y 38b3741a15 Apply suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-02-20 13:19:41 -06:00
h00die-gr3y 682be79920 first release module and documentation 2025-02-20 13:19:41 -06:00
h00die-gr3y baac1fc9d0 init commit module 2025-02-20 13:19:40 -06:00
Martin Sutovsky 2cdaf98c74 Fixing descriptions, filename, adding correct CVE and code reformat 2025-02-20 19:48:36 +01:00
msutovsky-r7 27120235d4 Merge branch 'rapid7:master' into netalert_file_read 2025-02-20 19:47:55 +01:00
Brendan c7d59ce829 Merge pull request #19875 from dledda-r7/fix/aarch64-sigill-raspberrypi 
Fix SIGILL on staged meterpreter on RaspberryPi4
 2025-02-20 10:14:07 -06:00
h4x-x0r 0aad255e13 updated 
updated
 2025-02-20 15:40:05 +00:00
bwatters-r7 c8aea65c7a Remove errant CVE reference. 2025-02-20 08:19:23 -06:00
Diego Ledda 4374484147 Land #19850, Add fetch payloads for aarch64, armbe, armle, mipsbe, mipsle, ppc, ppc64, ppc64le 
Land #19850, Add fetch payloads for aarch64, armbe, armle, mipsbe, mipsle, ppc, ppc64, ppc64le
 2025-02-20 11:43:17 +01:00
bwatters-r7 8cbcdd1f6c Add PPC64LE Fetch payloads 2025-02-19 18:10:55 -06:00
bwatters-r7 87ec9ee137 Remove CBEA64 arch values so PPC64 arches have only 1 arch value 
Multiple arches broke payload adaptyers and we do not use them, anyway
 2025-02-19 17:57:39 -06:00
Brendan 66d657f385 Merge pull request #19810 from h00die/fix_loadmaster_2024 
Fix loadmaster privesc check method and refs
 2025-02-18 19:34:00 -06:00
Martin Sutovsky bd42b23ef0 Land #19883, module for unauthenticated RCE in InvokeAI 2025-02-18 14:01:11 +01:00
msutovsky-r7 7cf02c5b14 Update modules/auxiliary/scanner/http/netalertx_file_read.rb 
Co-authored-by: Takahiro Yokoyama <tkhr.y0k0yama@gmail.com>
 2025-02-18 13:44:21 +01:00
Takahiro Yokoyama 6eaae79dc2 Update modules/exploits/linux/http/invokeai_rce_cve_2024_12029.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-02-18 21:21:19 +09:00
Takah1ro 32db7ee6ae Use plain payload 2025-02-18 08:22:15 +09:00
Takah1ro 3ce313ac89 Rubocop formatting 2025-02-18 08:14:56 +09:00
Takahiro Yokoyama a26572d318 Update modules/exploits/linux/http/invokeai_rce_cve_2024_12029.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-02-18 08:09:25 +09:00
msutovsky-r7 05c9550d43 Land #19877, BeyondTrust Privileged Remote Access & Remote Support RCE Module 
Exploit module for BeyondTrust Privileged Remote Access & Remote Support (CVE-2024-12356, CVE-2025-1094)
 2025-02-17 17:43:15 +01:00
sfewer-r7 65e2a20a5d We can remove this line as it is redundant. The regex that follows will check for the same thing as part of its matching expression. Thanks msutovsky-r7 for spoting this. 2025-02-17 16:33:11 +00:00
sfewer-r7 bb9013a8ee check the frame for nil 2025-02-17 12:29:50 +00:00
sfewer-r7 6f1287d899 add in some logic to detect potentially failed exploitation due to the patch being applied, warning a user of a WebSocket getting closed unexpectadly 2025-02-17 12:17:15 +00:00
sfewer-r7 fbef2baf5c remove the uneeded parenthesis and make rubocop happy. 2025-02-17 11:44:50 +00:00
sfewer-r7 c950264a85 Add some comments in the check routine to note theres is no known lower bound version number, and the patch does not change the version number. 2025-02-17 11:35:22 +00:00
Stephen Fewer ed54130346 Explicitly close the WebSocket connection 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-02-17 11:35:03 +00:00
Stephen Fewer 130895671f Remove a duplicate work in this comment (Thanks jvoisin) 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-02-17 09:46:59 +00:00
Stephen Fewer 6ed60547a3 Print the actual status code in the error message (Thanks msutovsky-r7) 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-02-17 09:43:46 +00:00
Stephen Fewer eb1feba767 Fix typo in comment (Thanks jvoisin) 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-02-17 09:42:50 +00:00
Takah1ro b454a32f3c Fix typo and update document 2025-02-17 12:52:50 +09:00
Takah1ro 0945fbba81 Add InvokeAI unauth RCE module (CVE-2024-12029) 2025-02-16 15:49:56 +09:00
Martin Sutovsky 00d4feb2b5 Adding documentation, file renaming 2025-02-14 14:43:43 +01:00
sfewer-r7 2d858ac1f0 Improve the auto discovery of the target site info. We can query an undocumented API endpoint to discover the target site company name. 2025-02-14 09:38:13 +00:00