adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
76,366 Commits 27 Branches 1,043 Tags
11818c2812626be6b6eaeb63c8cc2342eaf38ff2
Commit Graph

4485 Commits

Author SHA1 Message Date
Spencer McIntyre c49b49bdcd Merge pull request #19893 from bwatters-r7/fix/loadmaster_priv_esc_cve 
Remove errant CVE reference.
 2025-02-26 14:24:09 -05:00
Diego Ledda 8dd032e529 Land #19897, Invoice Ninja unauthenticated RCE (CVE-2024-55555) and Laravel Crypto Killer mixin 
Land #19897, Invoice Ninja unauthenticated RCE (CVE-2024-55555) and Laravel Crypto Killer mixin
 2025-02-25 13:14:18 +01:00
h00die-gr3y 79411eace8 added code sugesstions from dledda-r7 2025-02-24 15:51:32 +00:00
h00die-gr3y 41e690445e simplified some code sections 2025-02-23 12:59:52 +00:00
H00die.Gr3y b3a5da976b Apply suggestions from code review 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-02-22 10:35:45 +01:00
h00die-gr3y 47a2079d19 initial module and laravel crypto killer mixin 2025-02-21 18:09:28 +00:00
h00die-gr3y 215957465c added default options and updated documentation 2025-02-20 13:19:41 -06:00
h00die-gr3y 15c20272ea removed linux dropper code and tested with PR 19850 2025-02-20 13:19:41 -06:00
h00die-gr3y f857e5fe67 fixed code review and updated documentation 2025-02-20 13:19:41 -06:00
H00die.Gr3y 38b3741a15 Apply suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-02-20 13:19:41 -06:00
h00die-gr3y 682be79920 first release module and documentation 2025-02-20 13:19:41 -06:00
h00die-gr3y baac1fc9d0 init commit module 2025-02-20 13:19:40 -06:00
bwatters-r7 c8aea65c7a Remove errant CVE reference. 2025-02-20 08:19:23 -06:00
Brendan 66d657f385 Merge pull request #19810 from h00die/fix_loadmaster_2024 
Fix loadmaster privesc check method and refs
 2025-02-18 19:34:00 -06:00
Martin Sutovsky bd42b23ef0 Land #19883, module for unauthenticated RCE in InvokeAI 2025-02-18 14:01:11 +01:00
Takahiro Yokoyama 6eaae79dc2 Update modules/exploits/linux/http/invokeai_rce_cve_2024_12029.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-02-18 21:21:19 +09:00
Takah1ro 32db7ee6ae Use plain payload 2025-02-18 08:22:15 +09:00
Takah1ro 3ce313ac89 Rubocop formatting 2025-02-18 08:14:56 +09:00
Takahiro Yokoyama a26572d318 Update modules/exploits/linux/http/invokeai_rce_cve_2024_12029.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-02-18 08:09:25 +09:00
msutovsky-r7 05c9550d43 Land #19877, BeyondTrust Privileged Remote Access & Remote Support RCE Module 
Exploit module for BeyondTrust Privileged Remote Access & Remote Support (CVE-2024-12356, CVE-2025-1094)
 2025-02-17 17:43:15 +01:00
sfewer-r7 65e2a20a5d We can remove this line as it is redundant. The regex that follows will check for the same thing as part of its matching expression. Thanks msutovsky-r7 for spoting this. 2025-02-17 16:33:11 +00:00
sfewer-r7 bb9013a8ee check the frame for nil 2025-02-17 12:29:50 +00:00
sfewer-r7 6f1287d899 add in some logic to detect potentially failed exploitation due to the patch being applied, warning a user of a WebSocket getting closed unexpectadly 2025-02-17 12:17:15 +00:00
sfewer-r7 fbef2baf5c remove the uneeded parenthesis and make rubocop happy. 2025-02-17 11:44:50 +00:00
sfewer-r7 c950264a85 Add some comments in the check routine to note theres is no known lower bound version number, and the patch does not change the version number. 2025-02-17 11:35:22 +00:00
Stephen Fewer ed54130346 Explicitly close the WebSocket connection 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-02-17 11:35:03 +00:00
Stephen Fewer 130895671f Remove a duplicate work in this comment (Thanks jvoisin) 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-02-17 09:46:59 +00:00
Stephen Fewer 6ed60547a3 Print the actual status code in the error message (Thanks msutovsky-r7) 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-02-17 09:43:46 +00:00
Stephen Fewer eb1feba767 Fix typo in comment (Thanks jvoisin) 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-02-17 09:42:50 +00:00
Takah1ro b454a32f3c Fix typo and update document 2025-02-17 12:52:50 +09:00
Takah1ro 0945fbba81 Add InvokeAI unauth RCE module (CVE-2024-12029) 2025-02-16 15:49:56 +09:00
sfewer-r7 2d858ac1f0 Improve the auto discovery of the target site info. We can query an undocumented API endpoint to discover the target site company name. 2025-02-14 09:38:13 +00:00
sfewer-r7 9fc8b3b0dc fix a typo 2025-02-13 15:12:23 +00:00
sfewer-r7 90daccd948 add in link to AKB analysis 2025-02-13 15:10:41 +00:00
sfewer-r7 d93a99c504 rename the module 2025-02-13 12:51:46 +00:00
sfewer-r7 18f0bbeaf0 add in the new CVE ID for the PosgreSQL vuln 2025-02-12 17:23:19 +00:00
Takah1ro 2db7f4f186 Use BadChars and Base64Decoder 2025-02-11 11:25:24 +09:00
Takahiro Yokoyama edbdb985e3 Apply suggestions from code review 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-02-11 08:59:37 +09:00
Takah1ro 9f43fcc7ad Update FETCH_COMMAND default to curl 2025-02-10 22:00:52 +09:00
Takah1ro 7149d3f332 Leave cleanup as an option 2025-02-10 21:31:50 +09:00
Takah1ro 92a73b1fed Fix after applying suggestions 2025-02-10 21:18:19 +09:00
Takahiro Yokoyama 127adda3df Update modules/exploits/linux/http/netalertx_rce_cve_2024_46506.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-02-10 21:06:50 +09:00
Takah1ro b02838a8dd NetAlertx -> NetAlertX 2025-02-10 12:52:26 +09:00
Takah1ro 4f584bd5a4 Use cron restart 2025-02-08 17:35:55 +09:00
Takah1ro 00f4f80530 Add NetAlertx rce module (CVE-2024-46506) 2025-02-08 14:40:31 +09:00
jheysel-r7 652fbf1a62 Merge pull request #19813 from h00die/local_version_patch 
guard Rex::Version.new against crashes on local modules
 2025-02-03 12:43:37 -08:00
sfewer-r7 c6d03069a9 add in the documentation 2025-01-31 11:02:01 +00:00
sfewer-r7 d887ab5fac add in module option to leverage CVE-2024-12356. This option is disabled by default, and we hit the SQLi directly. 2025-01-31 10:01:02 +00:00
sfewer-r7 528409ba87 add in the exploit for cve-2024-12356 2025-01-31 09:20:54 +00:00
Martin Sutovsky 34f3957aea Land #19772, adding module for CraftCMS FTP template exploit 2025-01-23 20:21:17 +01:00