adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,197 Commits 27 Branches 1,043 Tags
13f102eb5b52a350fdcdceea45e65e79eb3dddc8
Commit Graph

4476 Commits

Author SHA1 Message Date
Valentin Lobstein 13f102eb5b Add Web-Check screenshot API command injection RCE exploit (CVE-2025-32778) 2025-12-18 18:51:12 +01:00
jheysel-r7 388a967101 Merge pull request #20749 from nakkouchtarek/grav-ssti-rce 
Add Grav CMS Twig SSTI Sandbox Bypass RCE Exploit Module & Documentation
 2025-12-11 16:13:09 -08:00
jheysel-r7 0c921ea2e7 Merge pull request #20725 from Chocapikk/magento 
Add Magento SessionReaper (CVE-2025-54236) exploit module
 2025-12-10 08:56:47 -08:00
jheysel-r7 d86c5f0908 Merge pull request #20746 from Chocapikk/king-addons 
Add WordPress King Addons privilege escalation exploit (CVE-2025-8489)
 2025-12-10 08:37:11 -08:00
Valentin Lobstein e9467cd1e3 Clarify file-based session storage requirements and exploit limitations 
Co-authored-by: jheysel-r7 <jheysel-r7@users.noreply.github.com>
 2025-12-09 19:26:30 +01:00
Valentin Lobstein 6bc2bffd8c Refactor create_admin_user to handle errors internally and remove custom.ini from documentation 2025-12-09 19:20:56 +01:00
Valentin Lobstein 17cc68df0f Update documentation/modules/exploit/multi/http/wp_king_addons_privilege_escalation.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-12-09 19:14:22 +01:00
sfewer-r7 1a8e88c054 fix a typo with the use of CVE-2025-55102, it should be CVE-2025-55182 2025-12-09 09:05:59 +00:00
Brendan caa672231b Merge pull request #20736 from sfewer-r7/fortiweb-exploit-rce-v6-support 
Update the FortiWeb exploit module (CVE-2025-64446 + CVE-2025-58034) to target older unsupported versions 6.x
 2025-12-08 17:43:49 -06:00
jheysel-r7 66279422d1 Merge pull request #20747 from vognik/2025-55182 
Add CVE-2025-55182 / CVE-2025-66478
 2025-12-08 13:41:49 -08:00
vognik bdd7cb5365 upgraded payload 2025-12-08 01:32:43 -08:00
vognik 1dde12b483 fix naming errors 2025-12-06 02:53:38 -08:00
vognik 38682b5ed6 refactoring 2025-12-05 14:58:59 -08:00
vognik 88309b5a4a add suggestions from @Chocapikk 2025-12-05 08:02:56 -08:00
vognik baa0a11492 small fixes 2025-12-05 00:11:44 -08:00
vognik 770e63b0d1 add windows documentation 2025-12-05 00:06:58 -08:00
vognik e51ea0ae23 improve documentation 2025-12-04 23:03:13 -08:00
vognik f71a71ab18 add exploit mvp 2025-12-04 22:16:27 -08:00
Tarek Nakkouch 3c4fdfcad0 Add Grav CMS Twig SSTI Sandbox Bypass RCE Exploit Module (CVE-2025-66294) 2025-12-05 00:01:56 +01:00
Diego Ledda 4d52e22480 Merge pull request #20720 from Chocapikk/wp-ai-engine 
Add WordPress AI Engine MCP RCE exploit (CVE-2025-11749)
 2025-12-04 12:56:04 +01:00
Valentin Lobstein 296e931b7d Fix WordPress lab permissions in documentation 2025-12-04 01:39:25 +01:00
Valentin Lobstein b3fc1b05e5 Add WordPress King Addons privilege escalation exploit (CVE-2025-8489) 2025-12-04 01:37:40 +01:00
SaiSakthidar 98dd33a3cd Remove CAIN 2025-12-03 15:42:57 -05:00
sfewer-r7 795c38c524 Combine the 7.x and 6.x targets together, as Linux payloads work on 7.x also, so this target is Unix and Linux. This leaves the 8.x target Unix only due to IMA appraisal. 2025-11-28 10:12:02 +00:00
sfewer-r7 014312873c get both unix and linux payloads working on 6.x. Add a note to the docs about setting a gateway. 2025-11-27 20:28:44 +00:00
msutovsky-r7 b6330acb12 Land #20718, adds module for Monsta FTP RCE (CVE-2025-34299) 
Add Monsta FTP downloadFile RCE (CVE-2025-34299)
 2025-11-27 15:16:58 +01:00
sfewer-r7 f5e8aa83be add in exploit support for FortiWeb versions 6.x which are vulnerable, but no longer under support from the vendor. 2025-11-27 12:43:19 +00:00
Valentin Lobstein 4ff9fd4542 Apply reviewer suggestions and remove unnecessary Options section from documentation 2025-11-25 23:48:39 +01:00
Brendan e998b91aee Merge pull request #20717 from sfewer-r7/fortiweb-exploit-rce 
Add exploit module for Fortinet FortiWeb (CVE-2025-64446 + CVE-2025-58034)
 2025-11-25 14:14:31 -06:00
Brendan 1912fe2a95 Merge pull request #20702 from Zedeldi/igel-os-modules 
IGEL OS modules
 2025-11-25 13:59:44 -06:00
sfewer-r7 fa03ac8b66 on 7.4.8 the command nohup is not available. we must execute our payload in a new session, so we use a python stub to essentially call setsid. This has been tested to work on both 8.0.1 and 7.4.8. Teh payload cmd/unix/reverse_python isnot working as it previously was, so I am removing from the list of confirmed paylaods. The other two, cmd/unix/reverse_bash and cmd/unix/reverse_openssl work fine on both versions 2025-11-25 11:25:41 +00:00
Valentin Lobstein be7ad39127 Fix reference URL in documentation to correct Searchlight Cyber research article 2025-11-24 23:26:29 +01:00
Valentin Lobstein 9ef10eeea8 Update documentation with complete Docker lab setup files 2025-11-24 21:12:14 +01:00
Valentin Lobstein 1623660bec Add Magento SessionReaper (CVE-2025-54236) exploit module 2025-11-24 21:04:20 +01:00
Zedeldi 4b2798f357 Correct vulnerable version information 2025-11-24 17:10:51 +00:00
Zedeldi ce926fd3d1 Update vulnerable IGEL OS version to < 11.09.310 2025-11-24 11:57:18 +00:00
Zedeldi 933fb7bdf1 Add clean-up information 2025-11-24 11:43:46 +00:00
Zedeldi 002795c5be Update module information in documentation 2025-11-24 11:24:23 +00:00
Valentin Lobstein 080230edd0 Add WordPress AI Engine MCP RCE exploit (CVE-2025-11749) 2025-11-23 03:56:11 +01:00
Brendan 21777b8969 Merge pull request #20685 from msutovsky-r7/persistence/windows/notepad++_persistence 
Adds notepad++ persistence module for Windows
 2025-11-21 14:28:28 -06:00
msutovsky-r7 8f2525aba7 Land #20705, adds modules for Flowise RCEs (CVE-2025-59528, CVE-2025-8943) 
Add Flowise RCE exploits (CVE-2025-59528, CVE-2025-8943)
 2025-11-21 21:20:22 +01:00
Valentin Lobstein 8cffe50470 Add Monsta FTP downloadFile RCE (CVE-2025-34299) 2025-11-21 20:43:37 +01:00
Zedeldi b13137886a Add IGEL OS and vulnerability summary to documentation 2025-11-21 13:09:28 +00:00
sfewer-r7 aff76622fa add in the unauth RCE exploit module for CVE-2025-64446 + CVE-2025-58034 2025-11-21 12:22:25 +00:00
msutovsky-r7 e2097ee1bc Land #20701, adds windows WSL registry persistence module 
Windows WSL registry persistence
 2025-11-20 15:15:22 +01:00
Valentin Lobstein 6ab2452153 Fix documentation inconsistency: update ports for Flowise 3.0.1 (3005) and add Basic Auth service example 2025-11-19 22:58:27 +01:00
Valentin Lobstein 8fbbc3e043 Update flowise_custommcp_rce documentation: add Basic Auth testing scenario 2025-11-19 22:24:28 +01:00
Valentin Lobstein 44cf2e309f Add Flowise RCE exploits (CVE-2025-59528, CVE-2025-8943) with shared mixin, documentation, and Docker Compose setup 2025-11-19 22:12:49 +01:00
Valentin Lobstein df1c157471 Improve Flowise CustomMCP RCE exploit stability with Basic Auth support and HTTP response validation 2025-11-19 20:12:31 +01:00
Valentin Lobstein b26c4f5c7b Add Flowise Custom MCP RCE exploit (CVE-2025-8943) 2025-11-18 22:25:39 +01:00