adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
71,418 Commits 27 Branches 1,043 Tags
1ac0e2dc668a5d7b7a678dc052d0d0a3465122d4
Commit Graph

2779 Commits

Author SHA1 Message Date
eu b1de44d892 Fix code styling 2023-09-22 16:51:49 +02:00
eu 4044835a64 Improve the cleanup method 
- The cleanup methos is deleting the job and removing the app directory
- Added a change dir command as an AutoRunScript just to avoid the error when trying to access the current directory in the session
 2023-09-22 15:45:40 +02:00
eu 47d8e4de04 Remove ReturnOutput option 
TODO: distinguish commands that return output and commands that don't
 2023-09-22 11:52:14 +02:00
eu ffb34b05ef Adherence to code review 2023-09-15 16:55:05 +02:00
Heyder Andrade 766766be78 Apply suggestions from code review 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2023-09-14 16:13:10 +02:00
eu 54a7b55eb4 Fix code style 2023-09-14 15:05:41 +02:00
eu 401c775336 Rename module 2023-09-13 17:19:42 +02:00
eu 6a260f60e0 Initial commit 2023-09-07 13:53:42 +02:00
Christophe De La Fuente bf1b5ffaa3 Land #18272, Bug fix for ColdFusion RCE module - CVE-2023-26360 2023-08-23 16:05:33 +02:00
sfewer-r7 85ab3113c2 bug fix for issue 18237. ColdFusion configured with a Development profile behaves slightly differently than ColdFusion deployed in a Production profile, so we need to test for some different return values during exploitation. 2023-08-08 14:47:14 +01:00
ismaildawoodjee 19dcc2d674 Move module and documentation from linux/http to multi/http 2023-08-02 10:10:27 -04:00
adfoster-r7 b979217227 Land #18239, Add version numbers to apache nifi rce module 2023-07-31 22:28:52 +01:00
h00die 5d9a65eeb0 version numbers for apache nifi rce 2023-07-31 16:14:57 -04:00
Christophe De La Fuente 56661f49ee Add a comment explaining why the Windows target is disabled 2023-07-31 15:13:35 +02:00
Ege Balcı c509b7b341 Comment out Windows target related lines 2023-07-28 17:06:21 +02:00
Ege Balcı 225a33995a Merge branch 'rudder_server_sqli_rce' of github.com:egebalci/metasploit-framework into rudder_server_sqli_rce 2023-07-28 00:54:29 +02:00
Ege Balcı 6b11439fa1 Remove basic auth and API_USER/PASS options 2023-07-28 00:44:44 +02:00
Ege Balcı 5d00f882ad Update modules/exploits/multi/http/rudder_server_sqli_rce.rb 
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2023-07-27 21:58:06 +00:00
Ege Balcı ca9601bb58 Fixed check method and targets 2023-07-26 18:01:26 +02:00
Ege Balcı 5b5f666256 Make rubocop happy 2023-07-26 16:26:18 +02:00
Ege Balcı 006831938d Adjust targets 2023-07-26 16:26:18 +02:00
Ege Balcı f5e91f686c Update modules/exploits/multi/http/rudder_server_sqli_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-07-26 16:26:18 +02:00
Ege Balcı d50fceca40 Update modules/exploits/multi/http/rudder_server_sqli_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-07-26 16:26:17 +02:00
Ege Balcı 1b52c7c8ba Update modules/exploits/multi/http/rudder_server_sqli_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-07-26 16:26:17 +02:00
Ege Balcı bc58254db8 Update modules/exploits/multi/http/rudder_server_sqli_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-07-26 16:26:17 +02:00
Ege Balcı d6328edc27 Make rubocop happy 2023-07-26 16:26:17 +02:00
Ege Balcı 47f48e8adb Add rudder-server SQLI RCE (CVE-2023-30625) exploit 2023-07-26 16:26:17 +02:00
h00die-gr3y 43056ad621 removed powershell mixin 2023-07-25 14:06:45 +01:00
h00die-gr3y c1d84e950c Update based on bwatters-r7 comments 2023-07-25 14:06:44 +01:00
h00die-gr3y 45eacec846 Updated module with WordPress check 2023-07-25 14:06:44 +01:00
h00die-gr3y cda6ab5960 init commit module 2023-07-25 14:06:29 +01:00
bwatters 297c484a1c Land #18173, Add Openfire Authentication Bypass RCE [CVE-2023-32315] 
Merge branch 'land-18173' into upstream-master
 2023-07-18 18:13:20 -05:00
h00die-gr3y 7f35abff86 fixed the invalid character at the store_valid_credential‎ function 2023-07-18 08:38:06 +00:00
h00die-gr3y 0ff2ca4f40 updates based on latest comments 2023-07-16 18:43:21 +00:00
H00die.Gr3y f608424242 Apply suggestions from code review 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
Co-authored-by: Brendan <bwatters@rapid7.com>
 2023-07-15 12:02:22 +02:00
bwatters b15d595de2 Adjust files to be better shared 2023-07-14 12:47:04 -05:00
h00die-gr3y c34779a5f1 updates based on comments of jvoisin and adfoster-r7 2023-07-09 12:20:58 +00:00
h00die-gr3y 8edbf73b6f first release exploit module 2023-07-08 09:48:17 +00:00
Jack Heysel f1b5cd46f4 Apache RocketMQ update config RCE 2023-07-05 12:38:51 -04:00
Jack Heysel bf1e6bddd1 Land #18134, Add exploit for CVE-2023-25194 
This exploits a Java deserialization vulnerbility
in Apache Druid which arises from a JNDI injection
within Apache Kafka clients.
 2023-06-23 16:52:04 -04:00
Heyder Andrade b026b38851 Apply suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-06-23 09:36:50 +02:00
Redwaysecurity.com 77bb6759a6 Review suggestions 2023-06-22 18:12:13 +02:00
dwelch-r7 e298788a28 Land #18049, Update jenkins login scanner to work with newer versions 2023-06-22 14:04:24 +01:00
Redwaysecurity.com a8332e6064 Added exploit for CVE-2023-25194 2023-06-22 14:17:32 +02:00
cgranleese-r7 0609d246f3 adds more future proofing to implementation 2023-06-21 14:19:24 +01:00
Grant Willcox 5b39eaafc1 Land #18074, Fix exception handling in gitlab_github_import_rce_cve_2022_2992 module 2023-06-07 14:52:21 -05:00
Christophe De La Fuente 82c8b5418e Land #17936, PaperCutNG Authentication Bypass with RCE 2023-06-07 15:05:51 +02:00
Christophe De La Fuente 451735ad15 Fix exception handler & add doc 2023-06-06 17:43:22 +02:00
cgranleese-r7 18ddd72285 Update jenkins login scanner to work with newer versions 2023-06-06 11:54:55 +01:00
catatonicprime 3875947f7d Removing unnecessary assignment 2023-05-31 19:17:30 +00:00