adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
71,649 Commits 27 Branches 1,043 Tags
1efb3f733f8113a00a6d82b292dcf19febca6cf3
Commit Graph

17759 Commits

Author SHA1 Message Date
Jack Heysel 46832abd49 Land #18358, Add a Thrift RPC client 
This PR adds a Thrift RPC client and updates
two modules to make use of the new addition.
 2023-09-14 19:01:13 -04:00
Simon Janusz 8b56dc0117 Land #18250, CVE-2023-28252: Windows CLFS Driver Privilege Escalation 2023-09-14 10:18:29 +01:00
cgranleese-r7 e82bff37e1 Land #18330, Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035) 2023-09-13 10:15:59 +01:00
Jack Heysel b83a49e573 Thanks to Spencer improved execute_command method 2023-09-12 15:14:10 -04:00
Spencer McIntyre 8e8b8ad191 Update nimbus_gettopologyhistory_cmd_exec 2023-09-12 12:21:10 -04:00
Spencer McIntyre 187cca848e Replace the binray blobs 2023-09-12 12:21:10 -04:00
Spencer McIntyre ba84c0484c Update the Nimbus module to use the Thrift client 2023-09-11 14:42:54 -04:00
Spencer McIntyre fbf95ecd92 Add and use a Thrift client object 2023-09-11 14:37:38 -04:00
Jack Heysel b80f9a84e4 Updated check method and reliability 2023-09-11 13:10:57 -04:00
Spencer McIntyre f1aea836f3 Land #18273, Add VMware vRealize Log Insight RCE 
Add VMware vRealize Log Insight unauthenticated RCE exploit
 2023-09-08 17:17:23 -04:00
Spencer McIntyre 21dde19511 Make some final tweaks 
Change strings to reference `VMware` using the proper case. Don't
include CmdStager (because it's unnecessary). Set PrependFork to fix
shell payloads. Move CamelCase options to advanced.
 2023-09-08 16:55:42 -04:00
Jack Heysel 96a6baa500 Land #17474, Add Windows 11 support for Capcom LPE 
This PR adds support to the Capcom.sys LPE for Windows 11 21H1
 2023-09-08 13:43:07 -04:00
jheysel-r7 0111e55006 Update modules/exploits/windows/local/capcom_sys_exec.rb 2023-09-08 13:05:44 -04:00
Simon Janusz 57f3b8a352 Land #18350, Add opentsdb_key_cmd_injection exploit module and docs 2023-09-08 16:50:46 +01:00
Simon Janusz 7302394ffa Land #18316, Kibana Timelion Prototype Pollution RCE (CVE-2019-7609) 2023-09-08 11:50:47 +01:00
Christophe De La Fuente a33f03d100 Land #18302, Sonicwall rce CVE-2023-34124 2023-09-08 11:48:07 +02:00
bwatters 946794c3f8 Land #18341, add CVE-2023-38831 for Winrar 6.22 
Merge branch 'land-18341' into upstream-master
 2023-09-07 15:59:36 -05:00
Jack Heysel ef4a9dd239 Land #18329, Add LG Simple Editor RCE module 
This PR adds an unauth RCE module for LG Simple Editor
 2023-09-07 16:21:10 -04:00
xaitax adae68d288 Update winrar_cve_2023_38831.rb 2023-09-07 22:01:49 +02:00
Alex 4d2277faa3 Update modules/exploits/windows/fileformat/winrar_cve_2023_38831.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2023-09-07 21:46:24 +02:00
Alex 51d80b626f Update modules/exploits/windows/fileformat/winrar_cve_2023_38831.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2023-09-07 21:46:16 +02:00
Alex 8b40f56fd7 Update modules/exploits/windows/fileformat/winrar_cve_2023_38831.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2023-09-07 21:46:09 +02:00
Alex cc78156b8c Update modules/exploits/windows/fileformat/winrar_cve_2023_38831.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2023-09-07 21:46:00 +02:00
xaitax 28785eb8a1 Remove payload space 2023-09-07 19:59:31 +02:00
Ege Balcı 5b6ee0cfaf Add extra sleep during PakUpgrade for stabilization 2023-09-07 19:49:57 +02:00
Ege Balcı 9a5dd4e4e5 Refactor thrift usage, add extra SRVHOST check, switch to decoded mf_file 2023-09-07 19:29:23 +02:00
Ege Balcı e286c96dee Update modules/exploits/windows/http/lg_simple_editor_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-09-07 17:00:17 +00:00
Ege Balcı 3509193ae8 Update modules/exploits/windows/http/lg_simple_editor_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-09-07 17:00:10 +00:00
ErikWynter 7cabe14461 add opentsdb_key_cmd_injection exploit module 2023-09-07 17:29:16 +03:00
Ron Bowes b12fe743d0 Resolve PR comments 2023-09-06 14:11:29 -07:00
Jack Heysel 482fdefb2c Land #18313, SolarView Compact unauth RCE module 
This PR adds a SolarView Compact unauth RCE module.
 2023-09-05 17:49:28 -04:00
jheysel-r7 03ccb3cce0 Apply grammatical suggestions from code review 2023-09-05 17:06:01 -04:00
xaitax ac91516cc9 Update winrar_cve_2023_38831.rb 2023-09-04 20:25:20 +02:00
xaitax b0fa4cc266 Update winrar_cve_2023_38831.rb 2023-09-04 19:54:43 +02:00
xaitax d5f355d8de WinRAR 6.22 (CVE-2023-38831) 2023-09-04 18:56:22 +02:00
h00die c6a2652861 review comments 2023-09-01 20:34:35 -04:00
Ege Balcı 20a22f1baf Fix check, randomize JSP name, ditch backup 2023-09-01 03:46:58 +02:00
Ege Balcı 757e942ac9 Update modules/exploits/windows/http/lg_simple_editor_rce.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-09-01 01:16:32 +00:00
jheysel-r7 68090d0406 Update modules/exploits/linux/http/ivanti_sentry_misc_log_service.rb 
Co-authored-by: wvu <4551878+wvu@users.noreply.github.com>
 2023-08-30 11:46:44 -04:00
Christophe De La Fuente 8217745a85 Land #18257, Apache nifi h2 rce (CVE-2023-34468) 2023-08-30 13:37:37 +02:00
Jack Heysel a3a7454f74 Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035) 2023-08-29 15:24:04 -04:00
Jack Heysel b326832bcf Renamed module, rubocop 2023-08-29 13:21:13 -04:00
Ege Balcı 32f9357f7a Update side effects 2023-08-29 18:08:11 +02:00
Ege Balcı 1d9c7fde77 Add LG Simple Editor Unauthenticated RCE (CVE-2023-40498) Exploit 2023-08-29 17:58:43 +02:00
Ege Balcı 44dd8439df Add low version guard and token check 2023-08-29 17:43:21 +02:00
Jack Heysel efd9a69b35 Module returns a Metepreter session 2023-08-29 02:00:35 -04:00
h00die db9bf5f6cd now down to 10 shells! 2023-08-28 17:42:35 -04:00
h00die f467e0747a review comments 2023-08-28 17:39:02 -04:00
Christophe De La Fuente 7fa2586e34 Land #18247, Netgear NMS RCE CVE-2023-38096/8 2023-08-28 11:23:08 +02:00
h00die-gr3y 77a1bbef79 Second release module and documentation 2023-08-28 07:49:40 +00:00