adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,979 Commits 27 Branches 1,043 Tags
20e083439cb4da868ffa2a7b0de61697454500a7
Commit Graph

4054 Commits

Author SHA1 Message Date
Spencer McIntyre 80fdde5fdc Land #19100, Add Loadmaster sudo priv esc 
Add Kemp Progress Loadmaster sudo abuse priv esc
 2024-05-10 10:21:38 -04:00
bwatters b28e263a2b Update debug statements and add protection against bad die name 2024-05-10 08:54:23 -05:00
bwatters 948b18b08c Add a check to the file delete 2024-05-09 15:52:29 -05:00
Spencer McIntyre 47c8d7252b Land #18519, Docker kernel module escape 2024-05-06 09:08:08 -04:00
bwatters b044bcab01 Add command payloads and checks for overwritten files 2024-05-03 13:06:16 -05:00
Spencer McIntyre c2bf9ead06 Add support for redhat based containers 
Containers such as Fedora use a different directory for the kernel
headers.
 2024-05-01 13:30:16 -04:00
Spencer McIntyre 2cb0e44740 Don't change the working directory 2024-05-01 10:35:24 -04:00
Spencer McIntyre 67dc01f124 Remove the unnecessary payload space 2024-04-30 16:29:43 -04:00
bwatters d94971598b Add documentation and fix some debug prints 2024-04-29 15:28:34 -05:00
RadioLogic 15a9b59ccf Made case statements more readable 2024-04-26 21:55:01 -04:00
RadioLogic b51d1b9017 Made shared function with checkcontainer 2024-04-26 21:32:20 -04:00
bwatters 364d491af7 Land #18972, Progress LoadMaster unauthenticated command injection module CVE-2024-1212 
Merge branch 'land-18972' into upstream-master
 2024-04-26 18:18:40 -05:00
bwatters 02c31159ab Add vulnerable versions and fix indention 2024-04-26 17:36:50 -05:00
RadioLogic 7dabfb15be Ran rubocop again 2024-04-26 14:52:14 -04:00
RadioLogic ca9c60badb Made usermodhelper wait for exec 2024-04-26 14:43:39 -04:00
RadioLogic 81aa572e15 Removed uneeded cd in cleanup 2024-04-26 14:15:24 -04:00
RadioLogic 852f888cc8 Added payload limits 2024-04-26 14:06:32 -04:00
RadioLogic 5adc91b7d5 Reverted back to using relative pathing due to kernel make scripts 2024-04-26 13:46:17 -04:00
RadioLogic ecb70eeb8c Rubocop ran on file 2024-04-23 18:53:16 -04:00
RadioLogic f8f7eb919f Removed all use of path traversal for absolute paths 2024-04-23 18:48:33 -04:00
RadioLogic 1c8c91096f Removed port being in documentation as it made no sense 2024-04-23 18:47:30 -04:00
adfoster-r7 718cc0fff4 Land #19122, add EVENT_DEPENDENT to vcenter vmon priv esc 2024-04-23 22:29:53 +01:00
RadioLogic 361fe34167 Update modules/exploits/linux/local/docker_privileged_container_kernel_escape.rb 
Used rex to add in payload

Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-04-23 17:29:07 -04:00
RadioLogic bee5306ac9 Added suggestions by rubymine 2024-04-23 17:18:30 -04:00
Zach Goldman 26a108aadc Land #19046, Apache Solr Backup Restore RCE [CVE-2023-50386] 2024-04-23 14:08:33 -04:00
Dave Yesland a36244073f Merge pull request #1 from bwatters-r7/update-18972 
Remove Priv Esc to add it to another module and update it to only run…
 2024-04-22 17:53:48 -07:00
Dave Yesland c10bde97ff Merge branch 'rapid7:master' into module/progress_kemp_loadmaster_unauth_cmd_injection 2024-04-22 17:53:32 -07:00
h00die 53c2bf2e74 add EVENT_DEPENDENT to vcenter vmon priv esc 2024-04-22 15:12:27 -04:00
remmons-r7 5df1052037 Addressing msftidy issues 
C:132: 20: [Correctable] Layout/SpaceAroundBlockParameters: Space before first block parameter detected.
C:132: 30: [Correctable] Layout/SpaceAroundBlockParameters: Space after last block parameter detected.
C:133:  5: [Correctable] Layout/IndentationWidth: Use 2 (not 4) spaces for indentation.
C:143:  4: [Correctable] Layout/TrailingEmptyLines: Final newline missing.
 2024-04-18 18:34:18 -05:00
remmons-r7 982b6aef0a Incorporating PAN-OS module peer review suggestions, adding documentation for the module 2024-04-18 18:21:12 -05:00
remmons-r7 22d3ee5df2 Changing the wording for TARGETURI 2024-04-18 08:25:06 -05:00
remmons-r7 cea9fb66ed Swap out staged payload for unstaged 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-04-18 08:21:18 -05:00
remmons-r7 9741b12d29 Addressing a new issue the linter caught after changes 
W:117:  5: [Correctable] Lint/UselessAssignment: Useless assignment to variable - res.
 2024-04-17 15:44:45 -05:00
remmons-r7 7e191c75e7 Addressing msftidy issues 
Fixes for the following:
W: 80:  5: [Correctable] Lint/UselessAssignment: Useless assignment to variable - res_create_file. Did you mean res_check_created?
C: 90: 81: [Correctable] Style/TrailingCommaInArguments: Avoid comma after the last parameter of a method call.
C: 93:  8: [Correctable] Style/InverseMethods: Use != instead of inverting ==.
C: 93: 42: [Correctable] Style/AndOr: Use && instead of and.
C: 93: 46: [Correctable] Style/InverseMethods: Use != instead of inverting ==.
C: 94: 43: [Correctable] Style/StringLiterals: Prefer single-quoted strings when you don't need string interpolation or special symbols.
C💯 18: [Correctable] Style/StringLiterals: Prefer single-quoted strings when you don't need string interpolation or special symbols.
C:131: 18: [Correctable] Style/StringLiterals: Prefer single-quoted strings when you don't need string interpolation or special symbols.
 2024-04-17 15:40:08 -05:00
remmons-r7 275345b68d Fix single char 2024-04-17 13:54:58 -05:00
remmons-r7 41e19d7759 Draft of CVE-2024-3400 module 2024-04-17 13:52:50 -05:00
Spencer McIntyre 727849202d Land #19087, chore: remove repetitive words 2024-04-17 09:59:46 -04:00
sjanusz-r7 010f044117 Add https prefix to module URL references 2024-04-17 13:00:41 +01:00
bwatters 409f0e45a6 Remove Priv Esc to add it to another module and update it to only run once 2024-04-15 15:44:22 -05:00
fanqiaojun 6b2bdc893b chore: remove repetitive words 
Signed-off-by: fanqiaojun <fanqiaojun@yeah.net>
 2024-04-15 11:06:50 +08:00
Jack Heysel 8968222cf0 Rubocop, when will I learn 2024-04-04 13:41:08 -07:00
Jack Heysel 7f62dd2143 Responded to comments 2024-04-04 13:39:22 -07:00
Jack Heysel 531e7baa02 Add reminder todo 2024-04-03 17:08:09 -07:00
Jack Heysel 03fced404a Apache Solr Backup Restore RCE 
Writing file to disk working

working on linux

wip authentcaiton

Consolodated conf folders into one

Renamed conf1 to conf in msf data dir

Randomize the configuration name

Docs plus finishing touches

rubocop

Updated exploit file location

Removed unused external dir

Reduced conf folder
 2024-04-02 11:33:52 -07:00
Noam Rathaus 9cc294dbaf 1. Remove unused modules 
2. Prettify code
 2024-03-30 17:56:49 +03:00
Jack Heysel d7f3fd8cc0 Land #18915, Add Watchguard RCE CVE-2022-26318 
This PR adds a module for a buffer overflow at the administration
interface of WatchGuard Firebox and XTM appliances. The appliances are
built from a cherrypy python backend sending XML-RPC requests to a C
binary called wgagent using pre-authentication endpoint /agent/login.
This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before
12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful
exploitation results in remote code execution as user nobody.
 2024-03-28 10:24:32 -07:00
h00die-gr3y 6e6f1beb92 update addressing jheysel-r7 comments 2024-03-28 08:43:08 +00:00
bwatters e775c7c20a Land #18967, Artica Proxy unauthenticated RCE [CVE-2024-2054] 
Merge branch 'land-18967' into upstream-master
 2024-03-25 15:25:27 -05:00
h00die-gr3y f217312ad1 module and documentation updates based on review comments (bwatters-r7/cgranleese-r7) 2024-03-21 16:13:55 +00:00
Jack Heysel 2b90d33aef Land #18618, Add OpenNMS privesc and auth RCE 
This module exploits built-in functionality in OpenNMS Horizon in order
to execute arbitrary commands as the opennms user. For versions 32.0.2
and higher, this module requires valid credentials for a user with
ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST.
For versions 32.0.1 and lower, credentials are required for a user with
ROLE_FILESYSTEM_EDITOR, ROLE_REST, and/or ROLE_ADMIN privileges.
 2024-03-20 12:54:16 -07:00