adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,127 Commits 27 Branches 1,043 Tags
2b58dec0f36bcdd6dd6e49db7700a3a408eec9c3
Commit Graph

4802 Commits

Author SHA1 Message Date
sfewer-r7 795c38c524 Combine the 7.x and 6.x targets together, as Linux payloads work on 7.x also, so this target is Unix and Linux. This leaves the 8.x target Unix only due to IMA appraisal. 2025-11-28 10:12:02 +00:00
sfewer-r7 014312873c get both unix and linux payloads working on 6.x. Add a note to the docs about setting a gateway. 2025-11-27 20:28:44 +00:00
sfewer-r7 f5e8aa83be add in exploit support for FortiWeb versions 6.x which are vulnerable, but no longer under support from the vendor. 2025-11-27 12:43:19 +00:00
Brendan e998b91aee Merge pull request #20717 from sfewer-r7/fortiweb-exploit-rce 
Add exploit module for Fortinet FortiWeb (CVE-2025-64446 + CVE-2025-58034)
 2025-11-25 14:14:31 -06:00
Brendan 1912fe2a95 Merge pull request #20702 from Zedeldi/igel-os-modules 
IGEL OS modules
 2025-11-25 13:59:44 -06:00
sfewer-r7 fa03ac8b66 on 7.4.8 the command nohup is not available. we must execute our payload in a new session, so we use a python stub to essentially call setsid. This has been tested to work on both 8.0.1 and 7.4.8. Teh payload cmd/unix/reverse_python isnot working as it previously was, so I am removing from the list of confirmed paylaods. The other two, cmd/unix/reverse_bash and cmd/unix/reverse_openssl work fine on both versions 2025-11-25 11:25:41 +00:00
sfewer-r7 8a054b74db improve check logic to actualy parse JSON result for expected reply, tested against 8.0.1 and 7.4.8 2025-11-25 11:22:43 +00:00
Zedeldi d1fe17747c Add check methods and update DisclosureDate 2025-11-24 17:12:56 +00:00
Zedeldi ffaf43af2f Add writable? and file? checks to write_payload 2025-11-24 11:45:34 +00:00
Zedeldi 0c4d1e70d1 Add support for ARCH_CMD payload 2025-11-24 11:16:22 +00:00
sfewer-r7 b8cefb1af9 add nohup when bootstraping the payload to avoid the scenario when the parent dies it tears down our payload child process 2025-11-21 15:54:41 +00:00
Zedeldi da33eed842 Use fail_with instead of a check method 2025-11-21 14:02:05 +00:00
Zedeldi c0a756a751 Verify registry has been written successfully 2025-11-21 13:52:41 +00:00
Zedeldi 425adfa9bf Prefer create_process over cmd_exec for commands with arguments 2025-11-21 13:40:25 +00:00
sfewer-r7 aff76622fa add in the unauth RCE exploit module for CVE-2025-64446 + CVE-2025-58034 2025-11-21 12:22:25 +00:00
Zedeldi ba702d40ea Remove x86 target and redundant DefaultOptions 2025-11-21 12:04:49 +00:00
Brendan bb728c44d7 Merge pull request #20560 from cdelafuente-r7/feat/mitre/T1021 
Add T1021 "Remote Services" MITRE technique and sub-technique references
 2025-11-20 11:19:31 -06:00
Zedeldi 8d28ce611a Revert to cmd_exec for modify_service and improve code style 2025-11-19 20:33:46 +00:00
Zedeldi bc2c397b8c Add check for root access to igel_persistence 2025-11-19 20:01:57 +00:00
Zack Didcott beed317573 Use create_process instead of cmd_exec 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-11-19 18:02:08 +00:00
Zack Didcott 22aead0db1 Use vprint_status for modify_service and restart_service 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-11-19 18:01:05 +00:00
Christophe De La Fuente 179a545312 Remove false positive references 2025-11-19 17:34:15 +01:00
Zedeldi c6db0d4285 Move IGEL OS persistence module to linux/persistence 2025-11-17 18:42:28 +00:00
Zedeldi f29505d0d0 Add IGEL OS modules 2025-11-17 15:18:09 +00:00
Diego Ledda 110cb837aa Merge pull request #20672 from h00die-gr3y/centreon_auth_rce 
Centreon authenticated command injection leading to RCE via broker engine "reload" parameter [CVE-2025-5946]
 2025-11-05 16:29:29 +01:00
h00die-gr3y 34c424f473 update based on dledda-r7 comments 2025-11-05 09:20:13 +00:00
h00die-gr3y 61dfc293d9 update based on dledda-r7 comments 2025-11-03 14:37:23 +00:00
h00die-gr3y 85b4233345 updated module based on review comments and added documentation 2025-11-03 10:21:31 +00:00
h00die-gr3y 83e7fc2667 update attackerkb reference 2025-11-02 18:26:34 +00:00
h00die-gr3y e01456bcf4 init commit module 2025-11-02 17:45:22 +00:00
Diego Ledda 13dc61e2e8 Merge pull request #20523 from h00die/modern_persistence_upstart 
update upstart to persistence mixin
 2025-10-31 12:28:59 +01:00
bcoles 676a2ed4b1 Add Rootkit Privilege Escalation Signal Hunter 2025-10-31 17:22:19 +11:00
h00die c0b3f40b3e upstart review 2025-10-27 19:45:38 -04:00
bcoles 52b7f1ff25 Deprecate exploit/linux/local/diamorphine_rootkit_signal_priv_esc 2025-10-24 17:05:10 +11:00
h00die 55583bd2c8 review for sysv persistence 2025-10-14 19:30:06 -04:00
Christophe De La Fuente 3b727fbaf2 Code review 2025-10-14 16:25:43 +02:00
Christophe De La Fuente 0a755ea03a Add references to MITRE ATT&CK T1021 - Remote Services 2025-10-14 16:25:30 +02:00
h00die 7a8189f976 additional check 2025-10-13 14:07:18 -04:00
h00die c0b09693e3 systemv updated with mixin udpates 2025-10-13 13:42:41 -04:00
h00die 1a13d39a4d use attck ref in sysvinit persistence module 2025-10-13 13:42:41 -04:00
h00die 058e858e82 update systemvinit to persistence mixin 2025-10-13 13:42:41 -04:00
Brendan 91c0adb17f Merge pull request #20585 from vognik/CVE_2025_60787 
Add MotionEye Authenticated RCE (CVE-2025-60787)
 2025-10-09 13:50:25 -05:00
Vognik 267a26b763 code review changes from smcintyre-r7@ 2025-10-09 21:51:31 +04:00
Spencer McIntyre 9dc5696cc4 Update dash characters in module references 2025-10-07 14:03:32 -04:00
Spencer McIntyre fd21209e4d Add missing CVEs from VulnCheck 2025-10-07 13:59:13 -04:00
msutovsky-r7 79ff667d5e Land #20538, adds systemd override persistence module 
persistence: systemd service override
 2025-09-26 15:57:31 +02:00
Martin Sutovsky 00f902b04b Adds formatting to cleanup commands 2025-09-26 15:00:09 +02:00
Martin Sutovsky a91f5f53f2 Substitutes cmd_exec with mkdir to create_process 2025-09-25 18:20:54 +02:00
h00die 160cf5c55b peer review for yum persistence 2025-09-18 16:15:24 -04:00
h00die 15f4abd1b2 update yum to persistence module 2025-09-18 15:36:44 -04:00