adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,674 Commits 27 Branches 1,043 Tags
2c4eaff583a65ec9ad2f394bb87ca69cb1904d98
Commit Graph

4597 Commits

Author SHA1 Message Date
bcoles 91d3675c3b modules/exploits/linux/samba: Resolve RuboCop violations 2025-06-15 00:09:09 +10:00
cgranleese-r7 1c72a3adc3 Fixes duplicate notes in a couple of modules 2025-06-12 14:32:12 +01:00
msutovsky-r7 663cf4af24 Land #20303, resolves Rubocop violations in modules/exploits/linux/postgres 
modules/exploits/linux/postgres: Resolve RuboCop violations
 2025-06-12 15:20:05 +02:00
bcoles bf68b56f88 modules/exploits/linux/pptp: Resolve RuboCop violations 2025-06-12 21:14:25 +10:00
bcoles e0e5e4157a modules/exploits/linux/postgres: Resolve RuboCop violations 2025-06-12 21:03:41 +10:00
bcoles f95f5c928e modules/exploits/linux/ftp: Resolve RuboCop violations 2025-06-10 22:36:46 +10:00
Brendan ebae201198 Merge pull request #20160 from zeroSteiner/feat/mod/payload/php-adapters 
Add PHP adapters and refactor PHP payloads
 2025-06-09 07:41:50 -05:00
Martin Sutovsky f7fd84b82d Adds different approach to udev rule naming 2025-06-04 15:24:43 +02:00
msutovsky-r7 5fbf46ba7f Land #19472, adds exploits/linux/local/udev_persistence 
Add modules/exploits/linux/local/udev_persistence.rb
 2025-06-04 13:21:04 +02:00
Martin Sutovsky 6806385292 Update 2025-06-04 12:56:51 +02:00
Martin Sutovsky 0d31440722 Update the module 2025-06-04 12:19:36 +02:00
Julien Voisin 0106a4440e Merge branch 'master' into aka_equationgroup 2025-05-30 17:17:54 +02:00
Spencer McIntyre f3b650a409 Major refactoring of PHP payloads and related exploits 2025-05-30 09:06:38 -04:00
bcoles 943c94774a Modules: Resolve Rubocop Lint/Syntax violations 2025-05-21 18:27:24 +10:00
jheysel-r7 18dc39e9a5 Merge pull request #20213 from bcoles/modules-exploits-linux-pop3 
modules/exploits/linux/pop3: Resolve RuboCop violations
 2025-05-20 11:22:05 -07:00
jheysel-r7 3a0e294f50 Merge pull request #20212 from bcoles/modules-exploits-linux-redis 
modules/exploits/linux/redis: Resolve RuboCop violations
 2025-05-20 11:21:35 -07:00
jheysel-r7 426aaa80fb Merge pull request #20211 from bcoles/modules-exploits-linux-ids 
modules/exploits/linux/ids: Resolve RuboCop violations
 2025-05-20 10:57:03 -07:00
jheysel-r7 b99e161003 Merge pull request #20210 from bcoles/modules-exploits-linux-imap 
modules/exploits/linux/imap: Resolve RuboCop violations
 2025-05-20 10:50:58 -07:00
jheysel-r7 dd3093c806 Merge pull request #20203 from bcoles/rubocop-modules-exploits-linux-upnp 
modules/exploits/linux/upnp: Resolve RuboCop violations
 2025-05-20 10:46:46 -07:00
jheysel-r7 2810fdaa4a Merge pull request #20165 from bcoles/rubocop-modules-exploits-linux-browser 
modules/exploits/linux/browser: Resolve RuboCop violations
 2025-05-20 09:19:34 -07:00
bcoles 693620e1a5 modules/exploits/linux/pop3: Resolve RuboCop violations 2025-05-21 02:19:09 +10:00
bcoles 6597a6c5fc modules/exploits/linux/redis: Resolve RuboCop violations 2025-05-21 02:07:54 +10:00
bcoles 3aa6e2d8db modules/exploits/linux/ids: Resolve RuboCop violations 2025-05-20 23:54:29 +10:00
bcoles ec7d54152b modules/exploits/linux/imap: Resolve RuboCop violations 2025-05-20 23:42:47 +10:00
bcoles d567248b16 modules/exploits/linux/upnp: Resolve RuboCop violations 2025-05-18 16:29:41 +10:00
jheysel-r7 71565c6cdc Update modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb 
Co-authored-by: Simon Janusz <85949464+sjanusz-r7@users.noreply.github.com>
 2025-05-16 15:07:08 -07:00
Diego Ledda c68b10b640 Merge pull request #20164 from bcoles/rubocop-modules-exploits-linux-games 
modules/exploits/linux/games: Resolve RuboCop violations
 2025-05-16 10:27:24 +02:00
Brendan 76471731f9 Merge pull request #20112 from cdelafuente-r7/mod/ivanti/rce/cve_2025_22457 
Ivanti Connect Secure Unauthenticated RCE via Stack-based Buffer Overflow CVE-2025-22457
 2025-05-15 11:44:49 -05:00
bcoles 42a383e4c7 modules/exploits/linux/games: Resolve RuboCop violations 2025-05-16 00:09:30 +10:00
Christophe De La Fuente 365caab8fc Update the error message in case of Broken pipe error and update the documentation 2025-05-15 12:10:53 +02:00
Christophe De La Fuente 3d121839c8 Fix from code review #2 2025-05-13 17:17:41 +02:00
Christophe De La Fuente 4aea95f93c Fix from code review 2025-05-13 12:54:31 +02:00
bcoles 5062f596fd modules/exploits/linux/browser: Resolve RuboCop violations 2025-05-10 18:15:50 +10:00
bcoles 16ae7af550 modules/exploits/linux/antivirus: Resolve RuboCop violations 2025-05-10 18:15:04 +10:00
jheysel-r7 4b9032a487 Merge pull request #20060 from mekhalleh/rce_cve-2025-21293 
Added exploit module for CVE-2025-32433 (Erlang/OTP)
 2025-05-02 07:05:30 -07:00
RAMELLA Sebastien 8da70b64d7 modify exploit response message 
Signed-off-by: RAMELLA Sebastien <sebastien.ramella@pirates.re>
 2025-05-02 13:41:47 +04:00
RAMELLA Sebastien eef2fac8dc add HrrRbSsh and fix exploit response message 
Signed-off-by: RAMELLA Sebastien <sebastien.ramella@pirates.re>
 2025-05-02 13:18:21 +04:00
Christophe De La Fuente d83e6072ef Add the module and documentation for Ivanti RCE CVE-2025-22457 2025-04-30 22:02:16 +02:00
Chocapikk 73f0963d81 Lint ^^ 2025-04-30 16:16:30 +02:00
Valentin Lobstein 691cead95c Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-04-30 16:10:32 +02:00
Valentin Lobstein c85fe60596 Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-04-30 11:33:14 +02:00
Valentin Lobstein 301e9e64e7 Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-04-30 11:32:58 +02:00
Chocapikk 39a5d710aa Refactor module: modularization, session-path leak, randomized key, improved check 
- Centralized fetch_cookies_and_csrf and execute_via_session methods for clarity
- Added leak_session_path() to call send_transform("phpinfo") and parse session.save_path via XPath
- In check(): first try to leak the PHP session directory (report vulnerable if successful), then perform a simple RCE check by summing two 4-digit random numbers with print_r()
- Stub injection now happens once in fetch_cookies_and_csrf; execute_via_session only needs the payload
- Randomized the "as hack" key in send_transform
- Simplified exploit() to reuse execute_via_session with a Base64-encoded payload
- Big thanks to @jvoisin for the suggestions!
 2025-04-30 00:24:25 +02:00
Valentin Lobstein 9d0d12004e Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-04-29 19:59:09 +02:00
Valentin Lobstein 59b9249cec Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-04-29 19:58:38 +02:00
RAMELLA Sebastien 32a8e6797e fixes review 
Signed-off-by: RAMELLA Sebastien <sebastien.ramella@pirates.re>
 2025-04-27 20:31:13 +04:00
Chocapikk a0e9758c7f Improve error handling, and search csrf_token in root uri 2025-04-27 08:01:17 +02:00
Chocapikk ba094199da Fix typo 2025-04-26 10:41:30 +02:00
Chocapikk 332c61b6ea Fix cookie handling and switch to send_request_cgi for HTTP requests 2025-04-26 08:24:11 +02:00
Chocapikk 3e96b4148e Add comment about msftidy issue 2025-04-26 06:02:27 +02:00