adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
75,586 Commits 27 Branches 1,043 Tags
2d1af7d80909a8a9986efd9031ceb210e5810593
Commit Graph

3946 Commits

Author SHA1 Message Date
jheysel-r7 2d1af7d809 Land #19648 Add exploit module for FortiManager (CVE-2024-47575) 2024-12-02 18:31:25 -08:00
jheysel-r7 a230a353e4 Land #19613 Asterisk authenticated rce via AMI (CVE-2024-42365) 2024-12-02 08:21:35 -08:00
h00die d13bccca05 peer review 2024-11-28 20:24:25 -05:00
h00die-gr3y a945a54fc3 Merge remote-tracking branch 'origin/master' into acronis-rce 2024-11-27 21:50:53 +00:00
Spencer McIntyre 502e415344 Merge pull request #19630 from remmons-r7/cups_ipp_rce 
Exploit module for IPP attributes remote code execution - OpenPrinting CUPS
 2024-11-22 09:22:21 -05:00
sfewer-r7 000ffb2406 make the check routine return a message for Detected. 2024-11-22 12:37:50 +00:00
jheysel-r7 d95d549992 Land #19531 ProjectSend r1335 - r1605 RCE module 2024-11-21 09:53:36 -08:00
ostrichgolf 68eb6599fd Create projectsend_unauth_rce 2024-11-21 09:34:58 -08:00
jheysel-r7 afbbba09e8 Land #19584 Judge0 sandbox escape CVE-2024-28185, CVE-2024-28189 2024-11-20 14:35:38 -08:00
Takah1ro da6f8cd552 Add Judge0 module and document 2024-11-20 14:15:38 -08:00
jheysel-r7 05cbd1d9a3 Land #19593 Add exploit for CVE-2023-28324 (Unauthenticated RCE in Ivanti EPM) 
This exploits an unauthenticated RCE in Ivanti's EPM where a .NET remoting client can invoke a method that results in an OS command being executed in the context of NT AUTHORITY\SYSTEM.
 2024-11-20 11:18:58 -08:00
Spencer McIntyre e52edf447c Implement feedback from the PR 2024-11-20 13:51:39 -05:00
sfewer-r7 c58dbbfb61 add in documentation 2024-11-15 17:42:57 +00:00
Spencer McIntyre 5d9add4450 Merge pull request #19640 from jheysel-r7/pyload_js2py_cve_2024_39205 
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
 2024-11-15 09:24:37 -05:00
Jack Heysel d2ef3cb6a9 Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397) 2024-11-12 16:05:07 -08:00
Brendan 19e182ce65 Land #19557, Add Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module 
Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module
 2024-11-12 16:42:06 -06:00
h4x-x0r a09ca39dee Update documentation/modules/exploit/linux/http/paloalto_expedition_rce.md 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-12 09:03:51 -06:00
h4x-x0r 61486cd877 Update documentation/modules/exploit/linux/http/paloalto_expedition_rce.md 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-12 09:03:35 -06:00
h00die 4ebc6f1ff1 peer review 2024-11-11 17:37:33 -05:00
remmons-r7 b712f9a745 Create cups_ipp_remote_code_execution.md 2024-11-11 15:53:14 -06:00
h00die 0de93eedb7 asterisk ami auth rce 2024-11-04 16:27:58 -05:00
h00die 9cba5dad59 WIP for asterisk rce 2024-11-01 16:28:45 -04:00
jheysel-r7 222df0bfdf Land #19527 Add bypass for GiveWP RCE (CVE-2024-8353) 
This updates the exploit module wp_giveup_rce_bypass to incorporate the bypass CVE, allowing the payload to work on all affected versions of the GiveWP plugin.
 2024-10-30 16:29:14 -04:00
jheysel-r7 094250f7e7 Land #19489 Add WordPress wp-automatic SQLi to RCE module 2024-10-30 09:05:03 -04:00
Spencer McIntyre 9f41937c7a Finish up the exploit module 2024-10-28 17:20:35 -04:00
h00die-gr3y 6aeb9d130b added the output option to the documentation 2024-10-25 14:13:18 +00:00
h00die-gr3y ae176fdfd5 update based on review comments of adfoster-r7 2024-10-25 14:01:10 +00:00
h00die-gr3y d9f8b66d21 updated documentation with some small tweaks 2024-10-23 17:36:00 +00:00
h00die-gr3y 331a3ad74a second release module and documentation with some small tweaks 2024-10-23 14:40:00 +00:00
h00die-gr3y 82e0b34670 added documentation 2024-10-23 13:11:14 +00:00
h4x-x0r 661075a45c handling additional case 
handling additional case when autocheck is disabled and no credentials are provided
 2024-10-22 03:42:39 +01:00
Diego Ledda 59d026acd3 Land #19544, Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow iconv() of GLIBC (CVE-2024-2961) 2024-10-18 14:39:54 +02:00
adfoster-r7 7b400f18fe Fix metabase rce to support older versions 2024-10-17 10:10:50 +01:00
Diego Ledda 9a245e6e06 Land #19485, Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257) 
Land #19485, Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257)
 2024-10-15 17:13:15 +02:00
Chocapikk 6c099f2b73 Add WordPress wp-automatic SQLi to RCE module (CVE-2024-27956) 2024-10-14 18:13:17 +02:00
h4x-x0r 34538df83c PoC and Documentation 
PoC and Documentation
 2024-10-14 05:09:29 +01:00
Jack Heysel 44b33b8010 Fixed multiple sessions and instability 2024-10-10 11:36:16 -07:00
Jack Heysel dab5d66e37 Test and respond to comments 2024-10-09 22:52:55 -07:00
Jack Heysel a4ef40a233 Updated docs with Options section 2024-10-09 13:08:20 -07:00
Jack Heysel e8711c5b20 Magento XXE to GLIBC buffer overflow 2024-10-09 12:53:29 -07:00
dledda-r7 3211edd83c docs: review changes 2024-10-09 12:18:35 -04:00
dledda-r7 2762132830 docs: adding motd_persistence docs 2024-10-08 11:22:13 -04:00
Valentin Lobstein 48e740d1fc Update documentation/modules/exploit/multi/http/wp_givewp_rce.md 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
 2024-10-03 16:34:24 +02:00
jheysel-r7 1cdaeac843 Land #19463 Add Acronis Cyber Default Password RCE 
This adds an RCE module Acronis Cyber Infrastructure Default Password [CVE-2023-45249]
 2024-10-02 16:02:50 -04:00
Chocapikk 58878db970 update doc 2024-10-02 19:56:22 +02:00
Chocapikk fbb74a6d2d Add bypass for GiveWP RCE (CVE-2024-8353) 2024-10-02 19:53:20 +02:00
jheysel-r7 8761226b97 Land #19456 VICIdial Auth RCE module 
This adds a module to exploit CVE-2024-8504 an authenticated RCE in VICIdial
 2024-09-30 17:13:33 -04:00
Chocapikk 10a4b24ed7 Better file clean 2024-09-27 01:17:07 +02:00
h00die-gr3y c43a4f4b0b Fixed cluster ID issue 2024-09-26 21:53:27 +00:00
Brendan dbc020a745 Merge pull request #19441 from Takahiro-Yoko/cve_2023_0386_priv_esc 
Land #19441, Add module: Linux Priv Esc (OverlayFS copying bug) CVE-2023-0386
 2024-09-26 14:07:17 -05:00