adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
71,086 Commits 27 Branches 1,043 Tags
2efcbbb772880a25bbdb9da20564def641876dbd
Commit Graph

5784 Commits

Author SHA1 Message Date
Jack Heysel 10c1b79c37 Land #17861, pfSense Config Data RCE as root 
This module exploits a vulnerability in pfSense version
2.6.0 and below which allows for authenticated users to
execute arbitrary operating systems commands as root.
 2023-07-12 14:32:06 -04:00
emirpolatt 34f25fbb65 pfSense Config Data Remote Command Execution as root (CVE-2023-27253) Module 2023-07-12 13:27:02 -04:00
adfoster-r7 5cb5c18550 Land #18170, Add module for SmarterMail Build 6985 - dotNET Deserialization Remote Code Execution (CVE-2019-7214) 2023-07-10 23:56:09 +01:00
Jack Heysel 420147d02e Land #18164, WooCommerce Payments auxiliary module 
This module exploits an auth bypass and priv esc vulnerability
in order to create an admin wordpress user.
 2023-07-10 17:19:56 -04:00
jheysel-r7 5261d842bc Update documentation/modules/auxiliary/scanner/http/wp_woocommerce_payments_add_user.md 2023-07-10 14:18:50 -04:00
ismaildawoodjee 1706812099 Implemented requested changes 
* Small fixes in Description - removed backticks
* Implemented Windows Command target
* Removed PowerShell Stager, in Targets and in exploit method
* Implemented Rex::Socket::Tcp in place of TCPSocket

* Updated TARGET section in documentation
* Added TARGET 0 - Windows Command scenario
* Removed PowerShell Stager scenario
* Replaced 'Using configured payload' lines to use Windows Command payload
  for the 2nd, 3rd, and 4th scenarios. Did not rerun the scenarios, however
 2023-07-07 04:14:20 -04:00
Ismail Dawoodjee 24ef4e1b90 Update documentation/modules/exploit/windows/http/smartermail_rce.md 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2023-07-06 18:49:49 +03:00
ismaildawoodjee ad0d3e79a9 SmarterMail RCE module and documentation 2023-07-06 08:00:28 -04:00
Grant Willcox 3abcb3ebaa Explain ADMINID field more 2023-07-05 13:10:41 -05:00
Grant Willcox ce19ce5b72 Apply fixes from review 2023-07-05 12:24:51 -05:00
Jack Heysel f1b5cd46f4 Apache RocketMQ update config RCE 2023-07-05 12:38:51 -04:00
h00die f77e7db637 woocommerce payments auth bypass 2023-07-04 13:09:27 -04:00
h00die 375a315b3d woocommerce payments auth bypass 2023-07-04 13:05:07 -04:00
Spencer McIntyre 67f7a33d77 Land #18114, .NET assembly execution enhancements 
Allow .NET assembly execution within the meterpreter process
 2023-06-27 09:32:43 -04:00
Jack Heysel bf1e6bddd1 Land #18134, Add exploit for CVE-2023-25194 
This exploits a Java deserialization vulnerbility
in Apache Druid which arises from a JNDI injection
within Apache Kafka clients.
 2023-06-23 16:52:04 -04:00
dwelch-r7 d68eb84334 Land #18065, Updates jenkins_gather module to work with newer version of Jenkins 2023-06-23 10:44:06 +01:00
cgranleese-r7 9176d0d3e0 Updates jenkins_gather to work with newer version of Jenkins 2023-06-23 10:02:03 +01:00
Heyder Andrade b026b38851 Apply suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-06-23 09:36:50 +02:00
Spencer McIntyre b5e028b47c Land #18100, Add MOVEit CVE-2023-34362 2023-06-22 14:23:44 -04:00
Spencer McIntyre dfd450561e Tweak some messages and cleanup markdown table 2023-06-22 14:23:25 -04:00
Redwaysecurity.com 77bb6759a6 Review suggestions 2023-06-22 18:12:13 +02:00
bwatters 5f667e1d79 Address code review 2023-06-22 10:22:43 -05:00
dwelch-r7 e298788a28 Land #18049, Update jenkins login scanner to work with newer versions 2023-06-22 14:04:24 +01:00
Redwaysecurity.com e2fc3c5eff Fixed documentation offenses 2023-06-22 14:48:16 +02:00
Redwaysecurity.com a8332e6064 Added exploit for CVE-2023-25194 2023-06-22 14:17:32 +02:00
bwatters 2adea08f67 Add documentation & code cleanup 2023-06-21 15:41:50 -05:00
cgranleese-r7 0609d246f3 adds more future proofing to implementation 2023-06-21 14:19:24 +01:00
Ashley Donaldson 6e438d338e Modify execute_dotnet_assembly to run in existing processes (including our own process) and receive output. 2023-06-21 12:04:09 +10:00
space-r7 9776a6eb4a Land #18078, add SID support for icpr_cert 
pulls in latest changes
 2023-06-15 13:39:31 -05:00
space-r7 5b77805d68 Land #18078, add support for SID in icpr_cert 2023-06-15 13:17:09 -05:00
adfoster-r7 51dc30909a Land #17670, add module to exploit CVE-2019-16328 2023-06-14 23:30:33 +01:00
Spencer McIntyre ae4faca1ba Update module docs to discuss KB5014754 changes 2023-06-14 16:18:04 -04:00
Jack Heysel c98cc00de9 Land #18075, RocketMQ version scanner 2023-06-13 18:15:34 -04:00
space-r7 7af22bfd41 Land #18077, add Symmetricom unauth cmd injection 2023-06-13 17:07:16 -05:00
space-r7 0d85c9e380 add module documentation 2023-06-13 13:14:51 -05:00
h00die-gr3y 4479d94658 Updates based on review comments from space-r7 and jvoisin 2023-06-12 19:28:08 +00:00
h00die-gr3y 7cd3854208 Removed Webshell upload and updated documentation 2023-06-12 13:58:59 +00:00
h00die-gr3y db8a49cc99 Updated documentation 2023-06-10 12:14:05 +00:00
h00die-gr3y 417c9fa591 init commit module and documentation 2023-06-10 09:42:32 +00:00
space-r7 c9af514be4 Land #18063, add TerraMaster webshell upload 2023-06-09 17:55:32 -05:00
Spencer McIntyre 4c817ce1de Land #17946, CVE-2023-21839 - Oracle Weblogic RCE 
CVE-2023-21839 - Oracle Weblogic PreAuth Remote Command Execution via ForeignOpaqueReference IIOP Deserialization
 2023-06-09 14:55:43 -04:00
space-r7 c8609d7983 Land #18070, add TerraMaster chained exp module 2023-06-09 12:29:47 -05:00
sfewer-r7 27f5a789c9 rework the exploit to use the new MIPS64 fetch payload adapters. Removed the seperate command and dropper targets in favor of a single default target which can do both thanks to fetch payloads. Removed the redundant IO select() call which was bad copy pasta on my part. 2023-06-09 09:47:57 +01:00
Stephen Fewer a1528556e0 Merge branch 'rapid7:master' into CVE-2023-28771 2023-06-09 09:42:19 +01:00
Spencer McIntyre 238118e8b5 Update module docs to discuss KB5014754 changes 2023-06-08 15:10:35 -04:00
Spencer McIntyre 5b5c29842c Land #18022, Add post/windows/manage/make_token 
Add update_token to MSF + make_token post-ex module
 2023-06-08 14:53:22 -04:00
Spencer McIntyre d8870d7876 Address msftidy_docs complaints 2023-06-08 14:52:57 -04:00
Grant Willcox a1e930397a Land #18072, Add CVE-2023-1133 - .NET Deserialization exploit for Delta Electronics InfraSuite Device Master 2023-06-08 08:42:07 -05:00
h00die-gr3y 0bcd930f61 Updated NAS model and version check 2023-06-08 09:12:45 +00:00
h00die-gr3y b3b0cb4ccf Updates based on space-r7 comments 2023-06-08 07:39:44 +00:00