adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,523 Commits 27 Branches 1,043 Tags
3672e2ba457c16a7b67dfed0bf32bb6a4e9532cf
Commit Graph

4829 Commits

Author SHA1 Message Date
msutovsky-r7 7b092aeedb Land #20806, adds module for unauthenticated command injection in Control Web Panel API (CVE-2025-67888) 
Adds module for Control Web Panel API Command Injection (CVE-2025-67888)
 2026-01-14 15:44:25 +01:00
Martin Sutovsky 2809ff8235 Fix archs 2026-01-13 14:24:04 +01:00
JohannesLks 4678d82c6d fix: architecture specification 2026-01-12 17:03:08 +01:00
h00die 19f5970c61 add udev mitre ref 2026-01-09 16:22:24 -05:00
h00die 52ad17690f add arch to windows modules and triggered execution attck to most persistence 2026-01-09 16:21:07 -05:00
msutovsky-r7 472016b753 Land #20796, moves udev module into persistence category 
update udev to persistence mixin
 2026-01-09 16:14:08 +01:00
jheysel-r7 ae4a5ac986 Merge pull request #20786 from zeroSteiner/feat/lib/mod-merge-target-info 
Merge target info into the module info
 2026-01-08 18:01:14 -08:00
JohannesLks 8bd24f4ecf Fix:n- Use Rex::Stopwatch for time-based checkn- Change CheckCode::Appears to CheckCode::Vulnerable - Add cmd/base64 encoder in Payload hash for Unix Command target - Simplify execute_command by removing manual base64 encoding 2026-01-08 12:38:20 -05:00
JohannesLks c859f18557 fix: - Hardcode endpoint path in send_request_cgi - Use idiomatic Ruby single-line conditional - Remove unnecessary return keyword 2026-01-08 15:34:11 +01:00
Xorriath 2030d19438 Update modules/exploits/linux/http/prison_management_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-01-07 14:45:03 +02:00
Xorriath 2ef1b9fbae Update modules/exploits/linux/http/prison_management_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-01-07 14:44:51 +02:00
Xorriath a676b05928 Update modules/exploits/linux/http/prison_management_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-01-06 12:35:32 +02:00
Xorriath 236d94ee54 Update modules/exploits/linux/http/prison_management_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-01-06 12:35:17 +02:00
Xorriath b35d74b305 Update modules/exploits/linux/http/prison_management_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-01-06 12:35:01 +02:00
Lukas Johannes Möller 982f5e0e28 control_web_panel_api_cmd_exec.rb aktualisieren 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-12-26 16:04:42 +01:00
Lukas Johannes Möller 0bfb77d74f control_web_panel_api_cmd_exec.rb aktualisieren 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-12-26 16:04:12 +01:00
kali 2448429502 Add Prison Management System 1.0 auth RCE (CVE-2024-48594) 2025-12-26 08:08:49 +02:00
JohannesLks 5329e1472e fix: PR and Lint 2025-12-24 06:39:13 -05:00
JohannesLks 455275d087 add module for CVE-2025-67888 2025-12-23 19:21:34 -05:00
h00die 3ea866c41d udev persistence 2025-12-21 07:50:48 -05:00
sfewer-r7 0c947d05ab add in the AKB analysis 2025-12-19 15:38:43 +00:00
sfewer-r7 5c6c8a3956 better check result given we have the version string 2025-12-19 15:38:27 +00:00
sfewer-r7 a4dba96712 add in the HPE OneView exploit 2025-12-19 15:30:53 +00:00
Spencer McIntyre 602adeb4c5 Mass rubocop changes 2025-12-18 10:08:31 -05:00
Spencer McIntyre d4b196b309 Update exploits to note target authors 
Target authors were selected based on comments that indicated that the
author was only responsible for a set of descrete targets. Authors that
were noted as assisting with target testing, check module development,
etc. were left at the module level.
 2025-12-17 17:30:16 -05:00
Spencer McIntyre 8945267db6 Remove redundant Platform and Arch definitions 2025-12-17 16:12:31 -05:00
Spencer McIntyre 2103e1b5f6 Fix a bug in the platform definition 2025-12-17 15:57:58 -05:00
sfewer-r7 795c38c524 Combine the 7.x and 6.x targets together, as Linux payloads work on 7.x also, so this target is Unix and Linux. This leaves the 8.x target Unix only due to IMA appraisal. 2025-11-28 10:12:02 +00:00
sfewer-r7 014312873c get both unix and linux payloads working on 6.x. Add a note to the docs about setting a gateway. 2025-11-27 20:28:44 +00:00
sfewer-r7 f5e8aa83be add in exploit support for FortiWeb versions 6.x which are vulnerable, but no longer under support from the vendor. 2025-11-27 12:43:19 +00:00
Brendan e998b91aee Merge pull request #20717 from sfewer-r7/fortiweb-exploit-rce 
Add exploit module for Fortinet FortiWeb (CVE-2025-64446 + CVE-2025-58034)
 2025-11-25 14:14:31 -06:00
Brendan 1912fe2a95 Merge pull request #20702 from Zedeldi/igel-os-modules 
IGEL OS modules
 2025-11-25 13:59:44 -06:00
sfewer-r7 fa03ac8b66 on 7.4.8 the command nohup is not available. we must execute our payload in a new session, so we use a python stub to essentially call setsid. This has been tested to work on both 8.0.1 and 7.4.8. Teh payload cmd/unix/reverse_python isnot working as it previously was, so I am removing from the list of confirmed paylaods. The other two, cmd/unix/reverse_bash and cmd/unix/reverse_openssl work fine on both versions 2025-11-25 11:25:41 +00:00
sfewer-r7 8a054b74db improve check logic to actualy parse JSON result for expected reply, tested against 8.0.1 and 7.4.8 2025-11-25 11:22:43 +00:00
Zedeldi d1fe17747c Add check methods and update DisclosureDate 2025-11-24 17:12:56 +00:00
Zedeldi ffaf43af2f Add writable? and file? checks to write_payload 2025-11-24 11:45:34 +00:00
Zedeldi 0c4d1e70d1 Add support for ARCH_CMD payload 2025-11-24 11:16:22 +00:00
sfewer-r7 b8cefb1af9 add nohup when bootstraping the payload to avoid the scenario when the parent dies it tears down our payload child process 2025-11-21 15:54:41 +00:00
Zedeldi da33eed842 Use fail_with instead of a check method 2025-11-21 14:02:05 +00:00
Zedeldi c0a756a751 Verify registry has been written successfully 2025-11-21 13:52:41 +00:00
Zedeldi 425adfa9bf Prefer create_process over cmd_exec for commands with arguments 2025-11-21 13:40:25 +00:00
sfewer-r7 aff76622fa add in the unauth RCE exploit module for CVE-2025-64446 + CVE-2025-58034 2025-11-21 12:22:25 +00:00
Zedeldi ba702d40ea Remove x86 target and redundant DefaultOptions 2025-11-21 12:04:49 +00:00
Brendan bb728c44d7 Merge pull request #20560 from cdelafuente-r7/feat/mitre/T1021 
Add T1021 "Remote Services" MITRE technique and sub-technique references
 2025-11-20 11:19:31 -06:00
Zedeldi 8d28ce611a Revert to cmd_exec for modify_service and improve code style 2025-11-19 20:33:46 +00:00
Zedeldi bc2c397b8c Add check for root access to igel_persistence 2025-11-19 20:01:57 +00:00
Zack Didcott beed317573 Use create_process instead of cmd_exec 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-11-19 18:02:08 +00:00
Zack Didcott 22aead0db1 Use vprint_status for modify_service and restart_service 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-11-19 18:01:05 +00:00
Christophe De La Fuente 179a545312 Remove false positive references 2025-11-19 17:34:15 +01:00
Zedeldi c6db0d4285 Move IGEL OS persistence module to linux/persistence 2025-11-17 18:42:28 +00:00