adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,438 Commits 27 Branches 1,043 Tags
393aed445debc4148b6a868ab397f5252b2413ff
Commit Graph

6499 Commits

Author SHA1 Message Date
Takah1ro 0f6e2a62b5 Fix numbering 2024-07-24 19:27:11 +09:00
Takah1ro 86ae938b1f Add # 2024-07-24 18:55:52 +09:00
Takah1ro b023ebfb7d Add space at EOL 2024-07-24 18:51:23 +09:00
Takah1ro dc60fe8025 Update skywalker.md 2024-07-24 18:49:09 +09:00
Takahiro Yokoyama a18ce36459 Update empire_skywalker.md 2024-07-21 09:36:45 +09:00
Takahiro Yokoyama 48ea314138 Update empire_skywalker.md 2024-07-20 14:44:15 +09:00
Takahiro Yokoyama ec45763f05 Add empire_skywalker module documentation 2024-07-20 14:10:00 +09:00
bwatters 636c72965c Land #19084, Add CVE-2022-1373 and CVE-2022-2334 exploit chain 
Merge branch 'land-19084' into upstream-master
 2024-07-19 12:22:25 -05:00
bwatters 9b7b1fd16e Land #19313, Ghostscript Command Execution via Format String (CVE-2024-29510) 
Merge branch 'land-19313' into upstream-master
 2024-07-19 11:24:11 -05:00
Jack Heysel 6ad5ba36fd Land #19304, Add Magento XXE File Read Exploit 
This adds an auxiliary module for an XXE which results in an arbirary
file in Magento which is being tracked as CVE-2024-34102
 2024-07-18 10:32:03 -07:00
jheysel-r7 53afe2b28f Updated SRVHOST description in doc file 2024-07-18 12:44:06 -04:00
redwaysecurity.com a5208e0c5f Moved module to auxiliary/gather 2024-07-17 18:47:02 +02:00
redwaysecurity.com 5e693dcbe7 Fix typo 2024-07-17 18:14:03 +02:00
Christophe De La Fuente e9c511c979 Add documentation and some updates 2024-07-16 16:34:28 +02:00
redwaysecurity.com 173a244718 Added documentation 
Signed-off-by: redwaysecurity.com <heyder@redwaysecurity.com>
 2024-07-16 13:17:49 +02:00
Jack Heysel f7449ea850 Land #19311, Add GeoServer unauth RCE module 
This adds an exploit module for CVE-2024-36401, an unauthenticated RCE
vulnerability in GeoServer versions prior to 2.23.6, between version
2.24.0 and 2.24.3 and in version 2.25.0, 2.25.1.
 2024-07-12 11:07:36 -07:00
H00die.Gr3y 292c177b74 Apply suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-07-12 19:20:46 +02:00
Jack Heysel 5d210b548b added windows support 2024-07-11 16:34:07 -07:00
h00die-gr3y 4e76068cea added armle architecture support 2024-07-11 21:42:45 +00:00
h00die-gr3y 92f6445856 added documentation 2024-07-11 21:24:50 +00:00
remmons-r7 7746c8877e Add sysinfo Meterpreter output and target OS version numbers 2024-07-09 16:31:01 -05:00
remmons-r7 06da60cade Adding atlassian_confluence_rce_cve_2024_21683 documentation 
Adding CVE-2024-21683 documentation, which includes both Windows and Linux examples.
 2024-07-09 14:05:43 -05:00
Jack Heysel aabd9febb2 Land #19274, Ivanti EPM SQLi to RCE 
This adds an exploit for CVE-2024-29824, an  unauthenticated SQLi
which can be used to obtain RCE in Ivanti Endpoint Manager 2022 SU5 and
prior
 2024-07-08 12:52:34 -07:00
dledda-r7 f7902c2826 Land #19295, MOVEit Transfer SFTP auth bypass 2024-07-04 04:27:50 -04:00
Christophe De La Fuente df8f281d18 Land #19204, Zyxel VPN Series Pre-auth Command Injection 2024-07-03 20:14:39 +02:00
dledda-r7 1e0db9ec83 Land #10113, Azure CLI steal tokens post module. 2024-07-03 11:32:04 -04:00
sfewer-r7 0d7efcaabc add in AKB analysis link and fix some typos 2024-07-01 09:25:19 +01:00
adeherdt-r7 52142f280f MS-9454 Redis Scanner: Support versions 
Updating the Redis Login Scanner to properly support all versions of Redis and their implementations to handle the `AUTH` command.
 2024-06-28 15:25:49 +02:00
h00die db0f11bfe4 Update azure_cli_creds.md 2024-06-27 10:45:42 -04:00
sfewer-r7 aff9e07f1f add in the aux gather module for CVE-2024-5806 2024-06-27 09:32:47 +01:00
adfoster-r7 afa973e05e Fix reids_login scanner when auth is enabled 2024-06-26 13:32:16 +01:00
Spencer McIntyre a5afdd6e04 Land #19205, Add MS-NRPC users enumeration module 2024-06-24 18:52:47 -04:00
h00die b4975f6a23 updates to azure cli creds 2024-06-24 17:06:04 -04:00
Jack Heysel 9cfaa2e69f Lowered rank and explained mock testing 2024-06-24 09:13:46 -07:00
Christophe De La Fuente 24fa34e7b9 Land #19188, Netis MW5360 unauthenticated RCE [CVE-2024-22729] 2024-06-24 13:40:51 +02:00
Christophe De La Fuente ecb628eaab Add module and documentation 2024-06-20 15:30:54 +02:00
Jack Heysel bae70a4b98 Land #19255, Add SolarWinds Serv-U aux module 
This module exploits an unauthenticated file read vulnerability, due to
directory traversal, affecting SolarWinds Serv-U FTP Server 15.4, Serv-U
Gateway 15.4, and Serv-U MFT Server 15.4. All versions prior to the
vendor supplied hotfix "15.4.2 Hotfix 2" (version 15.4.2.157) are
affected.
 2024-06-19 10:54:45 -07:00
sud0Ru a5a296aef7 Delete old documentation file 2024-06-18 17:52:33 +03:00
Jack Heysel dc70aa0896 Land #19247, PHP CGI Arg injection RCE 
XAMPP installs running on Windows system configured to use Japanese or
Chinese (simplified or traditional) locales are vulnerable to a PHP CGI
argument injection vulnerability. This exploit module returns a session
running in the context of the Administrator user
 2024-06-17 11:27:38 -07:00
h00die 434455757d tested azure_cli_creds against data files 2024-06-16 20:25:47 -04:00
Jack Heysel e14dd93d6f Rebased encoder fix, removed PS paylaod dependency 2024-06-14 16:59:55 -07:00
Jack Heysel ade11a5a4b Added default options fixed Verification Steps 2024-06-14 16:41:12 -07:00
Jack Heysel 1dfd5da51e Apache OFBiz Dir Traversal RCE 2024-06-14 16:41:12 -07:00
Jack Heysel 178bb3e085 Land #19229, Junos OS PHPRC module enhancement 
The junos_phprc_auto_prepend_file module used to depend on having a user
authenticated to the J-Web application to steal the necessary session
tokens in order to exploit. With this enhancement the module will now
create a session if one doesnt exist. Also it adds datastore options to
change the hash format to be compatible with older version as well an
option to attempt to set ssh root login to true before attempting to
establish a root ssh session
 2024-06-14 11:35:15 -07:00
Jack Heysel 1bb95acd12 Updated documentation 2024-06-14 11:02:31 -07:00
Jack Heysel 35d161be91 Land #19221, CheckPoint Security Gateway file read 
This module leverages an unauthenticated arbitrary root file read
vulnerability for Check Point Security Gateway appliances. When the
IPSec VPN or Mobile Access blades are enabled on affected devices,
traversal payloads can be used to read any files on the local file
system. This vulnerability is tracked as CVE-2024-24919.
 2024-06-13 11:03:58 -07:00
Jack Heysel 1abe3b9a26 Add detail to setup instructions 2024-06-13 08:57:24 -07:00
Stephen Fewer d7531ef74c fix typo in documentation 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-06-13 15:09:56 +01:00
remmons-r7 c7d40bc6f1 Updating language around file in documentation 
From peer review suggestion.

Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-06-13 08:08:09 -05:00
sfewer-r7 7e37ca5d1a add in link to AKB analysis 2024-06-13 10:22:33 +01:00