adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,438 Commits 27 Branches 1,043 Tags
393aed445debc4148b6a868ab397f5252b2413ff
Commit Graph

18611 Commits

Author SHA1 Message Date
Takah1ro 393aed445d Formatting 2024-07-26 21:14:51 +09:00
Takah1ro b5c4fd0e32 use the same instance 
OpenSSL::Digest.new('sha256')
 2024-07-26 21:05:59 +09:00
Takah1ro 5ee86967e5 Pass a Hash as argument 2024-07-26 20:59:54 +09:00
Takah1ro bff7e48e3c Avoid code duplication 2024-07-26 20:44:18 +09:00
Takah1ro 10b723751b Avoid code duplication 2024-07-26 13:11:26 +09:00
Takah1ro 0b9b7a49e7 Add response check 2024-07-26 08:48:45 +09:00
Takah1ro b0689971b6 Fix to_bytes 2024-07-26 08:38:14 +09:00
Takah1ro ed0720dcfd Separate write_file function 2024-07-26 08:32:32 +09:00
Takah1ro ae95bb6c0f Fix build_routing_packet 2024-07-26 08:22:57 +09:00
Takah1ro b1e304a61f Fix match 2024-07-26 08:16:30 +09:00
Takah1ro 0fab915abb Update to use original aes_encrypt function 2024-07-24 12:14:16 +09:00
Takah1ro b48a2089cf fix previous commit bug affecting original exploit 2024-07-24 11:55:05 +09:00
Takah1ro 79ad046f56 Refactoring skywalker 2024-07-24 11:42:19 +09:00
Takah1ro eface45c5c Refactoring skywalker 2024-07-24 10:19:03 +09:00
Takah1ro ab0433e95f Update to target both vulnerabilities 2024-07-23 22:21:08 +09:00
Takah1ro 61754f3c92 Add cve ref and update broken link 2024-07-23 08:43:45 +09:00
Takahiro Yokoyama ad82481cce Update empire_skywalker.rb 2024-07-20 21:55:39 +09:00
bwatters 636c72965c Land #19084, Add CVE-2022-1373 and CVE-2022-2334 exploit chain 
Merge branch 'land-19084' into upstream-master
 2024-07-19 12:22:25 -05:00
bwatters 9b7b1fd16e Land #19313, Ghostscript Command Execution via Format String (CVE-2024-29510) 
Merge branch 'land-19313' into upstream-master
 2024-07-19 11:24:11 -05:00
Christophe De La Fuente 4d485acb73 Remove Windows target since it doesn't work for now 2024-07-19 16:19:56 +02:00
Christophe De La Fuente e9c511c979 Add documentation and some updates 2024-07-16 16:34:28 +02:00
Pierre Mauduit 8a0c65e603 Update geoserver_unauth_rce_cve_2024_36401.rb 
looks like a copy/paste typo from another exploit
 2024-07-16 11:20:35 +02:00
Jack Heysel f7449ea850 Land #19311, Add GeoServer unauth RCE module 
This adds an exploit module for CVE-2024-36401, an unauthenticated RCE
vulnerability in GeoServer versions prior to 2.23.6, between version
2.24.0 and 2.24.3 and in version 2.25.0, 2.25.1.
 2024-07-12 11:07:36 -07:00
jheysel-r7 c5dad68322 Remove comma after the last item of a hash 2024-07-12 13:38:59 -04:00
H00die.Gr3y 292c177b74 Apply suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-07-12 19:20:46 +02:00
Jack Heysel 5d210b548b added windows support 2024-07-11 16:34:07 -07:00
h00die-gr3y 4e76068cea added armle architecture support 2024-07-11 21:42:45 +00:00
h00die-gr3y 1ee2131d8d update based on cgranleese-r7 review comments 2024-07-11 16:12:52 +00:00
jheysel-r7 f9bd079618 Apply suggestions from code review 2024-07-10 20:45:53 -04:00
h00die-gr3y 28d6ef92dd fourth release module 2024-07-10 21:44:28 +00:00
h00die-gr3y 92637c4293 third release module 2024-07-09 21:54:55 +00:00
remmons-r7 108e60ae4d Peer review suggestion to swap out fail_with for print_error 
If the response to the code execution request isn't a 200, the module should error instead of fail. All versions tested returned 200s, but it's a great point that some Confluence versions might return a different status code but still pop a shell.
 2024-07-09 16:23:25 -05:00
remmons-r7 abb02a91d5 Add suggested Appears/Safe change from peer review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-07-09 16:16:41 -05:00
remmons-r7 0852fbfeb8 Remove two whitespaces that snuck in 2024-07-09 14:34:33 -05:00
remmons-r7 8ee90bf2c7 Adding module for CVE-2024-21683 
This adds a module to exploit an authenticated admin-level Rhino script engine injection vulnerability for RCE in Atlassian Confluence.
 2024-07-09 14:19:15 -05:00
Christophe De La Fuente 1abc42a873 Add module 2024-07-09 18:34:27 +02:00
Jack Heysel aabd9febb2 Land #19274, Ivanti EPM SQLi to RCE 
This adds an exploit for CVE-2024-29824, an  unauthenticated SQLi
which can be used to obtain RCE in Ivanti Endpoint Manager 2022 SU5 and
prior
 2024-07-08 12:52:34 -07:00
h00die-gr3y 702aff81ce second release module 2024-07-08 19:35:34 +00:00
h00die-gr3y 8e598acaeb first draft release 2024-07-08 06:53:16 +00:00
Christophe De La Fuente df8f281d18 Land #19204, Zyxel VPN Series Pre-auth Command Injection 2024-07-03 20:14:39 +02:00
jheysel-r7 b67f05f50d Apply suggestions from code review 2024-07-03 13:51:50 -04:00
Jack Heysel 7e4c6ca028 Added code to print stdout of payloads without reverse connections 2024-07-03 09:36:36 -07:00
Jack Heysel 1d602da6b5 Added space between command and stderr/stout redirection 2024-07-03 08:23:38 -07:00
Jack Heysel 9cfaa2e69f Lowered rank and explained mock testing 2024-06-24 09:13:46 -07:00
Christophe De La Fuente 24fa34e7b9 Land #19188, Netis MW5360 unauthenticated RCE [CVE-2024-22729] 2024-06-24 13:40:51 +02:00
Christophe De La Fuente 2f238fcd24 Code review 2024-06-21 10:13:08 +02:00
Christophe De La Fuente ecb628eaab Add module and documentation 2024-06-20 15:30:54 +02:00
Spencer McIntyre 08575d0895 Land #19176, Add missing Arch parameter 
Adding Arch parameter to dnn_cookie_deserialization_rce module
 2024-06-18 17:07:08 -04:00
Spencer McIntyre 0110ed2b2a Land #19253, Corrected a mistaken CVE 
Corrected a mistaken CVE-ID in exploit references.
 2024-06-18 15:52:55 -04:00
Jack Heysel c1826cd2f3 Land #18829, Allow multiple HttpServers in module 
Adding multiple HttpServer services in a module is sometimes complex
since they share the same methods. This usually this causes issues where
on_request_uri needs to be overridden to handle requests coming from
each service. This updates the cmdstager and the Java HTTP ClassLoader
mixins, since these are commonly used in the same module. This also
updates the manageengine_servicedesk_plus_saml_rce_cve_2022_47966 module
to make use of these new changes
 2024-06-18 09:51:38 -07:00