adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

6278 Commits

Author SHA1 Message Date
h00die 7c76196a5b apache superset review 2023-07-28 16:21:23 -04:00
Ismail Dawoodjee c4d089b884 Merge branch 'rapid7:master' into subrion_cms_file_upload_rce 2023-07-28 23:13:11 +03:00
Ege Balcı 0996938113 Add note for Windows compatibility 2023-07-28 17:06:38 +02:00
ErikWynter 40ef9d496a add docs for wd_mycloud_unauthenticated_cmd_injection 2023-07-28 10:16:50 +03:00
Ege Balcı 6b11439fa1 Remove basic auth and API_USER/PASS options 2023-07-28 00:44:44 +02:00
Ege Balcı 103f9a3f60 Update install instructions and scenario 2023-07-26 18:08:54 +02:00
Ege Balcı 00f2fe03be Update documentation/modules/exploit/multi/http/rudder_server_sqli_rce.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-07-26 16:26:17 +02:00
Ege Balcı fa3638b10e Update documentation/modules/exploit/multi/http/rudder_server_sqli_rce.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-07-26 16:26:17 +02:00
Ege Balcı 5018c0cdc5 Add documentation 2023-07-26 16:26:17 +02:00
Ismail Dawoodjee 867282ba96 Merge branch 'rapid7:master' into subrion_cms_file_upload_rce 2023-07-25 23:09:30 +03:00
Christophe De La Fuente c7f8ce5acd Land #18199, VMWare vRealize Network Insight pre-authenticated RCE CVE-2023-20887 2023-07-25 17:45:30 +02:00
Ismail Dawoodjee 78c1f75f2a Merge branch 'rapid7:master' into subrion_cms_file_upload_rce 2023-07-25 18:01:08 +03:00
cgranleese-r7 52b417b1af Update documentation/modules/exploit/multi/http/wp_plugin_fma_shortcode_unauth_rce.md 2023-07-25 14:06:45 +01:00
h00die-gr3y c1d84e950c Update based on bwatters-r7 comments 2023-07-25 14:06:44 +01:00
h00die-gr3y a3daab88e6 Added documentation and updated exploitable plugins list 2023-07-25 14:06:42 +01:00
adfoster-r7 fa97281267 Add documentation on building and testing vulnerable targets 2023-07-25 13:48:38 +01:00
ismaildawoodjee 3ce382dcc2 Fix issues with msftidy_docs.rb 2023-07-25 03:48:58 -04:00
ismaildawoodjee 568849fad3 Add scenario for Ubuntu 20.04 2023-07-24 11:03:49 -04:00
ismaildawoodjee 4e16307165 Add module and documentation for Subrion CMS v4.2.1 RCE 2023-07-21 17:22:58 -04:00
Jack Heysel 586971c1fd Fix incomplete copy pasta in docs 2023-07-21 14:38:07 -04:00
dwelch-r7 1af22cfd22 Land #18096, Add initial proxies datastore support for kerberos workflows 2023-07-21 11:37:04 +01:00
adfoster-r7 08a2a293a9 Add proxies datastore support to kerberos 2023-07-21 11:19:50 +01:00
Jack Heysel ee26e7f926 Rubocop fixes 2023-07-20 16:40:28 -04:00
Jack Heysel 421b06119f Update docs 2023-07-20 14:55:27 -04:00
Jack Heysel d03157fcc1 Installation instructions 2023-07-19 14:23:17 -04:00
h00die 530934f78a review comments 2023-07-19 11:42:47 -04:00
bwatters 01434662fa Land #18182, Add module and doc for cve-2023-26876 
Merge branch 'land-18182' into upstream-master
 2023-07-18 20:10:47 -05:00
bwatters 297c484a1c Land #18173, Add Openfire Authentication Bypass RCE [CVE-2023-32315] 
Merge branch 'land-18173' into upstream-master
 2023-07-18 18:13:20 -05:00
cgranleese-r7 a0f04a7018 Land #17681, Add datastore option for Jenkins home directory 2023-07-18 14:17:15 +01:00
rodnt ddb1cc0497 Fix all warns from msftidy rename the docs with the correct name 2023-07-17 23:57:39 +00:00
RadioLogic 157a815b76 Added documentation 2023-07-17 16:14:03 -04:00
rodnt 1e75365f8e Update with all changes proposed by smcintyre-r7 2023-07-13 23:38:55 +00:00
rodnt 3f0d0ee34c Merge branch 'rapid7:master' into piwigo_cve_26876 2023-07-13 09:59:43 -03:00
rodnt fb8947aa49 change the comment at mysql image 2023-07-13 12:58:30 +00:00
101719434+rodnt@users.noreply.github.com 5b638bb37b add module and doc for cve-2023-26876 2023-07-12 15:45:40 -03:00
Jack Heysel 10c1b79c37 Land #17861, pfSense Config Data RCE as root 
This module exploits a vulnerability in pfSense version
2.6.0 and below which allows for authenticated users to
execute arbitrary operating systems commands as root.
 2023-07-12 14:32:06 -04:00
emirpolatt 34f25fbb65 pfSense Config Data Remote Command Execution as root (CVE-2023-27253) Module 2023-07-12 13:27:02 -04:00
h00die e6f4f441c5 apache supserset exploit 2023-07-11 15:21:39 -04:00
h00die 3d3e2a9e2d apache supserset exploit 2023-07-11 15:19:33 -04:00
adfoster-r7 5cb5c18550 Land #18170, Add module for SmarterMail Build 6985 - dotNET Deserialization Remote Code Execution (CVE-2019-7214) 2023-07-10 23:56:09 +01:00
Jack Heysel 420147d02e Land #18164, WooCommerce Payments auxiliary module 
This module exploits an auth bypass and priv esc vulnerability
in order to create an admin wordpress user.
 2023-07-10 17:19:56 -04:00
jheysel-r7 5261d842bc Update documentation/modules/auxiliary/scanner/http/wp_woocommerce_payments_add_user.md 2023-07-10 14:18:50 -04:00
h00die-gr3y a3ea55f2a6 added documentation 2023-07-08 12:30:54 +00:00
Guilhem RIOUX e274b96a13 Updating documentation 2023-07-08 07:29:38 +02:00
ismaildawoodjee 1706812099 Implemented requested changes 
* Small fixes in Description - removed backticks
* Implemented Windows Command target
* Removed PowerShell Stager, in Targets and in exploit method
* Implemented Rex::Socket::Tcp in place of TCPSocket

* Updated TARGET section in documentation
* Added TARGET 0 - Windows Command scenario
* Removed PowerShell Stager scenario
* Replaced 'Using configured payload' lines to use Windows Command payload
  for the 2nd, 3rd, and 4th scenarios. Did not rerun the scenarios, however
 2023-07-07 04:14:20 -04:00
Ismail Dawoodjee 24ef4e1b90 Update documentation/modules/exploit/windows/http/smartermail_rce.md 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2023-07-06 18:49:49 +03:00
ismaildawoodjee ad0d3e79a9 SmarterMail RCE module and documentation 2023-07-06 08:00:28 -04:00
Grant Willcox 3abcb3ebaa Explain ADMINID field more 2023-07-05 13:10:41 -05:00
Grant Willcox ce19ce5b72 Apply fixes from review 2023-07-05 12:24:51 -05:00
Jack Heysel f1b5cd46f4 Apache RocketMQ update config RCE 2023-07-05 12:38:51 -04:00