adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

6278 Commits

Author SHA1 Message Date
Jack Heysel 85974d16c2 Land #18769, Add Cacti RCE via SQLi Module 
This exploit module leverages a SQLi (CVE-2023-49085) and
a LFI (CVE-2023-49084) vulnerability in Cacti versions prior
to 1.2.26 to achieve RCE
 2024-02-02 11:46:10 -05:00
Christophe De La Fuente b91648f065 Fix typos 2024-02-02 11:45:51 +01:00
Jack Heysel be2d2d61ca Land #18762, Add exploit module for CVE-2024-0204 
This pull request adds an exploit module for CVE-2024-0204
in Fortra GoAnywhere MFT. GoAnywhere MFT versions 6.x from
6.0.1, and 7.x before 7.4.1 are vulnerable.
 2024-02-01 22:36:32 -05:00
h00die 1c73cf938f cve-2024-21626 2024-02-01 15:28:04 -05:00
cudalac 2b01b86374 Adding new module for MinIO 2024-01-31 13:33:04 -05:00
Jack Heysel 024b855231 Land #18628, Add Puppet post module 
This PR adds a post gather module to get
Puppet configs and sensitive files.
 2024-01-30 19:20:48 -05:00
Christophe De La Fuente f10619d870 Add module and documentation 2024-01-30 12:52:02 +01:00
h00die 6702dd0195 review comments for puppet module 2024-01-29 19:21:25 -05:00
h00die 68f333cb7b review comments for puppet module 2024-01-29 19:18:54 -05:00
Spencer McIntyre 577898d91b Check the response when exploiting 2024-01-29 14:38:49 -05:00
sfewer-r7 c70092a2c7 bugfix a copy pasta whereby a path seperator was not being added as expected 2024-01-29 17:52:37 +00:00
sfewer-r7 08a19959fe add an RCE exploit module for CVE-2024-0204 in Fortra GoAnywhere MFT 2024-01-29 17:17:45 +00:00
Spencer McIntyre 8a793dd1b0 Use the correct exploit and use sh instead of bash 2024-01-29 09:03:25 -05:00
ErikWynter 26e2b2e319 Add docs for opennms authenticated rce 2024-01-27 01:13:22 +02:00
Spencer McIntyre 9e41825e51 Finish up the exploit 
Tested on Linux (versions 4.1.1, 4.3.0, and 4.4.0) and Windows (version
4.4.0).
 2024-01-26 17:20:54 -05:00
Jack Heysel fe84c0dff7 Land #18734, Add exploit for CVE-2023-22527 
This adds an exploit for CVE-2023-22527 which is an
unauthenticated RCE in Atlassian Confluence. The
vulnerability is due to an SSTI flaw that allows an
OGNL expression to be evaluated.
 2024-01-25 14:15:10 -05:00
Spencer McIntyre deabf9b1d8 Add module docs 2024-01-24 12:49:27 -05:00
Jack Heysel c278ef9b73 Land #18648, Add Module for GL.iNet products 
This PR adds an exploit module for a number of
different GL.iNet network products. The module combines
an auth by-pass CVE-2023-50919 with an RCE CVE-2023-50445.
 2024-01-23 14:57:29 -05:00
jheysel-r7 13d2968fad Capitalize remaining references to Meterpreter 2024-01-23 13:11:03 -05:00
Jack Heysel 904e34434e Land #18626, SaltStack Minion Deployer 
This PR adds an exploit module which allows for
a user who has compromised a host acting as a
SaltStack Master to deploy payloads to the Minions
attached to that Master.
 2024-01-23 11:58:38 -05:00
adfoster-r7 a25b0ee5e0 Land #18713, Add generic memory search post/multi module 2024-01-23 12:57:24 +00:00
bwatters 46a0052286 Land #18568, added exploit for CVE-2023-32781 - PRTG authenticated RCE 
Merge branch 'land-18568' into upstream-master
 2024-01-22 11:35:38 -06:00
Spencer McIntyre 06dcc82ced Land #18630, Add CVE-2023-50917: MajorDoMo RCE 
Add CVE-2023-50917: MajorDoMo Command Injection Module
 2024-01-19 17:10:40 -05:00
bwatters fadb0f45dd Land #18708, Ivanti Connect Secure RCE exploit module (CVE-2023-46805 and CVE-2024-21887) 
Merge branch 'land-18708' into upstream-master
 2024-01-19 15:47:43 -06:00
ekalinichev-r7 847a72c417 Land #18638, add exploit for CVE-2022-42889 Apache Commons Text RCE 2024-01-19 13:02:53 +01:00
h00die 482d2b28b1 gitlab password reset account takeoever 2024-01-18 16:19:26 -05:00
Stephen Fewer 5ba4aba912 Update documentation/modules/exploit/linux/http/ivanti_connect_secure_rce_cve_2023_46805.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-01-18 09:18:28 +00:00
Christophe De La Fuente b8aa55c322 Land #18633, WordPress Backup Migration Plugin PHP Filter Chain RCE (CVE-2023-6553) 2024-01-17 18:42:52 +01:00
sjanusz-r7 6d14a244a4 Add generic memory search module documentation 2024-01-17 15:55:26 +00:00
Christophe De La Fuente a8d46b3e7a Land #18627, Ansible: post gather module, payload deployer, and file reader 2024-01-17 15:26:25 +01:00
sfewer-r7 2919b36f2b add in docs 2024-01-17 10:25:04 +00:00
h00die d7cf9155a6 ofbiz working for 18.12.09 2024-01-16 20:06:11 -05:00
h00die-gr3y e7f2abbf9e Small typo update 2024-01-14 19:26:10 +00:00
Gaurav Jain 225ef6847f Add output from test run on windows target 2024-01-15 00:26:47 +05:30
h00die a8bc6cc27f ssh_version module docs 2024-01-11 14:56:09 -05:00
h00die d57c9fb464 ssh_version module 2024-01-11 14:48:21 -05:00
Jack Heysel 6d8666e35b Fixed spacing and removed unused method 2024-01-11 13:13:57 -05:00
Jack Heysel cdc66dd91f Last minute fix 2024-01-11 12:56:01 -05:00
Jack Heysel 5c7061cc0c Remove OS dependant payload 2024-01-11 12:30:04 -05:00
h00die e711c9ea43 ansible review 2024-01-10 17:16:57 -05:00
h00die 2cfcb74303 saltstack review 2024-01-10 17:09:02 -05:00
h00die e9296d1add saltstack review 2024-01-10 17:04:03 -05:00
bwatters 57c882cab5 Land #18604, Add Post Windows Gather to perform Mikrotik Winbox "Keep Password" credentials extraction 
Merge branch 'land-18604' into upstream-master
 2024-01-09 15:38:35 -06:00
h00die 6de51a5047 non-working module 2024-01-08 19:49:47 -05:00
h00die 077cad34ab non-working module 2024-01-08 19:47:24 -05:00
h00die-gr3y 85897a2596 update adding aarch64 architecture and some new targets 2024-01-06 17:26:38 +00:00
h00die 80e9f1b97d saltstack salt-master review 2024-01-06 06:38:59 -05:00
Gaurav Jain 98667edf76 Add suggested changes 2024-01-05 22:31:51 +05:30
Spencer McIntyre 2028fbd226 Land #18404, Working Module for CVE-2023-38146 2024-01-04 12:20:26 -05:00
h00die-gr3y 9bb7e0e379 small update to documentation 2024-01-04 14:04:34 +00:00