adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

3986 Commits

Author SHA1 Message Date
Christophe De La Fuente 1cde6198b5 Land #18481, MagnusBilling unauthenticated RCE [CVE-2023-30258] 2023-11-03 20:42:27 +01:00
Spencer McIntyre e5790f8d6e Fix a stability issue with the module 
Occassionally the module will fail on login if things are running too
quickly. Fix it by retrying like update_user_password does.
 2023-11-02 17:10:20 -04:00
Spencer McIntyre 27d86be456 Remove the REPEATABLE_SESSION tag 
The module is generally reliable, but may fail after it's been run multiple
times.
 2023-11-02 11:11:36 -04:00
Spencer McIntyre cea4c1f326 Feedback from module review 2023-11-02 10:17:45 -04:00
Spencer McIntyre d26742a266 Add check code annotations, update AJP link 2023-11-02 08:53:56 -04:00
Spencer McIntyre 9c67b92a4d Rename the other TMUI RCE module 2023-11-01 16:55:42 -04:00
Spencer McIntyre 7b53592b4f Add module docs 2023-11-01 16:55:41 -04:00
Spencer McIntyre 03252913a1 Add the check method 2023-11-01 16:55:41 -04:00
Spencer McIntyre 714eeaaa3a Finish cleaning the exploit up 2023-11-01 16:55:36 -04:00
Spencer McIntyre c803d6ef7e Fetch the admin hash as a bonus 2023-10-31 15:27:31 -04:00
Spencer McIntyre 04388d9e25 Initial commit of CVE-2023-46747 2023-10-31 09:55:18 -04:00
h00die-gr3y ad6e4618df third release module with minor text changes 2023-10-31 09:29:13 +00:00
h00die-gr3y bfff35eb63 second release module with php fix 2023-10-31 09:05:51 +00:00
h00die-gr3y 50b7e0305e first release module 2023-10-24 15:29:18 +00:00
h00die fa71d8b6e2 set all targets to dynamically build list 2023-10-23 06:54:38 -04:00
h00die 97f9edb5f7 review 2023-10-23 06:35:23 -04:00
h00die-gr3y c62f9a1c45 added D-Link GO-RT-AC750 target and lowered linemax to 900 bytes 2023-10-22 17:49:21 +00:00
h00die-gr3y 93d38f2d53 added additional CVE reference 2023-10-20 13:58:32 +00:00
h00die-gr3y 13e3d037c9 fifth release module 2023-10-19 17:42:53 +00:00
h00die-gr3y 3024824cc9 fourth release module 2023-10-19 17:31:48 +00:00
h00die-gr3y 8ea82693a9 third release module + documentation 2023-10-18 19:55:13 +00:00
h00die-gr3y 3d405cda0a second release module 2023-10-17 19:09:03 +00:00
h00die 00b534dbed review 2023-10-17 13:17:10 -04:00
h00die-gr3y 7e29519c9c initial release module 2023-10-17 16:59:45 +00:00
h00die b3b1595ef4 vmware aria ssh keys exploit 2023-10-16 13:06:17 -04:00
Spencer McIntyre 05dd2e1473 Land #18351, Apache Superset RCE (CVE-2023-37941) 2023-10-12 17:10:10 -04:00
Spencer McIntyre 45be501a50 Raise a more specific error message 
Check for and raise a more specific error message when the internal
database fails to mount because the path is incorrect.
 2023-10-10 15:21:35 -04:00
Spencer McIntyre 59da2865d9 Use an exec-in-place gadget for Python 
This adds a Python deserialization gadget that will exec arbitrary
Python code in place. It is only compatible with Python 3.x due to
differences in Python's exec function and statement between 2 and 3.
 2023-10-10 14:01:24 -04:00
h00die 931a67d290 kibana telemetry rce rewritten to use fetch payloads 2023-10-06 09:55:10 -04:00
h00die a2a9becc73 convert cmd_stager to fetch payloads 2023-10-06 07:40:17 -04:00
h00die 5e0538a239 review comments round 1 2023-10-05 13:12:33 -04:00
h00die 88eb44be64 kibana telemetry rce 2023-10-02 16:53:20 -04:00
Christophe De La Fuente 1e69086d24 Land #18365, TOTOLINK X5000R Wireless GigaBit Router Unauthenticed RCE [CVE-2023-30013] 2023-09-21 11:27:19 +02:00
h00die-gr3y 6e11f4353b Updates addressing cdelafuente-r7 comments 2023-09-20 22:14:48 +00:00
Christophe De La Fuente 525c957af2 Land #18333, Lexmark Device Embedded Web Server RCE (CVE-2023-26068) 2023-09-19 10:32:59 +02:00
Ismail Dawoodjee f9cdfef304 Move module and documentation from multi/http to linux/http 
* Update documentation scenarios for Docker on Debian 10 and Kali Linux 6.4
* Slightly modify the documentation scenario for Docker on Windows 10
 2023-09-17 22:42:26 +08:00
h00die e34ed10eca superset rce more stable 2023-09-15 16:29:05 -04:00
h00die a8da47e73c still working on resetting values 2023-09-15 13:32:24 -04:00
Jack Heysel 46832abd49 Land #18358, Add a Thrift RPC client 
This PR adds a Thrift RPC client and updates
two modules to make use of the new addition.
 2023-09-14 19:01:13 -04:00
h00die 0c418fdf65 still working on resetting values 2023-09-14 14:28:29 -04:00
h00die-gr3y 784f3118f0 third release module and documentation 2023-09-14 17:59:59 +00:00
h00die 619a46d450 working hashes for apache superset rce 2023-09-14 13:21:01 -04:00
h00die-gr3y 094685fa93 second release module 2023-09-14 13:12:33 +00:00
h00die-gr3y 4bb465bcee initial release module 2023-09-13 20:59:53 +00:00
h00die 686d704b37 superset rce wip 2023-09-13 15:26:29 -04:00
cgranleese-r7 e82bff37e1 Land #18330, Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035) 2023-09-13 10:15:59 +01:00
Jack Heysel b83a49e573 Thanks to Spencer improved execute_command method 2023-09-12 15:14:10 -04:00
Spencer McIntyre 8e8b8ad191 Update nimbus_gettopologyhistory_cmd_exec 2023-09-12 12:21:10 -04:00
Spencer McIntyre 187cca848e Replace the binray blobs 2023-09-12 12:21:10 -04:00
Spencer McIntyre ba84c0484c Update the Nimbus module to use the Thrift client 2023-09-11 14:42:54 -04:00